B. Bencsáth, Géza Szabó|
Components to improve the protection against spam and viruses
HSN LAB Workshop, 2005, Jun.
keywords: virus dos rbl centralized protection
abstract In our presentation we would like to show our research plans, and achievments in the field of virus and spam protection. The planned protection methods are component based developments, close-knit methods, which use each other software components to a great extent. One of the most important methods out of the protection against SPAM is to avoid getting the e-mail addresses maintained by us on to a SPAM list. Among other methods, the attackers use the directory harvest attack (DHA), therefore I would like to show a protection method against it, which works on the recognition and centralised forbidding of the attackers. The novel in our solution is that, in other anti-SPAM methods the emphasis is not put on prevention, they just filter the incoming unsolicited mails. In contrast to this, we suggest a system consists of components, which can be built in our existent working system and prevents the directory harvest attacks. Our system can also be connected with spam-recognition softwares. The solution makes savings possible by mails, coming from known DHA attackers, are not subjected to resource consuming content filtering methods, just simply forbidden. Our system combined with other methods can improve their efficiency as well. The other important component, which can improve our system efficiency is the component developed in the VIRUSFLAGS project, which gives a solution to the problem in connection with the arriving of a virus infected mail from an falsified sender. In this case there is no point in sending a virus alert to the falsified sender, because this is just misleading. But if the virus (for example a Word macro virus) did not falsify the sender, our machine deletes the letter, but the sender is not notified, then legal problems may occur: if our business neither accepted the resignation of a contradiction, because it is infected with a macro virus, nor notified anyone, would cause a legal problem. The virus scanners may know this information, but taking into consideration the system and component theory, a system component can be more efficient which deals with only this question whether a virus falsifies the sender or not. As an add-in of the VIRUSFLAGS current software components, it make it possible to do statistical data collection about the spread of different viruses, which has the same importance level, if it was not more important. We have prototypes about the presented systems, but the utilization and reuse of the results on the modell is in progress.