Avinti iSolation Server 1
Avinti
Price: Starts at $20

It's in your inbox--an e-mail with an unfamiliar attachment from a trusted co-worker. Is it legitimate or has it been spawned by an e-mail spoofing

    Requires Free Membership to View

worm that captured your address from an infected system? Some enterprises prohibit types of e-mail attachments, but that means blocking whole file classes and impeding operations for the sake of security. Others depend on resource-intensive gateway filters.

Avinti has come up with a clever idea to stop e-mail malware without necessarily prohibiting attachment types, but retaining network performance: the Avinti iSolation Server (AIS).

AIS is a gateway software product placed in front of any SMTP-based e-mail server. Running on Windows 2000/2003, the IIS SMTP virtual server intercepts all incoming e-mail messages and passes them through a simulated computer running Windows 2000, Microsoft Office, WinZip, Adobe Acrobat and other common applications.

The downside is that the current version is a only suited for small businesses and branch offices. Even with its recommended hardware and configurations (a 3 GHz Pentium 4 processor with 2 to 4 GB RAM), it can only process 500 externally generated e-mail messages per hour at the gateway, clearly ruling it out for even mid-sized organizations.

More Information

Use this checklist on the job to fortify your Web server.

Test your knowledge of e-mail security

Nevertheless, it's a promising technology. The key advantage is its protection against malware during the critical time between when a virus is released and a signature is posted by AV vendors. Security managers can configure filters by proposed action (block, ignore or observe) and file extension through an easy-to-use interface. For example, e-mails with Word or Excel attachments can be immediately blocked, while text files are ignored, since they pose no risk.

AIS passes suspicious e-mails and attachments to its virtual machine, where it behaves as if it has reached its target. AIS monitors the activity in the virtual machine for abnormal behaviors such as self-replication, file system access and Microsoft Outlook address book lookup. It will unpack .zip files to discover malicious activity; security managers also have the option to block password-protected or encrypted .zip files. It blocks malicious e-mails, while letting harmless ones through.

To test AIS, we sent a variety of text and HTML e-mails and attachments--all of which were handled correctly. Both blocked and allowed e-mails were processed nearly instantaneously, while the processing of suspicious messages took up to 30 seconds. AIS assigns an ID to malicious e-mails and their attachments, so multiple copies are blocked without subsequent testing. Security managers can change default settings and track blocked e-mails and attachments through an administrative Web page. Details about blocked e-mails are easily retrieved by searching for the date, sender or recipient using the admin interface.

Though the first version needs improvement, especially in the virtual machine and documentation, AIS offers a new option for SMBs to combat e-mail-born malware.

About the Author
Steven Weil is a contributor to Information Security magazine.

This review orginally appeared in Information Security magazine.

This was first published in August 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.