F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61

F-Secure Internet

Gatekeeper

Windows 2000/2003 Server

Administrator’s Guide

"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure

product names and symbols/logos are either trademarks or registered trademarks of F-Secure

Corporation. All product names referenced herein are trademarks or registered trademarks of their

respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of

others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,

F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure

Corporation reserves the right to modify specifications cited in this document without prior notice.

Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of

this document may be reproduced or transmitted in any form or by any means, electronic or

mechanical, for any purpose, without the express written permission of F-Secure Corporation.

Kaspersky Lab.

This product includes software developed by the Apache Software Foundation (http://

This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution

All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the

“Artistic License”.

This product may be covered by one or more F-Secure patents, including the following: B2353372,

GB2366691, GB2366692, GB2366693, GB2367933, GB2368233. #12000041-6E30

3

Contents

About This Guide 10

How This Guide is Organized ............................................................................................ 11

Conventions Used in F-Secure Guides.............................................................................. 13

Symbols .................................................................................................................... 13

Chapter 1 Introduction 15

1.1 Overview....................................................................................................................16

1.2 How the Product Works .............................................................................................17

1.2.1 F-Secure Anti-Virus for Internet Gateways.....................................................17

1.2.2 F-Secure Anti-Virus for Internet Mail..............................................................19

1.2.3 F-Secure Content Scanner Server.................................................................21

1.3 Features.....................................................................................................................21

1.4 F-Secure Anti-Virus Mail Server and Gateway Products ...........................................24

Chapter 2 Deployment 26

2.1 Overview....................................................................................................................27

2.2 Network Requirements...............................................................................................28

2.3 Deployment Scenarios...............................................................................................29

2.3.1 F-Secure Anti-Virus for Internet Gateways.....................................................29

2.3.2 F-Secure Anti-Virus for Internet Mail..............................................................34

Chapter 3 Installation 42

3.1 Recommended System Requirements ......................................................................43

3.1.1 Which SQL Server to Use for the Quarantine Database?..............................45

4

3.1.2 Web Browser Software Requirements ...........................................................46

3.2 Centrally Administered or Stand-alone Installation? ..................................................47

3.2.1 Installation Overview for Centrally Administered Installation..........................47

3.2.2 Installation Overview for Stand-alone Installation...........................................49

3.3 Installation Instructions...............................................................................................50

3.4 After the Installation ...................................................................................................69

3.4.1 Importing Product MIB files to F-Secure Policy Manager Console.................69

3.4.2 Configuring the Product..................................................................................70

3.5 Upgrading F-Secure Internet Gatekeeper..................................................................72

3.5.1 Upgrade Instructions ......................................................................................72

3.5.2 From the Try-Before-You-Buy Version...........................................................76

3.6 Uninstallation..............................................................................................................77

Chapter 4 Basics of Using F-Secure Internet Gatekeeper 78

4.1 Introduction ................................................................................................................79

4.2 Using F-Secure Policy Manager ................................................................................79

4.2.1 F-Secure Anti-Virus for Internet Gateways Settings.......................................80

4.2.2 F-Secure Anti-Virus for Internet Mail Settings................................................80

4.2.3 F-Secure Content Scanner Server Settings...................................................80

4.2.4 F-Secure Management Agent Settings ..........................................................81

4.2.5 Changing Settings That Have Been Modified During Installation or Upgrade81

4.3 Using F-Secure Internet Gatekeeper Web Console...................................................82

4.3.1 Logging in the F-Secure Internet Gatekeeper Web Console for the First Time .

82

4.3.2 Checking the Product Status..........................................................................86

Chapter 5 Administering F-Secure Anti-Virus for Internet Gateways 92

5.1 Overview - HTTP Scanning........................................................................................93

5.2 Configuring F-Secure Anti-Virus for Internet Gateways.............................................94

5.2.1 Network Configuration....................................................................................94

5.3 Configuring Web Traffic Scanning ...........................................................................107

5.3.1 Content Control ............................................................................................107

5.3.2 Notifications..................................................................................................115

5.3.3 Performance.................................................................................................119

5.3.4 Administration...............................................................................................122

5

5.3.5 Access Control .............................................................................................123

5.4 Monitoring Logs........................................................................................................127

5.4.1 Error Log.......................................................................................................128

5.4.2 Access Log...................................................................................................129

5.4.3 Logfile.log.....................................................................................................129

5.5 Viewing Statistics .....................................................................................................130

5.5.1 Viewing HTTP Scanning Statistics with F-Secure Internet Gatekeeper Web

Console130

5.5.2 Viewing Statistics with F-Secure Policy Manager Console ..........................135

5.6 Examples of HTTP Notifications ..............................................................................136

5.6.1 Virus Warning Message ...............................................................................137

5.6.2 Block Warning Message...............................................................................138

5.6.3 Banned Site Warning Message....................................................................139

Chapter 6 Administering F-Secure Anti-Virus for Internet Mail 140

6.1 Overview - SMTP Scanning.....................................................................................141

6.2 Configuring F-Secure Anti-Virus for Internet Mail ....................................................142

6.2.1 SMTP Settings..............................................................................................143

6.2.2 SMTP Connections.......................................................................................146

6.2.3 Content Scanner Servers.............................................................................149

6.2.4 Quarantine....................................................................................................151

6.2.5 Spooling........................................................................................................158

6.2.6 Logging.........................................................................................................162

6.2.7 Intranet Hosts...............................................................................................164

6.3 Configuring SMTP Traffic Scanning.........................................................................166

6.3.1 Inbound and Outbound Traffic......................................................................166

6.3.2 Receiving .....................................................................................................166

6.3.3 Spam Control................................................................................................172

6.3.4 Blocking........................................................................................................172

6.3.5 Virus Scanning .............................................................................................177

6.3.6 Virus Outbreak Response ............................................................................182

6.3.7 File Type Recognition...................................................................................183

6.3.8 Disclaimer.....................................................................................................185

6.3.9 Mail Delivery.................................................................................................187

6.3.10 Security Options...........................................................................................191

6.4 Monitoring Logs........................................................................................................195

6

6.5 Viewing Statistics .....................................................................................................199

6.5.1 Viewing Statistics with F-Secure Internet Gatekeeper Web Console...........199

6.5.2 Viewing Statistics with F-Secure Policy Manager.........................................206

6.6 Notifications..............................................................................................................208

Chapter 7 Administering F-Secure Content Scanner Server 209

7.1 Overview..................................................................................................................210

7.2 Configuring F-Secure Content Scanner Server .......................................................211

7.2.1 Service Connections.....................................................................................211

7.3 Configuring Scanning Settings.................................................................................216

7.3.1 Virus Scanning .............................................................................................216

7.3.2 Spam Filtering ..............................................................................................220

7.3.3 Threat Detection...........................................................................................222

7.3.4 Advanced......................................................................................................224

7.4 Configuring and Viewing Statistics...........................................................................226

7.4.1 Configuring Virus Statistics...........................................................................226

7.4.2 Viewing Virus and Spam Statistics with F-Secure Internet Gatekeeper Web

Console227

7.4.3 Viewing Virus and Spam Statistics with F-Secure Policy Manager Console235

7.5 Monitoring Logs........................................................................................................239

7.5.1 Logfile.log.....................................................................................................239

Chapter 8 Administering F-Secure Spam Control 240

8.1 Introduction ..............................................................................................................241

8.2 Spam Control Settings .............................................................................................242

8.3 Realtime Blackhole List Configuration .....................................................................248

8.3.1 Enabling Realtime Blackhole Lists ...............................................................248

8.3.2 Optimizing F-Secure Spam Control Performance........................................250

Chapter 9 Administering F-Secure Management Agent 251

9.1 F-Secure Management Agent Settings....................................................................252

9.2 Configuring Alert Forwarding ...................................................................................254

Chapter 10 Quarantine Management 258

10.1 Introduction ..............................................................................................................259

7

10.2 Configuring Quarantine Options...............................................................................260

10.3 Searching the Quarantined Content.........................................................................260

10.4 Query Results Page.................................................................................................265

10.5 Viewing Details of a Quarantined Message .............................................................267

10.6 Reprocessing the Quarantined Content...................................................................268

10.7 Releasing the Quarantined Content.........................................................................269

10.8 Removing the Quarantined Content.........................................................................271

10.9 Deleting Old Quarantined Content Automatically.....................................................271

10.10Quarantine Database Settings.................................................................................273

10.11Quarantine Logging..................................................................................................273

10.12Quarantine Statistics................................................................................................273

Chapter 11 Security and Performance 275

11.1 Introduction ..............................................................................................................276

11.2 Optimizing Security..................................................................................................276

11.2.1 Virus Scanning .............................................................................................276

11.2.2 Access Control .............................................................................................277

11.2.3 Data Trickling................................................................................................277

11.3 Optimizing Performance...........................................................................................277

11.3.1 Virus Scanning .............................................................................................277

Chapter 12 Updating Virus and Spam Definition Databases 280

12.1 Overview..................................................................................................................281

12.2 Automatic Updates...................................................................................................281

12.3 Configuring Automatic Updates ...............................................................................282

12.3.1 Summary......................................................................................................283

12.3.2 Automatic Updates.......................................................................................286

12.3.3 Policy Manager Proxies................................................................................289

Chapter 13 Troubleshooting 291

13.1 Testing the Connections ..........................................................................................292

13.1.1 Checking that F-Secure Anti-Virus for Internet Gateways is Up and Running...

292

13.1.2 Checking that F-Secure Anti-Virus for Internet Mail is Up and Running.......292

8

13.1.3 Checking that F-Secure Content Scanner Server is Up and Running..........293

13.1.4 Checking that the Network Connection to the Original Mail Server is Working..

293

13.2 Starting and Stopping F-Secure Internet Gatekeeper Components ........................294

13.3 Frequently Asked Questions....................................................................................295

AppendixA Warning Messages 296

A.1 HTTP Warning Messages....................................................................................... 297

A.2 SMTP Warning Messages .......................................................................................298

A.3 Virus Outbreak Notification Messages.....................................................................299

AppendixB Specifying Hosts 300

B.1 Introduction ............................................................................................................. 301

B.2 Domain.....................................................................................................................301

B.3 Subnet......................................................................................................................301

B.4 IP Address................................................................................................................302

B.5 Hostname.................................................................................................................302

AppendixC Access Log Variables 304

C.1 List of Access Log Variables................................................................................... 305

AppendixD Mail Log Variables 309

D.1 List of Mail Log Variables........................................................................................ 310

AppendixE Configuring Mail Servers 312

E.1 Configuring the Network.......................................................................................... 313

E.2 Configuring Mail Servers..........................................................................................314

E.2.1 Lotus Domino ...............................................................................................314

E.2.2 Microsoft Exchange 5.5................................................................................315

E.2.3 Microsoft Exchange 2000.............................................................................315

AppendixF Advanced Deployment Options 319

F.1 Introduction ............................................................................................................. 320

F.2 Transparent Proxy....................................................................................................320

9

F.2.1 Examples......................................................................................................322

F.2.2 Transparent Proxy with Linux and Unix Based Systems..............................327

F.2.3 Transparent Proxy with Cisco, Nortel and Lucent ........................................329

F.3 HTTP Load Balancing..............................................................................................329

F.3.1 Round-Robin DNS Based Load Balancing...................................................330

F.3.2 Load Balancing with Proxy Auto-Configuration (PAC) or Web Proxy Auto-Dis-

covery Protocol (WPAD)...............................................................................331

F.3.3 Load Balancing with Proxy or Firewall..........................................................333

F.3.4 Hardware and Software Load-balancing Solutions ......................................335

F.3.5 Load Balancing and High Availability with Clustering...................................337

F.4 Load Balancing With Windows Network Load Balancing Service............................339

F.4.1 Requirements...............................................................................................339

F.4.2 Setting Up Network Load Balancing Services..............................................340

F.5 Deployment Scenarios for Environments with Multiple Sub-domains......................349

F.5.1 Scenario 1: F-Secure Anti-Virus for Internet Mail as an Upstream Mail Transfer

Agent............................................................................................................349

F.5.2 Scenario 2: F-Secure Anti-Virus for Internet Mail as Interim Mail Transfer Agent

352

F.5.3 Scenario 3: F-Secure Anti-Virus for Internet Mail for each Sub-domain.......356

AppendixG Services and Processes 360

G.1 List of Services and Processes............................................................................... 361

AppendixH Error Codes 365

H.1 Introduction ............................................................................................................. 366

H.2 F-Secure Anti-Virus for Internet Gateways ..............................................................366

H.3 F-Secure Anti-Virus for Internet Mail........................................................................374

H.4 F-Secure Content Scanner Server...........................................................................391

Technical Support 409

Introduction ...................................................................................................................... 410

F-Secure Online Support Resources ...............................................................................410

Web Club .........................................................................................................................412

Virus Descriptions on the Web .........................................................................................412

About F-Secure Corporation

10

ABOUT THIS GUIDE

How This Guide is Organized..................................................... 11

Conventions Used in F-Secure Guides..................................... 13

About This Guide 11

How This Guide is Organized

F-Secure Internet Gatekeeper Administrator's Guide is divided into the

following chapters and appendixes.

Chapter 1. Introduction. General information about F-Secure Internet

Gatekeeper and other F-Secure Anti-Virus for Mail Server and Gateway

products.

Chapter 2. Deployment. Describes possible deployment scenarios in

the corporate network.

Chapter 3. Installation. Instructions on how to install and upgrade

F-Secure Internet Gatekeeper.

Chapter 4. Basics of Using F-Secure Internet Gatekeeper. Instructions

on when to use F-Secure Policy Manager and F-Secure Internet

Gatekeeper Web Console in centrally managed F-Secure Internet

Gatekeeper installations.

Chapter 5. Administering F-Secure Anti-Virus for Internet Gateways.

Instructions on how to configure F-Secure Anti-Virus for Internet

Gateways general settings before you start using it. It also contains

instructions how to configure HTTP and FTP-over-HTTP scanning and to

use access control to allow and deny access to specified sites on the

Internet.

Chapter 6. Administering F-Secure Anti-Virus for Internet Mail.

Instructions on how to configure F-Secure Anti-Virus for Internet Mail

general settings before you start using it, and how to configure virus

scanning to detect and disinfect viruses and other malicious code from

e-mails.

Chapter 7. Administering F-Secure Content Scanner Server.

Instructions how to configure F-Secure Content Scanner Server before

you start using F-Secure Anti-Virus for Internet Gateways and F-Secure

Anti-Virus for Internet Mail.

Chapter 8. Administering F-Secure Spam Control. Information about

and instructions on how to configure F-Secure Spam Control.

12

Chapter 9. Administering F-Secure Management Agent. Instructions on

how to configure F-Secure Management Agent.

Chapter 10. Quarantine Management. Instructions on how to manage

and search quarantined content.

Chapter 11. Security and Performance. Instructions on how to optimize

security and performance.

Chapter 12. Updating Virus and Spam Definition Databases.

Instructions on how to keep virus definition databases up-to-date.

Chapter 13. Troubleshooting. Instructions on how to check that

F-Secure Internet Gatekeeper is running and answers to frequently asked

questions.

Appendix A. Warning Messages. Lists variables that can be included in

virus warning messages.

Appendix B. Specifying Hosts. Instructions on how to specify hosts in

F-Secure Anti-Virus for Internet Gateways.

Appendix C. Access Log Variables. Lists variables that can be used in

the access log.

Appendix D. Mail Log Variables. Lists variables that can be used in the

F-Secure Anti-Virus for Internet Mail mail log.

Appendix E. Configuring Mail Servers. Instructions on how to configure

mail servers to work with F-Secure Internet Gatekeeper.

Appendix F. Advanced Deployment Options. Information about different

methods that you can use when setting up a transparent proxy and HTTP

load balancing services.

Appendix G. Services and Processes. Lists services and processes that

are running on the system after the installation.

Appendix H. Error Codes. Describes error codes.

Technical Support. . Contains the contact information for assistance.

About F-Secure Corporation. Describes the company background and

products.

13

Conventions Used in F-Secure Guides

This section describes the symbols, fonts, and terminology used in this

manual.

Symbols

⇒ An arrow indicates a one-step procedure.

Fonts

Arial bold (blue) is used to refer to menu names and commands, to

buttons and other items in a dialog box.

Arial Italics (blue) is used to refer to other chapters in the manual, book

titles, and titles of other manuals.

Arial Italics (black) is used for file and folder names, for figure and table

captions, and for directory tree names.

Courier New is used for messages on your computer screen.

WARNING: The warning symbol indicates a situation with a

risk of irreversible destruction to data.

IMPORTANT: An exclamation mark provides important information

that you need to consider.

REFERENCE - A book refers you to related information on the

topic available in another document.

l

NOTE - A note provides additional information that you should

consider.

TIP - A tip provides information that can help you perform a task

more quickly or easily.

14

Courier New bold is used for information that you must type.

SMALL CAPS (BLACK) is used for a key or key combination on your

keyboard.

Arial underlined (blue)

is used for user interface links.

Arial italics is used for window and dialog box names.

PDF Document

This manual is provided in PDF (Portable Document Format). The PDF

document can be used for online viewing and printing using Adobe®

Acrobat® Reader. When printing the manual, please print the entire

manual, including the copyright and disclaimer statements.

For More Information

Visit F-Secure at http://www.f-secure.com for documentation, training

courses, downloads, and service and support contacts.

In our constant attempts to improve our documentation, we would

welcome your feedback. If you have any questions, comments, or

suggestions about this or any other F-Secure document, please contact

us at [email protected]

.

15

1

INTRODUCTION

Overview..................................................................................... 16

How the Product Works.............................................................. 17

Features..................................................................................... 21

F-Secure Anti-Virus Mail Server and Gateway Products............ 24

16

1.1 Overview

Malicious code, such as computer viruses, is one of the main threats for

companies today. When users began to use office applications with

macro capabilities to write documents and distribute them via mail and

groupware servers, macro viruses started spreading rapidly.

After the millennium, the most common spreading mechanism has been

the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide

a very fast and efficient way for viruses to spread without any user

intervention and this is why e-mail worm outbreaks, like Sobig, Netsky

and Mydoom, cause a lot of damage around the world.

The Internet is used by more and more people every day. It opens

another, so far dormant channel for viruses to spread, HTTP. Web surfing

is increasing rapidly as we are using the web to find information not only

for business but also for other purposes, such as hobbies, health, and so

on. It is very important to realize this early and to be proactive in

protecting our resources.

F-Secure Anti-Virus Mail Server and Gateway products are designed to

protect your company's mail and groupware servers and to shield the

company network from any malicious code that travels in HTTP,

FTP-over-HTTP or SMTP traffic. The protection can be implemented on

the gateway level to screen all incoming and outgoing e-mail (SMTP),

web surfing (HTTP) and file transfer (FTP-over-HTTP) traffic.

Furthermore, it can be implemented on the mail server level so that it not

only protects inbound and outbound traffic but also internal mail traffic and

public sources, such as Public Folders on Microsoft Exchange servers.

Providing the protection already on the gateway level has plenty of

advantages. The protection is easy and fast to set up and install, and it

complements the virus protection that is installed on the workstations. The

protection is also invisible to the end users which ensures that the system

cannot be by-passed and makes it easy to maintain. Of course, protecting

the gateway level alone is not enough to provide a complete anti-virus

solution; file server and workstation level protection is needed, too.

Why clean 1000 workstations when you can clean one attachment at the

gateway level?

CHAPTER 1 17

Introduction

1.2 How the Product Works

F-Secure Internet Gatekeeper is a suite of real-time services to protect

the corporate network against computer viruses and malicious code

coming in web (HTTP and FTP-over-HTTP) and e-mail (SMTP) traffic.

F-Secure Internet Gatekeeper is comprised of the following

components: F-Secure Anti-Virus for Internet Gateways, F-Secure

Anti-Virus for Internet Mail and F-Secure Content Scanner Server.

1.2.1 F-Secure Anti-Virus for Internet Gateways

F-Secure Anti-Virus for Internet Gateways is an HTTP proxy server which

acts as a gateway between the corporate network and the Internet. If a

client computer requests a file from a Web server, it asks the proxy server

to retrieve the file instead of downloading it directly from the Internet.

F-Secure Anti-Virus for Internet Gateways processes the request to make

sure that the content does not contain any malicious code and it should

not be blocked. F-Secure Anti-Virus for Internet Gateways returns only

allowed Web content and virus-free files to the requesting client. All files

and web pages downloaded via HTTP and FTP-over-HTTP are checked

for viruses and malicious code on the fly.

18

Figure 1-1 Web traffic flow after F-Secure Anti-Virus for Internet Gateways has

been installed

F-Secure Anti-Virus for Internet Gateways provides comprehensive virus

protection and content filtering. It can be configured to do any of the

following:

 Deny access to specified Web sites,

 Block files by content types, filenames and extensions,

 Block files that exceed a specified file size,

 Scan files by content types, filenames and extensions, and

 Automatically disinfect or drop the infected content.

If F-Secure Anti-Virus for Internet Gateways finds disallowed or malicious

content, it denies access to the file and shows a warning message to the

end-user. The warning message can be customized.

CHAPTER 1 19

Introduction

F-Secure Anti-Virus for Internet Gateways can be deployed transparently

to end-users. Since all HTTP and FTP-over-HTTP requests and

downloads pass through the proxy server, F-Secure Anti-Virus for Internet

Gateways provides effective access control and protection against

viruses and malicious content.

1.2.2 F-Secure Anti-Virus for Internet Mail

F-Secure Anti-Virus for Internet Mail operates as a mail gateway that

accepts incoming and outgoing e-mails, processes mail bodies and

attachments and delivers processed e-mail messages to the designated

SMTP server for further processing and delivery.

Content

Blocking

When F-Secure Anti-Virus for Internet Mail receives an e-mail message

from an Internet or internal network source, it extracts all dangerous

objects such as attached files and embedded OLE objects, and blocks

them immediately. For example, attachments can be stripped from e-mail

messages by their filenames or extensions, and messages that contain

malformed or suspicious headers can be blocked. After F-Secure

Anti-Virus for Internet Mail has checked e-mail messages for disallowed

content, it scans the mail message body and attachments for viruses and

other malicious code.

Virus and Spam

Outbreak Detection

Massive spam and virus outbreaks consist of millions of messages which

share at least one identifiable pattern that can be used to distinguish the

outbreak. Any message that contains one or more of these patterns can

be assumed to be a part of the same spam or virus outbreak.

F-Secure Anti-Virus for Internet Mail can identify these patterns from the

message envelope, headers and body, in any language, message format

and encoding type. It can detect spam messages and new viruses during

the first minutes of the outbreak.

Spam

Control

F-Secure Spam Control is a separate product component that uses

heuristic spam analysis to filter inbound mails for spam, which supports

DNS Blackhole List (DNSBL) functionality.

20

Figure 1-2 Mail traffic flow after F-Secure Anti-Virus for Internet Mail has been

installed

If F-Secure Anti-Virus for Internet Mail finds an infected attachment or

other malicious content, it can do any of the following:

 Block the whole e-mail message,

 Strip the infected attachment,

 Send a customizable virus warning message to the sender,

recipient or both, or

 Place the infected attachment to the quarantine for further

processing.

Page is loading ...

F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 - Administrator's Manual

This manual is also suitable for

F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 - Administrator's Manual

Related papers

Other documents