2. Computers & electronics
  3. Software
  4. Antivirus security software
  5. F-SECURE
  6. INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 -

F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 -, Internet Gatekeeper Administrator's Manual

  • Hello! I am an AI chatbot trained to assist you with the F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61 - Administrator's Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
F-Secure Internet
Gatekeeper
Windows 2000/2003 Server
Administrators Guide
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure
product names and symbols/logos are either trademarks or registered trademarks of F-Secure
Corporation. All product names referenced herein are trademarks or registered trademarks of their
respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of
others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,
F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure
Corporation reserves the right to modify specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of
this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of F-Secure Corporation.
Copyright © 1993-2006 F-Secure Corporation. All rights reserved. Portions Copyright © 1991-2005
Kaspersky Lab.
This product includes software developed by the Apache Software Foundation (http://
www.apache.org/). Copyright © 2000-2005 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2005 The PHP
Group. All rights reserved.
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution
are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file.
All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the
“Artistic License”.
This product may be covered by one or more F-Secure patents, including the following: B2353372,
GB2366691, GB2366692, GB2366693, GB2367933, GB2368233. #12000041-6E30
3
Contents
About This Guide 10
How This Guide is Organized ............................................................................................ 11
Conventions Used in F-Secure Guides.............................................................................. 13
Symbols .................................................................................................................... 13
Chapter 1 Introduction 15
1.1 Overview....................................................................................................................16
1.2 How the Product Works .............................................................................................17
1.2.1 F-Secure Anti-Virus for Internet Gateways.....................................................17
1.2.2 F-Secure Anti-Virus for Internet Mail..............................................................19
1.2.3 F-Secure Content Scanner Server.................................................................21
1.3 Features.....................................................................................................................21
1.4 F-Secure Anti-Virus Mail Server and Gateway Products ...........................................24
Chapter 2 Deployment 26
2.1 Overview....................................................................................................................27
2.2 Network Requirements...............................................................................................28
2.3 Deployment Scenarios...............................................................................................29
2.3.1 F-Secure Anti-Virus for Internet Gateways.....................................................29
2.3.2 F-Secure Anti-Virus for Internet Mail..............................................................34
Chapter 3 Installation 42
3.1 Recommended System Requirements ......................................................................43
3.1.1 Which SQL Server to Use for the Quarantine Database?..............................45
4
3.1.2 Web Browser Software Requirements ...........................................................46
3.2 Centrally Administered or Stand-alone Installation? ..................................................47
3.2.1 Installation Overview for Centrally Administered Installation..........................47
3.2.2 Installation Overview for Stand-alone Installation...........................................49
3.3 Installation Instructions...............................................................................................50
3.4 After the Installation ...................................................................................................69
3.4.1 Importing Product MIB files to F-Secure Policy Manager Console.................69
3.4.2 Configuring the Product..................................................................................70
3.5 Upgrading F-Secure Internet Gatekeeper..................................................................72
3.5.1 Upgrade Instructions ......................................................................................72
3.5.2 From the Try-Before-You-Buy Version...........................................................76
3.6 Uninstallation..............................................................................................................77
Chapter 4 Basics of Using F-Secure Internet Gatekeeper 78
4.1 Introduction ................................................................................................................79
4.2 Using F-Secure Policy Manager ................................................................................79
4.2.1 F-Secure Anti-Virus for Internet Gateways Settings.......................................80
4.2.2 F-Secure Anti-Virus for Internet Mail Settings................................................80
4.2.3 F-Secure Content Scanner Server Settings...................................................80
4.2.4 F-Secure Management Agent Settings ..........................................................81
4.2.5 Changing Settings That Have Been Modified During Installation or Upgrade81
4.3 Using F-Secure Internet Gatekeeper Web Console...................................................82
4.3.1 Logging in the F-Secure Internet Gatekeeper Web Console for the First Time .
82
4.3.2 Checking the Product Status..........................................................................86
Chapter 5 Administering F-Secure Anti-Virus for Internet Gateways 92
5.1 Overview - HTTP Scanning........................................................................................93
5.2 Configuring F-Secure Anti-Virus for Internet Gateways.............................................94
5.2.1 Network Configuration....................................................................................94
5.3 Configuring Web Traffic Scanning ...........................................................................107
5.3.1 Content Control ............................................................................................107
5.3.2 Notifications..................................................................................................115
5.3.3 Performance.................................................................................................119
5.3.4 Administration...............................................................................................122
5
5.3.5 Access Control .............................................................................................123
5.4 Monitoring Logs........................................................................................................127
5.4.1 Error Log.......................................................................................................128
5.4.2 Access Log...................................................................................................129
5.4.3 Logfile.log.....................................................................................................129
5.5 Viewing Statistics .....................................................................................................130
5.5.1 Viewing HTTP Scanning Statistics with F-Secure Internet Gatekeeper Web
Console130
5.5.2 Viewing Statistics with F-Secure Policy Manager Console ..........................135
5.6 Examples of HTTP Notifications ..............................................................................136
5.6.1 Virus Warning Message ...............................................................................137
5.6.2 Block Warning Message...............................................................................138
5.6.3 Banned Site Warning Message....................................................................139
Chapter 6 Administering F-Secure Anti-Virus for Internet Mail 140
6.1 Overview - SMTP Scanning.....................................................................................141
6.2 Configuring F-Secure Anti-Virus for Internet Mail ....................................................142
6.2.1 SMTP Settings..............................................................................................143
6.2.2 SMTP Connections.......................................................................................146
6.2.3 Content Scanner Servers.............................................................................149
6.2.4 Quarantine....................................................................................................151
6.2.5 Spooling........................................................................................................158
6.2.6 Logging.........................................................................................................162
6.2.7 Intranet Hosts...............................................................................................164
6.3 Configuring SMTP Traffic Scanning.........................................................................166
6.3.1 Inbound and Outbound Traffic......................................................................166
6.3.2 Receiving .....................................................................................................166
6.3.3 Spam Control................................................................................................172
6.3.4 Blocking........................................................................................................172
6.3.5 Virus Scanning .............................................................................................177
6.3.6 Virus Outbreak Response ............................................................................182
6.3.7 File Type Recognition...................................................................................183
6.3.8 Disclaimer.....................................................................................................185
6.3.9 Mail Delivery.................................................................................................187
6.3.10 Security Options...........................................................................................191
6.4 Monitoring Logs........................................................................................................195
6
6.5 Viewing Statistics .....................................................................................................199
6.5.1 Viewing Statistics with F-Secure Internet Gatekeeper Web Console...........199
6.5.2 Viewing Statistics with F-Secure Policy Manager.........................................206
6.6 Notifications..............................................................................................................208
Chapter 7 Administering F-Secure Content Scanner Server 209
7.1 Overview..................................................................................................................210
7.2 Configuring F-Secure Content Scanner Server .......................................................211
7.2.1 Service Connections.....................................................................................211
7.3 Configuring Scanning Settings.................................................................................216
7.3.1 Virus Scanning .............................................................................................216
7.3.2 Spam Filtering ..............................................................................................220
7.3.3 Threat Detection...........................................................................................222
7.3.4 Advanced......................................................................................................224
7.4 Configuring and Viewing Statistics...........................................................................226
7.4.1 Configuring Virus Statistics...........................................................................226
7.4.2 Viewing Virus and Spam Statistics with F-Secure Internet Gatekeeper Web
Console227
7.4.3 Viewing Virus and Spam Statistics with F-Secure Policy Manager Console235
7.5 Monitoring Logs........................................................................................................239
7.5.1 Logfile.log.....................................................................................................239
Chapter 8 Administering F-Secure Spam Control 240
8.1 Introduction ..............................................................................................................241
8.2 Spam Control Settings .............................................................................................242
8.3 Realtime Blackhole List Configuration .....................................................................248
8.3.1 Enabling Realtime Blackhole Lists ...............................................................248
8.3.2 Optimizing F-Secure Spam Control Performance........................................250
Chapter 9 Administering F-Secure Management Agent 251
9.1 F-Secure Management Agent Settings....................................................................252
9.2 Configuring Alert Forwarding ...................................................................................254
Chapter 10 Quarantine Management 258
10.1 Introduction ..............................................................................................................259
7
10.2 Configuring Quarantine Options...............................................................................260
10.3 Searching the Quarantined Content.........................................................................260
10.4 Query Results Page.................................................................................................265
10.5 Viewing Details of a Quarantined Message .............................................................267
10.6 Reprocessing the Quarantined Content...................................................................268
10.7 Releasing the Quarantined Content.........................................................................269
10.8 Removing the Quarantined Content.........................................................................271
10.9 Deleting Old Quarantined Content Automatically.....................................................271
10.10Quarantine Database Settings.................................................................................273
10.11Quarantine Logging..................................................................................................273
10.12Quarantine Statistics................................................................................................273
Chapter 11 Security and Performance 275
11.1 Introduction ..............................................................................................................276
11.2 Optimizing Security..................................................................................................276
11.2.1 Virus Scanning .............................................................................................276
11.2.2 Access Control .............................................................................................277
11.2.3 Data Trickling................................................................................................277
11.3 Optimizing Performance...........................................................................................277
11.3.1 Virus Scanning .............................................................................................277
Chapter 12 Updating Virus and Spam Definition Databases 280
12.1 Overview..................................................................................................................281
12.2 Automatic Updates...................................................................................................281
12.3 Configuring Automatic Updates ...............................................................................282
12.3.1 Summary......................................................................................................283
12.3.2 Automatic Updates.......................................................................................286
12.3.3 Policy Manager Proxies................................................................................289
Chapter 13 Troubleshooting 291
13.1 Testing the Connections ..........................................................................................292
13.1.1 Checking that F-Secure Anti-Virus for Internet Gateways is Up and Running...
292
13.1.2 Checking that F-Secure Anti-Virus for Internet Mail is Up and Running.......292
8
13.1.3 Checking that F-Secure Content Scanner Server is Up and Running..........293
13.1.4 Checking that the Network Connection to the Original Mail Server is Working..
293
13.2 Starting and Stopping F-Secure Internet Gatekeeper Components ........................294
13.3 Frequently Asked Questions....................................................................................295
AppendixA Warning Messages 296
A.1 HTTP Warning Messages....................................................................................... 297
A.2 SMTP Warning Messages .......................................................................................298
A.3 Virus Outbreak Notification Messages.....................................................................299
AppendixB Specifying Hosts 300
B.1 Introduction ............................................................................................................. 301
B.2 Domain.....................................................................................................................301
B.3 Subnet......................................................................................................................301
B.4 IP Address................................................................................................................302
B.5 Hostname.................................................................................................................302
AppendixC Access Log Variables 304
C.1 List of Access Log Variables................................................................................... 305
AppendixD Mail Log Variables 309
D.1 List of Mail Log Variables........................................................................................ 310
AppendixE Configuring Mail Servers 312
E.1 Configuring the Network.......................................................................................... 313
E.2 Configuring Mail Servers..........................................................................................314
E.2.1 Lotus Domino ...............................................................................................314
E.2.2 Microsoft Exchange 5.5................................................................................315
E.2.3 Microsoft Exchange 2000.............................................................................315
AppendixF Advanced Deployment Options 319
F.1 Introduction ............................................................................................................. 320
F.2 Transparent Proxy....................................................................................................320
9
F.2.1 Examples......................................................................................................322
F.2.2 Transparent Proxy with Linux and Unix Based Systems..............................327
F.2.3 Transparent Proxy with Cisco, Nortel and Lucent ........................................329
F.3 HTTP Load Balancing..............................................................................................329
F.3.1 Round-Robin DNS Based Load Balancing...................................................330
F.3.2 Load Balancing with Proxy Auto-Configuration (PAC) or Web Proxy Auto-Dis-
covery Protocol (WPAD)...............................................................................331
F.3.3 Load Balancing with Proxy or Firewall..........................................................333
F.3.4 Hardware and Software Load-balancing Solutions ......................................335
F.3.5 Load Balancing and High Availability with Clustering...................................337
F.4 Load Balancing With Windows Network Load Balancing Service............................339
F.4.1 Requirements...............................................................................................339
F.4.2 Setting Up Network Load Balancing Services..............................................340
F.5 Deployment Scenarios for Environments with Multiple Sub-domains......................349
F.5.1 Scenario 1: F-Secure Anti-Virus for Internet Mail as an Upstream Mail Transfer
Agent............................................................................................................349
F.5.2 Scenario 2: F-Secure Anti-Virus for Internet Mail as Interim Mail Transfer Agent
352
F.5.3 Scenario 3: F-Secure Anti-Virus for Internet Mail for each Sub-domain.......356
AppendixG Services and Processes 360
G.1 List of Services and Processes............................................................................... 361
AppendixH Error Codes 365
H.1 Introduction ............................................................................................................. 366
H.2 F-Secure Anti-Virus for Internet Gateways ..............................................................366
H.3 F-Secure Anti-Virus for Internet Mail........................................................................374
H.4 F-Secure Content Scanner Server...........................................................................391
Technical Support 409
Introduction ...................................................................................................................... 410
F-Secure Online Support Resources ...............................................................................410
Web Club .........................................................................................................................412
Virus Descriptions on the Web .........................................................................................412
About F-Secure Corporation
10
ABOUT THIS GUIDE
How This Guide is Organized..................................................... 11
Conventions Used in F-Secure Guides..................................... 13
About This Guide 11
How This Guide is Organized
F-Secure Internet Gatekeeper Administrator's Guide is divided into the
following chapters and appendixes.
Chapter 1. Introduction. General information about F-Secure Internet
Gatekeeper and other F-Secure Anti-Virus for Mail Server and Gateway
products.
Chapter 2. Deployment. Describes possible deployment scenarios in
the corporate network.
Chapter 3. Installation. Instructions on how to install and upgrade
F-Secure Internet Gatekeeper.
Chapter 4. Basics of Using F-Secure Internet Gatekeeper. Instructions
on when to use F-Secure Policy Manager and F-Secure Internet
Gatekeeper Web Console in centrally managed F-Secure Internet
Gatekeeper installations.
Chapter 5. Administering F-Secure Anti-Virus for Internet Gateways.
Instructions on how to configure F-Secure Anti-Virus for Internet
Gateways general settings before you start using it. It also contains
instructions how to configure HTTP and FTP-over-HTTP scanning and to
use access control to allow and deny access to specified sites on the
Internet.
Chapter 6. Administering F-Secure Anti-Virus for Internet Mail.
Instructions on how to configure F-Secure Anti-Virus for Internet Mail
general settings before you start using it, and how to configure virus
scanning to detect and disinfect viruses and other malicious code from
e-mails.
Chapter 7. Administering F-Secure Content Scanner Server.
Instructions how to configure F-Secure Content Scanner Server before
you start using F-Secure Anti-Virus for Internet Gateways and F-Secure
Anti-Virus for Internet Mail.
Chapter 8. Administering F-Secure Spam Control. Information about
and instructions on how to configure F-Secure Spam Control.
12
Chapter 9. Administering F-Secure Management Agent. Instructions on
how to configure F-Secure Management Agent.
Chapter 10. Quarantine Management. Instructions on how to manage
and search quarantined content.
Chapter 11. Security and Performance. Instructions on how to optimize
security and performance.
Chapter 12. Updating Virus and Spam Definition Databases.
Instructions on how to keep virus definition databases up-to-date.
Chapter 13. Troubleshooting. Instructions on how to check that
F-Secure Internet Gatekeeper is running and answers to frequently asked
questions.
Appendix A. Warning Messages. Lists variables that can be included in
virus warning messages.
Appendix B. Specifying Hosts. Instructions on how to specify hosts in
F-Secure Anti-Virus for Internet Gateways.
Appendix C. Access Log Variables. Lists variables that can be used in
the access log.
Appendix D. Mail Log Variables. Lists variables that can be used in the
F-Secure Anti-Virus for Internet Mail mail log.
Appendix E. Configuring Mail Servers. Instructions on how to configure
mail servers to work with F-Secure Internet Gatekeeper.
Appendix F. Advanced Deployment Options. Information about different
methods that you can use when setting up a transparent proxy and HTTP
load balancing services.
Appendix G. Services and Processes. Lists services and processes that
are running on the system after the installation.
Appendix H. Error Codes. Describes error codes.
Technical Support. . Contains the contact information for assistance.
About F-Secure Corporation. Describes the company background and
products.
13
Conventions Used in F-Secure Guides
This section describes the symbols, fonts, and terminology used in this
manual.
Symbols
An arrow indicates a one-step procedure.
Fonts
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals.
Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names.
Courier New is used for messages on your computer screen.
WARNING: The warning symbol indicates a situation with a
risk of irreversible destruction to data.
IMPORTANT: An exclamation mark provides important information
that you need to consider.
REFERENCE - A book refers you to related information on the
topic available in another document.
l
NOTE - A note provides additional information that you should
consider.
TIP - A tip provides information that can help you perform a task
more quickly or easily.
14
Courier New bold is used for information that you must type.
SMALL CAPS (BLACK) is used for a key or key combination on your
keyboard.
Arial underlined (blue)
is used for user interface links.
Arial italics is used for window and dialog box names.
PDF Document
This manual is provided in PDF (Portable Document Format). The PDF
document can be used for online viewing and printing using Adobe®
Acrobat® Reader. When printing the manual, please print the entire
manual, including the copyright and disclaimer statements.
For More Information
Visit F-Secure at http://www.f-secure.com for documentation, training
courses, downloads, and service and support contacts.
In our constant attempts to improve our documentation, we would
welcome your feedback. If you have any questions, comments, or
suggestions about this or any other F-Secure document, please contact
us at [email protected]
.
15
1
INTRODUCTION
Overview..................................................................................... 16
How the Product Works.............................................................. 17
Features..................................................................................... 21
F-Secure Anti-Virus Mail Server and Gateway Products............ 24
16
1.1 Overview
Malicious code, such as computer viruses, is one of the main threats for
companies today. When users began to use office applications with
macro capabilities to write documents and distribute them via mail and
groupware servers, macro viruses started spreading rapidly.
After the millennium, the most common spreading mechanism has been
the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide
a very fast and efficient way for viruses to spread without any user
intervention and this is why e-mail worm outbreaks, like Sobig, Netsky
and Mydoom, cause a lot of damage around the world.
The Internet is used by more and more people every day. It opens
another, so far dormant channel for viruses to spread, HTTP. Web surfing
is increasing rapidly as we are using the web to find information not only
for business but also for other purposes, such as hobbies, health, and so
on. It is very important to realize this early and to be proactive in
protecting our resources.
F-Secure Anti-Virus Mail Server and Gateway products are designed to
protect your company's mail and groupware servers and to shield the
company network from any malicious code that travels in HTTP,
FTP-over-HTTP or SMTP traffic. The protection can be implemented on
the gateway level to screen all incoming and outgoing e-mail (SMTP),
web surfing (HTTP) and file transfer (FTP-over-HTTP) traffic.
Furthermore, it can be implemented on the mail server level so that it not
only protects inbound and outbound traffic but also internal mail traffic and
public sources, such as Public Folders on Microsoft Exchange servers.
Providing the protection already on the gateway level has plenty of
advantages. The protection is easy and fast to set up and install, and it
complements the virus protection that is installed on the workstations. The
protection is also invisible to the end users which ensures that the system
cannot be by-passed and makes it easy to maintain. Of course, protecting
the gateway level alone is not enough to provide a complete anti-virus
solution; file server and workstation level protection is needed, too.
Why clean 1000 workstations when you can clean one attachment at the
gateway level?
CHAPTER 1 17
Introduction
1.2 How the Product Works
F-Secure Internet Gatekeeper is a suite of real-time services to protect
the corporate network against computer viruses and malicious code
coming in web (HTTP and FTP-over-HTTP) and e-mail (SMTP) traffic.
F-Secure Internet Gatekeeper is comprised of the following
components: F-Secure Anti-Virus for Internet Gateways, F-Secure
Anti-Virus for Internet Mail and F-Secure Content Scanner Server.
1.2.1 F-Secure Anti-Virus for Internet Gateways
F-Secure Anti-Virus for Internet Gateways is an HTTP proxy server which
acts as a gateway between the corporate network and the Internet. If a
client computer requests a file from a Web server, it asks the proxy server
to retrieve the file instead of downloading it directly from the Internet.
F-Secure Anti-Virus for Internet Gateways processes the request to make
sure that the content does not contain any malicious code and it should
not be blocked. F-Secure Anti-Virus for Internet Gateways returns only
allowed Web content and virus-free files to the requesting client. All files
and web pages downloaded via HTTP and FTP-over-HTTP are checked
for viruses and malicious code on the fly.
18
Figure 1-1 Web traffic flow after F-Secure Anti-Virus for Internet Gateways has
been installed
F-Secure Anti-Virus for Internet Gateways provides comprehensive virus
protection and content filtering. It can be configured to do any of the
following:
Deny access to specified Web sites,
Block files by content types, filenames and extensions,
Block files that exceed a specified file size,
Scan files by content types, filenames and extensions, and
Automatically disinfect or drop the infected content.
If F-Secure Anti-Virus for Internet Gateways finds disallowed or malicious
content, it denies access to the file and shows a warning message to the
end-user. The warning message can be customized.
CHAPTER 1 19
Introduction
F-Secure Anti-Virus for Internet Gateways can be deployed transparently
to end-users. Since all HTTP and FTP-over-HTTP requests and
downloads pass through the proxy server, F-Secure Anti-Virus for Internet
Gateways provides effective access control and protection against
viruses and malicious content.
1.2.2 F-Secure Anti-Virus for Internet Mail
F-Secure Anti-Virus for Internet Mail operates as a mail gateway that
accepts incoming and outgoing e-mails, processes mail bodies and
attachments and delivers processed e-mail messages to the designated
SMTP server for further processing and delivery.
Content
Blocking
When F-Secure Anti-Virus for Internet Mail receives an e-mail message
from an Internet or internal network source, it extracts all dangerous
objects such as attached files and embedded OLE objects, and blocks
them immediately. For example, attachments can be stripped from e-mail
messages by their filenames or extensions, and messages that contain
malformed or suspicious headers can be blocked. After F-Secure
Anti-Virus for Internet Mail has checked e-mail messages for disallowed
content, it scans the mail message body and attachments for viruses and
other malicious code.
Virus and Spam
Outbreak Detection
Massive spam and virus outbreaks consist of millions of messages which
share at least one identifiable pattern that can be used to distinguish the
outbreak. Any message that contains one or more of these patterns can
be assumed to be a part of the same spam or virus outbreak.
F-Secure Anti-Virus for Internet Mail can identify these patterns from the
message envelope, headers and body, in any language, message format
and encoding type. It can detect spam messages and new viruses during
the first minutes of the outbreak.
Spam
Control
F-Secure Spam Control is a separate product component that uses
heuristic spam analysis to filter inbound mails for spam, which supports
DNS Blackhole List (DNSBL) functionality.
20
Figure 1-2 Mail traffic flow after F-Secure Anti-Virus for Internet Mail has been
installed
If F-Secure Anti-Virus for Internet Mail finds an infected attachment or
other malicious content, it can do any of the following:
Block the whole e-mail message,
Strip the infected attachment,
Send a customizable virus warning message to the sender,
recipient or both, or
Place the infected attachment to the quarantine for further
processing.
/