Topic Thread

To upgrade or not upgrade?

  • 1.  To upgrade or not upgrade?

     
    Posted 04-10-2016 10:52

    When FortiMail is installed, it is often the case that as it works without problem, customers choose not to upgrade following the motto “if it ain’t broke don’t fix it”.  Customers may not have a requirement for some of the non-security related features in each new release of FortiMail but it is important to be aware of security features that have been added; particularly as these can result in enhanced antivirus and antispam catch rates.  These features are summarized below and will be updated with each new release.  Particularly important features are **highlighted**:

    FortiMail 5.0

    Antispam - Extended URL blocking by category

    Extended FortiGuard URL filtering service to block URLs by categories, such as child abuse, adult content, malware distribution and so on. This option is under Profile > AntiSpam > URI Filter on the GUI.

    Antispam - Detection of suspicious newsletter emails

    Detection of suspicious use of bulk newsletter techniques to deliver spam.

    Antispam - Exempt domains/hosts for bounce back tagging and verification

    Under AntiSpam > Bounce Verification, domains can be exempted from bounce back tagging (for outbound email) and hosts can be exempted from verification (for inbound email).

    Newsletters and other marketing campaigns are not spam, but some people may not want to receive them. Now you can take actions, such as blocking and tagging, against such email. Exempt domains/hosts for bounce back tagging and verification

    Under AntiSpam > Bounce Verification, domains can be exempted from bounce back tagging (for outbound email) and hosts can be exempted from verification (for inbound email).

    Antivirus - Zip bomb protection

    Protection against Zip, or decompression bombs; malicious archive file designed to crash the system or program reading it.

    FortiMail 5.1

    Antispam - FortiSandbox support (phase I)

    Send attachments to FortiSandbox for evaluation.  Mail is not queued, if a result is already available, threats will be blocked but if no rating is available, the email will be forwarded whilst the file is evaluated.

    Antivirus - Block password protected documents

    Password protected files of MS Office, OpenOffice, and PDF formats can now be detected and blocked by content profiles.

    FortiMail 5.2

    **Antispam/Antivirus - FortiGuard Spam Outbreak Protection**

    FortiGuard Outbreak Protection consists of 2 features:

    • Backend FortiGuard data analytics to detect new threat outbreaks
    • Temporary quarantine with rescan to allow time for threat outbreak detection

    Messages which are deemed suspicious may be delayed for up to 30 minutes (default) whilst additional inspection takes place.  Low volumes of legitimate mails may be delayed however this feature can have a significant benefit to catch overall rate.

    **Antispam – Behavior Analysis**

    Behavioral analysis uses variety of techniques to identify spam not caught directly by the FortiGuard service.  By applying elements of heuristics and a fuzzy matching algorithm which compares spam recently detected (within the past 6 hours) by FortiGuard signatures on the device in question, behavioral analysis can detect changing spam samples.

    This method is useful to detect and prevent new “zero day”  a spam outbreaks.

    Antispam - Newsletter Detection

    Newsletters and other marketing campaigns are not spam, but some people may not want to receive them in their inbox. Now you can take actions, such as blocking and tagging, against such email.

    Antivirus- FortiSandbox support (phase II)

    Emails are now queued to wait from a result from FortiSandbox.

    FortiMail 5.3

    **Antispam - DMARC support**

    Support for Domain-based Message Authentication, Reporting & Conformance DMARC) which has been widely adopted by email service providers including Google, Yahoo and Microsoft.

    Antispam - FortiSandbox cloud integration

    Support for FortiSandbox Cloud for FortiMail.

    Antispam - Malicious URL detection

    Support for submission of URLs to FortiSandbox for evaluation.

    Carl Windsor
    Senior Director, Product Management
    Fortinet