Rozmic Wireless, developers of Rozmic Messenger and Rozmic Spam and Virus Firewall

How does the antivirus portion work?
Rozmic Spam and Virus Firewall uses a number of techniques to block malicious threats, including:

Multiple Anti-virus engines from leading vendors
Multiple techniques for 100% detection
Managed updating at 10 minute intervals
Custom blocks prior to update if necessary
Continual monitoring and evaluating for optimal configuration and performance

What antivirus engines are used?
Rozmic Spam and Virus Firewall uses multiple commercial scanners. Additionally we use our unique predictive technology that proactively monitors, tracks and provides industry leading protection against emerging threats before they get near your network. This combination of scanners has been selected for their differing approaches to virus detection, which ensures we are capable of catching all types of viruses, past, present and future.

What e-mail platforms does Rozmic Spam and Virus Firewall support?
Any and all: Rozmic Spam and Virus Firewall is completely self-contained and is placed between your mail system and the Internet. It acts as a proxy, filtering both in-bound and out-bound mail traffic.

How often do you update the signatures for your virus scanners?
All signatures are updated automatically every 10 minutes. In addition, our vendor partners ensure that signatures are updated instantly by the anti-virus software authors - including incremental updates normally unavailable to other subscribers. We also monitor the key anti-virus websites and hack centres for breaking news and trend analysis.

How do you protect against malicious URLs within my email?
As email is being scanned the Rozmic Spam and Virus Firewall automatically examines all email messages containing URL links. Upon seeing a particular URL for the first time, The link following feature of the service allows the email to continue on its path while it creates a copy of the URL for further investigation. Link Following actively (either heuristically or manually) follows these links and checks the linked website for viruses or other types of potentially harmful content or payload. If a suspicious link is confirmed as viral, a signature is created and any further emails containing that link are treated as messages containing a virus.

What is the Rozmic virus protection guarantee?
Rozmic guarantees 100% protection from email viruses, with a credit offered if your systems are infected by a virus which was not detected by the Rozmic Firewall service.

Rozmic Spam and Virus Firewall, How does the Anti-Spam portion work?
Rozmic Spam and Virus Firewall offers a highly effective anti-spam solution that combines an intelligent spam detection engine with a manually configurable filtering system.

In the same way as virus writers are constantly looking for ways around anti-virus engines, spammers are developing new techniques to counter spam recognition and filtering software. Rozmic Spam and Virus Firewall configuration is regularly updated with the latest spam stopping technologies, techniques and rule sets allowing it to evolve at the same pace as spam.

The approach, to filter spam in Rozmic Spam and Virus Firewall is more sophisticated than the simple keyword matching provided by most SMTP anti-virus software. Rozmic Spam and Virus Firewall uses a scoring system: messages are tagged as spam only when they have enough spam characteristics in total. This in combination with other features results in very few false positives. In our experience, this identifies 95% to 100% of spam with less than 0.1% false positives. This update process is managed by a team of specialised developers under the watchful eye of Ross Cooney.

1) DCC
The DCC or Distributed Checksum Clearinghouse is an anti-spam content filter. The system involves millions of users, tens of thousands of clients and more than 250 servers collecting and counting checksums related to more than 300 million mail messages on week days. The counts are used by Rozmic Spam and Virus Firewall to detect and reject or filter spam or unsolicited bulk mail. DCC servers exchange or "flood" common checksums. Because simplistic checksums of spam would not be effective, the main DCC checksums are fuzzy and ignore aspects of messages

2) URL checking
This system differs from most spam protection systems because most other system identify spam senders by their message headers or connection IP addresses. The Rozmic Spam and Virus Firewall URL checker allows you to identify messages by the spam sites mentioned in their message bodies. Using this system detection rates are around 80 to 90%, with false positive rates of the different lists ranging from about 0.001 to 0.05%. We continually work to improve both the spam detection and false positive rates in a variety of ways.

3) Adaptive learning
The Rozmic Spam and Virus Firewall Adaptive Learning System (ALS) is actually a very simple system. In short, the ALS is a score averaging system. It keeps track of the historical average of a sender, and pushes any subsequent mail towards that average. So if someone that never sent you mail before sends you a mail that scores 20, and then sends you a second mail that would score 2.0 without the AWL, the AWL will push the score up to 11 on the second mail. This is auto blacklisting, based on their past history of spam. If that same person sent you a mail that scored 0, and then later sent one that scored 7, the AWL would push the score down to 3.5. This is auto-whitelisting based on past history of nonspam. A "sender" is identified using both the address they sent with, and their IP address, so spam claiming to be From you with forged headers will fail to get through. But the "auto whitelist" isn't really a whitelist per-se. It does however have a "learning white/blacklist" type behaviour as a result of it's averaging.

Post Installation Setup:
To setup SMTP virus and spam scanning will need to direct incoming and outgoing email through the Rozmic Spam and Virus Firewall server. This can be achieved by following these steps:

a) Incoming Email
To scan incoming email you need to ensure that the email arrives at the Rozmic Spam and Virus Firewall server before it gets to your internal mail server. There are several ways to do this, but the most popular of which is to change the MX records of your domain name to point to the Rozmic Spam and Virus Firewall server.

Before you change the MX record please ensure that your domain name is added to the Rozmic Spam and Virus Firewall administration web site. (Click on EMAIL CONFIG and then Domain Management). Once the email has been scanned by Rozmic Spam and Virus Firewall it will be passed to your internal mail server. Please ensure that Rozmic Spam and Virus Firewall is able to connect to port 25 of the internal mail server.

b) Outgoing Email
Firstly you need to add the IP address of your mail server to the list of “local IP addresses”. This page can be found in the General Settings section of your control panel.

Then add settings of your internal email server so that it diverts all of your outgoing mail to the Rozmic Spam and Virus Firewall server. Depending on which mail server you use this can be done in several different ways.

IMPORTNANT NOTE: Some email viruses try to bypass virus scanners such as Rozmic Spam and Virus Firewall by sending email directly to the Secondary MX record. To prevent this happening please ensure that your internal mail server will only accept SMTP connections from the Rozmic Spam and Virus Firewall server and your internal network. Should you need a secondary MX record you can build a second Rozmic Spam and Virus Firewall server or ask your ISP to provide mail relay services.

Quarantining Unsolicited E-Mails
Rozmic Spam and Virus Firewall gives you the option to quarantine emails tagged as spam if you so choose. Users will still get an email in their inboxes for every unsolicited email received; however, they will not see the content of the email immediately. Instead, the user will be prompted to release the email if they would like to view its content. Some unsolicited email contains inappropriate or offensive content. The quarantine feature allows you to protect users/employees from exposure to such content. Rozmic Spam and Virus Firewall allows enabling, disabling and altering the sensitivity of the quarantine feature.

Releasing quarantined e-mails
There are two ways to release quarantined spam emails. It can either be done by the recipient of the email, or the administrator. The recipient receives a Rozmic Spam and Virus Firewall notification, informing them that an email addressed to them has been identified as spam and quarantined. The recipient can release a quarantined email by clicking on the URL within the notification email.

Adjusting the Sensitivity of the Quarantine
It's possible to alter the sensitivity of Rozmic Spam and Virus Firewall's quarantine system. To avoid false positives and/or quarantine emails with high instances of spam criteria you can reduce the sensitivity of the quarantine by increasing what is essentially the spam score threshold.