Email system protection is intended to protect computers from dangerous programs spreading through email systems rather than for the protection of email systems as such.
Rather than attacking and damaging email systems, malicious programs try to get into users’ computers via email. For this reason there is no sense in protecting the email systems themselves from infection.
Protection tools are integrated with the email system to be able to scan transferred messages. A dangerous object found in a message is usually disinfected or blocked.
Comprehensive System of Anti-Virus Protection (CSAVP)
Today a single protection tool is rarely used for the protection of the whole network. A set of protection tools is usually used to ensure the protection of the network at different levels.
The protection tools should not conflict with each other and they must ensure comprehensive protection of the network. This means scanning of all the information flows that potentially may introduce infection. These principles are used for the selection of protection tools. A system built with these principles in mind is usually called a comprehensive protection system. In the context of anti-virus protection this would be a comprehensive system of anti-virus protection (CSAVP).
Comprehensive systems of anti-virus protection for typical networks have three protection levels:
Email system level
Network servers and workstations level
Separate anti-virus protection tools are used at each of these levels to ensure the comprehensive in-depth protection of users. Apart from this, comprehensive anti-virus protection systems use centralized remote administration systems for the efficient administration of a large number of protection tools, which mainly concern Network servers and the workstations level of CSAVP.
In practice, email system protection tools are used as part of a CSAVP rather than separately. A special case, though, are Internet providers’ email systems. However, Microsoft Exchange is hardly ever used in Internet providers’ email systems, for which reason this special case is not considered herein separately.
CSAVP without Email System Protection Level
A question often arises, why do comprehensive systems of anti-virus protection require anti-virus protection at all these three levels? Can only two or even one protection level be sufficient? As for the protection of Email systems, these questions may be formulated as follows:
Is it possible to create a comprehensive system of anti-virus protection without using the Email systems protection level?
Is it possible to use only Email system protection when creating a comprehensive system of anti-virus protection?
Two things should be remembered when answering the first question. Firstly, gateway protection tools do not check email correspondence. Otherwise, these are combined gateway and email system protection tools rather than just gateway protection tools.
Secondly, any network always has under-protected and vulnerable computers regardless of how thoroughly the administrator performs their network administration functions. There may be numerous different reasons. For example, a computer was turned off for a long time and still uses outdated threat signatures. Or, the user of a computer disabled the anti-virus protection. There may be various other reasons. The greater the number of computers in a network, the higher the probability that some of them are poorly protected.
As a result, in the absence of email system protection, viruses easily get into users’ computers. Therefore, the risk of infection is high, because there are poorly protected computers in the network. Reduction of this risk is precisely the reason for protection at the email system level. Email system protection blocks most malicious programs on the way to users’ desktops, and provides time for the administrator for the identification and solution of problems with the protection of certain computers.
CSAVP with Email System Protection Level Only
As to the second question, separate email system protection is even less efficient. Firstly, it does not block all pathways of virus propagation. For example, users may infect their computers by downloading malicious programs from the Internet. Secondly, malicious programs may get into computers despite the system of email system protection, for example, in the form of attached password-protected archived files.
Therefore, email system protection tools alone are not efficient for the protection of corporate networks and should be considered as only a part of comprehensive anti-virus protection systems.