Virus, worm and spam protection

The Modular Messaging system bridges your telephony and TCP/IP networks, thus integrating voice and data services into a single unit. Users can access Modular Messaging using the various access mechanisms to exchange information in the form of e-mail, files, and data. Viruses and Worms are targeted mainly at the operating systems, Microsoft in particular.

Viruses are most commonly transferred through e-mail in the form of executable file attachments, through infected Web sites or through shared disk drives on the network. The Message Storage Server (MSS) supports the SMTP/MIME protocol for delivery of messages and does not scan incoming messages for viruses, so messages containing virus laden attachments may be received in the user's Modular Messaging mailboxes. Messages generated by the voice server (MAS) may contain sound files (.wav) and fax image (.tif) attachments. These messages are delivered to and stored by the MSS. When listening to the messages using the telephone user interface (TUI), the voice server may retrieve any message from the mailbox that may include messages containing viruses delivered from servers other than the voice server. Neither the message server or the voice server executes the attachment contained in a message, so these systems cannot become infected by messages containing a virus. Messages may be retrieved using e-mail clients connecting through IMAP4 or POP3 interfaces. Voice and fax messages retrieved using these e-mail clients will contain only sound (.wav) or fax image (.tif) files. It is therefore advised that users detach and not directly launch any other file attachment and scan them for viruses before use. In addition, an additional virus scanner can be configured to remove viruses before messages are delivered to the message server. A variety of such scanners are available on the market.

System administrators can also implement firewalls and Access Control Lists on the gateway routers to block any SMTP traffic from external sources. This will restrict spam mail, virus, and worm entry into the voice mail system. it is also advised that administrators use spam filters on the network for protection against spammers and unsolicited e-mails. Avaya recommends that you implement an "anti-virus protection software" directly on the corporate e-mail servers and on individual user systems to detect any SMTP/MIME viruses. Infected files, if detected, should be cleaned or removed.

Avaya recommendations

Avaya recognizes the concerns that customers have for deployment of Windows-based solutions, the timely installation of security patches, and the use of anti-virus software.

Patching

Avaya monitors the security patches released by Microsoft, determines if the patches are appropriate for Modular Messaging, and, if so, conducts tests to assess its compatibility with Modular Messaging. Information on obtaining the patches that Avaya determines are appropriate for Modular Messaging customers are posted in the form of security bulletins on the support Web site, http://support.avaya.com/security. Avaya endeavors to test and certify the compatibility of Microsoft Service Packs with Modular Messaging within 90 days of release of the service pack from Microsoft. Upon certification, Avaya might recommend that customers obtain and install the service pack directly from Microsoft. Customers should contact Avaya or refer to the Avaya support Web site, for latest advisories and reporting and security related concerns and other information. When appropriate, certified Microsoft service packs are included as part of the next release of Modular Messaging.

Avaya notification service

It is recommended that customers sign-up for the e-mail notification service of Security Advisories in the My Subscriptions section on the Avaya support Web site for receiving the latest security information. Customers are also advised to sign-up for Microsoft's security notification service.

Internet Explorer security

With Modular Messaging, Internet Explorer (IE) 6.0 will be installed on the MAS. It is recommended that IE should be used for Modular Messaging administration only. Microsoft recommends that you subscribe to their Security Notification Service. To do that you have to set IE to use lesser security settings. As a best practice, ensure that at least one computer in the network, other than the Avaya Messaging Application Server (MAS), is subscribed to the Security Notification Service.

Anti-virus software

Customers can choose to install and manage anti-virus software for added security at their own risk. For the current version of the Avaya Modular Messaging solution, Avaya allows customers to load anti-virus software on the Avaya Messaging Application Server (MAS). However, the customer must assume full risk for any undesired interactions between the anti-virus software and the Avaya product. Customers are responsible for the procurement, installation, and management of anti-virus products in all cases.

As a reference and example for customers, Avaya has tested the interoperability of Avaya Modular Messaging with three leading anti-virus products listed below. Notwithstanding the results of such testing, customers will continue to be solely responsible for the procurement, installation, and management of anti-virus products in all cases.

• McAfee VirusScan Enterprise Edition
• Symantec Antivirus Corporate Edition
• Trend Micro OfficeScan Corporate Edition

The intent for the Avaya interoperability test is to provide customers with greater confidence that such anti-virus products are compatible with Avaya Microsoft Windows-based voice messaging products. However, Avaya does not certify these vendors, nor endorse their products. Customers should verify that they use the correct edition of anti-virus software pertinent to the product. Avaya recommends the following regarding installation and use of anti-virus software:

Disable anti-virus software during installation of Avaya messaging products:

It is best to install anti-virus software only after the Avaya messaging products are installed. If anti-virus software is already installed prior to installing any Avaya messaging application, be certain to disable the anti-virus software before proceeding, and do not re-enable it until after the installation is complete and the correct operation of the Avaya product has been verified.

Scanning cautions:

Consider the impact that anti-virus scanning may have on the performance of the Avaya messaging servers prior to scanning for viruses in a certain way. Many anti-virus software products provide both �on-access� scanning, and �on-demand� scanning. For example, �on-access� scanning performs a scan anytime a file changes for any reason. This type of scan may have a negative impact on the relative server performance. As such, Avaya recommends the use of �on-demand� scanning, where scans are run on scheduled intervals. It is not recommended to employ any message scanning that could drastically impact the performance of the Avaya servers.

Anti-virus software administration:

When administering the anti-virus software, set it up to scan the hard disk once per week. There is little impact on performance when the scan runs, but it is still best to have the scan run during off peak hours. If desired, it is also acceptable to run the anti-virus scan every day, but still pick an off peak time to run the scan. In the case of Avaya Modular Messaging where multiple MAS servers are used, it is also acceptable to run the anti-virus scan on each system at the same time. Note that it is best to avoid scheduling the anti-virus scan at the same time as when a backup occurs on the MAS (which by default is 11pm every night). If a virus is found in a file then the anti-virus software should be set to attempt to clean the file first, and if that fails, to move the file to a different directory. Some anti-virus software applications default to scan on startup. This feature should be disabled or it will interfere with the time that it takes a system to come back online after a reboot. It is further recommended to schedule virus definition updates to automatically occur at least once per week. The updates should occur before the next scheduled scan time to ensure the latest DAT files are used during the scan, but updates should be avoided during a virus scan. Setting virus definition updates to occur every day is also acceptable.

General recommendations

The following are some general recommendations for limiting virus problems.

• Run the corporate standard anti-virus programs on a regular basis. Download and install updates to the anti-virus software when they become available from your anti-virus vendor.

• If you are using an anti-virus program, ensure that you are monitoring the supplier for the latest DAT files.

• Never open any files or macros attached to an e-mail from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then double delete them by emptying your trash. Delete spam, chain, and other junk e-mail without forwarding it.

• Never download files from unknown or suspicious sources.

• Avoid direct disk sharing with read and write access unless there is a business requirement to do so.

• Always scan a diskette from an unknown source for viruses, before using it.

• Back up critical data and system configurations on a regular basis and store the data in a safe place.

Anti-virus programs are available in the form of standalone e-mail hosts, firewalls, and routers with embedded scanning. Following is a list of some commercially available virus detection programs for e-mail gateways:

• Aladdin's eSafe Protect Gateway

• Computer Associate's eTrust Antivirus for Gateways

• McAfee's WebShield (Network Associates)

• Symantec's Norton Antivirus for Gateways

Additionally, following are some anti-virus solutions for Windows based servers:

• Symantec's Norton Antivirus for Windows

• Network Associate's McAfee VirusScan for Windows

• TrendMicro's Serverprotect for Windows

Top of page