Title

E-mail servers do not have E-mail aware virus protection. (Cat I impact)

Discussion

With the proliferation of trojans, viruses, and SPAM attaching themselves to E-Mail messages (or attachments), it is necessary to have capable E-Mail Aware Anti-Virus (AV) products to scan messages and identify any resident malware. Because E-Mail messages and their attachments are formatted to the MIME standard, a flat-file AV scanning engine is not suitable for scanning E-Mail message stores. E-mail aware Anti-Virus engines must use AntiVirus Application Program Interface (AVAPI) version 2.5 or higher, which is able to scan E-Mail content safely. Competent E-Mail scanners will have the ability to scan mail stores, attachments (including zip or other archive files) and mail queues, and to issue warnings or alerts if malware is detected. As with other AV products, a necessary feature to include is the ability for automatic updates.

Check Content

Interview the E-mail administrator or the IAO. Procedure: Access the System Security Plan documentation that identifies the E-Mail Anti-Virus product resident on Exchange servers. Validate that the identified is one that offers AVAPI 2.5 or higher for safe scanning without risk of mail data corruption. Criteria: If E-mail servers are using E-Mail aware AV product with AVAPI version 2.5 or higher, this is not a finding.

Fix Text

Install E-mail aware virus protection on mailbox servers. Ensure that mail stores are being scanned with products possessing AVAPI version 2.5 or higher.

Additional Identifiers

Rule ID: SV-20561r1_rule

Vulnerability ID: V-18820

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.