How it Works
F-SECURE
Loading...
A
C
F
I
L
M
O
P
S
W
Loading...
Loading...
INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61
Administrator's Manual
414 pgs4.15 Mb0
Table of contents
Loading...

F-SECURE INTERNET GATEKEEPER WINDOWS 2000-2003 SERVER 6.61, Internet Gatekeeper Administrator's Manual

F-Secure Internet
Gatekeeper
Windows 2000/2003 Server
Administrator’s Guide
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation.
Copyright © 1993-2006 F-Secure Corporation. All rights reserved. Portions Copyright © 1991-2005 Kaspersky Lab.
This product includes software developed by the Apache Software Foundation (http:// www.apache.org/). Copyright © 2000-2005 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www .php.net/. Copyright © 1999-2005 The PHP Group. All rights reserved.
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file. All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the “Artistic License”.
This product may be covered by one or more F-Secure patents, including the following: B2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233. #12000041-6E30
Contents
About This Guide 10
How This Guide is Organized ............................................................................................ 11
Conventions Used in F-Secure Guides.............................................................................. 13
Symbols .................................................................................................................... 13
Chapter 1 Introduction 15
1.1 Overview....................................................................................................................16
1.2 How the Product Works .............................................................................................17
1.2.1 F-Secure Anti-Virus for Internet Gateways.....................................................17
1.2.2 F-Secure Anti-Virus for Internet Mail..............................................................19
1.2.3 F-Secure Content Scanner Server.................................................................21
1.3 Features.....................................................................................................................21
1.4 F-Secure Anti-Virus Mail Server and Gateway Products ...........................................24
Chapter 2 Deployment 26
2.1 Overview....................................................................................................................27
2.2 Network Requirements...............................................................................................28
2.3 Deployment Scenarios...............................................................................................29
2.3.1 F-Secure Anti-Virus for Internet Gateways.....................................................29
2.3.2 F-Secure Anti-Virus for Internet Mail..............................................................34
Chapter 3 Installation 42
3.1 Recommended System Requirements ................................................................ ... ...43
3.1.1 Which SQL Server to Use for the Quarantine Database?..............................45
3
3.1.2 Web Browser Software Requirements ...........................................................46
3.2 Centrally Administered or Stand-alone Installation? ............................................ ... ...47
3.2.1 Installation Overview for Centrally Administered Installation..........................47
3.2.2 Installation Overview for Stand-alone Installation...........................................49
3.3 Installation Instructions...............................................................................................50
3.4 After the Installation ...................................................................................................69
3.4.1 Importing Product MIB files to F-Secure Policy Manager Console.................69
3.4.2 Configuring the Product..................................................................................70
3.5 Upgrading F-Secure Internet Gatekeeper..................................................................72
3.5.1 Upgrade Instructions ......................................................................................72
3.5.2 From the Try-Before-You-Buy Version...........................................................76
3.6 Uninstallation..............................................................................................................77
Chapter 4 Basics of Using F-Secure Internet Gatekeeper 78
4.1 Introduction ................................................................................................................79
4.2 Using F-Secure Policy Manager ................................................................................79
4.2.1 F-Secure Anti-Virus for Internet Gateways Settings.......................................80
4.2.2 F-Secure Anti-Virus for Internet Mail Settings................................................80
4.2.3 F-Secure Content Scanner Server Settings ...................................................80
4.2.4 F-Secure Management Agent Settings ..........................................................81
4.2.5 Changing Settings That Have Been Modified During Installation or Upgrade81
4.3 Using F-Secure Internet Gatekeeper Web Console...................................................82
4.3.1 Logging in the F-Secure Internet Gatek ee pe r Web Conso l e for the Fir st Tim e . 82
4.3.2 Checking the Product Status... ... .... ... ... ... .... ... ................................................86
Chapter 5 Administering F-Secure Anti-Virus for Internet Gateways 92
5.1 Overview - HTTP Scanning........................................................................................93
5.2 Configuring F-Secure Anti-Virus for Internet Gateways.............................................94
5.2.1 Network Configuration....................................................................................94
5.3 Configuring Web Traffic Scanning ...........................................................................107
5.3.1 Content Control ....................... .....................................................................107
5.3.2 Notifications..................................................................................................115
5.3.3 Performance.................................................................................................119
5.3.4 Administration...............................................................................................122
4
5.3.5 Access Control .............................................................................................123
5.4 Monitoring Logs................... .....................................................................................127
5.4.1 Error Log.......................................................................................................128
5.4.2 Access Log...................................................................................................129
5.4.3 Logfile.log.....................................................................................................129
5.5 Viewing Statistics .....................................................................................................130
5.5.1 Viewing HTTP Scanning Statistics with F-Secure Internet Gatekeeper Web Console130
5.5.2 Viewing Statistics with F-Secure Policy Manager Console ............ ... ... .... ... .135
5.6 Examples of HTTP Notifications ..............................................................................136
5.6.1 Virus Warning Message .............................. ... ..............................................137
5.6.2 Block Warning Message...............................................................................138
5.6.3 Banned Site Warning Message....................................................................139
Chapter 6 Administering F-Secure Anti-Virus for Internet Mail 140
6.1 Overview - SMTP Scanning.....................................................................................141
6.2 Configuring F-Secure Anti-Virus for Internet Mail ....................................................142
6.2.1 SMTP Settings..............................................................................................143
6.2.2 SMTP Connections.......................................................................................146
6.2.3 Content Scanner Servers..... ... ... .... ... ... ........................................................149
6.2.4 Quarantine....................................................................................................151
6.2.5 Spooling........................................................................................................158
6.2.6 Logging.........................................................................................................162
6.2.7 Intranet Hosts...............................................................................................164
6.3 Configuring SMTP Traffic Scanning.........................................................................166
6.3.1 Inbound and Outbound Traffic......................................................................166
6.3.2 Receiving ................................ .................................... .................................166
6.3.3 Spam Control................................................................................................172
6.3.4 Blocking........................................................................................................172
6.3.5 Virus Scanning ........................... .... ..............................................................177
6.3.6 Virus Outbreak Response ........................... ... ... ...........................................182
6.3.7 File Type Recognition........................ ... ... .... .................................................183
6.3.8 Disclaimer.....................................................................................................185
6.3.9 Mail Delivery................................... ... ... ... .... ... ..............................................187
6.3.10 Security Options...........................................................................................191
6.4 Monitoring Logs................... .....................................................................................195
5
6.5 Viewing Statistics .....................................................................................................199
6.5.1 Viewing Statistics with F-Secure Internet Gatekeeper Web Console...........199
6.5.2 Viewing Statistics with F-Secure Policy Manager . ... .... .................................206
6.6 Notifications..............................................................................................................208
Chapter 7 Administering F-Secure Content Scanner Server 209
7.1 Overview..................................................................................................................210
7.2 Configuring F-Secure Content Scanner Server .......................................................211
7.2.1 Service Connections................ ... .... ... ...........................................................211
7.3 Configuring Scanning Settings.................................................................................216
7.3.1 Virus Scanning ........................... .... ..............................................................216
7.3.2 Spam Filtering ..............................................................................................220
7.3.3 Threat Detection...........................................................................................222
7.3.4 Advanced......................................................................................................224
7.4 Configuring and Viewing Statistics...........................................................................226
7.4.1 Configuring Virus Statistics...........................................................................226
7.4.2 Viewing Virus and Spam Statistics with F-Secure Internet Gatekeeper Web Console227
7.4.3 Viewing Virus and Spam Statistics with F-Secure Policy Manager Console235
7.5 Monitoring Logs................... .....................................................................................239
7.5.1 Logfile.log.....................................................................................................239
Chapter 8 Administering F-Secure Spam Control 240
8.1 Introduction ..............................................................................................................241
8.2 Spam Control Settings .............................................................................................242
8.3 Realtime Blackhole List Configuration .....................................................................248
8.3.1 Enabling Realtime Blackhole Lists ...............................................................248
8.3.2 Optimizing F-Secure Spam Control Performance........................................250
Chapter 9 Administering F-Secure Management Agent 251
9.1 F-Secure Management Agent Settings....................................................................252
9.2 Configuring Alert Forwarding ...................................................................................254
Chapter 10 Quarantine Management 258
10.1 Introduction ..............................................................................................................259
6
10.2 Configuring Quarantine Options...............................................................................260
10.3 Searching the Quarantined Content.........................................................................260
10.4 Query Results Page................................... ... ... ... .... ... ... ... ........................................265
10.5 Viewing Details of a Quarantined Message .............................................................267
10.6 Reprocessing the Quarantined Content...................................................................268
10.7 Releasing the Quarantined Content.........................................................................269
10.8 Removing the Quarantined Content.........................................................................271
10.9 Deleting Old Quarantined Content Automatically.....................................................271
10.10Quarantine Database Settings.................................................................................273
10.11Quarantine Logging..................................................................................................273
10.12Quarantine Statistics................................................................................................273
Chapter 11 Security and Performance 275
11.1 Introduction ..............................................................................................................276
11.2 Optimizing Security..................................................................................................276
11.2.1 Virus Scanning ..................................... ... .... ... ... ...........................................276
11.2.2 Access Control .............................................................................................277
11.2.3 Data Trickling................................................................................................277
11.3 Optimizing Performance...........................................................................................277
11.3.1 Virus Scanning ..................................... ... .... ... ... ...........................................277
Chapter 12 Updating Virus and Spam Definition Databases 280
12.1 Overview..................................................................................................................281
12.2 Automatic Updates...................................................................................................281
12.3 Configuring Automatic Updates ...............................................................................282
12.3.1 Summary......................................................................................................283
12.3.2 Automatic Updates.......................................................................................286
12.3.3 Policy Manager Proxies................................................................................289
Chapter 13 Troubleshooting 291
13.1 Testing the Connections ..........................................................................................292
13.1.1 Checking that F-Secure Anti-Virus for Internet Gateways is Up and Running ... 292
13.1.2 Checking that F-Secure Anti-Virus for Internet Mail is Up and Running.......292
7
13.1.3 Checking that F-Secure Content Scanner Server is Up and Running..........293
13.1.4 Checking that the Network Connection to the Original Mail Server is Working.. 293
13.2 Starting and Stopping F-Secure Internet Gatekeeper Components ................ .... ... .294
13.3 Frequently Asked Questions....................................................................................295
AppendixA Warning Messages 296
A.1 HTTP Warning Messages....................................................................................... 297
A.2 SMTP Warning Messages .......................................................................................298
A.3 Virus Outbreak Notification Messages.....................................................................299
AppendixB Specifying Hosts 300
B.1 Introduction ............................................................................................................. 301
B.2 Domain.....................................................................................................................301
B.3 Subnet......................................................................................................................301
B.4 IP Address.............. ... .... ... ... ... ... .... ...........................................................................302
B.5 Hostname.................................................................................................................302
AppendixC Access Log Variables 304
C.1 List of Access Log Variables ................................................................................... 305
AppendixD Mail Log Variables 309
D.1 List of Mail Log Variables ........................................................................................ 310
AppendixE Configuring Mail Servers 312
E.1 Configuring the Network.......................................................................................... 313
E.2 Configuring Mail Servers..........................................................................................314
E.2.1 L otus Domino ................................. ... ... ... .... ... ... ... ........................................314
E.2.2 Microsoft Exchange 5.5................................................................................315
E.2.3 Microsoft Exchange 2000.............................................................................315
AppendixF Advanced Deployment Options 319
F.1 Introduction ............................................................................................................. 320
F.2 Transparent Proxy....................................................................................................320
8
F.2.1 Examples......................................................................................................322
F.2.2 Transparent Proxy with Linux and Unix Based Systems..............................327
F.2.3 Transparent Proxy with Cisco, Nortel and Lucent........................................329
F.3 HTTP Load Balancing..............................................................................................329
F.3.1 Round-Robin DNS Based Load Balancing...................................................330
F.3.2 Load Balancing with Proxy Auto-Configuration (PAC) or Web Proxy Auto-Dis-
covery Protocol (WPAD).............................. ... ..............................................331
F.3.3 Load Balancing with Proxy or Firewall..........................................................333
F.3.4 Hardware and Software Load-balancing Solutions ......................................335
F.3.5 Load Balancing and High Availability with Clustering...................................337
F.4 Load Balancing With Windows Network Load Balancing Service............................339
F.4.1 Requirements ...............................................................................................339
F.4.2 Setting Up Network Load Balancing Services..............................................340
F.5 Deployment Scenarios for Environments with Multiple Sub-domains......................349
F.5.1 Scenario 1: F-Secure Anti-Virus for Internet Mail as an Upstream Mail Transfer
Agent............................................................................................................349
F.5.2 Scenario 2: F-Secure Anti-Virus for Internet Mail as Interim Ma il Transfer Agent
352
F.5.3 Scenario 3: F-Secure Anti-Virus for Internet Mail for each Sub-domain.......356
AppendixG Services and Processes 360
G.1 List of Services and Processes..................................... ... ....................................... 361
AppendixH Error Codes 365
H.1 Introduction ............................................................................................................. 366
H.2 F-Secure Anti-Virus for Internet Gateways ..............................................................366
H.3 F-Secure Anti-Virus for Internet Mail........................................................................374
H.4 F-Secure Content Scanner Server...........................................................................391
Technical Support 409
Introduction ...................................................................................................................... 410
F-Secure Online Support Resources ...............................................................................410
Web Club ................. ... .....................................................................................................412
Virus Descriptions on the Web .........................................................................................412
About F-Secure Corporation
9

ABOUT THIS GUIDE

How This Guide is Organized..................................................... 11
Conventions Used in F-Secure Guides..................................... 13
10

How This Guide is Organized

F-Secure Internet Gatekeeper Administrator's Guide is divided into the following chapters and appendixes.
Chapter 1. Introduction. General information about F-Secure Internet
Gatekeeper and other F-Secure Anti-Virus for Mail Serve r and Ga te wa y products.
Chapter 2. Deployment. Describes possible deployment scenarios in
the corporate network.
Chapter 3. Installation. Instructions on how to install and upgrade
F-Secure Internet Gatekeeper.
Chapter 4. Basics of Using F-Secure Internet Gatekeeper. Instructions
on when to use F-Secure Policy Manager and F-Secure Internet Gatekeeper Web Console in centrally managed F-Secure Internet Gatekeeper installations.
Chapter 5. Administering F-Secure Anti-Virus for Internet Gateways.
Instructions on how to configure F-Secure Anti-Virus for Internet Gateways general settings before you start using it. It also contains instructions how to configure HTTP and FTP-over-HTTP scanning and to use access control to allow and deny access to specified sites on the Internet.
About This Guide 11
Chapter 6. Administering F-Secure Anti-Virus for Internet Mail.
Instructions on how to configure F-Secure Anti-Virus for Internet Mail general settings before you start using it, and how to configure virus scanning to detect and disinfect viruses and other malicious code from e-mails.
Chapter 7. Administering F-Secure Content Scanner Server.
Instructions how to configure F-Secure Content Scanner Server before you start using F-Secure Anti-Virus for Internet Gateways and F-Secure Anti-Virus for Internet Mail.
Chapter 8. Administering F-Secure Spam Control. Information about
and instructions on how to configure F-Secure Spam Control.
12
Chapter 9. Administering F-Secure Ma nagement Agent. Instructions on
how to configure F-Secure Management Agent.
Chapter 10. Quarantine Management. Instructions on how to manage
and search quarantined content.
Chapter 1 1. Security and Performance. Instructions on how to optimize
security and performance.
Chapter 12. Updating Virus and Spam Definition Databases.
Instructions on how to keep virus definition databases up-to-date.
Chapter 13. Troubleshooting. Instructions on how to check that
F-Secure Internet Gatekeeper is running and answers to frequently as ked questions.
Appendix A. Warning Messages. Lists variables that can be included in
virus warning messages.
Appendix B. Specifying Hosts. Instructions on how to specify hosts in
F-Secure Anti-Virus for Internet Gateways.
Appendix C. Access Log Variables. Lists variables that can be used in
the access log.
Appendix D. Mail Log Variables. Lists variables that can be used in the
F-Secure Anti-Virus for Internet Mail mail log.
Appendix E. Configuring Mail Servers. Instructions on how to configure
mail servers to work with F-Secure Internet Gatekeeper.
Appendix F. Adva nced Deployment Options. Info rmation about differen t
methods that you can use when setting up a transparent proxy and HTTP load balancing services.
Appendix G. Services and Pro cesses. Lists services and processes that
are running on the system after the installation.
Appendix H. Error Codes. Describes error codes.
Technical Support. . Contains the contact information for assistance. About F-Secure Corporation. Describes the company background and
products.

Conventions Used in F-Secure Guides

This section describes the symbols, fonts, and terminology used in this manual.

Symbols

WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data.
IMPORTANT: An exclamation m ark provides important information that you need to consider.
REFERENCE - A book refers you to related information on the topic available in another document.
NOTE - A note provides additional information that you should consider.
l
13
Fonts
TIP - A tip provides information that can help you perfor m a task more quickly or easily.
An arrow indicates a one-step procedure.
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals. Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names. Courier New is used for messages on your computer screen.
14
Courier New bold is used for information that you must type.
SMALL CAPS (BLACK) is used for a key or key combination on your
keyboard.
PDF Document
For More Information
Arial underlined (blue)
Arial italics is used for window and dialog box names.
This manual is provided in PDF (Portable Document Format). The PDF document can be used for online viewing and printing using Adobe® Acrobat® Reader. When printing the manual, please print the entire manual, including the copyright and disclaimer sta tements.
Visit F-Secure at http://www.f-secure.com for documentation, training courses, downloads, and service and supp o rt contacts.
In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com
is used for user interface links.
.
1

INTRODUCTION

Overview..................................................................................... 16
How the Product Works.............................................................. 17
Features..................................................................................... 21
F-Secure Anti-Virus Mail Server and Gateway Products............ 24
15
16

1.1 Overview

Malicious code, such as computer viruses, is one of the main threats for companies today. When users began to use office applications with macro capabilities to write documents and distribute them via mail and groupware servers, macro viruses started spreading rapidly.
After the millennium, the most common spreading mechanism has been the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide a very fast and efficient way for viruses to spread without any user intervention and this is why e-mail worm outbreaks, like Sobig, Netsky and Mydoom, cause a lot of damage around the world.
The Internet is used by more and more people every day. It opens another, so far dormant channe l for viruse s to spread, HTTP. Web surfing is increasing rapidly as we are using the web to find information not only for business but also for other purposes, such as hobbies, health, and so on. It is very important to realize this early and to be proactive in protecting our resources.
F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to sh ield the company network from any malicious code that travels in HTTP, FTP-over-HTTP or SMTP traffic. The protection can be implemented on the gateway level to screen all incoming and outgoing e-mail (SMTP), web surfing (HTTP) and file transfer (FTP-over-HTTP) traffic. Furthermore, it can be implemented on the mail server level so that it not only protects inbound and outbound tr affic but also in ternal mail traffic and public sources, such as Public Folders on Microsoft Excha nge servers.
Providing the protection already on the gateway level has plenty of advantages. The protection is easy and fast to set up and install, and it complements the virus protection that is installe d on the workstations. The protection is also invisible to the end users which ensur es that the system cannot be by-passed and makes it easy to maintain. Of course, protecting the gateway level alone is not enough to provide a complete anti-virus solution; file server and workstation level protection is needed, too.
Why clean 1000 workstations when you can clean one attachment at the gateway level?

1.2 How the Product Works

F-Secure Internet Gatekeeper is a suite of real-time services to protect the corporate network against computer viruses and malicious code coming in web (HTTP and FTP-over-HTTP) and e-mail (SMTP) traffic. F-Secure Internet Gatekeeper is comprised of the following components: F-Secure Anti-Virus for Inte rnet Gateways, F-Secure Anti-Virus for Internet Mail and F-Secure Content Scanner Server.

1.2.1 F-Secure Anti-Virus for Internet Gateways

F-Secure Anti-Virus for Internet Gateways is an HTTP proxy server which acts as a gateway between the corporate network and the Internet. If a client computer requests a file from a Web server, it asks the proxy server to retrieve the file instead of downloading it directly from the Internet. F-Secure Anti-Virus for Internet Gateways processes the request to make sure that the content does not contain any malicious code and it should not be blocked. F-Secure Anti-Virus for Internet Gateways returns only allowed Web content and virus-free files to the requesting client. All files and web pages downloaded via HTTP and FTP-over-HTT P are ch ecked for viruses and malicious code on the fly.
CHAPTER 1 17
Introduction
18
Figure 1-1 Web traffic flow after F-Secure Anti-Virus for Internet Gateways has been installed
F-Secure Anti-Virus for Internet Gateways provides comprehensive virus protection and content filtering. It can be configured to do any of the following:
Deny access to specified Web sites, Block files by content types, filenames and extensions, Block files that exceed a specified file size, Scan files by content types, filenames and extensions, and Automatically disinfect or drop the infected content.
If F-Secure Anti-Virus for Internet Gateways finds disallowed or malicious content, it denies access to the file and shows a warning message to the end-user. The warning message can be customized.
F-Secure Anti-Virus for Internet Gateways can be deployed transparently to end-users. Since all HTTP and FTP-over-HTTP requests and downloads pass through the proxy server, F-Secur e Anti-Virus for Internet Gateways provides effective access control and protection against viruses and malicious content.

1.2.2 F-Secure Anti-Virus for Internet Mail

F-Secure Anti-Virus for Internet Mail operates as a mail gateway that accepts incoming and outgoing e-mails, processes mail bodies and attachments and delivers processed e-mail messages to the designated SMTP server for further processing and delivery.
CHAPTER 1 19
Introduction
Content
Blocking
Virus and Spam
Outbreak Detection
Spam
Control
When F-Secure Anti-Virus for Internet Mail receives an e-mail message from an Internet or internal network source, it extracts all dangerous objects such as attached files and embedded OLE objects, and blocks them immediately. For example, attachment s can be str ipp ed from e-mai l messages by their filenames or extensions, and messages that contain malformed or suspicious headers can be blocked. After F-Secure Anti-Virus for Internet Mail has checked e-mail messages for disallowed content, it scans the mail message body and attachments for viruses and other malicious code.
Massive spam and virus outbreaks consist of millions of messages which share at least one identifiable pattern that can be used to distinguish the outbreak. Any message that contains one or more of these patterns can be assumed to be a part of the same spam or virus outbreak.
F-Secure Anti-Virus for Internet Mail can identify these patterns from the message envelope, headers and body, in any language, message format and encoding type. It can detect spam messages and new viruses during the first minutes of the outbreak.
F-Secure Spam Control is a separate product component that uses heuristic spam analysis to filter inbound mails for spam, which supports DNS Blackhole List (DNSBL) functionality.
20
Figure 1-2 Mail traffic flow after F-Secure Anti-Virus for Internet Mail has been installed
If F-Secure Anti-Virus for Internet Mail finds an infected attachment or other malicious content, it can do any of the following:
Block the whole e-mail message, Strip the infected attachment, Send a customizable virus warning message to the sender,
recipient or both, or
Place the infected attachment to the quarantine for further
processing.

1.2.3 F-Secure Content Scanner Server

F-Secure Content Scanner Server is the back-end component that provides anti-virus and spam scanning services for F-Secure Anti-Virus for Internet Gateways and F-Secure Anti-Virus for Internet Mail. F-Secure Content Scanner Server receives data for validation via Simple Content Inspection Protocol (SCIP).

1.3 Features

F-Secure Internet Gatekeeper, as well as all other F-Secure Anti-Virus Mail Server and Gateway products, has the following features and capabilities.
Alerting F-Secure Internet Gatekeeper has extensive monitoring, reporting and
alerting functions that can be used to notify any administrator in the company network about any infected content that F-Secure Internet Gatekeeper has found.
CHAPTER 1 21
Introduction
Powerful and Always
Up-to-date
F-Secure Internet Gatekeeper uses the award-winning F-Secure Anti-Virus scanners to ensure the highest possible detection rate and disinfection capability . The daily virus definition database updates provide a protection that is always up-to-date.
F-Secure Internet Gatekeeper uses the threat detection engine to detect possible virus outbreaks before they become widespread. The threat detection engine analyzes messages and identifies threat patterns as they are released to the Internet within an outbreak.
F-Secure Anti-Virus scanner consisten tly ranks at the top when comp ared to competing products. Our team of dedicated virus r esearchers is on call 24-hours a day responding to new and emerging threats. F-Secure releases tested virus definition updates on a daily basis, to make sure our customers are receiving the highest quality service and protection.
22
Easy to Administer F-Secure Internet Gatekeeper can be centrally managed with F-Secure
Policy Manager. You can configure F-Secure Internet Gatekeeper settings with F-Secure Policy Manager any time you want. In stand-alone mode, the F-Secure Internet Gatekeeper Web Console can be used to administer F-Secure Internet Gatekeeper.
F-Secure Internet Gatekeeper Web Console can be used to check the status of F-Secure Internet Gatekeeper at a glance. It is also used to manage quarantined items both in centrally managed and stand-alone installations.
Superior Protection High level of protection with low maintenance costs.
Superior detection rate with multiple scanning engines. Unparalleled malicious code detection and disinfection. F-Secure
Internet Gatekeeper detects all known viruses, worms and Trojans, including Java and ActiveX viruses.
Heuristic scanning detects also unknown Windows and macro
viruses.
Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,
RAR, T AR, TGZ, Z and ZIP archive files.
Automatic daily virus definition database updates. Suspicious and unsafe attachments can be stripped away from
e-mails.
Password protected archives can be treated as unsafe. Intelligent file type recognition.
Virus Outbreak
Detection
Possible virus outbreaks are transparently detected before they
become widespread.
The product can notify the administrator about virus outbreaks. Unsafe messages can be quarantined and reprocessed
automatically.
CHAPTER 1 23
Introduction
Transparen cy and
Scalability
Usability Easy to install and configure.
Protection against
Spam
Viruses are intercepted before they enter the network and sp read
to workstations and servers.
Real-time scanning of internal, inbound and outbound mail
messages.
The company network can be configured so that users cannot
bypass the system, which means that e-mails and files cannot be downloaded without them being scanned first.
Can be administered centrally with F-Secure Policy Manager. Can be monitored with the convenient F-Sec ure In te rn et
Gatekeeper Web Console.
Contains new quarantine management fe atures: you can manage
and search quarantined content with the F-Secure Internet Gatekeeper Web Console.
Possible spam messages are transparently detected before they
become widespread.
Efficient and fast spam detection based on different analyses on
the e-mail content.
Multiple filtering mechanisms guarantee the high accuracy of
spam detection.
Sp am detection works in every language and message format.
24

1.4 F-Secure Anti-Virus Mail Server and Gateway Products

The F-Secure Anti-Virus product line consists of workstation, file server, mail server and gateway products.
F-Secure Internet Gatekeeper is a high performance, totally
automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP) virus scanning solution for the gateway level. F-Secure Internet Gatekeeper works independently of firewall and e-mail server solutions, and does not affect their performance.
F-Secure Anti-Virus for Microsoft Exchange™ protects your
Microsoft Exchange users from malicious code contained within files they receive in mail messages and documents they open from shared databases. Malicious code is also stopped in outbound messages and in notes being posted on Public Folders. The product operates transparently and scans files in the Exchange Server Information Store in real-time. Manual and scheduled scanning of user mailboxes and Public Folders i s also supported.
F-Secure Anti-Virus for MIMEsweeper™ provides a powerful
anti-virus scanning solution that tightly integrates with Clearswift MIMEsweeper for SMTP and MIMEsweeper for Web products. F-Secure provides top-class anti-virus software with fast and simple integration to Clearswift MAILsweeper and WEBsweeper, giving the corporation the powerful combination of complete content security.
F-Secure Internet Gatekeeper for Linux™ provides a
high-performance solution at the Internet gateway level, stopping viruses and other malicious code before the spread to end users desktops or corporate servers. The product scans SMTP, HTTP, FTP and POP3 traffic for vi ruses, worms and trojans, and blocks and filters out specified file types. ActiveX and Java code can also be scanned or blocked. The product receives updates
automatically from F-Secure, keeping the virus protection always up to date. A powerful and easy-to-use manage ment console simplifies the installation and configuration of the product.
F-Secure Messaging Security Gateway™ delivers the
industry’s most complete and effective security for e-mail. It combines a robust enterprise-class messaging platform with perimeter security, antispam, antivirus, secure messaging and outbound content security capabilities in an easy-to-deploy, hardened appliance.
CHAPTER 1 25
Introduction
2

DEPLOYMENT

Overview..................................................................................... 27
Deployment Scenarios............................................................... 29
26

2.1 Overview

CHAPTER 2 27
Deployment
Depending on the corporate network structure, you might consider various scenarios of deploying F-Secure Internet Gatekeeper. This chapter describes some possible deployment scenarios of F-Secure Internet Gatekeeper in the corporate ne two rk - use th e on e th at best fits your needs and your own network design strategy.
Although the scenarios are given separately for web traffic and e-mail scanning components, you can install them to the same host if required. To determine which option is the most suitable, consider your existing network configuration and estimate the peak and mean loads that the server needs to handle.
28

2.2 Network Requirements

This network configuration is valid for all scenarios described in this chapter. Make sure that the following network traffic can travel:
Service Process Inbound ports Outbound ports
F-Secure Anti-Virus for Internet Gateways
F-Secure Anti-Virus for Internet Mail
F-Secure Content Scanner Server
F-Secure Internet Gatekeeper Web Console
F-Secure Automatic Update Agent
FSNRB %ProgramFiles%\F-Secure\
%ProgramFiles%\F-Secure\ Anti-Virus for Internet Gateways\bin\httpscan.exe
%ProgramFiles%\F-Secure\ Anti-Virus Agent for Internet Mail\fsavagsm.exe
%ProgramFiles%\F-Secure\ Content Scanner Server\ fsavsd.exe
%ProgramFiles%\F-Secure\ Web User Interface\ bin\fswebuid.exe
F-Secure Automatic Update.exe 371 (UDP), only if
Common\fnrb32.exe
3128 (TCP) DNS (53, UDP/TCP),
HTTP (80), HTTPS (443) and/or other ports used with upstream proxy and web servers
SMTP (25) DNS (53, UDP/TCP),
SMTP (25) and/or other ports used with mail servers
18971 (TCP) + 1024-65536 (TCP), only with F-Secure Anti-Virus for Internet Mail on a separate host
25023 DNS (53, UDP and TCP),
BackWeb Polite Protocol is used
- DNS (53, UDP/TCP),
DNS (53, UDP/TCP), HTTP (80) or other known port used for HTTP proxy
1433 (TCP), only with the dedicated SQL server
DNS (53, UDP and TCP), HTTP (80)
HTTP (80)
FSMA (AMEH) %ProgramFiles%\F-Secure\
F-Secure Quarantine Manager
Common\fameh32.exe
%ProgramFiles%\F-Secure\ Quarantine Manager\fqm.exe
- DNS (53, UDP/TCP), SMTP (25)
- DNS (53, UDP/TCP), 1433 (TCP), only with the dedicated SQL server

2.3 Deployment Scenarios

This section describes the F-Secure Anti-Virus for Internet Gateways and F-Secure Anti-Virus for Internet Mail deployment scenarios.

2.3.1 F-Secure Anti-Virus for Internet Gateways

There are four different deployment scenarios for F-Secure Anti-Virus for Internet Gateways.
Scenario 1: On a Dedicated Machine
CHAPTER 2 29
Deployment
Figure 2-1 F-Secure Anti-Virus for Internet Gateways deployed on a dedicated machine
Advantages
Simple to set up.
Disadvantages
End-users have to change the proxy settings of their web
browsers.
Configuration on End-User Workstations
Specify F-Secure Anti-Virus for Internet Gateways as HTTP and
HTTPS proxy in the web browser settings.
30
F-Secure Anti-Virus for Internet Gateways Configuration
Add end-user workstations to the list of hosts which are allowed
to connect to F-Secure Anti-Virus for Internet Gateways. For more information, see “Connections to F-Secure Anti-Virus for
Internet Gateways”, 123
Firewall Configuration
Allow HTTP and HTTPS requests only from F-Secure Anti-Virus
for Internet Gateways.
DNS Configuration
No changes are required.
Scenario 2: As a Downstream Proxy
Figure 2-2 F-Secure Anti-Virus for Internet Gateways deployed as a downstream proxy
Advantages
End-users do not have to change the proxy settings of their web
browsers.
Configuration on End-User Workstations
The proxy settings in web browers do not have to be changed if
the existing proxy server is defined as a DNS name (for example, proxy.example.com) or if they use the automatic proxy detection. Otherwise, specify F-Secure Anti-Virus for Internet Gateways as HTTP and HTTPS proxy in the web browser settings.
Loading...
+ 384 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use