Software Equipped With Human Brains

Vircom, developer of the ModusMail anti-spam and anti-virus product, has released ModusMail 2.0. The updated product is more customizable, making it easier to serve customers with different needs or requirements.

The basic product includes an updated anti-spam engine utilizing the Sieve mail filtering language [.txt” as developed by the Internet Engineering Task Force (IETF). Sieve enables Vircom and its ISP clients to write simple scripts that will help the software identify specific problem spams using only part of the spam message. For example, an ISP could ban all messages containing a specific 800 number.

Vircom has included a stand-alone Sieve editor and command-line syntax checker to make it easier for ISPs to write their own scripts. Vircom continues to maintain its customer network, the Vircom Anti-Spam Coalition (VASC), which encourages users to submit scripts to Vircom so that they can be checked and then shared with other Vircom customers.

The ModusMail scanning engine uses several other strategies besides Sieve to fight spam—for example a technique Vircom calls “Body Purification” which strips out the HTML and allows the Sieve engine to focus on the text that the end-user would see. Daniel Roy, Vircom product manager, said that some spammers hide their messages from scanning engines by breaking up key words with code that fools some anti-spam engines, so the spam is still delivered to the end-user. The engine also uses a Perl-like regular expression (Regex) engine for more powerful anti-spam search techniques.

The new engine is also more secure, fortified against specific types of mail server attacks such as Malformed MIME Attacks (MMAs) which are used to infect mail servers with viruses. The Vircom team has achieved added efficiencies, making the new scanning engine faster and more efficient.

Further enhancing security for ModusMail 2.0 is the option of using McAfee’s anti-virus product (for an additional fee) or Norman’s anti-virus product (which comes with ModusMail 2.0). Norman is more popular in Europe than in North America.

Being There

To better understand what it’s like to run ModusMail 2.0, we received Vircom’s marketing demonstration, which involves a walkthrough of ModusMail 2.0’s most important new feature, web-based administration. Vircom has built two consoles based on Microsoft Active Server Pages (ASP) technology, one for administrators called ModusWebAdmin, and one for end-users called ModusWebMail.

The ModusWebAdmin console is intuitive and easy to use. Features can be turned on or off with simple checkboxes or drop-down menus. Vircom includes RBL support. Roy said the company does not recommend the use of blacklists, but feels that its product should support them if customers want to use them. The console also allows administrators to select individual servers, identified by IP address, to be allowed to send mail to the scanning engine. It can even allow servers to pass traffic through ModusMail without any action at all. Numerous other features are available at a click of the mouse. Anyone interested in the product should contact Vircom and take the tour.

ModusWebMail provides an equally intuitive interface for end-users. It allows subscribers to choose from three or more security levels for each category of spam (Adult, Money, Hoax, Patterns, Health, and Goods), and even to disable filtering of a particular category if they wish (although the administrator can override this). Subscribers can also use the console to set up vacation autoresponders, and choose whether to delete viruses and spam or place them in a quarantine mailbox.

Roy said that spam is becoming increasingly sophisticated, and that spammers have not yet fully unleashed their arsenal because old spam techniques still work. As anti-spam software becomes more sophisticated, only those solutions that can adapt as the spammers adapt will survive.

One new technique for getting spam past anti-spam filters he calls “random serialization” and simply involves adding a random number within the body of every spam message sent out. If an anti-spam engine is using checksum, looking for a specific message, it will fail to block messages that differ even only with the insertion of a single random number.

A more sophisticated serialization technique he calls “dictionary serialization” requires a text, such as Tolkein’s popular “The Lord of the Rings” trilogy. The spam program inserts a random 50-word quotation from the book in each message. Spam engines such as the open source SpamAssassin, which use key words to identify spam, may be confused by the inclusion of words the end-user likes to see such as “magic” or “Tolkein” and may ignore other words that indicate the message is spam.

At its simplest, serialization simply requires the insertion of a time stamp (which can be falsified). The time stamp ensures that few spam messages are identical, byte for byte.

Roy says some spammers simply use unusual MIME formats, such as base64, which some anti-spam programs cannot scan but Microsoft Outlook and other mail clients can decode.

At present, few spammers are using the two most powerful weapons in the spammer’s toolkit, graphic spam and viral spam. Viral spam uses Windows Messenger or other OS vulnerabilities to bypass mail-based filters and send pop-up spam directly to users’ desktops. Graphic spam simply involves attaching an image file of the spam. Since there is no text, no text-based anti-spam engine can stop graphic spam. Instead, the method seems to be rarely used only because it involves large files which are inconvenient to spammers.

Roy is confidant in the face of new threats. “Working with ISPs pays off. Our system uses humans, and humans can adapt to new situations,” he enthuses.

Pricing and Availability

Pricing varies depending on the options ordered, but starts at $6,495 for a package covering 1,000 mailboxes on one server (packages for up to 20,000 mailboxes are available). The Norman Data Defense anti-virus engine is included (an extra fee is charged to users who select McAfee anti-virus instead). Optional additions include remote installation and POP3 migration service. The package comes with one year of updates and anti-spam Sieve script definitions.

A high-end edition of the software, installed on Stratus Fault Tolerant Servers (ftServers) is also available, but pricing was not disclosed.

In early February, the company will release ModusGate 2.0, which provides the Sieve, anti-spam, and blocking features of ModusMail but allows ISPs to use their existing mail server.

Later this year, the company will also release an updated version of VOP Anti-Spam Gate, supplying just the anti-spam features, for companies that already have a mail server and anti-virus system they like but do not yet have an efficient anti-spam product.

Related reading

/IMG/550/200550/google-gmail-logo-320x198
email3-1
Gmail-Logo
Gmail-Logo
<