Sandboxing" Tab; Pop3; Ips - Proxy" Tab - Stormshield SN series Configuration Manual

"Sandboxing" tab

Sandboxing
Status
File types
Max. size of
sandboxed e-mails
(KB)
Actions on files
When known malware
has been identified
When sandboxing fails This option defines the behavior of the sandboxing option if the file scan fails.

POP3

The aim of the POP3 protocol is to detect connections between a client and e-mail server using the
POP3 protocol.

"IPS - PROXY" tab

Both of these features have been condensed in a single tab for ease of use.
IPS
Automatically detect
and inspect the
protocol
Proxy
Mail traffic is based not only on SMTP but also on POP3. This protocol will enable a user to retrieve
mail from distant servers onto his workstation using a mail software program. Since this mail
server can be located outside the local network or on a separate interface, POP3 traffic passes
through and is analyzed by the firewall.
Filter the welcome
banner sent by the
server
Page 263/448
This column displays the status ( Enabled/ Disabled) of sandboxing for the
corresponding file type. Double-click on it to change its status.
The sandboxing option allows scanning four types of attachments:
Archive: these include the main types of archives (zip, arj, lha, rar, cab, etc)
l
Office document (Office software): all types of documents that can be opened with
l
the MS Office suite.
Executable : files that can be run in Windows (files with the extension
l
".exe",".bat",".cmd",".scr", etc).
PDF: files in Portable Document Format (Adobe)
l
This field allows defining the maximum size of e-mails that need to be sandboxed. By
default, this value is equal to the one in the Maximum size for antivirus and
sandboxing scan (KB) field in the File analysis tab. This value cannot be exceeded.
This field contains 2 options. By selecting Block , the analyzed file will not be sent. By
selecting Pass , the file will be sent in its original form.
If Block has been specified, the file being scanned will not be sent.
If Pass without scanning has been specified, the file being scanned will be sent.
If this protocol has been enabled, it will automatically be used for discovering
corresponding packets in filter rules.
When this option is selected, your mail server's banner will no longer be sent during a
POP3 connection. This banner contains information that may be exploited by hackers
(server type, software version, etc).
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
PROTOCOLS