TrustLayer Mail

AntiVirus

How accurate is the virus filtering system?

The TrustLayer Mail service detects both known viruses (through its signature engine) and new threats by incorporating the latest proactive technologies and PandaLab's direct management of suspicious files. Together with quarantine management, this enables absolute protection against viruses, worms and Trojans. We are committed to offering a 100% virus-free service.

What virus protection guarantees does TrustLayer offer?

With respect to the antivirus filtering service, TrustLayer offers a 100% virus-free contractual guarantee.

What virus detection system/engines does it use?

The TL Mail service uses the Panda Software antivirus engine and is able to integrate other manufacturers' AV engines. It also uses TruPrevent™ Technologies enabling the identification of unknown malicious codes.

What is the update frequency of the antivirus engine?

The antivirus engine is updated automatically every time new signatures are released by Panda.

What happens to messages that contain viruses?

Messages with viruses are stored in the system's quarantine for up to 30 days, except known mass-mailing worms that spoof the sender's identity which are deleted directly, with only the log being kept for statistical purposes. After the predetermined time in quarantine, the message is automatically deleted.

Attachments thought likely to include a virus, and which do not match known patterns, are sent to PandaLabs for detailed analysis (if the client has subscribed to this AV Service), taking action (releasing or confirming its infected file status) in normally under 24 hours.

How can messages be seen in virus quarantine?

The system can be configured so that the addressee can see the message log in their virus quarantine, although they won't be able to access the messages. The log can include the sender (From), addressee (To), subject, date and time, as well as the name of the virus detected or reason for quarantine.

Can a message be released in the virus quarantine? Who does this?

Mail stored in the virus quarantine can be reviewed by domain administrators, who decide whether to delete or release them (sending them to the message addressee or redirecting them to a determined account) under their responsibility.

Does the system detect other types of attacks, for example, DHA, intrusion, etc.?

By combining tools and procedures, the TrustLayer Mail solution protects against directory, denial of service, intrusion attacks etc.

Does the system send notifications if it detects a virus? If so, to whom?

The system can configure different notifications if it detects a virus: to the addressee or administrator. Notifications can be removed for cases of mass mailing worms with spoofed sender addresses.

Content Filtering

What is content filtering?

The content filtering system is able to establish a series of policies for correct e-mail use. On the one hand, it can filter messages with attachments that the company considers are not work related (for example MP3 music files or movies in Divx formats). In any case, the domain administrator is able to configure the system to take appropriate action based on the policy established by their company: delete attachments, delete messages, notify the sender etc.

Why is it important?

In some countries the failure to take necessary measures to protect employees from offensive contents (sex, racism, insults, etc.) may mean a company is legally liable. Furthermore, unsuitable or unrelated work content may consume a significant amount of resources (memory, bandwidth...) and reduce productivity, increasing a company's costs.

What are the legal implications of filtering content?

This will depend on the legal situation in each country. In general, the company does not run any risk if it establishes an e-mail use policy and communicates this to all its employees.

How is it configured?

The extensions and the MIME types for filtering can be established in order to filter attachments. The administrator must configure the actions to be taken in case a message is categorized as unsuitable or includes unacceptable files.

AntiSpam

What is spam? Why filter it?

Nowadays, spam refers to junk mail or unsolicited commercial mail which floods e-mail systems around the world. Spam has grown at a dizzying rate over the last few years and is now a serious inconvenience for companies, since it collapses their IT systems and reduces employee productivity. According to Ferris Research (a specialist consultancy in this field), the cost of spam to companies in 2003 was $10 billion.

Who sends spam?

Spam is sent for financial motives. Different studies have shown that there is up to a 6% reply rate to junk mail, which results in an economic benefit for the spammer. According to the article "You CAN-SPAM" published in Internet News in 2004, a spammer can send 240 million messages in 4 working days with subsequent revenue ranging from $40,000 to $1 million. Although 40% of spam comes from the United States, other countries are now bolstering the trend.

How accurate is the spam filter?

The spam filtering system can detect between 92% and 99% of spam. The main problem is that spam is interpreted differently by different people. Widely distributed news or information bulletins may or may not be considered as spam. Increasing the filtering accuracy results in an increase in the number of false positives (messages classified by the system as spam, but not so by the user), as a result of which a balance is required. It is possible to obtain a level of false positives of less than 1 in 100,000 in an accuracy range of 92% to 95%.

When including addresses in their white and black Lists, users help to improve filtering accuracy.

What guarantees does TrustLayer Mail offer for spam filtering?

When it comes to spam filtering, and as a result of its continually changing nature, Panda Software cannot contractually guarantee the effectiveness of the system. TrustLayer Mail uses the most advanced technologies available and expert personnel 100% dedicated to combating spam, updating filtering rules, lists of known spammers, tables of unreliable addresses etc to guarantee the highest levels of detection at all times.

What spam filtering system does TrustLayer Mail use?

The spam filtering system is based on MailShell Technology, also including blacklists managed by Panda Software. Through artificial intelligence procedures, the system compiles and runs more than 300,000 checks to determine whether the message is spam or not, executing thousands of calculations in a fraction of a second. It is checked whether the message has been sent out en masse studying its similarity with other messages, and a message identifier (fingerprint) is created. It is then verified whether the sender or the IP address from which the message originates is of a dubious nature. The message's structure, format and content is later analyzed (including hyperlinks) to determine whether the majority of people consider its content suitable. Finally, tricks normally used by spammers for reducing the cost of sending messages and avoiding anti-spam filters are searched for.

How often is it updated?

The system is automatically updated every day, with the possibility of including changes in the rules and lists as they are produced by the GNOC. The GNOC can also alter the automatic updating periods to improve the system's effectiveness.

Is spam sent by the TrustLayer Mail clients filtered?

Outbound messages are not filtered by the anti-spam system. However, the GNOC operations center can detect mass-mailing of messages from clients’ mail servers and report these situations, in case these actions are due to inappropriate use of services or systems (for example, the server is being used or hijacked by spammers without the client’s knowledge).

What happens to messages that contain spam?

The domain administrator can determine the rules to be applied in filtering spam. These rules make it possible to configure on a user by user basis what actions should be taken with the message according to the spam analysis score. These actions include deleting the message, storing it in a quarantine system or marking its file header or heading with a particular text.

How can the end user see the messages in spam quarantine?

The end user can access their message quarantine through the Web console or by configuring the system to periodically send a summary message of the quarantine status with a link to the corresponding TrustLayer Mail Web console.

Can a message be released in the quarantine? Who does it?

Messages in the spam quarantine can be released (sending to the original recipient or to another mail account) by the domain administrator or recipient (the user to whom the message is sent) if they are authorized for this.

What type of clients need a filtering service?

Clients are mainly companies. For them, mail security is likely to be critical to their business, due to the risk of receiving viruses or malicious codes and the need for guaranteeing its availability. Furthermore, the cost of managing an increasing volume of unwanted mail (spam) makes the business case for a filtering system more convincing. Many countries are also establishing regulations which means companies have to observe certain mail management practices (avoiding unsuitable content of a sexual, racist nature etc, guaranteeing the confidentiality of personal data, storing mails for certain periods...). Many countries neither have the knowledge nor the resources to manage this filtering by themselves, with the most logical option being to give the job to a service provider.

In addition, many consumers (private users of mail) require the filtering service, and a significant proportion is prepared to pay for a quality service which offers them certain guarantees.

Why a managed service?

Malware (viruses and other codes and malicious programs) is constantly trying to defeat protection solutions with increasingly sophisticated attacks and more rapid propagation. Mail is the main source of virus propagation (more than 85% today), and although clients can install software in their mail server or add appliances (specialized equipment for filtering and cleaning mail or Internet traffic), the managed solution offers greater filtering quality and effectiveness by having multiple technologies and a constant service available for updating systems continuously. In addition, the managed solution enables the storage of e-mails with viruses, spam or suspicious content in quarantine away from the client's systems. The managed solution offers the best experts, assuring mail security, availability and confidentiality without having to allocate internal resources, so that each company can focus on its own business activities.

What services are included with TrustLayer Mail?

TrustLayer Mail is a comprehensive mail filtering service. This includes Service Availability Management, Filtering Effectiveness Management, Threat and Security Management and Client Support processes.

• Availability Management constantly monitors the status of servers and applications and takes action in case of any incidents, in order to make sure that the filtering service is always available.
• Effectiveness Management keeps databases of virus signatures, spam filtering rules, black lists etc always up-to-date, monitoring filtering performance parameters and guaranteeing the updating of operating systems and applications.
• Threat and Security Management monitors general client mail threats (new viruses through PandaLabs, virus alerts/outbreaks, DHA), such as security threats to the filtering and cluster system (intrusion attempts, hacks...).
• 24x7 Customer support rapidly deals with queries or problems reported by clients.

What happens if a cluster server crashes?

The system has fail-over procedures, which means if a server fails others can assume its function. In case of any block in the software, the system watchdog will reboot the server. If a hard disk crashes, it can be replaced on the fly and the information will be recovered by structuring redundant disks. If the administration server fails, the system will continue filtering with the pre-established settings before the system failure.

What are the possibilities of losing a client's mail?

Practically none. If the cluster is not active, (for example due to a power loss), the sender will continue trying to send the message according to their retry policy until they manage to connect to the system. If the cluster is active, and the message has been received (notifying the sender), it will be stored in a redundant hard disk until delivery to the client mail server.

How precise is the virus filtering?

The TL Mail service detects both known viruses (through its signature engine) and new threats by incorporating the latest proactive technologies and PandaLab's direct management of suspicious files. Together with quarantine management, this enables absolute protection against viruses, worms and Trojans. We are committed to offering a 100% virus-free service.

What is the update frequency of the antivirus engine?

The antivirus engine is updated automatically every time new signatures are released by Panda.

What happens to messages that contain viruses?

Messages with viruses are stored in the system's quarantine for up to 30 days, except known mass mailing worms spoofing the sender's identity which are deleted directly, with only the log being kept for statistical purposes. After the predetermined time in quarantine, the message is automatically deleted.

Attachments thought likely to include a virus, and which do not match known patterns, are sent to PandaLabs for detailed analysis (if the client has subscribed to this AV Service), taking action (releasing or confirming its infected file status) in normally under 24 hours.

Does the system send notifications if it detects a virus? If so, to whom?

The system can configure different notifications if it detects a virus: to the sender, addressee or administrator. Notifications can be removed in cases of mass mailing worms with spoofed sender addresses.

What is spam? Why filter it?

Nowadays, spam refers to junk mail or unsolicited sales mail which floods e-mail systems around the world. Spam has grown at a dizzying rate over the last few years and is now a serious inconvenience for companies as it collapses their IT systems and reduces their employee productivity. According to Ferris Research (a specialist consultancy in this field), the cost of spam to companies in 2003 was $10 billion.

How accurate is the spam filtering system?

The spam filtering system can detect between 92% and 99% of spam. The main problem is that spam is interpreted differently by different people. Widely distributed news or information bulletins may or may not be considered spam. Increasing the filtering accuracy results in an increase in the number of false positives (messages classified by the system as spam, but not so by the user), as a result of which a balance is required. It is possible to obtain a level of false positives of less than 1 in 100,000 in an accuracy range of 92% to 95%.

When including addresses in their white and black Lists, users help to improve filtering accuracy.

What spam filtering system does TrustLayer Mail use?

The spam filtering system is based on MailShell Technology, also including lists, tables etc managed by Panda Software. Through artificial intelligence procedures, the system compiles and runs more than 300,000 checks to determine whether a message is spam or not, executing thousands of calculations in a fraction of a second. It is checked whether the message has been sent out en masse studying its similarity with other messages, and a message identifier (fingerprint) is created. It is then verified whether the sender or the IP address from which the message originates is of a dubious nature. The message's structure, format and content is later analyzed (including hyperlinks) to determine whether the majority of people consider its content suitable. Finally, tricks normally used by spammers for reducing the cost of sending messages and avoiding antispam filters are searched for.

How often is it updated?

The system is automatically updated every day, with the possibility of including changes in the rules and lists on a daily basis, as they are produced by the GNOC. The GNOC can also alter the automatic updating periods to improve the system's effectiveness.

Is spam that is sent by clients filtered?

Outbound messages are not filtered by the antispam system. However, the Operation Center can detect the mass sending of messages from the mail servers or their clients, informing of these situations, in case of any inappropriate use of services or systems (for example, that this server is being used or "hijacked" by spammers without the client's knowledge).

What happens to messages that contain spam?

The domain administrator can determine the rules to be applied in filtering spam. These rules make it possible to configure user by user what actions should be taken with the message according to the spam analysis score. These actions include deleting the message, storing it in a quarantine system or marking its file header or heading with a particular text.

How can the end user see the messages in spam quarantine?

The end user can access their message quarantine through the web console or by configuring the system to send a summary message of the quarantine status periodically, with a link to the relevant web console.

Can a message be released in the quarantine? Who does it?

Messages in spam quarantine can be released (sending to the original addressee or another mail account) by the domain administrator or addressee (the user to whom the message is sent) if they are authorized for this.

What is content filtering?

The content filtering system is able to establish a series of policies for correct e-mail use. On the one hand, it can filter messages with attachments that the company considers are not work related (for example MP3 music files or films in Divx formats). In any case, the domain administrator is able to configure the system to take appropriate action based on the policy established by their company: delete attachments, delete messages, notify the sender etc. Text analysis will be included in future versions by referring to certain predetermined dictionaries to decide whether the message is acceptable or not.

Why is it important?

In some countries the failure to take necessary measures to protect employees from offensive contents (sex, racism, insults etc) may mean a company is legally liable. Furthermore, unsuitable or unrelated work content may consume a significant amount of resources (memory, bandwidth etc) and reduce productivity, producing extra costs for the company.

What are the legal implications of filtering content?

This will depend on the legal situation in each country. In general, the company does not run any risk if it establishes an e-mail use policy and communicates this to all its employees.

How is it configured?

The extensions and the MIME types for filtering can be established in order to filter attachments. The administrator must configure the actions to be taken in case a message is categorized as unsuitable or includes unacceptable files.