Frequently Asked Questions
1. What is CyberSoft'’s SafeInternetEmail?
3. What happens when a message is blocked because it contains a virus?
4. Why are some of my messages being blocked as bad extensions even though they are in a zipped format?
5. Why do the spam notifications default to off?
6. How can we block foreign Character sets?
7. Can SafeinternetEmail detect keywords or phrases in the body?
8. How do I set the threshold for the Bayes filter in SafeInternetEmail?
9. Do you have a version for Microsoft Exchange?
10. I don’t know Linux, so will this system be too hard for me to learn?
11. Can SafeInternetEmail ‘park’ or delay oversized messages until the end of the business day?
12. When I hit the logoff button under my Mozilla v1.2.1 browser nothing happens.
13. What is the UAD option in the queue management section?
14. Can SafeInternetEmail be remotely managed?
16. How do I start the milter?
17. What should I do if I receive a spam that gets by your filters?
18. What should I do if I notice a false-hit by your filters?
19. What versions of Linux do you support?
Answers
Q: What is CyberSoft'’s SafeInternetEmail?
A: It is a solution that is meant to analyze incoming and outgoing e-mail at the internet gateway to block inappropriate e-mails from reaching an organization’s users. This type of solution is also known as spool and forward. By eliminating viruses, spam, bad extensions, and harassing e-mails at the gateway it greatly reduces potential threats such as offended customers or employees, system damage from virus infection, lost productivity due to spam, and intellectual property from leaving an organization. SIE is intended to be a reliable layer of security created for Linux or Solaris operating systems that utilizes a pattern detection engine that has been protecting mission critical systems for over 10 years.
Q: We are an organization that needs to receive material that is often blocked as spam with other products. How can I receive important messages even if it contains common spam messaging such as “Viagra” or “lower interest rates”?
A: SafeInternetEmail provides two different methods for configuring the system to your environment. First, there are twelve distinct categories of lexical patterns. They are unsubscribe, general, porn, community, credit, harassment, technical, business, gambling, medical, and contests. At a global system level you can select which of these category definitions your e-mail should be scanned for. Secondly, the custom filter creator allows you to create spam or harassing language exceptions for your organization. These will override any lexical patterns that contain language you want to accept.
Q: What happens when a message is blocked because it contains a virus?
A: SafeInternetEmail places it into a quarantine queue and can be released by the administrator. In many situations viruses are sent as bulk e-mail propagated from unsuspecting users. Since many of the attachments to these e-mails are the virus itself there is never a reason to clean it and allow it to pass to the users. Also, it is our firm belief that once an e-mail has been compromised it should no longer be trusted. Therefore, it is always better to try and get the original from the sender.
Q: Why are some of my messages being blocked as bad extensions even though they are in a zipped format?
A: Based on corporate policies many IT departments do not want end-users to receive e-mails that may contain executables, dll's, pifs, or many other files that can damage or change the corporate standard configuration. If you would like to receive e-mails that contain these types of extensions then add your e-mail address to the bad extension exceptions listing. The e-mail will still be recursively scanned for viruses.
Q: Why do the spam notifications default to off?
A: Since it is a common tactic for spammers to provide false “reply to” information it does not make sense to send a reply back to the sender. It is also counterproductive to have an e-mail sent notifying employees that a spam has been blocked. Although that option is available for companies that want to have internal notifications turned on it is not recommended.
Q: How can we block foreign Character sets?
A: Blocking foreign character sets is very easy with SafeInternetEmail’s custom filter creator. Create a definition that starts with a case insensitive phrase of \nContent-type: same line, case insensitive charset, same line euc-kr, lower level or, Big5, etc.
Q: Can SafeinternetEmail detect keywords or phrases in the body?
A: Yes, 90% of the lexical patterns created with SafeInternetEmail are based on patterns discovered in the body of spams.
Q: How do I set the threshold for the Bayes filter in SafeInternetEmail?
A: It isn’t necessary to adjust the threshold on SafeInternetEmail. The bayes filter implementation is uniquely based on the SmartScanFilter and VFind definitions utilized in SafeInternetEmail. The Bayes probability score is floating based on the corpus of messages processed by the system as good e-mail versus those blocked as spam. Reducing the threshold on our system actually increases the chance for false hits because you are lowering the probability score. The key to our Bayes filter is keeping it in training mode for at least two weeks with actual e-mail flow going through it.
Q: Do you have a version for Microsoft Exchange?
A: No, we believe that the key to good security is one of layers. By placing a Solaris or Linux based SIE system in front of your mail server you are receiving the following benefits.
1.) A second layer of protection between your actual e-mail server and the outside world is provided.
2.) Unwanted e-mail never needs to be processed by your real mail server which increases the return on investment in your original equipment.
3.) Redirecting your outgoing e-mail traffic through a SafeinternetEmail system also provides a secondary defense against outgoing viruses, harassing language, or intellectual property.
Q: I don’t know Linux, so will this system be too hard for me to learn?
A: SafeInternetEmail was designed to be a set it once solution administered through the GUI. For those less experienced in Linux we provide a Debian Linux ISO that installs Debian Linux 3.01 along with SafeInternetEmail on a new machine in under twenty minutes. Detailed documentation is available that walks you through the few command-line operations that need to be performed. For those that are technical enough to install a Linux machine from scratch we also offer step by step directions for installing Redhat 8, Redhat 9, SuSe 8.1 or Debian 3.0.
Q: Can SafeInternetEmail ‘park’ or delay oversized messages until the end of the business day?
A: SafeInternetEmail does not require this feature as optimal queuing techniques are used rather than first-in first-out techniques of other mail programs. With SIE e-mails are separated into various queues and then scanned in parallel. Smaller messages are released continually while larger messages are scanned until completed. Because of SIE’s optimal queuing processes there is no reason to delay incoming e-mails.
Q: When I hit the logoff button under my Mozilla v1.2.1 browser nothing happens.
A: The Javascript function window.close() is supposed to generate a confirmation dialog if the user requests to close a window that Javascript did not open. This behavior is present in IE and Mozilla versions prior to 1.2.1 (possibly also 1.2.0). In Mozilla 1.2.1, window.close() does not close a browser window, nor does it generate a confirmation dialog. According to the referenced developers’ documentation this functionality should work.
Q: What is the UAD option in the queue management section?
A: UAD stands for universal atomic disassembler and will show contents of the e-mail broken down into simpler forms. For instance, you may encounter an e-mail that was sent as mime encoded when viewed in the body mode. However, using the UAD option it will show the temporary files used to scan the e-mail for questionable content. UAD will break out the separate components such as header, html body, and text formats.
Q: Can SafeInternetEmail be remotely managed?
A: Yes, SIE comes equipped with a standard easy to use interface accessible via the web. There is no need for management consoles. Delegation of blocked messages can also be delegated to domain administrator or user level.
Q: SIE blocked one message from one of the online publications that I subscribe to. How can I prevent SIE from blocking any messages from that source?
A: Our lexical analysts have a large library of e-mails from legitimate e-mail lists that we subscribe to. Our definitions are continually checked against that to reduce the likelihood of false hits. However, sometimes messages from legitimate sources do get a little carried away on the marketing language. If you want to prevent blocks from that source again just list them as a spam exception sender under the scanning administration menu. This way all of the e-mails from that source will be allowed to pass without being stopped by our spam definitions. It is also a good practice to find out the legitimate subscribe lists from your users before turning the SIE server live. This way they can be entered as exceptions before spam blocking is turned on.
Q: How do I start the milter?
A: SafeInternetEmail does not use milter technology commonly found in other e-mail filtering products. So updates can be happen on-the-fly without requiring restarting of the milter. This process is patent pending and takes advantage of the flexibility of CyberSoft’s VFind Security Toolkit.
Q: What should I do if I receive a spam that gets by your filters?
A: Catching spam is a continual challenge. Although we do have numerous feeder accounts some e-mails do slip past our network. If that happens just send an e-mail to the following address:spam@cybersoft.com.
It is preferred that you forward the original message as an attachment (or "Redirect to..." on some mail clients), so that the original message headers are preserved. However, our lexical analysts will review and create patterns on subject body as well.
Q: What should I do if I notice a false-hit by your filters?
A: With the art of catching spam is also the art of not catching legitimate e-mail. This can sometimes be a difficult task, but one that we treat with utmost importance. Every definition is tested against a large database of legitimate e-mail and documents. However, if you notice that an e-mail was falsely stopped, send an e-mail to the following address: falsehit@cyber.com
It is preferred that you forward the original message as an attachment (or "Redirect to..." on some mail clients), so that the original message headers are preserved. The lexical analysts will determine which definition hit against it and modify as appropriate.
Q: What versions of Linux do you support?
A: SIE is currently supported on the Debian Linux 3.0.X platform. Other platforms could be made available. Legacy platforms are supported for current legacy customers.
Q: During the ISO install -- getting the error message -- cannot format disk -- unable to zero. error during partitioning. What does this mean?
A: The ISO was designed for use on IDE drives so that organizations can build custom appliances quickly. In order to work with SCSI hard drives you must install one of the supported operating systems from scratch so the drive is supported properly.
Copyright (c) 2005 by CyberSoft, Inc. All rights reserved world wide.
This product is marketed exclusively under license by the CyberSoft Operating Corporation and it's wholly owned division, CyberSoftInternational. Copyright 2000 - 2005