Accellion blog has moved!

You should be automatically redirected in 6 seconds. If not, visit
and update your bookmarks.

Friday, August 04, 2006

Virus, via Email File Attachment, FTP/SFTP, or Website Download, is still a Virus

Summary: Virus and malware can find their way into your infrastructure via infected file attachments by ways of email, FTP/SFTP, and file hosting websites. A dedicated secure file transfer appliance with anti-virus option is a highly effective solution in addressing these concerns.

Virus/malware spreading through email attachment may be old news, but it is nevertheless real and particularly devastating if you are the victim. For this reason, there are a number of tools that email administrators utilize to check and block infected attachments such as dangerous attachment blocking offered by Microsoft. But, email is not built for virus/malware detection, so the onus is on the IT team and individual users to keep these bugs away by practicing safe hex.

Ideally, there are three layers of virus protection in a corporate IT infrastructure:

1. A virus checking and blocking box before the email server
2. A virus checking and blocking software plug-in installed onto the email server
3. A virus checking and blocking client on the user's desktop

Admittedly, when a brand new virus not yet recognized by the anti-virus solutions knocks on the door, you can only count on luck and common sense to keep yourself out of trouble -- but that is a pretty low probability in an enterprise context.

Well, what is the problem then, you might ask?

First of all, the ideal anti-virus regimen does not often exist. For example, most small to medium operations expect end users to check for viruses with their desktop anti-virus solution. Say the marketing department is working with an outside graphic designer on a big PowerPoint presentation. Lo and behold, the graphic designer picked up a PowerPoint virus unknowingly and sent it along as an attachment to the good folks at marketing who are most anxious to review the work. Ask yourself, how many marketeers will remember to check the attachment for a virus before opening it? Simple answer: it's not going to happen unless the scanning is automatic.

How about attachment size limits and ways of bypassing these limits? As discussed in prior posting, there is a time and place for attachment size limits, but users still need to send large files and attachments for everyday business processes. This is traditionally done via FTP/SFTP servers or file hosting websites which opens up additional channels for picking up a virus, amongst other things.

FTP/SFTP servers usually do not have an elaborate anti-virus scheme installed like email servers since the usage frequency is lower. So, if an external user --say it's our unfortunate graphic designer -- places an infected file onto the FTP server, internal users can unknowingly pick up digital cooties that way. And, there is already a reporting of virus designed for FTP.

Similar problem exists with file hosting websites, which act as a purely transitory storage unit. An infected file on the website is not a problem until the user downloads and try to use (activate) it.

So, having anti-virus for email and desktop are both important but insufficient conditions to prevent malware from finding its way into the enterprise IT infrastructure if FTP servers and website transfer is not closely monitored and controlled.

On the other hand, instead of putting patches around these processes and having sleepless nights on what other innovative ways infected files can sneak in, it seems a lot easier to get a dedicated secure file transfer appliance that comes with anti-virus options.

By centralizing the file/attachment transfer capability into a dedicated SFTA appliance, there is a cage to check files for virus and malware on upload and download regardless whether the sender and the recipient are external or internal users. In other words, there is no more concern about if external users are practicing safe hex and there are no more loopholes, like FTP or file hosting websites, in which infected files can sneak their way into the environment.

The Accellion Courier SFTA comes with the F-Secure virus scanning bundle. When you send a file via the appliance, or receive a file sent to you via the appliance, F-Secure can watch your back. I say “can” because virus scanning is optional, although highly recommended. The appliance administrator can choose no scanning, scanning only on upload, scanning only on download, or scanning on both upload and download. In other words, choose the mode that suits your business practices the best.


No comments: