Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium



Posted on 2001-06-20
Medium Priority
Last Modified: 2010-04-11
Hi All
I hope I'm asking this question in the right section.  My company has an interjet which links to the outside world through a internet service provider (ISP).  E-mails from the outside obviously have to pass through the interjet before they go to the user accounts.  I am wondering how to put a virus checker onto the interjet (or whatever) so no e-mails with any viruses can enter our network.  Also am I right in assuming that the virus checker can be setup on 1 of the companys servers to monitor the whole network centrally.  Any help would be greatly appreciated
Question by:Botch

Accepted Solution

dcgames earned 400 total points
ID: 6210767
There are various ways to do this, and probably none of them have to do wtih interjet.

First, I have to ask if the "user accounts" get their e-mail from an internal e-mail server (like Exchange) or via POP3, pulling the e-mail from an ISP based e-mail account.

In the first case, the virus checking should be performed either in the exchange server or in a mail transfer agent en-route to the exchange server.

In the second case, the options are either to install the virus checker in each client PC so the mail is scanned as it is pulled, or to install a POP3 PROXY application. Your POP3 clients would request their e-mail from the proxy which would then get the e-mail from the ISP, apply virus checking, and forward to the user.

If you want full control I would suggest that you get an e-mail server that includes virus checking. The e-mail server can interact with ISP and your users don't seem much difference.

There are other options, such as virus checking in a firewall, etc., but I haven't used these.

For tiny home networks, I can recommend some e-mail servers that are cheap or free for low number of accounts.

For larger networks or for office lans, I GUESS that the cost of an e-mail server with virus checking is about the same as the cost of a proxy or firewall based virus checker.

LVL 11

Expert Comment

ID: 6211078
I doubt that you can install anything on the Whistle itself, but you might be able to put an e-mail gateway running virus software outside of the Interjet and have it receive and scan the mail and then pass it to the Interjet for delivery.  Norton AV makes a product for this called Norton AV for Firewalls and Internet E-mail Gateways.
LVL 17

Expert Comment

ID: 6211236
I would have to agree with Geoffryn that you need a "stop over" place for the email to be scanned before it is passed to the users and an email gateway would do the trick.
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.


Expert Comment

ID: 6216173
If you are concerned about e-mail sent to a specific DOMAIN (like the "company" e-mail), then setting up an internal e-mail server to receive all the e-mails and do the validation is best.

Second best is to install an MTA gateway that the e-mail is routed through.

The way it works, is that on the DNS servers for your domain you will have an MX entry showing the IP address for your SMTP agent (e-mail agent). You can modify this entry (or entries, cause there can be more than one) to point to an SMTP gateway that receives the e-mail, applies virus and spam checking, and either STORES the e-mail (if it is a fully functioning e-mail server) or FORWARDS the e-mail to the real e-mail server (if it is just a gateway).


On the other hand, this solution will NOT address people that have an e-mail account somewhere else (like YAHOO.COM, or HOTMAIL.COM or with their home ISP) and RETRIEVE these e-mails at work using a POP3 connection.

The reason is that POP3 goes directly to the ISP server and retrieves the e-mail. So your network really only knows that some TCP/IP traffic is occurring, but doesn't really know WHAT KIND of e-traffic it is, nor what is inside those packets.

To address this kind of problem the easy way is to make sure everyone has Virus software installed on their PCs.

The alternative is some kind of proxy coupled with physically preventing anyone from going to the internet for anything directly. Instead forcing them to go to the proxy. Doubt very much you could find a workable solution with this approach. At least not one you like.


Expert Comment

ID: 6221897
You should consider MDaemon and Winroute. These 2 programs running on an NT system with 2 NIC's together will replace the functionality of the Interjet. Then you can run any anti-virus software on that system. There is a "Mailscan" optional component, and it also has a neat feature that automatically strips attachments and saves them in a specified network drive (can be seperate for each user)

These programs are fairly cheap, but if you have 50 or more users, you can save money by continuing to use the Interjet, and using this system as a mail forwarder/scanner. Then you only need to buy the minimum user MDaemon since you won't be needing the mailboxes.

Winroute Pro is $700 for 50 or more users, but you can get the minimum (3 user Winroute Lite, $79) and use a hardware NAT device such as the SMC Barricade ($99) to extend the number of users to 253. NAT can be cascaded! I will provide details on how to do this if you need.

It is assumed your connection has a single static IP address. If you have more than one legal IP address (such as a "subnet 8"/5 usable) then you can use a hardware NAT device by itself, without Winroute, since one legal IP can be assigned to it, and one to the mail system.



Author Comment

ID: 6223730
Thanks for the comments.  I won't be able to give the points for another week or so as I'm still researching the suggestions as well as doing my normal work.  It will definitely be answered in 2 weeks.
regards Botch

Author Comment

ID: 6269587
Hi all
I am making an attempt at setting up norton anti virus this week so sorry for keeping you all waiting (I know everybody hates questions posted for too long).  As far as I can see from the manuals enclosed you can specify the IP address of your mail server in the configuration of the anti-virus and all e-mails will be passed through the norton anti virus before they go to the mail server to be passed around the company.  It is a complete solution Symatec Antivirus sol so I will give it a go this week.  I'll keep every 1 informed and close this question next week.  By all means send more comments

Author Comment

ID: 6311822
Hi all
Thanks for your patience.  It took me so long between doing other jobs and doing some research.  In the end the norton anti-virus package helped me to set up the system.  I put norton antivirus for servers on the companys servers and made 1 of them the primary server where all administration work is carried out for the whole antivirus setup.  Each destop has a copy of norton on it also and allows the admin to scedule scans & virus updates on the primary server for all network computers.  This as dcgames said looks at the mail going to the individual computers for viruses as in the second option.  I could have rerouted all incoming mail to my primary server (I think) before it went to the interjet to go to individual computers using norton for gateways but the other way was easier. Hope I explained what I did in the end.

Thanks everybody for their help

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question