> The problem is that Norton IEG and Viruswall, among others, do not
> detect inline attachments. Inline attachments are how files are sent
> when creating a message using a web browser.
When using a web browser, the file gets sent to the IMail web server in a non-mail
format. But, the IMail web server should convert it to MIME and the user receiving
the E-mail shouldn't be able to tell whether the file had originally been sent by a
regular E-mail program or through the web.
> Just for fun, send the EICAR test through your server by attaching
> it to a message using a browser. Then send it again using a mail
> client app. The first will get through, the second will be caught.
The reason for this is that through the web browser, the mail goes directly to the
IMail server. If the account is local, the virus will stay. If the account is not
local, the virus will only get caught if IMail is set to send through a gateway that
has virus scanning.
When you send through a mail client, it should be set up to use the virus scanner as
its SMTP server.
> If IMail allows hooks, I wonder if any package would "see" files that
> are inline?
It should, as at that point, there should be no difference between the way the file
looks as sent via an E-mail client and through the web.
> Anyone know what the message looks like at the point an
> external program would be called?
Not definitely, as I haven't gotten it to work yet, but I know how it should look. It
should look exactly the same as it looks in your .MBX files (MIME encoded). A mail
client shouldn't alter the body of a message (everything after the headers) without
the mail administrator knowing about it (IE adding a disclaimer at the end of all
E-mails).
Of course, I could be wrong about something here. But, I feel pretty confident this
is how it works.
-Scott
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Pierre Stone
Sent: Wednesday, May 17, 2000 9:40 AM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] An Anti-Virus idea....
> The web mail interacts directly with IMail - bypassing all the gateways,
> scanners, etc between it and the mean nasty world out there. Unless
> Ipswitch puts hooks into IMail to support AV scanning, this will be a big
> hole in your defenses.
>
> I don't have any solutions (yet), but I thought I'd throw this out.
Try this. http://www.networkweek.com/special/story/NWW19990416S0004
Now we use "Trend Micro Trend InterScan VirusWall 3.32" as our SMTP, HTTP
and FTP Gateway.
So, when our users use the IMail Web Gateway, then he/she will be under our
VirusWall protect. But it still has a security hole -- If our uses did not
go thru our VirusWall Gateway.....
The following are my solutions:
1. Force Internal users use PROXY. Interscan VirusWall can be the PROXY, and
it can use with MS Proxy.
2. When users need to connect to the IMail server from outside by using
IMail WEB Gateway, ask them to use the Interscan VirusWall as their Proxy
Server.
3. Only allow the registered users can use this Proxy Server.
This way sounds stupid, but it really can work.........
Or, try to use SessionWall-3 as your LAN Security monitor, configure
SessionWall-3 to monitor and sacn the IMail WEB Gateway out going packages.
(This is the last wall to prevent the known viruses, since some users don't
like to use PROXY, so this is the last defense line for them.)
Actually, now we use Interscan VirusWall and SessionWall-3 and a Firewall as
our Security Control System. Until now, we can fully detect and prevent all
the known Virus get into our LAN.
Here is our simple configuration layout:
Internet
|
Router
|
Firewall WAN Port Firewall LAN Port or DMZ
|
Sessionwall-3 Interscan VirusWall
|
IMail & WEB Server
|
Local LAN
Pierre Stone
Computer Management Assistant
American Resource Center
American Institute in Taiwan
E-Mail: [EMAIL PROTECTED]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
