McAfee UTM Firewall 4.0.4 Administration Guide
233
Firewall menu options
Antispam (TrustedSource)
8
Click Submit.
Viewing FTP antivirus statistics
The Antivirus Statistics table is located at the bottom of the FTP tab. This table provides a summary of all
viruses detected in FTP downloads.
The User column lists the username of the user who downloaded the infected file.
The Server column lists the network address of the FTP server that sent the infected file.
The File column lists the filename of the infected file.
The How Long Ago column lists the time elapsed since the infected file was downloaded.
Antispam (TrustedSource)
TrustedSource is a reputation service that filters incoming mail connections. The service provides precise
information about the reputation of an email sender based on their IP address. The TrustedSource
reputation service is a tool for reducing the amount of spam that reaches the inboxes of your organization.
However, unlike spam filters that evaluate message content, TrustedSource focuses on a sender's
reputation score. A reputation score is similar to a credit score in that it indicates a sender's
trustworthiness. With TrustedSource, the lower the score, the more trustworthy the sender.
Note:
You must have purchased either a McAfee UTM Firewall TrustedSource Subscription to use this feature.
Contact your McAfee channel partner or sales representative for additional information. TrustedSource filtering
will not function on the appliance until it is licensed.
About TrustedSource
To determine reputation scores, TrustedSource uses servers around the world to gather and analyze
messages. TrustedSource assigns a score to an IP address based on the type of mail (legitimate or spam)
that a particular host generates. The score ranges from negative (-)140 to positive (+)140. The UTM
Firewall administrator can configure a score that represents a tolerable threshold for your network. If a
sender's score is higher than your threshold, messages from that sender are rejected by the UTM Firewall
appliance. The TrustedSource servers are in constant communication, so as one server identifies a spam
flood in progress, it can alert all TrustedSource servers moments after the attack starts, and update the
offending sender's reputation score.
For more information on TrustedSource, visit
www.trustedsource.org
.
The steps in the TrustedSource process are enumerated below:
1
A sending mail server contacts a UTM Firewall appliance running mail via SMTP-proxy.
2
The appliance sends a modified DNS query that includes the sending mail server's IP address to a
TrustedSource server to get its reputation score.
3
The TrustedSource server sends the score to the appliance.
4
The appliance compares the score to the threshold value and takes one of the following actions:
a
If the score is lower than the threshold, email messages from the server are accepted and forwarded
to the internal mail servers.
b
If the score is higher than the threshold, the appliance rejects the message, logs the violation, and
closes the connection.
This process is illustrated in
Figure 234
.
Summary of Contents for SG310
Page 1: ...McAfee UTM Firewall Administration Guide version 4 0 4...
Page 10: ...10 McAfee UTM Firewall 4 0 4 Administration Guide...
Page 148: ...148 McAfee UTM Firewall 4 0 4 Administration Guide Network Setup menu options SIP...
Page 372: ...372 McAfee UTM Firewall 4 0 4 Administration Guide System menu features Advanced menu...
Page 410: ...410 McAfee UTM Firewall 4 0 4 Administration Guide Index...
Page 411: ......
Page 412: ...700 2237A00...