E-mail has become the most common distribution or carrier medium for viruses. The rate at which e-mail-borne viruses are detected or intercepted is increasing at an exponential rate. In 1999, only one virus was intercepted via e-mail per hour. In 2000, this rate increased to one virus every three minutes. By 2001, this rate jumped to one virus every thirty seconds. Now in 2002, the rate is approaching one virus every 10 seconds. Thus, the percentage of virus-infected e-mails is increasing faster than the rate of total number of e-mail messages transmitted. This is an alarming fact.
In addition, a virus scanner is only as useful as its definition lists are accurate and up-to-date. But even with a fully updated virus scanner, an average of 3% of known viruses still get past these protective barriers.
As the value of corporate data increases, the threat of a virus infection that either destroys data or distributed confidential data becomes more severe. The only solution is to prevent any and all viruses from entering your network. But traditional antivirus products are unable to provide such a solution.
Fortunately, there are companies that offer e-mail filtering and even one that offers guaranteed 100% virus-free e-mail delivery. This company is Message Labs, based in the UK. Using a combination of artificial intelligent search agents, heuristic investigation, signature matching and pattern analysis, Message Labs is able to detect and quarantine known and unknown viruses.
The basics of the Message Labs solution involve routing e-mail using DNS MX records to one of their high-speed high-volume control towers. There, each e-mail is scanned before being sent back to your e-mail server. Any infected e-mails are moved to a quarantine area. Quarantined e-mail can be accessed for up to 30 days to extract any valuable content, but precautions must be taken to prevent infection from accessing known virus carriers. In most cases, e-mail is delayed by less than two seconds, but that is a small price to pay for virus-free security. The Message Labs virus-free e-mail service requires that you maintain your own e-mail server and have at least 25 e-mail recipients.
Other companies are either less boastful or less confident with their claims. Postini, of Redwood City, Calif., is a company offering an e-mail gateway solution that companies deploy on their networks. This company's solution relies exclusively on McAfee's virus software. It does not include heuristic or AI scanning.
BigFish, of Marina del Rey, Calif., offers a solution that routes in-bound mail to their central processing systems where AV is used to scan for viruses and an optional attachment blocking capability can strip all attachments before sending the message on to the SMTP server of the customer company. It seems to use a single antivirus product and also does not include heuristic or AI scanning.
A company called Brightmail, of San Francisco, Calif., calls itself the "undisputed anti-spam leader." Using a process similar to MessageLabs, Brightmail filters spam, viruses and other undesirable messages at the Internet gateway. Brightmail seems to focus on spam though, with virus protection as an afterthought. They use Symantec for antivirus.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
