Virus Filtering Business Requirements

Despite continuous efforts by operating system and application developers, the threat of software viruses targeted at client or server machines, or both, is ever-present.

Of course, one of the most common means of virus propagation is via email. Viruses can be embedded in email bodies, attachments, or in other fields.

Many organizations have created boundary protection against email-borne viruses for their enterprises. "Boundary" or "edge" gateways attempt to capture and filter viruses as they enter the organization from the Internet; they also typically examine outgoing messages to reduce the risk of infecting others. Many boundary filters are already scalable, efficient, and are often Linux-based.

However, virus filtering becomes more challenging once you move inside an organization. The business challenge is this: once a virus has entered the corporation, whether by an email missed by the boundary filter, or via software downloaded from the Internet by an employee, or by other means - how do you stop it spreading to, potentially, every machine in the enterprise?

The cost of a virus spreading via internal emails can be very high, especially for larger organizations. For an enterprise with thousands, tens of thousands, or hundreds of thousands of desktops it can be extraordinarily difficult to eliminate a virus once it has become widely established; and the efforts of the virus to propagate itself will tend to consume exponentially more resources the more it succeeds in reproducing, potentially bringing the whole IT infrastructure to a halt if a virus is allowed to spread.

Enterprises, especially larger enterprises, need mechanisms in place to intercept and neutralize viruses in internal emails before they are delivered, just as boundary filters already intercept infected messages as they arrive from the Internet.