manualshive.com logo in svg

F-SECURE Internet Gatekeeper, Administrator'S Manual

F-SECURE Internet Gatekeeper is a robust cybersecurity solution to safeguard your network. Enhance your system's protection with our comprehensive Administrator's Manual. Download this indispensable manual for free, exclusively from our website, to effectively leverage the product's advanced features. Protect your network today with F-SECURE Internet Gatekeeper.

Share
Download
background image

CHAPTER 6

 

203

Administering F-Secure Anti-Virus for Internet Mail

Figure 6-18  Inbound Mail statistics in F-Secure Internet Gatekeeper Web 
Console 

Summary of Contents for Internet Gatekeeper

Page 1: ...F Secure Internet Gatekeeper Windows 2000 2003 Server Administrator s Guide ...

Page 2: ...ed or transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2006 F Secure Corporation All rights reserved Portions Copyright 1991 2005 Kaspersky Lab This product includes software developed by the Apache Software Foundation http www apache org Copyright 2000 2005 The Apache Software Foundation ...

Page 3: ...s for Internet Mail 19 1 2 3 F Secure Content Scanner Server 21 1 3 Features 21 1 4 F Secure Anti Virus Mail Server and Gateway Products 24 Chapter 2 Deployment 26 2 1 Overview 27 2 2 Network Requirements 28 2 3 Deployment Scenarios 29 2 3 1 F Secure Anti Virus for Internet Gateways 29 2 3 2 F Secure Anti Virus for Internet Mail 34 Chapter 3 Installation 42 3 1 Recommended System Requirements 43 3...

Page 4: ...Using F Secure Policy Manager 79 4 2 1 F Secure Anti Virus for Internet Gateways Settings 80 4 2 2 F Secure Anti Virus for Internet Mail Settings 80 4 2 3 F Secure Content Scanner Server Settings 80 4 2 4 F Secure Management Agent Settings 81 4 2 5 Changing Settings That Have Been Modified During Installation or Upgrade 81 4 3 Using F Secure Internet Gatekeeper Web Console 82 4 3 1 Logging in the ...

Page 5: ...6 Administering F Secure Anti Virus for Internet Mail 140 6 1 Overview SMTP Scanning 141 6 2 Configuring F Secure Anti Virus for Internet Mail 142 6 2 1 SMTP Settings 143 6 2 2 SMTP Connections 146 6 2 3 Content Scanner Servers 149 6 2 4 Quarantine 151 6 2 5 Spooling 158 6 2 6 Logging 162 6 2 7 Intranet Hosts 164 6 3 Configuring SMTP Traffic Scanning 166 6 3 1 Inbound and Outbound Traffic 166 6 3 ...

Page 6: ...tatistics 226 7 4 1 Configuring Virus Statistics 226 7 4 2 Viewing Virus and Spam Statistics with F Secure Internet Gatekeeper Web Console227 7 4 3 Viewing Virus and Spam Statistics with F Secure Policy Manager Console 235 7 5 Monitoring Logs 239 7 5 1 Logfile log 239 Chapter 8 Administering F Secure Spam Control 240 8 1 Introduction 241 8 2 Spam Control Settings 242 8 3 Realtime Blackhole List Co...

Page 7: ...ty and Performance 275 11 1 Introduction 276 11 2 Optimizing Security 276 11 2 1 Virus Scanning 276 11 2 2 Access Control 277 11 2 3 Data Trickling 277 11 3 Optimizing Performance 277 11 3 1 Virus Scanning 277 Chapter 12 Updating Virus and Spam Definition Databases 280 12 1 Overview 281 12 2 Automatic Updates 281 12 3 Configuring Automatic Updates 282 12 3 1 Summary 283 12 3 2 Automatic Updates 28...

Page 8: ...break Notification Messages 299 Appendix B Specifying Hosts 300 B 1 Introduction 301 B 2 Domain 301 B 3 Subnet 301 B 4 IP Address 302 B 5 Hostname 302 Appendix C Access Log Variables 304 C 1 List of Access Log Variables 305 Appendix D Mail Log Variables 309 D 1 List of Mail Log Variables 310 Appendix E Configuring Mail Servers 312 E 1 Configuring the Network 313 E 2 Configuring Mail Servers 314 E ...

Page 9: ...ng Up Network Load Balancing Services 340 F 5 Deployment Scenarios for Environments with Multiple Sub domains 349 F 5 1 Scenario 1 F Secure Anti Virus for Internet Mail as an Upstream Mail Transfer Agent 349 F 5 2 Scenario 2 F Secure Anti Virus for Internet Mail as Interim Mail Transfer Agent 352 F 5 3 Scenario 3 F Secure Anti Virus for Internet Mail for each Sub domain 356 Appendix G Services and...

Page 10: ...10 ABOUT THIS GUIDE How This Guide is Organized 11 Conventions Used in F Secure Guides 13 ...

Page 11: ...us for Internet Gateways Instructions on how to configure F Secure Anti Virus for Internet Gateways general settings before you start using it It also contains instructions how to configure HTTP and FTP over HTTP scanning and to use access control to allow and deny access to specified sites on the Internet Chapter 6 Administering F Secure Anti Virus for Internet Mail Instructions on how to configu...

Page 12: ...ng Hosts Instructions on how to specify hosts in F Secure Anti Virus for Internet Gateways Appendix C Access Log Variables Lists variables that can be used in the access log Appendix D Mail Log Variables Lists variables that can be used in the F Secure Anti Virus for Internet Mail mail log Appendix E Configuring Mail Servers Instructions on how to configure mail servers to work with F Secure Inter...

Page 13: ...cs black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a situation with a risk of irreversible destruction to data IMPORTANT An exclamation mark provides important information that you need to consider REFERENCE A book refers you to related information on the...

Page 14: ...e used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F Secure at http www f secure com for documentation training courses downloads and service and support contacts In our constant attempts to improve our documentation we would welcome your feedback If y...

Page 15: ...15 1 INTRODUCTION Overview 16 How the Product Works 17 Features 21 F Secure Anti Virus Mail Server and Gateway Products 24 ...

Page 16: ...ure Anti Virus Mail Server and Gateway products are designed to protect your company s mail and groupware servers and to shield the company network from any malicious code that travels in HTTP FTP over HTTP or SMTP traffic The protection can be implemented on the gateway level to screen all incoming and outgoing e mail SMTP web surfing HTTP and file transfer FTP over HTTP traffic Furthermore it ca...

Page 17: ...F Secure Anti Virus for Internet Gateways is an HTTP proxy server which acts as a gateway between the corporate network and the Internet If a client computer requests a file from a Web server it asks the proxy server to retrieve the file instead of downloading it directly from the Internet F Secure Anti Virus for Internet Gateways processes the request to make sure that the content does not contai...

Page 18: ...lowing Deny access to specified Web sites Block files by content types filenames and extensions Block files that exceed a specified file size Scan files by content types filenames and extensions and Automatically disinfect or drop the infected content If F Secure Anti Virus for Internet Gateways finds disallowed or malicious content it denies access to the file and shows a warning message to the e...

Page 19: ... attachments can be stripped from e mail messages by their filenames or extensions and messages that contain malformed or suspicious headers can be blocked After F Secure Anti Virus for Internet Mail has checked e mail messages for disallowed content it scans the mail message body and attachments for viruses and other malicious code Virus and Spam Outbreak Detection Massive spam and virus outbreak...

Page 20: ...us for Internet Mail finds an infected attachment or other malicious content it can do any of the following Block the whole e mail message Strip the infected attachment Send a customizable virus warning message to the sender recipient or both or Place the infected attachment to the quarantine for further processing ...

Page 21: ... Secure Internet Gatekeeper has found Powerful and Always Up to date F Secure Internet Gatekeeper uses the award winning F Secure Anti Virus scanners to ensure the highest possible detection rate and disinfection capability The daily virus definition database updates provide a protection that is always up to date F Secure Internet Gatekeeper uses the threat detection engine to detect possible viru...

Page 22: ...osts Superior detection rate with multiple scanning engines Unparalleled malicious code detection and disinfection F Secure Internet Gatekeeper detects all known viruses worms and Trojans including Java and ActiveX viruses Heuristic scanning detects also unknown Windows and macro viruses Recursive scanning of ARJ BZ2 CAB GZ JAR LZH MSI RAR TAR TGZ Z and ZIP archive files Automatic daily virus defi...

Page 23: ... configure Can be administered centrally with F Secure Policy Manager Can be monitored with the convenient F Secure Internet Gatekeeper Web Console Contains new quarantine management features you can manage and search quarantined content with the F Secure Internet Gatekeeper Web Console Protection against Spam Possible spam messages are transparently detected before they become widespread Efficien...

Page 24: ...es transparently and scans files in the Exchange Server Information Store in real time Manual and scheduled scanning of user mailboxes and Public Folders is also supported F Secure Anti Virus for MIMEsweeper provides a powerful anti virus scanning solution that tightly integrates with Clearswift MIMEsweeper for SMTP and MIMEsweeper for Web products F Secure provides top class anti virus software w...

Page 25: ... the installation and configuration of the product F Secure Messaging Security Gateway delivers the industry s most complete and effective security for e mail It combines a robust enterprise class messaging platform with perimeter security antispam antivirus secure messaging and outbound content security capabilities in an easy to deploy hardened appliance ...

Page 26: ...26 2 DEPLOYMENT Overview 27 Deployment Scenarios 29 ...

Page 27: ...cure Internet Gatekeeper in the corporate network use the one that best fits your needs and your own network design strategy Although the scenarios are given separately for web traffic and e mail scanning components you can install them to the same host if required To determine which option is the most suitable consider your existing network configuration and estimate the peak and mean loads that ...

Page 28: ...Content Scanner Server ProgramFiles F Secure Content Scanner Server fsavsd exe 18971 TCP 1024 65536 TCP only with F Secure Anti Virus for Internet Mail on a separate host DNS 53 UDP TCP HTTP 80 or other known port used for HTTP proxy F Secure Internet Gatekeeper Web Console ProgramFiles F Secure Web User Interface bin fswebuid exe 25023 DNS 53 UDP and TCP 1433 TCP only with the dedicated SQL serve...

Page 29: ...different deployment scenarios for F Secure Anti Virus for Internet Gateways Scenario 1 On a Dedicated Machine Figure 2 1 F Secure Anti Virus for Internet Gateways deployed on a dedicated machine Advantages Simple to set up Disadvantages End users have to change the proxy settings of their web browsers Configuration on End User Workstations Specify F Secure Anti Virus for Internet Gateways as HTTP...

Page 30: ...onfiguration No changes are required Scenario 2 As a Downstream Proxy Figure 2 2 F Secure Anti Virus for Internet Gateways deployed as a downstream proxy Advantages End users do not have to change the proxy settings of their web browsers Configuration on End User Workstations The proxy settings in web browers do not have to be changed if the existing proxy server is defined as a DNS name for examp...

Page 31: ... more information see Proxy Chaining 98 HTTP Proxy or Cache Server Configuration Configure the HTTP proxy or cache server to accept incoming requests only from F Secure Anti Virus for Internet Gateways Firewall Configuration No changes are required if the firewall is configured to accept HTTP and HTTPS requests from the existing HTTP proxy or cache server DNS Configuration Reassign existing HTTP p...

Page 32: ...re is a risk of malicious code getting to the cache server and HTTP clients accessing it there Configuration on End User Workstations Web browser proxy settings do not have to be changed F Secure Anti Virus for Internet Gateways Configuration Define the existing HTTP proxy or cache server in the list of hosts which are allowed to connect to F Secure Anti Virus for Internet Gateways For more inform...

Page 33: ...ternet Gateways DNS Configuration No changes are required Scenario 4 Transparent Deployment with a Firewall or a Router Figure 2 4 F Secure Anti Virus for Internet Gateways deployed transparently with a firewall or a router Advantages End users do not have to change the proxy settings of their web browsers Disadvantages An internal firewall is needed Upstream and downstream proxies can be installe...

Page 34: ...sts which are allowed to connect to F Secure Anti Virus for Internet Gateways For more information see Connections to F Secure Anti Virus for Internet Gateways 123 Internal Firewall or Router Configuration Forward HTTP requests to F Secure Anti Virus for Internet Gateways Firewall Configuration Allow HTTP and HTTPS requests only from F Secure Anti Virus for Internet Gateways DNS Configuration No c...

Page 35: ...mails are scanned The overall performance is better as the virus scanning is performed on a dedicated machine Disadvantages The network configuration has to be changed DNS Configuration If the mail server has a DNS name for example smtp example com which is used for SMTP the name should be reassigned to the host which runs F Secure Anti Virus for Internet Mail Firewall Configuration Route all inco...

Page 36: ...ntranet Hosts list are treated as outbound For more information see Intranet Hosts 164 Specify the existing mail server address as the inbound and outbound mail server for F Secure Anti Virus for Internet Mail For more information see Mail Delivery 187 Enable and configure the verify recipients feature in F Secure Anti Virus for Internet Mail For more information see Receiving 166 Specify the maxi...

Page 37: ...an additional server E mail clients DNS and firewall configurations do not have to be changed Disadvantages This type of deployment may cause extra load on the server The mail server port needs to be changed and in some cases this may cause interoperability problems DNS and Firewall Configuration No changes are required only the mail server configuration has to be changed Configuration on End User...

Page 38: ...ation see Intranet Hosts 164 Specify localhost and the new port number of the mail server as the inbound and outbound mail server for F Secure Anti Virus for Internet Mail For more information see Mail Delivery 187 Enable and configure the verify recipients feature in F Secure Anti Virus for Internet Mail For more information see Receiving 166 Specify the maximum message size that F Secure Anti Vi...

Page 39: ...xternal mail server F Secure Anti Virus for Internet Mail Configuration Configure F Secure Anti Virus for Internet Mail to send inbound mails to the internal mail server For more information see Mail Delivery 187 Add end user workstations and the internal mail server to the list of the Intranet Hosts All e mails that come from intranet hosts are treated as outbound For more information see Intrane...

Page 40: ...n of F Secure Anti Virus for Internet Mail deployed with centralized quarantine management SQL Server Used for the Centralized Quarantine Database There is a common SQL server where the quarantine database is located The SQL server can be installed on a dedicated server or on one of the servers running F Secure Internet Gatekeeper ...

Page 41: ...rantine configuration for all F Secure Internet Gatekeeper instances Advanced Deployment Scenarios in Environments with Multiple Sub domains For information on advanced deployment scenarios see Deployment Scenarios for Environments with Multiple Sub domains 349 The quarantine database settings can be changed through the Web Console only When using the centralized quarantine management make sure th...

Page 42: ...LLATION Recommended System Requirements 43 Centrally Administered or Stand alone Installation 47 Installation Instructions 50 After the Installation 69 Upgrading F Secure Internet Gatekeeper 72 Uninstallation 77 ...

Page 43: ...03 Standard Edition with latest service pack Microsoft Windows Server 2003 Enterprise Edition with latest service pack Microsoft Windows Server 2003 R2 Standard Edition Microsoft Windows Server 2003 R2 Enterprise Edition Windows 2003 Server 64 bit Family Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Enterprise x64 Edition For Microsoft Windows Server 2003 Service...

Page 44: ...e for processing 10 GB or more Network 100Mbps Fast Ethernet NIC switched network connection SQL server for quarantine database Microsoft SQL Server 2000 Enterprise Standard or Workgroup edition with Service Pack 4 Microsoft SQL Server 2005 Microsoft SQL Server 2000 Desktop Engine MSDE with Service Pack 4 For more information see Which SQL Server to Use for the Quarantine Database 45 When centrali...

Page 45: ...atabase size is limited to 2 GB MSDE includes a concurrent workload governor that limits the scalability of MSDE For more information see http msdn microsoft com library url library en us architec 8_ar_sa2_0ciq asp frame true It is not recommended to use MSDE if you are planning to use centralized quarantine management with multiple F Secure Internet Gatekeeper installations The system requirement...

Page 46: ...rantine database should be configured to use Mixed Mode authentication 3 1 2 Web Browser Software Requirements In order to administer the product with F Secure Internet Gatekeeper Web Console one of the following web browsers is required Microsoft Internet Explorer 6 0 or later Netscape Communicator 7 1 or later Mozilla 1 2 or later Mozilla Firefox 1 5 or later Opera 7 2 or later Konqueror 2 1 or ...

Page 47: ...any potentially conflicting products such as anti virus file encryption and disk encryption software that employ low level device drivers Close all Windows applications before starting the installation 3 2 1 Installation Overview for Centrally Administered Installation If you want to administer F Secure Internet Gatekeeper centrally start by installing F Secure Policy Manager if it is not already ...

Page 48: ...see the chapter Installing F Secure Policy Manager Console in F Secure Policy Manager Administrator s Guide For instructions on how to create the policy domain see section Managing Domains and Hosts in F Secure Policy Manager Administrator s Guide 4 Install F Secure Internet Gatekeeper For the installation instructions go to Installation Instructions 50 5 Import the product MIB file to F Secure Po...

Page 49: ...nstalled in stand alone mode some of the screens included in these installation instructions will not be displayed 2 Check and configure settings for F Secure Content Scanner Server F Secure Anti Virus for Internet Mail F Secure Anti Virus for Internet Gateways and F Secure Management Agent For more information see Configuring the Product 70 3 Make sure the virus and spam definition databases are ...

Page 50: ...administration mode you are going to use The administration modes are explained in Centrally Administered or Stand alone Installation 47 Step 1 Download and execute the installation package If you have the F Secure CD insert it in your CD ROM drive and select F Secure Internet Gatekeeper from the Install Software menu Step 2 Read the information in the Welcome screen and click Next to continue ...

Page 51: ...CHAPTER3 51 Installation Step 3 Read the License Agreement If you accept the agreement select the I accept this agreement check box and click Next to continue ...

Page 52: ...52 Step 4 Enter the product keycode and click Next to continue If you are installing the evaluation version this screen is not displayed ...

Page 53: ...e may vary depending on the keycode you entered in the previous step Select the components to install and click Next to continue If you are installing only F Secure Anti Virus for Internet Gateways or F Secure Anti Virus for Internet Mail some of the following installation steps are skipped ...

Page 54: ...54 Step 6 Select the destination folder where you want to install F Secure Internet Gatekeeper components Click Next to continue ...

Page 55: ... Centralized administration through network to use F Secure Policy Manager Console to remotely manage all F Secure Internet Gatekeeper components For more information see Basics of Using F Secure Internet Gatekeeper 78 If you want to manage F Secure Internet Gatekeeper locally select Stand alone installation Click Next to continue ...

Page 56: ...56 Step 8 Enter the path or click Browse to locate the management key This is the key that you created during the F Secure Policy Manager Console Setup Click Next to continue ...

Page 57: ...ER3 57 Installation Step 9 Select the network communication method If you are using F Secure Policy Manager to manage F Secure Internet Gatekeeper select F Secure Policy Manager Server Click Next to continue ...

Page 58: ...58 Step 10 Enter the IP address of the F Secure Policy Manager Server Click Next to continue ...

Page 59: ...r The administration port is used because the Setup program needs to upload new MIB files to F Secure Policy Manager Server Click Next to continue If the product MIB files cannot be uploaded to F Secure Policy Manager Server during installation you can import them manually For more information see Importing Product MIB files to F Secure Policy Manager Console 69 ...

Page 60: ... select the default option Local quarantine management If you have multiple installations and you want to manage quarantined e mails centrally select Centralized quarantine management Centralized quarantine management can be used also when the product is installed in stand alone mode Centralized quarantine management does not depend on F Secure Policy Manager in any way ...

Page 61: ...f you select this option the MSDE Installation Directory page will be displayed next If you already have Microsoft SQL Server or Microsoft SQL Server Desktop Engine MSDE installed select the second option The Microsoft SQL Server or MSDE can be on the same server with F Secure Internet Gatekeeper or on a separate server The SQL server does not need to be dedicated for F Secure Internet Gatekeeper ...

Page 62: ...ram and data files will be installed Then enter a password for the database server administrator account Do not leave the password empty Re enter the password in the Confirm password field F Secure Internet Gatekeeper will use this account when operating the quarantine database ...

Page 63: ...r where the quarantine database will reside Step 15 If you selected to install Microsoft SQL Server Desktop Engine MSDE in Step 13 61 the Setup installs it now Wait until the installation is complete If there has been a previous installation of MSDE on the same computer and the Setup detects an existing MSDE Data directory that is not empty you will be prompted to remove that directory manually Fo...

Page 64: ...64 Step 16 The setup wizard displays a list of components to be installed Click Start to install the components to your computer ...

Page 65: ...CHAPTER3 65 Installation Step 17 The setup wizard displays the progress of the installation Wait until the installation is ready ...

Page 66: ...66 Step 18 The setup wizard displays the installation result for each component after the installation is completed Click Next to continue ...

Page 67: ...ation Step 19 Click Finish to complete the installation If you were doing an upgrade installation and are prompted to restart your computer select Restart now The new software version will be operational after the restart ...

Page 68: ... after the installation F Secure Spam Control database updates are always downloaded directly from F Secure s update servers even in centrally administered installations The product connects to the threat detection center immediately after the installation If the company firewall blocks the Internet access or the Internet is not reachable for some other reason database update processes may fail Fo...

Page 69: ...een them blocking access to Policy Manager s administrative port 8080 F Secure Policy Manager Server has been configured so that administrative connections from anywhere else than the localhost are blocked This is the default F Secure Policy Manager Server configuration The recommended way is to import the MIBs via F Secure Policy Manager Console s Tools menu The F Secure Internet Gatekeeper MIB J...

Page 70: ... information see SMTP Connections 146 3 Configure the virus scanning to specify the type of traffic you want to scan For mail traffic scanning see Configuring SMTP Traffic Scanning 166 Make sure that you limit users who are allowed to receive e mail messages to the users in the corporate network For more information see Receiving 166 4 Configure mail delivery on the Mail Routing Table For more inf...

Page 71: ...g 107 Make sure that you specify which hosts are allowed to connect to F Secure Anti Virus for Internet Gateways For more information see Connections to F Secure Anti Virus for Internet Gateways 123 F Secure Anti Virus for Internet Gateways should be configured so that it can be accessed only from trusted networks This way it is possible to provide protection against attacks coming from the Intern...

Page 72: ...ts that are installed on the system already the setup suggests upgrading several or all components Select the components you want to upgrade 3 Specify how the inbound mail routing is to be handled The table displays the domain IP address and port number information read from the previous version s configuration see the example in the figure below You can also add a new inbound mail server IMPORTAN...

Page 73: ... other setting defined during the installation needs to be changed later on the setting must be defined as Final in the F Secure Policy Manager Console before distributing the policies This applies only to centrally administered installations Please note that the Final flag is used in a different manner in most of the other F Secure products ...

Page 74: ...domain IP address and port number information read from the previous version s configuration see the example in the figure below You can also add the information for a new outbound mail server Figure 3 2 Outbound Mail Routing Table displayed during F Secure Internet Gatekeeper upgrade ...

Page 75: ...er Servers where F Secure Anti Virus for Internet Mail sends files to be scanned when it cannot connect to primary servers 7 After the components have been upgraded select Restart now to restart the computer immediately Then click Finish to complete the installation The new software is operational after the restart Step 2 Configure the product Configure F Secure Internet Gatekeeper For more inform...

Page 76: ...ee Quarantine 151 Notification settings and messages for virus scanning and stripped and suspicious attachments see Blocking 172 and Virus Scanning 177 Spam Control settings see Spam Control Settings 242 Virus outbreak settings see Virus Outbreak Response 182 The new quarantine management query reprocessing and database options are available only with F Secure Internet Gatekeeper Web Console 3 5 2...

Page 77: ...l F Secure Anti Virus for Internet Gateways F Secure Spam Control if it was installed F Secure Automatic Update Agent if it was installed F Secure Content Scanner Server Microsoft SQL Server Desktop Engine MSDE if it was installed The product checks the license status every 10 minutes The licensed version of the product will be activated the next time the product checks the current license status ...

Page 78: ...78 4 BASICS OF USING F SECURE INTERNET GATEKEEPER Introduction 79 Using F Secure Policy Manager 79 Using F Secure Internet Gatekeeper Web Console 82 ...

Page 79: ...s used to change settings and view statistics of the F Secure Internet Gatekeeper In the centralized administration mode you can open F Secure Internet Gatekeeper components from the Windows Start menu Programs F Secure Policy Manager Console When the Policy Manager Console opens go to the Advanced Mode user interface by selecting View Advanced Mode this step is required in F Secure Policy Manager...

Page 80: ...o define settings for the F Secure Anti Virus for Internet Gateways For detailed descriptions of F Secure Anti Virus for Internet Gateways settings see Configuring F Secure Anti Virus for Internet Gateways 94 For detailed descriptions of HTTP traffic scanning settings see Virus Scanning 107 4 2 2 F Secure Anti Virus for Internet Mail Settings Use the variables under the F Secure Anti Virus for Int...

Page 81: ... during installation or upgrade you need to mark the setting as Final in the restriction editor The settings descriptions in this manual indicate the settings for which you need to use the Final restriction You can also check in F Secure Policy Manager Console whether you need to use the Final restriction for a setting Do the following 1 Select the Policy tab and then select the setting you want t...

Page 82: ...e Policy Manager for this instead 4 3 1 Logging in the F Secure Internet Gatekeeper Web Console for the First Time Before you log in the F Secure Internet Gatekeeper Web Console for the first time check that Java script and cookies are enabled in the browser you use F Secure Internet Gatekeeper web user interface does not support Microsoft Internet Explorer 5 0 or 5 5 Microsoft Internet Explorer u...

Page 83: ...e that will be issued to all local IP addresses and restarts the F Secure Internet Gatekeeper Web Console service to take the certificate into use Wait until the utility completes and the window closes Now you can proceed to logging in Step 2 Log in and install the security certificate 1 Select Programs F Secure Internet Gatekeeper F Secure Internet Gatekeeper Web Console or enter the address of t...

Page 84: ...e Certificate Import Wizard If you are using Internet Explorer 7 in the Place all certificates in the following store selection select the Trusted Root Certification Authorities store If you are using Internet Explorer 6 you are prompted to add the new certificate in the Certificate Root Store when the wizard has completed Click Yes to do so 6 If the Security Alert window is still displayed click ...

Page 85: ...n page opens enter the user name and the password Note that you must have administrator rights to the host Then click Log In Figure 4 1 F Secure Internet Gatekeeper Web Console Login page 8 You will be forwarded to the home page which displays a summary of the system status ...

Page 86: ...erall product status on the Home page The Home page displays a summary of the component statuses and most important statistics From the Home page you can also open the product logs and proceed to configure the product components This section describes the statistics and operations available on the Home page ...

Page 87: ...e Configuring F Secure Anti Virus for Internet Mail 142 Click Show Mail Log to view the mail log F Secure Anti Virus for Internet Gateways The Home page displays the status the F Secure Anti Virus for Internet Gateways as well as a summary of the F Secure Anti Virus for Internet Gateways statistics Click Configure to configure F Secure Anti Virus for Internet Gateways For more information see Conf...

Page 88: ...tatus of F Secure Content Scanner Server Last time virus definition databases updated Shows the date and time when the virus signature databases were last updated Database update version Shows the version of the database update used by the product The version is shown in YYYY MM DD_NN format where YYYY MM DD is the release date of the update and NN is the number of the update for that day Scanned ...

Page 89: ...tus of F Secure Automatic Update Agent Last update check Shows the last date and time when F Secure Automatic Update Agent polled the F Secure Update Server for new updates Next update check Shows the next date and time when F Secure Automatic Update Agent will poll the F Secure Update Server for new updates Status indicator Shows the status of F Secure Management Agent Management method Shows if ...

Page 90: ...an specify settings for connections to the server You can also open the F Secure Internet Gatekeeper Web Console access log from this page Click Show Access Log to view the F Secure Internet Gatekeeper Web Console access log Note that the Web Console access log differs from standard web server access logs as it logs only the first request per session Session timeout Specify the time how long a cli...

Page 91: ...CHAPTER4 91 Basics of Using F Secure Internet Gatekeeper To add a new host in the list click Add to add new a new line in the table and then enter the IP address of the host ...

Page 92: ...ANTI VIRUS FOR INTERNET GATEWAYS Overview HTTP Scanning 93 Configuring F Secure Anti Virus for Internet Gateways 94 Configuring Web Traffic Scanning 107 Monitoring Logs 127 Viewing Statistics 130 Examples of HTTP Notifications 136 ...

Page 93: ...cure Anti Virus for Internet Gateways works properly You should modify the general settings when your network infrastructure changes or when you want to optimize the security or the performance of F Secure Anti Virus for Internet Gateways If you want to configure the virus scanning and access control settings to specify the type of traffic you want to scan and sites you want to deny access see Con...

Page 94: ...em 5 2 1 Network Configuration You can configure the network settings in F Secure Anti Virus for Internet Gateways Settings Network Configuration Binding You can define how F Secure Anti Virus for Internet Gateways listens to requests that come from the end users or down stream proxies from the F Secure Anti Virus for Internet Gateways Settings Network Configuration Binding branch After you have c...

Page 95: ...sers must have this port configured in the web browser proxy settings By default the listen port is 3128 If the product is running on a multi homed host you can also specify the IP address it should listen for incoming requests Enter it before the port number and separate it with a colon Example ip_address port Allow CONNECT ports Specify a list of ports for which the proxy CONNECT method is allow...

Page 96: ...e proxy CONNECT method is used when a web browser requests an HTTPS connection through an HTTP proxy By default the CONNECT method is allowed to port 443 HTTPS port For more detailed information about the proxy CONNECT method see http www kb cert org vuls id 150227 IMPORTANT Traffic that passes through ports that you list in the Allow CONNECT ports field passes through the F Secure Anti Virus for ...

Page 97: ...n responses Keep alive Specify whether persistent connections are allowed or not If you allow persistent connections connections from clients to F Secure Anti Virus for Internet Gateways are not automatically closed after each request For more information how to optimize Keep alive settings see Optimizing Performance 277 Keep alive timeout Specify how long F Secure Anti Virus for Internet Gateways...

Page 98: ...er performance Max connections per host Specify the maximum number of simultaneous connections that F Secure Anti Virus for Internet Gateways accepts from a particular host Should there be more incoming connections from this host than the specified value the excess connections will be rejected Zero 0 means no limit If the F Secure Anti Virus for Internet Gateways is chained with a downstream proxy...

Page 99: ...IP addresses subnets hosts and domains A request to a host which matches one or more of these is always served directly without forwarding to the configured remote proxy server For more information see Specifying Hosts 300 Proxy domain Specify the default domain name for the proxied requests If F Secure Anti Virus for Internet Gateways encounters a request to a host without a domain name it genera...

Page 100: ... Gateways unchanged On For each reply and request that passes through F Secure Anti Virus for Internet Gateways via information is appended to the Via header line Full For each reply and request that passes through F Secure Anti Virus for Internet Gateways via information is appended to the Via header line and each generated Via header has the proxy server version shown in the comment field Block ...

Page 101: ...wnload may timeout the web browser if the file is scanned completely before it is sent to the requesting client You can configure the Data Trickling settings from F Secure Anti Virus for Internet Gateways Settings Network Configuration Data Trickling Figure 5 4 Network Configuration Data Trickling settings Data trickling Specify whether you want to use Data Trickling or not For more information ho...

Page 102: ...ned before it has been downloaded to F Secure Gatekeeper completely It may be unsafe to keep the packet size large as potential malware may trickle through byte by byte before it is detected by F Secure Internet Gatekeeper If the trickled data is infected F Secure Anti Virus for Internet Gateways closes the connection immediately ...

Page 103: ...or Internet Gateways Connection timeout Specify the time in seconds that F Secure Anti Virus for Internet Gateways waits for response from F Secure Content Scanner Server before timing out Restore connection interval Specify the time in seconds that F Secure Anti Virus for Internet Gateways waits before attempting to connect to F Secure Content Scanner Server if the previous attempt failed or the ...

Page 104: ...the logging directory in the field Path to the logging directory Specify the logging directory Enter the complete path to the field or click Browse to browse to the path you want to set as the new logging directory WARNING During the setup access rights are adjusted so that only the operating system the product itself and the local administrator can access files in the logging directory If you mak...

Page 105: ... conditions Warning Warning conditions Notice Normal but significant messages Informational Informational messages Debug Debug level messages everything is logged For more information and examples of warning levels see Error Log 128 Access log The access log records all requests processed by the product This setting defines what is to be written in the access log Specify one of the nicknames from ...

Page 106: ... Clear table to clear all except the default Access log format Restoring default log formats deletes all other log formats from the table Rotate logs every Specify how often F Secure Anti Virus for Internet Gateways rotates log files After each rotation interval F Secure Anti Virus for Internet Gateways creates a new log file Keep rotated logs Specify how many rotated logs F Secure Anti Virus for ...

Page 107: ...P and FTP over HTTP should be scanned or blocked and what to do with the infected content 5 3 1 Content Control You can configure the Content Control settings from F Secure Anti Virus for Internet Gateways Settings Content Control Virus Scanning You can select which files F Secure Anti Virus for Internet Gateways should scan from F Secure Anti Virus for Internet Gateways Settings Content Control V...

Page 108: ... Select whether FTP over HTTP traffic should be excluded from virus scanning FTP over HTTP traffic includes all FTP transfers initiated through web browsers when the FTP proxy setting in the browser has been specified It does not include FTP traffic originating from the traditional FTP clients Also Microsoft Internet Explorer s FTP Folder View feature uses regular FTP instead of FTP over HTTP HTTP...

Page 109: ...u want to edit and click Edit Enter a new MIME type to Content type field and filename extensions to the Extension s field and click Add to add the new type to the list A content type includes both the MIME type and the extension If you want to scan a particular MIME type for example application msword specify the extension as If you want to scan certain extensions for example do rtf specify as th...

Page 110: ...infect the infected file If the disinfection succeeds F Secure Anti Virus for Internet Gateways sends the disinfected file to the requesting client instead of the original infected file If the disinfection fails the infected file is dropped and it is not delivered to the requesting client Drop Do not disinfect or deliver infected files All infected files are dropped If the downloaded web content i...

Page 111: ...or Internet Gateways cannot scan Pass Let all files that F Secure Anti Virus for Internet Gateways cannot scan pass through to the requesting client Using this option is not recommended WARNING Letting all files that cannot be scanned to pass through is not recommended as potentially harmful content may pass through ...

Page 112: ...ent types Select the content types to be blocked on the gateway The options available are Disabled Content is not blocked based on the content type All Content Types All content types are blocked Only Included Content Types Only the content types included in the list are blocked All except Excluded content Block all except specified content types Block disallowed content in downloads Specify if th...

Page 113: ... content in both HTTP and FTP over HTTP downloads will be blocked according to content blocking rules Included content types and Excluded content types lists Define the content types which will be blocked if the Block Content Types setting is set to Only Included Content Types which will not be blocked if the Block Content Types setting is set to All except Excluded Content Types For more informat...

Page 114: ...ol File Type Recognition Figure 5 9 Content Control File Type Recognition settings Allow content ranges The HTTP 1 1 protocol allows a client to request only a part a range of the content from the server This can be used to reduce unnecessary network traffic However enabling Allow content ranges poses a security risk as it is possible that malicious code passes through undetected Disabled the prod...

Page 115: ...content types the File Type Recognition analyzes the content which could reveal the real content type to be application octet stream and so the file will be scanned File Type Recognition does not check files that are in archives because this would seriously degrade the system performance 5 3 2 Notifications Set what kind of alerts should be send to end users and administrators from the Notificatio...

Page 116: ...igure 5 10 Notifications settings Send virus alerts to administrator Specify whether the product should send virus warning messages to the administrator if it finds malicious code in the downloaded content Never Virus warning messages are not sent to the administrator If failed to disinfect Send virus warning messages when F Secure Anti Virus for Internet Gateways cannot disinfect the infected con...

Page 117: ...lock warning messages to the administrator if it blocks any downloaded content Disabled Do not send block warning messages Enabled Send a block warning message every time F Secure Anti Virus for Internet Gateways blocks any downloaded content Block warning message Enter the block warning message that is shown to users when they try to download a file that is blocked The warning message should be i...

Page 118: ...le 2 Virus warning message Enter the virus warning message that is shown to users when they try to download a file that contains malicious code The warning message should be in HTML format For more information about the variables you can use in the warning message see HTTP Warning Messages 297 Send scan summary interval Specify how often F Secure Anti Virus for Internet Gateways should send a summ...

Page 119: ...s not cache scanned files it just stores a unique identifier for each file The content is verified with a cryptographic hash function MD5 to ensure that only exactly the same files may pass without scanning that have been scanned before You can change the Scan Result Cache from F Secure Anti Virus for Internet Gateways Settings Content Control Performance Figure 5 11 Performance settings ...

Page 120: ...rnet Gateways uses one thread to serve one HTTP request so the number of threads affects the number of requests that can be served at the same time For more information see Threads Per Child Process 278 Max requests per child Specify the number of individual requests that an individual child process should handle before it expires By default F Secure Anti Virus for Internet Gateways does not have ...

Page 121: ... automatically reset when any F Secure Anti Virus for Internet Gateways or F Secure Content Scanner Server settings are changed or when virus definition databases are updated F Secure Anti Virus for Internet Gateways does not cache scanned files it just stores a unique identifier for each file ...

Page 122: ...ion Figure 5 12 Administration settings Working directory Specify the Working Directory Enter the complete path in the field If the path does not begin with a slash then it is assumed to be relative to the product installation directory WARNING During the setup access rights are adjusted so that only the operating system the product itself and the local administrator can access files in the loggin...

Page 123: ...or Internet Gateways Furthermore you can specify hosts and sites which are never scanned for viruses and sites which the users are not allowed to access Connections to F Secure Anti Virus for Internet Gateways You can specify which hosts are allowed to connect to F Secure Anti Virus for Internet Gateways from F Secure Anti Virus for Internet Gateways Settings Access Control ...

Page 124: ...tions or to deny specific hosts from connecting and allow all other connections Allow Deny By default the access is denied F Secure Anti Virus for Internet Gateways accepts connections only from hosts that are specified in the Allowed hosts table and not specified in the Denied hosts table Deny Allow By default the access is allowed F Secure Anti Virus for Internet Gateways denies connections only...

Page 125: ...e information see Specifying Hosts 300 Denied hosts Specify hosts and subnets that cannot connect to F Secure Anti Virus for Internet Gateways For more information see Specifying Hosts 300 By default only the localhost is allowed to connect to F Secure Anti Virus for Internet Gateways This means that users cannot access the Internet through F Secure Anti Virus for Internet Gateways before their co...

Page 126: ...osts 300 Trusted sites The content of trusted sites is never scanned for viruses and downloads from trusted sites are never blocked Click Add to add a new trusted site in the table To modify an existing site select the corresponding row and click Edit Trusted hosts Specify hosts from which requests are never scanned for viruses and downloads are not blocked Trusted sites Specify sites the content ...

Page 127: ...error messages Access Log logs HTTP requests that have passed through F Secure Anti Virus for Internet Gateways For more information see Logging 104 F Secure Management Agent maintains a log called Logfile log that contains all alerts generated by F Secure components installed on the host Banned sites Specify the sites which cannot be contacted Sites are always blocked based on their IP address al...

Page 128: ...setting You can open the error log from the F Secure Internet Gatekeeper Web Console by selecting the Anti Virus for Internet Gateways tab and clicking the Show Error Log button Level Examples Emergency Lost connections Alert Running out of disk space Critical System exceptions Error Client access denied Out of memory Warning Closing connections because service is stopping passing through unsafe c...

Page 129: ...F Secure Internet Gatekeeper Web Console by selecting the Anti Virus for Internet Gateways tab and clicking the Show Access Log button For more information on the Logging settings see Logging 104 5 4 3 Logfile log Logfile log is maintained by F Secure Management Agent and it contains all the alerts generated by F Secure components installed on the host Logfile log can be found on all hosts running...

Page 130: ...s installed in centralized administration mode For instructions on how to log in the F Secure Internet Gatekeeper Web Console see Logging in the F Secure Internet Gatekeeper Web Console for the First Time 82 5 5 1 Viewing HTTP Scanning Statistics with F Secure Internet Gatekeeper Web Console In F Secure Internet Gatekeeper Web Console the statistics are displayed on the Summary and Content Control...

Page 131: ... statistics the number of scanned files the last virus found and the last time a virus was found Figure 5 15 HTTP scanning statistics in F Secure Internet Gatekeeper Web Console Status Status Displays whether F Secure Anti Virus for Internet Gateways is currently running or not Start time Displays the date and time when F Secure Anti Virus for Internet Gateways was started ...

Page 132: ...number of infected files that have been found Blocked files Displays the total number of files that have been blocked Disinfected files Displays the total number of files that have been disinfected Last time infection found Displays the date and time the last virus was found in web downloads Last infection found Displays the name of the last virus that was found in web downloads You can use the Ex...

Page 133: ...of files and kilobytes processed and the number of blocked infected and disinfected files Figure 5 16 Content Control statistics in F Secure Internet Gatekeeper Web Console Processed files Displays the total number of files that have been scanned Size of processed files Displays the total number of kilobytes that have been scanned Infected files Displays the total number of infected files that hav...

Page 134: ...ey have been delivered to the requesting client Disinfected files Displays the total number of infected files that have been disinfected Last time infection found Displays the date and time the last virus was found Last infection found Displays the name of the last virus that was found ...

Page 135: ...F Secure Policy Manager Console select the Status tab in the Properties pane and then select the F Secure Anti Virus for Internet Gateways Statistics Status and F Secure Anti Virus for Internet Gateways Statistics Processing branches Figure 5 17 F Secure Anti Virus for Internet Gateways statistics in F Secure Policy Manager For explanations for the statistics see Summary 131 and Content Control 13...

Page 136: ...ssages in the Notifications page For more information see Notifications 115 Copy all images and other page elements that you want to use to the htdocs directory located under the F Secure Anti Virus for Internet Gateways installation directory For more information about variables that you can include in warning messages see Warning Messages 296 You can also edit the warning messages with any web p...

Page 137: ...F Secure Anti Virus for Internet Gateways 5 6 1 Virus Warning Message The virus warning message is displayed to users when they try to download a file that contains malicious code Figure 5 18 An example of a virus warning message ...

Page 138: ...138 5 6 2 Block Warning Message The block warning message is displayed to users when they try to download a file that has been blocked Figure 5 19 An example of a block warning message ...

Page 139: ...i Virus for Internet Gateways 5 6 3 Banned Site Warning Message The banned site warning message is displayed to users when they try to access a site which they are not allowed to access Figure 5 20 An example of a banned site warning message ...

Page 140: ...INISTERING F SECURE ANTI VIRUS FOR INTERNET MAIL Overview SMTP Scanning 141 Configuring F Secure Anti Virus for Internet Mail 142 Configuring SMTP Traffic Scanning 166 Monitoring Logs 195 Viewing Statistics 199 ...

Page 141: ...d SMTP server for further processing and delivery Change the F Secure Anti Virus for Internet Mail settings to set up the e mail quarantine spool and logging directories connection settings alerting and intranet hosts For information how to change SMTP scanning settings see Configuring SMTP Traffic Scanning 166 In centrally managed mode you can open F Secure Anti Virus for Internet Mail components...

Page 142: ...nner settings also have an effect on how the SMTP traffic is scanned The default settings apply in most system configurations but it might be a good idea to check that they are valid for your system After you have configured F Secure Anti Virus for Internet Mail you can use the Export Settings functionality on the F Secure Internet Gatekeeper Web Console Home page to get a full list of the modifie...

Page 143: ... addresses that F Secure Anti Virus for Internet Mail should listen to for incoming connections Separate each address with a comma or a space You can leave the field empty if you want the agent to listen to connections from any address Leave this field empty if you have only one network card in use IMPORTANT This setting must be defined as Final with the Restriction Editor before the policies are ...

Page 144: ...Secure Anti Virus for Internet Mail and the mail server are installed on the same host they must use different port numbers for incoming SMTP connections In these cases F Secure Anti Virus for Internet Mail should listen to port 25 IMPORTANT This setting must be defined as Final with the Restriction Editor before the policies are distributed Otherwise the setting will not be changed in the product...

Page 145: ...added to the received header field of the messages which are scanned Select No to add the following received field to the header Received from xxx xxx xxx xxx xxxx EHLO mail example com by fsavim example com xxx xxx xxx xxx 25 F Secure Anti Virus for Internet Mail Version number with SMTP Tue 23 Mar 2007 15 14 19 0000 Select Yes to add the following received field to the header Received from xxx x...

Page 146: ...when sending bounce and non delivery notification messages This address will be visible to the receiver of the notification message as the sender of the e mail If left empty default the address set in Agent Sender Address will be used instead Both the sender name and address may be specified Examples first name last name user example com user example com user example com If only the e mail address...

Page 147: ...eous connections that are accepted from a particular host The excess connections are temporarily rejected If there is only one mail server in use in the company network use a high value for this setting If the value is specified as zero 0 there can be an unlimited number of simultaneous connections Accept connections Define how a new connection is accepted Only Allowed Hosts the product accepts in...

Page 148: ...172 16 4 4 172 16 1 172 16 4 10 110 100 120 1 240 For more information see Specifying Hosts 300 You can import a list of host addresses to the Allowed Hosts and Denied Hosts tables from a CSV file When creating the CSV file enter one host address or address range per line If you want to include a comment for an address separate it with a delimiter character for example a semi colon When importing ...

Page 149: ... F Secure Anti Virus for Internet Mail Settings Common Content Scanner Servers Figure 6 3 Common Content Scanner Servers settings Addresses Primary servers Specify the F Secure Content Scanner Servers where files are sent for scanning If more than one server is specified F Secure Anti Virus for Internet Mail uses load sharing between them A local F Secure Content Scanner Server installation is rec...

Page 150: ...ies are distributed Otherwise the setting will not be changed in the product Connection timeout Specify how long F Secure Anti Virus for Internet Mail waits for a response from F Secure Content Scanner Server before timing out Restore connection interval Specify the time interval after which F Secure Anti Virus for Internet Mail attempts to connect to F Secure Content Scanner Server in case the pr...

Page 151: ...antine related settings are configured through F Secure Policy Manager and the quarantined files are managed through F Secure Internet Gatekeeper Web Console Enabled Data is transferred via local temporary files and or shared memory which provides the best performance possible Disabled Data is transferred via data stream sockets If the Local Interaction Mode setting has been changed F Secure Anti ...

Page 152: ...ent as separate files into the Quarantine Storage a directory specified in the Quarantine settings and inserts an entry to the Quarantine Database with information about the quarantined content For more information see Quarantine Management 258 With the Quarantine settings you can specify the directory where blocked e mails attachments and suspicious files should be placed and how long they should...

Page 153: ...ti Virus for Internet Mail For information on how to manage and search quarantined content see Quarantine Management 258 Figure 6 5 Common Quarantine settings that are used for configuring the quarantining in centrally managed environments ...

Page 154: ...154 Figure 6 6 Quarantine Options settings in the Web Console that are used for configuring the quarantining in stand alone installations ...

Page 155: ... distributed Otherwise the setting will not be changed in the product Retain items in quarantine Specify how long quarantined items should be retained in the quarantine before they are deleted Use the Quarantine Cleanup Exceptions table to change the retention period for a particular quarantine category Delete old items every Specify how often the storage should be cleaned of old quarantined items...

Page 156: ... interval for the selected quarantine category Quarantine size threshold Specify the critical size in megabytes of the quarantine folder If the specified value is reached the product sends an alert The default value is 200 If zero 0 is specified the size of the quarantine is not checked The allowed value range is from 0 to 10240 Quarantined items threshold Specify the critical number of items in t...

Page 157: ...No alert is sent if both thresholds are set to zero 0 The options available are Send informational alert Send warning alert Send error alert Send security alert Quarantine worms Specify whether the product should quarantine files infected with mass worms or mail viruses such as Sobig or Bagle Quarantine problematic messages Specify if messages that contain malformed or broken attachments should be...

Page 158: ...e if the message is retained in the quarantine after the maximum attempts Final Action on Unsafe Messages Specify the action to unsafe messages after the maximum number of reprocesses have been attepted Leave in Quarantine Leave messages in the quarantine and process them manually Release to Intended Recipients Release messages from the quarantine and send them to original recipients Quarantine lo...

Page 159: ...ake sure that the spool directory is on a local hard disk to ensure the best possible performance of F Secure Anti Virus for Internet Mail WARNING During the setup access rights are adjusted so that only the operating system the product itself and the local administrator can access files in the spool directory If you make changes to the logging directory settings make sure that the new spool direc...

Page 160: ...n the messages are scanned and sent at once Low spool warning threshold Specify the amount of free disk space in megabytes that the disk where the Spool Directory is should have The default value is 500 megabytes If the available free disk space drops below the specified value The Low spool warning alert is sent to the administrator Low spool error interval Specify the minimum amount of free disk ...

Page 161: ...r Notify when mails in spool above threshold Specify whether an alert is sent to the administrator when the total number of mails in the spool exceeds the threshold specified in the Total Number of Spooled Mails Threshold setting The options available are Disabled Send Informational Alert Send Warning Alert Send Security Alert Send Error Alert and Send Fatal Error Alert Total number of spooled mai...

Page 162: ... keep log of all the e mails that pass through it The Logging settings are located under the F Secure Anti Virus for Internet Mail Settings Common Logging branch For more information on the content of the Mail Log see Monitoring Logs 195 Figure 6 8 Common Logging settings ...

Page 163: ...gging Directory If you make changes to the Logging Directory settings make sure that the new Logging Directory has the same rights Logging type Specify how F Secure Anti Virus for Internet Mail creates log files The Logging Type setting also defines the file names of log files One Logfile Create one big log file where all the information is written The name of the log file is mail log Note that th...

Page 164: ... from hosts outside of your network are considered inbound mail Scanning settings for these e mail messages are under the Inbound branch The Intranet Hosts table is located under F Secure Anti Virus for Internet Mail Settings Common Intranet Hosts Weekly Logfile Create a new log file every week Names for weekly log files are generated as follows mail year w week log where year is the current year ...

Page 165: ...he following entries are valid 172 16 4 4 172 16 1 172 16 4 0 16 172 16 250 255 For more information see Specifying Hosts 300 You can import a list of host addresses to the Intranet Hosts table from a CSV file When creating the CSV file enter one host address or address range per line If you want to include a comment for an address separate it with a delimiter character for example a semi colon Wh...

Page 166: ...tion in both the Inbound Mail and Outbound Mail branches An exception to this is the Spam Control feature which exists only in the Inbound Mail branch if you have F Secure Spam Control installed 6 3 1 Inbound and Outbound Traffic Use the Intranet Hosts list to define inbound and outbound mail For more information see Intranet Hosts 164 6 3 2 Receiving With the Receiving settings you can define whe...

Page 167: ...s the SMTP reply code 521 which instructs the sending mail server to stop trying to send the message again E mail messages which were accepted before changing this setting are processed normally Reject Temporarily Temporarily reject all messages F Secure Anti Virus for Internet Mail sends the SMTP reply code 421 which instructs the sending mail server to try again later E mail messages which were ...

Page 168: ... and sends them when the connection is restored Max message size Specify the maximum size in kilobytes of the e mail message that the product accepts Set the value to zero 0 to have no limit on the message size It is recommended to use the same Max message size value in F Secure Anti Virus for Internet Mail as in the mail server ...

Page 169: ...sses Denied recipients Specify recipients who are specifically denied from receiving any e mail messages By default F Secure Anti Virus for Internet Mail is set to verify recipients and no Allowed Recipients are listed Specify recipients who are allowed to receive e mail messages to the Allowed recipients table or clear the Verify recipients check box so that e mails can be delivered to recipients...

Page 170: ...ipients per message Verify senders Specify if senders of inbound mail messages are checked against the Allowed Senders and Denied Senders tables on receiving Enabled Inbound mail messages are accepted only if their senders are specified in the Allowed Senders table and NOT specified in the Denied Senders table Otherwise inbound mail messages are rejected Disabled Senders are not verified The produ...

Page 171: ... line If you want to include a comment for an address use a delimiter character for example a semi colon to separate the data to be entered in the different columns Leave the Active field empty as in the example below John Smith example com John Smith s work address Jim Smith example com Jim Smith s work address Denied senders List the e mail addresses from which inbound mail is not accepted This ...

Page 172: ...alog opens you can change the delimiter character by clicking the Options button 6 3 3 Spam Control For information on configuring Spam Control see Administering F Secure Spam Control 240 6 3 4 Blocking You can block attachments with specified file names and or extensions so that they are not delivered to end users Figure 6 11 Inbound Mail Blocking settings ...

Page 173: ... example txt pdf vcf Disallowed attachments Specify a comma separated list of file names and or file extensions which are not allowed For example vb i love you kiss_me The default disallowed attachments include bat cmd com exe pif scr vbs You can use wildcards in attachment file names to match exactly one character to match any number of characters The match is not case sensitive The syntax used f...

Page 174: ...the stripped attachment Stop the Whole Message The message is stopped If sender notification is enabled the sender is notified about the message being stopped If sender notification is disabled no notification is sent If the whole message is stopped no notification is sent Quarantine stripped attachments Select whether stripped attachments should be quarantined or deleted If you quarantine strippe...

Page 175: ...licious code in multipart messages Due to security reasons multipart messages are blocked by default Enabled The multipart message is blocked and bounced back to the sender Disabled The multipart message is not blocked The product scans multipart messages as separate entities Note that uuencode partial messages are not blocked even if blocking partial messages is enabled Notify administrator Speci...

Page 176: ...r suspicious attachment has been found Recipient notification message Specify the body of the notification message that is sent to the recipient when a disallowed or suspicious attachment has been found Send notification message to sender Specify whether a notification message is sent to the sender when a disallowed attachment has been dropped IMPORTANT It is strongly recommended not to enable thi...

Page 177: ...he body of the notification message that is sent to the sender when a disallowed or suspicious attachment has been found Do not notify on these attachments Specify a comma separated list of file names and or file extensions If the product strips an attachment matching one of these file names and or extensions the sender recipient will not receive the notification message You can also use wildcards...

Page 178: ... These extensions are listed in the Included Extensions setting Scan all attachments except excluded extensions All attachments are scanned except for the ones with specified extensions These extensions are listed in the Excluded Extensions setting Enter file name extensions to the Extensions fields and separate each entry with a space You can also use wildcards matches exactly one character match...

Page 179: ...ontain malicious code Drop Attachment Remove the infected attachment from the message If the Quarantine Infected Attachments setting is enabled the infected attachment is placed into the Quarantine folder Disinfect Attachment Disinfect the attachment and reattach it to the message If the attachment cannot be disinfected it is dropped If the Quarantine Infected Attachments setting is enabled the in...

Page 180: ...ification message is sent to the recipient when a virus or other malicious code has been found The notification message text is added to the original message Recipient virus notification subject Specify the subject of the notification message that is sent to the recipient when a virus or other malicious code has been found Recipient virus notification message Specify the body of the notification m...

Page 181: ...r virus and worm names If the product finds an e mail message infected with a virus worm matching one of these keywords the whole e mail message is blocked and no virus warning message is sent to the sender or recipient s If the Inbound Mail Virus Scanning Quarantine Infected Attachments and Common Quarantine Quarantine Worms settings are enabled the whole e mail message is placed to the quarantin...

Page 182: ...sages 157 When proactive virus threat detection is disabled inbound mails are only scanned by antivirus engines Send Virus Outbreak Notification Specify whether a notification message is sent to Virus Outbreak Recipients when the product detects a virus outbreak Send Virus Outbreak Alert Specify the alert severy level that is sent to the administrator when the product detects a virus outbreak Sele...

Page 183: ... a picture file with a DOC extension The File Type Recognition setting has no effect and it is not used when the Scan for Viruses and the Strip Attachments settings are set to All Attachments Figure 6 13 Inbound Mail File Type Recognition settings Virus Outbreak Notification Recipients Specify recipients of the virus outbreak notification Virus Outbreak Notification Subject Specifies the subject l...

Page 184: ... recognition is enabled or disabled Enabled The product attempts to determine the real file type of the attachment and use the correct extension while processing the file Disabled The product does not try to determine the correct file type It uses the current file type extension to process the file Using Intelligent File Type Recognition strengthens security but can degrade the system performance ...

Page 185: ... disclaimer should be added to e mail messages that have been processed and found clean Since malware and virus writers often use spoofing techniques to forge e mail disclaimers it is not recommended to use them to declare that an e mail message or an attachment is clean The recommended practice is to use the disclaimer for legal notices or company specific banners The disclaimer is not added to S...

Page 186: ...t This e mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed If you have received this e mail in error please notify the system manager Some malware add disclaimers to infected e mails so disclaimers should not be used for stating that an e mail is clean For example see http www europe f secure com v descs n...

Page 187: ...e Specify how the traffic for certain domains will be routed When delivering mail the product will first look up the domain mail server in the mail routing table If no domain mail server is found it will attempt to find an MX record of the mail server in the DNS If the use of DNS MX records is disabled the mail will be bounced to the sender Use the localhost address 127 0 0 1 if F Secure Anti Viru...

Page 188: ...mails addressed to this domain will be delivered directly to the specified relay mail server Wildcards and can be used when specifying the domain Primary mail server Specify the primary mail server where mails addressed to this domain will be forwarded to after processing Backup mail server s Specify the backup mail server s that will be used if the product cannot deliver mail to the primary mail ...

Page 189: ...if the product will find the domain mail server for inbound mail in DNS MX records To resolve the IP address of the domain mail server the product will use the DNS server s defined in the TCP IP options of the operating system If F Secure Anti Virus for Internet Mail and the mail server are installed on the same host they must use different port numbers for incoming SMTP connections Connection tim...

Page 190: ...or Internet Mail attempts to deliver inbound mail before giving up When the time is over undeliverable mail is bounced back to the sender and removed from the Spool directory The default value is 5 days and the allowed value range from 1 hour to 30 days Send non delivery notice When inbound mail cannot be delivered F Secure Anti Virus for Internet Mail sends a non delivery notice to the sender Thi...

Page 191: ...as incorrect format arrives Because of the malformed structure the product cannot reliably parse the e mail message and thus there is a risk that malicious code will pass undetected Drop The malformed message is moved to the quarantine folder if Quarantine Problematic Mails setting is enabled For more information see Quarantine 151 The administrator receives a security alert about the stripped att...

Page 192: ...s of Nested Messages setting Drop E mail messages with exceeding nesting levels are not delivered to the recipient s The nested message is moved to the the quarantine folder if Quarantine Problematic Mails setting is enabled For more information see Quarantine 151 Pass Through Nested e mail messages will be scanned up to level specified in the Max Levels of Nested Messages setting and then deliver...

Page 193: ...Content Transfer Encoding quoted printable Content Disposition attachment filename ghost exe Action on mails with long lines Select the action to take if an e mail message contains lines exceeding the maximum length of 995 characters not including CRLF Reject The e mail is rejected Wrap The product accepts the e mail message and splits long lines as soon as they are encountered during receiving in...

Page 194: ...fferent attachments name This is a multi part message in MIME format _NextPart_000_007B_01C19931 61582B60 Content Type application octet stream Content Transfer Encoding base64 Content Disposition attachment filename nice picture jpg exe Content Disposition attachment filename readme txt ...

Page 195: ...Console by selecting the F Secure Anti Virus for Internet Mail tab and clicking Show Mail Log button on the Summary page The mail log contains information about received scanned sent trashed rejected and failed e mails and about permanent errors when scanning mail The mail log entries generated for these mails are described in detail below Received Entry The Received Entry is added to the log when...

Page 196: ...11 58 45 scanned job smtp40BC454400 msg id example eml localhost result clean size 696 msize n a Sent Entry The Sent Entry is added to the log when the mail has been successfully sent to another mail transfer agent and F Secure Anti Virus for Internet Mail and hands over the processing of the mail to another mail transfer agent There can be multiple Sent Entries created for one e mail as F Secure ...

Page 197: ... the to field from SMTP envelope An example of a Trashed Entry 2007 06 01 11 59 56 trashed job smtp40BC458C00 msg id example eml localhost from sender example com to recipient example com Rejected Entry The Rejected Entry is added to the log when F Secure Anti Virus for Internet Mail has for some reason rejected a mail or connection The Rejected Entry includes the time when rejected the network ad...

Page 198: ...of the spool file the message ID and the reason for the error 2007 06 01 14 48 06 error job smtp40BC6CE300 msg id example eml localhost reason Scan failed due to unrecoverable error giving up For information on how to configure the Mail Logging settings see Logging 162 Logfile log Logfile log is maintained by F Secure Management Agent and it contains all the alerts generated by F Secure components...

Page 199: ...eb Console for the First Time 82 6 5 1 Viewing Statistics with F Secure Internet Gatekeeper Web Console In F Secure Internet Gatekeeper Web Console the statistics are displayed on the Summary Inbound Mail and Outbound Mail pages The statistics items on these pages are described below Summary The Summary page of F Secure Anti Virus for Internet Mail displays the SMTP traffic scanning statistics It ...

Page 200: ...200 Figure 6 17 Summary of SMTP scanning statistics in F Secure Internet Gatekeeper Web Console ...

Page 201: ...order Processed messages Displays the total number of messages that have been processed Infected messages Displays the total number of infected messages High Medium virus risk messages Displays the number of messages that have been identified as unsafe messages that contain patterns that can be assumed to be a part of a virus outbreak Spam messages Displays the total number of spam messages receiv...

Page 202: ...SMTP traffic scanning statistics The Outbound Mail Statistics page displays the outbound SMTP traffic statistics The Statistics pages show the following the number of messages that have been processed accepted for delivery and successfully delivered the number of messages that have been rejected bounced or trashed the number of infected messages the last virus found and the last time a virus was f...

Page 203: ...CHAPTER6 203 Administering F Secure Anti Virus for Internet Mail Figure 6 18 Inbound Mail statistics in F Secure Internet Gatekeeper Web Console ...

Page 204: ...total size of messages that have been scanned for viruses Infected messages Displays the amount of messages that have been infected with viruses Size of infected messages Displays the total size of messages that have been infected with viruses Stripped attachments Displays the total number of attachments that have been stripped Size of stripped attachments Displays the total size of attachments th...

Page 205: ...irus for Internet Mail Size of spam messages Displays the total size of spam messages received Last infection found Displays the name of the last infection in inbound mail Last infection found on Displays the date and time of the last infection ...

Page 206: ...nsole you can see the F Secure Anti Virus for Internet Mail statistics on the Status tab under the F Secure Anti Virus for Internet Mail Statistics Total branch For explanations see above Figure 6 19 Total SMTP Scanning Statistics in F Secure Policy Manager Console For explanations for these statistics see Summary 199 ...

Page 207: ...t Mail Inbound mail statistics on the Status tab under the F Secure Anti Virus for Internet Mail Statistics Inbound Mail branch and the Outbound mail statistics under the F Secure Anti Virus for Internet Mail Statistics Inbound Mail Figure 6 20 Inbound Mail statistics in F Secure Policy Manager Console For explanations for these statistics see Inbound Mail and Outbound Mail Statistics 202 ...

Page 208: ...ermore F Secure Anti Virus for Internet Mail can add a disclaimer to mail messages that have been processed and found clean You can change the virus notification settings from F Secure Anti Virus for Internet Mail Settings Inbound Mail Virus Scanning page For more information see Virus Scanning 177 You can change the attachment stripping notification settings from F Secure Anti Virus for Internet ...

Page 209: ...9 7 ADMINISTERING F SECURE CONTENT SCANNER SERVER Overview 210 Configuring F Secure Content Scanner Server 211 Configuring Scanning Settings 216 Configuring and Viewing Statistics 226 Monitoring Logs 239 ...

Page 210: ...anner Server settings to set up the working directory set the virus definition database update notifications and scan engines In centrally managed mode you can configure F Secure Content Scanner Server with F Secure Policy Manager To open F Secure Internet Gatekeeper components select the Windows Start menu Programs F Secure Policy Manager Console When the Policy Manager Console opens go to the Ad...

Page 211: ...Server This section explains how you can configure the 7 2 1 Service Connections You can specify how F Secure Content Scanner Server should interact with F Secure for Internet Gateways and F Secure for Internet Mail from F Secure Content Scanner Server Settings Interface Figure 7 1 Interface settings ...

Page 212: ...or Internet Mail uses the same configuration To change F Secure Anti Virus for Internet Mail settings see Content Scanner Servers 149 Accept connections Specify a comma separated list of F Secure Anti Virus for Internet Mail server IP addresses from which the server accepts incoming requests This setting is used if F Secure Anti Virus for Internet Mail is installed on a separate machine If the lis...

Page 213: ...canner Server accepts If you do not want to limit the number of connections per host set the value to zero 0 However using 0 or a very high value might increase the risk of a denial of service attack Send content timeout Specify how long F Secure Content Scanner Server tries to send data to a client before it stops sending it per transferred file Receive content timeout Specify how long F Secure C...

Page 214: ...ications Protocols X Incoming Packages Polling Interval where X is File Sharing or HTTP This setting is used in the centrally managed installations only Verify integrity of downloaded databases Specify whether the downloaded virus or spam definitions databases are verified before taking them to use With this option you can make sure that they are the original databases published by F Secure Corpor...

Page 215: ...t Send security alert Notify when databases become older than Specify the number of days after which the databases are considered outdated An alert will be sent to the administrator when the latest database has become older than the specified number of days The default value is 5 days and the time is calculated from the database release date Each scan engine uses its own databases The databases ar...

Page 216: ... how password protected archives are handled 7 3 1 Virus Scanning Go to F Secure Content Scanner Server Settings Virus Scanning and to change the archive scanning and scanning engine settings These settings are used when F Secure Internet Gatekeeper scans HTTP FTP over HTTP or SMTP traffic Figure 7 3 Virus Scanning settings Scan Engines table Name Displays the name of the scan engine ...

Page 217: ...es inside the archives for possible infections The supported archive formats are ARJ BZ2 CAB GZ JAR LZH MSI RAR TAR TGZ Z and ZIP The archive itself is scanned if that is configured with the other scanning settings This is the case for example if the product is configured to scan all files Scanning inside archive files takes time and uses more system resources Disabling this setting increases perf...

Page 218: ... Password protected archives cannot be scanned Select whether to treat them as safe or unsafe As password protected archives cannot be inspected without knowing the password the user who receives a password protected archive should have up to date virus protection on the workstation if the archives are treated as safe Treat as Safe Password protected archives are considered to be safe and allowed ...

Page 219: ...cked size of an archive file exceeds this threshold the server will consider the archive suspicious and corresponding action will be taken Scan extensions inside archives Specify a list of files separated by spaces that are scanned inside archives You can also use wildcards To scan all files use To specify files with no extension type a dot Example EXE COM DO HTM Extensions allowed in password pro...

Page 220: ...gure 7 4 Spam Filtering settings Number of spam scanner instances Specify the number of Spam Scanner instances to be created and used for spam analysis As one instance of the spam scanner is capable of processing one mail message at a time this setting defines how many messages will undergo spam analysis simultaneously The default value is 3 ...

Page 221: ...timizing F Secure Spam Control Performance 250 The server must be restarted after this setting has been changed For instructions see Starting and Stopping F Secure Internet Gatekeeper Components 294 IMPORTANT Spam analysis is a processor intensive operation and each spam scanner instance takes approximately 25MB of memory process fsavsd exe Do not increase the number of instances unless the produc...

Page 222: ... patterns to cache for spam detection service By default the cache size is 10000 cached patterns Increasing cache sizes may increase the threat detection performance but it requires more disk space and may degrade the threat detection rate Cache sizes can be disabled set the size to 0 for troubleshooting purposes Action on Connection Failure Specify the action for messages when the threat detectio...

Page 223: ...h can be trusted not to be operated by spammers and do not have open relays or open proxies Define the network as a network netmask pair 10 1 0 0 255 255 0 0 with the network nnn CIDR specification 10 1 0 0 16 or use wildcard to match any number and to define a range of numbers 172 16 1 172 16 4 10 110 Use Proxy Server Specify whether F Secure Content Scanner Server uses a proxy server when it con...

Page 224: ...Settings Advanced Figure 7 5 Advanced settings Working directory Specify the path to the working directory where the product will create temporary files IMPORTANT This setting must be defined as Final with the Restriction Editor before the policies are distributed Otherwise the setting will not be changed in the product ...

Page 225: ...ify how often the Working Directory is cleaned of all files that may be left there By default files are cleaned every 30 minutes Free space threshold Set the free space threshold in megabytes for the disk where the Working Directory is located F Secure Content Scanner Server sends an alert to the administrator when the drive has less than the specified amount of space left Max number of concurrent...

Page 226: ...ts for storing this information as well as the maximum number of viruses to be displayed on the list Figure 7 6 Virus Statistics settings In F Secure Policy Manager you can see the list of most active viruses under the F Secure Content Scanner Server Statistics Virus Statistics Most Active Viruses branch Time period Specify the time period from which the Top 10 virus information is displayed The a...

Page 227: ...net Gatekeeper Web Console For instructions on how to log in the F Secure Internet Gatekeeper Web Console see Logging in the F Secure Internet Gatekeeper Web Console for the First Time 82 Summary The F Secure Content Scanner Server Summary page in F Secure Internet Gatekeeper Web Console displays the statistics of all virus scans The statistics include the number of scanned files the last virus fo...

Page 228: ...ner Server is currently running or not Start time Displays the start date and time of F Secure Content Scanner Server Scanned files Shows the number of files the server has scanned for viruses Note that one e mail can consist of multiple files Last database update Displays the last date and time when the virus definition databases were updated ...

Page 229: ...isplayed on this page Database update version Displays the version of the virus definition database update The version is shown in YYYY MM DD_NN format where YYYY MM DD is the release date of the update and NN is the number of the update for that day Last infection found Shows the last infection detected by the server Last time infection found Shows the date and time when an infection was found th...

Page 230: ...he Summary Virus Statistics page in F Secure Internet Gatekeeper Web Console Figure 7 8 Virus Statistics in F Secure Internet Gatekeeper Web Console Most active viruses Top 10 Displays a Top 10 listing of the viruses that have been found most often in the scanned traffic ...

Page 231: ...6 Spam Scanner Statistics On the Summary Spam Scanner Statistics page in F Secure Internet Gatekeeper Web Console you can see the Spam Control status database update information spam scanning results and the number of messages that have received different spam confidence ratings Figure 7 9 Spam Scanner statistics in F Secure Internet Gatekeeper Web Console ...

Page 232: ...s You can see the status of all scan engines on the Scan Engines Properties page of F Secure Internet Gatekeeper Web Console Figure 7 10 Scan engine statuses and statistics in F Secure Internet Gatekeeper Web Console ...

Page 233: ... scan engine should be disabled for troubleshooting purposes only because disabling one of the scan engines significantly reduces the chances of finding malware Not loaded This status is displayed when the F Secure Content Scanner Server failed to load a scan engine for some reason You should check the logfile log for the reason of the failure It might be for example that one or more database file...

Page 234: ...tion found Displays the name of the latest infection that was found with the selected scan engine Last time infection found Displays the date and time of the last infection Engine excluded extensions Specify a space separated list of file extensions excluded from scanning by the engine You can also use wildcards matches exactly one character matches any number of characters including zero 0 charac...

Page 235: ...r Console Total Scanning Statistics In F Secure Policy Manager you can see a summary of the scanning statistics under F Secure Content Scanner Server Statistics Server branch For explanations see above Figure 7 11 Total scanning statistics in F Secure Policy Manager Console For explanations for these statistics see Summary 227 ...

Page 236: ...an see the list of most active viruses under the F Secure Content Scanner Server Statistics Virus Statistics Most Active Viruses branch Figure 7 12 Virus Statistics in F Secure Policy Manager Console For explanations for these statistics see Virus Statistics 230 ...

Page 237: ...s In F Secure Policy Manager Console you can see the spam statistics under the F Secure Content Scanner Server Statistics Spam Control branch Figure 7 13 Spam Control statistics in F Secure Policy Manager Console For explanations for these statistics see Spam Scanner Statistics 231 ...

Page 238: ...u can see the status of the scan engines under the F Secure Content Scanner Server Statistics Scan Engines branch Figure 7 14 Scan engine statuses and statistics in F Secure Policy Manager Console For explanations for these statistics see Scan Engines 232 ...

Page 239: ... is maintained by F Secure Management Agent and it contains all the alerts generated by the F Secure components installed on the host Logfile log can be found on all hosts running F Secure Management Agent F Secure Management Agent uses Logfile log in Program Files F Secure Common directory for logging all the alerts on the host Logfile log can be viewed with any text editor for example Windows No...

Page 240: ...240 8 ADMINISTERING F SECURE SPAM CONTROL Introduction 241 Spam Control Settings 242 Realtime Blackhole List Configuration 248 ...

Page 241: ... spam flag header into a junk mail folder F Secure Spam Control spam definition databases can be updated with F Secure Automatic Update Agent In order to update the spam definition databases F Secure Automatic Update Agent must be installed on the same computer as F Secure Spam Control F Secure Policy Manager is not used for updating the spam definition databases F Secure s spam definition updates...

Page 242: ...th the product Otherwise they will be ignored Figure 8 1 Common Spam Control settings Spam filtering Specify whether inbound mails should be scanned for spam Realtime Blackhole List RBL spam filtering is not enabled by default even if you enable spam filtering from the settings For information on configuring Realtime Blackhole Lists Realtime Blackhole List Configuration 248 Heuristic Spam Analysis...

Page 243: ...el allows more spam to pass but a smaller number of regular e mail messages will be falsely identified as spam For example if the spam filtering level is set to 3 more spam is filtered but also more regular e mails may be falsely identified as spam If the spam filtering level is set to 7 more spam will pass undetected but a smaller number of regular mails will be falsely identified as spam The all...

Page 244: ...il Address setting instead of being delivered to the original recipient s The messages are marked as specified by the Add X Header and Modify Spam Message Subject settings Delete messages with this level or greater If a message has got a confidence level rating that is higher than or equal to the level specified in this setting the message will be deleted not delivered to the recipient or quaranti...

Page 245: ...llowing format X Spam Status flag hits scr required sfl tests tests where flag is Yes or No scr is the spam confidence rating returned by the spam scanner sfl is the current spam filtering level tests is the comma separated list of tests run against the mail Example X Spam Status Yes hits 8 required 5 tests DATE_IN_FUTURE_03_06 DATE_SPAMWARE_Y2K FORGED_MUA_THEBAT_BOUN MISSING_MIMEOLE MISSING_OUTLO...

Page 246: ...ceeds the specified maximum size the message will not be scanned for spam The bigger the maximum size of mails to be scanned for spam is the more resources the product will use Since all spam messages are relatively small in size it is recommended to use the default value for the Max message size setting Safe Senders Specify the list of e mail senders whose messages are never treated as spam Block...

Page 247: ...ents whose incoming messages are always treated as spam When specifying sender and recipient addresses use the username example com format You can use wildcards The match is not case sensitive The product checks sender and recipient addresses from the SMTP message envelope and not from message headers ...

Page 248: ...S queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the host where F Secure Spam Control is running 3 Test the DNS functionality by running the nslookup command at Microsoft Windows command prompt on the host running F Secure Spam Control An example C nslookup 2 0 0 127 sbl xbl spamhaus org Server your primary DNS server s ...

Page 249: ...ng correctly you should see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DUL Tests like RCVD_IN_DSBL RCVD_IN_NJABL RCVD_IN_SORBS RCVD_IN_BL_SPAMCOP_NET RCVD_IN_DSBL RCVD_IN_XBL indicate that DNSBL RBL was successfully used to classify the mail 2 If DNS functionality is not ...

Page 250: ...ases when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default the product processes a maximum of three e mails at the same time because there are three Spam Scanner engine instances running simultaneously The number of Spam Scanner instances can be controlled by modifying the F Secure Cont...

Page 251: ...251 9 ADMINISTERING F SECURE MANAGEMENT AGENT F Secure Management Agent Settings 252 Configuring Alert Forwarding 254 ...

Page 252: ...ts are at least sometimes connected through a network or a temporary link Active protocol Sets the active protocol Protocols A subdirectory containing the settings for the File Sharing and the HTTP protocol These settings should be carefully checked before distribution Errors can result in problems with communicating with the hosts Slow connection definition This setting can be used to disallow F ...

Page 253: ...ges such as Base Policy files or virus definition databases from the F Secure Policy Manager Server Outgoing packages update interval Defines how often the host tries to transmit periodically updated information such as statistics to the administrator User account The user account that is used for accessing the shared directory Password The password of the account that is used for accessing the sh...

Page 254: ...cy Manager Console Incoming packages polling interval Defines how often the host tries to fetch incoming packages such as Base Policy files or new virus definition databases from the F Secure Management Server Outgoing packages update interval Defines how often the host tries to transmit periodically updated information such as statistics to the administrator Spool time limit The maximum time the ...

Page 255: ...You can further configure the alert target by setting the policy variables under target specific branches For example F Secure Management Agent Settings Alerting F Secure Policy Manager Retry Send Interval specifies how often a host will attempt to send alerts to F Secure Policy Manager when previous attempts have failed F Secure Internet Gatekeeper can be set to report different types of alerts a...

Page 256: ...tings and Statistics icon in the Windows system tray Select F Secure Management Agent and click Properties Go to the Alerting tab to configure the alert forwarding Figure 9 3 Alert Forwarding table in F Secure Management Agent user interface You can specify where an alert is sent according to its severity level You can send alerts to any of the following F Secure Policy Manager E Mail SMTP Windows...

Page 257: ... you choose to forward alerts to an e mail address SMTP you have to specify the e mail address of the recipient and the mail server you want to use Select E Mail SMTP and click Properties to specify SMTP settings Figure 9 4 E mail Recipient Addresses dialog ...

Page 258: ...0 Query Results Page 265 Viewing Details of a Quarantined Message 267 Reprocessing the Quarantined Content 268 Releasing the Quarantined Content 269 Removing the Quarantined Content 271 Deleting Old Quarantined Content Automatically 271 Quarantine Database Settings 273 Quarantine Logging 273 Quarantine Statistics 273 ...

Page 259: ...r installations with Centralized Quarantine Management 40 and Scenario 3 F Secure Anti Virus for Internet Mail for each Sub domain 356 The quarantine consists of quarantine database quarantine storage Quarantine Database The quarantine database contains information about the quarantined messages If there are several F Secure Internet Gatekeeper installations in the network they can either have the...

Page 260: ... 10 2 Configuring Quarantine Options In stand alone installations all the quarantine settings can be configured on the Quarantine page in F Secure Internet Gatekeeper Web Console For more information on the settings see Quarantine 151 In centrally managed installations the quarantine settings are configured with F secure Policy Manager in the F Secure Anti Virus for Internet Mail Common Quarantine...

Page 261: ...CHAPTER10 261 Quarantine Management Figure 10 1 Quarantine Query page ...

Page 262: ... and malformed messages Disallowed content Includes blocked messages Spam Includes messages considered spam Scan failure A scan failure can occur for example if the file is severely corrupted Unsafe Includes unsafe messages Reason details The Reason details field contains information about the scanning or processing results that caused the message to be quarantined For Example The message is quara...

Page 263: ...iteria Host IP address Enter the host IP address to be used as search criteria Show only You can use this option to view the current status of messages that you have set to be reprocessed released or deleted Because processing a large number of e mails may take time you can use this option to monitor how the operation is progressing The options available are Unprocessed e mails Displays only e mai...

Page 264: ... Exact start and end dates to specify the date and time year month day hour minute when the data has been quarantined Sort Results Specify how the search results are sorted by selecting one of the options in the Sort Results by drop down menu based on Date Sender Recipients Subject or Reason Display Select how many items you want to view per page Wildcard Explanation Any string of zero or more cha...

Page 265: ...ine Query Results Page The Quarantine Query Results page displays a list of e mails that were found in the query To view detailed information about a quarantined e mail click the View link in the Details column For more information see Viewing Details of a Quarantined Message 267 ...

Page 266: ...tined Content 271 The Query Results page also displays status icons of the e mails that were found in the search If there are reprocessing release or delete operations that have not completed yet the icons indicate which e mails are still waiting for the operation WARNING Releasing quarantined content entails a security risk because the content is delivered to the recipient without being scanned I...

Page 267: ...he View link in the details column 2 The Quarantined Content Details page opens Figure 10 3 Quarantined Content Details page This is a quarantined e mail that the administrator has set to be deleted The deletion operation has not been completed yet This is a quarantined e mail the releasing of which failed This is a quarantined e mail the reprocessing of which failed Icon E mail status ...

Page 268: ...nd details The message status icon near the upper right corner of the page For a complete list of the icons see Query Results Page 265 The Download link can be used to download the quarantined attachment in order to check what the attachment really is 10 6 Reprocessing the Quarantined Content When quarantined content is reprocessed it is scanned again and if it is found clean it is sent to the int...

Page 269: ...t have been reprocessed and found clean are delivered to the intended recipients They are also automatically deleted from the quarantine The progress of the reprocessing operation is displayed in the Web Console 10 7 Releasing the Quarantined Content When quarantined content is released it is sent to the intended recipients without any further processing You might need to do this for example to de...

Page 270: ...he Release Quarantined Content dialog opens 5 Specify whether you want to release the content to the original recipient or specify an address where the content is to be forwarded 6 Specify what happens to the quarantined content after it has been released by selecting one of the Action after release options Leave in the quarantine Delete from quarantine 7 Click Release The content is now delivered...

Page 271: ...essages that have been classified as spam Click the Delete All button to delete all the displayed quarantined content 5 You are prompted to confirm the deletion Click OK The content is now removed from the quarantine 10 9 Deleting Old Quarantined Content Automatically Quarantined content is deleted automatically based on the Quarantine Retention and Cleanup settings on the Quarantine Options page ...

Page 272: ...menu 4 Specify a retention period that is shorter than the default value for example 1 day in the Retention Period column 5 Specify a cleanup interval that is shorter than the default value for example 30 minutes in the Cleanup Interval column 6 Enable the exception you just created by selecting the Enabled check box 7 Click Apply ...

Page 273: ...for Internet Mail tab in the Web Console and go to the Quarantine page Then click the Show Log File button 10 12 Quarantine Statistics The Quarantine statistics page displays the number of quarantined items in each quarantine category and the total size of the quarantine SQL server name The name of the SQL server where the database is located Database name The name of the quarantine database The d...

Page 274: ...d attachments are stored and counted as separate items in the quarantine storage For example if a message has three attachments and only one of them has been found infected two items will be created in the quarantine storage These items still have the same quarantine ID in the quarantine database ...

Page 275: ...275 11 SECURITY AND PERFORMANCE Introduction 276 Optimizing Security 276 Optimizing Performance 277 ...

Page 276: ...ess them If you make changes to file locations and directories make sure that the new directory has the same rights as the old one 11 2 1 Virus Scanning Make sure that F Secure Internet Gatekeeper is configured to disinfect or block all files and e mails that may carry viruses As Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to ...

Page 277: ... values for optimized security For more information see Data Trickling 101 11 3 Optimizing Performance For the best performance you should keep all working directories on a local hard disk and make sure that there is enough free disk space for temporary files in all situations 11 3 1 Virus Scanning For optimized performance configure F Secure Internet Gatekeeper to disinfect or block only those fi...

Page 278: ...Scan Result Cache does not weaken the security as F Secure Internet Gatekeeper verifies that only exactly the same files may pass without scanning that have been scanned already For more information see Performance 119 Threads Per Child Process The Threads per child process setting defines how many clients can use F Secure Internet Gatekeeper at the same time Usually browsers open about 4 connecti...

Page 279: ... transactions For more information see Service Connections 211 Number of Ports in Use If necessary you can enhance the performance of F Secure Anti Virus for Internet Gateways by increasing the number of ports in use For more information see http support microsoft com default aspx scid kb en us 196271 http support microsoft com default aspx scid kb EN US 149532 ...

Page 280: ...280 12 UPDATING VIRUS AND SPAM DEFINITION DATABASES Overview 281 Automatic Updates 281 Configuring Automatic Updates 282 ...

Page 281: ...virus is found F Secure provides a new virus definition database update F Secure Internet Gatekeeper uses an intelligent UDP based polite protocol BWTP or HTTP protocol to fetch this update F Secure s virus and spam definition updates are digitally signed for maximum security In order to update the spam definition databases F Secure Automatic Update Agent must be installed on the same computer as ...

Page 282: ...access the F Secure Automatic Update Agent user interface open the F Secure Internet Gatekeeper Web Console and select the Automatic Update Agent tab In centrally managed installations you can use the F Secure Internet Gatekeeper Web Console for monitoring the F Secure Automatic Update Agent settings To change these settings use F Secure Policy Manager Console ...

Page 283: ...CHAPTER12 283 Updating Virus and Spam Definition Databases 12 3 1 Summary Figure 12 1 Automatic Update Agent summary in F Secure Internet Gatekeeper Web Console ...

Page 284: ...e version and name of the latest installed update Last check time The date and time when the last update check was done Last check result The result of the last update check Next check time The date and time for the next update check Last successful check time The date and time when the last successful update check was done Current HTTP proxy address Displays the address of the HTTP proxy that is ...

Page 285: ...5 Updating Virus and Spam Definition Databases Downloads Figure 12 2 Automatic Update Agent downloads in F Secure Internet Gatekeeper Web Console The Downloads page displays downloaded and installed update packages ...

Page 286: ...286 12 3 2 Automatic Updates Figure 12 3 Automatic update settings in F Secure Internet Gatekeeper Web Console Specify the how the product connects to F Secure Update Server ...

Page 287: ...k for a usable Internet connection before trying to connect to the Update Server Use HTTP Proxy Select whether HTTP proxy should be used No HTTP proxy is not used From browser settings Use the same HTTP proxy settings as the web browser User defined Define the HTTP proxy Enter the proxy address in the User defined proxy field Update Server Allow fetching updates from F Secure Update Server Specify...

Page 288: ... product cannot connect to any user specified update server during the failover time it retrieves the latest virus definition updates from F Secure Update Server if Allow fetching updates from F Secure Update Server is enabled Server polling interval Define in minutes how often the product checks F Secure Policy Manager Proxies for new updates ...

Page 289: ...cure Internet Gatekeeper Web Console Edit the list of virus definition database update sources and F Secure Policy Manager proxies If no update servers are configured the product retrieves the latest virus definition updates from F Secure Update Server automatically To add a new update source address to the list follow these instructions ...

Page 290: ... host tries to connect servers Virus definition updates are downloaded from the primary sources first secondary update sources can be used as a backup The product connects to the source with the smallest priority number first 1 If the connection to that source fails it tries to connect to the source with the next smallest number 2 until the connection succeeds 4 Click Apply to add the new update s...

Page 291: ...291 13 TROUBLESHOOTING Testing the Connections 292 Starting and Stopping F Secure Internet Gatekeeper Components 294 Frequently Asked Questions 295 ...

Page 292: ...s the connection to F Secure Anti Virus for Internet Gateways is working For more information see Network Configuration 94 13 1 2 Checking that F Secure Anti Virus for Internet Mail is Up and Running You can test that the product is running by opening a telnet connection from the F Secure Anti Virus for Internet Mail machine to the port it is running on usually 25 If you get a textual response it ...

Page 293: ...message or if the cursor does not appear in the upper left corner it means that the connection was unsuccessful To test the network connection at the same time it is recommended to run telnet from the host running F Secure Anti Virus for Internet Mail 13 1 4 Checking that the Network Connection to the Original Mail Server is Working You can test if the network connection to the original mail serve...

Page 294: ...ecure Internet Gatekeeper Web Console and select the Anti Virus for Internet Mail tab Click Stop to stop F Secure Anti Virus for Internet Mail and click Start to start the service or Open Windows Control Panel and the Services dialog box Select F Secure Anti Virus Agent for Internet Mail To stop F Secure Anti Virus for Internet Mail click Stop To start the service click Start To start or stop F Se...

Page 295: ...oubleshooting 13 3 Frequently Asked Questions All support issues frequently asked questions and hotfixes can be found under the support pages at http support f secure com For more information see Technical Support 409 ...

Page 296: ...296 A APPENDIX Warning Messages HTTP Warning Messages 297 SMTP Warning Messages 298 ...

Page 297: ...riable is replaced with Unknown Variable Description DATE The date and time METHOD The HTTP request method GET POST CONNECT etc URL The requested URL CONTENT TYPE The HTTP Content Type header in the reply FS CONTENT TYPE The content type according to the File Type Recognition MAXSIZE The maximum allowed content size CLIENT IP The IP address of the requesting host REASON A short explanation why the...

Page 298: ...ing variable is replaced with Unknown Variable Description NAME OF SENDER The sender of the mail message NAME OF RECIPIENT The recipient s of the mail message SUBJECT The subject of the mail message ANTI VIRUS SERVER The DNS WINS name or IP address of the host running the product MESSAGE ID The Message ID header of the mail message REPORT BEGIN Marks the beginning of the scan report This variable ...

Page 299: ...le Description AFFECTED FILENAME The name of the original file or attachment AFFECTED FILESIZE The size of the original file or attachment THREAT The name of the threat that was found in the content TAKEN ACTION The action that was taken to remove the threat QUARANTINE ID The quarantine ID of a quarantined message Variable Description TIME INTERVAL virus outbreak probing time interval in X hours Y...

Page 300: ...300 B APPENDIX Specifying Hosts Introduction 301 Domain 301 Subnet 301 IP Address 302 Hostname 302 ...

Page 301: ...net is a partially qualified Internet address in numeric dotted quad form optionally followed by a slash and the netmask which is specified as the number of significant bits in the subnet It is used to represent a subnet of hosts which can be reached over a common network interface If the explicit net mask is missing omitted trailing digits specify the mask In this case the netmask can only be mul...

Page 302: ... qualified internet address in numeric dotted quad form Usually this address represents a host but the address does not necessarily have to have a DNS domain name Example 192 168 123 7 B 5 Hostname A hostname is a fully qualified DNS domain name which can be resolved to one or more IP addresses via the domain name service It represents a logical host in contrast to domains and it must be resolvabl...

Page 303: ...are always assumed to be anchored in the root of the DNS tree Therefore hosts WWW example com and www example com note the trailing period are considered to be equal Usually it is more effective to specify an IP address instead of a hostname as the IP address does not require a DNS lookup ...

Page 304: ...304 C APPENDIX Access Log Variables List of Access Log Variables 305 ...

Page 305: ...rmat excluding HTTP headers When no bytes are sent the value is Example C The contents of cookie Example in the request sent to the server D The time taken to serve the request in microseconds EXAMPLE e The contents of the environment variable EXAMPLE f The file name h The remote host H The request protocol Example i The contents of Example header line s in the request sent to the server l The rem...

Page 306: ...ise an empty string is used r The first line of the request s The status of the request For internally redirected requests the value is the status of the original request t The time in standard English format format t The time in the form specified by format which should be in the unix strftime 3 format T The time taken to serve the request in seconds u The remote user from auth U The requested UR...

Page 307: ...content is safe or not Cured The file was disinfected by the scanner Replaced The content was infected and the server replaced the original content Block The content was blocked Error An error occurred during the scanning Unknown An unknown result was received from the scanner This should not occur normally The file was not scanned FSFILTER action The value is the result of the filter Bypass The c...

Page 308: ... the file is clean or not scanned the value is FSFILTER scansrc The value displays whether the Scan Result Cache was used Scan The file was scanned Cache The scan result for the file was found from the cache The file was not scanned FSFILTER ct The value displays the content type as reported by the File Type Recognition FSFILTER scantime The time in milliseconds taken to scan the file FSFILTER dow...

Page 309: ...309 D APPENDIX Mail Log Variables List of Mail Log Variables 310 ...

Page 310: ...P address of the host that the mail message was received from FROM Received Scanned Sent Trashed The complete mail sender address as given in the mail envelope i e SMTP MAIL FROM command TO Received Scanned Sent Trashed The mail recipient address es as given in the mail envelope i e SMTP RCPT TO command SIZE Received Scanned Sent Trashed The original mail size in bytes DIRECTION All except Failure...

Page 311: ...ect dns space name ip address RECVTIME Received The time in milliseconds taken to receive the mail message SCANTIME Scanned The time in milliseconds taken to scan the mail message SENDTIME Sent The time in milliseconds taken to send the mail message to a designated mail server MTA REASON Rejected Failure Error The reason why the mail message was rejected or the reason for failure or error Macro Fo...

Page 312: ...312 E APPENDIX Configuring Mail Servers Configuring the Network 313 Configuring Mail Servers 314 ...

Page 313: ...l Server Configuration Inbound e mail must be routed to F Secure Internet Gatekeeper E mail Client Configuration Mail clients must send outgoing SMTP e mail to F Secure Internet Gatekeeper No settings have to be changed from the mail clients if they use smtp example com which has been changed in the DNS to point to F Secure Internet Gatekeeper If this is not the case outgoing SMTP server should be...

Page 314: ...relay features enabled enable and configure anti relay on F Secure Anti Virus for Internet Mail as well Receiving 166 E 2 Configuring Mail Servers E 2 1 Lotus Domino If you are installing F Secure Internet Gatekeeper to a Lotus Domino Server it is recommended to change the SMTP port number of Lotus Domino and use the standard SMTP TCP port 25 for F Secure Internet Gatekeeper To change the SMTP por...

Page 315: ...hange the SMTP port number of Microsoft Exchange 5 5 and use the standard SMTP TCP port number 25 for F Secure Internet Gatekeeper To change the SMTP port number in MS Exchange 5 5 1 On the MS Exchange Server open the file system32 drivers etc services located in your Windows NT directory 2 Change the line smtp 25 tcp mail to smtp 26 tcp mail This will change the SMTP port from 25 to 26 3 Reboot t...

Page 316: ...316 To change the SMTP port number in MS Exchange 2000 1 Start the Exchange System Manager from the Start Menu 2 Open the Servers Current Server Protocols SMTP branch ...

Page 317: ...APPENDIX E 317 Configuring Mail Servers 3 Open the Properties window of Default SMTP Virtual Server 4 Click Advanced 5 Select the line that has SMTP port number 25 and click Edit ...

Page 318: ...318 6 Change the TCP port to some other unused port for example 26 7 Click OK for all the windows and reboot the server ...

Page 319: ...vanced Deployment Options Introduction 320 Transparent Proxy 320 HTTP Load Balancing 329 Load Balancing With Windows Network Load Balancing Service 339 Deployment Scenarios for Environments with Multiple Sub domains 349 ...

Page 320: ...n a cluster communicate among themselves and provide high availability load balancing and scalability The service is included in any version of Windows 2003 server If you want to deploy F Secure Internet Gatekeeper in an environment with multiple sub domains see Deployment Scenarios for Environments with Multiple Sub domains 349 F 2 Transparent Proxy A proxy server is a system which acts as an age...

Page 321: ...sing a transparent proxy is the best way to provide a reliable and easy HTTP scanning service with F Secure Internet Gatekeeper However configuring a transparent proxy may require some modifications in the network infrastructure As the traffic has to be captured at the TCP IP protocol level the transparency is achieved in the firewall It recognizes and redirects HTTP requests that come from the cl...

Page 322: ...address 192 168 0 1 port 3128 For information on how to configure F Secure Internet Gatekeeper see sections Configuring F Secure Anti Virus for Internet Gateways 94 Configuring F Secure Anti Virus for Internet Mail 142 and Configuring F Secure Content Scanner Server 211 in this manual Transparent Proxy With Microsoft ISA Server 2000 Example Step 1 1 Open the ISA Management console 2 Open Servers a...

Page 323: ...lick OK Step 2 1 Open the ISA Management console 2 Open Servers and Arrays Extensions Application Filters 3 Right click HTTP Redirector Filter and select Properties 4 Select Options and make sure that Redirect to Local Web proxy service is enabled ...

Page 324: ...5 Click OK Step 3 1 Open the ISA Management console 2 Open Servers and Arrays Network Configuration Routing 3 Right click Default rule and select Action 4 Enable Routing them to a specified upstream server ...

Page 325: ...ment Options 5 For the Primary route set the IP address and the port number that F Secure Internet Gatekeeper is configured to listen for incoming connections For the Backup route select the one which is the most appropriate for you ...

Page 326: ...he Web Chaining tab 4 Right click the Last Default rule and select Properties 5 Select the Action tab Enable the Redirecting them to a specified upstream server option F Secure Internet Gatekeeper requires Microsoft ISA Server 2004 Service Pack 1 SP1 For more information how to obtain ISA Server 2004 SP1 visit the Microsoft website http www microsoft com isaserver ...

Page 327: ...nfiguration setting is deselected 8 Click OK Additional information http www microsoft com isaserver http www isaserver org http www toolzz com F 2 2 Transparent Proxy with Linux and Unix Based Systems Considerations Linux and Unix based operating systems have a built in IP filtering support Many systems are preconfigured and ready to act as firewall servers Some systems may require more configura...

Page 328: ...tables t nat A PREROUTING p tcp d 0 0 0 0 0 dport 80 j DNAT to 192 168 0 1 3128 An example using ipfilter FreeBSD 2 2 or later NetBSD 1 2 or later OpenBSD IPF 3 1 echo rdr ed0 0 0 0 0 0 port 80 192 168 0 1 port 3128 tcp etc ipnat conf ipnat f etc ipnat conf where ed0 is your internal interface name An example using ipfw FreeBSD 2 0 or later ipfw add fwd 192 168 0 1 3128 tcp from any to any 80 Addi...

Page 329: ...sco com http www nortelnetworks com http www lucent com F 3 HTTP Load Balancing If you want to ensure that the speed of the communication does not slow down and is not interrupted when scanning the traffic for malicious code you should set up load balancing With load balancing the load for example number of requests and users is spread throughout the network so that individual devices do not recei...

Page 330: ... HTTP proxy A Domain Name Server DNS server resolves the name of the proxy server to its IP address so that clients know how to connect to it When a client connects to a proxy server site that has multiple servers the DNS server rotates the list of IP addresses of the proxy servers that respond to the request Benefits If the company has a DNS server the DNS round robin is fairly easy to implement ...

Page 331: ...Since all servers are treated equally proper load balancing is not possible The requested content type is not taken into consideration F 3 2 Load Balancing with Proxy Auto Configuration PAC or Web Proxy Auto Discovery Protocol WPAD Figure F 3 F Secure Anti Virus for Internet Gateways deployed with Proxy Auto Configuration PAC Clients have to configure web browsers to use a Java script automatic pr...

Page 332: ...y auto configuration scripts you can distribute the load between different caching proxies http naragw sharp co jp sps Benefits Easy and inexpensive to implement Drawbacks Automatic proxy configuration has to be specified on every client WPAD is not widely supported Microsoft provides Internet Explorer Administration Kit IEAK to deploy and manage custom browser software packages More details on IE...

Page 333: ...on Using round robin or some other load sharing model the upstream proxy redirects requests to proxy peers specified in its configuration file Benefits Fairly easy to implement If a company already has a proxy server clients do not need to be configured in any way Squid Load balancing can be achieved with cache_peer options See example configuration here http www squid cache org Doc Hierarchy Tuto...

Page 334: ...v3 5 http wp netscape com proxy v3 5 evalguide advantages html Check Point FireWall 1 and Check Point NG Check Point FireWall 1 and Check Point NG have connect control modules which can be used to balance load between servers like web FTP and others with IP addresses An example of how it can be done for web servers can be found here http www deathstar ch security fw1 ConnectControl FAQ0102 htm ...

Page 335: ...ware Load balancing Solutions Network Address Translation NAT Figure F 5 F Secure Anti Virus for Internet Gateways deployed with Network Address Translation NAT Direct Path Routing Figure F 6 F Secure Anti Virus for Internet Gateways deployed with Direct Path Routing ...

Page 336: ...ging servers which offer various services such as e mail service Web service FTP service and DNS service Each of these services and their corresponding servers can be grouped and managed separately Layer 4 operates on TCP IP and UDP protocol levels and enables very fast load balancing but it is cannot handle diverse HTTP traffic optimally Layer 7 Load Balancing Layer 7 load balancing is a feature ...

Page 337: ...for Internet Gateways deployed with clustering Clients access a cluster a virtual server Nodes in a cluster communicate among themselves and provide high availability load balancing and scalability Sysmaster http www sysmaster com Alteon Alteon is now a part of Nortel Networks http www nortelnetworks com products 01 alteon index html ...

Page 338: ...gure and deploy For detailed information on how to deploy a cluster for load balancing see Load Balancing With Windows Network Load Balancing Service 339 Windows 2000 Server Windows 2000 Server Clustering Technologies http www microsoft com windows2000 technologies clustering default asp Windows Server 2003 Clustering Services in Windows Server 2003 http www microsoft com windowsserver2003 technol...

Page 339: ...ter we set up network load balancing for 500 users in the local network with 4 MB connection You should use at least two servers with the following hardware configuration Both servers do not have to be identical in the performance You can add new servers up to 32 in one cluster easily while the system is running without reconfiguring or restarting previously configured servers Servers can be conne...

Page 340: ...lled and configured before it can be used Configuring TCP IP and Network Load Balancing Settings All settings should be identical for all servers in the cluster except the IP address which should be unique for each server 1 Enable Network Load Balancing 2 Disable File and Printer Sharing for Microsoft Networks 3 Configure Internet Protocol TCP IP properties ...

Page 341: ...2 168 0 231 Netmask 255 255 255 0 Gateway 192 168 0 1 DNS server 192 168 0 10 All other computers connected to the local area network connect to the cluster with address 192 168 0 233 In networks that have an existing cache proxy the load balancing cluster directs all traffic to the subordinate proxy ...

Page 342: ...342 4 Add the cluster address as the second IP address in the Advanced options In our case 192 168 0 233 5 Use the following settings in Network Load Balancing ...

Page 343: ...nt Options Use the multicast communication mode 6 The remote control is not necessary and it can be disabled 7 Use an individual IP address for each different server Each server should have a different host identifier number priority ...

Page 344: ...herwise the default settings are fine 9 You can use different settings just make sure that all settings are identical on all servers 10 After you have configured TCP IP and Network Load Balancing settings check that the cluster is working ...

Page 345: ...yment Options Checking The Status of the Cluster 1 Open the Network Load Balancing Manager from the Administrative tools to administer the cluster and individual nodes 2 Select Cluster Connect to Existing to connect to the cluster ...

Page 346: ...tor s Guide Install F Secure Internet Gatekeeper on all servers on same paths and with same initial settings 2 After you have installed F Secure Internet Gatekeeper you should change the HTML error and welcome pages to make sure that the cluster is working properly Program files F Secure Anti Virus for Internet Gateways htdocs Program files F Secure Anti Virus for Internet Gateways errors It is re...

Page 347: ...now which server in the cluster sent the page to the browser For example Change files on other servers in the same way but use a different IP address Checking The Status Of The Cluster After you have installed and configured the cluster you should verify that everything is working properly ...

Page 348: ...he proxy address of the web browser n 2 Enter http 192 168 0 233 3128 in the web browser and open the page 3 Refresh the page several times and if everything is working properly you can see that each server in the cluster returns the correct page ...

Page 349: ... Deployment Scenarios for Environments with Multiple Sub domains F 5 1 Scenario 1 F Secure Anti Virus for Internet Mail as an Upstream Mail Transfer Agent Figure F 8 F Secure Anti Virus for Internet Mail deployed as an upstream Mail Transfer Agent ...

Page 350: ...irewall Incoming and outgoing SMTP connections are allowed to from smtp my intranet host No changes are needed on mail servers and end user workstations in sub domain networks F Secure Anti Virus for Internet Mail configuration F Secure Anti Virus for Internet Mail is configured to accept incoming connections on port 25 F Secure Anti Virus for Internet Mail is configured to accept mail from the fi...

Page 351: ...used to scan all inbound and outbound e mail traffic for viruses and malicious code Inbound messages to all sub domains are scanned for spam No changes on firewall mail servers and end user workstations in sub domain networks No need to deploy a separate host for mail delivery as the product uses DNS to deliver outbound mail Mail between sub domain networks is scanned for viruses and malicious cod...

Page 352: ...352 F 5 2 Scenario 2 F Secure Anti Virus for Internet Mail as Interim Mail Transfer Agent Figure F 9 F Secure Anti Virus for Internet Mail deployed as an Interim Mail Transfer Agent ...

Page 353: ... domain to the smtp my intranet host All inbound mails come to the Mail Transfer Agent running on the mx my intranet host Firewall rules are changed to enable incoming and outgoing SMTP connections to from mx my intranet host only No changes in sub domain networks F Secure Anti Virus for Internet Mail configuration F Secure Anti Virus for Internet Mail is configured to accept incoming connections ...

Page 354: ...ivery is disabled The Mail Routing Table contains the following entries Benefits One F Secure Anti Virus for Internet Mail installation is used to scan all inbound and outbound e mail traffic for viruses and malicious code No changes needed on mail servers and end user workstations in sub domain networks All e mail between sub domains in scanned Order Domain Primary Mail Server 1 my sub1 domain sm...

Page 355: ...mon virus scanning and spam filtering policies for all sub domains It is possible to install F Secure Anti Virus for Internet Mail on the same host that runs upstream Mail Transfer Agent provided that they support the same platform The machine must have enough resources to run F Secure Anti Virus for Internet Mail and mail server software In this case to avoid conflicts the port numbers the upstre...

Page 356: ...356 F 5 3 Scenario 3 F Secure Anti Virus for Internet Mail for each Sub domain Figure F 10 F Secure Anti Virus for Internet Mail installed on a separate computer for each sub domain ...

Page 357: ...mains remain on the original machines DNS configuration for sub domains is changed so that F Secure Anti Virus for Internet Mail host is resolved as smtp my sub intranet and the mail server host is resolved as pop my sub intranet The original upstream Mail Transfer Agent remains on the smtp my intranet host It is configured to route inbound mail for my sub1 domain to the smtp my sub1 intranet host...

Page 358: ...ed as outbound In both inbound and outbound mail delivery settings disable the Use DNS MX records setting and specify the Mail Routing Table as follows Benefits No changes needed in firewall and the original upstream Mail Transfer Agent Internal mail in sub domains is scanned for viruses and malicious code Mail between sub domains in scanned Different virus scanning and spam filtering policies can...

Page 359: ...sole Configuration of sub domain mail servers needs to be changed It is possible to install F Secure Anti Virus for Internet Mail to the same host running the sub domain mail server provided that they support the same platform The machine must have enough resources to run F Secure Anti Virus for Internet Mail and mail server software In this case to avoid conflicts the port numbers the mail server...

Page 360: ...360 G APPENDIX Services and Processes List of Services and Processes 361 ...

Page 361: ...Agent starts and controls the service automatically httpscan exe The process acts as a HTTP proxy and processes files downloaded through the proxy via HTTP 1 0 and HTTP 1 1 protocols rotatelogs exe The process rotates product log file s with a defined time interval Access log and error log have their own processes so two instances of the process should be running at the same time Service Process D...

Page 362: ...e The Database Update Handler process verifies and checks the integrity of virus definition and spam control database updates Service Process Description F Secure Quarantine Manager fqm exe The service provides the interface to manage quarantined e mail messages and attachments F Secure Management Agent starts and controls the service automatically Service Process Description F Secure Internet Gat...

Page 363: ...ess communication interface for integrated services and applications fch32 exe F Secure Configuration Handler that works with F Secure Policy Manager driver and enables other components to read base policy settings and to update incremental policy settings and statistics fameh32 exe Alert and Management Extensions Handler is used to send alerts and reports to F Secure Policy Manager Console LogFil...

Page 364: ...364 F Secure Automatic Update Agent Service Process Description F Secure Automatic Update Agent fsaua exe The service retrieves updates from F Secure Policy Manager or F Secure Update server ...

Page 365: ...365 H APPENDIX Error Codes Introduction 366 F Secure Anti Virus for Internet Gateways 366 F Secure Anti Virus for Internet Mail 374 F Secure Content Scanner Server 391 ...

Page 366: ...oduct operation The Log or installation directory can t be accessed Make sure that the product has sufficient rights to access the folder in question Check free disk space Consider restoring the default settings for the log and working directories 4 Error File Not Found The file 1 was not found The alert is not used in this version The alert is not used in this version 10 Error Bad Parameters Wron...

Page 367: ...s If the problem persists contact F Secure Technical Support 106 Error Stopping Module Failed Module 1 could not be stopped The alert is not used in this version The alert is not used in this version 107 Fatal Error Restarting Module Failed Module 1 could not be restarted HTTP scanning module httpscan exe cannot be restarted Check Error log for more information about the failure Manual restart of ...

Page 368: ...essage Pump Quit Quit the message pump with error 1 Unexpected problem during product operation Normally the alert can be ignored However if the alert is continuously reported try to restart the product or reboot the system 115 Error Content Scanner Server Unreachable Cannot connect to the F Secure Content Scanner Server on 1 due to error 2 During product operation The reason of the failure is rep...

Page 369: ... and act accordingly 123 Error Unable to Remove File The file 1 cannot be removed due to error 2 If the product cannot remove the file in question The alert contains the reason for the failure Check the reason for the failure and act accordingly 124 Error Unable to Create Temp File A temporary file cannot be created due to error 1 If the product cannot create the temporary file in question The ale...

Page 370: ...e error description Restarting the product or rebooting the system might help solve this problem If the problem persists consider re installing the product 133 Warning Invalid Setting The entry 1 in the setting 2 is invalid and ignored During product startup or restart Check and correct the setting in question Refer to the online help or the manual to see what type of input the setting requires 14...

Page 371: ...rt is not used in this version The alert is not used in this version 301 Security Virus Alert Infected Malicious code has been found in the following file page Request 1 Source 2 Destination 3 File size 4 bytes Scan result 5 Action Dropped The content downloaded from the source URL was found infected The content was dropped and a warning message was substituted Consider contacting the owner of the...

Page 372: ...h virus No actions are required If you do not want to receive scan summary reports you can disable it by setting 0 zero in the Send scan summary interval setting 400 Security Evaluation license expired Your evaluation license has expired Web traffic is no longer scanned for viruses and other malicious code To continue using the product after the evaluation period you will need a new license keycod...

Page 373: ...t partner for purchasing the product or renew your license online If you wish to stop using the product you need to uninstall it 600 Error Unhandled Exception An unhandled exception occurred in 1 A system exception occurred Check the log files to find out which unit and URL if available caused an exception Consider restarting the product Contact F Secure Technical Support and report the problem 77...

Page 374: ...spool quarantine or installation directory cannot be accessed Make sure that the product has sufficient rights to access the directory in question Check that there is enough free disk space and consider restoring default settings for logging and temporary directories 4 Error File Not Found The file 1 was not found The alert is not used in this version The alert is not used in this version 101 Info...

Page 375: ...ert can be ignored if it happens only occasionally at the product or system shutdown However if the failure is reported often please contact F Secure Technical support for assistance 108 Error Unexpected Module Termination Module 1 has crashed or was terminated unexpectedly 2 The module cannot start or terminates unexpectedly The reason for the failure is reported in the alert Act according to the...

Page 376: ...ent Agent is up and running Restarting the product or rebooting the system might solve this problem 125 Error Policy Read Failed Reading the policy variable 1 was unsuccessful due to 2 The product failed to read some settings The alert contains the reason for the failure Act according to error description Restarting the product or rebooting the system might solve this problem If the problem persis...

Page 377: ... Database The magic database file 1 is invalid or corrupted Intelligent File Type Recognition is disabled The magic database signature check failed Either the file has been forged or it has been changed without updating the signature Make sure that the ftrmagic def file is not corrupted If the file is missing or corrupted consider re installing the product 142 Info Magic Database Validated The mag...

Page 378: ...d its threshold The current number of items in the quarantine database is 1 The total number of quarantined items has reached its threshold Increase the threshold value or adjust the quarantine retention and cleanup settings so that old quarantined items are removed more often If necessary delete old quarantined items manually 190 Info Old Mail Logs Removed Old mail logs were removed from the log ...

Page 379: ...heck IP address and port number that F Secure Anti Virus for Internet Mail and Content Scanner Server use to communicate to each other 214 Error No Servers Available The agent cannot connect to any of the specified F Secure Content Scanner Servers All e mail messages are spooled F Secure Anti Virus for Internet Mail cannot connect to any of the specified Content Scanner Servers Check network conne...

Page 380: ...ail to it No actions are required 240 Error Mail Server Unreachable Cannot connect to the Mail Server on 1 2 Mail messages will be spooled F Secure Anti Virus for Internet Mail has failed to contact the mail server in question and cannot send e mail Check network connections Make sure that the mail server is up and running Check the address of the inbound or outbound mail server that F Secure Anti...

Page 381: ...sed e mail 244 Warning Mail Exceeds Max Size Mail message exceeds the specified maximum message size and was rejected Sender host 1 Sender 2 Recipient 3 Subject 4 Message ID 5 Mail size 6 Max size 7 F Secure Anti Virus for Internet Mail rejected incoming e mail because it was too big Consider changing settings to allow larger e mail Note that the product cannot accept e mail larger than 2 1 gigaby...

Page 382: ...Spool ID 5 Scan result 6 Reason 7 The message in question was bounced The reason for the bounce is included in the alert Check the reason for the failure and act accordingly 249 Security Message Blocked The following message was blocked Sender 1 Recipient 2 Subject 3 Message ID 4 Spool ID 5 Message size 6 bytes Reason 7 Action 8 Quarantined 9 The message in question was blocked according to curren...

Page 383: ...61 Error Cannot Send Content Sending content to the 1 F Secure Content Scanner Server on 2 was unsuccessful while processing spool job 3 attachment 4 Error occurred 5 F Secure Anti Virus for Internet Mail could not send data to F Secure Content Scanner Server in order to scan mail for viruses Make sure that F Secure Content Scanner Server is up and running Check the IP address and port number that...

Page 384: ... 270 Warning Low Spool Warning The size of the spool directory has reached its warning level threshold Volume containing the spool directory has 1 megabytes available at the moment The disk is getting full Free some disk space You might consider deleting temporary files and or unused software on the server 271 Error Low Spool Error The size of the spool directory has reached its error level thresh...

Page 385: ...ttachment could not be extracted from the mail Sender 1 Recipient 2 Subject 3 Message ID 4 Spool ID 5 Attachment name 6 Attachment size 7 Action 8 Quarantined 9 The attachment in question is apparently broken or has invalid format The whole mail message may be malformed as well Find and examine the e mail or the attachment in the quarantine folder The name of the quarantined file is mentioned in t...

Page 386: ... File name 5 File size 6 bytes Scan result 7 Action Disinfected When a file is found infected and successfully disinfected on scanning See below 320 Security Virus Alert Malicious code found in the mail Sender 1 Recipient 2 Subject 3 Message ID 4 Spool ID 5 Attachment name 6 Attachment size 7 bytes Scan result 8 Action 9 Quarantined 10 When a malicious code has been found Examine the virus alert I...

Page 387: ...changing e mail blocking settings if the attachment in question should not have been blocked 360 Security Unable to Scan Attachment cannot be scanned Sender 1 Recipient 2 Subject 3 Message ID 4 Spool ID 5 Attachment name 6 Attachment size 7 bytes Number of scan attempts 8 Action 9 Quarantined 10 Internal scan attempt limit has been reached and no more attempts to scan this attachment will be done ...

Page 388: ...rity Evaluation License Expires Soon The evaluation license will expire in 1 days Your network remains protected against viruses and other malicious code The evaluation period will end soon To continue using the product after the evaluation period finishes contact the nearest F Secure partner for purchasing the product or renew your license online 430 Error Open File Error The file 1 cannot be ope...

Page 389: ...re For example if there is not enough disk space free some etc 481 Error Cannot Quarantine Mail The e mail message cannot be quarantined due to error 1 Check the quarantine log for more details The message is spooled Sender 2 Recipient 3 Subject 4 Spool ID 5 The product fails to quarantine an e mail message The reason for the failure is reported in the quarantine log Check the quarantine log and a...

Page 390: ...ception was caught Check the log files to find out which mail caused an exception Restarting the product or rebooting the system might solve the problem Contact F Secure Technical Support if the product reports this alert frequently 601 Error Internal Error An internal error occurred Error code 1 An internal error occurred If you get this error frequently report the problem to F Secure Technical S...

Page 391: ...Info Settings Changed The following settings have been changed 1 Product settings changed from F Secure Policy Manager Console or Web Console No actions required 70 Error Cannot Read Settings Cannot read the settings Default settings will be used During startup or restart Make sure F Secure Management Agent is running 80 Info Statistics Reset Statistics were reset Product statistics reset from F S...

Page 392: ... and stop the product again If the alert appears again reboot the system 141 Warning Module Not Running Attempted to stop the module 1 that is not running On shutdown No actions required 142 Error Module Unreachable Module 1 unreachable to send a message A product component failed to interface with another component Restart the product if the problem persists If this does not help contact F Secure...

Page 393: ...tem 210 Error Process Scan Request Failed Cannot process scan request Failed to connect F Secure Anti Virus due to error 1 Alert not used in this version Alert not used in this version 220 Error Scan Request Timeout Cannot process scan request F Secure Anti Virus does not respond to the request in a timely fashion During scanning when scan timeout occurs You can increase the scan timeout interval ...

Page 394: ... that holds the quarantine directory is low on disk space Free some disk space You might consider deleting old quarantined files 300 Warning Missing Database File Virus definition database file 1 is missing During database update when a file listed in the index is not included in the package Make sure that you have the database update from F Secure Try to update databases manually with Latest zip ...

Page 395: ...rsion Alert not used in this version 307 Info Database Files Updated The following virus definition databases have been successfully updated 1 Virus definition databases have been manually or automatically updated A list of the updated files is displayed No actions required 308 Error Cannot Update Database File Updating virus definition database file 1 was unsuccessful During database update Try t...

Page 396: ...otection secure database files need to be updated Alert not used in this version Alert not used in this version 345 Error System Clock Changed The system time was apparently changed and the program cannot properly calculate the age of databases If the system time has been changed Check the system time If the system time is correct try to update the virus definition databases manually 350 Error Sca...

Page 397: ...ure 402 Error Database Rejected The database update 1 was rejected New virus definition or spam scanner databases have been rejected as they did not pass integrity verification Check the alerts that precede this alert and act according to the reason of the failure Make sure that the product downloads the original databases published by F Secure If the problem persists contact F Secure technical su...

Page 398: ...om F Secure Make sure that only authorized personnel have access rights to F Secure Policy Manager product installation and database update files directories 413 Error Database Verification No Manifest File Bad or missing manifest file 1 The manifest file is invalid or missing from the database update package See above 414 Error Database Verification No Manifest File Certificate Bad or missing man...

Page 399: ... or missing database publisher s certificate 1 The publisher s certificate is invalid or missing from the database update package Check that the product downloads database updates from F Secure Make sure that only authorized personnel have access rights to F Secure Policy Manager product installation and database update files directories 420 Error Database Verification No Matching Certificate No p...

Page 400: ...Error Database Verification No Revocation File Bad or missing revocation file 1 The revocation file is missing or invalid See above 450 Fatal error Database Verification Not Enough Memory There was not enough memory to complete the operation The product cannot complete database integrity verification because there is not enough memory Make sure the product is running on a system that meets the rec...

Page 401: ...ued by any component if there are problems with F Secure Configuration Handler a component of F Secure Management Agent Reboot the system If the problem persists after reboot contact F Secure Technical Support 535 Error Network Request Broker Unreachable Network Request Broker NRB cannot be reached to send a request When the Database Update Handler fails to register unregister with the Network Req...

Page 402: ...le 1 cannot be removed due to error 2 If a component cannot remove the file in question The alert contans the reason for the failure Check the reason for the failure and act accordingly 575 Error Unable to Create Directory Directory 1 cannot be created due to error 2 When the product tries to create a directory but cannot complete the operation The alert contains the reason for the failure Make su...

Page 403: ...tion mode work properly See the manual for detailed instructions 1002 Info Started Listening Authenticated Mode 1 has started listening for incoming connections on address 2 port 3 Authenticated mode with the agent is on Alert not used in this version Alert not used in this version 1010 Info Agent Connected Agent ip address 1 type 2 connected Alert not used in this version Alert not used in this v...

Page 404: ... and the protocol version it is supposed to communicate over Consider updating the product and applying all latest service packs and hotfixes 1203 Warning Undefined Request The received data is not a request supported by the content provider The request has come from the IP address 1 The content provider fails to parse the incoming request Some parameters of the request are apparently invalid Cons...

Page 405: ...e agent See above ID 1206 1208 Error Unable to Send Content Cannot send content to the agent due to error 1 If the content provider cannot send the content processed data back to the agent See above ID 1206 If data cannot be sent or received due to timeout consider increasing maximum send and receive timeouts for the content provider 1209 Error Unable to Receive Content Cannot receive content from...

Page 406: ...tion does not respond and or cannot process the content within the timeout period Make sure the content processor is up and running Restart the product if the problem persists 1213 Error Processor Interface Error Error occurred during interaction with the processor 1 If the content provider fails to send the interaction request to the content processor Restart the product or reboot the system Also...

Page 407: ...ion 1 Protocol 2 Source 3 Destination 4 File name 5 File size 6 bytes Scan result 7Action Disinfected When a file is found infected and successfully disinfected on scanning See above ID 2001 2004 Error Scanning Error Anti Virus encountered an error while scanning the file Agent 7 Transaction 1 Protocol 2 Source 3 Destination 4 File name 5 File size 6 bytes When the product fails to scan the file i...

Page 408: ...l 2 Source 3 Destination 4 File name 5 File size 6 bytes When the product fails to disassemble a file to be scanned The format of the file question may be invalid or malformed Get the file from the quarantine directory and send it to F Secure for investigation 2020 Error Quarantine File Failed Cannot connect to the Quarantine Manager Infected file was not quarantined and was removed Agent 7 Transa...

Page 409: ...409 Technical Support Introduction 410 F Secure Online Support Resources 410 Web Club 412 Virus Descriptions on the Web 412 ...

Page 410: ... f secure com Example Anti Virus Norway f secure com If there is no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an online Web submit form accessible through F Secure support web pages under the Contact Support page Fill in all the fields and describe the problem as accurately as possible Please include the FSDiag re...

Page 411: ...s for File Servers if it is installed on the same computer and possibly the version numbers of F Secure Policy Manager Server and F Secure Policy Manager Console if you use centralized administration Include the build number if available Description how F Secure components are configured The name and the version number of the operating system on which F Secure products and protected systems are ru...

Page 412: ...page Alternatively right click on the F Secure icon in the Window taskbar and choose the Web Club command To connect to the Web Club directly from within your Web browser go to http www f secure com small_businesses support_and_services product_upgrades Virus Descriptions on the Web F Secure Corporation maintains a comprehensive collection of virus related information on its Web site To view the V...

Page 413: ...wall with intrusion prevention antispam and antispyware solutions Founded in 1988 F Secure has been listed on the Helsinki Exchanges since 1999 and has been consistently growing faster than all its publicly listed competitors F Secure headquarters are in Helsinki Finland and we have regional offices around the world F Secure protection is also available as a service through major ISPs such as Deut...

Page 414: ...414 ...

Reviews:

No comments

Related manuals for Internet Gatekeeper

Nero Nero Express 9 Manual preview
Nero Express 9
Brand: Nero Pages: 76
Avaya INDeX Agent Assist Supervisor Manual preview
INDeX Agent Assist
Brand: Avaya Pages: 12
Siemens OC130S Installation Instructions Manual preview
OC130S
Brand: Siemens Pages: 11
Siemens ID Mouse V 3.1 User Manual preview
ID Mouse V 3.1
Brand: Siemens Pages: 28
Siemens ROS User Manual preview
ROS
Brand: Siemens Pages: 32
Siemens OpenScape Xpressions PhoneMail User Manual preview
OpenScape Xpressions PhoneMail
Brand: Siemens Pages: 110
Spectra Logic Spectra nTier500 User Manual preview
Spectra nTier500
Brand: Spectra Logic Pages: 112
Red Hat CERTIFICATE 7.3 RELEASE NOTES Release Note preview
CERTIFICATE 7.3 RELEASE NOTES
Brand: Red Hat Pages: 24
JETWAY MAGICTWIN XP Software Install Manual preview
MAGICTWIN XP
Brand: JETWAY Pages: 43
ZyXEL Communications Auto Configuration Server Vantage Access Quick Start Manual preview
Auto Configuration Server Vantage Access
Brand: ZyXEL Communications Pages: 113
FieldServer FS-8700-40 Driver Manual preview
FS-8700-40
Brand: FieldServer Pages: 34
Autodesk 18507-051452-9325 - UPG ARCH DESKTOP 2007 Installation Manual preview
18507-051452-9325 - UPG ARCH DESKTOP 2007
Brand: Autodesk Pages: 104
MACROMEDIA FIREWORKS 8-USING FIREWORKS Use Manual preview
FIREWORKS 8-USING FIREWORKS
Brand: MACROMEDIA Pages: 472
KAPERSKY ANTI-VIRUS 4.5 - FOR MICROSOFT EXCHANGE... User Manual preview
ANTI-VIRUS 4.5 - FOR MICROSOFT EXCHANGE...
Brand: KAPERSKY Pages: 134
OfficeMate ExamWriter 7.3 Enhancements Manual preview
ExamWriter 7.3
Brand: OfficeMate Pages: 39
NEC KT-X46UN User Manual preview
KT-X46UN
Brand: NEC Pages: 57
Samsung SCX 6322DN - B/W Laser - All-in-One Manual preview
SCX 6322DN - B/W Laser - All-in-One
Brand: Samsung Pages: 40
Avocent DSView Installer/User Manual preview
DSView
Brand: Avocent Pages: 358

Brands by name

Popular brands

Load more brands