How to perform an email scan to protect against viruses

BROWSE BY TAG Application Security,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   Application and Platform Security,   Email Protection,   Email Security Guidelines, Encryption and Appliances,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Security How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Do Facebook URL security concerns justify blocking social networks? What are Google Chrome's security features? Is there a way to block iPhone widgets that bypass Web filters? Should enterprises be concerned with Twitter in the workplace? Are there still Google Desktop security problems? Can an IP spoofing tool be used to spam SPF servers? Will an application usage policy best control network bandwidth? How can URL-shortening services be manipulated? Malware, Viruses, Trojans and Spyware The world's top 5 riskiest domains New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Email Security Guidelines, Encryption and Appliances How to confirm the receipt of an email with security protocols Best Email Security Products Can an IP spoofing tool be used to spam SPF servers? WatchGuard acquires email and Web security vendor BorderWare McAfee to acquire email SaaS vendor MX Logic What does 'invoked by uid 78' mean? How to configure firewall ports for webmail system implementation Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Cisco offers more email security choices, but lacks vision

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

I certainly understand that you want users to connect to Outlook Web Access (OWA) via an SSL connection to protect messages traveling to and from their machines and your network. And because you are also encrypting messages as they travel from the ISA Server firewall to the Exchange Server, you are obviously concerned about maintaining their confidentiality within your own network. One big advantage of an ISA Server firewall is it has an SSL to SSL bridging feature. This works by creating one secure SSL connection between the Web browser client and the external interface of the ISA Server, and a second new session between its internal interface and the Exchange Server. This allows the ISA Server to decrypt the packets from the client and inspect them for attack code. If it determines that the connection is legitimate and the packets do not contain any exploits or attack code, it re-encrypts the packets and sends them to the Exchange Server. While many firewalls can't evaluate the content inside SSL encrypted packets, ISA's SSL bridge allows it to statefully inspect SSL connections and prevent attackers from hiding exploits inside the SSL channel. Although both inbound and outbound connections can be encrypted "end-to-end," there currently isn't an antivirus product that can virus scan messages within these HTTPS sessions, because they pass through the ISA Server.

The only way to scan and block viruses on the ISA Server before they get to your Exchange Server, is to terminate the SSL connection at the ISA Server. This will enable an antivirus program to fully inspect all traffic before it enters your network. Several products scan emails on the ISA Server this way. To learn more about them visit http://www.isaserver.org/software/ISA/Anti-Virus/. If you choose this method, it's important to note that because the ISA Server is handling potentially infected files, its own operating system is vulnerable without some form of real-time virus protection. For example, Symantec's AntiVirus for ISA Server only scans files and email traffic from client applications that are configured to pass files to the virus scan engine, not the actual server itself, so you need to install an antivirus solution for the server as well.

If you are determined to find a solution that enables you to encrypt the traffic between both servers, after the virus scan use SSH to encrypt the session between them. Secure Shell (SSH) is an application layer protocol that provides secure encrypted communications and can be implemented for any type of service using port redirection. To enable your ISA Server to authenticate to your Exchange Server you will need to put an SSH client on the ISA Server and an SSH server on the Exchange Server. SSH then encrypts passwords and network traffic between the two servers to prevent eavesdropping, IP spoofing, IP source routing, DNS spoofing and other network-level attacks. You can get free, open source SSH implementations at www.openssh.comwww.ssh.com. You may need to create a route relationship between the ISA and Exchange Servers, therefore would certainly recommend trialing this on a test system to ensure that it works and doesn't affect the service level of either server. Good luck and remember SSL cannot protect the information stored on the Exchange Server once it arrives.

For More Information: