Enterprises should be providing anti-virus protection in two places. The first place, which is the primary target of most anti-virus solutions, is on the desktop. Desktop protection, both for individuals and staff within enterprises, is an important protection point, as this is where viruses generally attack.

M-Switch Anti-Virus offers complementary protection to desktop checking, by examining email messages as they come in and go out of an organization or service provider.

Boundary checking

A boundary email anti-virus solution has two components.

  1. The software that checks for viruses. This is a specialist anti-virus component that is not provided by Isode. Isode provides options to work with commercial packages from Norman or Sophos, and from the free (Unix) ClamAV package. Support for other anti-virus packages is generally straightforward to add.
  2. The software that handles the email, and controls which email is checked and how the overall process is managed at the email level. This is the capability provided by M-Switch.

What does M-Switch do to support Anti-Virus checking?

The basic function of M-Switch to handle viruses is very simple. It takes an inbound stream of SMTP messages, separates out the message content to hand to a virus checker, and then sends clean messages onward by SMTP. M-Switch can be easily inserted into an SMTP message stream, to add anti-virus capability. The more detailed process is:

  • M-Switch has the concept of "channels" which perform specific functions on messages in the internal queue. There is a core anti-virus channel, which M-Switch uses to perform virus checking. This is programmable, so it may be invoked (by the same instance of M-Switch) with different parameters in different situation, or even with different virus checkers.
  • M-Switch can be configured to invoke the anti-virus channel on all messages, or on selected messages (e.g., "all inbound", "all outbound", "all messages from organization X", "all messages to user X".
  • M-Switch can control virus checking by size. In particular, virus checking can be skipped for very small messages (which are common and will be too small to carry a virus).
  • The virus checking channel can do various things on detecting a virus, including one or more of:
    • sending a customizable message back to the sender
    • sending a customizable message on to the intended recipient (example below)
    • removing the infected body part, and then replacing it with another body part (typically one that says "there was a virus infected thing here")
    • if the virus checker can clean up the virus, the channel can replace the infected body part with a clean one
  • The virus channel logs all activity, which can be processed into management reports as needed.
  • The virus channel has a framework, which can be used with any virus checker that provides an API or command line interface. Integration is straightforward. While the virus checker is usually run on the same machine as the message switch, it can also be set up to run remotely.

Why M-Switch Anti-Virus?

  • High Volume: M-Switch is a high volume message switching product used by large organizations around the world, that provides strong management capabilities, and flexible integration of value added processing. This makes is an ideal base for controlling anti-virus processing.
  • Virus Package Choice: M-Switch can be used with your choice of anti-virus package or packages (we recommend Sophos if you do not have a preference). Boundary checking should, to gain maximum security, use a different package to the one deployed on the desktop (Anti-virus companies generally fail to make this important recommendation)
  • Warnings: M-Switch can deal with virus infected messages automatically, sending warning messages both to sender and intended recipient, according to enterprise policy.
  • Flexible: M-Switch has a highly flexible configuration, allowing for example checking of outbound messages, checking procedures to vary according to message recipient.
  • Rock Solid: M-Switch has exceptional robustness and stability, including support for fail-over clustering and Off Site Hot Standby (Disaster Recovery).
  • Distributed: M-Switch can be deployed in a distributed manner, at one or more locations, sharing a single configuration.
  • Policy Control: M-Switch provides a basic boundary message policy framework, which can control the flow of messages in and out of the enterprise (e.g., to restrict who can send messages externally; to limit access to internal addresses and lists; to distribute messages to multiple internal mail servers).
  • Extensible to other applications: M-Switch can apply value added boundary processing in addition to anti-virus, such as address rewriting, message archiving, and anti-SPAM controls. By using M-Switch, you get a broad framework for managing boundary messaging, as well as dealing with anti-virus.