McAfee MSA-3400-SWGI Installation Guide - Page 45
Creating an anti-spam scanning policy, Email | Email Policies | Scanning Policies
View all McAfee MSA-3400-SWGI manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 45 highlights
Exploring the appliance Using policies to manage message scanning b Create a text file that includes the following string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* c Save the file as eicar.txt. d Attach the file to the email. The gateway security device replaces the file with an alert and the sender receives a notification alert. 15 Return to Custom Malware Options and click Specific detection name:. 16 Type EICAR. 17 Ensure the primary action is Refuse the original data and return an error code (block), then click OK. 18 From an external email account, create a message and attach the EICAR test file. The email client returns with an error 550: denied by policy error message. Email | Email Configuration | Receiving Email | Permit and Deny Lists [+] Blocked connections is empty. 19 In Custom Malware options, change the primary action to Deny the connection, then click OK. 20 Send the same email and check the denied connection. It has the IP address of your client machine (example IP address). 21 Try to send a benign email. This is also denied because of the denied connections list. To the sending server, it appears that the server is not online. The device checks the message as it enters your mail gateway and identifies that it contains a virus. It quarantines the message and notifies the intended recipient and the sender that the message was infected. Creating an anti-spam scanning policy Use this task to set up a policy to protect your organization from receiving unsolicited messages. A policy like this protects users from receiving unsolicited email messages that reduce productivity and increase the message traffic through your servers. Task 1 On the device, ensure that you are using McAfee Quarantine Manager Email | Quarantine Configuration. 2 Select Email | Email Policies | Scanning Policies. You must set up a separate anti-spam policy for the SMTP and POP3 protocols. 3 Set the primary action to Accept and drop the data. 4 Set the secondary action to Quarantine the original E-mail. Change the spam score to 5. If you enable anti-spam detection, McAfee recommends that you also enable anti-phishing detection. Scanning performance is not impacted by performing both anti-spam and anti-phish checks. 5 From an external email account, create a message to a mailbox protected by the device. 6 In the message body, use the text: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X 7 Send the message. 8 Open McAfee Quarantine Manager and look at the spam queue. McAfee Email and Web Security Appliance 5.5 Installation Guide 45