ZZEE   1EAV   1st Email Anti-Virus 4.0 Help
www.zzee.com | Support | You are here: Contents > 4. How the program works

4. How the program works

www.zzee.com | Support | You are here: Contents > 4. How the program works

Modern email messages have many security holes, which can't be fully closed neither by generic antivirus programs nor by setting most secure options in the email client software. 

4.1. Message filtering

www.zzee.com | Support | You are here: Contents > 4. How the program works > 4.1. Message filtering

While keeping all the information sent and preserving readability of the message, 1EAV gracefully handles HTML parts and attachments to prevent email client from automatic launching HTML or executable code. It performs the following steps:

If user has selected "Convert to plain text" option, then all HTML inline parts are transformed to plain text, or plain text alternative is provided, then it is enforced. If user has selected "Leave as HTML" option, then all HTML inline parts are filtered to safe HTML. These steps ensure that the email client displays only clear text or safe HTML parts inline. All other information is moved to the attachments and zipped.

Program recognizes "message/..." parts and can process them recursively. This is needed because an intruder can, for example, forge a delivery report message and include a harmful email message into it as an attachment.

Program also recognizes "message/delivery-status" parts and leaves them untouched, thus allowing automatic email processors to parse delivery reports.

As of version 2.0 and higher, program is compatible with signed or encrypted messages in S/MIME format. It means it will not tamper signed message and will not zip encrypted part.

Built-in HTML to text translator understands all HTML 4.0 tags and renders tables. 

Built-in HTML to safe HTML translator leaves only tags and attributes that are part of HTML 4.0 specification (to ensure that there are no attacks on unknown browser extensions), and removes all tags and attributes that can be of a threat, such as scripts. It also removes HTML comments, as they can be interpreted some way.

Note that in almost all cases the length of the modified message is different from the original length. This doesn't actually matter, as the POP3 protocol has a special "end-of-message" sequence.

4.2. General operations

www.zzee.com | Support | You are here: Contents > 4. How the program works > 4.2. General operations

Once being set up, the program has put itself to the startup folder and then will be launched every time the computer starts. It silently sits in the system notification area (near by the clock), waiting for connections from email clients. You can click its icon to bring up its window in the case you need to stop or reconfigure it.

1st Email Anti-Virus works in the middle between your email client and the mail (POP3) server, changing email messages going through it on the fly. Email client programs (such as MS Outlook) treat the program as the mail server, 1st Email Anti-Virus, in turn, works as an email client when it connects to the mail server. This is called a POP3 relay or a POP3 proxy. There is no significant message download performance degradation related to the conversion.

This version of 1EAV accepts only connections from email clients located on the same computer, so you can not connect to it from other computers.

4.3. 1st Email Anti-Virus and other antivirus programs

www.zzee.com | Support | You are here: Contents > 4. How the program works > 4.3. 1st Email Anti-Virus and other antivirus programs

Generic antivirus software alone can't protect from all threats of HTML and MIME-based email. As a matter of fact, most new viruses successfully break through antiviral protection, because before a virus arrives, the antivirus signature databases don't have its sample and thus the antivirus programs can't catch it, and thus virii spread very fast, infecting millions of computers.

Also many viruses use holes in HTML and MIME, and users don't have to open the attachments, it needs just to view the message to have their computers infected.

It has become obvious, that a new approach is required in dealing with HTML email. And here 1st Email Anti-Virus comes. The purpose of the program is to prevent viruses or other malicious code from an automatic execution on the message view or preview. But you may need some antivirus program to additionally scan attachments, as 1st Email Anti-Virus does not scan them for viruses, and doesn't kill viruses in attachments.

1st Email Anti-Virus Conventional antivirus
Removes the holes of HTML and MIME which are used by viruses to be automatically launched, thus blocking all known and unknown viruses and trojans. Virus scanning is not performed. Scans for known viruses. May not do well with unknown viruses.
Removes other security and privacy threats of HTML email, such as web bugs. N/A
Prevents from denial-of-service attacks by handling oversize messages. N/A

4.3.1. Compatibility

1EAV should be compatible and can work together with other antivirus and antispam programs, giving a more effective protection. See settings and email configuration wizard how to make them work together.