Table of Contents 1 About GFI MailSecurity 1.1 Introduction to GFI MailSecurity 1.2 Key features of GFI MailSecurity Virus checking using multiple virus engines Email attachment checking/filtering Trojan and Executable Scanner HTML Sanitizer Decompression filter 1.3 GFI MailSecurity components GFI MailSecurity scan engine GFI MailSecurity configuration 1.4 GFI MailSecurity from a user's perspective 1.5 Add-ons - GFI MailEssentials 2 Installing GFI MailSecurity 2.1 Introduction 2.2 Typical deployment scenarios Installing GFI MailSecurity on your mail server Installing GFI MailSecurity on a mail relay server Installing GFI MailSecurity in front of your firewall Installing GFI MailSecurity on an Active/Passive Cluster Installing GFI MailSecurity on an Active/Active Cluster 2.3 Which installation mode should I use? Active Directory mode SMTP mode 2.4 Software requirements Supported Operating Systems Other components Important installation notes 2.5 Hardware requirements 2.6 Preparing to install GFI MailSecurity on an IIS mail relay server About Windows 2000/2003 IIS SMTP & World Wide Web services Step 1: Verify installation of IIS SMTP and WWW services Step 2: Specify mail relay server name and assign an IP Step 3: Configure the SMTP service to relay mail to your mail server Step 4: Secure your mail relay server Step 5: Configure your mail server to relay email via the Gateway server If you have Microsoft Exchange Server 4/5/5.5: If you have Microsoft Exchange Server 2000/2003: If you have Lotus Notes: If you have an SMTP/POP3 mail server: Step 6: The MX record of your domain must point to the mail relay server Verify the MX record of your DNS server as follows: Step 7: Test your new mail relay server 2.7 Preparing to install GFI MailSecurity on your mail server 2.8 Installing GFI MailSecurity 2.9 GFI MailSecurity Post-Installation Wizard 2.10 Adding GFI MailSecurity to the Windows DEP Exception List 2.11 Securing access to the GFI MailSecurity configuration/quarantine Adding local host to the trusted sites list 2.12 Securing access to the GFI MailSecurity Quarantine RSS feeds 2.13 Accessing the GFI MailSecurity Configuration and Quarantine Store Accessing the configuration from the GFI MailSecurity machine Accessing the configuration from a remote machine 2.14 Upgrading from GFI MailSecurity 8 to GFI MailSecurity 10.1 2.15 Upgrading from GFI MailSecurity 9 to GFI MailSecurity 10.1 2.16 Quarantine Upgrade tool 2.16.1 Using the quarantine upgrade tool 3 General settings 3.1 Introduction to settings 3.2 Define the administrator’s email address 3.3 Configuring proxy server settings for automatic updates 3.4 Adding Local Domains 3.5 SMTP server bindings 3.6 Managing local users in SMTP mode To add a new local user follow these steps: To remove a local user follow these steps: 4 Configuring virus checking 4.1 Configuring Virus Scanning Engines 4.2 AVG configuration AVG web site 4.3 Kaspersky configuration Kaspersky web site 4.4 BitDefender configuration BitDefender website 4.5 McAfee configuration McAfee website 4.6 Norman configuration Norman website 4.7 Virus scanner actions 4.8 Virus scanner updates Triggering the virus update manually 4.9 Setting the Virus Scanning Engines scan priority 4.10 Configuring Virus Scanning optimizations 4.11 Configuring Information Store Scanning 5 Configuring Attachment Filtering 5.1 Introduction to Attachment Filtering 5.2 Creating an Attachment Filtering rule 5.3 Removing attachment rules 5.4 Make changes to an existing rule 5.5 Enabling/disabling rules 5.6 Changing the rule priority 6 Decompression engine 6.1 Introduction to the Decompression engine 6.2 Configuring the decompression engine filters Check password protected archives Check corrupted archives Check for recursive archives Check size of uncompressed files in archives Check for amount of files in archives Scan within archives 6.3 Configuring decompression filter actions 6.4 Enable/disable decompression filters 7 The Trojan & Executable Scanner 7.1 Introduction to the Trojan & Executable Scanner What is a Trojan horse? Difference between Trojans and viruses How does the Trojan & Executable Scanner work? 7.2 Configuring the Trojan & Executable Scanner Configuring the security level Configuring actions 7.3 Trojan & Executable Scanner updates Triggering the Trojan & Executable Scanner update manually 8 The Email Exploit Engine 8.1 Introduction to e-mail exploits What is an exploit? What is an e-mail exploit? Difference between Anti-Virus software & Email Exploit Detection software 8.2 Configuring the Email Exploit Engine Enable/Disable email exploits Configuring the Email Exploit Engine properties 8.3 Email Exploit Engine updates Triggering the Email Exploit Engine update manually 9 The HTML Sanitizer 9.1 Introduction to the HTML Sanitizer Why remove HTML scripts? 9.2 Configuring the HTML Sanitizer 10 Patch Checking 10.1 Introduction to Patch Checking 10.2 Downloading and installing software patches 11 Quarantine 11.1 Introduction to the Quarantine Store 11.2 The Quarantine Store Searching for emails in the Quarantine Store 11.3 Search Folders What is a search folder? Why are search folders useful? Grouping quarantined emails in Search Folders Changing Search Folder properties Deleting Search Folders 11.4 Approving emails from the Quarantine Store 11.5 Deleting emails from the Quarantine Store 11.6 Rescanning emails from the Quarantine Store 11.7 View the full security threat report of an email 11.8 Enable email approval via HTML approval forms How to approve or delete quarantined emails from an email client 11.9 Quarantined mail from the user point of view 11.10 Enable quarantine RSS feeds What is RSS? How does GFI MailSecurity use RSS? How do I configure RSS on a quarantine folder? How do I subscribe to a quarantine search folder RSS feed? 11.11 Enable the Directory Harvesting filter on quarantined emails 12 Reporting 12.1 Introduction to GFI MailSecurity Reporting 12.1.1 Configuring the statistical information database 12.1.2 Configuring a Microsoft Access database backend 12.1.3 Configuring a Microsoft SQL Server database backend Creating a new database on Microsoft SQL Server 2000 Creating a new database in Microsoft SQL Server 2008 13 Realtime Monitor 13.1 About the Realtime Monitor 13.2 Monitoring email activity 14 Miscellaneous 14.1 Version Information 15 Advanced topics 15.1 Customizing the notification templates Variables used in XSL-based notification templates 15.2 Setting Virus Scanning API Performance Monitor Counters 15.2.1 Performance counter in Windows 2003 Server 15.2.2 Performance counter in Windows 2008 Server 15.2.3 Performance monitor counters 16 Troubleshooting 16.1 Introduction 16.2 Knowledge Base 16.3 Web Forum 16.4 Request technical support 16.5 Build notifications
