Trend Micro InterScan Messaging Security Suite

Transcription

Trend Micro InterScan
Messaging Security
Suite
Certification Training Course
Lab Textbook
Information in this document is subject to change without notice, The names of companies, products, people,
characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual,
company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the
responsibility of the user.
Copyright © 2003 Trend Micro Incorporated. All rights reserved.
No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the
express prior written consent of Trend Micro Incorporated.
All other brand and product names are trademarks or registered trademarks of their respective companies or
organizations.
Program Manager: Tom Brandon
Editorial: Niche Associates, Inc.
Released: October 2003 v1.0
Table of Contents
Lab Setup.............................................................................................................5
Lab Server Configuration ........................................................................................ 5
Lab Exercise 1: Installing InterScan MSS .........................................................7
Activity 1: Preparing to Install InterScan MSS ............................................................. 7
Results.................................................................................................................. 10
Activity 2: Installing InterScan MSS........................................................................... 11
Results.................................................................................................................. 17
Activity 3: Verifying the Installation of InterScan MSS ............................................... 18
Results.................................................................................................................. 18
Activity 4: Activating InterScan MSS ......................................................................... 19
Results.................................................................................................................. 20
Activity 5: Creating a Password for the InterScan MSS Web Console....................... 21
Results.................................................................................................................. 21
Lab Exercise 2: Updating the InterScan MSS Components ..........................23
Activity 1: Immediately Updating InterScan MSS....................................................... 23
Results.................................................................................................................. 24
Activity 2: Scheduling Updates.................................................................................. 25
Results.................................................................................................................. 26
Activity 3: Rolling Back an Update............................................................................. 27
Results.................................................................................................................. 27
Activity 4: Manually Updating the Virus Pattern File ................................................. 28
Results.................................................................................................................. 28
Lab Exercise 3: Configuring InterScan MSS...................................................29
Activity 1: Configuring SMTP Routing Settings.......................................................... 29
Results.................................................................................................................. 37
Activity 2: Configuring POP3 Settings ....................................................................... 38
Results.................................................................................................................. 39
Activity 3: Configuring Security Settings.................................................................... 40
Results.................................................................................................................. 42
Activity 4: Configuring Notification Settings ............................................................... 43
Results.................................................................................................................. 44
Activity 5: Testing the Configuration .......................................................................... 45
Results.................................................................................................................. 45
Lab Exercise 4: Configuring Policies ..............................................................47
Activity 1: Editing the Anti-Virus Filter in the Global Policy ........................................ 47
Results.................................................................................................................. 49
Activity 2: Creating a General Content Filter ............................................................. 50
Results.................................................................................................................. 63
Activity 3: Writing Expressions for Advanced Content Filters..................................... 64
Results.................................................................................................................. 64
Activity 4: Creating an Advanced Content Filter ........................................................ 65
Results.................................................................................................................. 68
Activity 5: Understanding the Order of Policies and Filters ........................................ 69
Lab Exercise 5: Configuring the Spam Prevention Service ..........................71
Activity 1: Creating a Text Exemption Rule ............................................................... 71
Results.................................................................................................................. 75
Activity 2: Editing the Approved Senders List ............................................................ 76
Results.................................................................................................................. 79
Activity 3: Editing the Blocked Senders List............................................................... 80
Results.................................................................................................................. 82
Activity 4: Tuning the Heuristic Spam Filter (SPS)..................................................... 83
Results.................................................................................................................. 87
Lab Exercise 6: Monitoring InterScan MSS ....................................................89
Activity 1: Viewing the Virus Logs ............................................................................. 89
Results.................................................................................................................. 90
Activity 2: Viewing the eManager Logs...................................................................... 91
Results.................................................................................................................. 91
Activity 3: Viewing the Program Logs ........................................................................ 92
Results.................................................................................................................. 92
Activity 4: Changing the Log Setting.......................................................................... 93
Results.................................................................................................................. 94
Activity5: Configuring the System Monitor Setting ..................................................... 95
Results.................................................................................................................. 99
Appendix A: Registering and Activating InterScan MSS.............................101
Appendix B: Uninstalling InterScan MSS......................................................107
Appendix C: Sample Spam Messages...........................................................109
Lab Setup
Lab Setup
In a production environment, Trend Micro™ recommends that you run InterScan™
Messaging Security Suite (InterScan MSS) on a dedicated server. To conserve resources in
this lab, however, you will have only one server. Consequently, you will install InterScan
MSS on the same server that is running Microsoft® Exchange® 2003. You will also run
Microsoft Outlook® on the same server.
Lab Server Configuration
Your lab server is connected to a LAN that includes all the other students’ servers and the
instructor’s server as shown in the following diagram:
Internet
Internet
Connection
(DSL or
Faster)
Internet
Adapter
Use DHCP or
Valid Static
Address
Ethernet
Adapter
10.0.1.1
Each lab
server is
on its own
subnetwork.
10Base-T Ethernet (or
Faster)
10.0.2.1
Subnet Mask
255.255.0.0
10.0.3.1
10.0.4.1
10.0.N.1
 2003 Trend Micro Incorporated
5
Trend Micro InterScan MSS Lab Textbook
Your lab server should have the following configuration:
•
Microsoft Windows® 2003 Server, with the following:
¡
¡
¡
¡
Microsoft Active Directory should be installed on the server. The server must be
installed in its own forest and must be configured as a domain controller.
Domain Name System (DNS) should be installed on the server. The server should
control its own zone, and the Allow Dynamic Updates option should be set to
Nonsecure and secure.
Microsoft Internet Information Server (IIS), Network News Transport Protocol
(NNTP), and ASP.NET should be installed on the server.
Static IP address.
•
Microsoft Exchange 2003 with an active email account
•
Microsoft Outlook configured for your Exchange server
•
Microsoft Internet Explorer 5.5 or above
•
WinZip
In addition, you should have a CD-ROM that contains the following files:
•
Trend Micro InterScan MSS installation files
aNote: The archive file that contains the InterScan MSS installation
files may be on your lab server desktop.
•
An archive file that contains more than five compression levels
•
An archive file that contains the InterScan MSS rt.jar file, which exceeds the limit that
you will set for decompressed files
aNote: After you install InterScan MSS, the rt.jar file is contained in
the C:\Program Files\Trend\IMSS\ccgi\jre\lib directory. If your
instructor has not created an archive file that contains this file, you
can create the archive file after you install InterScan MSS.
6
•
Six Microsoft Word files
•
Six instances of the European Institute of Computer Anti-Virus Research (EICAR)
virus—eicar.com
•
An archive that contains the EICAR virus—eicar_com.zip
•
An archive that contains the EICAR virus and has been recursively zipped five times—
eicar_com5.zip
•
Samples of spam
Lab Exercise 1: Installing InterScan MSS
Lab Exercise 1: Installing InterScan
MSS
Activity 1: Preparing to Install InterScan MSS
In this activity, you will verify that your lab server meets the minimum system requirements
for this lab.
1. Verify that the server meets the minimum system requirements for installing
InterScan™ Messaging Security Suite (InterScan MSS).
1.1. From the Windows Start menu, click All Programs | Accessories | System
Tools | System Information. The System Information window appears.
1.2. Scroll through the information presented in the System Summary and ensure
that the server has an Intel® Pentium® III processor 650 MHz or above and
512 MB RAM or above.
1.3. In the left-hand pane of the Systems Information window, click Components
| Storage | Drives. When the drive information appears, ensure that the server
has at least 500 MB disk space for email storage.
7
aNote: These are the minimum hardware requirements. Trend Micro
recommends that you use a server that has an Intel® Pentium® III
processor 1 GHz or above, 1 GB RAM, and at least 2 GB of free
hard disk space for email storage.
1.4. In the left-hand pane of the Systems Information window, click System
Summary and determine the version of Windows that is running on the
server. This lab was written for Windows 2003 although you can install
InterScan MSS on Windows 2000 Server/Advanced Server or Windows NT 4
Server.
1.5. Close the Systems Information window.
1.6. From the Windows Start menu, click Control Panel | Administrative Tools |
Internet Information Services (IIS) Manager. The Internet Information
Services Manager appears.
1.7. Click Internet Information Services in the left-hand pane to display the
version of Microsoft Internet Information Server ™ (IIS) running on the
server. The server should be running Microsoft IIS 4.0 or above.
1.8. Close the Internet Information Services Manager.
8
2. Verify that the server is running other applications and programs required for the
lab.
2.1. Verify that Microsoft Exchange 2003 is installed.
2.1.1.
From the Windows Start menu, click Control Panel | Add/Remove
Programs. Microsoft Exchange should appear in the list of Currently
installed programs.
2.1.2.
Close the Add/Remove Programs window.
2.2. Verify that Microsoft Internet Explorer ™ 5.5 or above is installed on the
server.
2.2.1.
Right-click the iexplore.exe file in the C:\Program Files\Internet
Explorer directory. The IEXPLORE.EXE window appears.
2.2.2.
Click the Version tab and then click File Version under Item Name.
2.2.3.
Verify that Internet Explorer is version 5.5 or above.
2.3. Verify that the InterScan MSS installation files are copied to your desktop.
2.4. Verify that WinZip is installed on the server.
2.5. Verify that Outlook is installed on your desktop or in the Windows Start
menu.
3. Gather the information you will need to install and configure InterScan MSS.
3.1. Record the IP address of the Exchange server. You will need this IP address
to install InterScan MSS.
3.2. Record the name of the domain on your lab server.
3.3. Record the email account created on your Exchange server.
3.4. Record the URL or the shared directory path on your instructor’s server that
contains the latest version of the virus pattern file and the spam database.
3.5. Ask another student to tell you the following information:
•
Name of the domain configured on that student’s lab server
•
IP address of that student’s lab server
•
Email address created on that student’s Exchange server
9
You will use this information when you complete Lab Exercise 3:
Configuring InterScan MSS and Lab Exercise 4: Configuring Policies.
3.6. Locate the CD-ROM that contains files that you will use to test InterScan
MSS. This CD-ROM should include the following files:
•
Trend Micro InterScan Messaging Security Suite installation files. (The
installation files may also be installed as a ZIP file on your lab server
desktop.)
•
An archive file that contains more than five compression levels
•
An archive file that contains the InterScan MSS rt.jar file, which exceeds
the limit that you will set for decompressed files
aNote: After you install InterScan MSS, the rt.jar file is contained in
the C:\Program Files\Trend\IMSS\ccgi\jre\lib directory. If your
instructor has not created an archive file that contains this file, you
can create the archive file after you install InterScan MSS.
•
Six Microsoft Word files
•
Six instances of the EICAR virus—eicar.com
•
An archive that contains the EICAR virus—eicar_com.zip
•
An archive that contains the EICAR virus and has been recursively
zipped five times—eicar_com5.zip
•
Samples of spam
Results
You verified that your server meets the requirements for this lab.
10
Activity 2: Installing InterScan MSS
In this activity, you will change the port numbers that Microsoft Exchange 2003 uses for
POP3 and STMP. You must change the port numbers that Exchange uses because you are
installing InterScan MSS and Exchange on the same server, and InterScan MSS uses the
well-known port numbers for POP3 and STMP. For POP3, InterScan MSS uses port 110;
for SMTP, InterScan MSS uses port 25.
After changing the port numbers that Exchange uses, you will install InterScan MSS.
1. Change the port numbers that Exchange uses.
1.1. From the Start menu, click Programs | Microsoft Exchange | System
Manager. The Exchange System Manager window opens.
1.2. In the left-hand pane of the Exchange System Manager window, expand the
Servers hierarchy by clicking the + symbol next to Servers. Then, click the +
symbol next to the name of your server, click the + symbol next to Protocols.
1.3. Change the port number for POP3.
1.3.1.
Click the + symbol next to POP3 and right-click Default POP3
Virtual Server. In the pop-up menu that appears, select Stop. Before
you change the port number, you must stop the POP3 service.
1.3.2.
Right-click Default POP3 Virtual Server. In the pop-up menu that
appears, select Properties. The Default POP3 Virtual Server
Properties window appears.
1.3.3.
Select the General tab and click the Advanced button. The
Advanced window appears.
1.3.4.
Click Edit. The Identification window appears.
1.3.5.
In the TCP text field, enter 6000 and click OK. You can enter any
available port number. In the lab configuration, port 6000 is not being
used.
1.3.6.
Click OK to close the Advanced window. Click OK to close the
Default POP3 Virtual Server Properties window.
1.3.7.
In the Exchange System Manager window, right-click Default POP3
Virtual Server. In the pop-up menu that appears, select Start to
restart the POP3 service.
1.4. Change the port number for SMTP.
1.4.1.
In the Exchange System Manager window, click the + symbol next to
SMTP.
1.4.2.
Right-click Default SMTP Virtual Server. In the pop-up menu that
appears, select Stop. Before you change the port number, you must
stop the SMTP service.
1.4.3.
Right-click Default SMTP Virtual Server. In the pop-up menu that
appears, select Properties. The Default SMTP Virtual Server
Properties window appears.
11
1.4.4.
Select the General tab and click the Advanced button. The
Advanced window appears.
1.4.5.
Click Edit. The Identification window appears.
1.4.6.
In the TCP text field, enter 27 and click OK. You can enter any
available port number. In the lab configuration, port 27 is not being
used.
1.4.7.
Click OK to close the Advanced window. Click OK to close the
Default SMTP Virtual Server Properties window.
1.4.8.
In the Exchange System Manager window, right-click Default
SMTP Virtual Server. In the pop-up menu that appears, select Start
to restart the SMTP service.
1.4.9.
Close the Exchange System Manager window.
2. Install InterScan MSS.
2.1. Double-click the Setup.exe file. The Welcome window appears.
2.2. Click Next. The Software License Agreement window appears.
2.3. Accept the license agreement by clicking Yes. The Install/Uninstall
InterScan Messaging Security Suite window appears.
2.4. Select Install InterScan Messaging Security Suite and click Next. The
Migrate Settings from previous 5.X Installations window appears.
2.5. Clear the Migrate Previous Version Settings check box, which is selected
by default. Click Next. The Would you like to receive SMTP or POP3 mails
window appears.
12
2.6. Select Enable the SMTP Server and Enable the POP3 Proxy. Click Next.
The SMTP Server Configuration window appears.
2.7. Select Forward to another SMTP server and click Next. Another SMTP
Server Configuration window appears.
13
2.8. Specify the location of the SMTP server.
2.8.1.
In the IP field, enter the server’s IP address.
2.8.2.
In the Port field, enter 27. Exchange is now using port 27.
2.8.3.
Click Next. The Configure Email Notification Server window
appears.
2.9. Specify the email notification message.
14
2.9.1.
In the IP: field, enter the server’s IP address.
2.9.2.
In the Port field, enter 27.
2.9.3.
Click Next. The Notification Email Address window appears.
2.10. In the Email: field, enter the email address that your instructor created on the
Exchange server and click Next. The Company Name and Mail Server
Domain Name window appears.
2.11. In the Domain: field, enter the name of the domain that your server controls
and click Next. The Trend InterScan MSS Remote Installer window appears.
aNote: You can add domains after you install InterScan MSS.
2.12. Select your server from the left-hand pane and then click Add>. The selected
server moves to the right-hand pane.
2.13. Click Next. The IMSS Setup – Server Logon dialog box appears.
2.14. Provide logon credentials for the target server.
2.14.1. In the User name: field, enter administrator.
2.14.2. In the Password: field, enter the password for the administrator
account.
15
2.14.3. Click Logon.
2.15. Click Next. A new Trend InterScan MSS Remote Installer window appears,
showing the destination directory and the program folder name for
InterScan MSS.
16
2.16. Accept the default installation directory and click Next. The installation
process begins. A new Trend InterScan MSS Remote Installer window
appears, displaying the installation progress in the Installation Status column.
When the installation is complete, the number of successful installations
appears in the Successful: box at the bottom of the window. The number of
failed installations, if any, appears in the Failed: box at the bottom of the
window.
2.17. Click Next. A new Trend InterScan MSS Remote Installer window appears,
displaying a summary of the installation. If you do not want to review the
InterScan MSS readme file, clear the Show me the Readme file checkbox.
2.18. Click Finish. A window appears, explaining that InterScan MSS will not be
fully functional until you activate the product. Click OK.
aNote: You will activate InterScan MSS after you verify that it was
installed successfully.
Results
•
You changed the port numbers that Exchange uses.
•
You installed InterScan MSS.
17
Activity 3: Verifying the Installation of
InterScan MSS
In this activity, you will verify that InterScan MSS is installed and running on the server.
1. Right-click on the task bar of the server console.
2. Select Task Manager from the popup window. The Windows Task Manager screen
appears.
3. Click the Applications tab, and verify that InterScan MSS Scheduler and the
InterScan Messaging Security Suite are listed.
4. Click the Processes tab and select Show processes from all users. Verify that the
following items appear in the task list:
•
IsntSmtp.exe
•
ISNTSysMonitor.exe
•
aphost.exe
•
cm.exe
•
mrf.exe
•
LWDMServer.exe
•
java.exe
•
jk_nt_service.exe
•
scheduler.exe
5. Close the Windows Task Manager window.
6. From the Windows Start menu, click Administrative Tools | Services. The
Services window appears. The following entries should be listed:
•
Trend Micro Common CGI
•
Trend Micro InterScan MSS System Monitor
•
Trend Micro Management Infrastructure
7. Close the Services window.
Results
You verified that InterScan MSS is installed and running on the server.
18
Activity 4: Activating InterScan MSS
In this activity, you will access the InterScan MSS Web console, and you will activate both
InterScan MSS and the Spam Prevention Service (SPS).
Because you are working in a lab environment that may not have consistent Internet access,
you will not complete all of the activation process. To activate InterScan MSS in a
production environment, you must register online, and Trend Micro then sends you an email
message that contains the activation code. (For the complete activation process, see
Appendix A: Registering and Activating InterScan MSS.) For this lab, however, your
instructor will give you two activation codes—one code for InterScan MSS and one code
for Spam Prevention Service (SPS).
1. From the Windows Start menu, click All Programs | Trend Micro InterScan
Messaging Security Suite for SMTP | Trend Micro InterScan Messaging
Security Suite for SMTP Web Configuration. The InterScan MSS Web console
appears.
2. Click Enter. By default, the InterScan MSS Web console does not require a
password. The InterScan MSS Web console first displays the Configuration
window. However, because you have not yet activated the product, the InterScan
MSS Web console automatically opens the Product License window.
aNote: You can also access the Product License window by clicking
Configuration | Product License in the left-hand column of the
InterScan MSS Web console.
3. Click the Activate link next to InterScan Messaging Security Suite. Another
Product License window appears.
19
4. Enter the activation code and click Activate.
5. Click the Activate link next to Spam Prevention Service.
6. Enter the activation code and click Activate.
Results
You activated InterScan MSS and SPS.
20
Activity 5: Creating a Password for the
InterScan MSS Web Console
By default, the InterScan MSS Web console does not require a password. After you install
InterScan MSS, however, you should create a password for the InterScan MSS Web
console. Requiring a password prevents unauthorized users from changing your InterScan
MSS installation.
1. In the left-hand column of the InterScan MSS Web console, select Configuration |
General | Password. The Password screen appears.
2. Leave the Current password: field blank because there is no password for the
InterScan MSS Web console.
3. In the New password: field, type the new password.
4. In the Confirm password: field, type the new password again to confirm that you
entered it correctly.
5. Click Save. The new password takes effect immediately.
Results
You created a password for the InterScan MSS Web console.
21
22
Lab Exercise 2: Updating the InterScan MSS Components
Lab Exercise 2: Updating the
InterScan MSS Components
Activity 1: Immediately Updating InterScan
MSS
After you install InterScan MSS, you should immediately update program components such
as the virus pattern file and spam database. Updating these components ensures that your
network is protected against the latest malware attacks.
In this activity, you will update the virus pattern file and spam database.
1. In the left-hand column of the InterScan MSS Management Console, click
Configuration | Update | Update Now. The Update Now window appears,
displaying the following information about the virus pattern file, scan engine, spam
database, and SPS:
•
Versions running on the server
•
Date of the last update
•
Versions available on the Trend Micro Active Update server
23
2. Under Component, select Virus pattern and Spam database.
3. Under Component Download Source, select Trend Micro’s Internet update
server.
4. Click Update Now. When the download is completed, you are returned to the
Update Now screen, which displays the updated versions of the components.
Results
You updated the following InterScan MSS components:
24
•
Virus pattern file
•
Spam database
Activity 2: Scheduling Updates
To protect your company’s network, you must ensure that the InterScan MSS components
are always up-to-date. You can configure InterScan MSS to automatically update these
components as frequently as you want.
In this activity, you will configure InterScan MSS to update its components every day at
midnight when network usage is low.
1. In the left-hand column of the InterScan MSS Management Console, click
Configuration | Update | Scheduled Update. The Scheduled Update screen
appears.
2. Select the Enable Scheduled Updated check box.
3. Under Components, select Virus pattern, Scan engine, Spam database, and SPS.
4. Under Schedule, use the pull-down menu to select Every day for Repeat interval.
Then, use the pull-down menus for Time to select 12 a.m.
5. Under Component Download Source, select Trend Micro’s Internet update
server.
25
6. Click Save.
7. In the left-hand column of the InterScan MSS Web console, click Apply Now.
Results
You scheduled an automatic update of the InterScan MSS components.
26
Activity 3: Rolling Back an Update
In this activity, you will roll back a virus pattern update. You may need to roll back an
update if a new virus pattern file triggers a large number of false positives. (However, this
problem has occurred only rarely.)
1. Locate the latest version of the virus pattern file, lpt$vpn.###, in the C:\Program
Files\Trend\IMSS\ISNTSmtp directory. (In your directory, the ### symbols will be
replaced with the version of the virus pattern file.)
2. Ensure that there are two versions of the virus pattern file—the original file and the
updated file.
3. Move the latest version of the virus pattern file to the desktop.
5. In the left-hand column of the InterScan MSS Web console, click Update | Update
Now to determine the version of the virus pattern file that InterScan MSS is using.
The Update Now screen should show that InterScan MSS is using the older virus
pattern file.
Results
You rolled back the virus pattern file to a previous version.
27
Activity 4: Manually Updating the Virus
Pattern File
In this activity, you will update the virus pattern file by downloading the virus pattern file
from your instructor’s server and copying the file to the appropriate directory on the
InterScan MSS server. You may need to manually update the virus pattern file if you cannot
successfully update the virus pattern file from the InterScan MSS Web console.
1. Access the shared directory on the instructor’s lab server.
aNote: In a production environment, you would download the virus
pattern file from the Trend Micro Web site at
http://www.trendmicro.com. Under Virus Protection on the home
page, click Virus Pattern File. The Virus Pattern Files page
appears.
2. Copy the zipped virus pattern file to your desktop and use WinZip to decompress
the file.
aNote: If you have installed InterScan MSS on a Windows 2003
server, the file will automatically unzip without WinZip.
3. Copy the file to the C:\Program Files\Trend\IMSS\ISNTSmtp directory on your
server.
5. In the left-hand column of the InterScan MSS Web console, click Update | Update
Now to determine the version of the virus pattern file that InterScan MSS is using.
The Update Now screen should show that InterScan MSS is using the new version
of the virus pattern file.
Results
You downloaded the virus pattern file and copied it to the C:\Program
Files\Trend\IMSS\ISNTSmtp directory on the InterScan MSS server.
28
Lab Exercise 3: Configuring InterScan MSS
Lab Exercise 3: Configuring
InterScan MSS
Activity 1: Configuring SMTP Routing Settings
In this activity, you will configure the SMTP routing settings for the following scenario:
Scenario
You were recently hired as the network administrator for an international company. When
you met with your boss for the first time, she explained two problems with the company’s
email system:
•
Two months ago a spam sender used your company’s SMTP server to relay spam,
making it appear as if your company was sending the spam. Your company traced the
spam sender to the email address 4U@realoffers4U.com and the IP address
155.155.1.1.
•
The IS department has received complaints because employees have to wait too long
for email messages to be delivered. Employees have also complained because they are
not notified that a message cannot be delivered until the next day.
In addition to these problems, the company recently merged with another company.
Because the company does not have enough resources to reconfigure the email systems for
both companies, you will have to maintain separate domains for each company. However,
your boss wants you to ensure that email is routed efficiently between the two companies.
Your boss also wants the email messages sent by both companies to appear as if they
originate from superdealscompany.com—the new name for the merged companies.
For the purposes of this lab, assume that your lab partner is the network administrator for
the company that was acquired. If you have not already done so, ask your lab partner for the
domain name and the IP address of his or her server. You will use this information to
configure InterScan MSS.
1. Configure the SMTP receiver settings.
1.1. In the left-hand column of the InterScan MSS Web console, select
Configuration | SMTP Routing | Receiver | Settings. The Settings screen
appears.
1.2. Accept the default settings for the IP address: field and the Port: field.
1.3. Edit the SMTP server’s greeting message: as follows:
Trend Micro InterScan MSS 5.5
1.4. Click Save.
1.5. In the left-hand column of the InterScan MSS Web console, click Apply
Now.
29
1.6. Test the SMTP server’s greeting message.
1.6.1.
From the Windows Start menu, click Run.
1.6.2.
In the Run menu, type CMD.
1.6.3.
From the prompt, type the following command:
telnet server_IP_address 25
Replace server_IP_address with the IP address of the InterScan MSS
server.
The greeting message that you entered is displayed.
1.6.4.
At the prompt, type Quit to exit the telnet session.
1.6.5.
Close the window to return to the InterScan MSS Web console.
2. Configure the SMTP connections settings.
Configuration | SMTP Routing | Receiver | Connections. The Connections
screen appears.
2.2. In the Timeout: field, enter 6 minutes. This field controls the amount of time
InterScan MSS waits before disconnecting inactive connections. Decreasing
the Timeout field will improve the performance of InterScan MSS.
2.3. In the Simultaneous connections: field, enter 200. Decreasing this field will
also improve performance.
2.4. Because you do not want to expend server resources on DNS lookups, do not
select the Perform reverse DNS lookup on incoming messages check box.
2.5. Click Save.
30
aNote: To apply the new connection settings to your current session,
you must click Apply Now in the left-hand column of the InterScan
MSS Web console. For this lab, you will click Apply Now after you
finish configuring all of the SMTP settings. (If you do not click Apply
Now, the settings will be applied after you restart the InterScan MSS
service.)
3. Configure the connection privileges.
Configuration | SMTP Routing | Receiver | Connection Control. The
Connection Control screen appears.
3.2. Select Accept all, except the following Deny Access list and then click Edit.
A new Connection Control screen appears.
31
3.3. Select Single computer and enter 155.155.1.1, the IP address associated with
4U@realoffers4U.com. Click the (+) button. The entry moves to the Deny
Access List.
3.4. Click Save. You are returned to the first Connection Control window.
service.)
4. Configure InterScan MSS to relay messages to a new domain.
4.1. In the left-hand column of the InterScan MSS Web console, click
Configuration | SMTP Routing | Receiver | Relay Control. The Relay
Control screen appears.
4.2. In the Add Domain section, type your lab partner’s domain and click (+)
button. The domain name appears in the Allowed Relay Destinations window
on the right.
aNote: When configuring relay control, you can use a wildcard (*).
4.3. Select Single computer, enter the IP address of your lab partner’s server, and
click the (+) button. The IP address appears in the Permitted Senders of
Relayed Mail window.
32
4.4. Click Save.
service.)
5. Configure the SMTP routing method.
Configuration | SMTP Routing | Delivery | Domain-Based Delivery. The
Domain-Based Delivery screen appears.
5.2. Click Add. A new Domain-Based Delivery screen appears.
33
5.3. In the Name: field of the Destination domain section, enter the domain name
of your lab partner’s server.
5.4. In the Delivery method section, click Forward mail to the following SMTP
server. Then, type the IP address of your lab partner’s server in the Server
address field, enter 25 in the Port field, and click the (+) button.
5.5. Click Save. You are returned to the original Domain-Based Delivery screen.
service.)
6. Configure advanced settings for SMTP routing.
Configuration | SMTP Routing | Delivery | Advanced. The Advanced
screen appears.
34
6.2. Configure the settings in the Deferrals section.
6.2.1.
In the Retry interval: field, enter 10 minutes.
6.2.2.
In the Maximum retry period: field, enter 4 hours. If InterScan MSS
cannot deliver the message after 4 hours, it will send No Delivery
Receipt (NDR).
6.3. Configure the settings in the Advanced section.
6.3.1.
In the Maximum hop count: field, enter 10. If an email loops around
through 10 SMTP servers, InterScan MSS aborts the delivery.
6.3.2.
In the Masquerade domain: field, enter
superdealscompany.com
6.4. Configure the “Received” Header Settings section.
6.4.1.
Select the Do not insert SMTP “Received:” header when
processing messages check box. This option prevents users from
knowing that you are using InterScan MSS.
6.5. Click Save.
35
service.)
7. Configure message limits for SMTP routing:
Configuration | SMTP Routing | Message. The Message screen appears.
7.2. Accept the default setting, 5120 KB, for Limit message size.
7.3. Accept the default setting, 10240 KB, for Limit data size per session.
7.4. Select Limit number of messages per connection and enter 15.
7.5. Select Limit number of recipients per message and enter 50.
7.6. Click Save.
Now.
36
Results
•
You changed the SMTP server’s greeting.
•
You configured the Timeout setting and the Simultaneous Connections setting to
conserve server resources.
•
You blocked the 4U@realoffers4U.com spam sender at IP address 155.155.1.1 from
connecting to the InterScan MSS server.
•
You configured InterScan MSS to relay messages for another domain, and you
configured the delivery method for that domain.
•
You configured the Retry interval and the Maximum retry period so that users are
notified within four hours if a message cannot be sent.
•
You configured a Masquerade domain so that email messages appear as if they
originate from superdealscompany.com—the new name for the fictitious companies.
•
You configured the Message settings to conserve server resources.
37
Activity 2: Configuring POP3 Settings
In this activity, you will configure POP3 settings for the scenario outlined in Activity 1.
1. Configure the POP3 settings.
1.1.
In the left-hand column of the InterScan MSS Web console, select
Configuration | POP3 | Settings. The Settings screen appears.
1.2. Select the Enable POP3 Scanning check box.
1.3. Configure the Inbound POP3 IP Address section.
1.3.1.
In the IP address: field, use the pull-down menu to select the IP
address of your server.
1.4. Configure the Simultaneous User Connections section.
1.4.1. In the Number of connections (1 to 100): field, enter 3 to limit the
number of simultaneous POP3 connections to the InterScan MSS
server. You want to decrease the default value because this option
affects the performance of the InterScan MSS server.
aNote: If you install InterScan MSS on a server with multiple CPUs,
you can adjust this number to take advantage of the increased
processing power.
38
1.5. In the Status Message Text section, type the following message:
InterScan MSS has blocked a message because it
violates your company’s email usage policies.
InterScan MSS sends this message to users when an email message triggers a
filter and be delivered.
1.6. Click Save. After the configuration changes are saved, the POP3.ini file is
updated with the latest POP3 server settings.
1.7. Click Apply Now in the left-hand column of the InterScan MSS Web
console.
aNote: You must click Apply Now to apply the new connection
settings to your current session. Otherwise, the settings will be
applied after you restart the InterScan MSS service.
2. View the connections settings.
Configuration | POP3 | Connections. The Connections screen appears,
showing the POP3 server and port connections that have already been set up.
2.2. Click the view link in the Details column to edit these connections.
2.3. Click Cancel to close the Edit screen.
Results
You configured the POP3 settings for InterScan MSS.
39
Activity 3: Configuring Security Settings
In this activity, you will configure the security settings for the following scenario:
Scenario
The CIO at your company attended a security conference and is now concerned about
Denial of Service (DoS) attacks. To protect your company’s email system from DoS
attacks, the CIO wants you to implement tight security even if some users are
inconvenienced by the security measures you implement.
1. Configure security settings.
Configuration | Security | Security Settings. The Security Settings screen
appears.
1.2. Configure the Compressed File Scanning Limits section.
40
1.2.1.
In the Compressed layers field, enter 3.
1.2.2.
In the Decompressed file size field, enter 10000.
1.2.3.
In the Decompressed file count field, enter 5.
1.3. Configure the Attachment and Message Virus Scanning Limits section.
1.3.1.
In the Attachment + message size field, enter 10000.
1.3.2.
In the Number of attachments field, enter 10.
1.4. Configure the Multiple Virus-Infected Message Limits section.
1.4.1.
In the Number of cleaning attempts field, enter 4.
1.4.2.
In the Number of viruses reported field, enter 5.
1.5. Configure the eManager Filter Message Size Limit section.
1.5.1.
In the Attachment + Message size field, enter 3.
1.6. Click Save.
settings to your current session. For this lab, you will click Apply
Now after you finish configuring all of the SMTP settings. (If you do
not click Apply Now, the settings will be applied after you restart the
InterScan MSS service.)
2. Configure the action for messages that cannot be processed
2.1. From the left-hand column of the InterScan MSS Web Console, select
Configuration | Security | Exception Handling. The Exception Handling
screen appears.
41
2.2. Accept the default setting Quarantine and Notify for When messages fail to
be processed.
2.3. Select Deliver and Notify for When messages are encrypted. You will then
know how many encrypted messages are sent to users. You can also send an
email to the users who receive encrypted messages, reminding them to scan
the message for virus after it is decrypted.
2.4. Click Save.
2.5. Click Apply Now in the left-hand column of the InterScan MSS Web
console.
settings to your current session. Otherwise, the settings will be
applied after you restart the InterScan MSS service.
Results
You configured the security settings to prevent a DoS attack from disabling your email
system.
42
Activity 4: Configuring Notification Settings
In this activity, you will configure InterScan MSS to send email notifications.
General | Notification Settings. The Notification Settings screen appears.
2. In the SMTP server: field, ensure that the IP address of your server is listed.
3. In the SMTP port: field, keep the standard SMTP port, 25.
4. In the Administrator email: field, ensure that the email address for the Exchange
postmaster is listed.
aNote: You can configure InterScan MSS to send email notifications
to more than one person by separating each email address with a
semi-colon (;).
5. Accept the default setting for the From address: field.
6. In the Preferred charset: field, select the language InterScan MSS should use when
sending the email notification.
7. In the Message header: field, enter Message from InterScan MSS.
43
8. Do not configure the Message footer: field.
9. In the Notify Mail Limit in one hour: field, enter 200.
10. Click Save and then click Apply Now.
Results
You configured InterScan MSS to send email notifications.
44
Activity 5: Testing the Configuration
In this activity, you will configure the DNS settings on your server to route email messages
to your lab partner’s Exchange server. You will then test the InterScan MSS configuration
by sending email messages to your lab partner.
1. Add a secondary zone to the DNS settings on your server.
1.1. From the Windows Start menu, click Administrative Tools | DNS. The
dnsmgmt window appears.
1.2. Right-click Forward Look Zones and select New Zone from the pop-up menu
that appears. The New Zone Wizard opens.
1.3. Click Next on the Welcome window. The Zone Type window appears.
1.4. Select Secondary Zone and click Next. The Zone Name window appears.
1.5. Click Next. The Master DNS Servers window appears.
1.6. Enter the IP address of your lab partner’s server and click Add. Then, click
Next.
1.7. Click Finish.
2. Open an email client and send the following email messages to your lab partner:
•
An email message with an archive file that contains more than four
compression levels
•
An email message with an archive file that contains a large file that exceeds the
limit for decompressed files
•
An email message that contains more than 10 attachments
•
An email message that contains seven instances of the EICAR virus
Your lab partner will send the same messages to you.
3. Check the email account on your Exchange server. InterScan MSS sent you
notification messages for each email message, explaining that the message violated
an InterScan MSS setting.
Results
You tested the settings you configured in the InterScan MSS Web console.
45
46
Lab Exercise 4: Configuring Policies
Activity 1: Editing the Anti-Virus Filter in the
Global Policy
In this activity, you will edit the anti-virus filter in the Global Policy for the following
scenario. You will then test the anti-virus filter.
Scenario
A company has a limited budget for computer equipment. The InterScan MSS server meets
the minimum requirements, but the company has a high volume of traffic. To improve the
performance of InterScan MS, you must select options that conserve system resources. You
must also configure a notification message that lists the name of the virus and the action
taken on separate lines.
1. Configure the anti-virus filter.
1.1. In the left-hand column of the InterScan MSS Web console, click Policy
Manager | Global Policy. The Global Policy screen appears.
1.2. In the Filter List, click the Edit button for Antivirus filter. The Virus screen
appears.
1.3. Under File Types to Scan, select IntelliScan. When you select IntelliScan,
InterScan MSS scans only the file types that are vulnerable to virus infection.
1.4. Under Virus Actions, accept the default setting, Clean. Also accept the
default setting, Delete, if the file cannot be cleaned.
1.5. Under Recipient Notification, edit the notification message so that the name
of the virus and the action taken appear on separate lines.
1.6. Select Attachment safe stamp and edit the message as follows:
InterScan MSS scanned the attachment %FILENAME% and
found no viruses.
1.7. Click Save. You are returned to the Global Policy screen.
1.8. Click the Edit button in the Filter Availability and Status column.
1.9. Under Override Property, select Do not allow filter to be overwritten.
1.10. Click Save. You are returned to the Global Policy screen.
1.11. Click the Edit button for Filter Action. The Virus screen appears, displaying
the filter actions for various types of malware.
47
1.12. For Joke program attachment detected, select Quarantine and Notify.
1.13. For Virus(es) detected and successfully cleaned, select Quarantine and
Notify.
1.14. For all other options, accept the default settings.
1.15. Click Save.
Now.
2. Test the settings.
2.1. Open an email client and access one of the email accounts that your instructor
created for you.
2.2. Create an email message and attach the EICAR virus. Send the email
message to your lab partner. Your lab partner will send the same email
message to you.
2.3. Create an email message and attach a Word document. Send the email
message to your lab partner. Your lab partner will send the same email
message to you.
2.4. Check the email account on your Exchange server. InterScan MSS notified
you that it detected the EICAR virus in the first message. The second
message was delivered with a safe stamp, stating that the message did not
contain a virus.
3. Disable the safe stamp option in the anti-virus filter. When you create and test other
filters in the lab activities that follow, the safe stamp may be distracting.
48
Results
•
You configured the anti-virus filter for the global policy.
•
You tested the settings that you selected for the anti-virus filter.
49
Activity 2: Creating a General Content Filter
In this activity, you will configure a general content filter for the following scenario:
Scenario
A CIO left the company and created a new company. He is now trying to persuade
employees to leave the company and work for his new company. The new CIO wants to be
notified when an employee sends an email message to the former CIO. He wants the email
message to be delivered normally, so that the employee is unaware that you are monitoring
the email message.
For this scenario, you will create three components for one filter action. You will first select
Processing Action and then select Deliver. Next, you will select Archive, and then you
will select Notification and specify the message content as follows:
InterScan MSS detected a message from %sender% entitled
%subject% to %rcpts%.
1. Create a filter action.
Manager | Filter Action. The Filter Action screen appears.
1.2. Click New Filter Action. The New Filter Action screen appears.
50
1.3. Configure the filter action to deliver the message.
1.3.1.
In the Name text field, enter Monitor.
1.3.2.
Click New Item. Another New Filter Action appears, outlining the
steps for creating a new item for the filter action.
51
1.3.3.
In the Description text field, enter a short description, such as the
following:
Delivering email from former CIO
1.3.4.
52
Select Processing Action and click Next.
1.3.5.
Select Deliver and click Next. You are returned to the New Filter
Action screen.
1.4. Configure the filter action to archive the message.
1.4.1.
Select New Item. Another New Filter Action appears, outlining the
1.4.2.
following:
Archiving email from former CIO
1.4.3.
Select Archive and click Next.
53
1.4.4.
Select Archive to a local directory and enter the following
directory:
C:\EVIDENCE
1.4.5.
Select Archive without changes.
1.4.6.
Select Next. You are returned to the New Filter Action screen.
1.5. Configure the filter action to send a notification message to the new CIO.
1.5.1.
Click New Item. Another New Filter Action appears, outlining the
1.5.2.
following:
Notifying the new CIO
1.5.3.
Select Notification and click Next.
1.5.4.
In the message text box, enter the following:
InterScan MSS detected a message from %sender%
entitled %subject% to %rcpts%.
54
1.5.5.
Do not select either Original Mail Sender or Original Mail Receiver.
1.5.6.
Under To:, select User Specified and enter the email address of your
lab partner.
1.5.7.
In the Subject: text field, enter Message from Former CIO.
1.5.8.
Select Do not attach message and click Next. You are returned to
the New Filter Action screen.
1.6. Click Finish to save the new filter action. The Monitor filter action should
appear in the list of filter actions.
55
2. Create a sub-policy.
2.2. Click the Sub-policies link. The Manage Sub-policies screen appears.
2.3. Click the Create new sub-policy link. The Create Sub policy screen appears.
56
2.4. In the Name text field, enter CIO messages.
2.5. In the Description text field, enter Messages from the former CIO.
2.6. Click Next. Another Create Sub Policy screen appears.
57
2.7. For line 1, enter the email address of your lab partner in the From field. Enter
* in the To field.
2.8. For line 2, enter * in the From field. Enter the email address of your lab
partner in the To field.
3. Click Finish. The new policy should appear under the Global Policy in the lefthand column of the InterScan MSS Web console.
4. Create a new filter.
Manager | Global Policy | CIO Messages. The Manage Filters screen
appears.
58
4.2. Click the Create New Filter link. The New Filter screen appears.
59
4.3. In the Filter Name text field, enter Former CIO Email.
4.4. For Override Property, select Do not allow filter to be overwritten.
4.5. For eManager Filter Group, select General Content Filter and click Next.
Another New Filter screen appears.
4.6. Select the Message size check box. Then, use the pull-down menu to select
greater than and enter 0 KB.
60
4.7. Click Next. A verification screen appears, summarizing the filtering options
you selected.
61
4.8. If the information on the verification screen is correct, click Next. The
following screen appears.
62
4.9. For not triggered, accept the default setting, Deliver.
4.10. For triggered, use the pull-down menu to select Monitor, the new filter
action you created.
4.11. Click Save.
5. Test the new filter.
5.1. Send your lab partner an email message.
5.2. Ask your lab partner to send you an email message.
5.3. Check your email account for the notification message.
6. Make the Monitor filter inactive so that you can create and test other filters.
Discussion Questions
•
What email rules have you established in your company?
•
How are you enforcing those rules?
•
How can InterScan MSS enforce those rules?
Results
You created a general content filter for a specific scenario, and you tested that filter.
63
Activity 3: Writing Expressions for Advanced
Content Filters
In this activity, you will write expressions for different scenarios. Expressions are part of
the Advanced Content Filter.
•
The Chief Financial Officer (CIO) is concerned that the Accounting department is not
handling confidential information carefully. He wants to ensure that the accounting
department is not sending monthly, quarterly, or yearly reports to users outside the
company. The company’s name is Rebate Corporation, and the reports are called
Rebate Monthly Report, Rebate Quarterly Report, and Rebate Yearly Report. Write an
expression to filter for these reports.
•
One of the company’s managers has received unpleasant email messages from a former
employee. The employee uses different email addresses but always ends the message
with the words you are a jerk. Write an expression to filter for these words.
•
A company is working on a new technology, and management wants to ensure that
employees are not sharing information about the technology. The new technology is
code-named Moab and will improve the company’s existing bicycle products. The
company wants to block messages that contain the word Moab, unless Moab is used
with Utah. Write an expression to filter the word Moab when it is not used in
conjunction with Utah.
You will use this expression to create an advanced content filter in the next activity.
Results
You wrote expressions to filter messages that contain certain words.
64
Activity 4: Creating an Advanced Content Filter
In this activity, you will configure an advanced content filter for the following scenario:
Scenario
A company is working on a new technology, and management wants to ensure that
employees are not sharing information about the technology. The new technology is codenamed Moab and will improve the company’s existing bicycle products. The company
wants to block messages that contain the word Moab under the following circumstances:
•
The message does not contain the word Utah.
•
The message is being sent to a recipient outside the company.
1. Configure the advanced content filter.
Manager | Global Policy. The Manage Filters screen appears.
1.2. Select Create new filter. The New Filter screen appears.
65
1.3. In the Filter Name field, enter Moab.
1.4. Under Override Property, select Do not allow filter to be overwritten.
1.5. Under eManager Filter Group, select Advanced Content Filter.
1.6. Click Next. The next New Filter screen appears.
1.7. Select Mail body.
66
1.8. Click New Expression. The following screen appears:
1.9. Under Definition, enter the following expression:
Moab .AND. .NOT. Utah
1.10. Under Case Sensitive, select Disable.
1.11. Under Synonyms, select Ignore synonyms.
1.12. Click Next. Click Next again. The Verification screen appears.
67
1.13. If the information on the Verification screen is correct, click Next. The
following screen appears.
1.14. For Triggered, select Quarantine and Notify.
2. Test the advanced content filter.
2.1. Send your lab partner the following email messages:
•
An email message that contains the word Moab
•
An email message that contains the words Moab and Utah
2.2. Ask your lab partner to send you the same email messages.
2.3. Check your email account. InterScan MSS quarantined the email message
that contains the word Moab. The email message that contains the words
Moab and Utah was not quarantined.
Results
You created an advanced content filter for a specific scenario, and you tested that filter.
68
Activity 5: Understanding the Order of Policies
and Filters
In this activity, you will determine the order in which policies should be executed for the
following scenarios.
•
You create a policy that blocks all email messages that contain sexual and racial terms.
You then create a policy that allows your company’s Human Resources department to
receive email messages that contain information about sexual and racial discrimination.
Which policy should be executed first? How can you ensure that this policy is executed
first?
•
You create a policy for the Marketing department. As part of this policy, you create a
filter to delay the delivery of messages that are larger than 5 MB. You then create a
policy for the Graphics department, which is part of the Marketing department. This
policy immediately delivers messages that are larger than 5 MB. Which policy should
be executed first? How can you ensure that this policy is executed first?
•
When InterScan MSS evaluates filters, which of the following email address has the
higher priority?
¡
*@abccompany.com
¡
•
dolsen@*
When InterScan MSS evaluates filters, which of the following routes has the highest
priority?
¡
Route 1: Sender is *@allway.com. Recipient is *.
Route 2: Sender is *. Recipient is dolsen@jetplane.com
¡
Route 3: Sender is dolsen@jetplane.com. Recipient is mgoodman@allway.com.
¡
69
70
Lab Exercise 5: Configuring the Spam Prevention Service
Lab Exercise 5: Configuring the
Spam Prevention Service
Activity 1: Creating a Text Exemption Rule
In this activity, you will create a text exemption rule for the following scenario, and you
will test this rule.
Scenario
You are using the Heuristic Spam Filter (SPS) to identify spam messages entering your
company’s email system. However, some messages that your company’s Human Resources
department sends are getting tagged as spam. Each week the Human Resources department
sends an email that features discounts or coupons for local stores. These email messages
contain the word opportunity in the subject line. To ensure that these messages are not
tagged as spam you will create a text exemption rule.
1. Prevent the Heuristic Spam Filter (SPS) in the Global Policy from being
overwritten by a subpolicy.
1.2. Click the Filter Availability and Status edit button for Heuristic Spam Filter
(SPS). The Heuristic Spam Filter window appears.
1.3. Under Override Property, select the Do not allow subpolicies to edit
sensitivities, actions, status button.
1.4. Click Save.
Now.
2. Set the Heuristic Spam Filter (SPS) to the most aggressive level.
2.2. Click the Filter Type edit button for Heuristic Spam Filter (SPS). The
Heuristic Spam Filter window appears.
2.3. For Baseline detection rate, use the pull-down menu to select 6 - Most
aggressive.
71
2.4. For each category under Additional Sensitivity, use the pull-down menu to
select 4 – High.
2.5. Click Save.
Now.
3. Test the settings for the Heuristic Spam Filter (SPS).
3.1. Send your lab partner the email that is contained in the spam01.txt file. Your
lab partner will send you the same email.
aNote: The content in the spam01.txt file has nothing to do with
marketing. The file is real spam, however, and will be detected by
the SPS filters.
3.2. Check the inbox of your Outlook email account. The email that your lab
partner sent you was tagged as spam.
3.3. View the header information to determine why the email was tagged as spam.
72
3.3.1.
Right-click the email and select Options. In the Internet Headers box,
scroll down the headers to view the X-imss-scores and X-imss-settings
lines.
3.3.2.
Check the Baseline number in the x-imss-scores line and the Spam
Score in the x-imss-settings line. (The Spam Score is the second
number in the parentheses on the x-imss-settings line.) Because the
Spam Score for this email is greater than the Baseline number, SPS tags
this email as spam.
4. Create a text exemption rule.
4.3. Under Global Settings, click the Text Exemption Rules link. The Text
Exemption window appears.
4.4. Select Enable Text Exemption Rules.
4.5. Click New Rule. A new Text Exemption Rules window appears.
4.6. In the Rule name field, enter Allow Opportunity.
aNote: You can use regular expressions in the text exemption rules.
See Chapter 7: Configuring Filters in the InterScan Messaging
Security Suite Student Textbook.
4.7. In the Scan area field, use the pull-down menu to select Subject.
4.8. In the Text Strings field, select Items are case insensitive.
4.9. In the Strings to Match field, enter Opportunity on the second text line.
aNote: Word strings entered on the first text line match only the first
word or words of the email subject.
73
4.10. Click Save.
Now.
5. Test the text exemption rule for the Heuristic Spam Filter (SPS).
partner sent you was not tagged as spam.
5.3. View the header information to determine why the email was not tagged as
spam.
74
5.3.1.
Right-click the email and select Options. In the Internet Headers
box, scroll down the headers to view the X-imss-exclusionListMatch:
Allow_Opportunity line. The email triggered the text exemption rule
that you created. Consequently, the email was not run through the
Heuristic Spam Filter (SPS).
6. Delete the text exemption rule.
6.3. Under Global Settings, click the Text Exemption Rules link. The Text
Exemption window appears.
6.4. Uncheck Enable Text Exemption Rules.
6.5. Select the Allow Opportunity rule and click Delete.
6.6. Click Save.
Now.
•
Under what circumstances would text exemption rules be useful?
•
How could you use text exemption rules for your organization?
Results
•
You configured a text exemption rule for the Heuristic Spam Filter (SPS).
•
You tested the text exemption rule.
75
Activity 2: Editing the Approved Senders List
In this activity, you will edit the approved senders list for the following scenario:
Scenario
The Purchasing department wants to receive email offers from an approved vendor, and
they don’t want these offers tagged as spam. If you add the vendor’s email to the approved
senders list, InterScan MSS will allow all email sent from this address, even if it contains
spam. For this activity, assume that your lab partner is the approved vendor.
1. Ensure that the Heuristic Spam Filter (SPS) is set to the most aggressive level. If
you completed Activity 1: Creating a Text Exemption Rule, skip to step 3.
aggressive.
select 4 – High.
1.5. Click Save.
Now.
2. Test the settings for the Heuristic Spam Filter (SPS). If you completed “Activity 1:
Creating a Text Exemption Rule,” skip to step 3.
76
2.3.1.
box, scroll down the headers to view the X-imss-scores and X-imsssettings lines.
2.3.2.
Check the Baseline number in the x-imss-scores line and the Spam
Score in the x-imss-settings line. (The Spam Score is the second
number in the parentheses on the x-imss settings line.) Because the
Spam Score for this email is greater than the Baseline number, SPS
tags this email as spam.
3. Add an email address to the approved senders list.
3.3. Click the Edit button for Approved Senders. The Approved Senders window
appears.
3.4. Under Unmodifiable Approved Senders, enter your lab partner’s email
address in the Add Email Addresses text box. Click the (+) button.
77
aNote: For a discussion of modifiable and unmodifiable senders, see
“Chapter 7: Configuring Filters” in the InterScan Messaging Security
Suite Student Textbook.
aNote: You can also use wildcards such as *@zone1.com.
3.5. Click Save.
Now.
4. Test the approved senders list.
partner sent you was not tagged as spam.
spam.
4.3.1.
box, scroll down the headers to view the X-imss-approvedListMatch:
Administrator@zone1.com. The email triggered the approved senders
list. Consequently, the email was not run through the Heuristic Spam
Filter (SPS).
5. Delete the email address on the approved senders list.
5.3. Click the Edit button for Approved Senders. The Approved Senders window
appears.
5.4. Under Unmodifiable Approved Senders, select your lab partner’s email
address in the text box and click the (-) button.
5.5. Click Save.
Now.
•
78
How could you use approved sender lists for your organization?
Results
•
You edited the approved senders list.
•
You tested the approved senders list.
79
Activity 3: Editing the Blocked Senders List
In this activity, you will add an email address to the blocked senders list.
Scenario
Your company has received a lot of harassing email lately from the same user. Add the
user’s email address to the Blocked senders list.
1. Ensure that the Heuristic Spam Filter (SPS) is set to the most conservative level.
conservative.
select 1 – Lowest.
1.5. Click Save.
Now.
spam.
80
2.3.1.
box, scroll down the headers to view the X-imss-scores and X-imsssettings lines.
2.3.2.
Check the Baseline number in the x-imss scores line and the Spam
Score in the x-imss settings line. (The Spam Score is the second
number in the parentheses on the x-imss settings line.) Because the
Spam Score for this email is 0.0000, SPS does not tag this email as
spam.
3. Add an email address to the blocked senders list.
3.2. Click the Edit button for Blocked Senders. The Blocked Senders window
appears.
3.3. Under Unmodifiable Approved Senders, enter *@lab_partner_domain in the
Add Email Addresses text box. (Replace lab_partner_domain with your lab
partner’s domain.) Click the (+) button.
aNote: For a discussion of modifiable and unmodiable senders, see
“Chapter 7: Configuring Filters” in the InterScan Messaging Security
Suite Student Textbook.
3.4. Click Save.
81
Now.
4. Test the blocked senders list.
4.2. Check the inbox of your Outlook email account. Notice that the email was
tagged as spam.
aNote: The email was delivered because Tag and Deliver is the
default filter action.
4.3.1.
box, scroll down the headers to view the X-imss-blockedListMatch:
*@zone1.com line. The email triggered the blocked senders list.
Consequently, the email was tagged as spam.
5. Delete the email address on the blocked senders list.
5.3. Click the Edit button for Blocked Senders. The Blocked Senders window
appears.
5.4. Under Unmodifiable Approved Senders, select your lab partner’s email
address in the text box and click the (-) button.
5.5. Click Save.
Now.
•
How could you use blocked sender lists for your organization?
Results
•
82
You edited the blocked senders list.
Activity 4: Tuning the Heuristic Spam Filter (SPS)
In this activity, you will tune the settings for the Make Money Fast category in the Heuristic
Spam Filter (SPS). To test the various settings, you will send and receive sample email
messages that fall within the Make Money Fast category. You will then examine the Spam
Scores that the SPS scanning engine generates for these email messages.
Although this activity focuses on the Make Money Fast category, the tuning principles
apply to all of the SPS categories.
aNote: Because the SPS scanning engine is updated regularly, the
scores that you see as you complete this activity may differ from
those displayed in the text.
1. Set the Heuristic Spam Filter (SPS) to a conservative level.
1.3. For Baseline detection rate, use the pull-down menu to select 2 Conservative.
1.4. For the Make Money Fast category, use the pull-down menu to select 2 –
Low.
1.5. Click Save.
Now.
2.1. Send your lab partner the email that is contained in the Spam01.txt,
Spam02.txt, and Spam03.txt files. Your lab partner will send you the same
email.
2.2. Check the inbox of your Outlook email account. Which emails were tagged
as spam? Spam03 was tagged as spam.
2.3. View the header information to determine why certain email was tagged as
spam.
2.3.1.
Right-click the Spam01 email and select Options. In the Internet
Headers box, scroll down the headers to view the X-imss-scores.
83
2.3.2.
2.3.3.
The Spam03 email was flagged as spam because its Spam Score (0.200) is greater than its
Baseline Score (0.0136). Spam01 and Spam02 were not flagged because their Spam Scores
(0.200) are less than their Baseline Scores (0.3723 and 0.0319, respectively).
To calculate the Spam Score, the SPS scanning engine multiplies the Baseline Multiplier by
the Sensitivity Multiplier. In this case, with the Baseline detection rate set at Conservative
(2) and the Make Money Fast Additional sensitivity rate set to Low (2), the Spam Score at
these settings is 0.200. Tables 5-1 and 5-1 show the various multipliers that the SPS
scanning engine uses.
Setting
Commercial
offer
Make
Money Fast
Sexual
Content
Racist
Content
1
1
1
1
1
2
2
2
25
25
3
3
3
50
50
4
4
4
750
750
Table 5-1: The sensitivity multipliers for the four different sensitivity settings for the individual
content filters.
84
Setting
Baseline
Multiplier
1
0.0000
2
0.0100
3
0.0500
4
0.1000
5
0.2500
6
1.0000
Table 5-2: The baseline multipliers for the six different baseline settings.
3. Change the Heuristic Spam Filter (SPS) settings.
3.3. For Baseline detection rate, use the pull-down menu to select 4 – Moderately
Aggressive.
3.4. For the Make Money Fast category, use the pull-down menu to select 3 –
Moderate.
3.5. Click Save.
Now.
4.1. Send your lab partner the email that is contained in the Spam01.txt,
Spam02.txt, and Spam03.txt files. Your lab partner will send you the same
email.
4.2. Check the inbox of your Outlook email account. Which emails were tagged
as spam? Spam02 and Spam03 were tagged as spam.
4.3. View the header information to determine why certain email was tagged as
spam.
85
4.3.1.
4.3.2.
4.3.3.
As you increase the detection rate, more messages will be flagged as spam.
86
•
If you were to set the Baseline detection rate to 4 - Moderately aggressive and the
Make Money Fast additional sensitivity rate to 4 -High, would Spam01 be flagged as
spam? Why or why not? Use the Baseline and Sensitivity Multipliers to support your
answers (see Tables 5-1 and 5-2). Set the detection rate as described and send Spam01
to test your answer.
•
If you were to set the Baseline detection rate to 5 - Aggressive and the Make Money
Fast additional sensitivity rate to 1 - Lowest, would Spam01 be flagged as spam? Set
the detection rates as described and send Spam01.
•
If you were to set the detection rates to 5 - Aggressive and 2 – Low, would Spam01 be
flagged as spam? Set the detection rates as described and send Spam01.
•
Using the Baseline and Sensitivity Multipliers, determine the minimum settings that
would flag Spam02 as spam (see Tables 5-1 and 5-2). Set the detection rates as
described and send Spam02 to test your answer.
•
Using the Baseline and Sensitivity Multipliers, determine the minimum settings that
would flag Spam03 as spam (see Tables 5-1 and 5-2). Set the detection rates as
described and send Spam03 to test your answer.
Results
•
You tuned the settings for the Make Money Fast category in the Heuristic Spam Filter
(SPS).
•
You tested various settings for the Make Money Fast category in the Heuristic Spam
Filter (SPS).
87
88
Lab Exercise 6: Monitoring InterScan MSS
Lab Exercise 6: Monitoring
InterScan MSS
Activity 1: Viewing the Virus Logs
In this activity, you will view the virus logs.
1. In the left-hand column of the InterScan MSS Web Console, click Configuration |
Logs | Virus Logs. The Virus Logs screen appears.
2. Under Range, use the pull-down to select Today and click View Logs. The Virus
Logs for today appear. The Virus Logs include the following information for each
virus detected:
•
Date
•
Time
•
Message ID
•
Sender
•
Recipient
•
Subject
•
Virus Name
•
Action
•
Message Action
•
Quarantine Area Name
89
Results
You viewed the Virus Logs.
90
Activity 2: Viewing the eManager Logs
In this activity, you will view the eManager logs.
Logs | eManager Logs. The eManager Logs screen appears.
2. Under Range, use the pull-down to select Today and click View Logs. The
eManager Logs for today appear. The eManager Logs include the following
information for each message that triggered an eManager filter:
•
Date
•
Time
•
Message ID
•
Sender
•
Recipient
•
Subject
•
Policy Name
•
Filter Name
•
Action on Content
•
Message Action
•
Quarantine Area Name
Results
You viewed the eManager logs.
91
Activity 3: Viewing the Program Logs
In this activity, you will view the Program Logs.
Logs | Program Logs. The Program Logs screen appears.
2. Under Range, use the pull-down to select Today and click View Logs. The
Program Logs for today appear. The Program Logs include the following
information:
•
Date
•
Time
•
Message ID
•
Messages
Results
You viewed the Program Logs.
92
Activity 4: Changing the Log Setting
In this activity, you will change the log setting from Normal to Diagnostic and view the
difference in the information that InterScan MSS records in the logs.
Scenario
Several employees tell you that they are not receiving email that their clients are sending.
You find the emails in the quarantine area and forward them to the original recipients. You
look at the logs to see what filter the emails triggered and then make some adjustments to
that filter.
A few hours later, the employees return with the same complaint. You find the new emails
in the quarantine area. You look at the logs again, but cannot troubleshoot the problem any
further based on the information composed when the logs are on the Normal setting. You
decide to change the level of detail on the logs to Diagnostic so that you can find out which
policy is quarantining the emails.
Logs | Log Maintenance. The Log Maintenance screen appears.
2. Change the level of detail from Normal to Diagnostic.
3. Click Save and then click Apply Now.
4. Send an email to your lab partner with the EICAR virus attached. Have your lab
partner send an email to you with the EICAR virus attached.
5. Open the ISNT5.yyyy.mm.dd.xxxx log file, which is located in the C:\Program
Files\Trend\IMSS\ISNTSmtp\logs directory. Compare the information recorded
93
before you changed the log level with the information recorded after you changed
the log level.
Results
94
•
You have changed the log level from Normal to Diagnostic.
•
You viewed the difference in the information that InterScan MSS records in the
ISNT5.yyyy.mm.dd.xxxx log file.
Activity5: Configuring the System Monitor
Setting
In this activity, you will view real-time system-performance data. You will also configure
InterScan MSS to notify you if the following events occur:
•
Delivery queue reaches the threshold that you specify
•
Schedule update occurs
•
InterScan MSS service stops
•
Processing queue reaches the threshold that you specify
You will also stop the Simple Mail Transport Protocol (SMTP), send some email messages,
and view the email messages in the retry queue.
1. Check the volume of messages in the processing, delivery, and retry queues, the
number of messages processed since the service was started (including
undeliverable messages), and the number of viruses detected.
Configuration | System Monitor | System Status. The System Status
window appears.
2. Configure event monitoring.
95
Configuration | System Monitor | Event Monitoring. The Event
Monitoring window appears.
2.2. Select Delivery queue contains more than 5000 messages. Change the
number of messages to 10, so that you can test the setting.
2.3. Select Scheduled update result.
2.4. Select Service stops for more than 10 minutes. Change the number of
minutes to 5, so that you can respond more quickly to this problem.
2.5. Select Processing queue folder has less than 100 MB free disk space.
2.6. Select Enable email notification and click Edit Messages. The Mail
Notification Messages window appears.
2.7. Under Message for Delivery Queue contains more than 5000 entries, edit
the Subject line as follows:
InterScan MSS delivery queue has exceeded 5000
entries
2.8. Under Message for Scheduled Update Statue, edit the Subject line as
follows:
InterScan MSS scheduled update status
2.9. Under Message for Processing queue folder has less than 100 MB free
disk space, edit the Subject line as follows:
96
InterScan MSS mail queue below threshold
2.10. Click Save.
2.11. Click Save on the Event Monitoring window.
Now.
3. Stop the Simple Network Transport Protocol (SMTP).
3.1. From the Windows Start menu, click Administrative Tools | Services. The
Services window appears.
3.2. Right-click Simple Network Transport Protocol and select Stop from the
pop-up menu that appears.
4. Send two email messages to your lab partner.
5. View the retry queue.
Configuration | System Monitor | Retry Queue Viewer. The Retry Queue
Viewer window appears.
97
5.2. Click view for one of the messages in the retry queue. The Mail Content
Detail window appears.
98
6. Start the Simple Network Transport Protocol (SMTP).
6.1. From the Windows Start menu, click Administrative Tools | Services. The
Services window appears.
6.2. Right-click Simple Network Transport Protocol and select Start from the
pop-up menu that appears.
Results
•
You viewed real-time system-performance data.
•
You configured InterScan MSS to notify you if the following events occur:
¡
Delivery queue reaches the threshold that you specify
•
¡
Schedule update occurs
¡
InterScan MSS service stops
¡
Processing queue reaches the threshold that you specify
You stopped the Simple Mail Transport Protocol (SMTP), sent some email messages,
and viewed the email messages in the retry queue.
99
100
Appendix A: Registering and Activating InterScan MSS
Appendix A: Registering and
Activating InterScan MSS
To activate InterScan MSS, you must use the registration code you received for the product
to register the product online. The Trend Micro then emails you the activation key, which
you enter in the InterScan MSS Web console. To register InterScan MSS in a production
environment, complete the following steps:
1. From the left-hand column of the InterScan MSS Web console, click
Configuration | Product License.
2. Click the Activate link next to InterScan Messaging Security Suite. The InterScan
MSS Web console lists the steps for activating the product.
3. Under Register, click the register online link. This link takes you to the Trend
Micro Online Registration page on the Trend Micro Web site.
101
4. Under New customer registration, click Register Your Product. The Enter
Registration Key page appears.
102
5. Enter the registration key and click Continue. The License Agreement page
appears.
6. Click I Accept. The Confirm Product Information page appears.
7. Ensure that the product information displayed on this page is correct. Click
Continue with Registration. The Registration Form page appears.
103
8. Complete the fields on this form. In the Email address field, enter your email
address. The Confirm Registration Information page appears, summarizing the
information you entered.
9. If the information is correct, click OK. The Activation Code page appears,
congratulating you on registering successfully.
104
10. Close the browser window to return to the Product License window in the InterScan
MSS Web console.
11. Check your email message from the Trend Micro online registration. This email
message contains the activation code for InterScan MSS.
12. Enter the activation code on the Product License window in the InterScan MSS
Web console and click Activate.
13. Repeat steps 2-12 to activate SPS.
105
106
Appendix B: Uninstalling InterScan MSS
Appendix B: Uninstalling InterScan
MSS
When you uninstall InterScan Messaging Security Suite (InterScan MSS), you must use the
installation program, setup.exe. You should not use the Windows Add/Remove Programs
application or manually remove the registry keys or program files.
1. Click Setup.exe. The Welcome window appears.
2. Click Next. The Software License Agreement window appears.
3. Click Yes. The Install/Uninstall InterScan Messaging Security Suite window
appears.
4. Select Uninstall InterScan Messaging Security Suite and click Next. The Trend
InterScan Mss Remote Installer window appears.
5. In the left-hand pane of the Trend InterScan MSS Remote Installer window, select
the server on which InterScan MSS is running and click Add. Then, click Next.
The IMSS Setup—Server Logon window appears.
6. Enter a user name that has administrator privileges to the server and then enter the
corresponding password. Click Logon. The name of the server appears in the Trend
InterScan MSS Remote Installer window.
7. Click Next. The setup program reports the progress of the removal process in the
Uninstallation Status field. When the removal process is completed, the installation
program displays a message, explaining that you must reboot the server to finalize
the removal of InterScan MSS.
8. Click Next. The final screen appears, reporting if the uninstall process was
successful or not.
9. Click Next and reboot the server.
107
108
Appendix C: Sample Spam Messages
Appendix C: Sample Spam
Messages
Spam01
An opportunity for you 01
Hi,
My name is Colin Buttweiler and I would like to share a genuine
opportunity with you. Sceptical already?
Unlike other internet offers that you might have seen, what I have to
share with you invites close scrutiny - even with a sceptical eye. It is
first and foremost a chance to get to know people.
It also offers you the ability to have a share of a new Internet Mall to buy
inexpensively for yourself or to send others to and make commissions on their
purchases.
Besides this, it also offers a unique and innovative networking program
using a principle we call "REFERNET". It is a credible and realistic way
to save and gradually develop what can become a large, ongoing income.
The best thing about this? You can "try it first".
That's right. You can join the DHS Club with no risk or obligation.
As a DHS Club Member, you will be able to shop at The DHS Club Outlet
Centre. You will also be able to shop at The Club Shop Stores, located in
the ClubShop Mall, where you will receive rebates on your purchases as per
our affinity agreements. (Just remember, our affiliate stores are
independent merchants and shipping charges will vary.)
You will also be able be entered into Post launch and receive a
position in the Club's network. Watch as others join your downline and see
how our innovative network building program works.
109
I look forward to hearing from you and sharing in your accomplishments and your
achievements.
Regards,
Colin Buttweiler
____________________________________
Spam02
Get Rich, Like Donald Trump-02
Mega-millionaire Donald Trump was a guest one evening
on a television talk show when he was asked,
"What would you do if you lost all of your money?"
Trump didn't pause. "I'd find a good multi-level-marketing program
and get back to work."
The audience didn't understand his answer... and they also
didn't like it. Some of them booed.
Trump didn't bat an eye. "That," he said, "is why I'm
sitting up here ... and you're sitting out there ...
Just another face in the crowd."
Please read the following to see how to get started.
if you're busy right now, put it aside until you have some
free time. Then read it, and then read it again!
110
You're not going to be sent to some website where they slowly
milk you for your money and you end up with nothing in return.
All you need is in this letter so let's go to work.
This e-mail is about a multi-level-marketing (MLM) program that
can change your life, and it's so very simple that absolutely
anyone can do it.
This e-mail "yes, THIS ONE" can make you a lot of
money just like it's been doing for others all around the world!
Here's how...
First, this is a business. As I said, it's called
Multi-Level-Marketing, that deals with E-books.
An E-book is a book that is downloadable, or in this case,
information that is sent by EMAIL.
Your product is information; in this case, five written E-books
explaining in detail "how to" market, advertise and sell on the
internet.
It is a very simple, perfectly legal and a most enjoyable
free enterprise.
If you decide to participate, you'll have a lot of fun, and, even
more importantly, you can make a lot of money.
And you can do it again, over and over, as often as
you like!
How it works, and how you work it.
Follow the instructions exactly. Don't change anything, other than
111
those things you're TOLD to change. This program works "as is,"
so if you try to improve on it by switching or inventing names you'll
be out of business before you begin. The program works, people are
making lots of money with it, and it's a success. Don't mess with success!
When you decide to participate, the first thing you'll do is spend $25
of your own money. You take five $5 bills, US currency, and you buy the
five separate "E-books" listed further along in this e-mail.
These "E-books" you will order by sending $5 to each of 5 persons,
by "snail mail".
The "E-books" will then be delivered to you by e-mail.
Scroll down to locate the five "E-books." For each E-book, write
on a sheet of paper the name and number of the E-book,
request in writing that it be sent to you, and legibly write your
e-mail address.
Wrap the $5 bill in that sheet of paper, put it in an envelope,
seal it, address it to the person listed for that E-book and drop
it in the nearest mailbox.
When you have finished ordering the five "E-books," and only AFTER
those orders are in the mail, return to the list and remove the name
& address of the person in E-book #5. This person has made it through
the cycle and is no doubt counting their fortune.
Then, move the name & address in E-book #4 down to E-book #5.
Next, move the name & address in E-book #3 down to E-book #4.
And move the name & address in E-book #2 down to E-book #3.
Move the name & address in E-book #1 down to E-book #2.
And then, insert YOUR name & address in the E-book #1 Position.
Once again, save this email, make a back-up copy and then go on
112
about your normal business.
Within a few days you will have received all five
"E-books." As promised, you'll find each contains
information about marketing on the internet.
Down-to-earth, practical information you're about to use.
Save the five "E-books" on your computer, and make another backup.
The "E-books" are your stock-in-trade, and, as such, are invaluable.
You are not only going to benefit from the knowledge they contain;
more to the point, you are going to sell them, over and over, and
they can make you quite rich.
_______________________________________
Spam3
$1,000 for sending an e-mail-03
We will give you $1,000 for sending an e-mail to your friends. AB Mailing,
Inc. is proud to announce the start of a new contest. Each day until
January, 31 1999, one lucky Internet or AOL user who forwards our
advertisement to their friends will be randomly picked to receive $1,000!
You could be the winner!
Thank you for your time.
Our message:
"YOUR COMPUTER CAN MAKE MONEY WHILE YOU SLEEP"
Respected 10 Year Old Company Shows You How
113
YOU HAVE NEVER SEEN ANYTHING LIKE THIS!
http://www.abmailing.com
Phone: 800-226-2770
I know that's an incredible statement, but bear with me while I
explain. You have already deleted mail from dozens of "Get Rich
Quick" schemes, chain letter offers, and LOTS of other
absurd scams that promise to make you rich overnight with no
investment and no work.
My offer isn't one of those. What I'm offering is a
straightforward computer-based service that you can run full-or
part-time like a regular business. This service runs automatically
while you sleep, vacation, or work a "regular" job.
It provides a valuable new service for businesses in your area.
I'm offering a high-tech, low-maintenance, work-from-anywhere
business that can bring in a nice comfortable additional income
for your family. I did it for eight years. Since I started
inviting others to join me, I've helped over 4000 do the same.
Phone: 800-226-2770
Our Customers Say It Best
"Your energy and drive are truly an inspiration to me and I'm
sure to others also. Thanks for sharing your creation with us
so we can all become successful... Keep up the good work!"
114
C.G., Palos Hills, Il
"Very few software providers freely disseminate information
regarding future inclusions and upgrades like you do. Even
fewer accept much input regarding potential changes and upgrades. you listen!" M.K., Tampa, Fl
"I'll be able to quit a 17-year job at the Post Office!
Thanks, Rob!" - R.W., Detroit, Mi.
The Dallas Morning News - Aug, 1994 - "This home business
idea is new.. it can be a profitable income producer. Since
it's 'remote,' it doesn't matter where you do it."
My staff and I are committed to making YOU successful. We
KNOW how to do it, because we've done it ourselves for 10
years. Let us show YOU how to make YOUR computer earn
money while YOU sleep!
Phone: 800-226-2770
MailingCode: NLMORERIGHT
115

Trend Micro InterScan Messaging Security Suite

Transcription

Similar documents

Ipragaz increases its IT infrastructure energy with Deep Security

why trend micro?

Contract based design of avionics systems

Exgen achieves PCI DSS-level security for cloud

The Growing Problem of Mobile Adware

Winter 2014

Threats in Connected World Day 2, Track 2, 09:45

ServerProtect™ for Linux

Britain`s Culture of Carelessness with Mobile Devices