The Anti-virus Times

Tuesday, November 20, 2018

As a rule, a single anti-virus application is enough to protect a home PC or mobile device. Even if a computer or smart phone runs uncommon applications, people rightly assume that an anti-virus will take care of them too. Meanwhile, things are different with servers.

Take files, for example. In addition to server software, one also has to protect the files that are being processed by various servers. Let's assume that we need to protect a mail server.

We have two options. A server processes emails and saves them:

1. as a queue of ordinary files on the disk (a variety of mail servers for Unix-like systems, including Linux, use this approach);
2. in a special database.

In the first case the solution appears to be fairly simple: install the good old Dr.Web SpIDer Guard file monitor (it is very good at parsing email formats), and no email message will escape its attention.

But that's only at first glance.

• What will happen if the file monitor detects malware in a message and deletes it from the message queue directory? The mail server will discover that a certain message or messages have suddenly disappeared.
• And what if the file monitor blocks all the other processes from accessing the email while it is being examined? And then the mail server attempts to delete the message because it has just been sent and won't be able to?
• And what if the mail server deletes the message nonetheless (this is quite possible under Linux), and it’s the file monitor that discovers the message is gone?

Those are complicated situations that can result in errors and abnormal termination. No one should meddle with the workings of servers! That's why Dr.Web Mail Security Suite solutions (except for Dr.Web for Unix mail servers) and Dr.Web Gateway Security Suite applications are implemented as plugins that utilise all sorts of APIs to perform their tasks. We are going to discuss those in detail in another issue.

Furthermore, because mail traffic may be processed by multiple servers or by a server cluster, with plugins one can avoid situations when the same messages are examined multiple times. This may not seem like a big deal, but it speeds up scanning.

That's why additional anti-virus software is needed to protect server processes. For instance, Dr.Web Mail Security Suite is responsible for protecting mail servers. Therefore, if a mail server is being run on a computer, two anti-viruses must be installed on it: one will protect the system and server software, while the other will examine the files processed by the server. In our case, the protection is provided by Dr.Web Mail Security Suite and Dr.Web Server Security Suite.

If a Windows server running Microsoft Exchange requires protection, two Dr.Web solutions from the suites must be installed on the computer, namely, Dr.Web for Windows Servers and Dr.Web for Microsoft Exchange.

It is worth mentioning that customers often don't understand why several anti-viruses must be installed on a server or even believe that the anti-virus protecting the server machine must be able to take care of all the running applications and data transmitted via the server.

And because many people keep asking us about this, let's talk about how Dr.Web software for mail servers is licensed. There exist three types of licenses:

1. Unlimited license Scan an unlimited amount of email traffic on any number of servers for any number of users. This best suits customers who don't know exactly how much email traffic they need to process and how many customers they have at the given moment. ISPs are a typical example. The number of customers they have can change over time. Therefore, buying a license that covers a specific number of customers is not practical.
2. Per-server license With a per-server license, one can scan unlimited email traffic for a server with the number of protected users 3,000 or fewer.
3. Per number of protected users. This is the most popular license type. It provides protection for a specific number of email-using employees.

#Linux #server #email