XD Mail ™
Preventing zero-day events, incoming attacks, or outgoing leaks via email
The convenience of email is often offset by the risks of incoming attacks and outgoing leaks. XD Mail [USG program known as eMIST] is a breakthrough content filtering and cleansing device that uses an SMTP gateway solution to inspect and completely clean and filter content transmitted via email, including attachments from simple to complex, as well as data in the email itself.
XD Mail offers the ultimate in whitelist protection against Zero Day events by permitting ONLY known good email content to traverse the domain boundary. The unique inspection, cleansing, and dirty word filters prevents email as a means to exfiltrate data from a network.
Filter Configuration Management Interface
Network Configuration Management Interface
XD Mail Data Flow Diagram
Click to enlarge
The XD Mail currently interfaces with the BAE DIIG Guard, but standard interface specification for incorporation with other guards is available per Tresys. Shipped package includes the following:
- 8 core 2U server processor with 96 GB of RAM provides optimum throughput
- All third-party licenses provided
- Tier three support included
- Administrator and engineering support training available
- Isolated environments · Uses SELinux and Tresys VM Fortress to positively isolate the "dirty" side of the application from the "clean" side where sanitized files are stored. Isolation ensures safe handling of virus and malware infected files and strong transactional separation.
- Adaptable filters · Provide state of the art identification of advanced malware and viruses and integrates new filters as other attacks are identified in the future. Filtering features include the following:
- Detect virus or malware infected files
- Clean and verify files are cleansed
- Remove unknown file types
- Remove steganography
- Analyze, remove, and cleanse embedded objects
- Remove or cleanse color or size obfuscated text
- Remove macros from documents
- Remove or cleanse metadata
- Remove unrecognized data
- Validate file formats
- Identification and cleansing hidden content
- File Types · XD Mail supports many file types, including the following:
Microsoft® Office (97-2007)
- Word (.doc, .docx, .docm)
- Excel (.xls, .xlsx, .xlsm)
- PowerPoint® (.ppt, pptx, .pptm)
Text and Presentation Files
- ASCII text files (.txt)
- Portable Document Format (.pdf)
Compressed Files
- BWT zip (.bz2)
- UNIX tar (.tar)
- Pkzip (.zip)
- GNU zip (.gz)
Image Files
- Joint Photographic Experts Group (.jpg, .jpeg)
- Windows® Bitmap (.bmp)
- Tagged Image Format (.tif, .tiff)
- Windows® Metafile (.wmf)
- Windows® Enhanced Metafile (.emf)
- Graphics Interchange Format (.gif)
- Portable Network Graphics (.png)
1. What does XD Mail (eMiST) do?
- Tresys XD Mail enforces a policy of permitting only known good content to pass through to a target mail transport agent (MTA – a network infrastructure component used to move mail between organizations). This policy of whitelisting is the best available defense against Zero Day exploits. XD Mail also provides blacklisting capabilities that enable protection against inappropriate exfiltration of information content that is not malware, but should not transition the boundary protected by the XD Mail system. XD Mail uses a complex stream of inspection and cleansing filters to process the files, protected within layers of SELinux security to protect the device itself from subversion.
2. How does XD Mail work?
- Tresys XD Mail works in tandem with other guards, and is typically deployed on both the incoming and outgoing sides of a domain guard. XD Mail is not a mail server, but an SMTP gateway that passes mail from one network connection to another. On receipt, the message is passed through a series of message decomposition modules and filters that execute the administratively selected policy options.
3. What happens to infected or unrecognized files identified by XD Mail?
- Files with unrecognized formats will be removed by XD Mail. A list of supported formats is include in the "Features" section. Recognized files that contain malicious code will be atomized, cleansed, and re-assembled for safe use.