JP2019046397A - Mail monitoring system, mail monitoring device, and mail monitoring program - Google Patents

Abstract

To appropriately execute virus check of an encrypted attachment file and provide the attachment file without separating it from an e-mail.SOLUTION: When an e-mail acquired via a mail acquisition unit 1241 includes an encrypted attachment file, a mail preservation unit 1244 preserves it in a mail preservation memory 115. A request mail provision unit 1245 and a password acquisition unit 1246 are functioned to acquire a password for decryption from a transmission destination user PC 2 of the preserved e-mail. The decryption unit 1246 decrypts the attachment file using the password, and a virus check unit 1242 executes the check. When no problem is found in the check, a mail provision unit 1243 provides the user PC 2 with the received e-mail with the attachment file.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a system, apparatus, and program for monitoring received electronic mails in a company or the like so that only safe electronic mails not infected with computer viruses can be used.

  A file attached to an e-mail that has been encrypted using a password cannot be checked for viruses by a mail monitoring device such as a Unified Threat Management device. This is because the attached file in the encrypted state cannot be properly checked even if it is subjected to virus check, and thus it must be decrypted. Therefore, Patent Document 1 described later discloses an invention relating to a mail monitoring apparatus or the like that provides a problem-free attached file by performing a virus check by decrypting the attached file.

  When an electronic mail with an encrypted attached file is transmitted, a password for decryption is separately notified to the other party by electronic mail, telephone, facsimile, or the like. For this reason, in the mail monitoring apparatus disclosed in Patent Document 1, first, when receiving an e-mail attached with an encrypted attached file, only the encrypted attached file is stored. . Then, in the email monitoring device, a link request (link destination information) for linking to the storage location of the attached file and a message requesting notification of the password are added to the email without the attached file. To the destination (destination).

  The mail monitoring apparatus receives a password for decryption from the receiving user of the electronic mail linked (connected) to the storage location of the attached file using the link information. Using the received password, the stored encrypted attached file is decrypted, virus check is performed, and only the attached file having no problem is provided to the receiving device on the receiving user side. In this way, the user who receives an email with an encrypted attachment attached downloads only the attachment that has been checked for viruses and has no problem, from a predetermined link destination, separately from the email to which the attachment was attached. can do.

JP 2006-63443 A

  However, in the invention described in Patent Document 1, the attached file is stored separately from the e-mail and connected (linked) to the save destination (link destination) even though the attached file is transmitted by e-mail. And take the configuration to download the attached file. For this reason, the e-mail that describes the requirements and the attached files such as detailed materials are separated, so the user (receiving user) who manages the e-mail with the mailer (e-mail software) It becomes necessary to associate an email with an attached file. For this reason, management of electronic mail and attached files may be complicated.

  In view of the above-described points, an object of the present invention is to make it possible to appropriately check a virus or the like for an encrypted attached file and to provide the attached file without separating it from an electronic mail.

In order to solve the above problem, the mail monitoring system of the invention according to claim 1 provides:
A mail monitoring system comprising a mail monitoring device and an information processing device that receives an e-mail through the mail monitoring device,
The mail monitoring device
In response to a mail acquisition request from the information processing apparatus, mail acquisition means for acquiring a received e-mail addressed to a user of the information processing apparatus from a predetermined mail server apparatus;
A mail storage unit that stores the received email attached with the attached file in a predetermined storage unit when an encrypted attached file is attached to the received email acquired by the email acquisition unit; ,
Request mail providing means for providing a password request mail for requesting provision of a password for decrypting the attached file to the information processing apparatus when the received electronic mail is stored in the storage means by the mail storage means;
In response to the password request mail provided through the request mail providing means, a password obtaining means for obtaining a password from a password notification mail provided from the information processing apparatus;
Decryption means for decrypting the attached file of the received e-mail stored in the storage means, using the password acquired through the password acquisition means;
Check means for checking a computer virus or the like for the attached file decrypted by the decryption means;
A mail providing means for providing the information processing apparatus with the received electronic mail attached to the attached file and stored in the storage means when the checking means confirms that there is no problem. ,
The information processing apparatus includes:
A mail acquisition request providing means for forming the mail acquisition request and providing it to the mail monitoring device;
A notification mail providing means for forming the password notification mail for notifying a password and providing it to the mail monitoring apparatus when receiving the provision of the password request mail for requesting provision of a password from the mail monitoring apparatus;
E-mail using means for accepting the received e-mail attached with the attached file provided from the e-mail monitoring device and making the attached file available.

  According to the mail monitoring system of the first aspect, the mail monitoring apparatus, when the electronic mail acquired through the mail acquisition means is attached with an encrypted attachment file, Is stored in the storage means. Then, the request mail providing means and the password obtaining means function to obtain a password for decryption from the information processing apparatus that is the transmission destination of the electronic mail. The decryption means decrypts the attached file using this acquired password, and if the check means checks and there is no problem, the mail providing means sends the received e-mail attached with the attached file as the destination. Provide to processing equipment.

  On the other hand, in the information processing apparatus that is the transmission destination of the electronic mail, the mail acquisition request providing means requests the mail monitoring apparatus to acquire the mail addressed to itself. The notification mail providing means provides a password in response to the password request mail from the mail monitoring device. The e-mail attached with the attached file provided from the mail monitoring apparatus is made available through e-mail using means.

  As a result, even for an e-mail attached with an encrypted attached file, the attached file is decrypted and appropriately checked, and an e-mail attached with a problem attached file is processed as an information processing apparatus. Can be provided.

  According to the present invention, the encrypted attached file is appropriately checked for viruses and the like. In addition, since an e-mail with an attached file having no problem can be provided as it is to the recipient, management does not become complicated.

It is a block diagram for demonstrating the structural example of the mail monitoring system of embodiment. It is a block diagram for demonstrating the structural example of the UTM apparatus of embodiment. It is a block diagram for demonstrating the example of a structure of user PC of embodiment. It is a sequence diagram for demonstrating operation | movement of the mail monitoring system of embodiment. It is a figure for demonstrating the example of a reception email. It is a figure for demonstrating the example of a password request | requirement mail and a password notification mail. It is a flowchart for demonstrating the operation | movement with a UTM apparatus in the case of receiving mail. It is a flowchart following FIG. It is a flowchart for demonstrating the process in user PC in the case of receiving mail. It is a flowchart following FIG.

  Hereinafter, an embodiment of a mail monitoring system, a mail monitoring apparatus, and a mail monitoring program according to the present invention will be described with reference to the drawings.

[Entire configuration of email monitoring system]
FIG. 1 is a block diagram for explaining a configuration example of a mail monitoring system configured using a UTM (Unified Threat Management) device 1. The UTM device 1 is one to which an embodiment of the mail monitoring device of the present invention is applied. The UTM device 1 is called an integrated threat management device or the like, and integrates a plurality of different security functions into one piece of hardware, and centrally performs security management related to the network.

  As shown in FIG. 1, a plurality of user PCs (Personal Computers) 2 (1), 2 (2),..., 2 (information processing devices) are connected to a UTM device 1 via a LAN (Local Area Network) 3. By connecting n), a mail monitoring system is configured. This mail monitoring system is formed in a company, for example, and each of the user PCs 2 (1), 2 (2),..., 2 (n) is a business PC used by an employee.

  As shown in FIG. 1, the UTM device 1 is connected to the Internet 4. Connected to the Internet 4 are various information processing apparatuses having communication functions such as personal computers, tablet PCs (Personal Computers), and high-function mobile phone terminals called smartphones. In this embodiment, in order to simplify the description, a case in which a mail transmission source PC (Personal Computer) 5 is connected to the Internet 4 is shown on behalf of these various information processing apparatuses.

  Further, a mail server device 6 that mediates transmission / reception of electronic mail is connected to the Internet 4. As is well known, an e-mail is transmitted to a mail box of a mail server device specified by an e-mail address of a target destination. The other party accesses the mail server apparatus through his / her information processing apparatus and downloads and uses the e-mail addressed to him / her from his / her mailbox.

  In this embodiment, it is assumed that each user of the user PCs 2 (1), 2 (2),..., 2 (n) has his / her own mailbox in the mail server device 6. A company or the like may have an internal mail server device in its communication system. However, the basic functions of the mail server apparatus provided outside and the mail server apparatus provided inside are the same. Therefore, in this embodiment, the mail server device 6 will be described as a general external mail server device connected to the Internet 4.

  Then, an e-mail attached with an encrypted attached file from the mail transmission source PC 5 and an e-mail (no attached file) informing the password are used using, for example, the user PC 2 (1) under the UTM device 1. Consider the case of sending to a person. In this example, the e-mail attached with the encrypted attachment file sent from the mail transmission source PC 5 and the e-mail notifying the password are received by the mail server device 6 and specified by the e-mail address of the other party. Stored in the mailbox. The two e-mails stored in these mailboxes are received e-mails for the user of the user PC 2 (1).

  The user of the user PC 2 (1) starts up a mailer to acquire the received e-mail addressed to himself / herself, and transmits an acquisition request (reception request) for the e-mail addressed to himself / herself to the UTM apparatus 1. Mailer (e-mail software) is software used to perform various processes for handling e-mails, such as receiving e-mails addressed to you and creating and sending e-mails to other parties. is there.

  The UTM device 1 accesses the mail server device 6 in response to an e-mail acquisition request from the user PC 2 (1), and is specified by an e-mail address assigned to the user of the user PC 2 (1). Get (download) incoming email from. Then, when the acquired received electronic mail is attached with an attached file encrypted with a password, the UTM device 1 stores the received electronic mail in a predetermined storage unit. This is because the encrypted attached file cannot be properly checked for viruses unless it is decrypted.

  It should be noted that the received e-mail for notifying the password is not attached with an attached file and has only a mail body (text data), and there is no fear of spreading a computer virus. For this reason, the received e-mail for notifying the password is provided as it is to the user PC 2 (1) as the e-mail provision request source as before.

  Then, the UTM device 1 forms a password request mail for requesting provision of a password for decryption, and provides this to the user PC 2 (1) that is the recipient. That is, since the UTM device 1 has received an e-mail acquisition request from the user PC 2 (1), the UTM device 1 knows that the destination of the received e-mail is the user PC 2 (1). Further, the UTM device 1 knows that the destination of the received electronic mail to which the encrypted attachment file is attached is the user of the user PC 2 (1). For this reason, the UTM device 1 provides a password request mail to the user PC 2 (1). In the password request mail, the sender (sender) and the destination (destination) are the sender (sender) and destination (destination) of the received e-mail stored in the UTM device 1 with the encrypted attachment attached. And the same thing.

  Then, the user PC 2 (1) that received the password request mail displays this and notifies the user, and the user creates an e-mail that describes the password as a reply mail to the password request mail. Send this as a password notification email. Therefore, the password notification mail in this case is such that the transmission source (sender) is the user of the user PC 2 (1) and the transmission destination (destination) is the user of the mail transmission source PC 5.

  When receiving the password notification mail from the user PC 2 (1), the UTM device 1 acquires the password described in the password notification mail. In this password notification mail, the transmission destination (destination) is the mail transmission source PC 5, but the UTM device 1 does not transmit it to the mail transmission source PC 5. Then, the UTM device 1 uses the acquired password to decrypt the encrypted attached file attached to the stored received e-mail, and checks for viruses and the like. Specifically, it is checked whether or not unnecessary advertisements are included and whether or not a computer virus is included (infectious). If there is no problem with this virus check, the UTM device 1 provides the received electronic mail with the attached file attached to the requesting user PC 2 (1).

  As a result, the user of the user PC 2 (1) receives a received e-mail attached with an attached file that has been checked for viruses or the like by the UTM device 1 and confirmed that there is no problem, and uses it. can do. In this case, the UTM device 1 can provide the user PC 2 with the received e-mail attached with the decrypted attached file, or can receive the received e-mail attached with the encrypted attached file with the user PC 2 ( 2) can also be provided. In the latter case, the user PC 2 also performs decryption processing on the encrypted attached file. In addition, unlike the UTM device 1, the user PC 2 (1) can perform virus checking on the attached file by using a virus check program.

  Also, as a result of checking for viruses or the like, it is confirmed that the attached file contains unnecessary advertisements or is infected with a computer virus. In this case, the e-mail to which the attached file is attached is deleted (discarded), and the user PC2 (1), which is the original transmission destination (destination), is deleted through the user PC2 (1). Be notified. As a result, regarding the attachment file infected with the virus, it is possible to request the user of the mail transmission source PC 5 as the transmission source to provide the attachment file not infected with the virus.

  Thus, in the mail monitoring system of this embodiment, basically, encryption is performed by exchanging electronic mail between the UTM device 1 and the user PCs 2 (1), 2 (2),..., 2 (n). The UTM device 1 acquires a password necessary for decrypting the attached file. Then, the UTM device 1 performs a virus check on the attached file after decryption, and if there is no problem, the user PC 2 (1) that uses the e-mail attached with the attached file by the user of the transmission destination (destination) Etc. so that it can be provided.

  Hereinafter, the UTM device 1 and the user PCs 2 (1), 2 (2),..., 2 (n) constituting the mail monitoring system of this embodiment will be specifically described. Each of the user PCs 2 (1), 2 (2),..., 2 (n) has the same basic configuration. For this reason, unless otherwise indicated, the user PCs 2 (1), 2 (2),..., 2 (n) are collectively referred to as the user PC2.

[Configuration Example of UTM Device 1]
FIG. 2 is a block diagram for explaining a configuration example of the UTM device 1. The UTM device 1 includes a connection terminal 101 to the Internet 4, a communication I / F (interface) 102, and a control unit 110. The communication I / F 102 performs a process of converting the data transmitted to the own device through the Internet 4 into data in a format that can be processed by the own device, and supplying the converted data to the control unit 110. In addition, the communication I / F 102 converts the data from the control unit 110 into data to be transmitted, and performs processing for transmitting the data to a target partner via the Internet 4. Communication with a server device or the like connected to the Internet 4 is performed through the connection terminal 101 and the communication I / F 102.

  The control unit 110 is configured by connecting a CPU (Central Processing Unit) 111, a ROM (Read Only Memory) 112, a RAM (Random Access Memory) 113, a nonvolatile memory 114, and a mail storage memory 115 via a bus. It is. The control unit 110 realizes a function of controlling each unit of the UTM device 1. The ROM 112 stores various programs and data necessary for processing. The RAM 113 is mainly used as a work area such as temporarily storing intermediate results of processing.

  The nonvolatile memory 114 stores programs and data that need to be retained even when the power of the UTM device 1 is turned off, such as additional programs for function enhancement and setting information set by the user (user). Is done. Further, as will be described in detail later, the mail storage memory 115 stores (stores and holds) a received electronic mail to which an attached file encrypted using a password is attached.

  A LAN port 131 and a LAN connection end 132 are connected to the control unit 110. In this embodiment, the LAN connection end 132 is connected to the user PCs 2 (1), 2 (2),..., 2 (n) shown in FIG. Therefore, the UTM device 1 communicates with each of the user PCs 2 (1), 2 (2),..., 2 (n) through the LAN port 131 and the LAN connection end 132. Each of the user PCs 2 (1), 2 (2),..., 2 (n) can be connected to the Internet 4 via the UTM device 1.

  Note that the UTM device 1 registers and manages in the nonvolatile memory 114 what kind of terminal is connected to the LAN 3. Specifically, information capable of uniquely specifying each terminal such as an IP (Internet Protocol) address and a MAC (Media Access Control address) address as a port number and a terminal ID is managed in association with each other. In addition, information necessary for transmission / reception of e-mail such as a POP server name, SMTP server name, user name (account name), and mail password is also input in advance by the user as mailer setting information and stored in the nonvolatile memory 114. Is retained.

  The UTM device 1 includes a P2P countermeasure unit 121, an HP access restriction unit 122, a virus countermeasure unit 123, a mail countermeasure unit 124, an IPS / IDS unit 125, and a firewall unit 126. Each of these units realizes a function as a security monitoring device.

  The P2P countermeasure unit 121 realizes a function for prohibiting P2P connection with a partner who does not take security measures or a malicious partner. Note that “P2P” means “Peer to Peer”, and means that peers directly communicate with each other via the Internet. With the function of the P2P countermeasure unit 121, for example, it is possible to prevent a file exchange such as an image from being performed on a one-to-one basis with a partner having a problem and to prevent virus infection from the partner.

  The HP (Home Page) access restriction unit 122 realizes a function of prohibiting access to a homepage corresponding to the category by selecting (setting) a homepage category designated in advance, for example. For example, by specifying categories such as illegal drugs (such as narcotics), adults, and gambling, URL filtering to inappropriate sites such as narcotics-related sites, adult sites, and gambling sites can be performed.

  The virus countermeasure unit 123 verifies the response of the Web page (virus check). More specifically, the virus countermeasure unit 123 realizes a function of monitoring communication when browsing a Web page, and verifying (checking) whether a virus is mixed in an image to be browsed or a file to be downloaded.

  The mail countermeasure unit 124 implements a function for blocking an electronic mail with an unnecessary advertisement or computer virus attached to the received electronic mail. Then, the mail countermeasure unit 124 of this embodiment receives the received email when the attached file encrypted with the password is attached (acquired), as described with reference to FIG. The electronic mail is stored in the mail storage memory 115. Then, receiving the password from the recipient (destination), decrypting the attached file, checking for viruses, etc., and if there is no problem, provide the recipient with an email with the attached file attached Realize the function to do. Details of the mail countermeasure unit 124 will be described later.

  The IPS / IDS unit 125 realizes a function of preventing inappropriate intrusion or notifying inappropriate intrusion. Here, IPS is an abbreviation for Intrusion Prevention System, and IDS is an abbreviation for Intrusion Detection System. The IPS / IDS unit 125 can protect against attacks by so-called malware such as worms and Trojan horses.

  The firewall unit 126 determines whether or not to supply data to the in-house network according to the data communication status and software to be used, and implements a function to protect the own system from attacks from outside networks and unauthorized access. . As described above, the UTM device 1 has a plurality of different security functions mounted on one piece of hardware, and can comprehensively cope with threats generated in the communication environment.

[Details of processing performed in mail countermeasure unit 124]
As shown in FIG. 2, the mail countermeasure unit 124 includes a mail acquisition unit 1241, a virus check unit 1242, and a mail providing unit 1243 as parts that realize basic functions. In this embodiment, the mail acquisition unit 1241 accesses the mail server device 6 in response to a mail acquisition request from the subordinate user PC 2 and acquires (downloads) an e-mail addressed to the user of the user PC 2. Realize the function.

  The virus check unit 1242 attaches unnecessary advertisements and computer viruses to attached files that are attached to the received e-mail acquired through the mail acquisition unit 1241 without being encrypted or decrypted as described later. Check if it is not. The virus check unit 1242 implements a function of blocking an electronic mail including a problem that can be confirmed that an unnecessary advertisement or a computer virus is attached. For a received electronic mail having a problem in particular, the virus check unit 1242 functions and deletes it from any memory on the UTM device 1.

  The mail providing unit 1243 provides, to the user PC 2 as the acquisition request source, a received e-mail attached with an attached file that can be confirmed that unnecessary advertisements or computer viruses are not attached as a result of checking by the virus checking unit 1242. Realize the function to do. When the received e-mail is deleted due to the presence of unnecessary advertisements or computer viruses, the mail providing unit 1243 functions to notify the acquisition request source user PC 2 that the received e-mail has been deleted. To do. As a result, the user of the acquisition requesting user PC 2 can take measures such as requesting the sending source to re-send an e-mail with no problem.

  As described above, the mail acquisition unit 1241, the virus check unit 1242, and the mail providing unit 1243 realize a basic countermeasure against the received electronic mail realized by the mail countermeasure unit 124. Note that a received electronic mail without an attached file has a mail body (text data), but there is no computer virus in this portion. For this reason, a received electronic mail to which no attached file is attached is determined as having no problem by the virus check unit and provided to the recipient through the mail providing unit 1243.

  Further, the mail countermeasure unit 124 includes a mail storage unit 1244, a request mail providing unit 1245, a password acquisition unit 1246, and a decryption unit 1247. Each of these units is a unit that enables an appropriate check to be performed on an encrypted attachment file when a received electronic mail to which an attachment file encrypted with a password is attached is acquired.

  Specifically, the mail storage unit 1244, when an encrypted attachment file is attached to the received electronic mail acquired by the mail acquisition unit 1241, the received electronic device to which the encrypted attachment file is attached. The mail is stored (recorded) in the mail storage memory 115.

  The request mail providing unit 1245 functions when the received email is stored in the mail storage memory by the mail storage unit 1244. The request mail providing unit 1245 creates a password request mail for requesting provision of a password for decrypting the encrypted attached file attached to the received received e-mail, and this is generated by the user PC 2 that is the request for obtaining the e-mail. To provide. In this embodiment, the password request mail has the same sender (sender) and destination (destination) as the received e-mail to which the encrypted attached file is attached.

  The password acquisition unit 1246 acquires a password from the password notification email provided from the user PC 2 that is the email acquisition request source in response to the password request email provided through the request email providing unit 1245. Then, the decryption unit 1247 decrypts the encrypted attached file of the received electronic mail stored (stored) in the mail storage memory 115 using the password acquired through the password acquisition unit 1246.

  The attached file decrypted in this way is checked by the above-described virus check unit 1242 whether or not unnecessary advertisements or computer viruses are attached. Then, the attached file determined to have no problem in the check is provided to the user PC 2 that is the mail acquisition request source by the above-described mail providing unit 1243 as a received electronic mail to which the attached file is attached.

  If an unnecessary advertisement or a computer virus is confirmed in the decrypted attached file, for example, the virus check unit 1242 functions so that an e-mail attached with the attached file is sent to the UTM together with the attached file. Delete from the memory on the device 1. Then, the mail providing unit 1243 functions to form a message notifying that the received electronic mail has been deleted, and notifies this to the acquisition requesting user PC 2.

  As described above, the mail countermeasure unit 124 of the UTM device 1 according to this embodiment appropriately detects not only the unencrypted attached file but also the encrypted attached file attached to the received e-mail. Perform the check. A function of providing the received electronic mail to which the attached file is not attached and the received electronic mail to which the attached file is attached but having no problem with the attached file to the user PC 2 as the mail acquisition request source. Is realized.

[Configuration example of user PC 2]
FIG. 3 is a block diagram for explaining a configuration example of the user PC 2. As shown in FIG. 3, the user PC 2 includes a LAN connection end 201 and a LAN port 202. Communication is performed with the UTM apparatus 1 through the LAN connection end 201 and the LAN port 202. The user PC 2 includes a display controller 203 and a display 204, an audio output processing unit 205 and a speaker 206, an operation input interface (hereinafter referred to as operation input I / F) 231 and an operation unit 232. Each of these units functions as a user interface.

  Further, the user PC 2 includes a control unit 210 and a storage device 221. The control unit 210 is formed by connecting a CPU 211, a ROM 212, a RAM 213, and a non-volatile memory 214 through a bus, and realizes a function of controlling each unit and also functions as an application execution unit that executes various application software. The storage device 221 includes, for example, a hard disk as a large-capacity storage medium, and a mechanism for writing / reading data to / from the hard disk.

  The user PC 2 is connected to the UTM device 1 through the LAN connection terminal 201. The LAN port 202 converts the packet data addressed to the own device transmitted through the UTM device 1 into a format that can be processed by the own device, and converts the packet data transmitted from the own device into a format for transmission. And send it. The control unit 210 also functions as a packet processing unit that makes it possible to disassemble and use packet data that has been received and captured, or generate packet data for transmission.

  The user PC 2 can accept various instruction inputs from the user (user) through the operation unit 232 and the operation input I / F 231. The operation unit 232 is a pointing device such as a keyboard or a so-called mouse. By the instruction input input through the operation unit 232 and the operation input I / F 231, for example, a mailer is executed in the control unit 210 of the user PC 2 to receive and use an e-mail addressed to the user of the own machine, Can be created and sent.

  In particular, as a portion that functions in relation to the mailer, the user PC 2 of this embodiment includes a mail acquisition request providing unit 241, a reply mail creating unit 242, and an e-mail using unit 243. The mail acquisition request providing unit 241 receives a mail acquisition request when receiving an operation for acquiring a received e-mail addressed to the user from the user through the operation input I / F 231 and the operation unit 232 during mailer execution. Is provided to the UTM device 1.

  When the password request mail described above arrives from the UTM device 1, the reply mail creation unit 242 creates a reply mail for the password request mail and provides this reply mail to the UTM apparatus 1 as a password notification mail. For this reason, when creating a reply mail, the password input from the user is accepted through the operation input I / F 231 and the operation unit 232. Then, the reply mail creation unit 242 creates a reply mail (password notification mail) including the password received from the user, and sends this back to the UTM device 1.

  The e-mail using unit 243 performs various processes for using the received e-mail provided from the UTM device 1 in response to an instruction input from the user who receives the operation input I / F 231 and the operation unit 232. Specifically, the e-mail using unit 243 displays the received e-mail on the display 204, outputs it to a printer connected to an output terminal (not shown), moves the file, deletes it from the file, etc. Various processes related to the use of electronic mail are performed.

  As described above, the user PC 2 of this embodiment can use various information that can be used through the Internet 4 such as an electronic mail and a Web page through the UTM device 1. By being connected to the Internet 4 via the UTM device 1, the user PC 2 is protected from various threats in the communication environment.

[Operation of the email monitoring system]
FIG. 4 is a sequence diagram for explaining an operation in the case of processing a received electronic mail to which an attached file encrypted mainly by a password is processed in the mail monitoring system of this embodiment. Here, an e-mail (attached mail) with an attached file encrypted with a password and an e-mail notifying the password (password mail) to a predetermined user who uses the user PC 2 from the mail transmission source PC 5 An example will be described in the case of transmitting.

  That is, as shown in FIG. 4, the mail transmission source PC 5 sends an attached mail and a password mail to the mailbox of the mail server device 6 specified by the electronic mail address assigned to a predetermined user who uses the user PC 2. Are transmitted (step S1). In step S1, an attached mail and a password mail created in advance may be transmitted at the same time, or a password mail may be transmitted separately after the attached mail is transmitted. Of course, the password may be notified by telephone or facsimile, and the password mail may not be transmitted.

  When the user of the user PC 2 receives an e-mail addressed to the user PC 2, the user PC 2 starts up a mailer and performs a receiving operation. This reception operation is, for example, an operation for selecting icons such as “reception”, “transmission / reception”, and “update”. In this case, the user PC 2 forms a mail acquisition request for acquiring an e-mail addressed to the user from the user's mailbox of the mail server device 6 and transmits it (step S2).

  The mail acquisition request from the user PC 2 is transmitted to the mail server device 6 by the mail countermeasure unit 124 of the UTM device 1 (step S3). In response to this mail acquisition request, the mail server device 6 extracts an email addressed to the user and provides it to the UTM device 1 (step S4). The electronic mail provided from the mail server device 6 is provided to the requesting user PC 2 through the UTM device 1. However, it is not provided unconditionally, but for the received e-mail in which the attached file exists, the mail countermeasure unit 124 of the UTM device 1 functions, and the attached file is checked for a computer virus or the like as described above. The

  FIG. 5 is a diagram for explaining an example of an incoming e-mail provided to the UTM device 1 from the mail server device 6 to the user of the user PC 2 that is the mail acquisition request source. FIG. 5A is a diagram showing an example of a received electronic mail (attached mail) to which an encrypted attachment file is attached. FIG. 5B shows a password necessary for decrypting the attached file. It is a figure which shows the example of the reception email (password mail) for notifying.

  The general structure of e-mail is as follows. In the sender (sender) column, the name and email address of the user of the mail sender PC 5 are displayed, in the date / time column, the transmission date / time of the email is displayed, and in the destination (destination) column, The name and e-mail address of the user of the user PC 2 are displayed. In addition, for example, when a so-called copy of the e-mail is transmitted to a destination other than the destination, a “CC (Carbon Copy)” field is provided, and the name of the destination of the copy or An e-mail address may be displayed.

  When an attached file is attached to an e-mail, an attachment field is provided, and the file name of the attached file is displayed in the attachment field and the attached file is encrypted. Is also displayed indicating that it is encrypted. That is, if the attached file is encrypted with a password, the mail countermeasure unit 124 of the UTM device 1 can determine this. Furthermore, a subject field is provided, and the body (text data) of the e-mail is described below the subject.

  First, the case of the received electronic mail (attached mail) to which the encrypted attached file shown in FIG. The received e-mail (attached e-mail) omits a part of the description of the sender, destination, and attached file, but from “BBBBB” to “AAAAA”, “August 3, 2017 "13:50". The received e-mail is attached with an encrypted attached file whose file name is “XXXX ...”. The received e-mail has the subject “Meeting of XX month and day” and the body of the e-mail indicating that the document is to be sent as an encrypted attachment to “Mr. XXX” It has been added.

  Next, the case of a received electronic mail (attached mail) for notifying a password necessary for decryption shown in FIG. 5B will be described. The received e-mail (password e-mail) has the same sender, destination, date / time, and subject as in the case of the received e-mail (attached e-mail) attached with the encrypted attachment shown in FIG. . And since the attached file is not attached, there is no attached field, and an e-mail body that notifies the password of the encrypted attached file to “Mr. XXX” is added. is there.

  Since such a received electronic mail is provided from the mail server device 6 to the UTM device 1, the mail countermeasure unit 124 of the UTM device 1 first attaches an encrypted attached file to the provided received electronic mail. It is determined whether or not it is a thing (step S5). In the determination process of step S5, when it is determined that the provided received e-mail is an attachment with an encrypted attachment, the e-mail countermeasure unit 124 stores the e-mail (attached e-mail) as e-mail. Save in the memory 115 (step S6).

  Then, the mail countermeasure unit 124 of the UTM device 1 creates a password request mail for requesting a password necessary for decryption (decryption) of the encrypted attached file, and provides this to the user PC 2 (step) S7). The process of step S7 is a process of providing a password request mail to the user of the user PC 2 that is the transmission destination (destination) of the received electronic mail stored in step S6. In response to the password request mail, the user of the destination user PC 2 forms a password notification mail for notifying the password, and transmits it to the UTM device 1 (step S8).

  6 shows an example of a password request mail provided to the user PC 2 from the UTM apparatus 1 in step S7 (FIG. 6A), and an example of a password notification mail provided to the UTM apparatus 1 from the user PC 2 in step S8 (FIG. It is a figure which shows FIG.6 (B)). In this embodiment, the UTM device 1 forms a password request mail corresponding to the received electronic mail (attached mail) to which the encrypted attached file stored in the mail storage memory 115 is attached.

  Specifically, as shown in FIG. 6A, the mail countermeasure unit 124 of the UTM device 1 has the same sender, sender (sender), date, destination (destination), subject, Form a password request email with the text requesting the provision of the password as the text. In FIG. 6 (A), as a text requesting the provision of a password, following the description “******* Request ******”, “Return the password to check the attached file for viruses, etc. An example with a message saying "Please." Such a password request mail is provided from the UTM device 1 to the user PC 2 that is the mail provision request source.

  Since the password request mail is uniquely formed by the UTM device 1, the sender (sender) can be used as the date and time, and the date and time when the UTM device 1 transmits the password request mail can also be used. However, if the sender (sender), date / time, destination (destination), and subject are the same as the saved attached mail, the password for the received e-mail from where and what is required There is an advantage that the user of the user PC 2 can quickly grasp.

  On the other hand, the user of the user PC 2 forms and sends a password notification mail in response to the password request mail provided from the UTM device 1 to the user PC 2. In brief, the password notification mail shown in FIG. 6B is formed by performing an operation of sending a reply to the password request mail from the UTM device 1 through the mailer. In this case, since it is a reply to the password request mail, the sender (sender) and the destination (destination) are opposite to the password request mail. Accordingly, the transmission source (sender) is “AAAAAA...” That is the user of the user PC 2, and the transmission destination (destination) is “BBBBB...” That is the user of the mail transmission source PC 5.

  In the example shown in FIG. 6B, the date and time is the date and time when the password notification mail is transmitted from the user PC 2, and the subject is the same as the subject of the password request mail. Then, the text of the password notification mail notifies that the password is “20110803 angleX”. In this example, as described above, since the password is the transmission date + project name, “transmission date = 20110803” and project name = angelX (Angel X) ”are combined. Yes.

  In the UTM device 1 that has received the password notification mail as shown in FIG. 6B, the mail countermeasure unit 124 functions to acquire the password from the password notification mail. In the case of the example shown in FIG. 6B, the word “password is” and the word between the words “is” can be recognized as a password. Further, in the password request mail, it is possible to request that only the password be described in the mail body and extract the password described in the mail body. In addition, various methods can be used as a password acquisition method.

  Then, the mail countermeasure unit 124 of the UTM device 1 decrypts the encrypted attached file attached to the received electronic mail (attached mail) stored in the mail storage memory 115 in step S6 using the acquired password. Is performed (step S9). Further, the mail countermeasure unit 124 performs a virus check on the decrypted attached file (step S10). Thereafter, the mail countermeasure unit 124 of the UTM device 1 determines whether or not the result of checking for viruses or the like indicates that there is no problem with the attached file (step S11).

  When it is determined that there is no problem (OK) as a result of the determination in step S11, the mail countermeasure unit 124 of the UTM device 1 directly uses the received electronic mail (attached mail) to which the attached file is attached as a transmission destination (destination). To the user PC 2 (step S12). In this step S12, a received e-mail attached with the decrypted attached file may be provided, or the received e-mail attached with the encrypted attached file stored in the mail storage memory 115 may be provided. You may make it provide.

  In any case, the received user PC 2 side performs a double check by using a check program different from that of the UTM device 1 to check for viruses, etc. Only email can be used. In this way, a series of e-mail reception processing is completed, and the received e-mail (attached mail) received can be used in the user PC 2.

  On the other hand, when it is determined that there is a problem (not OK) as a result of the determination in step S11, the mail countermeasure unit 124 of the UTM device 1 deletes the received electronic mail (attached mail) to which the attached file is attached (step S13). ). This is because the user PC 2 that is the transmission destination (destination) is not provided with an unnecessary advertisement or infected with a computer virus. Then, the user PC 2 is notified that the received e-mail addressed to the user PC 2 has been deleted (step S14). In this case, the user PC 2 is notified of necessary information such as a transmission source (sender) and a subject.

  Also in this case, a series of e-mail reception processing is completed. However, the user PC 2 cannot acquire an e-mail addressed to the user of the user PC 2. Therefore, if necessary, based on the deletion notification notified in step S14, the transmission source is requested to provide a normal attachment file that does not contain unnecessary advertisements or is infected with a computer virus. Appropriate responses can be taken.

  It is assumed that it is determined in the determination process in step S5 that the provided received e-mail is not attached with an encrypted attached file. That is, when it is determined that the received e-mail received from the mail server device 6 is a received e-mail with an unencrypted attached file or a received e-mail without an attached file in the first place. The process proceeds to step S10.

  Then, for the received e-mail attached with the unencrypted attached file, the attached file is checked for viruses and the like (step S10), and it is determined whether there is no problem as a result of checking for viruses and the like. (Step S11). In the determination process of step S11, the attached file determined to have no problem is provided to the user PC 2 that is the mail provision request source together with the electronic mail to which the attached file is attached (step S12).

  The attached file that is determined to have a problem in the determination process of step S11 is deleted from the UTM device 1 together with the electronic mail to which the file is attached (step S13). Then, a deletion mail is formed and provided to the user PC 2 as the mail provision request source (step S14). As a result, it is possible to check for viruses and the like with respect to an e-mail attached with an unencrypted attached file, and to provide only a received e-mail having no problem to the user PC 2 as a mail provision request source.

  Also, in the first place, there is no concern that a computer virus will infect an e-mail that has no attached file and has only an e-mail body of text data. For this reason, since no problem is detected in the virus check in step S10, it is determined that there is no problem in the determination process in step S11. In step S12, the received e-mail without an attached file remains as it is as the user who requested the provision of mail. Provided to PC2.

  As described above, in the mail monitoring system of this embodiment, the attached file encrypted with the password is decrypted to check for viruses and the like. Then, it is possible to provide a transmission destination (destination) with only an attached file that is free of unnecessary advertisements and is not infected with a computer virus and has no problem.

  Of course, as described above, it is possible to check for viruses and the like in the received e-mail attached with the unencrypted attached file as well as in the received e-mail not attached with the attached file. Can be processed.

[Details of processing of UTM device 1]
FIGS. 7 and 8 are flowcharts for explaining the e-mail reception process performed by the UTM device 1 described with reference to FIG. 4 in more detail. The processing of the flowcharts shown in FIG. 7 and FIG. 8 is processing that is executed by the functions of the mail countermeasure unit 124 under the control of the control unit 110 of the UTM device 1.

  The control unit 110 of the UTM device 1 monitors whether or not a mail acquisition request is received from the user PC 2 connected to the UTM device 1 via the LAN 3 (step S101). The mail acquisition request from the user PC 2 includes information specifying the mail server device, an e-mail address assigned to the user of the user PC 2 that provides the mail acquisition request, identification information of the user PC 2 that is the request source, and the like. . If it is determined in step S101 that the mail acquisition request from the user PC 2 has not been provided, the processing in step S101 is repeated to wait for the mail acquisition request from the user PC 2.

  Assume that it is determined in the determination process of step S101 that an email acquisition request has been received from the user PC2. In this case, the mail acquisition unit 1241 functions to transmit the mail acquisition request to the mail server device 6 specified based on the information included therein (step S102), and the user of the requesting user PC 2 Request to provide e-mail addressed to.

  In response to a mail acquisition request from the UTM device 1, an e-mail addressed to the user of the requesting user PC 2 is sent from the mail server device 6, and the UTM device 1 acquires this via the mail acquisition unit 1241. (Step S103). In this case, when a plurality of e-mails addressed to the user are transmitted, the plurality of received e-mails are provided, and the mail acquisition unit 1241 acquires all of them.

  Hereinafter, the processing is performed in order for each received e-mail. First, the mail acquisition unit 1241 determines whether or not the acquired received electronic mail is attached with an attached file encrypted with a password (step S104). Assume that it is determined in the determination process in step S104 that the provided received e-mail is not attached with an encrypted attached file. That is, in step S104, it is assumed that the acquired received e-mail is determined to be a received e-mail to which an unencrypted attached file is attached or a received e-mail to which no attached file is attached.

  In this case, the virus check unit 1242 of the mail countermeasure unit 124 functions, and checks for viruses and the like for an unencrypted attached file (step S105). It should be noted that for a received e-mail to which no attached file is attached, there is no check target in step S105, so that a check result indicating that there is no problem such as a virus is obtained.

  Then, the mail providing unit 1243 functions to determine whether or not the check result of the virus in step S105 has a problem (whether or not it is OK) (step S106). It is assumed that it is determined that there is no problem (OK) in the determination processing in step S106. In this case, the mail providing unit 1243 provides the received e-mail to which the unencrypted attached file is attached or the received e-mail to which the attached file is not attached to the user PC 2 that is the mail provision request source. (Step S107).

  On the other hand, it is assumed that it is determined that there is a problem (not OK) in the determination process in step S106. In this case, the mail providing unit 1243 deletes the electronic mail attached with the attached file from the UTM device 1 (step S108). In step S108, both the attached file and the electronic mail to which it is attached are deleted. Then, the mail providing unit 1243 notifies a deletion notification for notifying that the received electronic mail has been deleted to the user PC 2 that is the mail provision request source (step S109).

  After the process of step S107 and the process of step S109, the control unit 110 determines whether or not the processes for all received emails that have been provided have been completed (step S110). When it is determined in the determination process in step S110 that the processing has been completed for all received emails that have been provided, the control unit 110 repeats the process from step S101. Further, it is assumed that it is determined in the determination process in step S110 that the processes for all received emails that have been provided have not been completed. In this case, the next received electronic mail is positioned to be processed (step S111), and the processing from step S104 is repeated.

  Also, in the determination process of step S104, it is assumed that the mail acquisition unit 1241 determines that the provided received e-mail is an attachment with an encrypted attachment. In this case, the process proceeds to the process of FIG. 8, and the mail storage unit 1244 functions to store the received electronic mail to which the encrypted attached file is attached in the mail storage memory 115 (step S112). Then, the request mail providing unit 1245 functions to form a password request mail in order to decrypt the encrypted attached file of the received e-mail stored in step S112, and this is formed as a user PC2 that is the mail provision request source. (Step S113).

  In response to the password request mail, a password notification mail is transmitted from the user PC 2, so that the password acquisition unit 1246 functions and receives the password notification mail from the user PC 2 (step S 114). Then, the password acquisition unit 1246 acquires (extracts) the password from the received password notification mail, and notifies this to the decryption unit 1247 (step S115).

  The decryption unit 1247 that has received the password notification decrypts the encrypted attached file attached to the received electronic mail stored in the mail storage memory 115 in step S112 using the notified password (step S112). S116). Thereafter, the virus check unit 1242 functions to check the virus for the decrypted attached file (step S117).

  Then, the mail providing unit 1243 functions to determine whether or not the check result of the virus or the like in step S117 has a problem (OK or not) (step S118). It is assumed that it is determined that there is no problem (OK) in the determination process in step S118. In this case, the mail providing unit 1243 sends the received e-mail to which the encrypted attached file is attached or the received e-mail to which the attached file decrypted in step S116 is attached to the mail providing request source. To the user PC 2 (step S119).

  On the other hand, suppose that it is determined that there is a problem (not OK) in the determination processing in step S118. In this case, the mail providing unit 1243 deletes the electronic mail attached with the encrypted attached file from the UTM device 1 (step S120). In step S120, both the encrypted attached file and the electronic mail to which it is attached are deleted. If there is a decrypted attached file, it is also deleted. That is, the problematic attached file and the received e-mail to which it is attached are deleted. Then, the mail providing unit 1243 notifies the user PC 2 of the mail provision request source of a deletion notification for notifying that the received electronic mail to which the encrypted attached file is attached has been deleted (step S121).

  After the process of step S119 and the process of step S121, control unit 110 determines whether or not the processes for all received e-mails that have been provided have been completed (step S122). When it is determined in the determination process in step S122 that the processes for all received emails that have been provided have been completed, the control unit 110 and the mail countermeasure unit 124 perform the process from step S101 of the process illustrated in FIG. Try to repeat. If it is determined in step S122 that the processing has not been completed for all received emails that have been provided, the next received email is positioned as a processing target (step S123). Thereafter, the processing from step S104 shown in FIG. 7 is repeated.

  In this way, in the UTM device 1, each unit of the mail countermeasure unit 124 functions under the control of the control unit 110, and the encrypted attached file is also checked for viruses after decryption and there is no problem. Only received e-mails with attachments are available. Of course, the attachment files that are not encrypted are also checked for viruses and the like, and only received e-mails with attachments having no problem can be used.

[Details of processing of user PC 2]
FIGS. 9 and 10 are flowcharts for explaining the e-mail reception process performed by the user PC 2 described with reference to FIG. 4 in more detail. The processing of the flowcharts shown in FIGS. 9 and 10 includes a control unit 210 of the user PC 2, a mail acquisition request providing unit 241, a reply mail creating unit 242, when the user operates the mailer to start. This process is executed by the electronic mail using unit 243 functioning.

  When the mailer is executed, the control unit 210 forms a reception list that is a list of received e-mails stored and held in its own storage device 221, and displays this on the display 204 through the display controller 203. (Step S201). And the control part 210 receives the operation input from a user through the operation part 232 and operation input I / F231 (step S202).

  Then, the control unit 210 determines whether or not the operation input received in step S202 is an end operation of the mailer (step S203). Assume that it is determined in the determination process in step S203 that an end operation has been accepted. In this case, the control unit 210 performs a series of end processing such as deleting the reception list on the display 204 and returning to the display state before the mailer is executed (step S204), and performs the processing shown in FIGS. Terminate.

  If it is determined in the determination process of step S203 that the end operation has not been received, it is determined whether or not the received operation input is an instruction to transmit a mail acquisition request (step S205). Specifically, in step S205, an operation for instructing to receive a newly transmitted e-mail addressed to the user, such as selecting an icon such as “Receive”, “Transmission / reception”, or “Update”, is performed in step S202. This is a process for determining whether or not it has been accepted.

  Assume that it is determined in the determination processing in step S205 that an operation input instructing transmission of a mail acquisition request has been received. In this case, the control unit 210 controls the mail acquisition request providing unit 241 to generate a mail acquisition request and transmit it to the mail server device 6 (step S206). This mail acquisition request is transmitted to the mail server device 6 through the UTM device 1 as described above.

  In response to the mail provision request, the received e-mail addressed to the user of the user PC 2 is provided from the mail server device 6 to the UTM device 1. The UTM device 1 sends a received e-mail with no attached file attached, a received e-mail with an unencrypted attached file attached, and a password request e-mail to the requesting user PC 2. Come. For this reason, the control unit 210 of the user PC 2 acquires the electronic mail transmitted from the UTM device 1 to the own device, and stores and holds the electronic mail in the storage area of the storage device 221 (step S207). Then, the processing from step S201 is repeated. Thereby, the reception list including the electronic mail newly acquired in step S207 is displayed.

  On the other hand, suppose that it is determined in the determination process in step S205 that an operation input instructing transmission of a mail acquisition request is not accepted. In this case, the control unit 210 proceeds to the process shown in FIG. 10, and determines whether or not the operation input received in step S202 is an operation input for selecting a target received e-mail from the reception list displayed in step S201. (Step S208).

  It is assumed that it is determined in the determination processing in step S208 that the input is not an operation input for selecting a target received electronic mail from the reception list. In this case, the control unit 210 executes a process that can be executed in accordance with an operation from the state where the reception list is displayed (step S209). In this step S209, according to the operation of the user of the user PC 2, for example, creation and transmission of a new mail, setting processing related to the mailer, account maintenance, display of a list other than the reception list (for example, a transmitted list) Processing is executed. After the process of step S209, the control unit 210 repeats the process from step S201 of FIG.

  Assume that in the determination processing in step S208, it is determined that an operation input for selecting a target received electronic mail from the reception list has been performed. In this case, the control unit 210 displays the selected received e-mail on the display 204 (step S210), and accepts an operation input from the user (step S211). In step S211, input for icons such as “return”, “reply”, “reply to all”, “forward”, “delete”, scrolling of the displayed e-mail, display of attached files, and printing can be performed. Has been.

  Then, the control unit 210 determines whether or not the reception operation input is to select a “return” icon in step S211 (step S212). In the determination process in step S212, it is determined in step S211 that the reception operation input does not select a “return” icon. In this case, the control unit 210 determines whether or not the acceptance operation input is an operation for selecting a “reply” icon in step S211 (step S213).

  When it is determined in the determination process in step S213 that the “reply” icon has been selected, the control unit 210 controls the reply mail creation unit 242 to create a reply mail for the selected received electronic mail and transmit it. Is performed (step S214). Then, the operation input received in step S202 is to select a target received e-mail from the reception list, and the received e-mail selected by the user of the user PC 2 by the operation input is the password from the UTM device 1. Suppose that it is a request mail. In this case, the reply mail formed in step S214 becomes a password notification mail. Accordingly, in this case, the reply mail creating unit 242 realizes a function as a password notification mail providing unit.

  When determining that the “reply” icon is not selected in the determination process in step S213, the control unit 210 controls the e-mail use unit 243 to execute the process according to the operation input received in step S211. (Step S215). Specifically, in step S215, as described above, according to the operation input, for example, processing such as “reply to all”, “forward”, and “delete”, scrolling of the displayed email, display of the attached file, and reception Various processes such as e-mail printing can be executed.

  In the determination process of step S212, when it is determined in step S211 that the reception operation input is to select the “return” icon, the control unit 210 repeats the reception list display process in step S201 of FIG. Like that. Similarly, after the process of step S214 and after the process of step S215, the control unit 210 repeats from the reception list display process of step S201 of FIG.

  Thereby, in step S214, when a reply mail for the password request mail from the UTM device 1 is created and transmitted, the reply mail becomes a password notification mail. The received e-mail attached with the encrypted attachment is decrypted using the password notified by the password notification e-mail, and there is no problem by checking for viruses, etc. Is provided to the user PC 2.

  In this way, the user PC 2 does not need to make any special changes in order to appropriately ensure the safety of the encrypted attached file. Then, the user of the user PC 2 simply activates the mailer in the user PC 2 as usual and requests the provision of an e-mail addressed to the user PC 2 or performs an operation on the intended received e-mail. Only receive reliable incoming emails.

[Effect of the embodiment]
In the mail monitoring system according to the above-described embodiment, the received e-mail attached with the encrypted attached file can be appropriately checked for viruses and the like after decrypting the attached file. . An attached file that has been confirmed to be safe with no unnecessary advertisements or viruses attached thereto can be provided to the recipient (destination) in a state of being attached to the received e-mail.

  As a result, the encrypted attached file is not separated from the main body of the email, and the recipient (destination) receives the encrypted attached file attached to the received email. Can save this. Therefore, the electronic mail attached with the encrypted attached file can be managed by the mailer as before, so that the management is not complicated. Moreover, since information in the form of e-mail is exchanged between the UTM device 1 and the user PC 2, an appropriate response can be made through a mailer mounted on the user PC 2 without making a major change to the configuration of the user PC 2. Can take.

  Further, in the above-described embodiment, as a check for a virus or the like, an attached file to which an unnecessary advertisement is attached or an attached file infected with a computer virus is checked. However, the present invention is not limited to this. Of course, it is possible to check only for computer viruses. Various check methods can be used.

[Modification]
In the above-described embodiment, when the UTM device 1 creates a password request mail, the sender (sender), date and time, destination (destination), and subject are encrypted attachments stored in the mail storage memory 115. Changed to be the same as the received e-mail with the file attached. However, it is not limited to this. The sender (sender) can be the UTM device 1. Also, the date and time may be the date and time when the password request mail is transmitted from the UTM device 1, and the subject may be an appropriate one such as “Request for providing password”.

  In such a case, a password request mail including information that can identify which password should be notified should be created in the mail body. For example, please provide the password for the encrypted attachment sent from "BBBBBB ..." on August 3, 2017 with the subject "A meeting on August 9". Or the like in the body of the e-mail.

  Further, when a mail (password mail) notifying the password is transmitted from the sender (sender), the UTM device 1 may use this to create a password request mail. Whether or not there is a mail (password mail) for notifying a password corresponding to the received electronic mail (attached mail) to which the encrypted attached file is attached can be determined as follows, for example. In other words, if there is a received e-mail that has the same sender, sender (destination), and destination (destination) as the subject or the e-mail text stating that the password is notified, the received e-mail is a password e-mail. It can be determined.

  In this case, if a text requesting the provision of a password as shown in FIG. 6A is added to the mail text of the password mail, the password request mail is obtained. In this case, the password itself is also described in the mail text of the received e-mail. For this reason, the user of the user PC 2 that has received the password request mail can create a password notification mail by referring to the password described in the password request mail.

  Further, the mail monitoring system can be configured by providing an internal mail server device in the mail monitoring system. In this case, the internal mail server device can also be configured to receive and store electronic mail addressed to the user of the user PC 2 directly from the information processing device connected to the Internet 4. In this case, the internal mail server device can be handled as realizing the same function as the mail server device 6 described above.

  Further, the internal mail server device may be configured to acquire the received electronic mail for the user from the external mail server device to the user PC 2 under the control of the UTM device 1 under the control of the UTM device 1. In this case, the number of steps in which the internal mail server device acquires received electronic mail for the user of the user PC 2 under the control of the UTM device 1 under the control of the UTM device 1 increases. However, after the internal mail server device acquires the received e-mail, the relationship between the internal mail server device, the UTM device 1, and the user PC 2 is as follows: the mail server device 6, the UTM device 1, This is the same as the relationship with the user PC2.

[Others]
As can be seen from the above description of the embodiment, the function of the mail monitoring device is realized by the UTM device 1. Correspondence between the constituent means of the mail monitoring apparatus of the claims and the constituent parts of the UTM apparatus 1 of the embodiment is as follows. The mail acquisition unit function is realized by the mail acquisition unit 1241, and the mail storage unit function is realized by the mail storage unit 1244. The function of the request mail providing unit is realized by the request mail providing unit 1245, and the function of the password acquiring unit is realized by the password acquiring unit 1246. Also, the function of the decryption means is realized by the decryption section 1247, the function of the check means is realized by the check section for viruses, and the function of the mail provision means is realized by the mail provision section 1243. Further, the mail providing unit 1243 realizes the functions of the deletion unit and the deletion notification unit.

  Further, a program for executing the process performed by the UTM device 1 in the timing chart of FIG. 4 and the process performed by the UTM device 1 shown in the flowcharts of FIGS. The form is applied. Therefore, the functions of at least the components constituting the mail countermeasure unit 124 of the UTM device 1 shown in FIG. 2 can be realized as the functions of the control unit 110 by the program executed by the control unit 110.

  DESCRIPTION OF SYMBOLS 1 ... UTM apparatus, 101 ... Connection end to the internet, 102 ... Communication I / F, 110 ... Control part, 111 ... CPU, 112 ... ROM, 113 ... RAM, 114 ... Non-volatile memory, 115 ... Mail storage memory, 121 ... P2P countermeasure section, 122 ... HP access restriction section, 123 ... Virus countermeasure section, 124 ... Mail countermeasure section, 1241 ... Mail acquisition section, 1242 ... Virus check section, 1243 ... Mail provision section, 1244 ... Mail storage section, 1245 ... Request mail providing unit, 1246 ... password obtaining unit, 1247 ... decryption unit, 125 ... IPS / IDS unit, 126 ... firewall unit, 131 ... LAN port, 132 ... LAN connection end, 2 ... user PC, 201 ... LAN Connection ends 201, 202 ... LAN port, 203 ... display controller, 20 DESCRIPTION OF SYMBOLS ... Display, 205 ... Audio | voice output process part, 206 ... Speaker, 210 ... Control part, 211 ... CPU, 212 ... ROM, 213 ... RAM, 214 ... Non-volatile memory, 221 ... Memory | storage device, 231 ... Operation input I / F, 232: Operation unit, 241 ... Mail acquisition request providing unit, 242 ... Reply mail creating unit, 243 ... E-mail using unit, 3 ... LAN, 4 ... Internet, 5 ... Mail transmission source PC, 6 ... Mail server device

Claims (5)

A mail monitoring system comprising a mail monitoring device and an information processing device that receives an e-mail through the mail monitoring device,
The mail monitoring device
In response to a mail acquisition request from the information processing apparatus, mail acquisition means for acquiring a received e-mail addressed to a user of the information processing apparatus from a predetermined mail server apparatus;
A mail storage unit that stores the received email attached with the attached file in a predetermined storage unit when an encrypted attached file is attached to the received email acquired by the email acquisition unit; ,
Request mail providing means for providing a password request mail for requesting provision of a password for decrypting the attached file to the information processing apparatus when the received electronic mail is stored in the storage means by the mail storage means;
In response to the password request mail provided through the request mail providing means, a password obtaining means for obtaining a password from a password notification mail provided from the information processing apparatus;
Decryption means for decrypting the attached file of the received e-mail stored in the storage means, using the password acquired through the password acquisition means;
Check means for checking a computer virus or the like for the attached file decrypted by the decryption means;
A mail providing means for providing the information processing apparatus with the received electronic mail attached to the attached file and stored in the storage means when the checking means confirms that there is no problem. ,
The information processing apparatus includes:
A mail acquisition request providing means for forming the mail acquisition request and providing it to the mail monitoring device;
A notification mail providing means for forming the password notification mail for notifying a password and providing it to the mail monitoring apparatus when receiving the provision of the password request mail for requesting provision of a password from the mail monitoring apparatus;
An email monitoring system comprising: an email usage unit that accepts the received email to which the attached file provided from the email monitoring device is attached and makes the attached file available. In response to a mail acquisition request from the information processing apparatus, mail acquisition means for acquiring a received e-mail addressed to a user of the information processing apparatus from a predetermined mail server apparatus;
A mail storage unit that stores the received email attached with the attached file in a predetermined storage unit when an encrypted attached file is attached to the received email acquired by the email acquisition unit; ,
Request mail providing means for providing a password request mail for requesting provision of a password for decrypting the attached file to the information processing apparatus when the received electronic mail is stored in the storage means by the mail storage means;
In response to the password request mail provided through the request mail providing means, a password obtaining means for obtaining a password from a password notification mail provided from the information processing apparatus;
Decryption means for decrypting the attached file of the received e-mail stored in the storage means, using the password acquired through the password acquisition means;
Check means for checking a computer virus or the like for the attached file decrypted by the decryption means;
A mail providing unit that provides the information processing apparatus with the received electronic mail attached to the attached file and stored in the storage unit when the checking unit has confirmed that there is no problem. A mail monitoring device characterized by that. The mail monitoring device according to claim 2,
In the checking means, when it is confirmed that there is a problem, a deletion means for deleting the received e-mail attached to the attached file and stored in the storage means from the storage means;
A mail monitoring apparatus comprising: deletion notification means for notifying the information processing apparatus that the received electronic mail has been deleted when the received electronic mail is deleted by the deleting means. The mail monitoring device according to claim 2,
The password notification email provided from the information processing device is intended for the sender of the received email to which the attached file is attached,
The mail monitoring device, wherein the password acquisition unit processes the password notification mail so as not to be transmitted to the destination. A mail monitoring program that is executed by a computer installed in the mail monitoring device of a mail monitoring system comprising a mail monitoring device and an information processing device that receives an email through the mail monitoring device,
In response to a mail acquisition request from the information processing apparatus, a mail acquisition unit acquires a received e-mail addressed to a user of the information processing apparatus from a predetermined mail server apparatus; and
When an encrypted attached file is attached to the received e-mail acquired in the e-mail acquisition step, a mail storage unit stores the received e-mail with the attached file attached in a predetermined storage unit A mail storage step;
In the mail storing step, when the received e-mail is stored in the storage unit, the request mail providing unit provides the information processing apparatus with a password request mail for requesting provision of a password for decrypting the attached file. A request mail providing step;
A password acquisition step for acquiring a password from a password notification email provided from the information processing device in response to the password request email provided in the request email providing step;
A decryption step of decrypting the attached file of the received e-mail stored in the storage unit by a decryption unit using the password acquired in the password acquisition step;
A check step in which the checking means performs a check on a computer virus or the like for the attached file decrypted in the decryption step;
In the checking step, when it can be confirmed that there is no problem, the mail providing means attaches the attached file and stores the received electronic mail stored in the storage means to the information processing apparatus. A mail monitoring program characterized by executing the providing step.

Images