SpIDer Mail is an anti-virus mail scanner that installs by default and monitors data exchange between mail clients and mail servers made via POP3, SMTP, IMAP4, or NNTP (IMAP4 stands for IMAPv4rev1) protocols. For Dr.Web Security Space products, SpIDer Mail also scans mail for spam messages using Dr.Web Anti-spam.
SpIDer Mail supports automatic interception of e-mail messages when mail clients connect to mail servers via the following standard protocols and ports:
| • | The POP3 protocol, port 110 |
| • | The SMTP protocol, port 25 |
| • | The IMAP4 protocol, port 143 |
| • | The NNTP protocol, port 119 |
In some cases when automatic interception of POP3, SMTP, IMAP4 or NNTP traffic is impossible, you can configure SpIDer Mail manually.
SpIDer Mail runs automatically at Windows startup and constantly resides in memory.
Mail Processing
Any incoming messages are intercepted by SpIDer Mail before they are received by mail clients. Messages are scanned for viruses with the maximum possible level of detail. If no viruses or suspicious objects are found, then messages are passed on to the mail program in a "transparent" mode, as if they were received immediately from the server. Similar procedure is applied for outgoing messages before they are sent to servers.
By default, SpIDer Mail reacts on detection of infected incoming messages as well as messages that were not scanned (for example, due to complicated structure) as follows:
| • | Malicious code is removed from infected messages, then messages are delivered as usual. This action is called curing the message. |
| • | Messages with suspicious objects are moved to Quarantine as separate files; the mail client receives a notification about this. This action is called moving the message. |
| • | Messages that were not scanned and safe messages are passed on to the mail client. |
| • | All deleted or moved messages are also deleted from the POP3 or IMAP4 mail server. |
Infected or suspicious outgoing messages are not sent to the server, a user is notified that a message will not be sent (usually the mail program will save such message).
If an unknown virus distributing through e-mail is resided on the computer, SpIDer Mail can detect signs of typical viruses "behavior" (for example, attempts at mass distribution). By default, this option is enabled.
SpIDer Mail uses Dr.Web Anti-spam spam filter which allows to scan mail for spam messages. By default, this option is enabled.
|
This option is available for Dr.Web Security Space products only. |
The default SpIDer Mail settings are optimal for beginners, provide maximum protection and require minimum user interference. However, by default SpIDer Mail may block some options of mail programs (for example, sending a message to multiple addresses might be considered as mass distribution, incoming mail is not scanned for spam), useful information from safe text part of infected messages becomes unavailable in case of automatically deletion. Advanced users can configure mail scanning settings and reaction of SpIDer Mail to various virus events.
Mail Checks By Other Components
Dr.Web Scanner can also detect viruses in mail boxes of several formats, but SpIDer Mail has several advantages:
| • | Not all formats of popular mailboxes are supported by Dr.Web Scanner. When using SpIDer Mail, the infected messages are not even delivered to mailboxes. |
| • | Dr.Web Scanner does not check mailboxes at the moment of the mail receipt, but either on user demand or according to schedule. Furthermore, this action is resource-consuming and takes a lot of time. |
Thus, with all the components in their default settings, SpIDer Mail detects viruses and suspicious objects distributed via e-mail first and prevents them from infiltrating into your computer. SpIDer Mail operation is rather resource-sparing; scanning of e-mail files can be performed without other components.
Dr.Web Anti-spam technologies consist of several thousand rules that can be divided into several groups:
| • | Heuristic analysis – A highly intelligent technology that empirically analyzes all parts of a message: header, message body, and attachments, if any. |
| • | Detection of evasion techniques – This advanced anti-spam technology allows detecting evasion techniques adopted by spammers to bypass anti-spam filters. |
| • | HTML-signature analysis – Messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with the data on sizes of images typically used by spammers, helps protect users against spam messages with HTML-code linked to online content. |
| • | Semantic analysis – The words and phrases of a message – both visible to the human eye and hidden – are compared with words and phrases typical of spam using a special dictionary. |
| • | Anti-scamming – Scam (as well as pharming messages) is the most dangerous type of spam including so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams. |
| • | Technical spam – Bounces are delivery-failure messages sent by a mail server. Such messages are also sent by a mail worm. Therefore bounces are as unwanted as spam. |