• Q1. What is NEWT?
• Q2. Why do I need NEWT?
• Q3. How does NEWT work?
• Q4. Is NEWT a separate application?
• Q5. Does NEWT require any other application to run?
• Q6. What is the purpose of the spam-malware messages that NEWT blocks?
• Q7. How unique is this capability? Can’t I get this from other sources?
• Q8. Is NEWT a potential point of failure for my e-mail gateway?
• Q9. Is this meant to replace any of my AV software, or work with it?
• Q10. How is NEWT updated for new threats?
• Q11. Why does Avinti provide NEWT for free?
• Q12. Doesn’t my antivirus product already block these threats?
• Q13. Can I just use my web filter to block malware sites?
• Q14. Is there another way to block these attacks?
• Q15. Where does NEWT get its list of sites to block?
• Q16. How does your known malware sites differ from other URL lists?
• Q17. What do I need to run NEWT?
• Q18. Is the privacy of my email ensured?
• Q19. Why did you choose to support Sendmail, Postfix, and Exim MTAs?
• Q20. How large is the plug-in download?
• Q21. Your iSolation Server blocks blended threats as well. How does NEWT differ from your iSolation Server product?
• Q22. What does NEWT do with new URLs it finds?
• Q23. Why don’t you have a NEWT filter for (name your favorite) MTA?

Q1. What is NEWT? top
A1. NEWT is a freeware filter designed to stop a new breed of threats that have emerged, which we call blended threats. Blended threats are essentially e-mails that are used to lure users to a web site, where malware is downloaded in the background, often without the user’s knowledge.

Q2. Why do I need NEWT? top
A2. NEWT is unique because it blocks threats that are not detected by other security products. Because blended threat e-mails are generally plain text with very little to evaluate, they are missed by traditional antivirus products.

Q3. How does NEWT work? top
A3. NEWT checks incoming e-mails for links to URLs and IP addresses. It compares those links to a database of known Internet sites that contain malware. If there is a positive match between the URL in an email and a known malware site, NEWT takes action by tagging, blocking, or quarantining the email. Click here to read more

Q4. Is NEWT a separate application? top
A4. No, NEWT is a filter that plugs into an existing mail server, such as SendMail or Proxim, commonly known as an MTA. It works by connecting directly to the mail server through a standard interface. NEWT does not work as a separate application.

Q5. Does NEWT require any other application to run? top
A5. Besides the Mail Transfer Agent (MTA), NEWT requires Berkeley DB, a lightweight open source database. You may obtain a copy at this location

Q6. What is the purpose of the blended threat messages that NEWT blocks? top
A6. The general purpose of most malware today is to make money. Generally, the blended threat e-mail is designed to bypass traditional security and load software on your computer. That software is usually designed to steal data or control your computer for later use.

Q7. How unique is this capability? Can’t I get this from other sources? top
A7. Not that we know of! NEWT is designed to block e-mails that contain malicious URLs or IP addresses. We believe it’s pretty unique.

Q8. Is NEWT a potential point of failure for my e-mail gateway? top
A8. No, if NEWT were to fail, it would still allow your e-mail to get through, so there is no risk of NEWT stopping your e-mail flow.

Q9. Is this meant to replace any of my antivirus software, or work with it? top
A9. No, NEWT is not a full antivirus application. It is just designed to specifically stop blended threats.

Q10. How is NEWT updated for new threats? top
A10. NEWT receives periodic updates new threats, approximately every 30 minutes.

Q11. Why does Avinti provide NEWT for free? top
A11. We feel that blended threats are an issue that is not adequately being addressed by other products and that we can offer. This also highlights the capabilities of our real-time threat detection product, Avint’s iSolation Server™.

Q12. Doesn’t my antivirus product already block these threats? top
A12. The short answer is no. Blended threats are designed to get by traditional antivirus gateways, by giving them very little to scan and detect. These products don’t have the benefit of looking at web-based threats so they don’t detect them.

Q13. Can I just use my web filter to block malware sites? top
A13. Web filtering gateways may block some sites based on malware. However, the vast majority of new threats today that are launched through e-mail are only around for a short period of time, so they may never be found by web filters in time. In addition, traditional techniques such as web crawling to find malware will not find the sites often used for these attacks.

Q14. Is there another way to block these attacks? top
A14. Others have tried methods such as regular expression matching or blacklisting IP addresses, but we haven’t seen anything successful yet.

Q15. Where does NEWT get its list of sites to block? top
A15. Avinti uses a number of sources, including some URLs from third parties, for its database. However, the key source of threat detection is Avinti’s own farm of iSolation Servers™, which constantly scan new URLs for malware and forward signatures of those threats to the NEWT filter.

Q16. How does your known malware sites differ from other URL lists? top
A16. The key differentiation is that we find many of these sites as they are advertised by attackers in e-mail. The sites commonly used in these attacks are never found by other methods because of their short life cycle and connection to bot-infected computers.

Q17. What does NEWT do with new URLs it finds? top
A17. NEWT relies heavily on the network effect of NEWT users to find new threats quickly. In addition to scanning for known threats, NEWT strips out URLs and IP addresses from e-mail and sends only the URL, anonymously, to Avinti’s iSolation Server center for evaluation. That URL is checked for new malware and, if it is found, a new malware signature is created and sent our to all NEWT filters.

Q18. Is the privacy of my email ensured? top
A18. Absolutely. All NEWT filtering is done on your mail gateway. The NEWT filter does send anonymous URLs back to a secure observation center to check for new malware. That process if fully automated. However, if there are URLs that you don’t want to have observed, you can simply whitelist them in NEWT and they will not be sent.

Q19. Why did you choose to support Sendmail and Postfix MTAs? top
A19. We chose them because they are the most popular and stable mail servers in the market.

Q20. How large is the plug-in download? How large are the updates? top
A20. The actual download itself is very small, under 5 MB. Updates only send incremental changes and therefore should be no more than 1MB, and will often times be much smaller.

Q21. Your iSolation Server blocks blended threats as well. How does NEWT differ from your iSolation Server product? top
A21. Avinti’s iSolation Server is a real-time gateway that proactively looks at incoming email for blended threats, zero-day malware, malware variants, and spam. Specifically on blended threats, iSolation Server will stop them in real time, whereas NEWT will only stop them once it has been previously seen and a signature is created for that URL or IP address.

Q22. What do I need to run NEWT? top
A22. You will need a popular mail transfer agent such as SendMail or Postfix running on Linux, a copy of the Berkeley open source database, and an open Internet connection with Port 80 and Port 443 open.

Q23. Why don’t you have a NEWT filter for (name your favorite) MTA? top
A23. We decided to launch NEWT with support for the most common mail servers. We will work on supporting other products in the future. If you really want us to support a particular mail server, send us a message through our support forum.