Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (103)
  • add to favourites
    Add to Bookmarks

Unravelling the server tangle

Read: 8653 Comments: 2 Rating: 8

Tuesday, November 20, 2018

As a rule, a single anti-virus application is enough to protect a home PC or mobile device. Even if a computer or smart phone runs uncommon applications, people rightly assume that an anti-virus will take care of them too. Meanwhile, things are different with servers.

Take files, for example. In addition to server software, one also has to protect the files that are being processed by various servers. Let's assume that we need to protect a mail server.

We have two options. A server processes emails and saves them:

  1. as a queue of ordinary files on the disk (a variety of mail servers for Unix-like systems, including Linux, use this approach);
  2. in a special database.

In the first case the solution appears to be fairly simple: install the good old Dr.Web SpIDer Guard file monitor (it is very good at parsing email formats), and no email message will escape its attention.

But that's only at first glance.

  • What will happen if the file monitor detects malware in a message and deletes it from the message queue directory? The mail server will discover that a certain message or messages have suddenly disappeared.
  • And what if the file monitor blocks all the other processes from accessing the email while it is being examined? And then the mail server attempts to delete the message because it has just been sent and won't be able to?
  • And what if the mail server deletes the message nonetheless (this is quite possible under Linux), and it’s the file monitor that discovers the message is gone?

Those are complicated situations that can result in errors and abnormal termination. No one should meddle with the workings of servers! That's why Dr.Web Mail Security Suite solutions (except for Dr.Web for Unix mail servers) and Dr.Web Gateway Security Suite applications are implemented as plugins that utilise all sorts of APIs to perform their tasks. We are going to discuss those in detail in another issue.

Furthermore, because mail traffic may be processed by multiple servers or by a server cluster, with plugins one can avoid situations when the same messages are examined multiple times. This may not seem like a big deal, but it speeds up scanning.

That's why additional anti-virus software is needed to protect server processes. For instance, Dr.Web Mail Security Suite is responsible for protecting mail servers. Therefore, if a mail server is being run on a computer, two anti-viruses must be installed on it: one will protect the system and server software, while the other will examine the files processed by the server. In our case, the protection is provided by Dr.Web Mail Security Suite and Dr.Web Server Security Suite.

If a Windows server running Microsoft Exchange requires protection, two Dr.Web solutions from the suites must be installed on the computer, namely, Dr.Web for Windows Servers and Dr.Web for Microsoft Exchange.

It is worth mentioning that customers often don't understand why several anti-viruses must be installed on a server or even believe that the anti-virus protecting the server machine must be able to take care of all the running applications and data transmitted via the server.

And because many people keep asking us about this, let's talk about how Dr.Web software for mail servers is licensed. There exist three types of licenses:

  1. Unlimited license Scan an unlimited amount of email traffic on any number of servers for any number of users. This best suits customers who don't know exactly how much email traffic they need to process and how many customers they have at the given moment. ISPs are a typical example. The number of customers they have can change over time. Therefore, buying a license that covers a specific number of customers is not practical.
  2. Per-server license With a per-server license, one can scan unlimited email traffic for a server with the number of protected users 3,000 or fewer.
  3. Per number of protected users. This is the most popular license type. It provides protection for a specific number of email-using employees.

Why do we issue licenses for a specific number of users rather than mail addresses? After all, the latter approach would appear to be more logical. Furthermore, per-user licenses do not factor in various automated mailings, which can generate a significant portion of mail traffic.

As a matter of fact, we used to offer our customers a license for a specific number of addresses. But we discarded it because the customers (even the system administrators) couldn't tell exactly how many addresses/aliases they were using. Meanwhile, determining the number of employees at a company proved to be much easier.

What is an email alias? That's a forwarding email address. For example, if someone's real address is john@ххххх.com, then this person can be assigned such email aliases as j@ххххх.com or admin@ххххх.com. This feature may come in handy if a certain address must be assigned to another employee or discarded because it has caught the attention of spammers. Email aliases can be specified as sender addresses and changed quickly if the address gets compromised.

Why do we even mention email aliases? Under the per-address license, only real addresses are counted.

#Linux #server #email

The Anti-virus Times recommends

That you ask questions in the comments about this issue.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments