Problem solve Get help with specific problems with your technologies, process and projects.

Avinti iSolation Server 1.1

Learn why Information Security magazine believes the Avinti iSolation Server 1.1 is a promising technology.

Avinti iSolation Server 1
Price: Starts at $20

It's in your inbox--an e-mail with an unfamiliar attachment from a trusted co-worker. Is it legitimate or has it been spawned by an e-mail spoofing worm that captured your address from an infected system? Some enterprises prohibit types of e-mail attachments, but that means blocking whole file classes and impeding operations for the sake of security. Others depend on resource-intensive gateway filters.

Avinti has come up with a clever idea to stop e-mail malware without necessarily prohibiting attachment types, but retaining network performance: the Avinti iSolation Server (AIS).

AIS is a gateway software product placed in front of any SMTP-based e-mail server. Running on Windows 2000/2003, the IIS SMTP virtual server intercepts all incoming e-mail messages and passes them through a simulated computer running Windows 2000, Microsoft Office, WinZip, Adobe Acrobat and other common applications.

The downside is that the current version is a only suited for small businesses and branch offices. Even with its recommended hardware and configurations (a 3 GHz Pentium 4 processor with 2 to 4 GB RAM), it can only process 500 externally generated e-mail messages per hour at the gateway, clearly ruling it out for even mid-sized organizations.

More Information

Use this checklist on the job to fortify your Web server.

Test your knowledge of e-mail security

Nevertheless, it's a promising technology. The key advantage is its protection against malware during the critical time between when a virus is released and a signature is posted by AV vendors. Security managers can configure filters by proposed action (block, ignore or observe) and file extension through an easy-to-use interface. For example, e-mails with Word or Excel attachments can be immediately blocked, while text files are ignored, since they pose no risk.

AIS passes suspicious e-mails and attachments to its virtual machine, where it behaves as if it has reached its target. AIS monitors the activity in the virtual machine for abnormal behaviors such as self-replication, file system access and Microsoft Outlook address book lookup. It will unpack .zip files to discover malicious activity; security managers also have the option to block password-protected or encrypted .zip files. It blocks malicious e-mails, while letting harmless ones through.

To test AIS, we sent a variety of text and HTML e-mails and attachments--all of which were handled correctly. Both blocked and allowed e-mails were processed nearly instantaneously, while the processing of suspicious messages took up to 30 seconds. AIS assigns an ID to malicious e-mails and their attachments, so multiple copies are blocked without subsequent testing. Security managers can change default settings and track blocked e-mails and attachments through an administrative Web page. Details about blocked e-mails are easily retrieved by searching for the date, sender or recipient using the admin interface.

Though the first version needs improvement, especially in the virtual machine and documentation, AIS offers a new option for SMBs to combat e-mail-born malware.

About the Author
Steven Weil is a contributor to Information Security magazine.

This review orginally appeared in Information Security magazine.

This was last published in August 2005

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.