Dr.Web for Microsoft Exchange Server

Enterprise Security Suite is an anti-virus plug-in designed to protect corporate mail systems against viruses and spam. It flexibly integrates into the system and processes each message and attachment dispatched to the server. All the messages are scanned before they are processed by the client part.

Enterprise Security Suite can perform the following functions:

Scan all incoming and outgoing messages in real-time mode.

Filter and block spam, use manually compiled black and white lists of addresses (if the anti-spam module is installed).

Isolate infected and suspicious objects to quarantine.

Filter email messages according to various criteria.

Group clients to simplify their management.

Log virus events in OS log and support an internal event database cmstracedb.

Collect statistics.

Support the common application settings on a distributed system of firewalls, including those organized in clusters.

Automatically update virus databases and components of the plug-in.

To facilitate working with the plug-in, it is launched fully automatically (at system startup) and uses convenient update procedures (once added to the Windows Task Scheduler).

Enterprise Security Suite uses virus databases which are constantly supplemented with new records to assure up-to-date protection. Also, a heuristic analyzer is used for additional protection against unknown viruses.

The plug-in operates on the Dr.Web CMS (Central Management Service), which supports the central configuration of application settings and components and remote administration via protected protocol HTTPS. Dr.Web CMS features an internal web server Dr.Web CMS Web Console with client authentication, thus, only the authorized administrators can access the application settings.

The interaction between the components and their configuration is based on internal service protocols operating over TCP. Such service protocols allow Dr.Web CMS to connect the application components with the managing service database cmsdb and with the internal event database cmstracedb located in the plug-in installation folder and based on the SQLite database.

The interaction between the components and Dr.Web CMS platform is carried out in the following way:

1.The application component connects to Dr.Web CMS service via the service protocol over TCP on its start (if it is a service) or on its loading (if it a library).

2.Dr.Web CMS registers the application connection and creates a data structure related to the corresponding application component in the cmsdb database.

3.Dr.Web CMS controls the operation of the application component by constantly monitoring the TCP session and the service messages exchange with the component.

4.In case the component state changes, Dr.Web CMS modifies the corresponding variables in cmsdb database.

Dr.Web CMS services installed on different servers can be organized in a hierarchy tree by the administrator, to support replication of parameters of cmsdb database with the Shared attribute of the application working with Dr.Web CMS. The parameters are copied from the main server to the sub-server one, thus, the servers tree parameters can be configured on the main host.