Transcription
McAfee Email Gateway Administration Guideversion 6.7.2
COPYRIGHTCopyright 2009 McAfee, Inc. All Rights Reserved.No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by anymeans without the written permission of McAfee, Inc., or its suppliers or affiliate companies.TRADEMARK ATTRIBUTIONSAVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD,MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS,PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTALPROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or othercountries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are thesole property of their respective owners.LICENSE INFORMATIONLicense AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVEACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANTOR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILEAVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH INTHE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR AFULL REFUND.License AttributionsMD5 portions Copyright (C) 1995, Board of Trustees of the University of Illinois (C) Copyright 1993,1994 by Carnegie Mellon University. Copyright (c) 1991Bell Communications Research, Inc. (Bellcore). Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991.expat-lite portions Copyright (c) 1998, 1999 James Clark.Regex portions Copyright 1992, 1993, 1994 Henry Spencerexpat xml parser library portions Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd and Clark Coopermod mime magic portions Copyright (c) 1996-1997 Cisco Systems, Inc, Copyright (c) Ian F. Darwin, 1987mod imap portions "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.comzb test and ab support portions Copyright (C) Zeus Technology Limited 1996Cheetah portions Copyright 2001, The Cheetah Development Team: Tavis Rudd, Mike Orr, Ian Bicking, Chuck EsterbrookDom4J License portions Copyright 2001-2005 (C) MetaStuff, Ltd.GIFLIB distribution portions Copyright (c) 1997 Eric S. RaymondICONV portions Copyright (C) 2003 Hye-Shik ChangLibPNG versions 1.2.6, August 15, 2004, through 1.2.39, August 13, 2009 portions Copyright (c) 2004, 2006-2009 Glenn Randers-Pehrson, ContributingAuthors Cosmin TrutaLibNet portions Copyright (c) 1998 - 2001 Mike D. Schiffman mike@infonexus.com http://www.packetfactory.net/libnet.M2Crypto portions Copyright (c) 1999-2004 Ng Pheng Siong, Portions copyright (c) 2004-2006 Open Source Applications Foundation., Portions copyright(c) 2005-2006 Vrije Universiteit Amsterdam.NetSNMP portions Copyright 1989, 1991, 1992 by Carnegie Mellon University Derivative Work - 1996, 1998-2000 Copyright 1996, 1998-2000 The Regentsof the University of California, Copyright (c) 2001-2003, Networks Associates Technology, Inc., Portions of this code are copyright (c) 2001-2003,Cambridge Broadband Ltd., Copyright California 95054, U.S.A. Copyright (c) 2003-2008, Sparta, Inc. Copyright (c) 2004, Cisco, Inc and InformationNetwork Center of Beijing University of Posts and Telecommunications. Copyright (c) Fabasoft R&D Software GmbH & Co KG, 2003 oss@fabasoft.comAuthor: Bernhard Penz.Numeric portions Copyright (c) 2005, NumPy Developers.OpenLDAP portions Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA.OpenSSH portions Copyright (c) 1995 Tatu Ylonen ylo@cs.hut.fi , Espoo, Finland, Cryptographic attack detector for ssh portions Copyright (c) 1998 CORESDI S.A., Buenos Aires, Argentina, ssh-keyscan portions Copyright 1995, 1996 by David Mazieres dm@lcs.mit.edu , Rijndael implementation by VincentRijmen, Antoon Bosselaers and Paulo Barreto is in the public domain, One component of the ssh source code portions Copyright (c) 1983, 1990, 1992,1993, 1995 The Regents of the University of California. Remaining components portions copyright holders: Markus Friedl, Theo de Raadt, Niels Provos,Dug Song, Aaron Campbell, Damien Miller, Kevin Steves, Daniel Kouril, Wesley Griffin, Per Allansson, Nils Nordman, Simon WilkinsonOpenSSL portions Copyright (c) 1998-2008 The OpenSSL Project. SSL implementations portions Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com).PIL portions Copyright (c) 1997-2006 by Secret Labs AB Copyright (c) 1995-2006 by Fredrik LundhPyASN1 portions Copyright (c) 2005, 2006 Ilya Etingof ilya@glas.netPython portions Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation;PySNMP portions Copyright (c) 1999-2006, Ilya Etingof ilya@glas.netReportLab portions Copyright (c) 2000-2004, ReportLab Inc.ripMIME portions Copyright (c) 2000 P.L.Danielsstrace portions Copyright (c) 1991, 1992 Paul Kranenburg pk@cs.few.eur.nl, Copyright (c) 1993 Branko Lankester branko@hacktic.nl, Copyright (c) 1993Ulrich Pegelow pegelow@moorea.uni-muenster.de, Copyright (c) 1995, 1996 Michael Elizabeth Chastain mec@duracef.shout.net, Copyright (c) 1993,1994, 1995, 1996 Rick Sladkey jrs@world.std.com, Copyright (C) 1998-2001 Wichert Akkerman wakkerma@deephackmode.orgTiff portions Copyright (c) 1988-1997 Sam Leffler, Copyright (c) 1991-1997 Silicon Graphics, Inc.Issued October 2009 / McAfee Email Gateway version 6.7.2
ContentsAbout this Document15Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Dashboard1The Dashboard19About the Dashboard . . . . . . . . .Configuring the Dashboard . . .Special navigation . . . . . . . . .The charts . . . . . . . . . . . . . . . .System charts . . . . . . . . . . .Queue charts . . . . . . . . . . . .Dashboard reports and summariesExecutive summary . . . . . . . .Mail IPS status . . . . . . . . . . .Health Monitor summary . . . .Services status . . . . . . . . . . .Connection blocking status . . .SpamProfiler status . . . . . . . .System utilization . . . . . . . . .Updates status . . . . . . . . . . .Alert status . . . . . . . . . . . . .WebMail protection status . . .Encryption status . . . . . . . . . 19. 19. 19. 21. 21. 23. 23. 23. 23. 23. 24. 24. 25. 25. 25. 25. 25. 25. 29. 30. 30. 30. 30. 30. 30. 31. 31. 31. 31. 32. 32. 32. 33. 33. 34. 34. 35. 40. 41. 43. 44Queue Manager2Email Gateway QueuesAbout the queues . . . . . . . . . .SuperQueue . . . . . . . . . . . . . .Rip Queue . . . . . . . . . . . . .Content Extraction Queue . .Anti-Virus Queue . . . . . . . .Content Analysis Queue . . . .Envelope Analysis Queue . . .Anti-Spam Queue . . . . . . . .Corporate Compliance QueueThe Join Queue . . . . . . . . . .Outbound Queue . . . . . . . . . . .Non-processing queues . . . . . .Quarantine Queue . . . . . . . .Failures Queue . . . . . . . . . .329.Queue InformationAbout the Queue Information windowQuarantined messages . . . . . . .Current messages . . . . . . . . . . .Queue activity . . . . . . . . . . . . .Viewing messages . . . . . . . . . . . . .Searching messages . . . . . . . . . . . .Quarantined messages . . . . . . .Current messages . . . . . . . . . . .Processed messages . . . . . . . . .McAfee Email Gateway 6.7.2 Administration Guide333
ContentsCompliance Officer searches . . . . . . . . . . .Dynamic Quarantine . . . . . . . . . . . . . . . . . . . .Dynamic Quarantine rules . . . . . . . . . . . . .Dynamic Quarantine process overview . . . .Viewing the results of Dynamic Quarantine .4. 45. 45. 46. 46. 48. 49. 50. 52. 57. 58. 60. 61. 61. 61. 62. 62. 63. 63. 64. 66. 71. 73. 73. 74Advanced Queue Manager TopicsConfiguring queues . . . . . . . .Configuring SuperQueue . .Configuring the sub-queuesChanging the queue order . . . .About quarantine types . . . . .Using the Quarantine Queue . .5.49.Remote Quarantine61About Remote Quarantine . . . . . . . . . . . . . .Central Quarantine Server . . . . . . . . . . . . .Which features use Remote Quarantine? .General implementation . . . . . . . . . . . .High-level process . . . . . . . . . . . . . . . .Configuration of the CQS . . . . . . . . . . . . . .Setting quarantine types . . . . . . . . . . . .Configuring appliances . . . . . . . . . . . . .End User Quarantine . . . . . . . . . . . . . . .Setting the Cleanup Schedule . . . . . . . . .Dual Central Quarantine Servers . . . . . . . . .Configuring CQS2 . . . . . . . . . . . . . . . . .If CQS1 fails . . . . . . . . . . . . . . . . . . . . .Compliance6Compliance Overview77About Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Snapshot reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777Content Analysis79About Content Analysis . . . . . . . . . . . . . . . . . . . . . . . . .Dictionaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Editing and searching an existing dictionary . . . . . . . . . .Editing the search option . . . . . . . . . . . . . . . . . . . . .Viewing dictionary content . . . . . . . . . . . . . . . . . . . .Searching dictionary content . . . . . . . . . . . . . . . . . .Adding content . . . . . . . . . . . . . . . . . . . . . . . . . . . .Editing existing dictionary content . . . . . . . . . . . . . .Adding a new Content Analysis dictionary . . . . . . . . . . . .Adding the content . . . . . . . . . . . . . . . . . . . . . . . . .Managing content rules . . . . . . . . . . . . . . . . . . . . . . . .Adding a new rule . . . . . . . . . . . . . . . . . . . . . . . . . .Editing dictionary rules . . . . . . . . . . . . . . . . . . . . . .Applying content rules . . . . . . . . . . . . . . . . . . . . . . . . .Adding a new policy . . . . . . . . . . . . . . . . . . . . . . . .Editing an existing application . . . . . . . . . . . . . . . . .Dictionary report configuration . . . . . . . . . . . . . . . . . . .Adding a report . . . . . . . . . . . . . . . . . . . . . . . . . . .Editing a report configuration . . . . . . . . . .
McAfee Email Gateway 6.7.2 Administration Guide 3 Contents About this Document 15 Conventions .
