Join our Blog!
Twitter Us!

Untangle - Professional-Grade Security Solutions.Untangle Spam Blocker

Block Viruses at the Network Gateway

 

Untangle Spam Blocker Overview:

Spam Blocker enables administrators to block spam at the gateway before it ever reaches the users. Zero client installations and an intuitive GUI make it easy for administrators to:

  • Leverage the best spam filtering techniques including Bayesian Filters, Razor, realtime block lists (RBLs), OCR for image spam and tarpitting
  • Provide individual quarantines for each mailbox
  • Filter SMTP, POP & IMAP

Spam is the bane of small businesses’ existence. It can not only bring viruses onto your network, but it can take over your computers and send spam to other computers.

And it impacts you in other ways. According to a recent study, the cost of spam messages to U.S. companies—in terms of productivity and the equipment, software and manpower to combat it—was upwards of $10 billion in 2004.

So the key is to stop spam before it stops you.

Our powerful Spam Blocker protects you with top-notch spam scanning and blocking at the edge of your network—before it can do damage or slow you down. Using the latest technologies, Spam Blocker transparently scans for spam, marks messages and intercepts emails. It requires no alteration of your network’s mail configuration and is constantly updated to guard against any refinements in trickery or techniques that senders create to get around other solutions.

Key Features:

  • Open Source & Free Under the GNU General Public License (GPL)
  • Quarantine Digest — our Spam Blocker is optimized to make sure “good” mail is never mistaken for spam. However, if a “good” mail is ever identified as spam, Untangle Spam Blocker gives each team member in your company their own personal “quarantine” list. They can find that email without having to track down an administrator
  • Personal Passlist — users can designate certain email addresses as “good” without having to bother your IT person
  • Image based filtering — scans images within emails to stop this new type of spam
  • POP, IMAP and SMTP support

Reports give a comprehensive view of the spam environment on your network, including the source of the spam and how much spam is received in aggregate and by user

Free download!

Technical Specifications:

Spam Blocker is an intelligent email filter that identifies Spam—unsolicited bulk email. Spam Blocker can scan any email that is transported by the following protocols:

  • SMTP
  • POP
  • IMAP

Each protocol has a set of controls to customize how Spam Blocker:

  • Scans for spam
  • Notifies users of spam
  • Manages spam

Through the user interface, you can define the threshold that instructs Spam Blocker to be strict, lenient, or somewhere in between. To handle the spam, simply use the properties that Untangle Server provides to instruct Spam Blocker to take any of the following actions:

  • In the subject of the email, insert the phrase [Spam], and allow users to filter spam to a special folder.
  • Send the message to the recipient without labeling the email as spam
  • Block the message without notifying the recipient that the message was blocked, and record this action in the Event Log
  • Quarantine the message so that you or your users can investigate spam and take further action
  • Notify the sender that the email was blocked
  • Withhold notifications

Under the Hood
Spam Blocker implements a rule-based architecture that leverages the open-source project SpamAssasin. No one rule can flag email as spam. It's the collection of rules that identifies email as spam. Each rule outputs a confidence level. The combination of each rule's confidence level produces a spam score. This score identifies the likelihood that the email is spam. The user-defined threshold you use to customize Spam Blocker's scanning sensitivity is based on this score.

What It Does

Transparently scans SMTP, POP and IMAP traffic and blocks, quarantines or marks spam

How It Does It

Uses SpamAssassin, Razor, Bayesian filters, DNSBL/RBLs, optical character recognition (OCR), tar pitting, custom tuning and updates

Controls

  • SMTP: Can quarantine, mark, pass or block incoming and outgoing with or without sender notification
  • POP and IMAP: mark or pass incoming and outgoing (the nature of POP and IMAP protocols prevents messages from being blocked or quarantined, but they can be scanned and marked)
  • Global and per-user safe lists and quarantines
  • Browser-based user tools for managing individual quarantines and safe-lists
  • Scan strength adjustable per protocol per direction

Screenshots:

 

Filter SMTP, POP, and IMAP
Filter SMTP, POP, and IMAP
(Enlarge Image)		 Filter Inbound and Outbound
Filter Inbound and Outbound Messages
(Enlarge Image)
Spam Logging
Spam Logging
(Enlarge Image)		 Individual Spam Quarantines
Individual Spam Quarantines for each Mailbox
(Enlarge Image)
Spam Quarantine
Safelist Messages from the Spam Quarantine
(Enlarge Image)		 HTML Reporting
HTML Reporting: Network Level Overview
(Enlarge Image)
PDF Reporting
PDF Reporting: Spam Incidents
(Enlarge Image)		  

Spam Blocker FAQs:

How do Untangle Server's Virus Blockers compare to "brand-name" virus blockers?

According to an independent evaluation, Virus Blocker "beats the pants off its commercial competition".

If I use the Untangle Server, do I need to install virus software on individual network computers?

If you have Untangle's Virus Blockers running on the Untangle Server, the Untangle Server scans all inbound and outbound email traffic that goes through the Untangle Server. This protection is your first layer of protection. Imagine this scenario: "Angela is a Resume Writer at Angelic Resumes, Inc. One day she works from a remote location, and downloads an infected file from the Internet to her personal laptop, then to her USB drive. She returns to the office the next day, and, using the USB drive, saves the infected file directly to her desktop computer. Her desktop computer is now infected with a virus. To make matters worse, she emails that file to her coworkers. Her coworkers download the file, and now their desktops are also infected."

In this scenario the file was transfered without going through the Untangle Server. If Angela had emailed the file to her coworkers work email accounts from her personal email account, that email would have passed through the Untangle Server, and the Untangle Server would have prevented the virus from entering your protected network.

You cannot fully ensure that all traffic enters and exits your Untangle Server, Untangle recommends an additional layer of protection. Consider installing anti-virus software on all network desktops and laptops.

For Email, why is blocking (or quarantining) of emails when a virus is detected not always an option?

Only the SMTP protocol allows the Untangle Server to block email messages. The details of the POP and IMAP protocols do not allow the Untangle Server to block or quarantine email messages.

When configuring my Untangle Server to mark virus emails received over IMAP, the subject of the mails changes to [VIRUS]... only after I click on the message. Why?

Most IMAP clients first fetch summary information about emails (subject, sender) so the end user can see a preview list of messages. Only when the user selects (clicks on) the message is the actual content of the message retrieved from the server and the Untangle Server is able to scan the message. Unfortunately, some email clients do not detect the change in subject and update their preview list when the Untangle Server marks the message.

What happens to virus hoaxes?

Spam Blocker, not Virus Blocker or Kaspersky Virus Blocker, blocks virus hoaxes because this type of email is spam, and does not carry an actual virus.

If I have both virus blockers installed, are one or both used and in which order?

If you have only one virus blocker installed then only that scanner will be applied, according to the settings you have established, assuming the Rack element is powered up. If you have two virus scanners installed then the "for fee" service is applied to a message first: if a message passes the "for fee" scanner then and only then the open source scanner is applied to the message (there's no point in scanning the message twice if the first scanner has rejected it.) This is not to say one scanner is inherently better than the another: we point this out in the event you are evaluating the two scanners against one another to determine which or both best fits your needs. In this case, note that the "for fee" scanner is complemented by the open source scanner and in the case of a virus-free message, the computational overhead of the virus scan includes both scanners; where as a message that would be rejected by both scanners incurs the computational and time cost of just the "for fee" scanner. So, to perform a valid comparison, you should run test messages through the Untangle Gateway with no scanners installed, the "for fee" scanner by itself, the open source scanner by itself and lastly both scanners installed together and compare the results.

How can I test that viruses are being blocked?

An easy way to test HTTP virus scanning is to download the eicar test from a machine behind Untangle. If virus scanning is not working the file will download successfully (it is harmless). If it is working a block page will be displayed.

Hardware Requirements:

  • The Untangle Server requires a dedicated PC installed at the gateway to your network.
  • Your hardware does not need an operating system - the Untangle Server installs its own operating system.
  • The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Sizing Guidance

Recommended Configurations (New Hardware)

When purchasing new hardware, spending a couple of extra dollars to meet the following recommended configurations provides the best value.

Resource Up to 50 Users Up to 100 Users Up to 300 Users
Intel/AMD-compatible Processor Pentium 4 equivalent or greater Dual Core Dual Core
Memory 1 GB 1 GB 2 GB
Hard Drive 80 GB 80 GB 80 GB
NIC's 2 (3 for DMZ) 2 (3 for DMZ) 2 (3 for DMZ)

Verified Configurations (Trials, Refurbished or Repurposed Hardware)

These are the lowest verified hardware configurations that provide reliable — albeit sometimes slower — performance in production. However, it may be possible for organizations with lower than average network traffic or organizations that do not wish to use all of the modules to run Untangle on smaller systems.

Resource Up to 50 Users Up to 100 Users Up to 300 Users
Intel/AMD-compatible Processor 800 MHz 1.2 GHz 1.6 GHz
Memory 512 MB 1 GB 2 GB
Hard Drive 20 GB 30 GB 40 GB
NIC's 2 (3 for DMZ) 2 (3 for DMZ) 2 (3 for DMZ)