Table of Contents 1 Introduction 1.1 Introduction to GFI MailSecurity 1.2 Using this manual 1.2.1 Manual structure 1.2.2 Terms and conventions used in this manual 2 About GFI MailSecurity 2.1 GFI MailSecurity components GFI MailSecurity scan engine GFI MailSecurity web interface GFI MailSecurity Switchboard 2.2 How GFI MailSecurity works 2.2.1 Incoming email 2.2.2 Outgoing email 2.2.3 Other features 2.3 Licensing 3 Monitoring the GFI MailSecurity status 3.1 Introduction 3.2 Status and statistical information Services Quarantine Statistics Email Statistics 3.3 Email processing logs Filtering the email processing logs 3.4 Virus scanning engine updates 4 General settings 4.1 Introduction 4.2 Configuring the administrator’s email address 4.3 Configuring proxy server settings for automatic updates 4.4 Adding Local Domains 4.5 SMTP server bindings 4.6 Managing local users 4.6.1 GFI MailSecurity installed in Active Directory mode GFI MailSecurity installed on the Microsoft Exchange machine 4.6.2 GFI MailSecurity installed in SMTP mode To add a new local user: To remove a local user: 5 Configuring Virus Scanning Engines 5.1 Introduction 5.2 AVG configuration AVG web site 5.2.1 AVG LinkScanner 5.3 Kaspersky configuration Kaspersky web site 5.4 BitDefender configuration BitDefender website 5.5 McAfee configuration McAfee website 5.6 Norman configuration Norman website 5.7 Virus scanner actions 5.8 Virus scanner updates Downloading anti-virus updates manually 5.9 Setting the Virus Scanning Engines scan sequence 5.10 Configuring Virus Scanning optimizations 5.11 Configuring Information Store Scanning 5.11.1 Information Store Scanning 5.11.2 VSAPI settings 6 Configuring other mail filters 6.1 Content Filtering 6.1.1 Introduction 6.1.2 Creating a Content Filtering rule Step 1: Configuring basic rule settings Step 2: Configuring terms to block Step 3: Configuring the actions to take on detected emails Step 4: Specifying the users to apply this rule to 6.1.3 Enabling/disabling rules 6.1.4 Removing content filtering rules 6.1.5 Modifying an existing rule 6.1.6 Changing rule priority 6.2 Attachment Filtering 6.2.1 Introduction 6.2.2 Creating an Attachment Filtering rule 6.2.3 Enabling/disabling rules 6.2.4 Removing attachment rules 6.2.5 Modifying an existing rule 6.2.6 Changing the rule priority 6.3 Decompression engine 6.3.1 Introduction 6.3.2 Configuring the decompression engine filters Check password protected archives Check corrupted archives Check for recursive archives Check size of uncompressed files in archives Check for amount of files in archives Scan within archives (attachment checking) 6.3.3 Enable/disable decompression filters 6.4 The Trojan & Executable Scanner 6.4.1 Introduction What is a Trojan horse? How does the Trojan & Executable Scanner work? 6.4.2 Configuring the Trojan & Executable Scanner 6.5 The Email Exploit Engine 6.5.1 Introduction What is an exploit? What is an e-mail exploit? Difference between Anti-Virus software & Email Exploit Detection software 6.5.2 Configuring the Email Exploit Engine 6.5.3 Enabling/Disabling email exploits 6.6 The HTML Sanitizer 6.6.1 Introduction Why remove HTML scripts? 6.6.2 Configuring the HTML Sanitizer 6.6.3 HTML Sanitizer Whitelist Adding an HTML Sanitizer Whitelist entry Deleting an HTML Sanitizer Whitelist entry 7 Quarantine 7.1 Introduction 7.2 The Quarantine Store 7.2.1 Searching for quarantined emails Content search Search by date 7.2.2 Search Folders Creating a new Search Folder Modifying a Search Folder Deleting Search Folders 7.2.3 Approving quarantined emails Sanitize and Approve 7.2.4 Permanently deleting quarantined emails Delete and Notify 7.2.5 Rescanning quarantined emails 7.2.6 Viewing the full security threat report of an email 7.2.7 Downloading quarantined email 7.3 Quarantine Action Forms 7.3.1 Enabling Quarantine Action Forms 7.3.2 Reviewing quarantined emails 7.3.3 Logging quarantine actions 7.4 Quarantine RSS feeds 7.4.1 Enabling Quarantine RSS Feeds 7.4.2 Subscribing to Quarantine RSS feeds Subscribing to all enabled Quarantine RSS feeds Subscribing to a search folder Quarantine RSS feed 7.4.3 Securing access to the GFI MailSecurity Quarantine RSS feeds 7.5 Directory Harvesting 7.5.1 Configuring Directory Harvesting 8 Reporting 8.1 Introduction 8.2 Enabling reporting 8.3 Configuring the database Configuring a Microsoft Access database backend 8.3.1 Configuring a Microsoft SQL Server database backend 9 Miscellaneous 9.1 Patch Checking 9.2 Version Information 9.3 Tracing 9.4 Failed emails 9.4.1 Reprocessing legitimate emails that fail GFI MailSecurity installed on Microsoft Exchange Server 2007/2010 GFI MailSecurity installed on Microsoft Exchange Server 2003 GFI MailSecurity installed on Gateway server 9.4.2 Failed emails notifications 9.5 Notification templates Notifications Templates 9.5.1 Customizing notification templates Variables used in XSL-based notification templates 9.6 Monitoring Virus Scanning API 9.6.1 Performance counter in Windows 2003 Server 9.6.2 Performance counter in Windows 2008 Server 9.6.3 Performance monitor counters 10 Troubleshooting 10.1 Introduction 10.2 Knowledge Base 10.3 Web Forum 10.4 Common issues 10.5 Request technical support 10.6 Build notifications 11 Glossary
