CITES offers new arsenal for virus protection and spam management
By Sharita Forrest, Assistant Editor 217-244-1072; slforres@illinois.edu
If the title of a current Broadway musical – “Spamalot”– describes your incoming e-mail, but the daily onslaught of lurid advertisements and virus-laden hoaxes brings you little mirth, a new service from Campus Information Technologies and Educational Services may be your ticket to a cleaner inbox. CITES Spam Control, a new component of the e-mail architecture at the Urbana campus, comprises two modules that will enhance virus protection for many e-mail users and offer several options for managing spam. The centralized virus-detection module, which was activated March 2, scans messages sent to all recipients with @illinois.edu e-mail addresses and automatically deletes messages that contain viruses. The system’s anti-spam module examines various attributes and structural components of incoming messages – such as sender IP addresses, URLs and headers – and assigns each message a score ranging from 0 to 100 indicating the likelihood that the message is spam. A score of 0 signifies an unquestionably valid message while a score of 100 indicates that the message is undoubtedly spam. The spam score is displayed in a header that the software adds to the message before routing it to the user’s e-mail account. “The default practice will be to add the headers and not do anything else to the messages,” said Mike Corn, director of security services and information privacy at CITES. “We don’t want to force spam handling on people. We want to enable them to decide how they want it done.” Beginning April 15, about every week or so, CITES will send e-mails notifying different segments of the campus community – faculty members, academic professionals, undergraduates – that they can activate additional functions of CITES Spam Control by visiting a Web page.
CITES Spam Control Service Computer Security Day 10 a.m. to 3 p.m. April 28 Illini Union Room C Short, walk-up, hands-on training will be available as well as information about computer security in general. A new Security Tools CD will be available. Training classes May 3, 7 p.m. May 5, 9 a.m. May 10, 9 a.m. May 23, 1 p.m. May 25, 1 p.m. Registration is requested for these 45-minute classes. Enroll online. | | |
The anti-spam module is being activated in phases because “turning the spam control on for 70,000 users at once would inundate the help desk with questions,” Corn said. “We want to make sure we’re positioned to support people appropriately.” Users will be able to customize the spam filter according to the level of protection they want by selecting from four options:
- Tag – the system adds headers with spam scores and delivers all messages to the user’s inbox.
- Cautious – messages the system is “certain” are spam and messages “likely” to be spam according to their scores are quarantined but not deleted.
- Aggressive – messages the system is “certain” are spam are deleted while “likely” spam are sent to quarantine.
- No quarantine – messages the system is “certain” are spam are deleted automatically and the rest are delivered to the inbox.
According to the software vendor, Proofpoint Inc., only a small percentage – about 1.5 percent – of messages receive scores between 20 and 80, and CITES’ usage of the system has yielded the same results, Corn said. Most messages score very high or very low. Messages with spam scores of 50 or above will be sent to users’ quarantine folders and will remain on the server for 10 days before being deleted automatically. People who use quarantining will receive daily e-mail digests of the messages quarantined since the prior day, and they can opt to receive the daily digests even when they have no quarantined messages. Users can scan the digest each day, and if valid messages have been misidentified as spam (known as “false positives”), they can either click “release” to redirect the messages to their inboxes or click “safe list” to redirect the message and ensure that all future messages from those senders are delivered. Users also may establish personalized “auto-block lists” to ban unwanted messages and senders. Users will be able to access the system and adjust their settings through the URL contained in the activation notice and the daily digests; no logins or passwords are required. Therefore, users should not forward the digest or the activation notice to other people because that would allow recipients to access their accounts. The antivirus/anti-spam software will only screen e-mail that passes through CITES’ servers – mail going to addresses such as netid@illinois.edu, netid@express.cites.uiuc.edu or addresses on the retired student/staff cluster. E-mail to accounts on college or departmental e-mail servers may not pass through CITES Spam Control. Users with multiple addresses can view which of their e-mail accounts CITES Spam Control is handling through the Web interface. The new antivirus software enables CITES staff to monitor the number of viruses coming into its servers by reporting statistics every four hours. In a March 1 e-mail to the campus community that announced activation of the antivirus controls, Corn said that the system detected 121,052 e-mail viruses during a one-week testing period in February. When the system goes into full production, it will likely eradicate about 20,000 virus-infected messages each day, Corn said. “I’ve had a few people ask me why CITES isn’t notifying people when it deletes a virus-infected message,” Corn said. “But there’s very, very little legitimate e-mail with viruses. I think I’ve received one legitimate message with a virus during the past three years. I think that’s fairly typical. With up to 20,000 viruses coming in to campus every day, if we notified users every time we deleted an e-mail, we’d be turning 20,000 infected messages into 40,000 pieces of spam.” During the testing phase, the software has been accurately identifying and classifying as spam “phishing” messages, fraudulent e-mails that attempt to dupe unsuspecting recipients into providing personal information that thieves can use to steal their identities. Corn said he is “guardedly optimistic” that CITES will see a measurable reduction in the number of security incidents as a result of the new system. While Corn expects users to be very pleased with the level of protection the system provides, he cautioned that the anti-spam control will occasionally misidentify a valid e-mail message as spam or allow a bogus message through. “I usually get about 150 spam a day, and I’m finding that about three spam a day are sneaking through undetected,” Corn said. “I can live with three. The anti-spam software seems to very accurately identify spam. One of the reasons we picked this system is because it had the lowest “false positive” rate of the packages we looked at.” Approximately 120 “typical end users” – that is, non-technical staff – were involved in testing the system, and they indicated that they found the system very accurate and easy to use, Corn said. The system screens e-mail before it passes through e-mail clients like Eudora and Microsoft Outlook Express; it also is compatible with Web browsers and with Departmental Services’ Microsoft Exchange Services, which provides additional anti-virus and anti-spam protection. In addition to the software, the system comprises eight computers – four at the on-campus data center and four at a remote site – with half a terabyte of disk space, a database server and a backup server to hold the quarantined messages. Each data center has the capacity to handle more than double the volume of e-mail traffic on campus. Should the campus data center go down, traffic is transferred automatically to the remote site. When both data centers are running, they share the load. “E-mail is really so critical to people’s lives, we wanted to make sure we had the capacity we needed and then some,” Corn said. “Also, we’re not going to deploy the system until we’re 100 percent confident in it – that is, if we have any doubts at all, we’ll postpone it until we have it right.” The hardware and software was funded by a one-time grant from the Office of the Provost.
Back to Index