background image

CHAPTER 7

 

235

Administering F-Secure Content Scanner Server

7.4.3

Viewing Virus and Spam Statistics with F-Secure Policy 
Manager Console

Total Scanning Statistics

In F-Secure Policy Manager you can see a summary of the scanning 
statistics under 

F-Secure Content Scanner Server / Statistics / Server 

branch. For explanations, see above.

Figure 7-11  Total scanning statistics in F-Secure Policy Manager Console

For explanations for these statistics, see “

Summary

, 227

.

Содержание INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61...

Страница 1: ...F Secure Internet Gatekeeper Windows 2000 2003 Server Administrator s Guide...

Страница 2: ...d or transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2006 F Secure Corporation All rights...

Страница 3: ...for Internet Mail 19 1 2 3 F Secure Content Scanner Server 21 1 3 Features 21 1 4 F Secure Anti Virus Mail Server and Gateway Products 24 Chapter 2 Deployment 26 2 1 Overview 27 2 2 Network Requireme...

Страница 4: ...sing F Secure Policy Manager 79 4 2 1 F Secure Anti Virus for Internet Gateways Settings 80 4 2 2 F Secure Anti Virus for Internet Mail Settings 80 4 2 3 F Secure Content Scanner Server Settings 80 4...

Страница 5: ...Administering F Secure Anti Virus for Internet Mail 140 6 1 Overview SMTP Scanning 141 6 2 Configuring F Secure Anti Virus for Internet Mail 142 6 2 1 SMTP Settings 143 6 2 2 SMTP Connections 146 6 2...

Страница 6: ...atistics 226 7 4 1 Configuring Virus Statistics 226 7 4 2 Viewing Virus and Spam Statistics with F Secure Internet Gatekeeper Web Console227 7 4 3 Viewing Virus and Spam Statistics with F Secure Polic...

Страница 7: ...y and Performance 275 11 1 Introduction 276 11 2 Optimizing Security 276 11 2 1 Virus Scanning 276 11 2 2 Access Control 277 11 2 3 Data Trickling 277 11 3 Optimizing Performance 277 11 3 1 Virus Scan...

Страница 8: ...reak Notification Messages 299 Appendix B Specifying Hosts 300 B 1 Introduction 301 B 2 Domain 301 B 3 Subnet 301 B 4 IP Address 302 B 5 Hostname 302 Appendix C Access Log Variables 304 C 1 List of Ac...

Страница 9: ...g Up Network Load Balancing Services 340 F 5 Deployment Scenarios for Environments with Multiple Sub domains 349 F 5 1 Scenario 1 F Secure Anti Virus for Internet Mail as an Upstream Mail Transfer Age...

Страница 10: ...10 ABOUT THIS GUIDE How This Guide is Organized 11 Conventions Used in F Secure Guides 13...

Страница 11: ...s for Internet Gateways Instructions on how to configure F Secure Anti Virus for Internet Gateways general settings before you start using it It also contains instructions how to configure HTTP and FT...

Страница 12: ...g Hosts Instructions on how to specify hosts in F Secure Anti Virus for Internet Gateways Appendix C Access Log Variables Lists variables that can be used in the access log Appendix D Mail Log Variabl...

Страница 13: ...s black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a sit...

Страница 14: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Страница 15: ...15 1 INTRODUCTION Overview 16 How the Product Works 17 Features 21 F Secure Anti Virus Mail Server and Gateway Products 24...

Страница 16: ...re Anti Virus Mail Server and Gateway products are designed to protect your company s mail and groupware servers and to shield the company network from any malicious code that travels in HTTP FTP over...

Страница 17: ...Secure Anti Virus for Internet Gateways is an HTTP proxy server which acts as a gateway between the corporate network and the Internet If a client computer requests a file from a Web server it asks t...

Страница 18: ...owing Deny access to specified Web sites Block files by content types filenames and extensions Block files that exceed a specified file size Scan files by content types filenames and extensions and Au...

Страница 19: ...attachments can be stripped from e mail messages by their filenames or extensions and messages that contain malformed or suspicious headers can be blocked After F Secure Anti Virus for Internet Mail h...

Страница 20: ...s for Internet Mail finds an infected attachment or other malicious content it can do any of the following Block the whole e mail message Strip the infected attachment Send a customizable virus warnin...

Страница 21: ...Secure Internet Gatekeeper has found Powerful and Always Up to date F Secure Internet Gatekeeper uses the award winning F Secure Anti Virus scanners to ensure the highest possible detection rate and d...

Страница 22: ...sts Superior detection rate with multiple scanning engines Unparalleled malicious code detection and disinfection F Secure Internet Gatekeeper detects all known viruses worms and Trojans including Jav...

Страница 23: ...configure Can be administered centrally with F Secure Policy Manager Can be monitored with the convenient F Secure Internet Gatekeeper Web Console Contains new quarantine management features you can m...

Страница 24: ...s transparently and scans files in the Exchange Server Information Store in real time Manual and scheduled scanning of user mailboxes and Public Folders is also supported F Secure Anti Virus for MIMEs...

Страница 25: ...the installation and configuration of the product F Secure Messaging Security Gateway delivers the industry s most complete and effective security for e mail It combines a robust enterprise class mess...

Страница 26: ...26 2 DEPLOYMENT Overview 27 Deployment Scenarios 29...

Страница 27: ...ure Internet Gatekeeper in the corporate network use the one that best fits your needs and your own network design strategy Although the scenarios are given separately for web traffic and e mail scann...

Страница 28: ...ontent Scanner Server ProgramFiles F Secure Content Scanner Server fsavsd exe 18971 TCP 1024 65536 TCP only with F Secure Anti Virus for Internet Mail on a separate host DNS 53 UDP TCP HTTP 80 or othe...

Страница 29: ...ifferent deployment scenarios for F Secure Anti Virus for Internet Gateways Scenario 1 On a Dedicated Machine Figure 2 1 F Secure Anti Virus for Internet Gateways deployed on a dedicated machine Advan...

Страница 30: ...nfiguration No changes are required Scenario 2 As a Downstream Proxy Figure 2 2 F Secure Anti Virus for Internet Gateways deployed as a downstream proxy Advantages End users do not have to change the...

Страница 31: ...more information see Proxy Chaining 98 HTTP Proxy or Cache Server Configuration Configure the HTTP proxy or cache server to accept incoming requests only from F Secure Anti Virus for Internet Gateways...

Страница 32: ...e is a risk of malicious code getting to the cache server and HTTP clients accessing it there Configuration on End User Workstations Web browser proxy settings do not have to be changed F Secure Anti...

Страница 33: ...ernet Gateways DNS Configuration No changes are required Scenario 4 Transparent Deployment with a Firewall or a Router Figure 2 4 F Secure Anti Virus for Internet Gateways deployed transparently with...

Страница 34: ...ts which are allowed to connect to F Secure Anti Virus for Internet Gateways For more information see Connections to F Secure Anti Virus for Internet Gateways 123 Internal Firewall or Router Configura...

Страница 35: ...ails are scanned The overall performance is better as the virus scanning is performed on a dedicated machine Disadvantages The network configuration has to be changed DNS Configuration If the mail ser...

Страница 36: ...tranet Hosts list are treated as outbound For more information see Intranet Hosts 164 Specify the existing mail server address as the inbound and outbound mail server for F Secure Anti Virus for Inter...

Страница 37: ...n additional server E mail clients DNS and firewall configurations do not have to be changed Disadvantages This type of deployment may cause extra load on the server The mail server port needs to be c...

Страница 38: ...tion see Intranet Hosts 164 Specify localhost and the new port number of the mail server as the inbound and outbound mail server for F Secure Anti Virus for Internet Mail For more information see Mail...

Страница 39: ...ternal mail server F Secure Anti Virus for Internet Mail Configuration Configure F Secure Anti Virus for Internet Mail to send inbound mails to the internal mail server For more information see Mail D...

Страница 40: ...of F Secure Anti Virus for Internet Mail deployed with centralized quarantine management SQL Server Used for the Centralized Quarantine Database There is a common SQL server where the quarantine data...

Страница 41: ...antine configuration for all F Secure Internet Gatekeeper instances Advanced Deployment Scenarios in Environments with Multiple Sub domains For information on advanced deployment scenarios see Deploym...

Страница 42: ...LATION Recommended System Requirements 43 Centrally Administered or Stand alone Installation 47 Installation Instructions 50 After the Installation 69 Upgrading F Secure Internet Gatekeeper 72 Uninsta...

Страница 43: ...3 Standard Edition with latest service pack Microsoft Windows Server 2003 Enterprise Edition with latest service pack Microsoft Windows Server 2003 R2 Standard Edition Microsoft Windows Server 2003 R2...

Страница 44: ...for processing 10 GB or more Network 100Mbps Fast Ethernet NIC switched network connection SQL server for quarantine database Microsoft SQL Server 2000 Enterprise Standard or Workgroup edition with S...

Страница 45: ...tabase size is limited to 2 GB MSDE includes a concurrent workload governor that limits the scalability of MSDE For more information see http msdn microsoft com library url library en us architec 8_ar...

Страница 46: ...antine database should be configured to use Mixed Mode authentication 3 1 2 Web Browser Software Requirements In order to administer the product with F Secure Internet Gatekeeper Web Console one of th...

Страница 47: ...ny potentially conflicting products such as anti virus file encryption and disk encryption software that employ low level device drivers Close all Windows applications before starting the installation...

Страница 48: ...ee the chapter Installing F Secure Policy Manager Console in F Secure Policy Manager Administrator s Guide For instructions on how to create the policy domain see section Managing Domains and Hosts in...

Страница 49: ...stalled in stand alone mode some of the screens included in these installation instructions will not be displayed 2 Check and configure settings for F Secure Content Scanner Server F Secure Anti Virus...

Страница 50: ...dministration mode you are going to use The administration modes are explained in Centrally Administered or Stand alone Installation 47 Step 1 Download and execute the installation package If you have...

Страница 51: ...CHAPTER3 51 Installation Step 3 Read the License Agreement If you accept the agreement select the I accept this agreement check box and click Next to continue...

Страница 52: ...52 Step 4 Enter the product keycode and click Next to continue If you are installing the evaluation version this screen is not displayed...

Страница 53: ...may vary depending on the keycode you entered in the previous step Select the components to install and click Next to continue If you are installing only F Secure Anti Virus for Internet Gateways or...

Страница 54: ...54 Step 6 Select the destination folder where you want to install F Secure Internet Gatekeeper components Click Next to continue...

Страница 55: ...Centralized administration through network to use F Secure Policy Manager Console to remotely manage all F Secure Internet Gatekeeper components For more information see Basics of Using F Secure Inter...

Страница 56: ...56 Step 8 Enter the path or click Browse to locate the management key This is the key that you created during the F Secure Policy Manager Console Setup Click Next to continue...

Страница 57: ...R3 57 Installation Step 9 Select the network communication method If you are using F Secure Policy Manager to manage F Secure Internet Gatekeeper select F Secure Policy Manager Server Click Next to co...

Страница 58: ...58 Step 10 Enter the IP address of the F Secure Policy Manager Server Click Next to continue...

Страница 59: ...The administration port is used because the Setup program needs to upload new MIB files to F Secure Policy Manager Server Click Next to continue If the product MIB files cannot be uploaded to F Secur...

Страница 60: ...select the default option Local quarantine management If you have multiple installations and you want to manage quarantined e mails centrally select Centralized quarantine management Centralized quara...

Страница 61: ...you select this option the MSDE Installation Directory page will be displayed next If you already have Microsoft SQL Server or Microsoft SQL Server Desktop Engine MSDE installed select the second opt...

Страница 62: ...am and data files will be installed Then enter a password for the database server administrator account Do not leave the password empty Re enter the password in the Confirm password field F Secure Int...

Страница 63: ...where the quarantine database will reside Step 15 If you selected to install Microsoft SQL Server Desktop Engine MSDE in Step 13 61 the Setup installs it now Wait until the installation is complete I...

Страница 64: ...64 Step 16 The setup wizard displays a list of components to be installed Click Start to install the components to your computer...

Страница 65: ...CHAPTER3 65 Installation Step 17 The setup wizard displays the progress of the installation Wait until the installation is ready...

Страница 66: ...66 Step 18 The setup wizard displays the installation result for each component after the installation is completed Click Next to continue...

Страница 67: ...tion Step 19 Click Finish to complete the installation If you were doing an upgrade installation and are prompted to restart your computer select Restart now The new software version will be operation...

Страница 68: ...after the installation F Secure Spam Control database updates are always downloaded directly from F Secure s update servers even in centrally administered installations The product connects to the thr...

Страница 69: ...en them blocking access to Policy Manager s administrative port 8080 F Secure Policy Manager Server has been configured so that administrative connections from anywhere else than the localhost are blo...

Страница 70: ...information see SMTP Connections 146 3 Configure the virus scanning to specify the type of traffic you want to scan For mail traffic scanning see Configuring SMTP Traffic Scanning 166 Make sure that y...

Страница 71: ...107 Make sure that you specify which hosts are allowed to connect to F Secure Anti Virus for Internet Gateways For more information see Connections to F Secure Anti Virus for Internet Gateways 123 F...

Страница 72: ...s that are installed on the system already the setup suggests upgrading several or all components Select the components you want to upgrade 3 Specify how the inbound mail routing is to be handled The...

Страница 73: ...other setting defined during the installation needs to be changed later on the setting must be defined as Final in the F Secure Policy Manager Console before distributing the policies This applies onl...

Страница 74: ...omain IP address and port number information read from the previous version s configuration see the example in the figure below You can also add the information for a new outbound mail server Figure 3...

Страница 75: ...r Servers where F Secure Anti Virus for Internet Mail sends files to be scanned when it cannot connect to primary servers 7 After the components have been upgraded select Restart now to restart the co...

Страница 76: ...e Quarantine 151 Notification settings and messages for virus scanning and stripped and suspicious attachments see Blocking 172 and Virus Scanning 177 Spam Control settings see Spam Control Settings 2...

Страница 77: ...F Secure Anti Virus for Internet Gateways F Secure Spam Control if it was installed F Secure Automatic Update Agent if it was installed F Secure Content Scanner Server Microsoft SQL Server Desktop En...

Страница 78: ...78 4 BASICS OF USING F SECURE INTERNET GATEKEEPER Introduction 79 Using F Secure Policy Manager 79 Using F Secure Internet Gatekeeper Web Console 82...

Страница 79: ...used to change settings and view statistics of the F Secure Internet Gatekeeper In the centralized administration mode you can open F Secure Internet Gatekeeper components from the Windows Start menu...

Страница 80: ...define settings for the F Secure Anti Virus for Internet Gateways For detailed descriptions of F Secure Anti Virus for Internet Gateways settings see Configuring F Secure Anti Virus for Internet Gate...

Страница 81: ...during installation or upgrade you need to mark the setting as Final in the restriction editor The settings descriptions in this manual indicate the settings for which you need to use the Final restri...

Страница 82: ...Policy Manager for this instead 4 3 1 Logging in the F Secure Internet Gatekeeper Web Console for the First Time Before you log in the F Secure Internet Gatekeeper Web Console for the first time chec...

Страница 83: ...that will be issued to all local IP addresses and restarts the F Secure Internet Gatekeeper Web Console service to take the certificate into use Wait until the utility completes and the window closes...

Страница 84: ...Certificate Import Wizard If you are using Internet Explorer 7 in the Place all certificates in the following store selection select the Trusted Root Certification Authorities store If you are using...

Страница 85: ...page opens enter the user name and the password Note that you must have administrator rights to the host Then click Log In Figure 4 1 F Secure Internet Gatekeeper Web Console Login page 8 You will be...

Страница 86: ...rall product status on the Home page The Home page displays a summary of the component statuses and most important statistics From the Home page you can also open the product logs and proceed to confi...

Страница 87: ...Configuring F Secure Anti Virus for Internet Mail 142 Click Show Mail Log to view the mail log F Secure Anti Virus for Internet Gateways The Home page displays the status the F Secure Anti Virus for...

Страница 88: ...atus of F Secure Content Scanner Server Last time virus definition databases updated Shows the date and time when the virus signature databases were last updated Database update version Shows the vers...

Страница 89: ...us of F Secure Automatic Update Agent Last update check Shows the last date and time when F Secure Automatic Update Agent polled the F Secure Update Server for new updates Next update check Shows the...

Страница 90: ...n specify settings for connections to the server You can also open the F Secure Internet Gatekeeper Web Console access log from this page Click Show Access Log to view the F Secure Internet Gatekeeper...

Страница 91: ...CHAPTER4 91 Basics of Using F Secure Internet Gatekeeper To add a new host in the list click Add to add new a new line in the table and then enter the IP address of the host...

Страница 92: ...NTI VIRUS FOR INTERNET GATEWAYS Overview HTTP Scanning 93 Configuring F Secure Anti Virus for Internet Gateways 94 Configuring Web Traffic Scanning 107 Monitoring Logs 127 Viewing Statistics 130 Examp...

Страница 93: ...ure Anti Virus for Internet Gateways works properly You should modify the general settings when your network infrastructure changes or when you want to optimize the security or the performance of F Se...

Страница 94: ...m 5 2 1 Network Configuration You can configure the network settings in F Secure Anti Virus for Internet Gateways Settings Network Configuration Binding You can define how F Secure Anti Virus for Inte...

Страница 95: ...ers must have this port configured in the web browser proxy settings By default the listen port is 3128 If the product is running on a multi homed host you can also specify the IP address it should li...

Страница 96: ...proxy CONNECT method is used when a web browser requests an HTTPS connection through an HTTP proxy By default the CONNECT method is allowed to port 443 HTTPS port For more detailed information about...

Страница 97: ...responses Keep alive Specify whether persistent connections are allowed or not If you allow persistent connections connections from clients to F Secure Anti Virus for Internet Gateways are not automa...

Страница 98: ...r performance Max connections per host Specify the maximum number of simultaneous connections that F Secure Anti Virus for Internet Gateways accepts from a particular host Should there be more incomin...

Страница 99: ...P addresses subnets hosts and domains A request to a host which matches one or more of these is always served directly without forwarding to the configured remote proxy server For more information see...

Страница 100: ...Gateways unchanged On For each reply and request that passes through F Secure Anti Virus for Internet Gateways via information is appended to the Via header line Full For each reply and request that p...

Страница 101: ...nload may timeout the web browser if the file is scanned completely before it is sent to the requesting client You can configure the Data Trickling settings from F Secure Anti Virus for Internet Gatew...

Страница 102: ...ed before it has been downloaded to F Secure Gatekeeper completely It may be unsafe to keep the packet size large as potential malware may trickle through byte by byte before it is detected by F Secur...

Страница 103: ...r Internet Gateways Connection timeout Specify the time in seconds that F Secure Anti Virus for Internet Gateways waits for response from F Secure Content Scanner Server before timing out Restore conn...

Страница 104: ...he logging directory in the field Path to the logging directory Specify the logging directory Enter the complete path to the field or click Browse to browse to the path you want to set as the new logg...

Страница 105: ...conditions Warning Warning conditions Notice Normal but significant messages Informational Informational messages Debug Debug level messages everything is logged For more information and examples of w...

Страница 106: ...Clear table to clear all except the default Access log format Restoring default log formats deletes all other log formats from the table Rotate logs every Specify how often F Secure Anti Virus for Int...

Страница 107: ...and FTP over HTTP should be scanned or blocked and what to do with the infected content 5 3 1 Content Control You can configure the Content Control settings from F Secure Anti Virus for Internet Gate...

Страница 108: ...Select whether FTP over HTTP traffic should be excluded from virus scanning FTP over HTTP traffic includes all FTP transfers initiated through web browsers when the FTP proxy setting in the browser ha...

Страница 109: ...want to edit and click Edit Enter a new MIME type to Content type field and filename extensions to the Extension s field and click Add to add the new type to the list A content type includes both the...

Страница 110: ...nfect the infected file If the disinfection succeeds F Secure Anti Virus for Internet Gateways sends the disinfected file to the requesting client instead of the original infected file If the disinfec...

Страница 111: ...r Internet Gateways cannot scan Pass Let all files that F Secure Anti Virus for Internet Gateways cannot scan pass through to the requesting client Using this option is not recommended WARNING Letting...

Страница 112: ...nt types Select the content types to be blocked on the gateway The options available are Disabled Content is not blocked based on the content type All Content Types All content types are blocked Only...

Страница 113: ...content in both HTTP and FTP over HTTP downloads will be blocked according to content blocking rules Included content types and Excluded content types lists Define the content types which will be bloc...

Страница 114: ...l File Type Recognition Figure 5 9 Content Control File Type Recognition settings Allow content ranges The HTTP 1 1 protocol allows a client to request only a part a range of the content from the serv...

Страница 115: ...ontent types the File Type Recognition analyzes the content which could reveal the real content type to be application octet stream and so the file will be scanned File Type Recognition does not check...

Страница 116: ...gure 5 10 Notifications settings Send virus alerts to administrator Specify whether the product should send virus warning messages to the administrator if it finds malicious code in the downloaded con...

Страница 117: ...ock warning messages to the administrator if it blocks any downloaded content Disabled Do not send block warning messages Enabled Send a block warning message every time F Secure Anti Virus for Intern...

Страница 118: ...e 2 Virus warning message Enter the virus warning message that is shown to users when they try to download a file that contains malicious code The warning message should be in HTML format For more inf...

Страница 119: ...not cache scanned files it just stores a unique identifier for each file The content is verified with a cryptographic hash function MD5 to ensure that only exactly the same files may pass without sca...

Страница 120: ...net Gateways uses one thread to serve one HTTP request so the number of threads affects the number of requests that can be served at the same time For more information see Threads Per Child Process 27...

Страница 121: ...automatically reset when any F Secure Anti Virus for Internet Gateways or F Secure Content Scanner Server settings are changed or when virus definition databases are updated F Secure Anti Virus for In...

Страница 122: ...on Figure 5 12 Administration settings Working directory Specify the Working Directory Enter the complete path in the field If the path does not begin with a slash then it is assumed to be relative to...

Страница 123: ...r Internet Gateways Furthermore you can specify hosts and sites which are never scanned for viruses and sites which the users are not allowed to access Connections to F Secure Anti Virus for Internet...

Страница 124: ...ions or to deny specific hosts from connecting and allow all other connections Allow Deny By default the access is denied F Secure Anti Virus for Internet Gateways accepts connections only from hosts...

Страница 125: ...information see Specifying Hosts 300 Denied hosts Specify hosts and subnets that cannot connect to F Secure Anti Virus for Internet Gateways For more information see Specifying Hosts 300 By default o...

Страница 126: ...sts 300 Trusted sites The content of trusted sites is never scanned for viruses and downloads from trusted sites are never blocked Click Add to add a new trusted site in the table To modify an existin...

Страница 127: ...rror messages Access Log logs HTTP requests that have passed through F Secure Anti Virus for Internet Gateways For more information see Logging 104 F Secure Management Agent maintains a log called Log...

Страница 128: ...etting You can open the error log from the F Secure Internet Gatekeeper Web Console by selecting the Anti Virus for Internet Gateways tab and clicking the Show Error Log button Level Examples Emergenc...

Страница 129: ...Secure Internet Gatekeeper Web Console by selecting the Anti Virus for Internet Gateways tab and clicking the Show Access Log button For more information on the Logging settings see Logging 104 5 4 3...

Страница 130: ...installed in centralized administration mode For instructions on how to log in the F Secure Internet Gatekeeper Web Console see Logging in the F Secure Internet Gatekeeper Web Console for the First T...

Страница 131: ...statistics the number of scanned files the last virus found and the last time a virus was found Figure 5 15 HTTP scanning statistics in F Secure Internet Gatekeeper Web Console Status Status Displays...

Страница 132: ...umber of infected files that have been found Blocked files Displays the total number of files that have been blocked Disinfected files Displays the total number of files that have been disinfected Las...

Страница 133: ...f files and kilobytes processed and the number of blocked infected and disinfected files Figure 5 16 Content Control statistics in F Secure Internet Gatekeeper Web Console Processed files Displays the...

Страница 134: ...y have been delivered to the requesting client Disinfected files Displays the total number of infected files that have been disinfected Last time infection found Displays the date and time the last vi...

Страница 135: ...Secure Policy Manager Console select the Status tab in the Properties pane and then select the F Secure Anti Virus for Internet Gateways Statistics Status and F Secure Anti Virus for Internet Gateway...

Страница 136: ...sages in the Notifications page For more information see Notifications 115 Copy all images and other page elements that you want to use to the htdocs directory located under the F Secure Anti Virus fo...

Страница 137: ...Secure Anti Virus for Internet Gateways 5 6 1 Virus Warning Message The virus warning message is displayed to users when they try to download a file that contains malicious code Figure 5 18 An exampl...

Страница 138: ...138 5 6 2 Block Warning Message The block warning message is displayed to users when they try to download a file that has been blocked Figure 5 19 An example of a block warning message...

Страница 139: ...Virus for Internet Gateways 5 6 3 Banned Site Warning Message The banned site warning message is displayed to users when they try to access a site which they are not allowed to access Figure 5 20 An...

Страница 140: ...NISTERING F SECURE ANTI VIRUS FOR INTERNET MAIL Overview SMTP Scanning 141 Configuring F Secure Anti Virus for Internet Mail 142 Configuring SMTP Traffic Scanning 166 Monitoring Logs 195 Viewing Stati...

Страница 141: ...SMTP server for further processing and delivery Change the F Secure Anti Virus for Internet Mail settings to set up the e mail quarantine spool and logging directories connection settings alerting an...

Страница 142: ...ner settings also have an effect on how the SMTP traffic is scanned The default settings apply in most system configurations but it might be a good idea to check that they are valid for your system Af...

Страница 143: ...addresses that F Secure Anti Virus for Internet Mail should listen to for incoming connections Separate each address with a comma or a space You can leave the field empty if you want the agent to list...

Страница 144: ...ecure Anti Virus for Internet Mail and the mail server are installed on the same host they must use different port numbers for incoming SMTP connections In these cases F Secure Anti Virus for Internet...

Страница 145: ...dded to the received header field of the messages which are scanned Select No to add the following received field to the header Received from xxx xxx xxx xxx xxxx EHLO mail example com by fsavim examp...

Страница 146: ...hen sending bounce and non delivery notification messages This address will be visible to the receiver of the notification message as the sender of the e mail If left empty default the address set in...

Страница 147: ...ous connections that are accepted from a particular host The excess connections are temporarily rejected If there is only one mail server in use in the company network use a high value for this settin...

Страница 148: ...72 16 4 4 172 16 1 172 16 4 10 110 100 120 1 240 For more information see Specifying Hosts 300 You can import a list of host addresses to the Allowed Hosts and Denied Hosts tables from a CSV file When...

Страница 149: ...F Secure Anti Virus for Internet Mail Settings Common Content Scanner Servers Figure 6 3 Common Content Scanner Servers settings Addresses Primary servers Specify the F Secure Content Scanner Servers...

Страница 150: ...es are distributed Otherwise the setting will not be changed in the product Connection timeout Specify how long F Secure Anti Virus for Internet Mail waits for a response from F Secure Content Scanner...

Страница 151: ...ntine related settings are configured through F Secure Policy Manager and the quarantined files are managed through F Secure Internet Gatekeeper Web Console Enabled Data is transferred via local tempo...

Страница 152: ...nt as separate files into the Quarantine Storage a directory specified in the Quarantine settings and inserts an entry to the Quarantine Database with information about the quarantined content For mor...

Страница 153: ...i Virus for Internet Mail For information on how to manage and search quarantined content see Quarantine Management 258 Figure 6 5 Common Quarantine settings that are used for configuring the quaranti...

Страница 154: ...154 Figure 6 6 Quarantine Options settings in the Web Console that are used for configuring the quarantining in stand alone installations...

Страница 155: ...distributed Otherwise the setting will not be changed in the product Retain items in quarantine Specify how long quarantined items should be retained in the quarantine before they are deleted Use the...

Страница 156: ...interval for the selected quarantine category Quarantine size threshold Specify the critical size in megabytes of the quarantine folder If the specified value is reached the product sends an alert The...

Страница 157: ...o alert is sent if both thresholds are set to zero 0 The options available are Send informational alert Send warning alert Send error alert Send security alert Quarantine worms Specify whether the pro...

Страница 158: ...if the message is retained in the quarantine after the maximum attempts Final Action on Unsafe Messages Specify the action to unsafe messages after the maximum number of reprocesses have been attepte...

Страница 159: ...ke sure that the spool directory is on a local hard disk to ensure the best possible performance of F Secure Anti Virus for Internet Mail WARNING During the setup access rights are adjusted so that on...

Страница 160: ...the messages are scanned and sent at once Low spool warning threshold Specify the amount of free disk space in megabytes that the disk where the Spool Directory is should have The default value is 50...

Страница 161: ...Notify when mails in spool above threshold Specify whether an alert is sent to the administrator when the total number of mails in the spool exceeds the threshold specified in the Total Number of Spo...

Страница 162: ...keep log of all the e mails that pass through it The Logging settings are located under the F Secure Anti Virus for Internet Mail Settings Common Logging branch For more information on the content of...

Страница 163: ...ging Directory If you make changes to the Logging Directory settings make sure that the new Logging Directory has the same rights Logging type Specify how F Secure Anti Virus for Internet Mail creates...

Страница 164: ...from hosts outside of your network are considered inbound mail Scanning settings for these e mail messages are under the Inbound branch The Intranet Hosts table is located under F Secure Anti Virus fo...

Страница 165: ...e following entries are valid 172 16 4 4 172 16 1 172 16 4 0 16 172 16 250 255 For more information see Specifying Hosts 300 You can import a list of host addresses to the Intranet Hosts table from a...

Страница 166: ...ion in both the Inbound Mail and Outbound Mail branches An exception to this is the Spam Control feature which exists only in the Inbound Mail branch if you have F Secure Spam Control installed 6 3 1...

Страница 167: ...the SMTP reply code 521 which instructs the sending mail server to stop trying to send the message again E mail messages which were accepted before changing this setting are processed normally Reject...

Страница 168: ...and sends them when the connection is restored Max message size Specify the maximum size in kilobytes of the e mail message that the product accepts Set the value to zero 0 to have no limit on the mes...

Страница 169: ...ses Denied recipients Specify recipients who are specifically denied from receiving any e mail messages By default F Secure Anti Virus for Internet Mail is set to verify recipients and no Allowed Reci...

Страница 170: ...pients per message Verify senders Specify if senders of inbound mail messages are checked against the Allowed Senders and Denied Senders tables on receiving Enabled Inbound mail messages are accepted...

Страница 171: ...line If you want to include a comment for an address use a delimiter character for example a semi colon to separate the data to be entered in the different columns Leave the Active field empty as in t...

Страница 172: ...log opens you can change the delimiter character by clicking the Options button 6 3 3 Spam Control For information on configuring Spam Control see Administering F Secure Spam Control 240 6 3 4 Blockin...

Страница 173: ...example txt pdf vcf Disallowed attachments Specify a comma separated list of file names and or file extensions which are not allowed For example vb i love you kiss_me The default disallowed attachment...

Страница 174: ...he stripped attachment Stop the Whole Message The message is stopped If sender notification is enabled the sender is notified about the message being stopped If sender notification is disabled no noti...

Страница 175: ...icious code in multipart messages Due to security reasons multipart messages are blocked by default Enabled The multipart message is blocked and bounced back to the sender Disabled The multipart messa...

Страница 176: ...suspicious attachment has been found Recipient notification message Specify the body of the notification message that is sent to the recipient when a disallowed or suspicious attachment has been foun...

Страница 177: ...e body of the notification message that is sent to the sender when a disallowed or suspicious attachment has been found Do not notify on these attachments Specify a comma separated list of file names...

Страница 178: ...These extensions are listed in the Included Extensions setting Scan all attachments except excluded extensions All attachments are scanned except for the ones with specified extensions These extension...

Страница 179: ...ntain malicious code Drop Attachment Remove the infected attachment from the message If the Quarantine Infected Attachments setting is enabled the infected attachment is placed into the Quarantine fol...

Страница 180: ...fication message is sent to the recipient when a virus or other malicious code has been found The notification message text is added to the original message Recipient virus notification subject Specif...

Страница 181: ...virus and worm names If the product finds an e mail message infected with a virus worm matching one of these keywords the whole e mail message is blocked and no virus warning message is sent to the s...

Страница 182: ...ages 157 When proactive virus threat detection is disabled inbound mails are only scanned by antivirus engines Send Virus Outbreak Notification Specify whether a notification message is sent to Virus...

Страница 183: ...a picture file with a DOC extension The File Type Recognition setting has no effect and it is not used when the Scan for Viruses and the Strip Attachments settings are set to All Attachments Figure 6...

Страница 184: ...recognition is enabled or disabled Enabled The product attempts to determine the real file type of the attachment and use the correct extension while processing the file Disabled The product does not...

Страница 185: ...disclaimer should be added to e mail messages that have been processed and found clean Since malware and virus writers often use spoofing techniques to forge e mail disclaimers it is not recommended t...

Страница 186: ...This e mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed If you have received this e mail in error please...

Страница 187: ...Specify how the traffic for certain domains will be routed When delivering mail the product will first look up the domain mail server in the mail routing table If no domain mail server is found it wi...

Страница 188: ...ails addressed to this domain will be delivered directly to the specified relay mail server Wildcards and can be used when specifying the domain Primary mail server Specify the primary mail server whe...

Страница 189: ...f the product will find the domain mail server for inbound mail in DNS MX records To resolve the IP address of the domain mail server the product will use the DNS server s defined in the TCP IP option...

Страница 190: ...r Internet Mail attempts to deliver inbound mail before giving up When the time is over undeliverable mail is bounced back to the sender and removed from the Spool directory The default value is 5 day...

Страница 191: ...s incorrect format arrives Because of the malformed structure the product cannot reliably parse the e mail message and thus there is a risk that malicious code will pass undetected Drop The malformed...

Страница 192: ...of Nested Messages setting Drop E mail messages with exceeding nesting levels are not delivered to the recipient s The nested message is moved to the the quarantine folder if Quarantine Problematic M...

Страница 193: ...ontent Transfer Encoding quoted printable Content Disposition attachment filename ghost exe Action on mails with long lines Select the action to take if an e mail message contains lines exceeding the...

Страница 194: ...ferent attachments name This is a multi part message in MIME format _NextPart_000_007B_01C19931 61582B60 Content Type application octet stream Content Transfer Encoding base64 Content Disposition atta...

Страница 195: ...onsole by selecting the F Secure Anti Virus for Internet Mail tab and clicking Show Mail Log button on the Summary page The mail log contains information about received scanned sent trashed rejected a...

Страница 196: ...1 58 45 scanned job smtp40BC454400 msg id example eml localhost result clean size 696 msize n a Sent Entry The Sent Entry is added to the log when the mail has been successfully sent to another mail t...

Страница 197: ...the to field from SMTP envelope An example of a Trashed Entry 2007 06 01 11 59 56 trashed job smtp40BC458C00 msg id example eml localhost from sender example com to recipient example com Rejected Entr...

Страница 198: ...f the spool file the message ID and the reason for the error 2007 06 01 14 48 06 error job smtp40BC6CE300 msg id example eml localhost reason Scan failed due to unrecoverable error giving up For infor...

Страница 199: ...b Console for the First Time 82 6 5 1 Viewing Statistics with F Secure Internet Gatekeeper Web Console In F Secure Internet Gatekeeper Web Console the statistics are displayed on the Summary Inbound M...

Страница 200: ...200 Figure 6 17 Summary of SMTP scanning statistics in F Secure Internet Gatekeeper Web Console...

Страница 201: ...rder Processed messages Displays the total number of messages that have been processed Infected messages Displays the total number of infected messages High Medium virus risk messages Displays the num...

Страница 202: ...MTP traffic scanning statistics The Outbound Mail Statistics page displays the outbound SMTP traffic statistics The Statistics pages show the following the number of messages that have been processed...

Страница 203: ...CHAPTER6 203 Administering F Secure Anti Virus for Internet Mail Figure 6 18 Inbound Mail statistics in F Secure Internet Gatekeeper Web Console...

Страница 204: ...otal size of messages that have been scanned for viruses Infected messages Displays the amount of messages that have been infected with viruses Size of infected messages Displays the total size of mes...

Страница 205: ...rus for Internet Mail Size of spam messages Displays the total size of spam messages received Last infection found Displays the name of the last infection in inbound mail Last infection found on Displ...

Страница 206: ...sole you can see the F Secure Anti Virus for Internet Mail statistics on the Status tab under the F Secure Anti Virus for Internet Mail Statistics Total branch For explanations see above Figure 6 19 T...

Страница 207: ...Mail Inbound mail statistics on the Status tab under the F Secure Anti Virus for Internet Mail Statistics Inbound Mail branch and the Outbound mail statistics under the F Secure Anti Virus for Intern...

Страница 208: ...rmore F Secure Anti Virus for Internet Mail can add a disclaimer to mail messages that have been processed and found clean You can change the virus notification settings from F Secure Anti Virus for I...

Страница 209: ...7 ADMINISTERING F SECURE CONTENT SCANNER SERVER Overview 210 Configuring F Secure Content Scanner Server 211 Configuring Scanning Settings 216 Configuring and Viewing Statistics 226 Monitoring Logs 2...

Страница 210: ...nner Server settings to set up the working directory set the virus definition database update notifications and scan engines In centrally managed mode you can configure F Secure Content Scanner Server...

Страница 211: ...erver This section explains how you can configure the 7 2 1 Service Connections You can specify how F Secure Content Scanner Server should interact with F Secure for Internet Gateways and F Secure for...

Страница 212: ...r Internet Mail uses the same configuration To change F Secure Anti Virus for Internet Mail settings see Content Scanner Servers 149 Accept connections Specify a comma separated list of F Secure Anti...

Страница 213: ...anner Server accepts If you do not want to limit the number of connections per host set the value to zero 0 However using 0 or a very high value might increase the risk of a denial of service attack S...

Страница 214: ...cations Protocols X Incoming Packages Polling Interval where X is File Sharing or HTTP This setting is used in the centrally managed installations only Verify integrity of downloaded databases Specify...

Страница 215: ...Send security alert Notify when databases become older than Specify the number of days after which the databases are considered outdated An alert will be sent to the administrator when the latest dat...

Страница 216: ...how password protected archives are handled 7 3 1 Virus Scanning Go to F Secure Content Scanner Server Settings Virus Scanning and to change the archive scanning and scanning engine settings These set...

Страница 217: ...s inside the archives for possible infections The supported archive formats are ARJ BZ2 CAB GZ JAR LZH MSI RAR TAR TGZ Z and ZIP The archive itself is scanned if that is configured with the other scan...

Страница 218: ...Password protected archives cannot be scanned Select whether to treat them as safe or unsafe As password protected archives cannot be inspected without knowing the password the user who receives a pas...

Страница 219: ...ked size of an archive file exceeds this threshold the server will consider the archive suspicious and corresponding action will be taken Scan extensions inside archives Specify a list of files separa...

Страница 220: ...ure 7 4 Spam Filtering settings Number of spam scanner instances Specify the number of Spam Scanner instances to be created and used for spam analysis As one instance of the spam scanner is capable of...

Страница 221: ...imizing F Secure Spam Control Performance 250 The server must be restarted after this setting has been changed For instructions see Starting and Stopping F Secure Internet Gatekeeper Components 294 IM...

Страница 222: ...patterns to cache for spam detection service By default the cache size is 10000 cached patterns Increasing cache sizes may increase the threat detection performance but it requires more disk space and...

Страница 223: ...can be trusted not to be operated by spammers and do not have open relays or open proxies Define the network as a network netmask pair 10 1 0 0 255 255 0 0 with the network nnn CIDR specification 10...

Страница 224: ...ettings Advanced Figure 7 5 Advanced settings Working directory Specify the path to the working directory where the product will create temporary files IMPORTANT This setting must be defined as Final...

Страница 225: ...fy how often the Working Directory is cleaned of all files that may be left there By default files are cleaned every 30 minutes Free space threshold Set the free space threshold in megabytes for the d...

Страница 226: ...s for storing this information as well as the maximum number of viruses to be displayed on the list Figure 7 6 Virus Statistics settings In F Secure Policy Manager you can see the list of most active...

Страница 227: ...et Gatekeeper Web Console For instructions on how to log in the F Secure Internet Gatekeeper Web Console see Logging in the F Secure Internet Gatekeeper Web Console for the First Time 82 Summary The F...

Страница 228: ...er Server is currently running or not Start time Displays the start date and time of F Secure Content Scanner Server Scanned files Shows the number of files the server has scanned for viruses Note tha...

Страница 229: ...splayed on this page Database update version Displays the version of the virus definition database update The version is shown in YYYY MM DD_NN format where YYYY MM DD is the release date of the updat...

Страница 230: ...e Summary Virus Statistics page in F Secure Internet Gatekeeper Web Console Figure 7 8 Virus Statistics in F Secure Internet Gatekeeper Web Console Most active viruses Top 10 Displays a Top 10 listing...

Страница 231: ...Spam Scanner Statistics On the Summary Spam Scanner Statistics page in F Secure Internet Gatekeeper Web Console you can see the Spam Control status database update information spam scanning results a...

Страница 232: ...You can see the status of all scan engines on the Scan Engines Properties page of F Secure Internet Gatekeeper Web Console Figure 7 10 Scan engine statuses and statistics in F Secure Internet Gatekee...

Страница 233: ...scan engine should be disabled for troubleshooting purposes only because disabling one of the scan engines significantly reduces the chances of finding malware Not loaded This status is displayed when...

Страница 234: ...ion found Displays the name of the latest infection that was found with the selected scan engine Last time infection found Displays the date and time of the last infection Engine excluded extensions S...

Страница 235: ...Console Total Scanning Statistics In F Secure Policy Manager you can see a summary of the scanning statistics under F Secure Content Scanner Server Statistics Server branch For explanations see above...

Страница 236: ...n see the list of most active viruses under the F Secure Content Scanner Server Statistics Virus Statistics Most Active Viruses branch Figure 7 12 Virus Statistics in F Secure Policy Manager Console F...

Страница 237: ...In F Secure Policy Manager Console you can see the spam statistics under the F Secure Content Scanner Server Statistics Spam Control branch Figure 7 13 Spam Control statistics in F Secure Policy Mana...

Страница 238: ...can see the status of the scan engines under the F Secure Content Scanner Server Statistics Scan Engines branch Figure 7 14 Scan engine statuses and statistics in F Secure Policy Manager Console For...

Страница 239: ...is maintained by F Secure Management Agent and it contains all the alerts generated by the F Secure components installed on the host Logfile log can be found on all hosts running F Secure Management A...

Страница 240: ...240 8 ADMINISTERING F SECURE SPAM CONTROL Introduction 241 Spam Control Settings 242 Realtime Blackhole List Configuration 248...

Страница 241: ...spam flag header into a junk mail folder F Secure Spam Control spam definition databases can be updated with F Secure Automatic Update Agent In order to update the spam definition databases F Secure A...

Страница 242: ...h the product Otherwise they will be ignored Figure 8 1 Common Spam Control settings Spam filtering Specify whether inbound mails should be scanned for spam Realtime Blackhole List RBL spam filtering...

Страница 243: ...l allows more spam to pass but a smaller number of regular e mail messages will be falsely identified as spam For example if the spam filtering level is set to 3 more spam is filtered but also more re...

Страница 244: ...l Address setting instead of being delivered to the original recipient s The messages are marked as specified by the Add X Header and Modify Spam Message Subject settings Delete messages with this lev...

Страница 245: ...lowing format X Spam Status flag hits scr required sfl tests tests where flag is Yes or No scr is the spam confidence rating returned by the spam scanner sfl is the current spam filtering level tests...

Страница 246: ...eeds the specified maximum size the message will not be scanned for spam The bigger the maximum size of mails to be scanned for spam is the more resources the product will use Since all spam messages...

Страница 247: ...nts whose incoming messages are always treated as spam When specifying sender and recipient addresses use the username example com format You can use wildcards The match is not case sensitive The prod...

Страница 248: ...queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the host where F Secure Spam Control is running 3 Test the DNS functionali...

Страница 249: ...g correctly you should see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DU...

Страница 250: ...ses when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default the product processes a maxim...

Страница 251: ...251 9 ADMINISTERING F SECURE MANAGEMENT AGENT F Secure Management Agent Settings 252 Configuring Alert Forwarding 254...

Страница 252: ...s are at least sometimes connected through a network or a temporary link Active protocol Sets the active protocol Protocols A subdirectory containing the settings for the File Sharing and the HTTP pro...

Страница 253: ...es such as Base Policy files or virus definition databases from the F Secure Policy Manager Server Outgoing packages update interval Defines how often the host tries to transmit periodically updated i...

Страница 254: ...y Manager Console Incoming packages polling interval Defines how often the host tries to fetch incoming packages such as Base Policy files or new virus definition databases from the F Secure Managemen...

Страница 255: ...ou can further configure the alert target by setting the policy variables under target specific branches For example F Secure Management Agent Settings Alerting F Secure Policy Manager Retry Send Inte...

Страница 256: ...ings and Statistics icon in the Windows system tray Select F Secure Management Agent and click Properties Go to the Alerting tab to configure the alert forwarding Figure 9 3 Alert Forwarding table in...

Страница 257: ...you choose to forward alerts to an e mail address SMTP you have to specify the e mail address of the recipient and the mail server you want to use Select E Mail SMTP and click Properties to specify SM...

Страница 258: ...Query Results Page 265 Viewing Details of a Quarantined Message 267 Reprocessing the Quarantined Content 268 Releasing the Quarantined Content 269 Removing the Quarantined Content 271 Deleting Old Qu...

Страница 259: ...installations with Centralized Quarantine Management 40 and Scenario 3 F Secure Anti Virus for Internet Mail for each Sub domain 356 The quarantine consists of quarantine database quarantine storage...

Страница 260: ...10 2 Configuring Quarantine Options In stand alone installations all the quarantine settings can be configured on the Quarantine page in F Secure Internet Gatekeeper Web Console For more information o...

Страница 261: ...CHAPTER10 261 Quarantine Management Figure 10 1 Quarantine Query page...

Страница 262: ...and malformed messages Disallowed content Includes blocked messages Spam Includes messages considered spam Scan failure A scan failure can occur for example if the file is severely corrupted Unsafe In...

Страница 263: ...teria Host IP address Enter the host IP address to be used as search criteria Show only You can use this option to view the current status of messages that you have set to be reprocessed released or d...

Страница 264: ...Exact start and end dates to specify the date and time year month day hour minute when the data has been quarantined Sort Results Specify how the search results are sorted by selecting one of the opti...

Страница 265: ...ne Query Results Page The Quarantine Query Results page displays a list of e mails that were found in the query To view detailed information about a quarantined e mail click the View link in the Detai...

Страница 266: ...ined Content 271 The Query Results page also displays status icons of the e mails that were found in the search If there are reprocessing release or delete operations that have not completed yet the i...

Страница 267: ...e View link in the details column 2 The Quarantined Content Details page opens Figure 10 3 Quarantined Content Details page This is a quarantined e mail that the administrator has set to be deleted Th...

Страница 268: ...d details The message status icon near the upper right corner of the page For a complete list of the icons see Query Results Page 265 The Download link can be used to download the quarantined attachme...

Страница 269: ...have been reprocessed and found clean are delivered to the intended recipients They are also automatically deleted from the quarantine The progress of the reprocessing operation is displayed in the W...

Страница 270: ...e Release Quarantined Content dialog opens 5 Specify whether you want to release the content to the original recipient or specify an address where the content is to be forwarded 6 Specify what happens...

Страница 271: ...ssages that have been classified as spam Click the Delete All button to delete all the displayed quarantined content 5 You are prompted to confirm the deletion Click OK The content is now removed from...

Страница 272: ...enu 4 Specify a retention period that is shorter than the default value for example 1 day in the Retention Period column 5 Specify a cleanup interval that is shorter than the default value for example...

Страница 273: ...or Internet Mail tab in the Web Console and go to the Quarantine page Then click the Show Log File button 10 12 Quarantine Statistics The Quarantine statistics page displays the number of quarantined...

Страница 274: ...attachments are stored and counted as separate items in the quarantine storage For example if a message has three attachments and only one of them has been found infected two items will be created in...

Страница 275: ...275 11 SECURITY AND PERFORMANCE Introduction 276 Optimizing Security 276 Optimizing Performance 277...

Страница 276: ...ss them If you make changes to file locations and directories make sure that the new directory has the same rights as the old one 11 2 1 Virus Scanning Make sure that F Secure Internet Gatekeeper is c...

Страница 277: ...values for optimized security For more information see Data Trickling 101 11 3 Optimizing Performance For the best performance you should keep all working directories on a local hard disk and make sur...

Страница 278: ...can Result Cache does not weaken the security as F Secure Internet Gatekeeper verifies that only exactly the same files may pass without scanning that have been scanned already For more information se...

Страница 279: ...transactions For more information see Service Connections 211 Number of Ports in Use If necessary you can enhance the performance of F Secure Anti Virus for Internet Gateways by increasing the number...

Страница 280: ...280 12 UPDATING VIRUS AND SPAM DEFINITION DATABASES Overview 281 Automatic Updates 281 Configuring Automatic Updates 282...

Страница 281: ...irus is found F Secure provides a new virus definition database update F Secure Internet Gatekeeper uses an intelligent UDP based polite protocol BWTP or HTTP protocol to fetch this update F Secure s...

Страница 282: ...ccess the F Secure Automatic Update Agent user interface open the F Secure Internet Gatekeeper Web Console and select the Automatic Update Agent tab In centrally managed installations you can use the...

Страница 283: ...CHAPTER12 283 Updating Virus and Spam Definition Databases 12 3 1 Summary Figure 12 1 Automatic Update Agent summary in F Secure Internet Gatekeeper Web Console...

Страница 284: ...version and name of the latest installed update Last check time The date and time when the last update check was done Last check result The result of the last update check Next check time The date an...

Страница 285: ...Updating Virus and Spam Definition Databases Downloads Figure 12 2 Automatic Update Agent downloads in F Secure Internet Gatekeeper Web Console The Downloads page displays downloaded and installed up...

Страница 286: ...286 12 3 2 Automatic Updates Figure 12 3 Automatic update settings in F Secure Internet Gatekeeper Web Console Specify the how the product connects to F Secure Update Server...

Страница 287: ...for a usable Internet connection before trying to connect to the Update Server Use HTTP Proxy Select whether HTTP proxy should be used No HTTP proxy is not used From browser settings Use the same HTT...

Страница 288: ...product cannot connect to any user specified update server during the failover time it retrieves the latest virus definition updates from F Secure Update Server if Allow fetching updates from F Secure...

Страница 289: ...ure Internet Gatekeeper Web Console Edit the list of virus definition database update sources and F Secure Policy Manager proxies If no update servers are configured the product retrieves the latest v...

Страница 290: ...host tries to connect servers Virus definition updates are downloaded from the primary sources first secondary update sources can be used as a backup The product connects to the source with the smalle...

Страница 291: ...291 13 TROUBLESHOOTING Testing the Connections 292 Starting and Stopping F Secure Internet Gatekeeper Components 294 Frequently Asked Questions 295...

Страница 292: ...the connection to F Secure Anti Virus for Internet Gateways is working For more information see Network Configuration 94 13 1 2 Checking that F Secure Anti Virus for Internet Mail is Up and Running Y...

Страница 293: ...essage or if the cursor does not appear in the upper left corner it means that the connection was unsuccessful To test the network connection at the same time it is recommended to run telnet from the...

Страница 294: ...cure Internet Gatekeeper Web Console and select the Anti Virus for Internet Mail tab Click Stop to stop F Secure Anti Virus for Internet Mail and click Start to start the service or Open Windows Contr...

Страница 295: ...ubleshooting 13 3 Frequently Asked Questions All support issues frequently asked questions and hotfixes can be found under the support pages at http support f secure com For more information see Techn...

Страница 296: ...296 A APPENDIX Warning Messages HTTP Warning Messages 297 SMTP Warning Messages 298...

Страница 297: ...iable is replaced with Unknown Variable Description DATE The date and time METHOD The HTTP request method GET POST CONNECT etc URL The requested URL CONTENT TYPE The HTTP Content Type header in the re...

Страница 298: ...ng variable is replaced with Unknown Variable Description NAME OF SENDER The sender of the mail message NAME OF RECIPIENT The recipient s of the mail message SUBJECT The subject of the mail message AN...

Страница 299: ...e Description AFFECTED FILENAME The name of the original file or attachment AFFECTED FILESIZE The size of the original file or attachment THREAT The name of the threat that was found in the content TA...

Страница 300: ...300 B APPENDIX Specifying Hosts Introduction 301 Domain 301 Subnet 301 IP Address 302 Hostname 302...

Страница 301: ...et is a partially qualified Internet address in numeric dotted quad form optionally followed by a slash and the netmask which is specified as the number of significant bits in the subnet It is used to...

Страница 302: ...qualified internet address in numeric dotted quad form Usually this address represents a host but the address does not necessarily have to have a DNS domain name Example 192 168 123 7 B 5 Hostname A h...

Страница 303: ...re always assumed to be anchored in the root of the DNS tree Therefore hosts WWW example com and www example com note the trailing period are considered to be equal Usually it is more effective to spe...

Страница 304: ...304 C APPENDIX Access Log Variables List of Access Log Variables 305...

Страница 305: ...mat excluding HTTP headers When no bytes are sent the value is Example C The contents of cookie Example in the request sent to the server D The time taken to serve the request in microseconds EXAMPLE...

Страница 306: ...se an empty string is used r The first line of the request s The status of the request For internally redirected requests the value is the status of the original request t The time in standard English...

Страница 307: ...ontent is safe or not Cured The file was disinfected by the scanner Replaced The content was infected and the server replaced the original content Block The content was blocked Error An error occurred...

Страница 308: ...the file is clean or not scanned the value is FSFILTER scansrc The value displays whether the Scan Result Cache was used Scan The file was scanned Cache The scan result for the file was found from the...

Страница 309: ...309 D APPENDIX Mail Log Variables List of Mail Log Variables 310...

Страница 310: ...address of the host that the mail message was received from FROM Received Scanned Sent Trashed The complete mail sender address as given in the mail envelope i e SMTP MAIL FROM command TO Received Sc...

Страница 311: ...ct dns space name ip address RECVTIME Received The time in milliseconds taken to receive the mail message SCANTIME Scanned The time in milliseconds taken to scan the mail message SENDTIME Sent The tim...

Страница 312: ...312 E APPENDIX Configuring Mail Servers Configuring the Network 313 Configuring Mail Servers 314...

Страница 313: ...Server Configuration Inbound e mail must be routed to F Secure Internet Gatekeeper E mail Client Configuration Mail clients must send outgoing SMTP e mail to F Secure Internet Gatekeeper No settings...

Страница 314: ...elay features enabled enable and configure anti relay on F Secure Anti Virus for Internet Mail as well Receiving 166 E 2 Configuring Mail Servers E 2 1 Lotus Domino If you are installing F Secure Inte...

Страница 315: ...ange the SMTP port number of Microsoft Exchange 5 5 and use the standard SMTP TCP port number 25 for F Secure Internet Gatekeeper To change the SMTP port number in MS Exchange 5 5 1 On the MS Exchange...

Страница 316: ...316 To change the SMTP port number in MS Exchange 2000 1 Start the Exchange System Manager from the Start Menu 2 Open the Servers Current Server Protocols SMTP branch...

Страница 317: ...APPENDIX E 317 Configuring Mail Servers 3 Open the Properties window of Default SMTP Virtual Server 4 Click Advanced 5 Select the line that has SMTP port number 25 and click Edit...

Страница 318: ...318 6 Change the TCP port to some other unused port for example 26 7 Click OK for all the windows and reboot the server...

Страница 319: ...anced Deployment Options Introduction 320 Transparent Proxy 320 HTTP Load Balancing 329 Load Balancing With Windows Network Load Balancing Service 339 Deployment Scenarios for Environments with Multip...

Страница 320: ...a cluster communicate among themselves and provide high availability load balancing and scalability The service is included in any version of Windows 2003 server If you want to deploy F Secure Intern...

Страница 321: ...ing a transparent proxy is the best way to provide a reliable and easy HTTP scanning service with F Secure Internet Gatekeeper However configuring a transparent proxy may require some modifications in...

Страница 322: ...ddress 192 168 0 1 port 3128 For information on how to configure F Secure Internet Gatekeeper see sections Configuring F Secure Anti Virus for Internet Gateways 94 Configuring F Secure Anti Virus for...

Страница 323: ...ick OK Step 2 1 Open the ISA Management console 2 Open Servers and Arrays Extensions Application Filters 3 Right click HTTP Redirector Filter and select Properties 4 Select Options and make sure that...

Страница 324: ...Click OK Step 3 1 Open the ISA Management console 2 Open Servers and Arrays Network Configuration Routing 3 Right click Default rule and select Action 4 Enable Routing them to a specified upstream se...

Страница 325: ...ent Options 5 For the Primary route set the IP address and the port number that F Secure Internet Gatekeeper is configured to listen for incoming connections For the Backup route select the one which...

Страница 326: ...e Web Chaining tab 4 Right click the Last Default rule and select Properties 5 Select the Action tab Enable the Redirecting them to a specified upstream server option F Secure Internet Gatekeeper requ...

Страница 327: ...figuration setting is deselected 8 Click OK Additional information http www microsoft com isaserver http www isaserver org http www toolzz com F 2 2 Transparent Proxy with Linux and Unix Based Systems...

Страница 328: ...ables t nat A PREROUTING p tcp d 0 0 0 0 0 dport 80 j DNAT to 192 168 0 1 3128 An example using ipfilter FreeBSD 2 2 or later NetBSD 1 2 or later OpenBSD IPF 3 1 echo rdr ed0 0 0 0 0 0 port 80 192 168...

Страница 329: ...co com http www nortelnetworks com http www lucent com F 3 HTTP Load Balancing If you want to ensure that the speed of the communication does not slow down and is not interrupted when scanning the tra...

Страница 330: ...HTTP proxy A Domain Name Server DNS server resolves the name of the proxy server to its IP address so that clients know how to connect to it When a client connects to a proxy server site that has mult...

Страница 331: ...ince all servers are treated equally proper load balancing is not possible The requested content type is not taken into consideration F 3 2 Load Balancing with Proxy Auto Configuration PAC or Web Prox...

Страница 332: ...auto configuration scripts you can distribute the load between different caching proxies http naragw sharp co jp sps Benefits Easy and inexpensive to implement Drawbacks Automatic proxy configuration...

Страница 333: ...n Using round robin or some other load sharing model the upstream proxy redirects requests to proxy peers specified in its configuration file Benefits Fairly easy to implement If a company already has...

Страница 334: ...3 5 http wp netscape com proxy v3 5 evalguide advantages html Check Point FireWall 1 and Check Point NG Check Point FireWall 1 and Check Point NG have connect control modules which can be used to bala...

Страница 335: ...are Load balancing Solutions Network Address Translation NAT Figure F 5 F Secure Anti Virus for Internet Gateways deployed with Network Address Translation NAT Direct Path Routing Figure F 6 F Secure...

Страница 336: ...ing servers which offer various services such as e mail service Web service FTP service and DNS service Each of these services and their corresponding servers can be grouped and managed separately Lay...

Страница 337: ...or Internet Gateways deployed with clustering Clients access a cluster a virtual server Nodes in a cluster communicate among themselves and provide high availability load balancing and scalability Sys...

Страница 338: ...ure and deploy For detailed information on how to deploy a cluster for load balancing see Load Balancing With Windows Network Load Balancing Service 339 Windows 2000 Server Windows 2000 Server Cluster...

Страница 339: ...er we set up network load balancing for 500 users in the local network with 4 MB connection You should use at least two servers with the following hardware configuration Both servers do not have to be...

Страница 340: ...led and configured before it can be used Configuring TCP IP and Network Load Balancing Settings All settings should be identical for all servers in the cluster except the IP address which should be un...

Страница 341: ...168 0 231 Netmask 255 255 255 0 Gateway 192 168 0 1 DNS server 192 168 0 10 All other computers connected to the local area network connect to the cluster with address 192 168 0 233 In networks that...

Страница 342: ...342 4 Add the cluster address as the second IP address in the Advanced options In our case 192 168 0 233 5 Use the following settings in Network Load Balancing...

Страница 343: ...t Options Use the multicast communication mode 6 The remote control is not necessary and it can be disabled 7 Use an individual IP address for each different server Each server should have a different...

Страница 344: ...erwise the default settings are fine 9 You can use different settings just make sure that all settings are identical on all servers 10 After you have configured TCP IP and Network Load Balancing setti...

Страница 345: ...ment Options Checking The Status of the Cluster 1 Open the Network Load Balancing Manager from the Administrative tools to administer the cluster and individual nodes 2 Select Cluster Connect to Exist...

Страница 346: ...or s Guide Install F Secure Internet Gatekeeper on all servers on same paths and with same initial settings 2 After you have installed F Secure Internet Gatekeeper you should change the HTML error and...

Страница 347: ...ow which server in the cluster sent the page to the browser For example Change files on other servers in the same way but use a different IP address Checking The Status Of The Cluster After you have i...

Страница 348: ...e proxy address of the web browser n 2 Enter http 192 168 0 233 3128 in the web browser and open the page 3 Refresh the page several times and if everything is working properly you can see that each s...

Страница 349: ...Deployment Scenarios for Environments with Multiple Sub domains F 5 1 Scenario 1 F Secure Anti Virus for Internet Mail as an Upstream Mail Transfer Agent Figure F 8 F Secure Anti Virus for Internet Ma...

Страница 350: ...rewall Incoming and outgoing SMTP connections are allowed to from smtp my intranet host No changes are needed on mail servers and end user workstations in sub domain networks F Secure Anti Virus for I...

Страница 351: ...sed to scan all inbound and outbound e mail traffic for viruses and malicious code Inbound messages to all sub domains are scanned for spam No changes on firewall mail servers and end user workstation...

Страница 352: ...352 F 5 2 Scenario 2 F Secure Anti Virus for Internet Mail as Interim Mail Transfer Agent Figure F 9 F Secure Anti Virus for Internet Mail deployed as an Interim Mail Transfer Agent...

Страница 353: ...domain to the smtp my intranet host All inbound mails come to the Mail Transfer Agent running on the mx my intranet host Firewall rules are changed to enable incoming and outgoing SMTP connections to...

Страница 354: ...very is disabled The Mail Routing Table contains the following entries Benefits One F Secure Anti Virus for Internet Mail installation is used to scan all inbound and outbound e mail traffic for virus...

Страница 355: ...on virus scanning and spam filtering policies for all sub domains It is possible to install F Secure Anti Virus for Internet Mail on the same host that runs upstream Mail Transfer Agent provided that...

Страница 356: ...356 F 5 3 Scenario 3 F Secure Anti Virus for Internet Mail for each Sub domain Figure F 10 F Secure Anti Virus for Internet Mail installed on a separate computer for each sub domain...

Страница 357: ...ains remain on the original machines DNS configuration for sub domains is changed so that F Secure Anti Virus for Internet Mail host is resolved as smtp my sub intranet and the mail server host is res...

Страница 358: ...d as outbound In both inbound and outbound mail delivery settings disable the Use DNS MX records setting and specify the Mail Routing Table as follows Benefits No changes needed in firewall and the or...

Страница 359: ...ole Configuration of sub domain mail servers needs to be changed It is possible to install F Secure Anti Virus for Internet Mail to the same host running the sub domain mail server provided that they...

Страница 360: ...360 G APPENDIX Services and Processes List of Services and Processes 361...

Страница 361: ...gent starts and controls the service automatically httpscan exe The process acts as a HTTP proxy and processes files downloaded through the proxy via HTTP 1 0 and HTTP 1 1 protocols rotatelogs exe The...

Страница 362: ...The Database Update Handler process verifies and checks the integrity of virus definition and spam control database updates Service Process Description F Secure Quarantine Manager fqm exe The service...

Страница 363: ...ss communication interface for integrated services and applications fch32 exe F Secure Configuration Handler that works with F Secure Policy Manager driver and enables other components to read base po...

Страница 364: ...364 F Secure Automatic Update Agent Service Process Description F Secure Automatic Update Agent fsaua exe The service retrieves updates from F Secure Policy Manager or F Secure Update server...

Страница 365: ...365 H APPENDIX Error Codes Introduction 366 F Secure Anti Virus for Internet Gateways 366 F Secure Anti Virus for Internet Mail 374 F Secure Content Scanner Server 391...

Страница 366: ...duct operation The Log or installation directory can t be accessed Make sure that the product has sufficient rights to access the folder in question Check free disk space Consider restoring the defaul...

Страница 367: ...If the problem persists contact F Secure Technical Support 106 Error Stopping Module Failed Module 1 could not be stopped The alert is not used in this version The alert is not used in this version 1...

Страница 368: ...ssage Pump Quit Quit the message pump with error 1 Unexpected problem during product operation Normally the alert can be ignored However if the alert is continuously reported try to restart the produc...

Страница 369: ...and act accordingly 123 Error Unable to Remove File The file 1 cannot be removed due to error 2 If the product cannot remove the file in question The alert contains the reason for the failure Check th...

Страница 370: ...error description Restarting the product or rebooting the system might help solve this problem If the problem persists consider re installing the product 133 Warning Invalid Setting The entry 1 in th...

Страница 371: ...t is not used in this version The alert is not used in this version 301 Security Virus Alert Infected Malicious code has been found in the following file page Request 1 Source 2 Destination 3 File siz...

Страница 372: ...virus No actions are required If you do not want to receive scan summary reports you can disable it by setting 0 zero in the Send scan summary interval setting 400 Security Evaluation license expired...

Страница 373: ...partner for purchasing the product or renew your license online If you wish to stop using the product you need to uninstall it 600 Error Unhandled Exception An unhandled exception occurred in 1 A sys...

Страница 374: ...pool quarantine or installation directory cannot be accessed Make sure that the product has sufficient rights to access the directory in question Check that there is enough free disk space and conside...

Страница 375: ...rt can be ignored if it happens only occasionally at the product or system shutdown However if the failure is reported often please contact F Secure Technical support for assistance 108 Error Unexpect...

Страница 376: ...nt Agent is up and running Restarting the product or rebooting the system might solve this problem 125 Error Policy Read Failed Reading the policy variable 1 was unsuccessful due to 2 The product fail...

Страница 377: ...Database The magic database file 1 is invalid or corrupted Intelligent File Type Recognition is disabled The magic database signature check failed Either the file has been forged or it has been change...

Страница 378: ...its threshold The current number of items in the quarantine database is 1 The total number of quarantined items has reached its threshold Increase the threshold value or adjust the quarantine retenti...

Страница 379: ...eck IP address and port number that F Secure Anti Virus for Internet Mail and Content Scanner Server use to communicate to each other 214 Error No Servers Available The agent cannot connect to any of...

Страница 380: ...il to it No actions are required 240 Error Mail Server Unreachable Cannot connect to the Mail Server on 1 2 Mail messages will be spooled F Secure Anti Virus for Internet Mail has failed to contact th...

Страница 381: ...ed e mail 244 Warning Mail Exceeds Max Size Mail message exceeds the specified maximum message size and was rejected Sender host 1 Sender 2 Recipient 3 Subject 4 Message ID 5 Mail size 6 Max size 7 F...

Страница 382: ...pool ID 5 Scan result 6 Reason 7 The message in question was bounced The reason for the bounce is included in the alert Check the reason for the failure and act accordingly 249 Security Message Blocke...

Страница 383: ...1 Error Cannot Send Content Sending content to the 1 F Secure Content Scanner Server on 2 was unsuccessful while processing spool job 3 attachment 4 Error occurred 5 F Secure Anti Virus for Internet M...

Страница 384: ...270 Warning Low Spool Warning The size of the spool directory has reached its warning level threshold Volume containing the spool directory has 1 megabytes available at the moment The disk is getting...

Страница 385: ...tachment could not be extracted from the mail Sender 1 Recipient 2 Subject 3 Message ID 4 Spool ID 5 Attachment name 6 Attachment size 7 Action 8 Quarantined 9 The attachment in question is apparently...

Страница 386: ...File name 5 File size 6 bytes Scan result 7 Action Disinfected When a file is found infected and successfully disinfected on scanning See below 320 Security Virus Alert Malicious code found in the mai...

Страница 387: ...hanging e mail blocking settings if the attachment in question should not have been blocked 360 Security Unable to Scan Attachment cannot be scanned Sender 1 Recipient 2 Subject 3 Message ID 4 Spool I...

Страница 388: ...ity Evaluation License Expires Soon The evaluation license will expire in 1 days Your network remains protected against viruses and other malicious code The evaluation period will end soon To continue...

Страница 389: ...e For example if there is not enough disk space free some etc 481 Error Cannot Quarantine Mail The e mail message cannot be quarantined due to error 1 Check the quarantine log for more details The mes...

Страница 390: ...eption was caught Check the log files to find out which mail caused an exception Restarting the product or rebooting the system might solve the problem Contact F Secure Technical Support if the produc...

Страница 391: ...nfo Settings Changed The following settings have been changed 1 Product settings changed from F Secure Policy Manager Console or Web Console No actions required 70 Error Cannot Read Settings Cannot re...

Страница 392: ...and stop the product again If the alert appears again reboot the system 141 Warning Module Not Running Attempted to stop the module 1 that is not running On shutdown No actions required 142 Error Modu...

Страница 393: ...em 210 Error Process Scan Request Failed Cannot process scan request Failed to connect F Secure Anti Virus due to error 1 Alert not used in this version Alert not used in this version 220 Error Scan R...

Страница 394: ...that holds the quarantine directory is low on disk space Free some disk space You might consider deleting old quarantined files 300 Warning Missing Database File Virus definition database file 1 is mi...

Страница 395: ...sion Alert not used in this version 307 Info Database Files Updated The following virus definition databases have been successfully updated 1 Virus definition databases have been manually or automatic...

Страница 396: ...tection secure database files need to be updated Alert not used in this version Alert not used in this version 345 Error System Clock Changed The system time was apparently changed and the program can...

Страница 397: ...re 402 Error Database Rejected The database update 1 was rejected New virus definition or spam scanner databases have been rejected as they did not pass integrity verification Check the alerts that pr...

Страница 398: ...m F Secure Make sure that only authorized personnel have access rights to F Secure Policy Manager product installation and database update files directories 413 Error Database Verification No Manifest...

Страница 399: ...or missing database publisher s certificate 1 The publisher s certificate is invalid or missing from the database update package Check that the product downloads database updates from F Secure Make su...

Страница 400: ...rror Database Verification No Revocation File Bad or missing revocation file 1 The revocation file is missing or invalid See above 450 Fatal error Database Verification Not Enough Memory There was not...

Страница 401: ...ed by any component if there are problems with F Secure Configuration Handler a component of F Secure Management Agent Reboot the system If the problem persists after reboot contact F Secure Technical...

Страница 402: ...e 1 cannot be removed due to error 2 If a component cannot remove the file in question The alert contans the reason for the failure Check the reason for the failure and act accordingly 575 Error Unabl...

Страница 403: ...ion mode work properly See the manual for detailed instructions 1002 Info Started Listening Authenticated Mode 1 has started listening for incoming connections on address 2 port 3 Authenticated mode w...

Страница 404: ...and the protocol version it is supposed to communicate over Consider updating the product and applying all latest service packs and hotfixes 1203 Warning Undefined Request The received data is not a r...

Страница 405: ...agent See above ID 1206 1208 Error Unable to Send Content Cannot send content to the agent due to error 1 If the content provider cannot send the content processed data back to the agent See above ID...

Страница 406: ...ion does not respond and or cannot process the content within the timeout period Make sure the content processor is up and running Restart the product if the problem persists 1213 Error Processor Inte...

Страница 407: ...on 1 Protocol 2 Source 3 Destination 4 File name 5 File size 6 bytes Scan result 7Action Disinfected When a file is found infected and successfully disinfected on scanning See above ID 2001 2004 Error...

Страница 408: ...2 Source 3 Destination 4 File name 5 File size 6 bytes When the product fails to disassemble a file to be scanned The format of the file question may be invalid or malformed Get the file from the qua...

Страница 409: ...409 Technical Support Introduction 410 F Secure Online Support Resources 410 Web Club 412 Virus Descriptions on the Web 412...

Страница 410: ...f secure com Example Anti Virus Norway f secure com If there is no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an onl...

Страница 411: ...for File Servers if it is installed on the same computer and possibly the version numbers of F Secure Policy Manager Server and F Secure Policy Manager Console if you use centralized administration I...

Страница 412: ...age Alternatively right click on the F Secure icon in the Window taskbar and choose the Web Club command To connect to the Web Club directly from within your Web browser go to http www f secure com sm...

Страница 413: ...all with intrusion prevention antispam and antispyware solutions Founded in 1988 F Secure has been listed on the Helsinki Exchanges since 1999 and has been consistently growing faster than all its pub...

Страница 414: ...414...

Отзывы: