Platform Certifications
Wireless ActiveSync® Support  View Flash Demo Sound required. Control the spread of viruses!
|
|||||||
Comparison of Anti-Virus Solutions
There are two main approaches for Mail Servers to incorporate the use of Anti-Virus. One way is to integrate the Anti-Virus engine into the mail server as a plug-in (AV enabled). The other method is to use an additional SMTP gateway that is provided by the Anti-Virus vendor and typically does not run on the same computer as the Mail Server. Kerio Mail Server can take advantage of both options; however, for the reasons outlined below KMS should only be used as an AV enabled Mail Server.
AV enabled Mail Server
The Mail Server uses a 3rd party AV scanning engine to scan all e-mail communication. This solution is transparent and does not require any changes in the existing network/client configuration. Under this scenario both the Anti-Virus component and Mail Server reside on the same physical computer.
SMTP based gateway product
Usually available from the AV vendor, this solution works by scanning SMTP communication before it is passed to the Mail Server. This is achieved by running the SMTP AV gateway as a separate component either on a remote computer or, in some cases, on the same computer as the mail server. This type of scenario is generally used only when the mail server cannot support an Integrated AV solution.
AV enabled Mail Server vs. SMTP AV Gateway
| Feature | AV enabled Mail Server | SMTP AV Gateway |
| Security | Modern mail servers support multiple messaging protocols, like IMAP, WWW based interface or MAPI. There are many ways that a message can enter the Mail Server system, not only through SMTP. Whenever a new message enters the system (or an existing message is updated), it must be checked for viruses. An AV enabled Mail Server will pass all email to the AV engine, regardless of the protocol used. | Only messages entering the mail system through SMTP are checked for viruses. If, for example, an employee of a company uses webmail to send a piece of mail to another employee within the same company, the email will be placed directly in the recipients mailbox without using SMTP protocol and therefore will never be scanned by the Anti-Virus gateway. |
| All components are part of the Mail Server. All email is therefore processed directly through the mail server, ensuring that no email could be delivered without being scanned. | If the mail server does not offer a sufficient level of security features it may be possible to bypass the AV SMTP gateway and send mail directly through the mail server. | |
| Functionality | The AV scanning engine does not interact directly with users or the administrator in case of AV related events. Interaction is rather performed by the mail server (notifiyng users/administrator of infected files). Messages coming from the messaging system (MailServer+AV) are more consistent, since they are generated by the MailServer only. | The AV software uses its SMTP service to gererate its own messages about AV related events. The AV does not know any users local to the Mail Server and cannot act accordingly so it will additionally rely on the administrator of the Mail Server to take further action. In other words, there is a reaction to an infected email from both the AV gateway as well as the Mail Server. |
| Configuration | By enabling AV functionality in the Mail Server configuration, the solution is up and ready. The administrator can configure AV functions from within the Mail Server administration. | The administrator will need to reconfigure the Mail Server to listen on different ports if both components are located on the same comptuer. This also requires that the AV SMTP gateway is able to send email using the TCP port that the Mail Server is listening on for SMTP mail. The SMTP service of the Mail Server must also need to be configured so that the AV SMTP gateway cannot be bypassed. |
| Relay Protection | The Mail Server receives SMTP mail directly, it can authenticate users through an SMTP session or use other verification means to suit a specific environment. | When SMTP-AV is deployed the AV SMTP gateway cannot use authentication because the SMTP-AV does not have the user database. It may support IP based relay control but this solution is only viable when trusted users have static (known) IP addresses. |
| Encryption | Many SMTP servers such as Kerio Mail Server support encryption using SSL to protect message content as it is transmitted over non-trusted networks such as the Internet. | These solutions usually do not support encrypted SMTP. This means that users on public networks may capture the SMTP communication and view the content of messages. |
Product Navigation
- Kerio Mail Server
- Administration
- Mobile Email
- Anti-Virus Protection
- Anti-Spam Protection
- Groupware
- Webmail
- Archiving and Backup
- System Requirements
Purchase Details
Related Info
- Windows VPS
- Interworx VPS
- Virtual Private Servers
- Shared Web Hosting
- Co-location
- Dedicated Servers
- Managed Services
- Firewalls
- Load Bananced
- Remote Backup
- Our Network
- InterWorx-CP
Customer Quotes
Town of Provincetown, MA, USA
"Since the first day we installed Kerio MailServer we knew it was a winner. All you have to do is spend a few minutes watching those virus-laden emails hit the email engine and you have a real feeling of security and confidence. Since we installed Kerio MailServer, viruses have become a thing of the past. With new features addressing SPAM we have seen a dramatic drop in the number of spammers bothering our users. One thing we really like is, Kerio is a company large enough to provide us with world-class software while remaining focused on providing personal support. I like the fact that I’m a person at Kerio, not just another license number"
Gary Delius, Director of Information Systems
© 2006- ZZ Servers. All rights reserved.