F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 Administrator's Manual

Windows 2000/2003 server

Table of Contents

Quick Links

Download this manual

F-Secure Internet

Gatekeeper

Windows 2000/2003 Server

Administrator's Guide

Table of Contents

Need help?

Do you have a question about the INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 and is the answer not in the manual?

Questions and answers

Summary of Contents for F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61

Page 1 F-Secure Internet Gatekeeper Windows 2000/2003 Server Administrator’s Guide...
Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Page 3: Table Of Contents
How the Product Works ..................... 17 1.2.1 F-Secure Anti-Virus for Internet Gateways.............17 1.2.2 F-Secure Anti-Virus for Internet Mail ..............19 1.2.3 F-Secure Content Scanner Server ..............21 Features ........................21 F-Secure Anti-Virus Mail Server and Gateway Products ...........24 Chapter 2 Deployment Overview ........................27 Network Requirements....................28 Deployment Scenarios ....................29...
Page 4 4.2.5 Changing Settings That Have Been Modified During Installation or Upgrade 81 Using F-Secure Internet Gatekeeper Web Console........... 82 4.3.1 Logging in the F-Secure Internet Gatekeeper Web Console for the First Time . 4.3.2 Checking the Product Status ................86...
Page 5 5.4.1 Error Log.......................128 5.4.2 Access Log ....................129 5.4.3 Logfile.log ..................... 129 Viewing Statistics ..................... 130 5.5.1 Viewing HTTP Scanning Statistics with F-Secure Internet Gatekeeper Web Console130 5.5.2 Viewing Statistics with F-Secure Policy Manager Console ......135 Examples of HTTP Notifications ................136 5.6.1 Virus Warning Message ................
Page 6 Configuring and Viewing Statistics................226 7.4.1 Configuring Virus Statistics................226 7.4.2 Viewing Virus and Spam Statistics with F-Secure Internet Gatekeeper Web Console227 7.4.3 Viewing Virus and Spam Statistics with F-Secure Policy Manager Console 235 Monitoring Logs......................239 7.5.1 Logfile.log ..................... 239 Chapter 8 Administering F-Secure Spam Control Introduction ......................
Page 7 12.3.2 Automatic Updates ..................286 12.3.3 Policy Manager Proxies................289 Chapter 13 Troubleshooting 13.1 Testing the Connections ..................292 13.1.1 Checking that F-Secure Anti-Virus for Internet Gateways is Up and Running ... 13.1.2 Checking that F-Secure Anti-Virus for Internet Mail is Up and Running..292...
Page 8 13.1.3 Checking that F-Secure Content Scanner Server is Up and Running..293 13.1.4 Checking that the Network Connection to the Original Mail Server is Working.. 13.2 Starting and Stopping F-Secure Internet Gatekeeper Components ......294 13.3 Frequently Asked Questions ..................295 Appendix A Warning Messages A.1 HTTP Warning Messages ..................
Page 9 F.4.2 Setting Up Network Load Balancing Services ..........340 Deployment Scenarios for Environments with Multiple Sub-domains ......349 F.5.1 Scenario 1: F-Secure Anti-Virus for Internet Mail as an Upstream Mail Transfer Agent ......................349 F.5.2 Scenario 2: F-Secure Anti-Virus for Internet Mail as Interim Mail Transfer Agent F.5.3 Scenario 3: F-Secure Anti-Virus for Internet Mail for each Sub-domain..
Page 10: About This Guide
BOUT UIDE How This Guide is Organized............. 11 Conventions Used in F-Secure Guides ........13...
Page 11: How This Guide Is Organized
F-Secure Internet Gatekeeper Administrator's Guide is divided into the following chapters and appendixes. Chapter 1. Introduction. General information about F-Secure Internet Gatekeeper and other F-Secure Anti-Virus for Mail Server and Gateway products. Chapter 2. Deployment. Describes possible deployment scenarios in the corporate network.
Page 12 Databases. Instructions on how to keep virus definition databases up-to-date. Chapter 13. Troubleshooting. Instructions on how to check that F-Secure Internet Gatekeeper is running and answers to frequently asked questions. Appendix A. Warning Messages. Lists variables that can be included in virus warning messages.
Page 13: Conventions Used In F-Secure Guides
Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
Page 14: For More Information
In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.
Page 15: Introduction
NTRODUCTION Overview..................16 How the Product Works.............. 17 Features ..................21 F-Secure Anti-Virus Mail Server and Gateway Products.... 24...
Page 16: Overview
It is very important to realize this early and to be proactive in protecting our resources. F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to shield the company network from any malicious code that travels in HTTP, FTP-over-HTTP or SMTP traffic.
Page 17: How The Product Works
CHAPTER 1 Introduction How the Product Works F-Secure Internet Gatekeeper is a suite of real-time services to protect the corporate network against computer viruses and malicious code coming in web (HTTP and FTP-over-HTTP) and e-mail (SMTP) traffic. F-Secure Internet Gatekeeper is comprised of the following components: F-Secure Anti-Virus for Internet Gateways, F-Secure Anti-Virus for Internet Mail and F-Secure Content Scanner Server.
Page 18 Figure 1-1 Web traffic flow after F-Secure Anti-Virus for Internet Gateways has been installed F-Secure Anti-Virus for Internet Gateways provides comprehensive virus protection and content filtering. It can be configured to do any of the following: Deny access to specified Web sites,...
Page 19: F-Secure Anti-Virus For Internet Mail
1.2.2 F-Secure Anti-Virus for Internet Mail F-Secure Anti-Virus for Internet Mail operates as a mail gateway that accepts incoming and outgoing e-mails, processes mail bodies and attachments and delivers processed e-mail messages to the designated SMTP server for further processing and delivery.
Page 20 Figure 1-2 Mail traffic flow after F-Secure Anti-Virus for Internet Mail has been installed If F-Secure Anti-Virus for Internet Mail finds an infected attachment or other malicious content, it can do any of the following: Block the whole e-mail message,...
Page 21: F-Secure Content Scanner Server
F-Secure Content Scanner Server is the back-end component that provides anti-virus and spam scanning services for F-Secure Anti-Virus for Internet Gateways and F-Secure Anti-Virus for Internet Mail. F-Secure Content Scanner Server receives data for validation via Simple Content Inspection Protocol (SCIP).
Page 22 F-Secure Internet Gatekeeper Web Console can be used to administer F-Secure Internet Gatekeeper. F-Secure Internet Gatekeeper Web Console can be used to check the status of F-Secure Internet Gatekeeper at a glance. It is also used to manage quarantined items both in centrally managed and stand-alone installations.
Page 23 Usability Easy to install and configure. Can be administered centrally with F-Secure Policy Manager. Can be monitored with the convenient F-Secure Internet Gatekeeper Web Console. Contains new quarantine management features: you can manage and search quarantined content with the F-Secure Internet Gatekeeper Web Console.
Page 24: F-Secure Anti-Virus Mail Server And Gateway Products
F-Secure Anti-Virus Mail Server and Gateway Products The F-Secure Anti-Virus product line consists of workstation, file server, mail server and gateway products. F-Secure Internet Gatekeeper is a high performance, totally automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP) virus scanning solution for the gateway level. F-Secure Internet Gatekeeper works independently of firewall and e-mail server solutions, and does not affect their performance.
Page 25 CHAPTER 1 Introduction automatically from F-Secure, keeping the virus protection always up to date. A powerful and easy-to-use management console simplifies the installation and configuration of the product. F-Secure Messaging Security Gateway™ delivers the industry’s most complete and effective security for e-mail. It...
Page 26: Chapter 2 Deployment
EPLOYMENT Overview..................27 Deployment Scenarios ............... 29...
Page 27: Overview
Deployment Overview Depending on the corporate network structure, you might consider various scenarios of deploying F-Secure Internet Gatekeeper. This chapter describes some possible deployment scenarios of F-Secure Internet Gatekeeper in the corporate network - use the one that best fits your needs and your own network design strategy.
Page 28: Network Requirements
This network configuration is valid for all scenarios described in this chapter. Make sure that the following network traffic can travel: Service Process Inbound ports Outbound ports F-Secure Anti-Virus for %ProgramFiles%\F-Secure\ 3128 (TCP) DNS (53, UDP/TCP), Internet Gateways Anti-Virus for Internet HTTP (80), HTTPS (443) Gateways\bin\httpscan.exe...
Page 29: Deployment Scenarios
F-Secure Anti-Virus for Internet Gateways There are four different deployment scenarios for F-Secure Anti-Virus for Internet Gateways. Scenario 1: On a Dedicated Machine Figure 2-1 F-Secure Anti-Virus for Internet Gateways deployed on a dedicated machine Advantages Simple to set up.
Page 30 Internet Gateways. DNS Configuration No changes are required. Scenario 2: As a Downstream Proxy Figure 2-2 F-Secure Anti-Virus for Internet Gateways deployed as a downstream proxy Advantages End-users do not have to change the proxy settings of their web browsers.
Page 31 CHAPTER 2 Deployment F-Secure Anti-Virus for Internet Gateways Configuration Add end-user workstations to the list of hosts which are allowed to connect to F-Secure Anti-Virus for Internet Gateways. For more information, see “Connections to F-Secure Anti-Virus for Internet Gateways”, 123 Define the existing HTTP proxy or cache server as the remote proxy server in the proxy chaining settings.
Page 32 Scenario 3: As an Upstream Proxy Figure 2-3 F-Secure Anti-Virus for Internet Gateways deployed as an upstream proxy Advantages End-users do not have to change the proxy settings of their web browsers. Disadvantages If virus definition databases are not up-to-date, there is a risk of malicious code getting to the cache server and HTTP clients accessing it there.
Page 33 Upstream and downstream proxies can be installed on the same server as long as they do not use same port numbers. Scenario 4: Transparent Deployment with a Firewall or a Router Figure 2-4 F-Secure Anti-Virus for Internet Gateways deployed transparently with a firewall or a router Advantages End-users do not have to change the proxy settings of their web browsers.
Page 34: F-Secure Anti-Virus For Internet Mail
F-Secure Anti-Virus for Internet Gateways Configuration Add the internal firewall or router and end-user workstations to the list of hosts which are allowed to connect to F-Secure Anti-Virus for Internet Gateways. For more information, see “Connections to F-Secure Anti-Virus for Internet Gateways”, 123...
Page 35 CHAPTER 2 Deployment Scenario 1: On a Dedicated Machine Figure 2-5 F-Secure Anti-Virus for Internet Mail deployed on a dedicated machine Advantages The mail server may run on any operating system using any hardware. All inbound, outbound and internal mails are scanned.
Page 36 Internet Mail accepts to the same value as in the mail server. For more information, see “Receiving”, 166. Mail Server Configuration Add F-Secure Anti-Virus for Internet Mail to the list of hosts where the mail server accepts mail. Note that the DNS host name may have been changed.
Page 37 CHAPTER 2 Deployment Scenario 2: With a Mail Server on the Same Machine Figure 2-6 F-Secure Anti-Virus for Internet Mail deployed with a mail server on the same machine Advantages F-Secure Anti-Virus for Internet Mail does not require an additional server.
Page 38 Internet Mail accepts to the same value as in the mail server. For more information, see “Receiving”, 166. Scenario 3: As a Mail Gateway With An Inbound Mail Server Figure 2-7 F-Secure Anti-Virus for Internet Mail deployed with an inbound mail server...
Page 39 No changes are required. Internal Mail Server Configuration Configure the internal mail server to send all outbound e-mails to F-Secure Anti-Virus for Internet Mail instead of to the external mail server. F-Secure Anti-Virus for Internet Mail Configuration Configure F-Secure Anti-Virus for Internet Mail to send inbound mails to the internal mail server.
Page 40 Scenario 4: Multiple F-Secure Internet Gatekeeper installations with Centralized Quarantine Management Figure 2-8 Two installation of F-Secure Anti-Virus for Internet Mail deployed with centralized quarantine management SQL Server Used for the Centralized Quarantine Database There is a common SQL server where the quarantine database is located.
Page 41 CHAPTER 2 Deployment F-Secure Anti-Virus for Internet Mail Configuration When installing the product, configure each instance of the product to use the same SQL server and database. Make sure that the SQL server, the database name, user name and password are identical in the quarantine configuration for all F-Secure Internet Gatekeeper instances.
Page 42: Installation
NSTALLATION Recommended System Requirements........43 Centrally Administered or Stand-alone Installation?....47 Installation Instructions............... 50 After the Installation..............69 Upgrading F-Secure Internet Gatekeeper ........72 Uninstallation................77...
Page 43: Recommended System Requirements
Microsoft® Windows Server 2003 R2, Enterprise Edition Windows 2003 Server 64-bit Family: Microsoft ® Windows Server 2003, Standard x64 Edition Microsoft® Windows Server 2003, Enterprise x64 Edition For Microsoft Windows Server 2003 Service Pack 1 related support information, see http://support.f-secure.com/enu/corporate/ w2003sp1/...
Page 44 When centralized quarantine management is used, the SQL server must be reachable from the network and file sharing must be enabled. F-Secure Policy F-Secure Policy Manager 6.0 or newer. Manager version: F-Secure Policy Manager is required only in centrally managed environments.
Page 45: Which Sql Server To Use For The Quarantine Database
It is not recommended to use MSDE if you are planning to use centralized quarantine management with multiple F-Secure Internet Gatekeeper installations. MSDE is delivered together with F-Secure Internet Gatekeeper, and you can install it during the F-Secure Internet Gatekeeper Setup. For more information, see “Installation Instructions”, 50.
Page 46: Web Browser Software Requirements
SQL Server 2000, please contact your Microsoft reseller. 3.1.2 Web Browser Software Requirements In order to administer the product with F-Secure Internet Gatekeeper Web Console, one of the following web browsers is required: Microsoft Internet Explorer 6.0 or later Netscape Communicator 7.1 or later Mozilla 1.2 or later...
Page 47: Centrally Administered Or Stand-Alone Installation
Policy Manager Console. You can select the management method when you install the product. If you already use F-Secure Policy Manager to administer other F-Secure products, it is recommended to install F-Secure Internet Gatekeeper in centralized administration mode. The installation instructions in this manual are for centrally managed installations.
Page 48 Install F- Secure Internet Gatekeeper. For the installation instructions, go to “Installation Instructions”, 50. Import the product MIB file to F-Secure Policy Manager, if they cannot be uploaded there during the installation. For more information, see “Importing Product MIB files to F-Secure Policy Manager Console”,...
Page 49: Installation Overview For Stand-Alone Installation
Gatekeeper is installed in stand-alone mode, some of the screens included in these installation instructions will not be displayed. Check and configure settings for F-Secure Content Scanner Server, F-Secure Anti-Virus for Internet Mail, F-Secure Anti-Virus for Internet Gateways and F-Secure Management Agent. For more information, “Configuring the...
Page 50: Installation Instructions
“Centrally Administered or Stand-alone Installation?”, 47. Step 1. Download and execute the installation package. If you have the F-Secure CD, insert it in your CD-ROM drive and select F-Secure Internet Gatekeeper from the Install Software menu. Step 2. Read the information in the Welcome screen and click Next to continue.
Page 51 CHAPTER 3 Installation Step 3. Read the License Agreement. If you accept the agreement, select the I accept this agreement check box and click Next to continue.
Page 52 Step 4. Enter the product keycode and click Next to continue. If you are installing the evaluation version, this screen is not displayed.
Page 53 Select the components to install and click Next to continue. If you are installing only F-Secure Anti-Virus for Internet Gateways or F-Secure Anti-Virus for Internet Mail, some of the following installation steps are skipped.
Page 54 Step 6. Select the destination folder where you want to install F-Secure Internet Gatekeeper components. Click Next to continue.
Page 55 Select Centralized administration through network to use F-Secure Policy Manager Console to remotely manage all F-Secure Internet Gatekeeper components. For more information, see “Basics of Using F-Secure Internet Gatekeeper”, If you want to manage F-Secure Internet Gatekeeper locally, select Stand-alone installation. Click Next to continue.
Page 56 Step 8. Enter the path or click Browse to locate the management key. This is the key that you created during the F-Secure Policy Manager Console Setup. Click Next to continue.
Page 57 CHAPTER 3 Installation Step 9. Select the network communication method. If you are using F-Secure Policy Manager to manage F-Secure Internet Gatekeeper, select F-Secure Policy Manager Server. Click Next to continue.
Page 58 Step 10. Enter the IP address of the F-Secure Policy Manager Server. Click Next to continue.
Page 59 Step 11. Specify the IP address or the DNS address and the administration TCP port number (by default 8080) of F-Secure Policy Manager Server. The administration port is used because the Setup program needs to upload new MIB files to F-Secure Policy Manager Server. Click Next to continue.
Page 60 Step 12. Select the Quarantine Management mode: If you have only one F-Secure Internet Gatekeeper installation, or you do not want to manage quarantined e-mails centrally, select the default option, Local quarantine management. If you have multiple installations and you want to manage quarantined e-mails centrally, select Centralized quarantine management.
Page 61 The Microsoft SQL Server or MSDE can be on the same server with F-Secure Internet Gatekeeper, or on a separate server. The SQL server does not need to be dedicated for F-Secure Internet Gatekeeper; it may be used for other purposes, too.
Page 62 Specify where the MSDE program and data files will be installed. Then enter a password for the database server administrator account. Do not leave the password empty. Re-enter the password in the Confirm password field. F-Secure Internet Gatekeeper will use this account when operating the quarantine database.
Page 63 CHAPTER 3 Installation b) Specify SQL Server and Database Details Enter the computer name of the SQL server, or click Browse to locate the server. Then enter the database server administrator account and password. The Setup will use them to connect the SQL server where the quarantine database will reside.
Page 64 Step 16. The setup wizard displays a list of components to be installed. Click Start to install the components to your computer.
Page 65 CHAPTER 3 Installation Step 17. The setup wizard displays the progress of the installation. Wait until the installation is ready.
Page 66 Step 18. The setup wizard displays the installation result for each component after the installation is completed. Click Next to continue.
Page 67 CHAPTER 3 Installation Step 19. Click Finish to complete the installation. If you were doing an upgrade installation and are prompted to restart your computer, select Restart now. The new software version will be operational after the restart.
Page 68 Manager Server. If the product is installed in stand-alone mode, the databases are downloaded directly from F-Secure's update servers through the Internet. If F-Secure Spam Control is installed, the product updates Spam Control databases automatically after the installation. F-Secure Spam Control database updates are always downloaded directly from F-Secure's update servers, even in centrally administered installations.
Page 69: After The Installation
F-Secure Internet Gatekeeper MIB JAR file cannot be uploaded to F-Secure Policy Manager Server during the installation. In these cases you will have to import the MIB files to F-Secure Policy Manager. You will have to import the MIB files if:...
Page 70: Configuring The Product
Intranet Hosts setting. For more information, see “Intranet Hosts”, 164. Specify hosts that are allowed or not allowed to connect to F-Secure Anti-Virus for Internet Mail in the Allowed hosts and Denied hosts settings. For more information, see “SMTP...
Page 71 “Connections to F-Secure Anti-Virus for Internet Gateways”, 123. F-Secure Anti-Virus for Internet Gateways should be configured so that it can be accessed only from trusted networks. This way, it is possible to provide protection against attacks coming from the Internet targeting F-Secure Internet Gatekeeper server.
Page 72: Upgrading F-Secure Internet Gatekeeper
F-Secure Internet Gatekeeper. 3.5.1 Upgrade Instructions If you are using F-Secure Internet Gatekeeper 6.4x or 6.50, you can upgrade it to F-Secure Internet Gatekeeper 6.61 without uninstalling the previous version. The setup upgrades F-Secure Internet Gatekeeper automatically and takes the previous settings into use.
Page 73 CHAPTER 3 Installation Figure 3-1 Inbound Mail Routing Table displayed during F-Secure Internet Gatekeeper upgrade IMPORTANT: If this, or any other setting defined during the installation needs to be changed later on, the setting must be defined as Final in the F-Secure Policy Manager Console before distributing the policies.
Page 74 IP address and port number information read from the previous version’s configuration (see the example in the figure below). You can also add the information for a new outbound mail server. Figure 3-2 Outbound Mail Routing Table displayed during F-Secure Internet Gatekeeper upgrade...
Page 75 CHAPTER 3 Installation Specify the IP addresses and port numbers of primary F-Secure Content Scanner Servers where F-Secure Anti-Virus for Internet Mail sends files to be scanned. Figure 3-3 Primary F-Secure Content Scanner Servers list displayed during F-Secure Internet Gatekeeper upgrade...
Page 76: From The Try-Before-You-Buy Version
Enable mail delivery again by returning the F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Receiving / Accept Mail and F-Secure Anti-Virus for Internet Mail / Settings / Outbound Mail / Receiving / Accept Mail settings to normal.
Page 77: Uninstallation
Uninstallation To uninstall F-Secure Internet Gatekeeper, select Add/Remove Programs from the Windows Control Panel. To uninstall F-Secure Internet Gatekeeper completely, uninstall the components in the following order: F-Secure Anti-Virus for Internet Mail, F-Secure Anti-Virus for Internet Gateways,...
Page 78: Chapter 4 Basics Of Using F-Secure Internet Gatekeeper
ASICS OF SING ECURE NTERNET ATEKEEPER Introduction................. 79 Using F-Secure Policy Manager..........79 Using F-Secure Internet Gatekeeper Web Console ....82...
Page 79: Introduction
Advanced Mode user interface by selecting View > Advanced Mode (this step is required in F-Secure Policy Manager version 5.50 and later). Then select the Policy tab to view the F-Secure Internet Gatekeeper components. F-Secure Policy Manager Console is used to create policies for F-Secure...
Page 80: F-Secure Anti-Virus For Internet Gateways Settings
4.2.1 F-Secure Anti-Virus for Internet Gateways Settings Use the variables under the F-Secure Anti-Virus for Internet Gateways / Settings / branch to define settings for the F-Secure Anti-Virus for Internet Gateways. For detailed descriptions of F-Secure Anti-Virus for Internet Gateways settings, see “Configuring F-Secure Anti-Virus for Internet...
Page 81: F-Secure Management Agent Settings
The settings descriptions in this manual indicate the settings for which you need to use the Final restriction. You can also check in F-Secure Policy Manager Console whether you need to use the Final restriction for a setting. Do the following: 1.
Page 82: Using F-Secure Internet Gatekeeper Web Console
4.3.1 Logging in the F-Secure Internet Gatekeeper Web Console for the First Time Before you log in the F-Secure Internet Gatekeeper Web Console for the first time, check that Java script and cookies are enabled in the browser you use.
Page 83 Step 2.Log in and install the security certificate 1. Select Programs > F-Secure Internet Gatekeeper > F-Secure Internet Gatekeeper Web Console, or enter the address of the F-Secure Internet Gatekeeper and the port number in your web browser. Note that the protocol used is https. For example: https://127.0.0.1:25023...
Page 84 If you are using Internet Explorer 6, you are prompted to add the new certificate in the Certificate Root Store when the wizard has completed. Click to do so. If the Security Alert window is still displayed, click to proceed or log back in to the F-Secure Internet Gatekeeper Web Console.
Page 85 CHAPTER 4 Basics of Using F-Secure Internet Gatekeeper When the login page opens, enter the user name and the password. Note that you must have administrator rights to the host. Then click Figure 4-1 F-Secure Internet Gatekeeper Web Console Login page You will be forwarded to the home page, which displays a summary of the system status.
Page 86: Checking The Product Status
Figure 4-2 F-Secure Internet Gatekeeper Home page 4.3.2 Checking the Product Status You can check the overall product status on the Home page. The Home page displays a summary of the component statuses and most important statistics. From the Home page you can also open the product logs and proceed to configure the product components.
Page 87 CHAPTER 4 Basics of Using F-Secure Internet Gatekeeper F-Secure Anti-Virus for Internet Mail The Home page displays the status the F-Secure Anti-Virus for Internet Mail as well as a summary of the F-Secure Anti-Virus for Internet Mail statistics. Click Configure to configure F-Secure Anti-Virus for Internet Mail.
Page 88 F-Secure Content Scanner Server The Home page displays the status the F-Secure Content Scanner Server as well as a summary of the F-Secure Content Scanner Server statistics. Status indicator Shows the status of F-Secure Content Scanner Server. Last time virus definition...
Page 89 F-Secure Management Agent. For more information, see Click Show F-Secure Log to view the F-Secure log file (LogFile.log) in a new Internet browser window. You can then download and save the LogFile.log for later use by clicking Download.
Page 90 Configuring the F-Secure Internet Gatekeeper Web Console On the F-Secure Internet Gatekeeper Web Console Configuration page you can specify settings for connections to the server. You can also open the F-Secure Internet Gatekeeper Web Console access log from this page. Session timeout Specify the time how long a client can be connected to the server.
Page 91 CHAPTER 4 Basics of Using F-Secure Internet Gatekeeper To add a new host in the list, click to add new a new line in the table and then enter the IP address of the host.
Page 92: Chapter 5 Administering F-Secure Anti-Virus For Internet Gateways
DMINISTERING ECURE IRUS NTERNET ATEWAYS Overview - HTTP Scanning............93 Configuring F-Secure Anti-Virus for Internet Gateways ..... 94 Configuring Web Traffic Scanning ..........107 Monitoring Logs................ 127 Viewing Statistics..............130 Examples of HTTP Notifications..........136...
Page 93: Overview - Http Scanning
This chapter describes how to configure and administer F-Secure Anti-Virus for Internet Gateways. F-Secure Anti-Virus for Internet Gateways is an HTTP proxy server and acts as a gateway between the corporate network and the Internet. Before you start using F-Secure Anti-Virus for Internet Gateways,...
Page 94: Configuring F-Secure Anti-Virus For Internet Gateways
For more information, see “ Status”, 86 The F-Secure Content Scanner settings also have an effect on how the HTTP and FTP-over-HTTP traffic is scanned. The default settings apply in most system configurations, but it might be a good idea to check that they are valid for your system.
Page 95 Administering F-Secure Anti-Virus for Internet Gateways Figure 5-1 Network Configuration / Binding settings Listen Specify the port that F-Secure Anti-Virus for Internet Gateways should listen to for incoming HTTP requests. Users must have this port configured in the web browser proxy settings.
Page 96 F-Secure Anti-Virus for Internet Gateways without scanning. Connection You can configure the timeout and persistent connections settings from F-Secure Anti-Virus for Internet Gateways / Settings / Network Configuration / Connection. Figure 5-2 Network Configuration / Connection settings...
Page 97 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Specify how long (in seconds) F-Secure Timeout Anti-Virus for Internet Gateways waits for response from the web server before it timeouts. The connection can timeout while: Requesting web page contents (sending an HTTP GET request).
Page 98 Gatekeeper is installed as a downstream proxy. If you use an existing upstream proxy server in your corporate network, you can set up Proxy Chaining. F-Secure Anti-Virus for Internet Gateways can forward all requests to the existing proxy server. You can configure these settings from F-Secure Anti-Virus for Internet Gateways / Settings / Network Configuration / Proxy Chaining.
Page 99 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Figure 5-3 Network Configuration / Proxy Chaining settings Remote proxy server Specify the address and port number of the proxy server where F-Secure Anti-Virus for Internet Gateways forwards all requests. Specify the address in format “hostname[:port]”.
Page 100 Via header line and each generated Via header has the proxy server version shown in the comment field. Block - F-Secure Anti-Virus for Internet Gateways removes previous Via headers from all outgoing messages and does not generate new ones. Incoming message headers are not processed.
Page 101: Data Trickling
Data Trickling If you enable Data Trickling, data is sent to requesting clients little by little while it is being downloaded to F-Secure Anti-Virus for Internet Gateways. Once the whole file has been downloaded, it will be scanned and delivered to the client. You can use trickling to prevent time-outs. For example, a big download may timeout the web browser if the file is scanned completely before it is sent to the requesting client.
Page 102 It may be unsafe to keep the packet size large, as potential malware may trickle through byte by byte before it is detected by F-Secure Internet Gatekeeper. If the trickled data is infected, F-Secure Anti-Virus for Internet Gateways closes the connection immediately.
Page 103 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Content Scanner Server You can configure the Content Scanner Server settings from F-Secure Anti-Virus for Internet Gateways / Settings / Network Configuration / Content Scanner Server. Usually you do not have to modify Content Scanner Server settings under F-Secure Anti-Virus for Internet Gateways.
Page 104 Logging You can configure the Logging settings from F-Secure Anti-Virus for Internet Gateways / Settings / Logging. Figure 5-6 Network Configuration / Logging settings For more information about logging, see “Monitoring Logs”, 127. Log directory Specify the logging directory. Enter the complete path to the logging directory in the field.
Page 105 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Error log level Specify the level of messages that are recorded to the error log file. All error messages of the specified level and above are recorded. Specify one of the following...
Page 106 Restoring default log formats deletes all other log formats from the table. Rotate logs every Specify how often F-Secure Anti-Virus for Internet Gateways rotates log files. After each rotation interval, F-Secure Anti-Virus for Internet Gateways creates a new log file.
Page 107: Configuring Web Traffic Scanning
Internet Gateways / Settings / Content Control. Virus Scanning You can select which files F-Secure Anti-Virus for Internet Gateways should scan from F-Secure Anti-Virus for Internet Gateways / Settings / Content Control / Virus Scanning. Figure 5-7 Content Control / Virus Scanning settings...
Page 108 Specify which content types should be scanned for viruses. Disabled - Disables the virus scan. All content types - Scans all content that passes through F-Secure Anti-Virus for Internet Gateways. Only included content types - Scan all specified content types.
Page 109 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways F-Secure Anti-Virus for Internet Gateways supports the scanning of FTP-over-HTTP traffic, if F-Secure Anti-Virus for Internet Gateways has been defined as the HTTP and FTP proxy server in the browsers. Otherwise the scanning will not work.
Page 110 Only the administrator receives a notification about the disinfected file. Action on unable to scan Specify whether F-Secure Anti-Virus for Internet Gateways should drop or pass files that it is unable to scan.
Page 111 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Drop - Drop all files that F-Secure Anti-Virus for Internet Gateways cannot scan. Pass - Let all files that F-Secure Anti-Virus for Internet Gateways cannot scan pass through to the requesting client. Using this option is not recommended.
Page 112 Blocking You can select which files F-Secure Anti-Virus for Internet Gateways should block without scanning them. You can configure these settings from F-Secure Anti-Virus for Internet Gateways / Settings / Content Control / Blocking. Figure 5-8 Content Control / Blocking settings...
Page 113 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways HTTP only - disallowed content in HTTP traffic will be blocked according to content blocking rules and FTP-over-HTTP downloads will pass through without processing. FTP-over-HTTP only - disallowed content in FTP-over-HTTP traffic will be blocked, and HTTP downloads will pass through without processing.
Page 114: File Type Recognition
Trojans and other malicious code can disguise themselves with content types and filename extensions which are usually considered safe to use. With the File Type Recognition, you can configure F-Secure Anti-Virus for Internet Gateways to recognize the real file type and use that while the file is processed.
Page 115: Notifications
File Type Recognition does not check files that are in archives, because this would seriously degrade the system performance. If you set F-Secure Internet Gateways to scan all content types, the File Type Recognition is not needed so it is disabled automatically. For more Virus Scanning”, 107...
Page 116 You can edit virus and blocking alerts and specify how often a scan summary should be sent to the administrator from F-Secure Anti-Virus for Internet Gateways / Settings / Content Control / Notifications. Figure 5-10 Notifications settings...
Page 117 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Always - Send the virus warning message every time F-Secure Anti-Virus for Internet Gateways finds malicious code in the downloaded content. Send block alerts to Specify whether F-Secure Anti-Virus for administrator Internet Gateways should send block warning messages to the administrator if it blocks any downloaded content.
Page 118 To: administrator@example.com Subject: Alert! Date: 2007-03-25 10:50:52+04:00 Host: hostname (127.0.0.1) Computer name: HOSTNAME User account: HOSTNAME\SYSTEM Product: F-Secure Anti-Virus for Internet Gateways (OID: 1.3.6.1.4.1.2213.24) Severity: security alert (5) Message: 2 viruses have been found within 8 hour(s): "EICAR_Test_File" - 2...
Page 119: Performance
Performance Use Scan Result Cache to process frequently accessed Web pages faster. F-Secure Internet Gatekeeper does not cache scanned files, it just stores a unique identifier for each file. The content is verified with a cryptographic hash function (MD5) to ensure that only exactly the same files may pass without scanning that have been scanned before.
Page 120 Threads per child Specify the number of threads each child process creates when it starts up. F-Secure Anti-Virus for Internet Gateways uses one thread to serve one HTTP request, so the number of threads affects the number of requests that can be served at the same time.
Page 121 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways The Scan Result Cache is automatically reset when any F-Secure Anti-Virus for Internet Gateways or F-Secure Content Scanner Server settings are changed or when virus definition databases are updated. F-Secure Anti-Virus for Internet Gateways does not cache scanned...
Page 122: Administration
5.3.4 Administration F-Secure Anti-Virus for Internet Gateways scans HTTP content which is smaller than 1 MB in memory, and buffers and scans content that is larger than 1 MB in the Working directory. You can change the Working Directory settings from F-Secure Anti-Virus for Internet Gateways / Settings / Administration.
Page 123: Access Control
Connections to F-Secure Anti-Virus for Internet Gateways You can specify which hosts are allowed to connect to F-Secure Anti-Virus for Internet Gateways from F-Secure Anti-Virus for Internet Gateways / Settings / Access Control.
Page 124 Figure 5-13 Access Control settings Access policy Specify whether you want to allow specific hosts to connect to F-Secure Anti-Virus for Internet Gateways and deny all other connections or to deny specific hosts from connecting and allow all other connections.
Page 125 Administering F-Secure Anti-Virus for Internet Gateways Figure 5-14 Access policies and the allowed and denied hosts Allowed hosts Specify hosts and subnets that are allowed to connect to F-Secure Anti-Virus for Internet Gateways. For more information, see “Specifying Hosts”, 300.
Page 126 Trusted hosts Files which come from trusted hosts are never scanned for viruses and downloads are never blocked. Trusted hosts Specify hosts from which requests are never scanned for viruses and downloads are not blocked. Click to add a new host in the table. To modify an existing host, select the corresponding row and click Edit.
Page 127: Monitoring Logs
Access Log logs HTTP requests that have passed through F-Secure Anti-Virus for Internet Gateways. For more information, see “Logging”, 104. F-Secure Management Agent maintains a log called Logfile.log that contains all alerts generated by F-Secure components installed on the host.
Page 128: Error Log
Notice Starting threads Informational Dropping infected content Debug Socket connected You can open the error log from the F-Secure Internet Gatekeeper Web Console by selecting the Anti-Virus for Internet Gateways tab and clicking Show Error Log button.
Page 129: Access Log
CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways 5.4.2 Access Log F-Secure Anti-Virus for Internet Gateways logs all requests in the Access Log. You can specify the string format in the Access Log by changing the Access log format setting.
Page 130: Viewing Statistics
F-Secure Internet Gatekeeper Web Console can be used for viewing statistics also when the product is installed in centralized administration mode. For instructions on how to log in the F-Secure Internet Gatekeeper Web Console, see “Logging in the F-Secure Internet Gatekeeper Web Console for the First Time”, 82.
Page 131: Console130
CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Summary The Summary page of F-Secure Anti-Virus for Internet Gateways displays the HTTP traffic scanning statistics: the number of scanned files, the last virus found and the last time a virus was found.
Page 132 Click Reset Statistics to reset all HTTP scanning statistics. You can use the Export Statistics functionality on the F-Secure Internet Gatekeeper Web Console Home page to get a full list of the statistics for later use. For more information, see Checking the “...
Page 133 CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways Content Control The Content Control page of F-Secure Anti-Virus for Internet Gateways displays more in-depth statistics, displaying the amount of files and kilobytes processed and the number of blocked, infected and disinfected files.
Page 134 Blocked files Displays the total number of files that have been blocked before they have been delivered to the requesting client. Disinfected files Displays the total number of infected files that have been disinfected. Last time infection found Displays the date and time the last virus was found.
Page 135: Viewing Statistics With F-Secure Policy Manager Console
Console To view the F-Secure Anti-Virus for Internet Gateways statistics in F-Secure Policy Manager Console, select the Status tab in the Properties pane, and then select the F-Secure Anti-Virus for Internet Gateways / Statistics / Status and F-Secure Anti-Virus for Internet Gateways / Statistics / Processing branches.
Page 136: Examples Of Http Notifications
Examples of HTTP Notifications You can set F-Secure Anti-Virus for Internet Gateways to show virus warning messages to users when it finds malicious code in downloaded content or when it blocks access to a file. You can edit virus and blocking warning messages in the Notifications page.
Page 137: Virus Warning Message
CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways 5.6.1 Virus Warning Message The virus warning message is displayed to users when they try to download a file that contains malicious code. Figure 5-18 An example of a virus warning message...
Page 138: Block Warning Message
5.6.2 Block Warning Message The block warning message is displayed to users when they try to download a file that has been blocked. Figure 5-19 An example of a block warning message...
Page 139: Banned Site Warning Message
CHAPTER 5 Administering F-Secure Anti-Virus for Internet Gateways 5.6.3 Banned Site Warning Message The banned site warning message is displayed to users when they try to access a site which they are not allowed to access. Figure 5-20 An example of a banned site warning message...
Page 140: Chapter 6 Administering F-Secure Anti-Virus For Internet Mail
DMINISTERING ECURE IRUS NTERNET Overview - SMTP Scanning ............. 141 Configuring F-Secure Anti-Virus for Internet Mail..... 142 Configuring SMTP Traffic Scanning ......... 166 Monitoring Logs................ 195 Viewing Statistics..............199...
Page 141: Overview - Smtp Scanning
SMTP server for further processing and delivery. Change the F-Secure Anti-Virus for Internet Mail settings to set up the e-mail quarantine, spool and logging directories, connection settings, alerting and intranet hosts.
Page 142: Configuring F-Secure Anti-Virus For Internet Mail
Status”, 86 “ The F-Secure Content Scanner settings also have an effect on how the SMTP traffic is scanned. The default settings apply in most system configurations, but it might be a good idea to check that they are valid for...
Page 143: Smtp Settings
CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail 6.2.1 SMTP Settings You can change the general SMTP settings from F-Secure Anti-Virus for Internet Mail / Settings / Common / SMTP Settings. Figure 6-1 Common / SMTP Settings settings IP addresses...
Page 144 Specify the TCP port number that F-Secure Anti-Virus for Internet Mail listens to for incoming SMTP connections. If F-Secure Anti-Virus for Internet Mail and the mail server are installed on the same host, they must use different port numbers for incoming SMTP connections.
Page 145 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Since all mail servers are not able to resolve the host name, use legal address (for example username@example.com). If you do not specify the domain, the name of the host running the agent is automatically appended to the end.
Page 146: Smtp Connections
6.2.2 SMTP Connections You can change the general connections settings from F-Secure Anti-Virus for Internet Mail / Settings / Common / SMTP Connections. The Access Control settings are very important for security reasons. Make sure they are correct.
Page 147 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Figure 6-2 Common / SMTP Connections settings Max connections Specify the maximum number of simultaneous connections that are accepted. The excess connections are temporarily rejected. Using a very high value might increase the risk of a denial-of-service attack.
Page 148 Import... in the Restriction Editor. When the Import Table Content from CSV dialog opens, you can change the delimiter character by clicking the Options... button. This functionality is available in F-Secure Policy Manager Console 5.60 or later.
Page 149: Content Scanner Servers
Administering F-Secure Anti-Virus for Internet Mail 6.2.3 Content Scanner Servers You can specify how F-Secure Anti-Virus for Internet Mail should connect to F-Secure Content Scanner Server from F-Secure Anti-Virus for Internet Mail / Settings / Common / Content Scanner Servers.
Page 150 Click Edit to edit the selected entry. Connection timeout Specify how long F-Secure Anti-Virus for Internet Mail waits for a response from F-Secure Content Scanner Server before timing out. Restore connection Specify the time interval after which...
Page 151: Quarantine
The default value is 1024. 6.2.4 Quarantine Quarantine in F-Secure Internet Gatekeeper is handled through a SQL database. The product is able to quarantine e-mails and attachments which contain malicious or otherwise unwanted content, such as spam messages.
Page 152 With the Quarantine settings you can specify the directory where blocked e-mails, attachments and suspicious files should be placed and how long they should be kept there. The Quarantine settings are located in the F-Secure Anti-Virus for Internet Mail / Settings / Common / Quarantine branch.
Page 153 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail For information on how to manage and search quarantined content, see “Quarantine Management”, 258. Figure 6-5 Common / Quarantine settings that are used for configuring the quarantining in centrally managed environments...
Page 154 Figure 6-6 Quarantine / Options settings in the Web Console that are used for configuring the quarantining in stand-alone installations...
Page 155 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Quarantine storage Specify the location of the Quarantine Storage where quarantined e-mails and attachments are placed. WARNING: During the setup, access rights are adjusted so that only the operating system, the product itself and the local administrator can access files in the quarantine directory.
Page 156 Active -Enable or disable the selected entry in the table. Quarantine category - Select a category the retention period or cleanup interval of which you want to modify. The categories are: Infected Disallowed Suspicious Spam Scan failure Unsafe Retention period - Specify an exception to the default retention period for the selected quarantine category.
Page 157 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail E-mail messages and infected, suspicious and disallowed attachments are stored and counted as separate items in the quarantine storage. For example, if a message has three attachments and only one of them has been found infected, two items will be created in the quarantine storage.
Page 158: Spooling
With the Spooling settings you can change where e-mails should be placed before they are processed and how often the spool should be flushed. The Spooling settings are located in the F-Secure Anti-Virus for Internet Mail / Settings / Common / Spooling branch.
Page 159 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Figure 6-7 Common / Spooling settings Spool directory Specify the location of the spool directory where e-mail messages are spooled before they are processed. Make sure that the spool directory is on a...
Page 160 Under normal operation the messages are scanned and sent at once. To scan and send all currently spooled messages, select F-Secure Anti-Virus for Internet Mail / Operations / Flush Spool Directory and click Start.
Page 161 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Continue accepting mail - the product sends a Low Spool Error alert to the administrator and accepts incoming mail as usual. Reject mail temporarily - the product sends a Low Spool Error alert to the administrator and rejects incoming mail until more disk space becomes available.
Page 162: Logging
6.2.6 Logging You can set F-Secure Anti-Virus for Internet Mail to keep log of all the e-mails that pass through it. The Logging settings are located under the F-Secure Anti-Virus for Internet Mail / Settings / Common / Logging branch.
Page 163 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Mail logging Specify whether all e-mails should be logged. Logged events include accepting e-mail for delivery, scanning e-mail, and sending e-mail to the mail server. Logging directory Specify the location of the logging directory where all log files are placed.
Page 164: Intranet Hosts
E-mail messages from hosts outside of your network are considered inbound mail. Scanning settings for these e-mail messages are under the Inbound branch. The Intranet Hosts table is located under F-Secure Anti-Virus for Internet Mail / Settings / Common / Intranet Hosts.
Page 165 Import... in the Restriction Editor. When the Import Table Content from CSV dialog opens, you can change the delimiter character by clicking the Options... button. This functionality is available in F-Secure Policy Manager Console 5.60 or later.
Page 166: Configuring Smtp Traffic Scanning
In a centrally managed environment you can configure these settings for inbound mail in F-Secure Anti-Virus for Internet Mail / Settings / Common / Inbound Mail and for outbound mail in F-Secure Anti-Virus for Internet Mail / Settings / Common / Outbound Mail.
Page 167 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Figure 6-10 Inbound Mail / Receiving settings Accept mail Specify whether e-mail messages are accepted or rejected. Reject Permanently - Reject all messages. F-Secure Anti-Virus for Internet Mail sends the SMTP reply code 521, which instructs the sending mail server to stop trying to send the message again.
Page 168 Set the value to zero (0) to have no limit on the message size. It is recommended to use the same Max message size value in F-Secure Anti-Virus for Internet Mail as in the mail server.
Page 169 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Verify recipients Select whether the recipient addresses should be verified. Allowed recipients Specify recipients who are allowed to receive e-mail messages. Usually, Allowed recipients should include all internal addresses. Denied recipients Specify recipients who are specifically denied from receiving any e-mail messages.
Page 170 Max number of recipients Specify the maximum number of recipients per message for inbound mail that will be accepted in one SMTP session. The product will accept messages only to the number of recipients specified. The sending SMTP server is then expected to retransmit the message to the remaining recipients in another session.
Page 171 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Denied senders List the e-mail addresses from which inbound mail is not accepted. This feature can be used to prevent mail spoofing. With these settings you can make sure that all e-mail messages that are sent outside the company network have the correct domain name.
Page 172: Spam Control
Options... button. 6.3.3 Spam Control For information on configuring Spam Control, see “Administering F-Secure Spam Control”, 240. 6.3.4 Blocking You can block attachments with specified file names and/or extensions so that they are not delivered to end-users. Figure 6-11 Inbound Mail / Blocking settings...
Page 173 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Strip attachments Specify whether attachments are stripped from the e-mails. Disabled - Attachments are not stripped. All files - All attachments are stripped from e-mail messages. All disallowed attachments - Specified attachments are stripped.
Page 174 Scan stripped If you want statistics about viruses found in attachments stripped attachments, you can specify whether the product should scan stripped attachments before taking the corresponding action (block, drop and/or quarantine) on them. Enabling this setting might cause extra load on the server when processing mails with disallowed attachments.
Page 175 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail You can also use wildcards: '?' matches exactly one character, '*' matches any number of characters, including zero (0) characters. For example: '*.mp3, *.txt.exe'. Block partial messages Specify whether multipart messages (with 'message/partial' content type) are allowed to pass through or blocked without scanning.
Page 176 Send notification Specify whether a notification message is message to recipient sent to the mail recipient when a disallowed attachment has been dropped. The notification message text is added to the original e-mail message. If the whole message is stopped, no notification is sent.
Page 177: Virus Scanning
For example: '*.vb?, press_release.*'. 6.3.5 Virus Scanning You can change the Virus Scanning and virus notification settings from F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Virus Scanning. Figure 6-12 Inbound Mail / Virus Scanning settings...
Page 178 Scan for viruses Select whether F-Secure Anti-Virus for Internet Mail should scan messages and attachments for viruses. Mail message body is always scanned unless this setting is set to 'Do not Scan Inbound Messages'. Do not scan inbound messages - Inbound messages are not scanned.
Page 179 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Files with these extensions are checked for viruses when the Scan for Viruses setting is set to All Attachments with Included Extensions. Excluded extensions Specify a space-separated list of the file extensions that are excluded from scanning.
Page 180 Enabled - If this setting is enabled and if the Action on Infected Messages setting is set to Drop Attachment or Disinfect Attachment, the product will only quarantine attachments that are found infected or suspicious and that cannot be disinfected. If this setting is enabled and the Action on Infected Messages setting is set to Stop the Whole Message, the whole e-mail message...
Page 181 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Sender virus notification Specify the subject of the notification subject message that is sent to the sender when a virus or other malicious code has been found. Sender virus notification Specify the body of the notification message...
Page 182: Virus Outbreak Response
When proactive virus threat detection is enabled, the product analyzes inbound e-mail messages for possible security threats. All possibly harmful messages are quarantined as unsafe. Unsafe messages can be automatically reprocessed periodically. Antivirus updates may confirm the unsafe message as safe or infected.
Page 183: File Type Recognition
CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Virus Outbreak Specify recipients of the virus outbreak Notification notification. Recipients Virus Outbreak Specifies the subject line of the virus outbreak Notification Subject notification. Virus Outbreak Specify the message body of the virus outbreak Notification Message notification.
Page 184 Intelligent File Type Select whether Intelligent file type Recognition recognition is enabled or disabled. Enabled - The product attempts to determine the real file type of the attachment and use the correct extension while processing the file. Disabled - The product does not try to determine the correct file type.
Page 185: Disclaimer
CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail 6.3.8 Disclaimer You can change the disclaimer settings from F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Notifications. Figure 6-14 Inbound Mail / Disclaimer settings Add disclaimer to Select whether a disclaimer should be added...
Page 186 If you have received this e-mail in error please notify the system manager. Some malware add disclaimers to infected e-mails, so disclaimers should not be used for stating that an e-mail is clean. For example, see http://www.europe.f-secure.com/v-descs/ netsky_p.shtml...
Page 187: Mail Delivery
Administering F-Secure Anti-Virus for Internet Mail 6.3.9 Mail Delivery You can set where scanned e-mails should be sent from F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Delivery. Figure 6-15 Inbound Mail / Delivery settings Mail routing table Specify how the traffic for certain domains will be routed.
Page 188 IMPORTANT: The settings in the Mail Routing Table must be defined as Final with the Restriction Editor before the policies are distributed. Otherwise the settings will not be changed in the product. Fields for a mail routing entry: Order Specify an ordinal number for the entry. The entries in the table are read sequentially from top to bottom, and the product uses the first possible match it finds.
Page 189 DNS server(s) defined in the TCP/IP options of the operating system. If F-Secure Anti-Virus for Internet Mail and the mail server are installed on the same host, they must use different port numbers for incoming SMTP connections.
Page 190 Restore connection Specify the time that F-Secure Anti-Virus for interval Internet Mail waits before attempting to connect to the mail server if the previous attempt failed or the connection was lost. Give up time Specify how long F-Secure Anti-Virus for Internet Mail attempts to deliver inbound mail before giving up.
Page 191: 6.3.10 Security Options
CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail 6.3.10 Security Options You can configure the Security Options from F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Security Options. Figure 6-16 Inbound Mail / Security Options settings Action on malformed...
Page 192 Pass Through and Report - The product does not scan malformed content and lets the e-mail message pass through unless malicious code is found in the rest of the message. The administrator receives an alert about the malformed content found in the message. Max levels of nested Specify how many levels deep to scan in nested messages...
Page 193 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Action on mails with Select the action to take if an e-mail message long lines contains lines exceeding the maximum length of 995 characters (not including <CRLF>). Reject - The e-mail is rejected.
Page 194 In this example, there are multiple "Content-Disposition" headers and they refer to different attachments (name): This is a multi-part message in MIME format. ------=_NextPart_000_007B_01C19931.61582B60 Content-Type: application/octet-stream Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="nice-picture.jpg.exe" Content-Disposition: attachment; filename="readme.txt"...
Page 195: Monitoring Logs
F-Secure components installed on the host. These logs are described below. Mail Log You can set F-Secure Anti-Virus for Internet Mail to keep log of all the e-mails that pass through it. The mail logs are by default created under the F-Secure Anti-Virus for Internet Mail installation directory.
Page 196 Sent Entry The Sent Entry is added to the log when the mail has been successfully sent to another mail transfer agent, and F-Secure Anti-Virus for Internet Mail and hands over the processing of the mail to another mail transfer agent.
Page 197 2524; Trashed Entry The Trashed Entry is added to the log when F-Secure Anti-Virus for Internet Mail has unsuccessfully tried to bounce a mail and there is no another alternative than to delete it. This should not occur under normal circumstances.
Page 198 “Logging”, 162. Logfile.log Logfile.log is maintained by F-Secure Management Agent, and it contains all the alerts generated by F-Secure components installed on the host. Logfile.log can be found on all hosts running F-Secure Management Agent. F-Secure Management Agent uses Logfile.log (in %Program Files%/ F-Secure/Common directory) for logging all the alerts on the host.
Page 199: Viewing Statistics
Summary, Inbound Mail and Outbound Mail pages. The statistics items on these pages are described below. Summary The Summary page of F-Secure Anti-Virus for Internet Mail displays the SMTP traffic scanning statistics. It shows the amount of messages received and processed, the number of infected and quarantined...
Page 200 Figure 6-17 Summary of SMTP scanning statistics in F-Secure Internet Gatekeeper Web Console...
Page 201 Administering F-Secure Anti-Virus for Internet Mail Status Displays whether F-Secure Anti-Virus for Internet Mail is currently running or not. Start time Displays the date and time when F-Secure Anti-Virus for Internet Mail was started. Messages accepted for Shows the total number of messages delivery accepted for delivery.
Page 202 Click Start to start F-Secure Anti-Virus for Internet Mail and Stop to stop it. Click Reset Statistics to reset the statistics. Inbound Mail and Outbound Mail Statistics The Inbound Mail / Statistics page displays the inbound SMTP traffic scanning statistics. The Outbound Mail / Statistics page displays the outbound SMTP traffic statistics.
Page 203 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Figure 6-18 Inbound Mail statistics in F-Secure Internet Gatekeeper Web Console...
Page 204 The statistics items displayed are the following: Messages accepted for Displays the amount of messages that have delivery been accepted. Messages successfully Displays the amount of messages that have delivered been successfully delivered to the mail server. Processed messages Displays the amount of messages that have been scanned for viruses.
Page 205 CHAPTER 6 Administering F-Secure Anti-Virus for Internet Mail Size of spam messages Displays the total size of spam messages received. Last infection found Displays the name of the last infection in inbound mail. Last infection found on Displays the date and time of the last...
Page 206: Viewing Statistics With F-Secure Policy Manager
Total SMTP Scanning Statistics In F-Secure Policy Manager Console you can see the F-Secure Anti-Virus for Internet Mail statistics on the Status tab under the F-Secure Anti-Virus for Internet Mail / Statistics / Total branch. For explanations, see above. Figure 6-19 Total SMTP Scanning Statistics in F-Secure Policy Manager Console...
Page 207 In F-Secure Policy Manager Console you can see the F-Secure Anti-Virus for Internet Mail Inbound mail statistics on the Status tab under the F-Secure Anti-Virus for Internet Mail / Statistics / Inbound Mail branch and the Outbound mail statistics under the F-Secure Anti-Virus for Internet Mail / Statistics / Inbound Mail.
Page 208: Notifications
Scanning”, 177. You can change the attachment stripping notification settings from F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Blocking page. For more information, see “Blocking”, 172. For information about variables that you can include in notification messages, see “Warning...
Page 209: Chapter 7 Administering F-Secure Content Scanner Server
DMINISTERING ECURE ONTENT CANNER ERVER Overview................... 210 Configuring F-Secure Content Scanner Server......211 Configuring Scanning Settings ..........216 Configuring and Viewing Statistics ........... 226 Monitoring Logs................ 239...
Page 210: Overview
Anti-Virus for Internet Gateways. F-Secure Content Scanner Server scans files, e-mail message bodies and attachments for malicious code. You can change the general F-Secure Content Scanner Server settings to set up the working directory, set the virus definition database update notifications and scan engines.
Page 211: Configuring F-Secure Content Scanner Server
This section explains how you can configure the 7.2.1 Service Connections You can specify how F-Secure Content Scanner Server should interact with F-Secure for Internet Gateways and F-Secure for Internet Mail from F-Secure Content Scanner Server / Settings / Interface. Figure 7-1 Interface settings...
Page 212 IP address Specify the IP address that F-Secure Content Scanner Server listens to. If you do not assign any IP address (0.0.0.0), F-Secure Content Scanner Server responds to all connections. TCP port Specify the port number that F-Secure Content Scanner Server listens to for incoming connections.
Page 213: Database Updates
The default value is 12 hours. Database Updates F-Secure Content Scanner Server can notify the administrator if it detects that virus definition databases are outdated. You can change the notification settings in F-Secure Content Scanner Server / Settings / Database Updates.
Page 214 Figure 7-2 Database Update settings Poll automatically Specify whether F-Secure Content Scanner Server should poll automatically for the virus definition database updates. The polling interval is determined by F-Secure Management Agent/Settings/ Communications/Protocols/<X>/Incoming Packages Polling Interval, where <X> is File Sharing or HTTP. This setting is used in the centrally managed installations only.
Page 215 CHAPTER 7 Administering F-Secure Content Scanner Server Notify when databases Select whether an alert should be sent to the become old administrator when the virus definitions databases become older than the specified time limit. The options available are: Disabled, Send informational alert, Send warning alert, Send security alert.
Page 216: Configuring Scanning Settings
7.3.1 Virus Scanning Go to F-Secure Content Scanner Server / Settings / Virus Scanning and to change the archive scanning and scanning engine settings. These settings are used when F-Secure Internet Gatekeeper scans HTTP, FTP-over-HTTP or SMTP traffic.
Page 217 CHAPTER 7 Administering F-Secure Content Scanner Server Version Displays the version of the scan engine. Custom Settings Displays the custom settings for the scan engine. Excluded extensions Specify a space-separated list of file extensions excluded from scanning by the engine. You can also use wildcards: '?'...
Page 218 Suspect max nested Specify what F-Secure Content Scanner Server archives should do with archive files the nesting level of which exceeds the value specified in Max Levels in Nested Archives. Treat as Safe - Archives are scanned to the specified level and allowed to pass through if no infections are found.
Page 219 CHAPTER 7 Administering F-Secure Content Scanner Server There is a security risk associated with password protected archives because their content cannot be inspected without a password that is known only to the sender and (in most of the cases) the recipient.
Page 220: Spam Filtering
7.3.2 Spam Filtering The number of spam scanner instances can be configured in F-Secure Content Scanner Server / Settings / Spam Filtering. Figure 7-4 Spam Filtering settings Number of spam scanner Specify the number of Spam Scanner instances instances to be created and used for spam analysis.
Page 221 CHAPTER 7 Administering F-Secure Content Scanner Server You might need to modify this setting if you enable Realtime Blackhole Lists (DNSBL/ RBL) for spam filtering. For more information, see “Enabling Realtime Blackhole Lists”, 248 and “Optimizing F-Secure Spam Control Performance”, 250.
Page 222: Threat Detection
7.3.3 Threat Detection The virus outbreak and spam threat detection can be configured in F-Secure Content Scanner Server / Settings / Threat Detection Engine. VOD Cache Size Specify the maximum number of patterns to cache for the virus outbreak detection service.
Page 223: Proxy Configuration
CHAPTER 7 Administering F-Secure Content Scanner Server Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted Networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers and do not have open relays or open proxies.
Page 224: Advanced
7.3.4 Advanced The advanced F-Secure Content Scanner settings can be configured in F-Secure Content Scanner Server / Settings / Advanced. Figure 7-5 Advanced settings Working directory Specify the path to the working directory where the product will create temporary files.
Page 225 F-Secure Content Scanner Server sends an alert to the administrator when the drive has less than the specified amount of space left. Max number of Specify how many files F-Secure Content concurrent transactions Scanner Server should process simultaneously. For more information, see “Concurrent...
Page 226: Configuring And Viewing Statistics
The options available are: Top 5, Top 10 and Top In F-Secure Policy Manager you can see the list of most active viruses under the F-Secure Content Scanner Server / Statistics / Virus Statistics /...
Page 227: Viewing Virus And Spam Statistics With F-Secure Internet Gatekeeper Web Console227
You can view virus and spam statistics with F-Secure Policy Manager Console or F-Secure Internet Gatekeeper Web Console. For instructions on how to log in the F-Secure Internet Gatekeeper Web Console, “Logging in the F-Secure Internet Gatekeeper Web Console for the First Time”, 82.
Page 228 Figure 7-7 A summary of scanning statistics in F-Secure Internet Gatekeeper Web Console Status Status Displays whether F-Secure Content Scanner Server is currently running or not. Start time Displays the start date and time of F-Secure Content Scanner Server. Scanned files Shows the number of files the server has scanned for viruses.
Page 229 Last time infection found Shows the date and time when an infection was found the last time. Click Start to start F-Secure Content Scanner Server and Stop to stop F-Secure Content Scanner Server. Click Reset Statistics to reset the statistics displayed on this page.
Page 230: Virus Statistics
You can see the list of most active viruses on the Summary > Virus Statistics page in F-Secure Internet Gatekeeper Web Console. Figure 7-8 Virus Statistics in F-Secure Internet Gatekeeper Web Console Most active viruses (Top Displays a Top 10 listing of the viruses that have been found most often in the scanned traffic.
Page 231 “Configuring Virus Statistics”, 226. Spam Scanner Statistics On the Summary > Spam Scanner Statistics page in F-Secure Internet Gatekeeper Web Console you can see the Spam Control status, database update information, spam scanning results and the number of messages that have received different spam confidence ratings.
Page 232: Scan Engines
Scan Engines You can see the status of all scan engines on the Scan Engines > Properties page of F-Secure Internet Gatekeeper Web Console. Figure 7-10 Scan engine statuses and statistics in F-Secure Internet Gatekeeper Web Console...
Page 233 Not loaded - This status is displayed when the F-Secure Content Scanner Server failed to load a scan engine for some reason. You should check the logfile.log for the reason of the failure. It might be, for example, that one or more database files are missing or corrupted.
Page 234 Disinfected files Displays the number of infected files the selected scan engine has successfully disinfected. Last infection found Displays the name of the latest infection that was found with the selected scan engine. Last time infection found Displays the date and time of the last infection.
Page 235: Viewing Virus And Spam Statistics With F-Secure Policy Manager Console
Viewing Virus and Spam Statistics with F-Secure Policy Manager Console Total Scanning Statistics In F-Secure Policy Manager you can see a summary of the scanning statistics under F-Secure Content Scanner Server / Statistics / Server branch. For explanations, see above.
Page 236 Virus Statistics In F-Secure Policy Manager Console you can see the list of most active viruses under the F-Secure Content Scanner Server / Statistics / Virus Statistics / Most Active Viruses branch. Figure 7-12 Virus Statistics in F-Secure Policy Manager Console For explanations for these statistics, see “Virus...
Page 237 CHAPTER 7 Administering F-Secure Content Scanner Server Spam Control Statistics In F-Secure Policy Manager Console you can see the spam statistics under the F-Secure Content Scanner Server / Statistics / Spam Control branch. Figure 7-13 Spam Control statistics in F-Secure Policy Manager Console For explanations for these statistics, see “Spam Scanner...
Page 238 Scan Engines In F-Secure Policy Manager Console you can see the status of the scan engines under the F-Secure Content Scanner Server / Statistics / Scan Engines branch. Figure 7-14 Scan engine statuses and statistics in F-Secure Policy Manager Console For explanations for these statistics, see “Scan...
Page 239: Monitoring Logs
F-Secure Content Scanner Server. 7.5.1 Logfile.log F-Secure Content Scanner Server does not have a separate log of its own. Instead, it logs all events in Logfile.log. Logfile.log is maintained by F-Secure Management Agent, and it contains all the alerts generated by the F-Secure components installed on the host.
Page 240: Chapter 8 Administering F-Secure Spam Control
DMINISTERING ECURE ONTROL Introduction................241 Spam Control Settings.............. 242 Realtime Blackhole List Configuration........248...
Page 241: Introduction
F-Secure Spam Control spam definition databases can be updated with F-Secure Automatic Update Agent. In order to update the spam definition databases F-Secure Automatic Update Agent must be installed on the same computer as F-Secure Spam Control. F-Secure Policy Manager is not used for updating the spam definition databases.
Page 242: Spam Control Settings
Spam Control Settings Change the settings in F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Spam Control to configure how F-Secure Anti-Virus for Internet Mail scans incoming mail for spam. These settings are used only if F-Secure Spam Control is installed with the product.
Page 243 CHAPTER 8 Administering F-Secure Spam Control When the heuristic spam analysis is enabled, all messages that the threat detection engine does not classify as spam are further analyzed for spam. When the heuristic spam analysis is disabled, only the threat detection engine scans inbound mails for spam.
Page 244 Action on spam Specify the action to take with e-mail messages messages considered spam. Pass Through - E-mail messages considered spam are marked as specified by the Add-X Header and Modify Spam Message Subject settings and delivered to designated recipient(s). Quarantine - E-mail messages considered spam are placed in the quarantine directory.
Page 245 CHAPTER 8 Administering F-Secure Spam Control Add X-Header with Spam Specifies if the spam flag will be added to the flag mail as a X-Spam-Flag header in the following format: X-Spam-Flag: <flag> CRLF where <flag> is either "YES" or "NO".
Page 246 Forward spam messages Specifies the e-mail address where e-mail to e-mail address messages considered spam will be forwarded to if the Action on Spam Messages setting is set to Forward. The address should be specified in "local-part@domain" format, e.g. abuse@example.com. Max message size Specify the maximum size of e-mail messages to be scanned for spam.
Page 247 CHAPTER 8 Administering F-Secure Spam Control Blocked Recipients Specify the list of e-mail recipients whose incoming messages are always treated as spam. When specifying sender and recipient addresses, use the username@example.com format. You can use wildcards. The match is not case sensitive.
Page 248: Realtime Blackhole List Configuration
Make sure you do not have a firewall preventing DNS access from the host where F-Secure Spam Control is running. Test the DNS functionality by running the nslookup command at Microsoft Windows command prompt on the host running F-Secure Spam Control. An example: C:\>nslookup 2.0.0.127.sbl-xbl.spamhaus.org.
Page 249 F-Secure Content Scanner Server through F-Secure Internet Gatekeeper Web Console. You can force F-Secure Spam Control to use a specific DNS server (not necessarily configured in Microsoft Windows networking) by adding a new system environment variable as described in the instructions below.
Page 250: Optimizing F-Secure Spam Control Performance
To force F-Secure Spam Control to use a specific DNS server, do the following: 1. Right-click the My Computer icon and select Properties. Select Advanced and click the Environment Variables.. button. In the System variables panel click New... In the New System Variable dialog specify the new variable as...
Page 251: Chapter 9 Administering F-Secure Management Agent
DMINISTERING ECURE ANAGEMENT GENT F-Secure Management Agent Settings ........252 Configuring Alert Forwarding............ 254...
Page 252: F-Secure Management Agent Settings
F-Secure Management Agent Settings F-Secure Management Agent enforces the security policies set by the administrator. It handles all management functions on the local workstations and provides a common interface for all F-Secure applications. and operates within the policy-based management infrastructure.
Page 253 Password The password of the account that is used for accessing the shared directory. HTTP Policy Manager Server URL of the F-Secure Policy Manager Server. address Do not add a slash at the end of the URL. URL example: “http://fsms.example.com”.
Page 254: Configuring Alert Forwarding
The maximum time the host will store the information that it cannot transmit. Configuring Alert Forwarding In F-Secure Policy Manager you can configure alert forwarding by editing the Alert Forwarding table, which is located under F-Secure Management Agent / Settings / Alerting.
Page 255 For example, F-Secure Management Agent / Settings / Alerting / F-Secure Policy Manager / Retry Send Interval specifies how often a host will attempt to send alerts to F-Secure Policy Manager when previous attempts have failed. F-Secure Internet Gatekeeper can be set to report different types of alerts...
Page 256 You can configure alert forwarding in stand-alone mode using F-Secure Management Agent. To open F-Secure Management Agent, double-click the F-Secure Settings and Statistics icon in the Windows system tray. Select F-Secure Management Agent and click Properties. Go to the Alerting tab to configure the alert forwarding.
Page 257 CHAPTER 9 Administering F-Secure Management Agent If you choose to forward alerts to an e-mail address (SMTP), you have to specify the e-mail address of the recipient and the mail server you want to use. Select E-Mail (SMTP) and click...
Page 258: Chapter 10 Quarantine Management
UARANTINE ANAGEMENT Introduction................259 Configuring Quarantine Options..........260 Searching the Quarantined Content ......... 260 Query Results Page ..............265 Viewing Details of a Quarantined Message......267 Reprocessing the Quarantined Content ........268 Releasing the Quarantined Content ......... 269 Removing the Quarantined Content ......... 271 Deleting Old Quarantined Content Automatically.....
Page 259: Introduction
If you have multiple F-Secure Internet Gatekeeper installations, you can manage the quarantined content on all of them from one single F-Secure Internet Gatekeeper Web Console. For more information, see “Scenario...
Page 260: Configuring Quarantine Options
For more information on the settings, see “Quarantine”, 151. In centrally managed installations, the quarantine settings are configured with F-secure Policy Manager in the F-Secure Anti-Virus for Internet Mail / Common / Quarantine branch. For more information, see “Quarantine”, 151. The actual quarantine management is done through F-Secure Internet Gatekeeper Web Console.
Page 261 CHAPTER 10 Quarantine Management Figure 10-1 Quarantine Query page...
Page 262 You can use the following search criteria: Quarantine ID Enter the quarantine ID of a quarantined message. The quarantine ID is displayed in the notification sent to the user about the quarantined message. Reason Select the quarantining reason from the drop-down menu.
Page 263 CHAPTER 10 Quarantine Management You can use the SQL wildcards in searches in the Reason Details, Sender, Recipients, Subject, Message Id and Host/IP address fields. For more information, see “Using Wildcards”, 264. Sender Enter the e-mail sender address. You can only search for one address at a time, but you can widen the search by using the wildcards.
Page 264: Using Wildcards
E-mails to be reprocessed and released - Displays e-mails that are currently set to be reprocessed or released, but have not been reprocessed or released yet. Search period Select the time period when the data has been quarantined. Select Exact start and end dates to specify the date and time (year, month, day, hour, minute) when the data has been quarantined.
Page 265: Query Results Page
CHAPTER 10 Quarantine Management 10.4 Query Results Page Figure 10-2 Quarantine Query Results Page The Quarantine Query Results page displays a list of e-mails that were found in the query. To view detailed information about a quarantined e-mail, click the View...
Page 266 You can select an operation to perform on the messages that were found in the query: Click Reprocess to scan the currently selected e-mail again, or click Reprocess All to scan all e-mail messages that were found. For more information, see “Reprocessing the Quarantined Content”, 268.
Page 267: Viewing Details Of A Quarantined Message
CHAPTER 10 Quarantine Management Icon E-mail status This is a quarantined e-mail that the administrator has set to be deleted. The deletion operation has not been completed yet. This is a quarantined e-mail the releasing of which failed. This is a quarantined e-mail the reprocessing of which failed. 10.5 Viewing Details of a Quarantined Message To view the details of a quarantined message, do the following:...
Page 268: Reprocessing The Quarantined Content
Quarantine ID (QID) Submit date - The date and time when the item was placed in the quarantine. Processing Server - The F-Secure Anti-Virus for Internet Mail server that processed the message. Envelope sender - The address of the message sender.
Page 269: Releasing The Quarantined Content
CHAPTER 10 Quarantine Management 1. Select the F-Secure Anti-Virus for Internet Mail tab and the Quarantine page. Select the start and end dates and times of the quarantining period from the Start time: and End Time: drop-down menus. If you want to specify how the search results are sorted, select the sorting criteria and order from the Sort results by: and order: drop-down menus.
Page 270 1. Select the F-Secure Anti-Virus for Internet Mail tab and the Quarantine page. Enter the Quarantine ID of the message in the Quarantine ID field. Click Query. When the query is finished, the query results page is displayed. Click Release button to release the displayed quarantined content.
Page 271: Removing The Quarantined Content
1. Select the F-Secure Anti-Virus for Internet Mail tab and the Quarantine page in the Web Console. Select the quarantining reason, Spam, from the Reason: drop-down menu.
Page 272 Select the category for which you want to specify the exception, for example Infected, from the Quarantine Category drop-down menu. Specify a retention period that is shorter than the default value, for example 1 day, in the Retention Period column. Specify a cleanup interval that is shorter than the default value, for example 30 minutes, in the Cleanup Interval column.
Page 273: 10.10 Quarantine Database Settings
For more information refer to the product support pages at http://support.f-secure.com/enu/corporate/ 10.11 Quarantine Logging To view the Quarantine Log, open the F-Secure Anti-Virus for Internet Mail tab in the Web Console, and go to the Quarantine page. Then click Show Log File button.
Page 274 Figure 10-4 Quarantine > Statistics page E-mail messages and infected, suspicious and disallowed attachments are stored and counted as separate items in the quarantine storage. For example, if a message has three attachments and only one of them has been found infected, two items will be created in the quarantine storage.
Page 275: Chapter 11 Security And Performance
ECURITY AND ERFORMANCE Introduction................276 Optimizing Security..............276 Optimizing Performance............277...
Page 276: Introduction
11.1 Introduction After you have configured basic settings and you are sure that F-Secure Internet Gatekeeper is running properly, you can modify settings to optimize security and performance. 11.2 Optimizing Security For maximum security, you should remove all unnecessary system services, file shares and user accounts from computers on which you install F-Secure Internet Gatekeeper.
Page 277: 11.2.2 Access Control
11.2.3 Data Trickling As there is a chance that a part of the malicious code passes through F-Secure Internet Gatekeeper before the virus scanner can detect it, it is not recommended to use large values in the Trickle Packet Size setting.
Page 278 The Threads per child process setting defines how many clients can use F-Secure Internet Gatekeeper at the same time. Usually, browsers open about 4 connections to F-Secure Internet Gatekeeper, so with 50 threads per child process, F-Secure Internet Gatekeeper can serve up to 12 clients at the same time.
Page 279 For more information, “Service Connections”, 211. Number of Ports in Use If necessary, you can enhance the performance of F-Secure Anti-Virus for Internet Gateways by increasing the number of ports in use. For more information, see http://support.microsoft.com/default.aspx?scid=kb;en-us;196271...
Page 280: Chapter 12 Updating Virus And Spam Definition Databases
PDATING IRUS AND EFINITION ATABASES Overview................... 281 Automatic Updates ..............281 Configuring Automatic Updates..........282...
Page 281: Overview
With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published. When a new virus is found, F-Secure provides a new virus definition database update. F-Secure Internet Gatekeeper uses an intelligent UDP-based polite protocol (BWTP) or HTTP protocol to fetch this update.
Page 282: Configuring Automatic Updates
Internet Gatekeeper Web Console, and select the Automatic Update Agent tab. In centrally managed installations, you can use the F-Secure Internet Gatekeeper Web Console for monitoring the F-Secure Automatic Update Agent settings. To change these settings, use F-Secure Policy Manager...
Page 283: Summary
CHAPTER 12 Updating Virus and Spam Definition Databases 12.3.1 Summary Figure 12-1 Automatic Update Agent summary in F-Secure Internet Gatekeeper Web Console...
Page 284 Current HTTP proxy Displays the address of the HTTP proxy that is address currently used for database updates. Current Policy Displays the address of the F-Secure Policy Manager proxy Manager proxy that is currently used. address...
Page 285 CHAPTER 12 Updating Virus and Spam Definition Databases Downloads Figure 12-2 Automatic Update Agent downloads in F-Secure Internet Gatekeeper Web Console The Downloads page displays downloaded and installed update packages.
Page 286: 12.3.2 Automatic Updates
12.3.2 Automatic Updates Figure 12-3 Automatic update settings in F-Secure Internet Gatekeeper Web Console Specify the how the product connects to F-Secure Update Server.
Page 287 User defined proxy field. Update Server Allow fetching Specify whether the product should connect to updates from F-Secure Update Server when it cannot connect F-Secure Update to any user-specified update server. To edit the Server list of update sources, see “Policy Manager...
Page 288 If the product cannot connect to any user-specified update server during the failover time, it retrieves the latest virus definition updates from F-Secure Update Server if Allow fetching updates from F-Secure Update Server is enabled. Server polling interval Define (in minutes) how often the product checks F-Secure Policy Manager Proxies for new updates.
Page 289: 12.3.3 Policy Manager Proxies
CHAPTER 12 Updating Virus and Spam Definition Databases 12.3.3 Policy Manager Proxies Figure 12-4 Policy Manager proxy settings in F-Secure Internet Gatekeeper Web Console Edit the list of virus definition database update sources and F-Secure Policy Manager proxies. If no update servers are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically.
Page 290 1. Click to add the new entry to the list. Enter the URL of the update source in the Proxy Address field. Edit the priority of the update source. The priority numbers are used to define the order in which the host tries to connect servers. Virus definition updates are downloaded from the primary sources first, secondary update sources can be used as a backup.
Page 291: Chapter 13 Troubleshooting
ROUBLESHOOTING Testing the Connections ............292 Starting and Stopping F-Secure Internet Gatekeeper Components ................. 294 Frequently Asked Questions ..........295...
Page 292: Testing The Connections
Running You can test that the product is running by opening a telnet connection from the F-Secure Anti-Virus for Internet Mail machine to the port it is running on (usually 25). If you get a textual response, it means that the network connection is working.
Page 293: Checking That F-Secure Content Scanner Server Is Up And Running
Running You can test if the product is running by opening a telnet connection to the F-Secure Content Scanner Server machine to the port 18971 (if you have specified a different FNP/SCIP port, use that port instead). If you get the cursor blinking in the upper left corner, it means that the connection has been established and F-Secure Content Scanner Server can accept incoming connections.
Page 294: Starting And Stopping F-Secure Internet Gatekeeper Components
Open Windows Control Panel and the Services dialog box. Select F-Secure Anti-Virus for Internet Gateways Daemon. To stop F-Secure Anti-Virus for Internet Gateways, click Stop. To start the service, click Start. To start or stop F-Secure Anti-Virus for Internet Mail: Open the F-Secure Internet Gatekeeper Web Console and select the Anti-Virus for Internet Mail tab.
Page 295: Frequently Asked Questions
CHAPTER 13 Troubleshooting 13.3 Frequently Asked Questions All support issues, frequently asked questions and hotfixes can be found under the support pages at http://support.f-secure.com/. For more information, see “Technical Support”, 409.
Page 296: Appendix A Warning Messages
APPENDIX: Warning Messages HTTP Warning Messages ............297 SMTP Warning Messages............298...
Page 297: Http Warning Messages
The IP address of the requesting host. $REASON A short explanation why the content was blocked. $THREAT The name of the found infection. $MOREINFO The URL to the page on www.F-Secure.com that gives more information about the found malicious code.
Page 298: Smtp Warning Messages
SMTP Warning Messages The following table lists variables that can be included in the warning message sent by F-Secure Internet Gatekeeper if an infection is found or an attachment is stripped from a scanned message. These variables are dynamically replaced by their actual names. If an actual name is not present, the corresponding variable is replaced with [Unknown].
Page 299: Virus Outbreak Notification Messages
APPENDIX A Warning Messages The following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $REPORT-BEGIN and $REPORT-END. Variable Description $AFFECTED-FILENAME The name of the original file or attachment. $AFFECTED-FILESIZE The size of the original file or attachment.
Page 300: Appendix B Specifying Hosts
APPENDIX: Specifying Hosts Introduction................301 Domain ..................301 Subnet ..................301 IP Address................302 Hostname ................. 302...
Page 301: Introduction
APPENDIX B Specifying Hosts Introduction You can specify a host or group of hosts in F-Secure Anti-Virus for Internet Gateways with a domain, subnet, IP address or hostname. Domain A domain is a partially qualified DNS domain name, preceded by a period.
Page 302: Ip Address
Examples: The subnet 192.168.0.0 with an implied netmask of 16 valid bits (sometimes used in the netmask form 255.255.0.0) 192.168 The subnet 192.168.112.0/21 with a netmask of 21 valid bits (also used in the netmask form 255.255.248.0) 192.168.112.0/21 A subnet with 32 valid bits is the equivalent to an IP address and a subnet with zero valid bits (0.0.0.0/0) matches any IP address.
Page 303 APPENDIX B Specifying Hosts Hostname comparisons are case insensitive, and hostnames are always assumed to be anchored in the root of the DNS tree. Therefore, hosts “WWW.example.com” and “www.example.com.” (note the trailing period) are considered to be equal. Usually it is more effective to specify an IP address instead of a hostname, as the IP address does not require a DNS lookup.
Page 304: Appendix C Access Log Variables
APPENDIX: Access Log Variables List of Access Log Variables............. 305...
Page 305: List Of Access Log Variables
APPENDIX C Access Log Variables List of Access Log Variables You can use the following variables in the access log: Format String Description The remote IP address. The local IP address. Bytes sent, excluding HTTP headers. When no bytes are sent, the value is ‘0’. Bytes sent in CLF format, excluding HTTP headers.
Page 306 Format String Description The contents of ‘Example’: header line(s) in %{Example}o the reply. The canonical port of the server serving the request. The process ID of the child that serviced the request. The query string. If the query string exists, a ‘?’...
Page 307 APPENDIX C Access Log Variables The following notes can be used in the %..n format, for example: %{FSFILTER::action}n: Note Description The value is the result of the file scan {FSFILTER::scanresult} Infected - The file contained malicious code. Clean - The file was clean. Suspicious - The file was found to be suspicious.
Page 308 Note Description Trusted - The client or the site was trusted. Error - There was an error while processing the request. See the error log for more information. Abort - The client closed the connection unexpectedly. The value is the name of the infection if the {FSFILTER::infection} file is infected.
Page 309: Appendix D Mail Log Variables
APPENDIX: Mail Log Variables List of Mail Log Variables............310...
Page 310: List Of Mail Log Variables
List of Mail Log Variables You can use the following macros to specify what kind of information is collected from different events in the F-Secure Anti-Virus for Internet Mail mail log. Macro For which events Description The date and time when the event occurred...
Page 311 APPENDIX D Mail Log Variables Macro For which events Description Scanned, Sent The size of the mail message after processing (in $MSIZE bytes). Sent The address of the mail server (MTA) that the mail $RELAYED message was relayed to after processing (in form of "direct"|"dns"<space>name"["ip-address"]").
Page 312: Appendix E Configuring Mail Servers
APPENDIX: Configuring Mail Servers Configuring the Network ............313 Configuring Mail Servers ............314...
Page 313: Configuring The Network
Internet Gatekeeper. No settings have to be changed from the mail clients if they use smtp.example.com, which has been changed in the DNS to point to F-Secure Internet Gatekeeper. If this is not the case, outgoing SMTP server should be changed to the F-Secure Internet Gatekeeper address.
Page 314: Configuring Mail Servers
If you are installing F-Secure Internet Gatekeeper to a Lotus Domino Server, it is recommended to change the SMTP port number of Lotus Domino and use the standard SMTP TCP port 25 for F-Secure Internet Gatekeeper. To change the SMTP port number in Lotus Domino R5: Open the Domino Address Book (Name &...
Page 315: Microsoft Exchange 5.5
Restart the Lotus Domino Server. E.2.2 Microsoft Exchange 5.5 If you are installing F-Secure Internet Gatekeeper to a Microsoft Exchange Server 5.5, it is recommended to change the SMTP port number of Microsoft Exchange 5.5. and use the standard SMTP TCP port number 25 for F-Secure Internet Gatekeeper.
Page 316 To change the SMTP port number in MS Exchange 2000: Start the Exchange System Manager from the Start Menu. Open the Servers / {Current Server} / Protocols / SMTP branch.
Page 317 APPENDIX E Configuring Mail Servers Open the Properties window of Default SMTP Virtual Server. Click Advanced. Select the line that has SMTP port number 25 and click Edit.
Page 318 Change the TCP port to some other unused port, for example 26. Click for all the windows and reboot the server.
Page 319: Appendix F Advanced Deployment Options
APPENDIX: Advanced Deployment Options Introduction............... 320 Transparent Proxy ............320 HTTP Load Balancing ............329 Load Balancing With Windows Network Load Balancing Service ................339 Deployment Scenarios for Environments with Multiple Sub-domains ..............349...
Page 320: Introduction
Servers in a cluster communicate among themselves and provide high-availability, load balancing and scalability. The service is included in any version of Windows 2003 server. If you want to deploy F-Secure Internet Gatekeeper in an environment with multiple sub-domains, see“Deployment Scenarios for Environments with Multiple Sub-domains”, 349.
Page 321 Figure F-1 F-Secure Anti-Virus for Internet Gateways deployed with a transparent proxy Using a transparent proxy is the best way to provide a reliable and easy HTTP scanning service with F-Secure Internet Gatekeeper.
Page 322: Examples
In these examples, F-Secure Internet Gatekeeper listens to IP address 192.168.0.1, port 3128. For information on how to configure F-Secure Internet Gatekeeper, see sections “Configuring F-Secure Anti-Virus for...
Page 323 APPENDIX F Advanced Deployment Options Click OK. Step 2. Open the ISA Management console. Open Servers and Arrays > Extensions > Application Filters. Right-click HTTP Redirector Filter and select Properties. Select Options and make sure that Redirect to Local Web proxy service is enabled.
Page 324 Click OK. Step 3. Open the ISA Management console. Open Servers and Arrays > Network Configuration > Routing. Right-click Default rule and select Action. Enable Routing them to a specified upstream server.
Page 325 Advanced Deployment Options For the Primary route, set the IP address and the port number that F-Secure Internet Gatekeeper is configured to listen for incoming connections. For the Backup route, select the one which is the most appropriate for you.
Page 326 Click OK. Transparent Proxy With Microsoft ISA Server 2004 F-Secure Internet Gatekeeper requires Microsoft ISA Server 2004 Service Pack 1 (SP1). For more information how to obtain ISA Server 2004 SP1, visit the Microsoft website: http://www.microsoft.com/isaserver/ Example: Open the ISA Management console Open Arrays >...
Page 327: Transparent Proxy With Linux And Unix Based Systems
APPENDIX F Advanced Deployment Options Select Settings. Specify the server IP address and the port number where F-Secure Internet Gatekeeper is configured to listen for incoming connections. Make sure the Automatically poll upstream server for the configuration setting is deselected.
Page 328: Additional Information
Benefits Does not require expensive software or hardware components. Open source. The system may run on any hardware. Drawbacks May be difficult to configure. No graphical user interface. Examples An example using "ipchains" (Linux 2.2) # /sbin/ipchains -A input -d 0/0 80 -p tcp -j REDIRECT 3128 An example using "iptables"...
Page 329: Transparent Proxy With Cisco, Nortel And Lucent
APPENDIX F Advanced Deployment Options http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ firewalls.html F.2.3 Transparent Proxy with Cisco, Nortel and Lucent Benefits Professional transparent proxy support. Easy to integrate. Drawbacks Requires additional software and hardware. Requires extra skills to configure. Examples For detailed examples, see developer web sites. Additional information http://www.cisco.com/ http://www.nortelnetworks.com/...
Page 330: Round-Robin Dns Based Load Balancing
F.3.1 Round-Robin DNS Based Load Balancing Figure F-2 F-Secure Anti-Virus for Internet Gateways deployed with Round-robin DNS based load balancing Clients have to configure web browsers to use a HTTP proxy. A Domain Name Server (DNS) server resolves the name of the proxy server to its IP address so that clients know how to connect to it.
Page 331: Load Balancing With Proxy Auto-Configuration (Pac) Or Web Proxy Auto-Discovery Protocol (Wpad)
F.3.2 Load Balancing with Proxy Auto-Configuration (PAC) or Web Proxy Auto-Discovery Protocol (WPAD) Figure F-3 F-Secure Anti-Virus for Internet Gateways deployed with Proxy Auto-Configuration (PAC) Clients have to configure web browsers to use a Java script automatic proxy and the web browser should support the Java script.
Page 332 Example of Java script auto-configuration file can be found here: http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html You can find more information about hash-based proxy auto-configuration scripts from the Sharp Super Proxy Script page. With hash-based proxy auto-configuration scripts, you can distribute the load between different caching proxies: http://naragw.sharp.co.jp/sps/ Benefits...
Page 333: Load Balancing With Proxy Or Firewall
F.3.3 Load Balancing with Proxy or Firewall Figure F-4 F-Secure Anti-Virus for Internet Gateways deployed with HTTP proxy Clients have to configure web browsers to use a HTTP proxy. If the upstream proxy is transparent, clients do not require any configuration.
Page 334 Microsoft ISA Server http://www.microsoft.com/ISAServer/ (formerly MS Proxy) http://www.microsoft.com/isaserver/techinfo/ planning/ISA2000Caching.doc Netscape Proxy Server http://wp.netscape.com/proxy/v3.5/ http://wp.netscape.com/proxy/v3.5/ evalguide/advantages.html Check Point FireWall-1 Check Point FireWall-1 and Check Point NG and Check Point NG have connect control modules which can be used to balance load between servers like web, FTP and others with IP addresses.
Page 335: Hardware And Software Load-Balancing Solutions
APPENDIX F Advanced Deployment Options F.3.4 Hardware and Software Load-balancing Solutions Network Address Translation (NAT) Figure F-5 F-Secure Anti-Virus for Internet Gateways deployed with Network Address Translation (NAT) Direct-Path Routing Figure F-6 F-Secure Anti-Virus for Internet Gateways deployed with Direct-Path Routing...
Page 336 Benefits Supports several load-balancing models (for example round-robin, least connections, weighted round-robin) Proxying on the TCP/IP level. Capable of performing OSI Layer 2 to 7 load balancing. Can be implemented transparently with a non-transparent proxy, so no configuration changes need to be done at client hosts. System maintenance can be performed during business hours without service outages.
Page 337: Load Balancing And High Availability With Clustering
F.3.5 Load Balancing and High Availability with Clustering Figure F-7 F-Secure Anti-Virus for Internet Gateways deployed with clustering Clients access a cluster, a virtual server. Nodes in a cluster communicate among themselves and provide high-availability, load balancing and scalability.
Page 338 Benefits Provides true dynamic load balancing across the cluster to optimize the use of all available resources. Users are protected during the scheduled shut-downs, when individual servers are taken off-line for maintenance or upgrades. The product is installed on a node. Drawbacks Requires some steps to configure and deploy.
Page 339: Load Balancing With Windows Network Load Balancing Service
Advanced Deployment Options Load Balancing With Windows Network Load Balancing Service Load balancing between multiple instances of F-Secure Internet Gatekeeper can be implemented with a Network Load Balancing service, which is included in Windows Server 2003. The Network Load Balancing...
Page 340: Setting Up Network Load Balancing Services
F.4.2 Setting Up Network Load Balancing Services The Network Load Balancing service is included in all Windows 2003 Server versions, but is has to be installed and configured before it can be used. Configuring TCP/IP and Network Load Balancing Settings All settings should be identical for all servers in the cluster, except the IP address which should be unique for each server.
Page 341 APPENDIX F Advanced Deployment Options In this example, we use the following values: IP address:192.168.0.231 Netmask:255.255.255.0 Gateway:192.168.0.1 DNS server:192.168.0.10 All other computers connected to the local area network connect to the cluster with address 192.168.0.233. In networks that have an existing cache proxy, the load balancing cluster directs all traffic to the subordinate proxy.
Page 342 Add the cluster address as the second IP address in the Advanced options. (In our case 192.168.0.233) Use the following settings in Network Load Balancing:...
Page 343 APPENDIX F Advanced Deployment Options Use the multicast communication mode. The remote control is not necessary and it can be disabled. Use an individual IP address for each different server. Each server should have a different host identifier number (priority).
Page 344 Change the Affinity to None. Otherwise the default settings are fine. You can use different settings, just make sure that all settings are identical on all servers. After you have configured TCP/IP and Network Load Balancing settings, check that the cluster is working.
Page 345 APPENDIX F Advanced Deployment Options Checking The Status of the Cluster Open the Network Load Balancing Manager from the Administrative tools to administer the cluster and individual nodes. Select Cluster > Connect to Existing to connect to the cluster.
Page 346 Install F-Secure Internet Gatekeeper. For installation instructions, read the F-Secure Internet Gatekeeper Administrator’s Guide. Install F-Secure Internet Gatekeeper on all servers on same paths and with same initial settings. It is recommended that servers have two hard disk partitions - one partition that contains the operating system and the other partition for data where you install F-Secure Internet Gatekeeper.
Page 347 APPENDIX F Advanced Deployment Options Edit each file in each server so that you know which server in the cluster sent the page to the browser. For example: Change files on other servers in the same way but use a different IP address.
Page 348 Set the IP address of the cluster as the proxy address of the web browser Enter http://192.168.0.233:3128 in the web browser and open the page. Refresh the page several times and if everything is working properly, you can see that each server in the cluster returns the correct page.
Page 349: Deployment Scenarios For Environments With Multiple Sub-Domains
APPENDIX F Advanced Deployment Options Deployment Scenarios for Environments with Multiple Sub-domains F.5.1 Scenario 1: F-Secure Anti-Virus for Internet Mail as an Upstream Mail Transfer Agent Figure F-8 F-Secure Anti-Virus for Internet Mail deployed as an upstream Mail Transfer Agent...
Page 350 Environment: F-Secure Anti-Virus for Internet Mail is installed on the host smtp.my.intranet instead of the original Mail Transfer Agent. No changes are needed in DNS. The DNS MX records point my.sub1.domain and my.sub2.domain to the smtp.my.intranet host (or to the host running the firewall). All inbound mails come to F-Secure Anti-Virus for Internet Mail running at smtp.my.intranet host.
Page 351 Advanced Deployment Options Inbound Mail Delivery options are configured as follows: The Use DNS MX Records setting in F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Delivery is disabled. The Mail Routing Table contains the following entries:...
Page 352: Scenario 2: F-Secure Anti-Virus For Internet Mail As Interim Mail Transfer Agent
F.5.2 Scenario 2: F-Secure Anti-Virus for Internet Mail as Interim Mail Transfer Agent Figure F-9 F-Secure Anti-Virus for Internet Mail deployed as an Interim Mail Transfer Agent...
Page 353 APPENDIX F Advanced Deployment Options Environment: F-Secure Anti-Virus for Internet Mail is installed on a host named smtp.my.intranet. The original Mail Transfer Agent remains on the original computer, but the host name is changed to something else, for example mx.my.intranet.
Page 354 Inbound Mail Delivery options are configured as follows: The Use DNS MX Records setting in F-Secure Anti-Virus for Internet Mail / Settings / Inbound Mail / Delivery is disabled. The Mail Routing Table contains the following entries: Order Domain Primary Mail Server my.sub1.domain...
Page 355 Common virus scanning and spam filtering policies for all sub-domains. It is possible to install F-Secure Anti-Virus for Internet Mail on the same host that runs upstream Mail Transfer Agent, provided that they support the same platform. The machine must have enough resources to run F-Secure Anti-Virus for Internet Mail and mail server software.
Page 356: Scenario 3: F-Secure Anti-Virus For Internet Mail For Each Sub-Domain
F.5.3 Scenario 3: F-Secure Anti-Virus for Internet Mail for each Sub-domain Figure F-10 F-Secure Anti-Virus for Internet Mail installed on a separate computer for each sub-domain...
Page 357 Gatekeeper installations with Centralized Quarantine Management”, 40. Environment: There is a F-Secure Anti-Virus for Internet Mail is installed on a separate computer for each sub-domain. The mail servers of the sub-domains remain on the original machines. DNS configuration for sub-domains is changed so that F-Secure Anti-Virus for Internet Mail host is resolved as smtp.my.sub*.intranet and the mail server host is resolved as...
Page 358 IMPORTANT: This example is for the my.sub1.domain. You should do the same for each sub-domain. • F-Secure Anti-Virus for Internet Mail is configured to accept incoming connections on port 25 from smtp.my.intranet host and the end-user workstations belonging to my.sub1.domain only.
Page 359 Console.) Configuration of sub-domain mail servers needs to be changed. It is possible to install F-Secure Anti-Virus for Internet Mail to the same host running the sub-domain mail server, provided that they support the same platform. The machine must have enough resources to run F-Secure Anti-Virus for Internet Mail and mail server software.
Page 360: Appendix G Services And Processes
APPENDIX: Services and Processes List of Services and Processes ..........361...
Page 361: List Of Services And Processes
The service starts and monitors the status of the Internet Gateways Daemon HTTP proxy module. It restarts the proxy module when the F-Secure Anti-Virus for Internet Gateways settings are changed. F-Secure Management Agent starts and controls the service automatically.
Page 362 Server Daemon scanning and spam filtering services for Simple Content Inspection Protocol (SCIP) compliant clients. F-Secure Management Agent starts and controls the service automatically. fsdbuh.exe The Database Update Handler process verifies and checks the integrity of virus definition and spam control database updates.
Page 363 Alert and Management Extensions Handler is used to send alerts and reports to F-Secure Policy Manager Console, LogFile.log, Windows NT event log and SMTP server. fih32.exe...
Page 364 F-Secure Automatic Update Agent Service Process Description F-Secure Automatic fsaua.exe The service retrieves updates from F-Secure Policy Update Agent Manager or F-Secure Update server.
Page 365: Appendix H Error Codes
APPENDIX: Error Codes Introduction................366 F-Secure Anti-Virus for Internet Gateways....... 366 F-Secure Anti-Virus for Internet Mail ........374 F-Secure Content Scanner Server ........... 391...
Page 366: Introduction
This appendix describes error codes and messages of F-Secure Anti-Virus for Internet Gateways (Table H.2 on page 366), F-Secure Anti-Virus for Internet Mail (Table H.3 on page 374) and F-Secure Content Scanner Server (Table H.4 on page 391). F-Secure Anti-Virus for Internet Gateways...
Page 367 Module Restarted %1 restarted as The product is restarted No actions are required. requested by the user. from the Web Console or F-Secure Policy Manager Console. Fatal Error Loading Module Module %1 (%2) could HTTP scanning module Check the reason for the Failed not be loaded.
Page 368 F-Secure support. Fatal Error Unable to Run Cannot run the During product startup or Make sure that F-Secure Message Pump message pump. Error: restart. Management Agent is up and running. Product restart or system reboot can help to solve this.
Page 369 APPENDIX H Error Codes Severity Trap Message When/Why Solution Error Unable to Open The file '%1' cannot be If the product cannot open Check the reason for the File opened due to error: or create the file in failure and act accordingly. question.
Page 370 Settings Changed The following settings Product settings have No actions are required. have been changed: been changed from F-Secure Policy Manager Console or the Web Console. The alert contains the list of settings that have been changed. Error Policy Read...
Page 371 APPENDIX H Error Codes Severity Trap Message When/Why Solution Fatal Error Invalid Magic The magic database The magic database Make sure that the Database file '%1' is invalid or signature check failed, ftrmagic.def file is not corrupted. Intelligent either the file has been corrupted.
Page 372 Severity Trap Message When/Why Solution Security Disallowed The following file/page The content was blocked Check the reason reported Content Blocked has been blocked: according to current in the alert. Consider Request: %1 content blocking settings. changing the content Source: %2 blocking settings if the Destination: %3 page/file in question should...
Page 373 Exception exception occurred in occurred. out which unit (and URL if available) caused an exception. Consider restarting the product. Contact F-Secure Technical Support and report the problem Info Debug Message During product operation. The alert is normally used in debug or special product...
Page 374: F-Secure Anti-Virus For Internet Mail
F-Secure Anti-Virus for Internet Mail Severity Trap Message When/Why Solution Error Unsuccessful An error occurred while During product operation. Make sure the file in File Read trying to read the file Product cannot read from question exists and the file.
Page 375 Module %1 (%2) could The Quarantine Manager Check that the fqmavim.dll Failed not be loaded. %3 cannot load or initialize the module exists in F-Secure plug-in for F-Secure Anti-Virus for Internet Mail Anti-Virus for Internet Mail. installation directory (by default,...
Page 376 Message When/Why Solution Info Statistics Reset Statistics were reset. Product statistics have No actions are required. been reset from F-Secure Policy Manager Console or the Web Console. Error Read Settings Could not read the Settings have been Check that F-Secure...
Page 377 Error Codes Severity Trap Message When/Why Solution Error Configuration The configuration The product cannot Check that F-Secure Handler Handler is unreachable. contact F-Secure Management Agent is up Unreachable The software cannot Configuration Handler, a and running. Restarting the receive the updated...
Page 378 '%1' was emptied. mail log file. Info Connection The connection with the During product startup or No actions are required. Established %1 F-Secure Content operation. Scanner Server on %2 was successfully established. Info Connection The connection with the During product shutdown.
Page 379 Trap Message When/Why Solution Error Server Cannot connect to the F-Secure Anti-Virus for Make sure that F-Secure Unreachable %1 F-Secure Content Internet Mail cannot Content Scanner Server is Scanner Server on %2 connect to F-Secure up and running. Check the due to %3.
Page 380 Rejected a connection Someone tried to connect Check the IP address Host from an unauthorized to F-Secure Anti-Virus for reported in the alert, and host %1. Internet Mail from an verify if the host in question unauthorized host and the is allowed to connect to connection was rejected.
Page 381 Server is the same as Internet Mail sends e-mail or outbound mail server the address and port is the same where it that F-Secure Anti-Virus for that the Agent is receives e-mail. Internet Mail delivers listening on. This processed e-mail.
Page 382 Message size: %6 bytes Reason: %7 Action: %8 Quarantined: %9 Error Cannot Receive There was an error F-Secure Anti-Virus for Check if there is free disk Mail while trying to receive Internet Mail failed to space. mail from %1. receive e-mail.
Page 383 When/Why Solution Error Cannot Send There was an error F-Secure Anti-Virus for Make sure that F-Secure Mail while trying to send Internet Mail failed to send Anti-Virus for Internet Mail mail to the MTA at '%1'. e-mail. It will continue...
Page 384 Message When/Why Solution Error Scan Result Not Receiving scan result F-Secure Anti-Virus for Make sure that F-Secure Received from the %1 F-Secure Internet Mail could not Content Scanner Server is Content Scanner receive the scan result up and running. Check the...
Page 385 Examine the message in Failed a mail message. The most likely malformed and the spool. Contact message was spooled cannot be processed F-Secure Technical Support as %1. properly. and provide the sample for investigations. Error Assembling Could not assemble a...
Page 386 Severity Trap Message When/Why Solution Security Virus Alert: Malicious code found in When a file is found See below. Infected the message: infected on scanning. Sender: %1 Recipient: %2 Subject: %3 Message ID: %4 File name: %5 File size: %6 bytes Scan result: %7 Action: Dropped Security...
Page 387 Action: %9 Quarantined: %10 Security Unable to Scan Attachment cannot be Internal scan attempt limit Make sure that F-Secure scanned: has been reached and no Content Scanner is running Sender: %1 more attempts to scan this and has all scan engines Recipient: %2 attachment will be done.
Page 388 Your evaluation license The evaluation license has Contact the nearest License Expired has expired. Inbound expired. F-Secure partner for and outbound mail purchasing the product or traffic are no longer renew your license online. scanned for viruses If you wish to stop using the...
Page 389 Recipient: %3 Subject: %4 Spool ID: %5 Error Logging Failed The log file '%1' cannot F-Secure Anti-Virus for Make sure that the volume be opened. Stopped Internet Mail failed to write holding the mail log logging. If you want to to the mail log file.
Page 390 Exception exception occurred in caught. out which mail caused an exception. Restarting the product or rebooting the system might solve the problem. Contact F-Secure Technical Support if the product reports this alert frequently. Error Internal Error An internal error An internal error occurred. If you get this error occurred.
Page 391: F-Secure Content Scanner Server
APPENDIX H Error Codes F-Secure Content Scanner Server Severity Trap Message When/Why Solution Error Directory Access The directory %1 could Log, spool, quarantine or Make sure that the product Denied not be accessed. installation directory has sufficient rights to cannot be accessed access the directory in question.
Page 392 Loading Module Loading %1 (%2) During startup or restart. Check the reason and act Failed unsuccessful. %3 accordingly. Restart may help. If the problem persists, contact F-Secure Technical Support. Error Stopping Module Stopping %1 was During shutdown. No actions required. Failed unsuccessful.
Page 393 Alert not used in this F-Secure cannot be started due version. version. Anti-Virus to error: %1. Fatal Error Broken Interface Interface with F-Secure Alert not used in this Alert not used in this with F-Secure Anti-Virus and cannot version. version. Anti-Virus. be established. Will attempt to connect again later.
Page 394 Make sure that you have File database file ‘%1’ is when a file listed in the the database update from missing. index is not included in the F-Secure. Try to update package. databases manually with Latest.zip or FSUpdate.exe. Error Invalid Database...
Page 395 If the problem '%1' was unsuccessful. persists, update the databases manually with Latest.zip or FSUpdate.exe. Make sure the database update package is from F-Secure. Info Database Update The virus database The database update No actions required. Started update process has process has started.
Page 396 Severity Trap Message When/Why Solution Info Database Update The virus database The database update If the "Database Files Finished update process has process has finished. Updated" alert follows this finished. error code, it indicates that the database update operation was completed successfully.
Page 397 Make sure that verification. the product downloads the original databases published by F-Secure. If the problem persists, contact F-Secure technical support. Warning Database Extra files were...
Page 398 F-Secure. removed from the Make sure that only package: %1. authorized personnel have access rights to F-Secure Policy Manager, product installation and database update files/directories. Error Database Bad or missing The manifest file is invalid See above.
Page 399 F-Secure. File Certificate respective public key is Make sure that only present in the certificate authorized personnel have file included in the update access rights to F-Secure package. Policy Manager, product installation and database update files/directories. Fatal error Database...
Page 400 I/O error. The alert contains the code of the file I/O error occurred. Error Unable to run Cannot run the During startup or restart. Make sure that F-Secure Message Pump message pump. Error: Management Agent is up and running.
Page 401 Configuration Handler, a Technical Support. component of F-Secure Management Agent. Error Network Request Network Request When the Database Make sure the F-Secure Broker Broker (NRB) cannot Update Handler fails to Network Request Broker Unreachable be reached to send a register/unregister with the service is up and running.
Page 402 Make sure there is enough Directory be created due to error: create a directory but disk space, and that cannot complete the F-Secure Content Scanner operation. The alert Server has sufficient rights contains the reason for the to create the folder in failure.
Page 403 Severity Trap Message When/Why Solution Error Undefined Error Undefined error During product operation. Occurs rarely. Contact occurred. F-Secure Technical Support. Info Debug During product operation. Normally used in debug or special product binaries. 1001 Info Started Listening: %1 has started During startup when the No actions required.
Page 404 Unsupported Request of an The content provider Verify the software version Request Version unsupported version receives an unsupported interacting with F-Secure (version code=%1) was version request. Content Scanner Server, received. The request and the protocol version it was rejected. is supposed to communicate over.
Page 405 APPENDIX H Error Codes Severity Trap Message When/Why Solution 1206 Error Unable to Send Sending response to If the content provider Check that the remote Response the agent was cannot send the validation agent is up and running. unsuccessful. Error: response to the agent.
Page 406 Restart the product or Interface Error interaction with the to send the interaction reboot the system. Also, processor. %1. request to the content make sure that F-Secure processor. Management Agent is functioning correctly. 2001 Security Virus Alert Malicious code found When a malicious code Examine the virus alert.
Page 407 When the product fails to Get the problematic file an error while scanning scan the file in question. from the quarantine and the file. send it to F-Secure for Agent: %7 investigation. Transaction: %1 Protocol: %2 Source: %3 Destination: %4...
Page 408 Get the file from not be performed. the quarantine directory Agent: %7 and send it to F-Secure for Transaction: %1 investigation. Protocol: %2 Source: %3 Destination: %4 File name: %5...
Page 409: Technical Support
Technical Support Introduction................410 F-Secure Online Support Resources........410 Web Club.................. 412 Virus Descriptions on the Web ..........412...
Page 410: Introduction
If you have questions about F-Secure Internet Gatekeeper not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly. For technical assistance, please contact your local F-Secure Business Partner.
Page 411 You can also find and run the FSDiag.exe utility under the F-Secure\Common folder, if you prefer not to do it through the F-Secure Internet Gatekeeper Web Console. The tool generates a file called FSDiag.tar.gz.
Page 412: Web Club
Web Club The F-Secure Web Club provides assistance and updated versions of F-Secure products. To connect to the Web Club on our Web site, open the Web Club page of any F-Secure Internet Gatekeeper component, and click Web Club on the Web Club tab of the General property page.
Page 413: About F-Secure Corporation
They include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999, and has been consistently growing faster than all its publicly listed competitors.

This manual is also suitable for:

Internet gatekeeper

F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 Administrator's Manual

About this Guide

Chapter 1 Introduction

Chapter 2 Deployment

Chapter 3 Installation

Chapter 4 Basics of Using F-Secure Internet Gatekeeper

Chapter 5 Administering F-Secure Anti-Virus for Internet Gateways

Chapter 6 Administering F-Secure Anti-Virus for Internet Mail

Chapter 7 Administering F-Secure Content Scanner Server

Chapter 8 Administering F-Secure Spam Control

Chapter 9 Administering F-Secure Management Agent

Chapter 10 Quarantine Management

Chapter 11 Security and Performance

Chapter 12 Updating Virus and Spam Definition Databases

Chapter 13 Troubleshooting

Appendix A Warning Messages

Appendix B Specifying Hosts

Appendix C Access Log Variables

Appendix D Mail Log Variables

Appendix E Configuring Mail Servers

Appendix F Advanced Deployment Options

Appendix G Services and Processes

Appendix H Error Codes

Technical Support

About F-Secure Corporation

Quick Links

Need help?

Questions and answers

Related Manuals for F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61

Summary of Contents for F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61