SpamSentinel Version 10
 the best anti-spam and anti-virus solution for Domino!

SpamSentinel 10: More aggressive blocking to stop fraud and malware

Release Date: October 2018

The Rules of Email have changed. Spam are relatively harmless sales attempts. Fraud and Malware such as Cryptolocker (and its variants), however, are very costly attempts at theft. SpamSentinel 10 is our response to these new outbreaks. It aggressively blocks messages to minimize user impact. You will notice more blocked messages with SpamSentinel 10.

For fraud and phishing, we continue to innovate with InboxGenius, which is an evolving approach to stop the wide variety of attempts to steal money and information from organizations via targeted phishing attacks.

We continue to update our SpamSentinel and Inbox Genius products to give you the best IBM Notes/Domino anti-spam package for minimal administration and ease of use - please see below for a full list. Also, be sure to check out our popular Sidebar Applications - One Voice, Agenda and more!

As always, please feel free to contact us at if you have any questions or require support - we would also be happy to hear of any improvements or new features that you would like to be added.

SpamSentinel 10 runs on Lotus Domino versions 6 and higher, 32-bit and 64-bit.

Version Highlights:

Version 10 is mostly about improving performance and introducing more aggressive blocking strategies to reduce missed spam.

Many of our customers want to better understand our approach to blocking viruses in SpamSentinel Version 10 - please see the chart at the end of this page that explains it in detail.

SpamSentinel Version Improvements

Our major updates were to replace the Mailshell anti-spam engine with the latest offering from Cyren in order to give us better Spam blocking. Inbox Genius is included with SpamSentinel 10 as a direct upgrade to Manage By Example. We have introduced SPF blocking as an option within SpamSentinel. Performance improvements and new configuration options have been made to allow better handling of certain problematic message types.

SpamSentinel Interceptor
  • Added new advanced option 'Strain' to allow only selected SMTP fields to be converted into Notes fields when a message is received.
  • Fixed error which could occur if an email being scanned Outbound was sent from iNotes and contained a file attachment.

SpamSentinel Duo Engines
  • Updated to use Avira version 4.9.1
  • Replaced Mailshell with Cyren version

SpamSentinel Router
  • No changes have been made to the SpamSentinel Reporter

SpamSentinel Scanner
  • Spam Category calculations are reworked to move more spam from Category B to C and also Category C to D
  • Added SPF checking options to SpamSentinel.
  • Added 'Only Allow' option for Restricted Attachments. Attachments not on the 'only allow' list will be removed.
  • Added Office File Scan White List option which allows only selected White List entries to apply to the Microsoft Office file macro scanning.
  • Added feature so that Outbound Mail can be scanned for Attachments and Viruses without scanning for Spam.
  • Added feature where Encrypted Microsoft Office documents can now be configured separatedly from Invalid Microsoft Office Documents.
  • RBL and DBL usage options now include finer control over recognition of individual SpamHaus return codes.
  • SpamHaus RBL and DBL matches now cause an email to be treated at least as category C Spam.
  • Added 'HttpTimout in Seconds' option for better handling of individual emails taking a long time to scan.
  • Added 'File Scan Timeout' option to Anti-Virus settings for ensuring a runaway file scan doesn't cause overall email scan to fail.
  • Added new shared license code format for SpamSentinel with optional InboxGenius Fraud protection.
  • Helo domain and IP address extraction from the Received field now allows for optional brackes [] around IP address.
  • New fields added to keep MIME part in sync with Notes document.
  • Updated MIME part parsing that extracts file name from header and added code to remove extraneous characters from file names.
  • Updated Scanner will no longer stop processing mail if reinitialization time exceeds 2 minutes.
  • Increased overall message size read limits to ensure we get the correct Cloudmark signatures: MIME part sizes increased to (10MB + 128k). If message is in mime.html attachment, message size is 20MB.
  • Increased buffer size for reading From and SMTPOriginator values. The size exceeds the buffer size specified by the Notes AP for email and domain names.
  • Updated Outbound message processing to store Recipient names in SpamSentinelSendTo field when message is quarantined.
  • Fixed regression bug so that Scanner could again read Rich Text messages for Policy Management and Body Scanning.
  • Fixed bug where Excel suspicious file log text was not written to SpamSentinelReport.txt correctly during Microsoft Office file macro scanning.

SpamSentinel Reporter
  • No changes have been made to the SpamSentinel Reporter

SpamSentinel Administration Database
  • Added UI options to support new features

SpamSentinel Manager
  • Converted to .Net 3.5

SpamSentinel Monitor
  • Write Cyren configuration instead of Mailshell configuration to the Engine .xml files.
  • Write Antivirus and File Scan timeout information to the Engine .xml files

Non-Windows/Checking Machine Installations (AS400/Linux/Solaris)
  • Engine, Scanner, Monitor and database updates have been made as above.

Be sure to check out our popular Sidebar Applications at - Canned Replies, Agenda and more!

Click here to learn more about our previous release: Improvements in Version 9

5 Layer Approach to Effective Virus Blocking using SpamSentinel

Layer 1:
Spam Blocking

Blocks most viruses as "spam" that should be deleted.

39% of viruses are stopped this way.
Most viruses are generated and sent out in large waves of emails, so they exactly resemble spam.

The messages are classified at our highest level of spam, as Spam-D and immediately deleted or quarantined.
Layer 2:
Zero Hour Pattern Detection

Identifies viruses in the wild before they are

42% of viruses are stopped this way.

The Zero Hour approach does not rely on file scanning but provided malware detection based on identifiable patterns such as:
  • Sender IP addresses
  • Malicious code in attached malware
  • Combinations of characters from the subject and body of the email
  • Email distribution patterns – such as senders (how many, location) and the volume of the emails sent over a period of time.
  • Structure patterns – in the email messages and attachments.
Layer 3:
Traditional Anti-Virus Scanning

Identifies viruses based on known signatures.

15% of viruses are stopped this way.
SpamSentinel Antivirus looks specifically at the file attachments to accurately detect:
  • Malware hidden in PDF files, HTML and Java scripts, and archive files
  • Full anti-malware detection of worms, Trojans, spyware, adware and other potentially unwanted applications types

Malware detection is based on:
  • Heuristics – basic and emulator-based.
  • Algorithmic scanning methods – using an internal detection language.
  • Signature-based scanning – for exact malware file identification.
  • Emulation – for encrypted and polymorphic virus detection.
  • Full support for all types of ZIP, Bzip2, RAR, 7zip, NSIS and CAB compression techniques
Layer 4:
Restricted Attachments

Stops missed viruses by stopping and quarantining executable files.

4% of viruses are stopped this way.
Most viruses exploit the ability to launch right from the email message. That means they prefer to be executable files (EXE files). New variations are sent every day. Restricting EXE and other attachments is the last layer preventing viruses from entering your organization.
Layer 5:
Scan Microsoft Office documents for macros.
Malicious macros can download and execute malware/viruses in the background without the user's knowledge. SpamSentinel now creates safe copies of these documents for viewing and password protects the original file to prevent accidental opening.