Warden Anti-spam and Virus Protection

Version

4.02

Requires

17.8.11

Developer

Danami

Platform

unix

Category

Mail
Security

Support | Documentation

With the Warden Antispam and Virus protection, you get the best of both worlds. Open source standards for content filtering from Amavis®, SpamAssassin®, and ClamAV® combined with deep integration with the Plesk control panel.

With support for over 25 SpamAssassin plugins, inbound/outbound scanning, database logging, custom rule builder, spam and virus quarantine, real-time spam learning, rich reporting, and multi-role access, Warden provides you with the most robust, extendable anti-spam and anti-virus solution for Postfix anywhere.

More Information
https://www.danami.com/products/plesk-extensions/warden-antispam-and-virus-protection

Important

This is a paid extension that is designed for power users and service providers. Some system administration experience is recommended.
On Centos/RHEL/Cloudlinux/AlmaLinux the EPEL and Danami repositories will be enabled and SpamAssassin will up updated to the very latest SpamAssassin.
Amavis, ClamAV, Razor2, and Pyzor will be installed and removed on un-install (The ClamAV packages will be removed if the Sentinel Anti-malware Plesk extension is not also installed).
Incompatible components will be disabled on install then re-enabled on un-install (SpamAssassin service, drweb).
Legacy Plesk spam filter settings will no longer be used but administrators can optionally migrate old mailbox settings using the Warden policy migrator.

Features

Amavis Content Filter
Amavis is a high-performance interface between Postfix, SpamAssassin, and ClamAV. Amavis has been the gold standard used by large email providers for over a decade.

Supports the amavisd-milter which allows you to reject spam and viruses at the SMTP level.
Block spam, viruses, banned attachments, and even messages with non-compliant email headers.
Call one or more anti-virus scanners. Amavis supports over 40 different anti-virus scanners.
Does not let mail pass unchecked when there are server issues or when mail is too big. Mail will stay in the Postfix queue.
Check MIME types, file names and content types of decoded mail parts against a list of banned names and content types.
Check the mail header for invalid characters and other common violations of rfc2822.
Unpack multiple formats: MIME, uuencode, xxencode, BinHex, compress, gzip, bzip, bzip2, zip, 7-zip, freeze, lzop, tar, cpio, rpm, deb, rar, arc, arj, zoo, lha, tnef, ole, cab.
SpamAssassin check is called only once per message regardless of the number of recipients.
Standards compliant and adheres tightly to multiple RFC specifications.

SpamAssassin Anti-spam
Warden super charges SpamAssassin by providing deep integration with Plesk and enabling all of the most effective SpamAssassin plugins.

Antivirus – Simple antivirus tests to check if an email contains an executable attachment.
ASN – Add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on the ASN of the connecting IP address.
AWL – Track scores from messages previously received and adjusts the message score by boosting or penalizing messages from senders who send ham or spam.
DCC – DCC is a system of servers counting checksums of millions of mail messages to determine of a message is bulk email or not.
DKIM – Perform DKIM lookups as well as historical DomainKeys lookups.
DMARC – Check if an email respects its domain DMARC policy.
FreeMail – Check the headers for indication that a senders domain is that of a site offering free email services.
FromNameSpoof – Perform various tests to detect spoof attempts using the From: header name section.
HashBL – Search for email addresses in the message header and body and check them against various blacklists.
OLEVBMacro – Use several methods to search attached documents for evidence of an OLE Macro or VB code.
PDFInfo – Use several methods to detect a PDF files ham and spam traits.
Phishing – Check URIs against Openphish and PhishTank phishing feeds.
Pyzor – A collaborative, networked system to detect and block spam using identifying digests of messages.
Razor2 – A distributed, collaborative, spam detection and filtering network based on user submissions of spam.
RelayCountry – Add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on countries.
ResourceLimits – Limit the memory / CPU usage of child spamd processes.
Rule2XSBody – Compile SpamAssassin ruleset into native code for optimum performance.
SH – The Spamhaus data query service is a set of DNSBLs with real-time updates operated by by Spamhaus Technology.
SPF – Check SPF records published by the domain owners in DNS to fight email address forgery and make it easier to identify spam.
TextCat – Score messages based on which language the email was written in.
TxRep – Normalize scores with sender reputation records.
URLDNSBL – Look up URLs in a message against DNS blocklists.
URILocalBL – Blacklist URIs using local country and CIDR information.
VBounce – Aid in rescuing genuine bounces.
WelcomeListSubject – Whitelist or blacklist by Subject: header.

ClamAV Anti-virus
The ClamAV open source multi-threaded scanner daemon detects trojans, viruses, malware and other malicious threats. Extended signatures provide protection against Phishing, Scam, Casino, porn and other general spam.

Advanced database updater with support for scripted updates and digital signatures. The virus signatures are updated multiple times per day.
Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others.
Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others.
Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF and PDF.
Supports third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, or the Yara-Rules Project.

Hierarchical Policies
Filter policies are hierarchical meaning that you can you can set server wide, domain, and mailbox level policies. All child policies will inherit from the parent unless they are overwritten at the child level.

Supports blacklisting and whitelisting at the server, domain, and mailbox levels.
The spam filter policy supports move, quarantine, block, or tag subject spam actions.
Customers can disable the spam filter, virus filter, banned attachment filter, and bad header filter at the domain or mailbox levels.
Customers can easily revert back to defaults. Pressing the default button will apply parent defaults for that level.

Database Logging
Every message processed by Amavis is logged to the Warden database.

The Amavis log shows you the sender, recipient, client addr, from addr, subject, content type, delivery status, size, spam level and direction of each message.
The message log allows users to filter by Amavis policy banks. Filter by MYNETS (your networks) or SUBMISSION (ports 587, 465) policy banks.
The message log allows users to filter by direction. Filter by inbound, outbound, internal, or open relay types.
The Postfix mail logs are automatically processed and displayed in an easily readable format.
The Postfix mail rejection logs show you which emails were rejected by the server.
The POP3/IMAP log shows you the protocol, user, client IP, geographical location of each mail client.
The SMTP Auth log shows you the method, user, client IP, client rDNS, and geographical location of each authenticated mail client.
Set the retention period to keep for your logs. The database is automatically pruned making sure you always have the logs you need without taking up too much space.

Quarantine Support
Quarantine spam, viruses, banned attachments, and mail with non-compliant email headers. Customers can login to manage their quarantined messages. False positives can easily be trained and released back to the original recipients mailbox.

View incoming and outgoing quarantine totals for each domain and mailbox.
Customers can set policies to quarantine spam, viruses, banned attachments, or mail with bad headers.
Customers can suppress quarantining if a spam score is above a configured level.
Customers can train the spam filter by marking quarantined items as spam, ham, or even release the message back to the recipient in the case of a false positive.
Customers can view the mail headers and message body of each quarantined message. Hyperlinks and images are automatically disabled and messages are viewed in a secure manner.
Administrators can set the the number of days to keep quarantined items before they are purged.

Learning and Reputation
Tracks scores from previously received messages and adjust the message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously.

Real-time spam and ham learning using the dovecot IMAP service. Messages are trained automatically when the customer moves them to and from their spam folder.
Learning and reputation data uses SQL and stored in the Warden database for increased performance.
Customers can perform spam and ham training from quarantined messages.
Administrators can perform one off spam training directly from a message.
View and export reports on learning and reputation statistics.

Custom Rule Builder
Add custom SpamAssassin rules right though the Warden interface. Apply rules matching the message header, subject, body or even specific URI’s.

Supports adding the name, description, type, value and score for each rule.
Supports advanced rule types (body, header, rawbody, meta, URI).
Supports advanced scoring with up to four different parameters.
Debug SpamAssassin right though the web interface to check for any errors.
Supports adding custom rules individually or in bulk.
Pre-defined templates allow you to add custom rules with ease.

Statistics and Reporting
An antispam and antivirus system is only as good as its reporting. We’ve written over 50 of the most detailed spam, ham, and virus reports anywhere.

Dedicated statistics area to see incoming and outgoing totals for each domain and mailbox.
View which countries are sending you the most spam.
Filter reports by specific date ranges.
Over 50 pre-built reports included and more are being written.
Write your own reports. Line, area, scatter, bar, pie, table, and map render types are supported.
Export report data to CSV file so you can import into a spreadsheet.

Network Based Tests
Full support for Razor 2, Pyzor, and DCC network based tests. These network based tests can dramatically improve detecting bulk email and spam.

Vipul’s Razor is a distributed, collaborative, spam detection and filtering network based on user submissions of spam.
Pyzor is a collaborative, networked system to detect and block spam using digests of messages.
DCC detects unsolicited bulk mail. DCC servers exchange or "flood" common checksums.

Multi-Role Access
Warden supports giving resellers, customers, and mail users access to different parts of the Warden application. Enable your customers to help themselves without resorting to costly support calls.

Allow or deny access to manage their anti-spam and antivirus policies.
Allow or deny access to manage their spam, virus, banned file, and bad header filters.
Allow or deny access to manage their quarantine.
Allow or deny access to view reports.
Allow or deny access to view their own message logs.
Mail users can login to manage their own anti-spam and anti-virus settings.

Multi-Language Support