background image

13

McAfee

®

 GroupShield

 7.0 User Guide

Introduction

GroupShield Features

1

„

Filter for Password Protected ZIP Files

 

 For more information about this filter, 

refer to 

Password-protected files

 

on page 140

.

„

Filter for Protected Content (Password protected Microsoft

®

 Office files)

 

 For 

more information about this filter, refer to 

Protected content

 

on page 137

.

„

Support for N+1 cluster

 — For more information, refer to 

Single Copy Cluster (SCC, 

N+1 cluster configuration) on Exchange Server 2003 and 2007

 

on page 34

.

„

Enhanced MIME Scanning

 

 MIME (Multipurpose Internet Mail Extensions) is a 

communications standard that enables the transfer of non-ASCII formats over 
protocols (like SMTP) that supports only 7-bit ASCII characters. GroupShield enables 
you to specify how such MIME messages are handled.

„

Buffer Overflow protection using VirusScan Enterprise version 8.5i

 

 A buffer 

overflow is an anomalous condition where a process attempts to store data beyond 
the boundaries of a fixed-length buffer. This results in extra data, overwriting the 
adjacent memory locations. Enabling Buffer Overflow Protection prevents this 
condition. GroupShield has the provision of buffer overflow protection. For more 
information, refer to 

Buffer Overflow Protection

 

on page 30

.

„

Enhanced Quarantine Management

„

Local Quarantine Management

 

 Detected Items can be quarantined. You can 

specify the local database to be used as a repository for quarantining email 
messages. You can also configure maintenance settings for the local quarantine 
database.

„

Quarantining using McAfee Quarantine Manager version 4.1

 

or 4.1.1 —

 You can 

specify McAfee Quarantine Manager in a different server as a repository for 
quarantining infected email messages. This keeps your Exchange Server safe 
from viruses.

„

Integration with:

„

McAfee ePolicy Orchestrator version 3.6 and 4.0

 

 to provide a single point of 

control for your McAfee anti-virus products, to manage anti-virus policies and 
view reports of anti-virus events and virus activity in an enterprise environment.

 

For more information, refer to the chapters 

Integrating with ePolicy Orchestrator 

3.6

 

on page 47

 and 

Integrating with ePolicy Orchestrator 4.0

 

on page 63

.

Note

Buffer over flow protection is available only on 32 -bit platforms (and not on 64-bit 
platforms) with Exchange Server 2003.

Содержание GroupShield 7.0 ForMicrosoft Exchange

Страница 1: ...User Guide revision 1 0 McAfee GroupShield version 7 0 For Microsoft Exchange...

Страница 2: ...Chicago Inc and or Outside In HTML Export 2001 Stellent Chicago Inc Software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper 1998 1999 2000 Software copyrighted by Expat maintain...

Страница 3: ...tion scenarios 21 Types of installation 22 System requirements 23 3 Installing the Software 25 Accessing the software 25 What is included with the software 26 Installing GroupShield for Microsoft Exch...

Страница 4: ...figuring GroupShield Policies 53 Managing Policies 54 Scheduling tasks 55 Reports 59 Configuring reports 60 Uninstallation 60 6 Integrating with ePolicy Orchestrator 4 0 63 Introduction 63 Pre requisi...

Страница 5: ...essages 101 All items 101 10 Policy Manager 105 Policy manager views 105 Inheritance view 106 Advanced view 107 Creating a subpolicy 108 Policy settings 109 List all scanners 109 View settings 112 Spe...

Страница 6: ...roupShield 7 0 User Guide Contents Diagnostics 171 Debug logging 171 Error reporting service 172 Event logging 172 Product log 172 Product log 173 DAT settings 174 Import and export configuration 174...

Страница 7: ...ge Where GroupShield sits on your network Other areas to protect GroupShield Features What is New Features not supported What is GroupShield McAfee GroupShield 7 0 software protects Microsoft Exchange...

Страница 8: ...l message for banned content as specified in the content management policies running within the GroupShield software If there are no viruses banned unwanted content in the email message GroupShield pa...

Страница 9: ...hat signature The engine uses a technique called heuristic analysis to search for unknown viruses This involves analysis of the object s program code and searching for distinctive features typically f...

Страница 10: ...one computer to another across your network From the viewpoint of somebody trying to attack your corporate network your file servers are a good target because many other computers connect to the file...

Страница 11: ...ages Anti phishing GroupShield is capable of detecting email messages containing phish that fraudulently tries to obtain personal information Typically such email messages request the recipients to cl...

Страница 12: ...ey are installed Enhanced Anti Spam Capability GroupShield for Exchange is capable of detecting spam or unsolicited bulk email messages sent to multiple recipients who did not ask to receive it It ass...

Страница 13: ...ocations Enabling Buffer Overflow Protection prevents this condition GroupShield has the provision of buffer overflow protection For more information refer to Buffer Overflow Protection on page 30 Enh...

Страница 14: ...an the latest threats Product Update using SuperDAT v 2 2 executable GroupShield helps you keep your server free from viruses Trojans spams phish PUPs by regularly updating the product using SuperDAT...

Страница 15: ...ng as a part of the core installation Features not supported Integration with black and whitelist server application installed along with GroupShield for Exchange version 6 x Integration with Outbreak...

Страница 16: ...ian Quarantining using McAfee Quarantine Manager modifying repairing restoring and uninstalling the software Integrating with ePolicy Orchestrator 3 6 Testing the GroupShield integration with ePolicy...

Страница 17: ...n introducing a new term for names of product documentation and topics headings within the material Example Refer to the VirusScan Enterprise Product Guide for more information Blue A web address URL...

Страница 18: ...installing and starting the software Getting started with the product and its features detailed instructions for configuring the software information on deployment recurring tasks and operating proce...

Страница 19: ...Security Vulnerabilities Available to the public For Products ServicePortal account and valid grant number required Product Evaluation McAfee Beta Program Technical Support http www mcafee com us supp...

Страница 20: ...20 McAfee GroupShield 7 0 User Guide Introduction Contact information 1...

Страница 21: ...vant rights and permissions to install GroupShield Before installing GroupShield Make sure Microsoft Exchange Server 2003 2007 is installed on the installation server Manually uninstall GroupShield so...

Страница 22: ...ling GroupShield for Microsoft Exchange Server 2003 2007 on page 26 for step by step instructions Silent installation You can install McAfee GroupShield software on Microsoft Exchange Server 2003 2007...

Страница 23: ...4 Windows 2003 Standard Enterprise Server 32 bit Windows 2003 Standard Enterprise Server R2 32 bit Windows 2003 Standard Enterprise Server 64 bit Windows 2003 Small Business Server 32 bit Windows 200...

Страница 24: ...24 McAfee GroupShield 7 0 User Guide Pre Installation System requirements 2...

Страница 25: ...software McAfee distributes GroupShield for Exchange in two ways As an archived file that you download from the McAfee website or from other electronic services On the Total Virus Defense TVD the Acti...

Страница 26: ...er Installing GroupShield for Microsoft Exchange Server 2003 2007 1 Using an administrative account log on to the Microsoft Exchange Server 2003 2007 2 Create a temporary directory on the network or y...

Страница 27: ...pears 5 Click Next The Component Selection dialog box displays the software components you can install McAfee GroupShield for Exchange 7 0 is selected by default Buffer Overflow Protection provides bu...

Страница 28: ...ion type from these options Typical installs the most common application features and is recommended for most users Complete installs all the application features Custom installs the application featu...

Страница 29: ...editor This is a new functionality in the software where you can see the list of sites configured for update The user interface is similar to that of McAfee VirusScan Enterprise This application modif...

Страница 30: ...plication or process to force it to execute code on the computer Applications have fixed size buffers that hold data If an attacker sends too much data or code into one of these buffers the buffer ove...

Страница 31: ...ed the installation files and double click BOPActivation EXE Installing McAfee Anti Spam for GroupShield Anti Spam and Anti Phish feature is available only if you install McAfee Anti Spam for GroupShi...

Страница 32: ...nt mode 1 Using an administrative account log on to the computer containing Microsoft Exchange Server 2003 2007 2 Create a temporary directory on the network or your local drive 3 To install do one of...

Страница 33: ...GSE7 GROUPSHIELD MSI INSTALLDIR C GSE7INSTALL QN MSIEXEC I MSI path INSTALLDIR Install Directory l log filename and path MSIEXEC I C GSE7 GROUPSHIELD MSI INSTALLDIR C GSE7INSTALL l C GSE7 GSELOG TXT...

Страница 34: ...cluster configuration on Exchange Server 2003 and 2007 A Single Copy Cluster SCC is a clustered mailbox server that uses shared storage in a failover cluster configuration to allow multiple servers t...

Страница 35: ...e and Description for the Resource 3 From the Resource type drop down list select McAfee Cluster Framework 4 From the Group drop down list select the Cluster group to which the GroupShield for Exchang...

Страница 36: ...e dependency added at the time of creation should NOT be modified under the Dependency tab from the McAfee Cluster Framework resource Properties dialog box If the dependency on the physical disk has t...

Страница 37: ...version The installation program successfully updates your installation to the new version The product upgrades supported are GroupShield for Exchange version 6 0 2 GroupShield for Exchange version 6...

Страница 38: ...GroupShield from v6 0 2 or higher 3 3 When the installation is completed successfully your system is upgraded to GroupShield for Exchange version 7 0 Note After the upgrade policies scheduled tasks r...

Страница 39: ...oftware is installed properly and can detect viruses and spam within the email messages Testing the anti virus component The recommended method to test an anti virus product is to attach an EICAR anti...

Страница 40: ...t domain 1 Create a new Internet external email message 2 In the body of the message copy the following text XJS C4JDBQADN1 NSBN3 2IDNEN GTUBE STANDARD ANTI UBE TEST EMAIL C 34X Ensure that you enter...

Страница 41: ...es you a central point from which you can analyze and act upon emails and files that have been quarantined Items are quarantined because they are spam phish contain viruses potentially unwanted softwa...

Страница 42: ...ng GroupShield 6 x user blacklists and whitelists DesPath to specify the directory path to where the generated BWLIST XML file is to be stored The output XML file generated can be imported into the Mc...

Страница 43: ...GSE_70_BWL_Path d 1 Maintaining your GroupShield application The GroupShield for Exchange software provides tools to help you maintain your installation Refer to these topics for detailed instructions...

Страница 44: ...or Exchange we recommend using the Windows Add Remove Programs feature although you can also modify GroupShield from the GroupShield for Exchange setup program Repairing GroupShield 1 Using administra...

Страница 45: ...Exchange services on the server and clients are shut down 3 From the Start menu click Settings then Control Panel The Control Panel window appears 4 Double click Add Remove Programs The Add Remove Pr...

Страница 46: ...cAfee GroupShield 7 0 User Guide Post Installation Tasks and Maintenance Uninstalling GroupShield for Exchange 4 9 Once the software is removed a message is displayed Click Finish to close the dialog...

Страница 47: ...an configure GroupShield for Exchange on the target computers across your network you do not need to configure them individually This chapter includes how to Check in the ePolicy Orchestrator agent to...

Страница 48: ...rs workstation and appliances that you can administer using ePolicy Orchestrator The details pane is to the right of the console Depending on the item selected in the console tree the details pane mig...

Страница 49: ...r your local drive 2 To install do one of the following depending on how you obtained the software Insert the CD into the computer s drive and copy the installation files into the temporary directory...

Страница 50: ...n and click OK to send the agent to the new computer added Sending an Agent Wakeup call 10 From the ePolicy Orchestrator console right click the Site or the Exchange Server on which you intend to inst...

Страница 51: ...ding GroupShield software NAP file to the repository 1 Click Repository The Repository page appears 2 Click Check in NAP The Software Repository Configuration Wizard appears 3 Select Add new software...

Страница 52: ...Install from the list item given against GroupShield for Exchange 6 Deselect Run this task at every policy enforcement interval 7 Click OK 8 Click the Schedule tab Deselect Inherit 9 From the Schedule...

Страница 53: ...message EPOUpgrade from GSE6 0 to GSE7 0 is completed Successfully Please follow the on screen instructions if upgrading fails Configuring GroupShield Policies This section explains how you enforce po...

Страница 54: ...deploy the new settings via the ePolicy Orchestrator agent Modifying policies for GroupShield in ePolicy Orchestrator 1 Using an administrative account log on to the computer containing ePolicy Orche...

Страница 55: ...on you can use ePolicy Orchestrator to inform where to access the latest update files and create schedules for replacing earlier DAT and Rule files and running on demand scans Using ePolicy Orchestrat...

Страница 56: ...y the files from that server Your servers can download files for a number of operating systems regardless of the operating systems that are in use Creating an AutoUpdate task 1 Using an administrative...

Страница 57: ...the console tree under ePolicy Orchestrator right click Directory or the site group or host then select Schedule Task Alternatively you click the Tasks tab in the upper details pane Right click in the...

Страница 58: ...own as Greenwich Mean Time or GMT to run the task This option causes the task to run at the same time for all your clients regardless of the local system time on the client computers Enable randomizat...

Страница 59: ...Running a report 1 Log on to the ePolicy Orchestrator database server under the Reporting section 2 Select the desired GroupShield for Exchange 7 0 report under Reporting ePO Databases database server...

Страница 60: ...r reports called sub reports that provide data related to the current report You can also print reports or export report data into a variety of file formats including HTML and Microsoft Excel Uninstal...

Страница 61: ...2 Select Repository Software repositories Master in the console tree 3 Select GroupShield for Exchange and click Delete A confirmation dialog box appears Click OK to remove GroupShield for Exchange f...

Страница 62: ...cAfee GroupShield 7 0 User Guide Integrating with ePolicy Orchestrator 3 6 Uninstallation 5 3 Right click groupshield7 0 and select Remove to uninstall the report file from the ePolicy Orchestrator se...

Страница 63: ...eployment capabilities all through a single point of control Pre requisites for installing ePolicy Orchestrator 4 0 For Microsoft Windows 2000 platform install these files on your system dotnetfx exe...

Страница 64: ...o the ePolicy Orchestrator server 1 Using an administrative account log on to the ePolicy Orchestrator server 2 Click New Systems The New Systems page appears 3 In How to add systems choose Deploy age...

Страница 65: ...ccount with which you want to install the agent on selected systems and click OK Installation Checking in the McAfee GroupShield for Microsoft Exchange Server 2003 2007 package to the ePolicy Orchestr...

Страница 66: ...7 Choose an appropriate Language from the drop down 8 In Products to deploy select GroupShield for Exchange 7 0 0 from the drop down and choose the Action as Install 9 In Options select or deselect th...

Страница 67: ...ZIP To install the GroupShield for Exchange policy extension files 1 Using an administrative account log on to the ePolicy Orchestrator server 2 Click Configuration Extensions Install Extension The In...

Страница 68: ...rop down 4 Click New Monitor 5 Choose the Category as Queries and a desired GroupShield for Exchange related query from the Monitor drop down menu 6 Click OK 7 Repeat step 4 and 5 for the remaining mo...

Страница 69: ...new query If the pre defined queries on the left side does not serve your purpose ePolicy Orchestrator enables you to create your own queries 1 Using an administrative account log on to the ePolicy O...

Страница 70: ...tics to place the systems in the System Tree Sending an Agent Wakeup Call 1 Using an administrative account log on to the ePolicy Orchestrator server 2 Click Systems Table 6 2 Reporting Options Option...

Страница 71: ...assign a policy to a specific group system in the System Tree Creating a new policy 1 Using an administrative account log on to the ePolicy Orchestrator server 2 Click Systems System Tree and choose...

Страница 72: ...ine client tasks for the entire System Tree a specific group or an individual system Using ePolicy Orchestrator 4 0 you can create these types of scheduled tasks for the GroupShield for Exchange softw...

Страница 73: ...ch includes the Name Notes Product Type of the task and the Schedule information 8 Click Save 9 Send an agent wake up call On Demand scan task You can create any number of on demand scan schedules The...

Страница 74: ...r 2 Click Systems System Tree and choose a desired group 3 From the Client Tasks tab click Create Task 4 Type a Name Notes for the task and choose the Type as Product Deployment McAfee Agent 4 0 0 5 C...

Страница 75: ...Click Software Master Repository 3 Click the Delete link of the GroupShield for Exchange package Removing the product extension 1 Using an administrative account log on to the ePolicy Orchestrator se...

Страница 76: ...76 McAfee GroupShield 7 0 User Guide Integrating with ePolicy Orchestrator 4 0 Uninstallation 6 4 Select the option Force removal bypassing any checks or errors 5 Click OK...

Страница 77: ...o be familiar with ProtectionPilot Pre requisites for using ProtectionPilot Before you can use the ProtectionPilot software to manage GroupShield for Exchange Check in the appropriate package and NAP...

Страница 78: ...ly managing products Installed on each computer it deploys products updates virus definition DAT files and the virus scanning engine upgrades existing products with service pack and patch releases It...

Страница 79: ...ange pkgCatalog z file to the ProtectionPilot server 1 Locate the pkgCatalog z file 2 Log on to the ProtectionPilot server with administrative rights 3 From the Server page select Repository tab In Ma...

Страница 80: ...ile Deploying McAfee GroupShield using ProtectionPilot server 1 Select the required Site Group or Computer in the ProtectionPilot directory and select the Tasks tab 2 Modify the Deployment task to dep...

Страница 81: ...Modifying policies for GroupShield in ProtectionPilot 1 Log on to the ProtectionPilot server 2 In the console tree under McAfee ProtectionPilot SERVER Directory select the site group single computer o...

Страница 82: ...er the location details Setting error reporting service 1 Click Error Reporting Service tab 2 Select Enable to enable or disable the error reporting service 3 Select Catch exceptions to capture inform...

Страница 83: ...kilobytes 7 Select Limit age of entries if you want the product log entries to be deleted after a set period of time 8 Type the Maximum age of entry to specify how many days an entry should remain in...

Страница 84: ...e task 9 Under Schedule Settings deselect Inherit 10 Select the option Enable Schedule task that run at specified time to enable the on demand scan task 11 Select the next option if you want to stop t...

Страница 85: ...ons as you require 13 Click Apply Settings The new task you have created appears in the Scheduled Tasks page showing the task type as AutoUpdate Task Uninstallation Removing McAfee GroupShield for Exc...

Страница 86: ...lete to uninstall GroupShield for Exchange package file from the server Removing the McAfee GroupShield for Exchange NAP file from ProtectionPilot server 1 Log on to the ProtectionPilot server with ad...

Страница 87: ...of the console has links namely Dashboard Detected Items Policy Manager and Settings and Diagnostics that you can administer The right pane shows information depending on the item you select in the le...

Страница 88: ...raphical view of these detections product updates and versions a list of recently scanned items anti virus news and security news Dashboard has four pages Statistics Information On Demand Scans Status...

Страница 89: ...e range are Last 24 Hours Last 7 Days Last 30 Days Versions updates This section has three tabs Update Information This tab shows the latest instant when the anti virus engine and DAT files were succe...

Страница 90: ...list of headlines published on a particular date containing the latest information about the IT security Click on the link of a headline to view security information in a web page On demand scans On...

Страница 91: ...how frequently in weeks the task takes place You can also specify on which days and at what time of day the task should take place You can select the checkbox and specify the number of hours and minut...

Страница 92: ...Choose when to scan Click Next 4 Select the desired folders by moving them to Folder to scan Click Next 5 Choose a desired policy from the drop down list and choose if you want to restart scan from t...

Страница 93: ...Click Dashboard Status Report The Status Report page appears 2 Click New Report The Report page appears 3 In the when to report page choose any of these options Not scheduled Select the checkbox to se...

Страница 94: ...k has to start You can select the checkbox and specify the number of hours and minutes after which the report task has to stop 4 Click Next The Who to report to page appears 5 In Recipient Email speci...

Страница 95: ...day or This week to view only today s detections or detections made in the last 7 calendar days including today s date 3 From Filter choose any of these Top 10 Viruses Top 10 Spam Detections Top 10 Sp...

Страница 96: ...hoose to Query on from the drop down list Recipient Sender Filename Detection Name Subject Reason Rule Name Policy Name Spam Score 7 In Maximum Results specify the maximum number of segments you want...

Страница 97: ...rograms unwanted content banned file types or messages and all items You should select at least one search filter however you can use up to three search filters to narrow your search Topics covered ar...

Страница 98: ...displayed in the View Results section Phish Phish is a method of fraudulently obtaining personal information such as passwords social security numbers and credit card details by sending spoofed email...

Страница 99: ...damage to the system 1 Click Detected Items Viruses The Virus Detections page appears 2 Select up to three of these search filters Ticket Number Filename Action Taken Submit to Avert 3 Select All Date...

Страница 100: ...on Unwanted content Any content that is filtered by the scanner is called unwanted content You can use Unwanted Content to view emails attachments that contain unwanted content 1 Click Detected Items...

Страница 101: ...matching your search criteria are displayed in the View Results section All items You can use All Items to view all emails that contains detected items 1 Click Detected Items All Items The All Items p...

Страница 102: ...ket number parameter Including a ticket number in a notification email 1 From Settings Diagnostics click Notifications The Notifications page appears 2 Click Edit The GroupShield for Exchange Notifica...

Страница 103: ...this option select the desired options and click OK Select All to select all the detected items in the View Results pane Select None to deselect all the detected items in the View Results pane Delete...

Страница 104: ...104 McAfee GroupShield 7 0 User Guide Detected Items All items 9...

Страница 105: ...ault policy for that policy type Master policy cannot be deleted because there should always be one policy from which other policies can be created The master policy is configured to cover most situat...

Страница 106: ...ings is know as the parent policy If the policy name is indented that policy inherits some of its settings from its parent policy You can use The Name of the policy to edit its settings Priority colum...

Страница 107: ...me of the policy to edit its settings Create sub policy to create a subpolicy Enabled to enable or disable a subpolicy If you select this option the subpolicy is enabled The Delete link to delete a su...

Страница 108: ...Click New Rule From the Specify a policy rule section choose one of these primary rules and specify an appropriate secondary rule The SMTP address of the sender is e mail address The SMTP address of...

Страница 109: ...1 From Policy Manager select a menu item 2 Click on a policy of a desired submenu item for which you want to configure settings and actions The policy page appears with three tabs namely List All Scan...

Страница 110: ...1 From Policy Manager select a submenu item The policy page for the submenu item appears 2 Choose a desired policy from the drop down list 3 Click Add Scanner Filter The Create time constrained confi...

Страница 111: ...existing time slot choose any one of these from the drop down menu Weekdays Weekends Working hours 7 If you choose Create a new time slot specify a name for the new time slot and select the desired da...

Страница 112: ...pply to specific users Creating a new rule for a specific user 1 In the Specify who this policy applies to pane specify the conditions where the policy will trigger Select Any of the rules apply All r...

Страница 113: ...Remove Viruses to create policies that are activated at set intervals or on demand and which remove viruses Potentially Unwanted Programs PUPs and other possible threats On Demand Find Banned Content...

Страница 114: ...virus scanner Anti Virus Scanner consists of computer programs that attempt to identify thwart and eliminate computer viruses and other malicious software 1 From Policy Manager select a submenu item T...

Страница 115: ...ferent circumstances To change those actions click Edit Creating new set of options for Anti Virus Scanner 1 From Policy Manager select a submenu item that has anti virus scanner The policy page for t...

Страница 116: ...s specify which items should be treated as malware There are two ways to select malware types Select the malware types from the list of checkboxes below Custom malware categories Select Specific detec...

Страница 117: ...rd crackers Joke programs Cookies Other PUPs not included in the above categories Exclude specified names to list by name the PUPs that you want the software to ignore For example if you have enabled...

Страница 118: ...rator Notify sender to send an alert message to the sender when the original email message does not originate in the same domain as Microsoft Exchange Server 2003 2007 Notify recipient to send an aler...

Страница 119: ...rt message to the sender when the original email message does not originate in the same domain as Microsoft Exchange Server 2003 2007 Notify recipient to send an alert message to the recipient when th...

Страница 120: ...alert text is displayed click View Hide to hide it 7 In Content Scanner rules and associated actions click Add rule to create a new content rule for this policy Edit to change the action associated wi...

Страница 121: ...istance to the right Indent to move the selected text a set distance to the left Text Color to change the color of the selected text Background Color change the background color of the selected text H...

Страница 122: ...en Apply Adding a new content rule 1 From Policy Manager select a submenu item The policy page for the submenu item appears 2 Choose a desired policy 3 Click Content Scanning The View Settings tab for...

Страница 123: ...y actions for On Demand Default On Demand Find Banned Content On Demand Remove Banned Content and On Demand Full Scan scan include Replace detected item with an alert to replace the detected item with...

Страница 124: ...or deselect Enable to enable or disable the file filtering scanner settings for the policy 5 In Alert selection specify which alert will be used when an infected mail triggers a file filtering rule Yo...

Страница 125: ...ile name filtering to enable file filtering according to the file names For example if you type exe this file filtering rule is applied to any file that has a exe file name extension 7 In Take action...

Страница 126: ...14 In File size filtering select Enable file size filtering to filter files according to their file size 15 In Take action when the file size is choose Greater than to specify that the action should...

Страница 127: ...Delete message to delete the email message item Allow through to allow the item to continue to the next scanning phase or on to its final destination Secondary actions for On Access and On Demand Defa...

Страница 128: ...create a new set of anti spam setting options for a selected policy Edit to change the anti spam setting options associated with a policy 6 In Actions to take if spam is detected click Edit The Anti...

Страница 129: ...ngs 1 From Policy Manager select Gateway The policy page for the Gateway submenu item appears 2 Choose a desired policy from the drop down 3 Click Anti Spam The View Settings tab for the anti spam sca...

Страница 130: ...only to add a spam score indicator to the Internet header of non spam email messages only To all messages to add a spam score indicator to the Internet header of all email messages 11 From the Attach...

Страница 131: ...value is 76 Maximum number of reported rules to specify the maximum number of anti spam rules that can be included in a spam report The minimum number of rules you can specify is 1 and the maximum is...

Страница 132: ...r select Gateway The policy page for Gateway appears 2 Choose a desired policy 3 Click Anti Phishing The View Settings tab for the anti phish appears 4 In Activation select or deselect Enable to enabl...

Страница 133: ...phase or on to its final destination Secondary actions for Gateway scan for high medium and low spam score include Log to record the detection in a log Quarantine message to take a copy of the item a...

Страница 134: ...age that probably contains phish Add a phish indicator header to messages to specify whether a phish indicator is added to the Internet header of any email message that probably contains phish Attach...

Страница 135: ...t are handled when detected 1 From Policy Manager select a submenu item The policy page for the submenu item appears 2 Choose a desired policy 3 Click Corrupt Content The View Settings tab for the cor...

Страница 136: ...ce the detected item with an alert message Delete message to delete the email message item Allow through to allow the item to continue to the next scanning phase or on to its final destination Seconda...

Страница 137: ...Actions view the action that will be taken when protected content is detected To change those actions click the Edit link Primary and secondary filtering actions for protected content Primary actions...

Страница 138: ...send an alert message to the email administrator Notify sender to send an alert message to the sender when the original email message does not originate in the same domain as Microsoft Exchange Serve...

Страница 139: ...e the contents might also have been altered in other ways Signed content policy specifies how email messages with digital signatures are handled 1 From Policy Manager select a submenu item The policy...

Страница 140: ...hange of the content before being uploaded Allow through to allow the item to continue to the next scanning phase or on to its final destination Secondary actions for On Access On Demand Default On De...

Страница 141: ...mail message item Delete embedded item to delete the detected item For example to delete an attachment that triggers a detection rule Allow through to allow the item to continue to the next scanning p...

Страница 142: ...ver 2003 2007 Scanner control You can use Scanner Control settings to limit the nesting level file size or scan time that is allowed when scanning email messages 1 From Policy Manager select a submenu...

Страница 143: ...he Scanner Control page appears 5 Specify an Instance name for the scanner control settings This field is mandatory 6 In Maximum nesting level specify the level to which the scanner should scan when a...

Страница 144: ...Content On Demand Full Scan and Gateway scan include Replace detected item with an alert to replace a detected item such as an attachment with an alert message Delete message to delete the email mess...

Страница 145: ...settings MIME Mail settings specify how MIME messages are handled MIME Multipurpose Internet Mail Extensions is a communications standard that enables the transfer of non ASCII formats over protocols...

Страница 146: ...gs 1 From Policy Manager select a submenu item The policy page for the submenu item appears 2 Choose a desired policy 3 Click MIME Mail Settings The View Settings tab for MIME mail settings appear 4 F...

Страница 147: ...il message Quoted printable which is best suited for messages that mainly contain ASCII characters but also contains some byte values outside that range Base64 which has a fixed overhead and is best s...

Страница 148: ...mand Remove Banned Content On Demand Full Scan and Gateway scan include Allow through the MIME message is allowed to pass on to its final destination Delete message the MIME message is deleted Replace...

Страница 149: ...move Banned Content On Demand Full Scan and Gateway scan include Log to record the detection in a log Quarantine to take a copy of the item and store it in the quarantine database Notify administrator...

Страница 150: ...message For example comment text Metadata to scan for metadata elements in the HTML message For example META EQUI Expires Content Tue 04 June 2007 21 29 02 Links URLs ahref to scan for URL elements in...

Страница 151: ...eselect Enable to enable or disable the mail size filter settings for the policy 5 In Options choose any one of these Default Settings to view and configure the default mail size filter settings An ex...

Страница 152: ...or all attachments and replace them instead of generating an alert for each attachment within an email message Allow through to allow the item to continue to the next scanning phase or on to its final...

Страница 153: ...Miscellaneous settings include Alert Settings Disclaimer Text Alert settings Alert messages are used to notify a person when a particular event occurs You can use Alert Settings to set up additional...

Страница 154: ...s alert including the appropriate HTML htm or plain text txt file extension 9 Select or deselect Enable alert headers to enable the use of an alert header 10 In the Alert header text entry box enter t...

Страница 155: ...d with a policy Creating new set of options for disclaimer text 1 From Policy Manager select Gateway The policy page for Gateway appears 2 Choose a desired policy 3 Click Disclaimer Text The View Sett...

Страница 156: ...se Shared Resource to View shared resource settings Create new resources Change the resource settings so that the changes are picked up by all policies using the shared resources Delete shared resourc...

Страница 157: ...a new shared resource for anti virus scanner 1 In Policy Manager click Shared Resource The Shared Resources page appears 2 In Scanners Alerts tab choose Anti Virus Scanner from the Category drop down...

Страница 158: ...Perform step 5 7 of Creating new set of options for anti phishing settings on page 133 5 In the Alerts pane choose a Category 6 Click Create New and perform steps of Creating a new alert on page 120 C...

Страница 159: ...hoose a Category 6 Click Create New and perform steps of Creating a new alert on page 120 Creating a new shared resource for disclaimer text 1 In Policy Manager click on Shared Resource The Shared Res...

Страница 160: ...at a policy can apply to the content of mails and text in attachments You can use Category to select the type of rules you want to configure New Category to create a new category of rules Rename to re...

Страница 161: ...r in The rule will trigger when the following word or phrase is found 7 Select the desired option s Ignore case If enabled the rule is triggered for specified word or phrase of any case Starts a longe...

Страница 162: ...ts you can set up different time slots that can be applied to policies You can use View to view the time slot of All the time Delete to delete a time slot that is not used by any of the policies Edit...

Страница 163: ...nd Export Configuration On access settings On Access Settings is used to configure the General settings Microsoft Virus Scanning API VSAPI settings and Transport Scan Settings For Exchange Server 2003...

Страница 164: ...access the message or its attachment This allows messages and attachments to be scanned once before delivery rather than multiple times depending on the number of mailboxes to which the message is de...

Страница 165: ...ing capabilities in GSE 7 0 are enhanced using the new features available in VSAPI v 2 6 Also there is a stamping mechanism in case of GroupShield for Exchange Server 2007 After an email message is sc...

Страница 166: ...Mails select to scan messages coming from an external server for example Internet based email messages If this option is selected and the next two options are deselected then a mail going to a differ...

Страница 167: ...ntents in the subject line when a notification is sent 5 In Notification Text click Edit to change the notification text that should be included in the body of the message 6 Select Enable Task results...

Страница 168: ...ilter and User Junk Folder Routing 1 Click Settings Diagnostics Anti Spam The Anti Spam Settings page appears 2 Type an email address to configure the System Junk Folder Address to filter the junk mai...

Страница 169: ...hen releasing email messages or sending configuration information to GroupShield for Exchange 6 Click Apply Local database 1 Select Specify location of database choose the type of Database location in...

Страница 170: ...eporting 5 Select Show recently scanned items to specify whether the recently scanned items should be included in the reports 6 In Maximum recently scanned items specify the maximum number of recently...

Страница 171: ...settings and specify which events should be captured in the product log and event log by specifying the product log s location name size limits and time out settings Debug logging 1 Click Settings Dia...

Страница 172: ...Write information events Write warning events and Write error events to include these events into the event log Product log In the Product Log tab you can specify the location size limit and the query...

Страница 173: ...d Enter the Maximum age of entry to specify how many days an entry should remain in the database before it is deleted 4 In Advanced section Select Specify a query timeout to limit the amount of time a...

Страница 174: ...iagnostics DAT Settings The DAT Settings page appears 2 Specify Maximum number of old DATs to specify the maximum number of DAT generations that shall be preserved in the system during regular updates...

Страница 175: ...s page appears 2 Select the Configuration tab 3 Use the Filename field or Browse to locate the configuration file you want to import 4 Click Import to import that configuration Site list A site list s...

Страница 176: ...176 McAfee GroupShield 7 0 User Guide Settings Diagnostics Import and export configuration 11 3 Click Apply...

Страница 177: ...tings 174 Delete an On Demand Scan 92 Detected Items settings 168 Diagnostics 171 Debug logging 171 Error reporting service 172 Event logging 172 Product log 172 Disclaimer Text 155 download website 1...

Страница 178: ...Orchestrator 55 Security Headquarters See Avert Labs security updates DAT files and engine 19 security vulnerabilities releases for 19 ServicePortal technical support 19 Shared resource 156 Signed Co...

Страница 179: ......

Страница 180: ...Copyright 2007 McAfee Inc All Rights Reserved mcafee com 700 1705 00...

Отзывы: