Startup ScanSafe has launched itself in the UK with the bold claim that its outsourced security service can protect enterprises from the threat of Web and IM-borne viruses.

The service – claimed to be the first of its kind – routes a customer’s Web traffic through a proxy, monitoring for virus activity in file downloads and malicious Java, Javascript and ActiveX code executed when users visit infected websites or use instant messaging.

At the moment, conventional anti-virus programs aren’t guaranteed to find viruses caught through web browsers, especially if relevant patches haven’t been applied, the company said. The threat from unscanned links passed through email or webmail was of particular concern.

If a virus is detected in traffic, users are informed through a customised webpage, and administrators are sent an email. Staff can monitor detection broader patterns by way of reports noting type of infection and sources on a daily or weekly basis.

The system costs from £2.75 per user per month for up to 25 seats, down to £1.25 per user per month for 500-1,000-seat networks. However, once proxying has been set up, the system operates invisibly with no management overhead, so this is an all-in service.

“Historically, the email threat has been the most significant. Increasingly, virus writers are focusing on the web,” said technology director John Edwards. He was also adamant the service would not add latency to web traffic, even at peak loads, describing its effects as “near zero”.

The company uses three established anti-virus scanning engines as well as an unspecified suite of heuristic techniques to maximise virus detection. It is the heuristics that ScanSafe relies on to alert it to unknown viruses in the crucial first hours of an outbreak while system administrators are desperately rushing to update their virus signatures.

The service can, in principle, be bought direct, but the main distribution channel will likely be through large ISPs reselling the system as an add-on service.