[Top] [Prev] [Next] [Bottom]




MIMEsweeper operation


MIMEsweeper operation can roughly be divided into four phases:

The process involves the recursive disassembly of a mail message or Web data into its component parts. In the case of email, this disassembly includes all message attachments, for example, nested or compressed files.

All components are then checked against a number of configured validator instances, to generate a number of <Response> values. The <Response> values are compared, and one will determine the disposal route for the message or Web data.

MAILsweeper also has the ability to perform user authorisation checks, using the source and destination addresses of the message.

User authorisation

MAILsweeper has the ability to recognise the source and destination addresses of a message. It can make use of this information, for example, to control user and location access rights, or to set an attribute that can be used to give the message a sense of direction.

The `built-in' MAILsweeper validator, called AMUcheck, can be configured to perform these tasks.

AMUcheck makes use of a set of configured access rules. These rules specify different address combinations that may match with the source and destination addresses of the message.1

Each AMUcheck rule has an associated <Response>, in the form of a text string. This is the <Response> AMUcheck may provide as a result of the validation, when a rule match is found.

This <Response> is used, along with all the <Response> values generated during validation, to determine the disposal route for the message.

Disassembly

During disassembly, the email message or Web data is broken down recursively, into its component parts. These components may represent an archive, an encoding or a compression, in which case MIMEsweeper further processes the component. For example, if the component represents an archive, such as a TAR file, MIMEsweeper will extract and process each file until it is recognised as a raw data type. Examples of raw data are text files, bitmaps, binary files and application executables.

MIMEsweeper uses container handlers to perform recursive disassembly. Container handlers are able to recognise most common data types that may appear in the message or Web data and perform the necessary disassembly of each.

Recursive disassembly ensures that all the data is validated, even if the information is compressed, encoded, nested, or incorporates a variety of these techniques.

Validation

During validation, MIMEsweeper uses `plug-in' validators to check the content of each component generated during recursive disassembly. Third party vendors also provide plug-in validators for MIMEsweeper.

MIMEsweeper uses configured instances of these plug-in validators to perform the validation task.

Currently, the plug-in validators MIMEsweeper uses are:

Each validator instance checks the data held in each component generated during recursive disassembly and generates a validator <Response> to indicate the results of the validation.

MIMEsweeper collects the validator <Response> values generated by the validator instances2 and uses them to determine the disposal route for the message or Web data.

Evaluation copies of several anti-virus tools are included with MIMEsweeper. See the release notes for details.

Disposal

During disposal, MIMEsweeper selects a disposal route for the message or Web data, depending on the results of the validation.

Each disposal route comprises a list of disposal actions.

Disposal actions for MAILsweeper include:
Disposal actions for WEBsweeper include:
If Web data is blocked it is always discarded. WEBsweeper does not use quarantine areas to store the blocked data.
 



[Top] [Prev] [Next] [Bottom]



1 Using MAILsweeper generic address format, user@location.

2 For MAILsweeper, a <Response> may also be generated by the built-in validator AMUcheck.

3 Presently, up to ten quarantine areas can be configured.

msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.