McAfee MSA-3400-SWGI Installation Guide - Page 45

Creating an anti-spam scanning policy, Email | Email Policies | Scanning Policies

Get McAfee MSA-3400-SWGI - Web Security Appliance 3400 PDF manuals and user guides View all McAfee MSA-3400-SWGI manuals
Add to My Manuals
Save this manual to your list of manuals

Page 45 highlights

Exploring the appliance Using policies to manage message scanning b Create a text file that includes the following string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* c Save the file as eicar.txt. d Attach the file to the email. The gateway security device replaces the file with an alert and the sender receives a notification alert. 15 Return to Custom Malware Options and click Specific detection name:. 16 Type EICAR. 17 Ensure the primary action is Refuse the original data and return an error code (block), then click OK. 18 From an external email account, create a message and attach the EICAR test file. The email client returns with an error 550: denied by policy error message. Email | Email Configuration | Receiving Email | Permit and Deny Lists [+] Blocked connections is empty. 19 In Custom Malware options, change the primary action to Deny the connection, then click OK. 20 Send the same email and check the denied connection. It has the IP address of your client machine (example IP address). 21 Try to send a benign email. This is also denied because of the denied connections list. To the sending server, it appears that the server is not online. The device checks the message as it enters your mail gateway and identifies that it contains a virus. It quarantines the message and notifies the intended recipient and the sender that the message was infected. Creating an anti-spam scanning policy Use this task to set up a policy to protect your organization from receiving unsolicited messages. A policy like this protects users from receiving unsolicited email messages that reduce productivity and increase the message traffic through your servers. Task 1 On the device, ensure that you are using McAfee Quarantine Manager Email | Quarantine Configuration. 2 Select Email | Email Policies | Scanning Policies. You must set up a separate anti-spam policy for the SMTP and POP3 protocols. 3 Set the primary action to Accept and drop the data. 4 Set the secondary action to Quarantine the original E-mail. Change the spam score to 5. If you enable anti-spam detection, McAfee recommends that you also enable anti-phishing detection. Scanning performance is not impacted by performing both anti-spam and anti-phish checks. 5 From an external email account, create a message to a mailbox protected by the device. 6 In the message body, use the text: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X 7 Send the message. 8 Open McAfee Quarantine Manager and look at the spam queue. McAfee Email and Web Security Appliance 5.5 Installation Guide 45

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
b
Create a text file that includes the following string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
c
Save the file as
eicar.txt
.
d
Attach the file to the email.
The gateway security device replaces the file with an alert and the sender receives a
notification alert.
15
Return to
Custom Malware Options
and click
Specific detection name:
.
16
Type
EICAR
.
17
Ensure the primary action is
Refuse the original data and return an error code
(block)
, then click
OK
.
18
From an external email account, create a message and attach the EICAR test file.
The email client returns with an
error 550: denied by policy
error message.
Email | Email Configuration | Receiving Email | Permit and Deny Lists [+]
Blocked connections
is empty.
19
In
Custom Malware options
, change the primary action to
Deny the connection
, then
click
OK
.
20
Send the same email and check the denied connection. It has the IP address of your client
machine (example IP address).
21
Try to send a benign email. This is also denied because of the denied connections list. To
the sending server, it appears that the server is not online.
The device checks the message as it enters your mail gateway and identifies that it contains a
virus. It quarantines the message and notifies the intended recipient and the sender that the
message was infected.
Creating an anti-spam scanning policy
Use this task to set up a policy to protect your organization from receiving unsolicited messages.
A policy like this protects users from receiving unsolicited email messages that reduce productivity
and increase the message traffic through your servers.
Task
1
On the device, ensure that you are using McAfee Quarantine Manager Email | Quarantine
Configuration.
2
Select
Email | Email Policies | Scanning Policies
.
You must set up a separate anti-spam policy for the SMTP and POP3 protocols.
3
Set the primary action to
Accept and drop the data
.
4
Set the secondary action to
Quarantine the original E-mail
. Change the spam score to
5.
If you enable anti-spam detection, McAfee recommends that you also enable anti-phishing
detection. Scanning performance is not impacted by performing both anti-spam and
anti-phish checks.
5
From an external email account, create a message to a mailbox protected by the device.
6
In the message body, use the text:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
7
Send the message.
8
Open McAfee Quarantine Manager and look at the spam queue.
Exploring the appliance
Using policies to manage message scanning
45
McAfee Email and Web Security Appliance 5.5 Installation Guide