IronPort is adding an anti-virus element to its spam-catching service. The Virus Outbreak Filters will be integrated into IronPort's Messaging Gateway appliances to monitor incoming and outgoing e-mail traffic for messages that may contain viruses.

IronPort is using its SenderBase database, which can monitor roughly 20 million IP addresses for spammer activity, to also look for messages that might contain viruses. "If we see a number of IP addresses that have never sent mail before suddenly all sending with the same characteristics, say an encrypted password, we would elevate the threat level and generate an alert to administrators while automatically starting to quarantine traffic," says Tom Gillis, IronPort's vice president of marketing.

Suspicious messages are quarantined until they can be deemed not harmful or run through anti-virus software with updated signatures and scrubbed of any malicious code.

The idea came in part from IT service provider EDS, one of IronPort's largest customers, the company said. Because it can take from two to eight hours to clean up a desktop PC after a virus outbreak, EDS decided to start blocking messages at the gateway whenever it heard of a new virus or found one inside an organisation, says Richard Parvin, senior engineer at EDS. The company would block all incoming messages with attached execute files, but it had nowhere to store those messages while it waited for anti-virus vendors to create signatures for the new virus, so the messages were deleted.

With IronPort's Virus Outbreak Filters, Messaging Gateway appliances do this detection automatically, and queue the suspicious mail until a signature for the new virus is in hand. "When a new virus is out there, we want to be able to stop it at the mail gateway," Parvin says. "IronPort took our idea that was kind of manual and clumsy and integrated it into their software so that we can have very early detection."

Another advantage of IronPort's approach is that the appliance stores the suspicious mail locally until done queuing, instead of passing it to another server.

While quarantining incoming e-mail messages when a virus is suspected might seem extreme, it's also a rather benign one because administrators can decide when to release messages onto their networks, Gillis says. Given the cost of cleaning up after a virus, IronPort says companies will welcome this additional layer of virus protection.

The filters can pass along suspicious mail to any anti-virus software for scanning, Gillis says. IronPort offers the Sophos' anti-virus product with its appliance. Included with the filters will be tools for administrators to customise them, such as creating exceptions to the quarantine rules.

The filters are slated for release in the autumn. Pricing will range from $4 to $7 per user per year.