eScan Blog
eScan Website
eScan Forum
eScan Feeds From eScan Wiki
(Difference between revisions)
| Revision as of 08:57, 8 April 2011 WikiSysop (Talk | contribs) ← Previous diff |
Current revision TechContent (Talk | contribs) |
||
| Line 9: | Line 9: | ||
| |style="text-align:right;"| '''·''' [[Technical Info|<font size=1.5 color="blue">Technical Info</font>]] '''·''' [[Escan/english/Security_Awareness|<font size=1.5 color="blue">Security Awareness</font>]] '''·''' [[User_Guides|<font size=1.5 color="blue">User Guides</font>]] | |style="text-align:right;"| '''·''' [[Technical Info|<font size=1.5 color="blue">Technical Info</font>]] '''·''' [[Escan/english/Security_Awareness|<font size=1.5 color="blue">Security Awareness</font>]] '''·''' [[User_Guides|<font size=1.5 color="blue">User Guides</font>]] | ||
| |} | |} | ||
| - | __TOC__ | ||
| - | <br> | ||
| - | ==<B><font size=5 color=#24B200>Mail Anti-Virus</font></B>== | ||
| - | <br><br> | ||
| - | Mail Anti-Virus is a part of the Protection feature of eScan. This module scans all incoming and outgoing e-mails for viruses, spyware, adware, and other malicious objects. It helps you send virus warnings to client computers on the Mail Anti Virus activities. By default, Mail Anti Virus scans only the incoming e mails and attachments, but you can configure it to scan outgoing e-mails and attachments as well. Moreover, it helps you notify the sender or system administrator whenever you receive an infected e-mail or attachment. | + | <h2 style='color:#556B2F;font-size:24.0pt;font-family:"Open Sans"'>Mail Antivirus</h2> |
| - | This page provides you with options for configuring the module. You can configure the following setting: | + | |
| - | ::::* '''Start/Stop:''' It enables you to enable or disable '''Mail Anti-Virus''' module. Click the appropriate option. | + | <p style='font-size:11.0pt;font-family:"Open Sans"'>Mail Anti-Virus is a part of the Protection feature of eScan. This module scans all incoming and outgoing emails for viruses, spyware, adware, and other malicious objects. It lets you send virus warnings to client computers on the Mail Anti-Virus activities. By |
| - | There are four tabs – Scan Options, Compression / Decompression Options, Vulnerabilities I, and Vulnerabilities II, which are as follows: | + | default, Mail Anti-Virus scans only the incoming emails and attachments, but you can configure it to scan outgoing emails and attachments as well. Moreover, it lets you notify the sender or system administrator whenever you receive an infected email or attachment. This page provides you with options for |
| + | configuring the module.</p> | ||
| - | :::'''I. ''Scan Options''''' | + | <h4 style='color:#008000;font-size:18.0pt;font-family:"Open Sans"'>Scan Options</h4> |
| - | This tab allows you to select the e-mails to be scanned and action that should be performed when a security threat is encountered during a scan operation. | + | <p style='font-size:11.0pt;font-family:"Open Sans"'>This tab lets you select the emails to be scanned and action that should be performed when a security threat is encountered during a scan operation. This tab lets you configure following settings:<br><br> |
| - | This tab helps you configure the following settings: | + | |
| - | :::::* '''Block Attachments Types:''' This section provides you with a predefined list of file types that are often used by virus writers to embed viruses. Any e mail attachment having an extension included in this list will be blocked or deleted by eScan at the gateway level. You can add file extensions to this list as per your requirements. As a best practice, you should avoid deleting the file extensions that are present in the '''Block Attachments Types '''list by default. You can also configure advanced settings required to scan e mails for malicious code. | + | |
| - | ::::::* '''Advanced: '''You can click this button to open the '''Advanced Scan Options''' dialog box. This dialog box helps you configure the following advanced scanning options: | + | <b>Block Attachments Types</b><br> |
| - | ::::::::* '''Delete all Attachment in eMail if disinfection is not possible: '''You should select this check box if you need to delete all the e mail attachments that cannot be cleaned. | + | This section provides you with a predefined list of file types that are often used by virus writers to embed viruses. Any email attachment having an extension included in this list will be blocked or deleted by eScan at the gateway level. You can add file extensions to this list as per your requirements. As a best practice, you should avoid deleting the file extensions that are present in the <b>Block Attachments Types</b> list by default. You can also configure advanced settings required to scan emails for malicious code.<br><br> |
| - | ::::::::* '''Delete entire eMail if disinfection is not possible:'' [Default]'' '''You should select this check box if you need to delete the entire e mail if any attachment cannot be cleaned. | + | |
| - | ::::::::* '''Delete entire eMail if any virus is found: '''You should select this check box if you need to delete the entire e mail if any virus is found in the email or the attachment is infected. | + | |
| - | ::::::::* '''Quarantine blocked Attachments: ''[Default]'' '''You should select this check box if you need to quarantine the attachment if it has an extension that is blocked by eScan. | + | |
| - | ::::::::* '''Delete entire eMail if any blocked attachment is found: ''[Default]'' '''You should select this check box if you need to delete an e mail if it contains an attachment with an extension type that is blocked by eScan. | + | |
| - | ::::::::* '''Quarantine eMail if attachments are not scanned: '''You should select this check box if you need to quarantine an entire e mail if it contains an attachment that is not scanned by Mail Anti Virus. | + | |
| - | ::::::::* '''Quarantine Attachments if they are scanned: '''You should select this check box if you need to quarantine attachments that are scanned by Mail Anti Virus. | + | |
| - | ::::::::* '''Exclude Attachments (White List): '''This list is empty by default. You can add file names and file extensions that should not be blocked by eScan. You can also configure eScan to allow specific files even though if the file type is blocked. For example, if you have listed *.PIF in the list of blocked attachments and you need to allow an attachment with the name ABC, you can add abcd.pif to the Exclude Attachments list. Add D.PIFing *.PIF files in this section will allow all *.PIF to be delivered. MicroWorld recommends you to add the entire file name like ABCD.PIF. | + | |
| - | :::::* '''Action: '''This section helps you configure the actions to be performed on infected e mails.''' '''These operations are as follows: | + | <b>Action</b><br> |
| + | This section lets you configure the actions to be performed on infected emails. These operations are as follows:</p> | ||
| + | <ul> | ||
| + | <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Disinfect [Default]</b>: Select this option if you want Mail Anti-Virus to disinfect infected emails or attachments.</li> | ||
| + | <li style='font-size:11.0pt;font-family:"Open Sans"''><b>Delete</b>: Select this option if you want Mail Anti-Virus to delete infected emails or attachments.</li> | ||
| + | <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Quarantine Infected Files [Default]</b>: Select this option if you want Mail Anti-Virus to quarantine infected emails or attachments. The default path for storing quarantined emails or attachments is –<br> | ||
| + | <b>C:\Program Files\eScan\QUARANT</b><br> | ||
| + | However, you can specify a different path for storing quarantined files, if required.</li></ul><br> | ||
| - | ::::::::# '''Disinfect: ''[Default]'' '''You should select this option if you need Mail Anti-Virus to disinfect infected e mails or attachments. | + | <p style='font-size:11.0pt;font-family:"Open Sans"'><b>Port Settings for email</b><br> |
| - | ::::::::# '''Delete: '''You should select this option if you need Mail Anti-Virus to delete infected e mails or attachments. | + | You can also specify the ports for incoming and outgoing emails so that eScan can scan the emails sent or received through those ports. <br><br> |
| - | ::::::::# '''Quarantine Infected Files: ''[Default]'' '''You should select this check box if you need Mail Anti-Virus to quarantine infected e mails or attachments. The default path for storing quarantined e mails or attachments is C:\Program Files\eScan\QUARANT. However, you can specify a different path for storing quarantined files, if required. | + | <b>Outgoing Mail (SMTP) [Default: 25]</b><br> |
| + | You need to specify a port number for SMTP.<br><br> | ||
| + | <b>Incoming Mail (POP3) [Default: 110]</b><br> | ||
| + | You need to specify a port number for POP3.<br><br> | ||
| + | <b>Scan Outgoing Mails</b><br> | ||
| + | Select this option if you want Mail Anti-Virus to scan outgoing emails as well.</p> | ||
| - | :::::* '''Port Settings: '''You need to specify which ports on the SMTP Mail Server should be used for incoming and outgoing e mails so that eScan can scan the e mails sent or received via those ports. This setting also helps you create outbreak alerts, and create warning messages and notifications that eScan should send when it detects any security breach. If you configure''' '''Mail Server settings, eScan will send e mail notifications about the actions that it should perform when it detects infected e mails. The mail server settings that you need to configure are as follows: | + | <h4 style='color:#008000;font-size:18.0pt;font-family:"Open Sans"'>Advanced</h4> |
| - | ::::::::# '''SMTP Mail Server:''' '''''[Default: 127.0.0.1]'' '''You need to specify the IP address of the SMTP Mail Server of your organization or Internet Service Provider (ISP). | + | <p style='font-size:11.0pt;font-family:"Open Sans"'>Clicking <b>Advanced</b> displays Advanced Scan Options dialog box. This dialog box lets you configure the following advanced scanning options:<br><br> |
| - | ::::::::# '''SMTP Port:''' '''''[Default: 25]'' '''You need to specify a port number for the SMTP Mail Server of your organization or ISP. | + | |
| - | ::::::::# '''User Authentication (Opt.): '''You need to provide the user name if the mail server of your organization or ISP requires authentication to send e mails. | + | |
| - | ::::::::# '''Authentication Password (Opt.):''' You need to provide the password if the mail server of your organization or ISP requires authentication to send e mails. | + | |
| - | :::::* '''Port Settings for eMail: '''You can also specify the ports for incoming and outgoing e mails so that eScan can scan the e mails sent or received through those ports. | + | <b>Delete all Attachment in email if disinfection is not possible</b><br> |
| + | Select this option to delete all the email attachments that cannot be cleaned.<br><br> | ||
| - | ::::::::# '''Outgoing Mail (SMTP): ''[Default: 25]'' '''You need to specify a port number for SMTP. | + | <b>Delete entire email if disinfection is not possible [Default]</b><br> |
| - | ::::::::# '''Incoming Mail (POP3): ''[Default: 110]'' '''You need to specify a port number for POP3. | + | Select this option to delete the entire email if any attachment cannot be cleaned.<br><br> |
| - | ::::::::# '''Scan Outgoing Mails:''' You should select this check box if you need to Mail Anti-Virus to scan outgoing e-mails as well. | + | <b>Delete entire email if any virus is found</b><br> |
| - | + | Select this option to delete the entire email if any virus is found in the email or the attachment is infected.<br><br> | |
| - | '''II. ''Compression / Decompression Options''''' | + | <b>Quarantine blocked Attachments [Default]</b><br> |
| - | + | Select this option to quarantine the attachment if it bears extension blocked by eScan.<br><br> | |
| - | All the fields on this tab are available only when you select the '''Scan''' '''Outgoing''' '''Mails''' checkbox, under '''Scan''' '''option''' tab. You can configure the following settings to ensure that the available bandwidth is effectively utilized. | + | <b>Delete entire email if any blocked attachment is found [Default]</b><br> |
| - | This tab helps you configure the following settings: | + | Select this option to delete an email if it contains an attachment with an extension type blocked by eScan.<br><br> |
| - | * '''Compress outbound attachments: '''This check box is disabled by default. eScan reduces the size of all outgoing e mail attachments by compressing them when this''' '''check box is selected. | + | <b>Quarantine email if attachments are not scanned</b><br> |
| - | * '''Create self extracting zip files:''' By default, this check box appears dimmed, it is available only when you select '''Compress outbound attachments''' check box. eScan automatically creates a self extracting .ZIP file containing the attachment when this check box is selected. The receiver can click this file to uncompress it. The advantage of this feature is that it eliminates the need for an unzipping tool to be installed on the user’s computer. As a best practice, you should select this check box to ensure that the receiver can uncompress the attachment even when a decompression tool is not available. | + | Select this check box to quarantine an entire email if it contains an attachment not scanned by Mail Anti-Virus.<br><br> |
| - | * '''Uncompress inbound attachments:''' You should select this check box when you need eScan to automatically unpack compressed files in inbound attachments, scan them, and then deliver them to you. | + | <b>Quarantine Attachments if they are scanned</b><br> |
| - | * '''Uncompress inbound attachments (Local Domain): '''By default, this check box appears dimmed, it is available only when you select '''Uncompress inbound attachments''' check box. Select this check box if you want eScan to automatically unpack compressed files in inbound attachments, scan them, and then deliver them to the recipients in the local domain. | + | Select this check box if you want eScan to quarantine attachments that are scanned by Mail Anti-Virus.<br> <br> |
| - | * '''Do not compress files with extensions: '''You can exclude specific file types within outgoing e mail attachments from being compressed by adding them to an excluded attachments list. For example, Excluding files that are already compressed, such as .ZIP files. | + | <b>Exclude Attachments (White List)</b><br> |
| - | * '''Compression Options: '''This section contains options that help you configure the various parameters for compressing files. These parameters include the percentage up to which the file should be compressed, the minimum size of the files to be compressed, and the compression ratio. This section contains the following options. | + | This list is empty by default. You can add file names and file extensions that should not be blocked by eScan. You can also configure eScan to allow specific files even though if the file type is blocked. For example, if you have listed *.PIF in the list of blocked attachments and you need to allow an attachment with the name ABC, you can add abcd.pif to the Exclude Attachments list. Add D.PIFing *.PIF files in this section will allow all *.PIF to be delivered. MicroWorld recommends you to add the entire file name like ABCD.PIF. </p> |
| - | + | ||
| - | ## '''Compress only if compression % greater than: ''[Default: 25]'' '''You use this setting to compress all e mail attachments up to''' '''25 percent or more. | + | |
| - | ## '''Compress if Attachment size is above (Kb): ''[Default: 50]'' '''You use this setting to compress all e mail attachments that are larger than the specified size. | + | |
| - | ## '''Select the compression ratio: ''[Default: Max. Speed]'' '''You can use this setting to specify the compression ratio and make optimum use of system resources. You can configure Mail Anti-Virus to compress files faster or up to the maximum possible compression level. | + | |
| - | + | ||
| - | '''III. ''Vulnerabilities I''''' | + | |
| - | + | ||
| - | Authors of malicious software often exploit''' '''vulnerabilities in Web browsers, such as Internet Explorer® (IE) and propagate malicious software to computers via e mail clients such as Microsoft® Office Outlook® and Microsoft® Outlook® Express. eScan also includes proactive scanning features that protect your data from such vulnerabilities. | + | |
| - | The following configuration options are available on this screen: | + | |
| - | * '''Delete''' '''attachments with CLSID Extensions:''' '''''[Default]''''' CLSID are hidden files that do not show the actual file extension. If you select this check box, Mail Anti Virus deletes the attachments with CLSID file extensions to prevent dangerous files from exploiting the vulnerabilities in Internet Explorer®. | + | |
| - | * '''Delete HTML attachments with Scripts:''' E mail clients help you send and receive in different formats. For example, the HTML format. HTML files can include scripts, which are similar to batch files or BAT files. These scripts are embedded within specialized tags and can be used to run malicious code. Hackers often use scripts to execute malicious code on the computers of their victims. You can configure Mail Anti-Virus to delete HTML attachments with scripts by selecting the '''Delete HTML attachments with Scripts '''check''' '''box. You can also specify the tags that eScan should check for in the attachments so that the attachments containing those tags are deleted. By default, the '''Script Tags''', '''Script and Content Check Disabled for Mails From''', and '''Script and Content Check Disabled for Mails To''' fields are unavailable, they are available only when you select the '''Delete HTML attachments with Scripts''' check box. | + | |
| - | * '''Script Tags:''' This field is available only when you select the '''Delete HTML attachments with Scripts''' check box. This section contains a list that contains script tags. eScan will delete all e-mail attachments in the HTML format containing the tags included in this list. You can configure this list to block HTML attachments that contain these tags. | + | |
| - | * '''Script and Content check disabled for mails From: '''This field is available only when you select the '''Delete HTML attachments with Scripts''' check box. This section contains a list of e-mail addresses or domain names that you consider as legitimate senders. This feature of eScan is useful when you need to add a genuine user and receive legitimate e mails in the HTML format with scripts. You can add e mail addresses or domain names of such users to the list. All e-mails in the HTML format with scripts coming from those users or domains are automatically delivered to your inbox. | + | |
| - | * '''Script and Content check disabled for mails To:''' This field is available only when you select the '''Delete HTML attachments with Scripts''' check box. This section contains a list of e-mail addresses or domain names, which you consider as legitimate recipients. This feature of eScan is useful when you need to send e mails in the HTML format with scripts to a legitimate user. You can add e mail addresses or domain names of such users to this list. | + | |
| - | + | ||
| - | '''IV. ''Vulnerabilities II ''''' | + | |
| - | + | ||
| - | eScan helps you choose the action that you can take on mails containing attachments with multiple extensions. | + | |
| - | This tab helps you configure the following settings: | + | |
| - | * '''Select Action on Mails with Multiple Extension Attachment: '''You can configure Mail Anti Virus to perform specific actions if attachments contain files with multiple extensions. You can configure Mail Anti-Virus to refrain from taking any action on the e-mail, delete it, or forward it to the administrator. By default, the settings under '''Allow Multiple Extension attachment for ZIP file '''appears dimmed. They are available only when you select the '''Delete Mail''' option or''' '''the '''Forward to Admin '''option. | + | |
| - | * '''Allow Multiple Extension attachment for ZIP file: '''You should select this check box if you need Mail Anti-Virus to allow compressed files with multiple extensions as e-mail attachments. | + | |
| - | * '''Allow Multiple Extension Attachment for file types:''' This field is available only when you select the '''Allow Multiple Extension attachment for ZIP file''' check box, after selecting '''Delete Mail''' option or''' '''the '''Forward to Admin '''option. You can add file extensions to allow such attachments containing multiple extensions to be delivered to the user’s inbox. | + | |
Current revision
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
[edit]
Mail Antivirus
Mail Anti-Virus is a part of the Protection feature of eScan. This module scans all incoming and outgoing emails for viruses, spyware, adware, and other malicious objects. It lets you send virus warnings to client computers on the Mail Anti-Virus activities. By default, Mail Anti-Virus scans only the incoming emails and attachments, but you can configure it to scan outgoing emails and attachments as well. Moreover, it lets you notify the sender or system administrator whenever you receive an infected email or attachment. This page provides you with options for configuring the module.
[edit]
Scan Options
This tab lets you select the emails to be scanned and action that should be performed when a security threat is encountered during a scan operation. This tab lets you configure following settings:
Block Attachments Types
This section provides you with a predefined list of file types that are often used by virus writers to embed viruses. Any email attachment having an extension included in this list will be blocked or deleted by eScan at the gateway level. You can add file extensions to this list as per your requirements. As a best practice, you should avoid deleting the file extensions that are present in the Block Attachments Types list by default. You can also configure advanced settings required to scan emails for malicious code.
Action
This section lets you configure the actions to be performed on infected emails. These operations are as follows:
- Disinfect [Default]: Select this option if you want Mail Anti-Virus to disinfect infected emails or attachments.
- Delete: Select this option if you want Mail Anti-Virus to delete infected emails or attachments.
- Quarantine Infected Files [Default]: Select this option if you want Mail Anti-Virus to quarantine infected emails or attachments. The default path for storing quarantined emails or attachments is –
C:\Program Files\eScan\QUARANT
However, you can specify a different path for storing quarantined files, if required.
Port Settings for email
You can also specify the ports for incoming and outgoing emails so that eScan can scan the emails sent or received through those ports.
Outgoing Mail (SMTP) [Default: 25]
You need to specify a port number for SMTP.
Incoming Mail (POP3) [Default: 110]
You need to specify a port number for POP3.
Scan Outgoing Mails
Select this option if you want Mail Anti-Virus to scan outgoing emails as well.
[edit]
Advanced
Clicking Advanced displays Advanced Scan Options dialog box. This dialog box lets you configure the following advanced scanning options:
Delete all Attachment in email if disinfection is not possible
Select this option to delete all the email attachments that cannot be cleaned.
Delete entire email if disinfection is not possible [Default]
Select this option to delete the entire email if any attachment cannot be cleaned.
Delete entire email if any virus is found
Select this option to delete the entire email if any virus is found in the email or the attachment is infected.
Quarantine blocked Attachments [Default]
Select this option to quarantine the attachment if it bears extension blocked by eScan.
Delete entire email if any blocked attachment is found [Default]
Select this option to delete an email if it contains an attachment with an extension type blocked by eScan.
Quarantine email if attachments are not scanned
Select this check box to quarantine an entire email if it contains an attachment not scanned by Mail Anti-Virus.
Quarantine Attachments if they are scanned
Select this check box if you want eScan to quarantine attachments that are scanned by Mail Anti-Virus.
Exclude Attachments (White List)
This list is empty by default. You can add file names and file extensions that should not be blocked by eScan. You can also configure eScan to allow specific files even though if the file type is blocked. For example, if you have listed *.PIF in the list of blocked attachments and you need to allow an attachment with the name ABC, you can add abcd.pif to the Exclude Attachments list. Add D.PIFing *.PIF files in this section will allow all *.PIF to be delivered. MicroWorld recommends you to add the entire file name like ABCD.PIF.
