Home » McAfee Manuals » Computer Software » McAfee GSSCDE-AA-DA » Manual Viewer

McAfee GSSCDE-AA-DA User Guide - Page 9

How does scanning work?, Other areas to protect

View all McAfee GSSCDE-AA-DA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

McAfee® GroupShield™ 7.0 User Guide 1 Introduction About GroupShield for Exchange „ protect the email server from harmful scripts sent within the email system. „ block messages with specific attachments. „ block messages based on words that appear either within the subject line/body of the message. „ block messages from specific addresses. How does scanning work? Central to your GroupShield software is the McAfee® Security scanning engine and the virus definition (DAT) files. The engine is a complex data analyzer. The DAT files contain a great deal of information including thousands of different drivers, each of which contains detailed instructions on how to identify a virus or a type of virus. The McAfee® Security scanning engine works with the DAT files. It identifies the type of the item being scanned and decodes the contents of that object, so that it understands what the item is. It then uses the information in the DAT files to search and locate known viruses. Many viruses have a distinctive signature. There is a sequence of characters unique to a virus and the engine searches for that signature. The engine uses a technique called heuristic analysis to search for unknown viruses. This involves analysis of the object's program code and searching for distinctive features typically found in viruses. Once the engine has confirmed the identity of a virus, it cleans the object as far as possible. For example, by removing an infected macro from the attachment in which it is found or by deleting the virus code in an executable file. In some instances, if the virus has destroyed data, the file cannot be fixed and the engine must make the file safe so that it cannot be activated and infect other files. Other areas to protect The following key areas of your network can be protected by McAfee® Security products as a part of your integrated virus defense solution: „ Internet gateway protection - Secure Content Management Appliances The major source of threats to your corporate network comes from Internet traffic, either through email or by connecting to websites that might contain potentially harmful code. Secure Content Management Appliances protects the gateway between your internal networks and the Internet. It prevents infected items from entering your network through the Internet by scanning all inbound and outbound traffic between your network and the Internet. 9

Section	Page
Contents	3
1 Introduction	7
About GroupShield for Exchange	7
What is GroupShield?	7
How does GroupShield work?	7
How GroupShield protects Exchange?	8
Email server protection - McAfee GroupShield	8
How does scanning work?	9
Other areas to protect	9
GroupShield Features	11
What is New?	12
Features not supported	15
Using this Guide	16
Audience	16
Conventions	17
Getting product information	18
Standard documentation	18
Contact information	19
2 Pre-Installation	21
Pre-Installation scenarios	21
Types of installation	22
Standard installation	22
Silent installation	22
Cluster installation	22
System requirements	23
3 Installing the Software	25
Accessing the software	25
What is included with the software?	26
Installing GroupShield for Microsoft® Exchange Server 2003/2007	26
SiteList editor	29
GroupShield for Exchange Access Control	29
Installing additional components	30
Buffer Overflow Protection	30
Installing McAfee Anti-Spam for GroupShield	31
Silent installation	32
Configuring GroupShield in a cluster environment	33
Local Continuous Replication (LCR) on Exchange Server 2007	34
Clustered Continuous Replication (CCR) on Exchange Server 2007	34
Single Copy Cluster (SCC, N+1 cluster configuration) on Exchange Server 2003 and 2007	34
Cluster Uninstallation	37
Upgrading GroupShield from v6.0.2 or higher	37
4 Post-Installation Tasks and Maintenance	39
Testing your GroupShield installation	39
Testing the anti-virus component	39
Testing the McAfee Anti-Spam component	40
Testing GroupShield installation using McAfee Virtual Technician	40
Quarantining using McAfee Quarantine Manager 4.1	41
Upgrading Blacklists and Whitelists	42
Maintaining your GroupShield application	43
Modifying the GroupShield installation	43
Modifying GroupShield	43
Repairing the GroupShield installation	44
Repairing GroupShield	44
Restoring original out-of-box configuration	45
Uninstalling GroupShield for Exchange	45
Removing GroupShield for Exchange	45
5 Integrating with ePolicy Orchestrator 3.6	47
Introduction	47
Pre-requisites for using ePolicy Orchestrator 3.6	47
Introducing ePolicy Orchestrator console	48
Before you begin	49
Installation	49
Upgrading from GroupShield for Exchange version 6.0.x NAP settings	52
Configuring GroupShield Policies	53
Managing Policies	54
Scheduling tasks	55
AutoUpdate task	56
On-Demand scan task	57
Reports	59
Configuring reports	60
Uninstallation	60
Removing GroupShield for Exchange from Client Computer	60
Removing GroupShield for Exchange from ePolicy Orchestrator	61
6 Integrating with ePolicy Orchestrator 4.0	63
Introduction	63
Pre-requisites for installing ePolicy Orchestrator 4.0	63
Before you begin	63
ePolicy Orchestrator agent	64
Pre-requisites for using ePolicy Orchestrator 4.0	64
Installation	65
Checking-in the McAfee GroupShield for Microsoft Exchange Server 2003/2007 package to the ePolicy Orchestrator server	65
Installing GroupShield for Exchange on the client computer	66
Extensions	67
Introducing ePolicy Orchestrator 4.0 Dashboard	68
Creating a new dashboard	68
Reporting	69
Running a query	69
Creating a new query	69
Systems	70
Policies	71
Client tasks	72
AutoUpdate task	72
On-Demand scan task	73
Uninstallation	74
Removing GroupShield for Exchange from the client computer	74
Removing GroupShield for Exchange from the ePolicy Orchestrator server	75
7 Integrating with ProtectionPilot 1.5	77
Introduction	77
Pre-requisites for using ProtectionPilot	77
Introducing ProtectionPilot	77
Before you begin	79
Installation	79
Configuring GroupShield policies	80
Setting and enforcing policies	81
Scheduling tasks	83
Creating a new on-demand scan task	84
Creating a new AutoUpdate task	84
Uninstallation	85
8 Getting Started with the User Interface	87
Dashboard	88
Statistics & information	88
Statistics	89
Versions & updates	89
Reports	90
On-demand scans	90
Scheduling a new on-demand scan	90
Modifying an existing on-demand scan	92
Deleting an on-demand scan	92
The ‘Run Now’ link	93
Status report	93
Scheduling a new status report	93
The ‘Run Now’ link	94
Graphical reports	95
Simple reports	95
Advanced reports	95
9 Detected Items	97
Spam	98
Phish	98
Viruses	99
Potentially unwanted programs	99
Unwanted content	100
Banned file types/messages	101
All items	101
10 Policy Manager	105
Policy manager views	105
Inheritance view	106
Advanced view	107
Creating a subpolicy	108
Policy settings	109
List all scanners	109
View settings	112
Specify users	112
Scanners and filters	113
Core scanners	114
Anti-virus scanner	114
Content scanning	119
File filtering	124
Anti-spam	128
Anti-phishing	132
Filters	135
Corrupt content	135
Protected content	137
Encrypted content	138
Signed content	139
Password-protected files	140
Scanner control	142
MIME mail settings	145
HTML files	149
Mail size filtering	151
Miscellaneous	153
Alert settings	153
Disclaimer text	155
Shared resource	156
Scanners and alerts	156
Filter rules	160
Time slots	162
11 Settings & Diagnostics	163
On-access settings	163
Notifications	167
Anti spam	168
Detected items	168
McAfee Quarantine Manager	169
Local database	169
User interface preferences	170
Dashboard settings	170
Graph and chart settings	170
Diagnostics	171
Debug logging	171
Error reporting service	172
Event logging	172
Product log	172
Product log	173
DAT settings	174
Import and export configuration	174
Configuration	175
Site list	175

Match case Limit results 1 per page

McAfee

GroupShield

™

7.0 User Guide

Introduction

About GroupShield for Exchange

protect the email server from harmful scripts sent within the email system.

block messages with specific attachments.

block messages based on words that appear either within the subject line/body of

the message.

block messages from specific addresses.

How does scanning work?

Central to your GroupShield software is the McAfee

Security scanning engine and the

virus definition (DAT) files. The engine is a complex data analyzer. The DAT files contain

a great deal of information including thousands of different drivers, each of which

contains detailed instructions on how to identify a virus or a type of virus.

The McAfee

Security scanning engine works with the DAT files. It identifies the type

of the item being scanned and decodes the contents of that object, so that it

understands what the item is. It then uses the information in the DAT files to search

and locate known viruses. Many viruses have a distinctive signature. There is a

sequence of characters unique to a virus and the engine searches for that signature.

The engine uses a technique called heuristic analysis to search for unknown viruses.

This involves analysis of the object’s program code and searching for distinctive

features typically found in viruses.

Once the engine has confirmed the identity of a virus, it cleans the object as far as

possible. For example, by removing an infected macro from the attachment in which it

is found or by deleting the virus code in an executable file. In some instances, if the

virus has destroyed data, the file cannot be fixed and the engine must make the file

safe so that it cannot be activated and infect other files.

Other areas to protect

The following key areas of your network can be protected by McAfee

Security

products as a part of your integrated virus defense solution:

Internet gateway protection — Secure Content Management Appliances

The major source of threats to your corporate network comes from Internet traffic,

either through email or by connecting to websites that might contain potentially

harmful code. Secure Content Management Appliances protects the gateway

between your internal networks and the Internet. It prevents infected items from

entering your network through the Internet by scanning all inbound and outbound

traffic between your network and the Internet.