Trend Micro unveils virus cure and e-mail filter
November 15, 2001
The software incorporates a new kind of policy-based screen for e-mail suspected of harbouring viruses. The upgraded version of the product is also able to screen incoming and outgoing e-mail in companies for inappropriate content unrelated to work, and blocking mass-mailing viruses at the gateway between internal networks and the Internet.
The InterScan Messaging Security Suite for SMTP Version 5.0 can be downloaded from Trend Micro's Web site. It costs $6,469 (£4,516) for a 250-seat licence and will be available through resellers in December.
The suite is designed to retrieve instructions automatically from Trend Micro's servers to block e-mail matching the general characteristics of known virus carriers. Trend Micro's research division, TrendLabs, compiles the characteristics when their researchers discover new e-mail viruses. The InterScan suite can then automatically update these policy-based e-mail restrictions when the software checks in with Trend Micro's servers.
Antivirus software usually requires specific descriptions of a virus to block it. But virus writers have begun to build viruses that mutate, attack through unusual channels or are otherwise hard to describe for antivirus software. Policy-based defences are a stopgap measure that tries to buy researchers the extra time until they build the perfect cure.
Policy-based security software blocks e-mail with certain characteristics, such as a header with certain words or an attachment with a particular name, without digging into the code to specifically identify what it will do. But if the filtering policy is designed too broadly, legitimate e-mail may also be unintentionally blocked because it looks similar to virus-infected e-mail.
Trend Micro plans to work with early adopters of the policy-based security update service to define what kinds of policy modifications are appropriate and to structure policy updates to meet those standards. Customers can evaluate the service on a trial basis at no cost.
The company sees broader uses in the workplace for policy-based screening. The policy-based content security feature allows administrators to set parameters for filtering malicious content - but leaves the definition of "malicious" up to the administrator. The filter can screen for any forbidden content in the message header, subject, body, or e-mail attachments.
Certain kinds of company information can be automatically blocked at the Internet gateway, as can e-mail with content inappropriate for the workplace, such as jokes, profanity or sexual material. Policies can be customised for specific departments, organisations or individuals.
As a defence against virus-infected e-mail, the security suite can also delete e-mail with mass-mailing viruses at the Internet gateway before it enters an internal network of computers, rather than the e-mail being blocked or deleted by a receiving computer's antivirus software.
Copyright © 2001 ComputerWeekly.com Ltd.