Our Security Policy
At Flexihostings, we maintain a global program to develop and maintain
security features for our services. We also work to continuously improve
our own internal Information Technology Enterprise security, including
continuous security improvement in both the product development and service
At Flexihostings, the servers are equipped with Clamav,a Linux based anti-virus
software. Though virus attack have a lower incidents in Linux environments,
however this is used to prevent our server from becoming a source for
virus infections. In order for an effective virus removal, the following
minimum requirements is applied:
1. Clamav is operated in real time on all servers. 2. The anti-virus
library definitions is updated on a regular basis.
3. Anti-virus scans is done a minimum of once per week on all servers.
Email Server Policy
Clamav is also used to provide additional protection against malware,
since email with malware must be prevented from entering the network.
Email Malware Scanning
When a virus is found or malware is found, we shall delete the email and
not to notify either the sender or recipient. The reason for this is that
most viruses fake the sender of the email and sending them a notice that
they sent a message with a virus may alarm them unnecessarily since it
would not likely be true. It would simply cause an additional helpdesk
call by the notified person and most likely waste system administrator's
time needlessly. Notifying the recipient that someone tried to send them
a virus would only alarm them needlessly and result in an increased number
of helpdesk calls as well.
Blocked Attachment Types
The email server or proxy server will block all emails with attachment
types that is listed below. This is because these attachment types are
dangerous and contains active content which may be used to infect a computer
with hostile software or because these attachment types are commonly successfully
used by virus programs or malware to spread.
1. ade - Microsoft Access project extension can contain executable code.
2. adp - Microsoft Access project can contain executable code.
6. bas - Basic program source code is executable code.
7. bat - Batch file which can call executable code.
8. chm - Compiled HTML help file can contain executable code.
9. cmd - Windows NT command script file is executable code.
10. com - Command file program is executable code.
11. cpl - Control panel extension
15. exe - Binary executable program is executable code.
17. hlp - Help file
18. hta - HTML program
19. inf - Setup information
20. ins - Internet naming service
21. isp - Internet communication settings
24. ksh - Unix shell file
25. lnk - Link file
26. mda - Microsoft Access add-in program
27. mdb - Microsoft Access program
28. mde - Microsoft Access MDE database
29. mdt - Microsoft Access file
30. mdw - Microsoft Access file
31. mdz - Microsoft Access wizard program
32. msc - Microsoft Common Console document
33. msi - Microsoft windows installer package
34. msp - Windows Installer patch
35. mst - Visual Test source files
37. pcd - "Photo CD image or Microsoft Visual Test compiled script"
38. pif - "Shortcut to MS-DOS program"
39. prf - "Microsoft Outlook Profile Settings"
41. reg - Registry files
42. scf - "Windows Explorer Command file"
43. scr - Screen saver
44. sct - Windows® script component
45. shb - Document shortcut
46. shs - Shell scrap object
47. url - Internet address
48. vb - Visual Basic file
49. vbe - Visual Basic encoded script file
50. vbs - Visual Basic file
55. wsc - Windows script component
56. wsf - Windows script file
57. wsh - Windows script host settings file
Based on experience and research, there are still many users who use this
type of attachment. In order to secure the network, it has become necessary
to block this type of attachments.
There is no ideal policy in here. Every system administrators must choose
the best method depending on the situation being experienced by their
organization. Flexihostings usually use the first option and provide training
to users so they know these files are blocked and what the work around
is for this situation.
For increased mail security, we actively scan every email thats is received
by the main server for spamming. On our shared hosting accounts, we provide
our customers with their own Spamassasin to further filter any spam that
might have leaked through our main server. The updates for our spam filters
is done on a monthly basis or whenever there's a new update available.