Newsletter International Q2 2011

PRODUCTS: Detecting and filtering malware - our anti-virus protection

Nearly every day there are new reports of viruses, trojans and other digital pests in the media. The creativity of the inventors of these small programs indeed continues unabated as we keep discovering new or modified malicious codes that present hazards. Here we explain just how we are able to prevent unwanted software from penetrating our filters and infecting the IT systems of our customers.

 

To protect our customers from malicious software by e-mail, we use five different protection mechanisms simultaneously. This way we are able to achieve our guaranteed virus detection rate of 99.99 percent. Our customers can forgo separate virus protection for mail traffic, thus saving additional license fees and relieving the CPU of the mail server.

 

The first test for infected attachments uses a modified ClamAV scanner. Based on their characteristic signatures, the scanner recognises computer viruses that are already known and rejects the respective e-mails. In order to improve the detection, speed and to prevent false-positives, the signatures are modified and supplemented.

 

The second detection stage is operated by antispameurope in cooperation with technology partner G-Data. Data containing potentially malicious code is constantly exchanged between the two companies, allowing for an ongoing analysis and updating of the filters. This allows new viruses and phishing variants to be detected early and filtered out.

 

The third step incorporates the company's proprietary virus scanner: this uses special signatures that have been specially developed and optimised for viruses that spread via e-mail. A minute-by-minute update of the signatures allows malicious software to be detected much faster, more flexibly and more comprehensively than with a generic system such as ClamAV.

 

The Phishing Filter from antispameurope offers special protection against "combined" attacks, for example by e-mail and the web. Here the filters look particularly for links in e-mail texts to any post-loading malicious code in order to analyse and prevent any harmful script commands or dangerous drive-by downloads. After all, viruses often are not sent automatically by e-mail but rather hide behind web sites that are pointed to by links contained in the e-mails that are sent.

 

Finally, antispameurope uses the specially developed outbreak engine to discover new viruses – often long before common anti-virus software has access to the corresponding signatures. For this purpose, the engine analyses incoming e-mail in what are known as “honeypot” accounts, which are used specifically to “capture” spam messages. The engine then examines the messages for any unusual attachments, links, senders or content. If the system detects a new threat, it very quickly creates a new signature so that subsequent e-mails containing malicious code are filtered out.

 

The anti-virus protection from antispameurope lets you be certain that undesirable, dangerous malware in e-mails can be filtered before they reach your systems.