Organizations have become dependent on large-scale distributed electronic mail (email) systems. Employees enjoy the benefit of using the email system throughout the organization from local or remote locations utilizing existing networking solutions. Conventionally, an email server processes incoming email to a particular employee's mailbox or to a group of mailboxes. Likewise, the email server processes outgoing email messages from mailboxes associated with the employees. Any given email message can originate from a source that is internal to the organization or external to the organization. Typically, all email messages received within the organization from an external source pose a potential risk of having a virus that may infect the organization's email system and potentially an entire network of the organization. Although as one or ordinary skill in the art readily appreciates, internal emails can also, in some instances, create a risk of releasing a virus within the organization's email system and/or network.
A virus-infected email message can be released within the organization in a variety of ways such as, and by way of example only, opening/executing an attachment associated with the email, saving the email, displaying the email, printing the email, activating a virus-releasing hypertext link embedded in the email, and the like. Organizations have expended substantial resources to detect and isolate viruses before the viruses can cause any significant damage to computing resources of the organization.
For example, once a virus-infected email is detected within an organization's email system an email administrator can identify the subject and sender associated with the email. Next, the administrator can recall, from all mailboxes within the email system, the virus-infected email. However, the administrative recall is only useful for those mailboxes that have not yet already opened or otherwise accessed the virus-infected email. Correspondingly, this technique minimizes the damage associated with releasing the virus-infected email multiple times throughout the email system, but does not prevent an initial release of the virus-infected email.
Other techniques install virus-checking software on the email clients of the employees, such that email messages are scanned when received in mailboxes associated with the email clients. But, these techniques require an administrator to continually update and supply patches to each of the email clients as the virus-checking software is updated or fixed, creating excessive maintenance and support issues for the email administrator in trying to keep each of the email clients in synch with the latest version and/or new releases of the virus-checking software.
Still other techniques provided hooks within the email system that permit the email administrator to install virus-checking software on an email server in order to scan incoming email as it is processed from an external source to a number of the mailboxes within the email system. However, these techniques are unable to scan certain types of encrypted emails. For example, an email message in a Secure Multi-Purpose Internet Mail Extension (S/MIME) format can only be decrypted for access by the email client to which the email message is directed because private information residing on the email client includes keys that are necessary to decrypt the S/MIME email message, and these keys are not accessible and available to the email server. As a result, some organizations have banned and removed all incoming S/MIME email messages. Moreover, if virus-checking software is installed on each email client, then each email client must be visited and manually maintained by the email administrator, and if the administrator misses a single email client, then the entire email system remains vulnerable to virus infection.
Some conventional techniques have attempted to address this problem, by installing statistical approaches to metadata associated with S/MIME email messages. In these techniques, a sender's description, an attachment's description, a subject's description, a byte size of the email message, and the like, which are associated with the S/MIME email, are evaluated by the email server using customized heuristics to determine if the S/MIME email is infected with a virus. Again, these techniques only minimize and reduce virus exposure within the email system and cannot guarantee that the applied heuristics will completely eliminate virus exposure. In fact, the heuristics become trustworthier only after the email system has encountered and endured virus exposures, since once an exposure is encountered the heuristics are then updated to catch an already encountered virus based on the experience of having endured the encountered virus.
Still other techniques have been used to ensure senders and recipients of emails are in trusted relationships with one another. In these techniques, an intermediary intercepts incoming email messages and further encrypts the email messages based on the senders and the recipients. The senders and recipients include keys and/or decryption software to decrypt the encrypted email messages. However, if an email message is originally in a S/MIME format, then any decryption performed by a recipient of the intermediary's encrypted format will still yield a S/MIME email message that has not been scanned for viruses, since the intermediary is unable to decrypt the S/MIME email message. And, even trusted, innocent, and unknowing senders can inadvertently transmit virus-infected email messages to recipients.
As is apparent, there exists a need for improved techniques that scan email messages within an email system for viruses. Further, there exists a need for more reliable techniques that scan S/MIME email messages for viruses remote from an email client.