Signature-based scanners are great. They've adequately protected users from computer viruses for many years. Unfortunately, beginning with the Melissa virus in 1999, antivirus scanners faced a challenging foe - the email-borne threat. Because signature-based scanners rely on known detection, new viruses require signature updates to be stopped. When a new worm travels via email, the threat can far outpace the ability of the antivirus scanner. Case in point: all antivirus vendors had updates for LoveLetter within hours of its discovery at 3 a.m. the morning of May 4,2000. Despite this, ICSA estimates that over a million computers were infected by 9 a.m. - long before antivirus updates could be effectively distributed to users. After LoveLetter's success, virus writers turned their full attention to mass-mailing email worms and the problem has continued to worsen.

MailDefense protects PC users by quarantining harmful attachments before they reach the user's inbox. While there is an option to automatically delete the attachments, quarantining provides a useful feature should a necessary executable-type file be blocked. MailDefense also removes scripts and ActiveX controls (often referred to as Active Content) from within the body of the email. This effectively neuters viruses such as JS/Kak and BleBla. Additionally, macros are removed from all Microsoft® Office files, with the original (macros intact) placed in quarantine. The end result is email that is safe to open, with no learning curve for the user. Because MailDefense works against both known and unknown viruses, it gives signature-based scanners a chance to catch up to these fast spreading threats. Of course, MailDefense is not standalone protection. There are other vectors of spread, including CD-ROM, floppy disk, and Internet downloads. Even wrapped software purchased in reputable stores has been known to be infected with the occasional virus. However, the most significant vector is email and it is this vector that has created the problem for signature-based scanners.

Installation is simple. The downloaded file is slighly over 8Mb's and is self-installing. Users need only double-click the file to launch installation. Default settings are at the most secure, with the features noted above. Protection can be customized either during the installation, or afterwards via the MailDefense interface. The size and duration of the quarantine directory can be specified, allowing older files to be overwritten when time or size limits have been met. A Report Viewer shows action taken on offending emails and an unobtrusive alert appears in the lower right corner of the screen when an email has been modified. MailDefense works cohesively with signature-based scanners, though the manufacturer recommends adding the MailDefense quarantine directory to the antivirus exclude list to prevent double alerting when known viruses are detected.

MailDefense is designed to protect POP3 clients such as Outlook® Outlook Express® Netscape® Mail, Eudora® and Pegasus®. MailDefense runs on Windows 95, 98, Nt, and 2000. According to the manufacturer, a version to protect web-based mail accounts such as Yahoo!® and Hotmail® is currently being developed with a release date scheduled for mid to late November.

Manufacturer's Website