UNSW@ADFA

Information Communication and Technology Services

About ICTS

Support

ICTS Online

Services

Policies and Governance

Software

Wireless Network

Virtual Private Network

 

Mail Gateway – Spam and Viruses

Email-borne threats are an ever increasing problem that include virus attacks, spam, phishing (fraud), false positives, distributed denial-of-service* attacks, spyware, regulatory compliance violations and data loss.

ICTS at UNSW@ADFA has implemented the IronPort® Email Security Appliance (ESA) system, which incorporates preventive and reactive security measures to eliminate the broadest range of known and emerging email threats.

Each piece of email coming into UNSW@ADFA is analysed by an IronPort® ESA and is either rejected or delivered to a recipient.

The ESA applies a number of sophisticated checks to the email looking for indications that it is spam. Each indicator is given a score and a total generated.

Messages delivered to the recipient that the ESA determines have a high chance of being spam, have ‘[SPAM]’ prefixed to the subject line. The recipient is able to create rules in the mail client to handle messages where the subject line begins with ‘[SPAM]’, including moving the message to the junk email folder or deletion of the message without review.

IT Support staff can provide information on how to configure email clients to automatically process each message.

Detailed processing steps of IronPort® ESA

- Reputation filters perform real-time email traffic threat assessment of the sending MTA (Mail Transfer Agent). Email from known SPAM senders is not allowed into the appliance.

- LDAP (Lightweight Directory Access Protocol) query is performed. Email addressed to recipients not valid in the UNSW@ADFA Active Directory is not allowed into the appliance.

- AntiSpam module examines email headers, body and attachments to determine if message is likely to be SPAM. If positive, message subject is prefixed with ‘[SPAM]’ and continues through the queue.

- AntiVirus module examines email for viruses. Messages containing viruses are dropped by the appliance.

- Content filter examines email attachments. Attachments that are deemed to pose security risk are stripped from the message, and replaced with a text file listing the name of the attachment removed.

- Virus outbreak filters examine email comparing it to a database of current zero day** virus outbreaks. Messages containing new zero day viruses are dropped by the appliance.

*distributed denial-of-service is an attempt to make a computer resource unavailable to its intended users.

**zero-day refers to a class of computer threats that exposes undisclosed or unpatched vulnerabilities.

 

 

 
UNSW@ADFA