When it comes to protecting an organization against email viruses, most companies take a two step approach. The first step involves running antivirus software directly on the email server. This software
This two-tiered approach to protecting against email viruses works, but by depending on server- and workstation-level antivirus software, you are in essence allowing email viruses to enter your organization, but only in certain areas of your network. Don't get me wrong, I firmly believe that it is absolutely critical to run antivirus software on both servers and workstations. At the same time though, I have always felt that antivirus software should be the last line of defense against viruses, not the first (or only) line of defense. It is far better to keep viruses out of your network than it is to depend on your antivirus software to remove viruses after they have arrived.
One efficient way to protect your network against email viruses is to use hosted filtering. The idea behind hosted filtering is that you outsource virus scanning to a third party company. The company cleans your inbound email messages prior to their arrival at your mail server. Keep in mind that hosted filtering is intended to augment your current antivirus strategy, not to replace it. It is still critically important that you run traditional antivirus software that can protect your customer should a virus slip through the hosted filtering system, or in case a user should bring a virus into your organization through some other means.
How does hosted filtering work?
The key to understanding how hosted filtering works is to know a little bit about how the domain name system (DNS) works. Every domain on the Internet has a DNS server that is considered to be authoritative for that domain. At a minimum, this DNS server contains a host record that lists the IP address of your domain's Web site. Usually, the DNS server contains a mail exchanger (MX) record for a domain, which specifies the IP address of your domain's mail server. For example, if someone wanted to send an email message to email@example.com, their machine would perform a DNS query to find the MX record associated with the Contoso.com domain. Once this record is located, the client machine knows where to send the message.
Keep in mind, however, that when hosted filtering is used, messages need to go to the company that is performing the filtering, not directly to your mail server. Therefore, the MX record for your domain has to be changed to use the address of the filtering company's server. You can then provide the filtering company with the IP address to your mail server, and when someone sends a message to a recipient in your domain, the message goes to the filtering company first because of this change to the MX record. Once the message has been scanned for viruses by the third party host, the filtering company's server acts as a relay, passing the message to your mail server, where it is then delivered to the recipient's mailbox.
As you can see, hosted filtering is a great option for augmenting your antivirus protection. Even if you believe that your current antivirus solution is 100% effective, hosted filtering is still a great idea because it allows you to conserve Internet bandwidth since infected email messages are no longer being sent to your own mail server. As an added bonus, many of the companies that offer hosted filtering services also offer the option of filtering spam, thus allowing you to conserve even more Internet bandwidth.
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
This was first published in March 2007