GroupWise And Viruses, possible solutions

Recently there have been a lot of E-mail viruses coming off of the Internet. The trends indicate that E-mail viruses are going to be even more prevalent in the future. This is a document/discussion of GroupWise and virus protection. This document attempts to bring together solutions and ideas for customers regarding E-mail viruses and GroupWise.

Contents:
VIRUS ENTRY POINTS
NOTES ON WORKSTATION BASED VIRUS CHECKING WITH GROUPWISE
NOTES ON SERVER-BASED VIRUS SCANNING SOLUTIONS WITH GROUPWISE
EFFECTIVE METHODS OF HANDLING INTERNET E-MAIL VIRUSES COMING INTO GROUPWISE
THIRD-PARTY SOLUTIONS FOR GROUPWISE
FUTURE ENHANCEMENTS


VIRUS ENTRY POINTS

A full virus protection solution must include virus protection at all entry points. The most common entry points for viruses are the following:

Entry Point #1 - Viruses from software downloaded off the Internet
Entry Point #2 - Viruses brought in on removable media, (Disks, CDs and any other removable media)
Entry Point #3 - Viruses sent off the Internet through E-mail

Entry Point 1 and 2 can only be taken care of by a combination of desktop and server based virus scanning. Keep some important things in mind when thinking about a virus scanning solution at the desktop
and the workstation:

NOTES ON WORKSTATION BASED VIRUS CHECKING WITH GROUPWISE

A virus scanning solution at the desktop is needed, E-mail or no E-mail.

If a user uses the GroupWise viewing technology to view a document, then a document born virus cannot infect the machine. The document would need to be opened into it's native application. What's nice though is that GroupWise copies the file in it's native format into the workstation temp directory. When this is done a memory resident virus scanning solution will capture the virus-infected document and notify the end-user.

Virus scanning software at the workstation can consume a lot of resources. Virus scanners interact with the operating system so that they can scan every file that is read from, or written to disk. Virus scanning software even catches information that passes through memory. That's a lot of scanning! If an end-user's machine is low on memory their machine may use the hard drive to create virtual memory. The virus scanning utility will really bog down machines that have to do a lot of swapping to disk for memory. The advice then is to do your best to see that users are equipped with hardware that has sufficient memory.

NOTES ON SERVER-BASED VIRUS SCANNING SOLUTIONS WITH GROUPWISE

Virus scanning software at the server is a good measure. Virus scanning at the server cannot replace the function of virus scanning at the desktop.

Server based virus scanning solutions SHOULD NOT scan the GroupWise Post offices and GroupWise Domains. Why? The GroupWise message store is encrypted. Encryption renders virus scanning solutions useless. In fact, when a file is zipped using the popular ZIP file format, virus scanning software often cannot detect the virus, though newer scanners can sometimes scan inside zip folders and files. When you point your server-based virus scanning solution at GroupWise you cause needless processor overhead because the virus scanning software is scanning files that it can't possibly detect viruses in.

Perhaps a user might place a file into the E-mail input queues in an effort to sabotage the E-mail system. Even if someone were to place a file in one of the GroupWise queues in an effort to somehow route the virus into the E-mail system, the GroupWise agents would just throw the file away. The agent would throw it away because it would see that they file was not in the correct format, virus or no virus. The file would not be routed to the administrator either.

Another good reason to keep virus scanning software away from the GroupWise message store is that they sometimes gum things up needlessly. Virus scanning software seems to have difficulty related to the speed in which files move from one GroupWise queue into the next. They'll exert a lock on a file, but never release the lock for example. Do yourself a favor, use Client/Server connections to the GroupWise message store, and steer your server-based virus-scanning solution away from your GroupWise System.

EFFECTIVE METHODS OF HANDLING INTERNET E-MAIL VIRUSES COMING INTO GROUPWISE

Typically the biggest threat to your computing systems are the Internet propogated E-mail viruses. The best way to stop these viruses is at the entry point from the Internet. The GroupWise Internet Agent is the entry portal for Internet E-mail into the GroupWise System.

There are two approaches to providing an E-mail virus scanning solution.  See TID# 10007320 on how to configure the GWIA for these solutions. They are:

1. SMTP mail hosting with a virus scanner - Mail hosting means that the GWIA is not sending or receiving SMTP mail with Internet SMTP hosts. Another SMTP device, the "host" is hosting the mail for the GWIA. The host receives E-mail off of the Internet. In the case of virus scanning mail hosts, the host scans the messages for viruses and then forwards them back to the GWIA via the SMTP protocol. Outgoing E-mail from the GWIA can be configured to relay it's outgoing E-mail to the mail host. The mail host then scans outgoing mail for viruses on their way out onto the Internet.


2. GWIA third-party queue integration - When the GWIA receives messages from the MTA, it converts the message to ASCII format. The GWIA typically spools these files up to it's internal SMTP Daemon. The GWIA can be configured so that it spools these files into a different "third-party" directory. The third-party software will then scan the files in the third-party queue for viruses. The third-party software must then move the files to an input directory for the GWIA.

THIRD-PARTY SOLUTIONS FOR GROUPWISE

Many third-party solutions are written in such a manner that they work for many E-mail systems as a virus scanning solution. The October 1999 AppNotes has an article that lists some of the third-party virus scanning solutions.

Please see the following links for information on two third-party virus products written specifically for GroupWise.

For information on Guinevere go to: http://www.gwava.com

For information on GWAVA go to: http://www.gwava.com

For more information on Virus Solutions with GroupWise please see the GroupWise CoolSolutions article at https://www.novell.com/coolsolutions/gwmag/features/a_virus_protection_gw.html