InterScanTM Messaging Security Virtual Appliance - Online Help ...

More documents

Recommendations

Info

Trend Micro InterScan Messaging Security Virtual Appliance Administrator’s Guide Querying Logs 23-4 You can perform queries on five types of events or information: • Message tracking: Records message details such as the sender, recipient(s), message size, and the final action that IMSVA or Cloud Pre-Filter has taken. The query result also indicates the name and type of the policy rule that was triggered. • System events: Tracks the time of system events such as user access, modification of rules, registration of MCP agent and so on. • Policy events: Provides details on the policy rules that were triggered, the actions taken, and the message details. • MTA events: Provides connection details of Postfix on the local computer where the central controller is installed. • IP filtering: Provides the time when IMSVA started and stopped blocking email messages from the queried IP address. Log Query Behavior With the inclusion of Cloud Pre-Filter to IMSVA, changes in the way that users can query logs have been introduced. Message Tracking Enhancement IMSVA splits Message tracking logs in to: • IMSVA data only: These message tracking logs only contain data from IMSVA. • Cloud Pre-Filter + IMSVA data: These message tracking logs contain data from the Cloud Pre-Filter and IMSVA. IMSVA includes hyperlinks for quarantined, archived, and postponed messages in Message tracking logs. This provides detailed information about those messages. Query Behavior IMSVA provides the following log query behavior:
TABLE 23-1. General Query Information QUERY IMSVA ONLY IMSVA + CLOUD PRE-FILTER a@a.com Only the exact match is returned. Result: a@a.com Query conditions for Message tracking left blank • Subject • Message ID • Sender • Recipient * in Subject field All other query conditions left blank * in Message ID field All other query conditions left blank All query conditions can be left blank Logs Displays all messages sent to any variant of "a@a.com", including those with multiple recipients. Result: • za@a.com • a@a.com.us • a@a.com; b@a.com • b@a.com; a@a.com • b@a.com; a@a.com; c@a.com User must provide filtering criteria for at least one of the four query conditions. Returns all messages Returns approximately 10000 query results Returns all messages Returns approximately 10000 query results 23-5
Page 1:
TM InterScan Messaging Security Vir
Page 4 and 5:
The user documentation for Trend Mi
Page 6 and 7:
Trend Micro InterScan Messaging Sec
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 31 and 32:
Chapter 1 Introducing InterScan Mes
Page 33 and 34:
TABLE 1-1. Main Features and Benefi
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
TABLE 1-2. Types of spyware/graywar
Page 45 and 46:
Log Upload for Query Introducing In
Page 47 and 48:
Introducing InterScan Messaging Sec
Page 49 and 50:
Getting Started Chapter 2 This chap
Page 51 and 52:
Using the Online Help Getting Start
Page 53 and 54:
Setting Up a Child Device Getting S
Page 55 and 56:
Using Smart Search Getting Started
Page 57 and 58:
Getting Started • EUQ Services: H
Page 59 and 60:
Configuring User Accounts Chapter 3
Page 61 and 62:
To add administrator accounts: Conf
Page 63 and 64:
Configuring User Accounts Editing o
Page 65 and 66:
Chapter 4 Using the Configuration W
Page 67 and 68:
4. Type the following default user
Page 69 and 70:
Step 2: Configuring Deployment Sett
Page 71 and 72:
Step 4: Configuring Notification Se
Page 73 and 74:
Step 6: Configuring LDAP Settings U
Page 75 and 76:
a. For LDAP server type, select one
Page 77 and 78:
Step 7: Configuring Internal Addres
Page 79 and 80:
. Next to Server, type the TMCM IP
Page 81 and 82:
Updating Components This chapter ex
Page 83 and 84:
Specifying an Update Source Updatin
Page 85 and 86:
Rolling Back a Component Update Upd
Page 87 and 88:
5. Click Save. Updating Components
Page 89 and 90:
Chapter 6 Getting Started with Clou
Page 91 and 92:
Getting Started with Cloud Pre-Filt
Page 93 and 94:
TABLE 6-1. Cloud Pre-Filter Termino
Page 95 and 96:
Getting Started with Cloud Pre-Filt
Page 97 and 98:
Chapter 7 Getting Started with Emai
Page 99 and 100:
Using Email Encryption Using Trend
Page 101 and 102:
Getting Started with Email Encrypti
Page 103 and 104:
Getting Started with Email Encrypti
Page 105:
Section 2 Configuring IMSVA and Clo
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 191 and 192:
Managing Policies Chapter 13 This c
Page 193 and 194:
Managing Policies • Action: The a
Page 195 and 196:
Common Policy Objects Chapter 14 Th
Page 197 and 198:
Understanding Address Groups Common
Page 199 and 200:
Add an individual address: Common P
Page 201 and 202:
6. Click the Add button. The Add Ad
Page 203 and 204:
Common Policy Objects 4. Click the
Page 205 and 206:
To export an address group from an
Page 207 and 208:
3. Next to List name, type a descri
Page 209 and 210:
About Regular Expressions Common Po
Page 211 and 212:
Common Policy Objects Each characte
Page 213 and 214:
• 456abc • 56abc • 6abc • a
Page 215 and 216:
Literal string and escape character
Page 217 and 218:
5. Specify a digital asset definiti
Page 219 and 220:
TABLE 14-1. Predefined Expressions
Page 221 and 222:
TABLE 14-1. Predefined Expressions
Page 223 and 224:
Common Policy Objects • Specific
Page 225 and 226:
TABLE 14-2. Overview of the Keyword
Page 227 and 228:
TABLE 14-2. Overview of the Keyword
Page 229 and 230:
To add or modify a policy notificat
Page 231 and 232:
Common Policy Objects • To: Type
Page 233 and 234:
Common Policy Objects 2. Click Add
Page 235 and 236:
To enable the DKIM Approved List: C
Page 237 and 238:
To add domains to the Web Reputatio
Page 239 and 240:
Internal Addresses Chapter 15 This
Page 241 and 242:
Internal Addresses • Enter domain
Page 243 and 244:
3. To add addresses manually, do th
Page 245 and 246:
Internal Addresses 4. Click the Rec
Page 247 and 248:
Configuring Policies Chapter 16 Thi
Page 249 and 250:
Configuring Policies 3. Select Anti
Page 251 and 252:
Configuring Policies 4. Select the
Page 253 and 254:
Configuring the Route Configuring P
Page 255 and 256:
Specifying Scanning Conditions Conf
Page 257 and 258:
Antivirus rule Configuring Policies
Page 259 and 260:
Other rule Configuring Policies a.
Page 261 and 262:
TABLE 16-1. Regulatory Compliance T
Page 263 and 264:
Configuring Policies Note: For inst
Page 265 and 266:
Configuring Policies Note: If you s
Page 267 and 268:
5. To add your own attachment name,
Page 269 and 270:
Selecting Scanning Conditions for M
Page 271 and 272:
To select recipient number scanning
Page 273 and 274:
Specify actions for "Other" rules:
Page 275 and 276:
Configuring Policies • Send polic
Page 277 and 278:
TABLE 16-2. Intercept Settings SETT
Page 279 and 280:
Configuring Policies • Insert saf
Page 281 and 282:
Creating a Tag Subject Configuring
Page 283 and 284:
Configuring Policies 4. In the Orde
Page 285 and 286:
Encryption Settings Chapter 17 This
Page 287 and 288:
Encrypting Message Traffic Encrypti
Page 289 and 290: Scanning Exceptions Chapter 18 This
Page 291 and 292: Scanning Exceptions Configuring Exc
Page 293 and 294: To set scan actions for other scann
Page 295 and 296: Scanning Exceptions Setting Scan Ac
Page 297 and 298: Existing Policies Chapter 19 This c
Page 299 and 300: To add domains to the Domain List i
Page 301 and 302: Existing Policies 4. Click Name or
Page 303 and 304: Step 4: Specify the Priority 1. Cli
Page 305 and 306: Existing Policies 4. Click Subject
Page 307 and 308: Existing Policies 16. Click Save. T
Page 309: Section 4 Monitoring the Network
Page 312 and 313: Trend Micro InterScan Messaging Sec
Page 385 and 386: Backing Up, Restoring, and Replicat
Page 387 and 388: To export device configuration file
Page 389 and 390: To export settings: 1. Choose Admin
Page 391 and 392:
Settings That Cannot Be Restored
Page 393 and 394:
Backing Up, Restoring, and Replicat
Page 395 and 396:
Using End-User Quarantine This chap
Page 397 and 398:
To enable and configure LDAP: 1. Yo
Page 399 and 400:
Step 2: Enabling EUQ After configur
Page 401 and 402:
Using End-User Quarantine 3. Choose
Page 403 and 404:
3. Select Enable access. Using End-
Page 405 and 406:
Using End-User Quarantine Note: If
Page 407 and 408:
Disabling EUQ Using End-User Quaran
Page 409 and 410:
Chapter 28 Performing Administrativ
Page 411 and 412:
To add administrator accounts: Perf
Page 413 and 414:
Editing or Deleting Administrator A
Page 415 and 416:
Performing Administrative Tasks If
Page 417 and 418:
TABLE 28-1. LDAP Server Types LDAP
Page 419 and 420:
TABLE 28-2. LDAP Server Types LDAP
Page 421 and 422:
Performing Administrative Tasks 4.
Page 423 and 424:
7. Select Enable proxy under Proxy
Page 425 and 426:
To re-index database tables: Perfor
Page 427 and 428:
Performing Administrative Tasks •
Page 429 and 430:
• Trend Micro Antivirus and Conte
Page 431 and 432:
Chapter 29 Using the Command Line I
Page 433 and 434:
CLI Overview After you open the CLI
Page 435 and 436:
configure module IMSVA adminUI enab
Page 437 and 438:
configure network dns Configures DN
Page 439 and 440:
configure system password enable To
Page 441 and 442:
configure network route default Set
Page 443 and 444:
configure service ssh enable all En
Page 445 and 446:
help Displays the CLI help informat
Page 447 and 448:
start task postfix drop Using the C
Page 449 and 450:
stop service postfix Stops the post
Page 451 and 452:
service IMSVA Starts, stops, or res
Page 453 and 454:
show network Displays various IMSVA
Page 455 and 456:
PARAMETERS EXAMPLES: To display the
Page 457 and 458:
show service Displays the IMSVA ser
Page 459 and 460:
show module IMSVA status adminUI Di
Page 461 and 462:
shutdown Using the Command Line Int
Page 463 and 464:
EXAMPLES: Using the Command Line In
Page 465 and 466:
TABLE 29-1. Time Zone Setting Examp
Page 467 and 468:
TABLE 29-1. Time Zone Setting Examp
Page 469 and 470:
Modifying IMSVA Deployment Chapter
Page 471 and 472:
Adding and Removing Devices This se
Page 473 and 474:
Changing the Device Role from Paren
Page 475 and 476:
Changing IP Addresses Modifying IMS
Page 477 and 478:
Chapter 31 Updating and Rescuing th
Page 479 and 480:
Updating and Rescuing the System an
Page 481 and 482:
Chapter 32 Troubleshooting, FAQ, an
Page 483 and 484:
TABLE 32-1. Troubleshooting issues
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
Page 491 and 492:
Page 493 and 494:
Page 495 and 496:
TABLE 32-2. IMSVA Ports PORT NUMBER
Page 497 and 498:
TABLE 32-2. IMSVA Ports PORT NUMBER
Page 499 and 500:
Email Reputation Troubleshooting, F
Page 501 and 502:
End-User Quarantine Troubleshooting
Page 503 and 504:
ActiveUpdate How do I roll back a p
Page 505 and 506:
Troubleshooting, FAQ, and Support I
Page 507 and 508:
Troubleshooting Cloud Pre-Filter Un
Page 509 and 510:
• Email access to antivirus engin
Page 511:
Section 6 Appendices
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 524 and 525:
Page 526 and 527:
Page 528 and 529:
Page 530 and 531:
Page 532 and 533:
Page 534 and 535:
Page 536 and 537:
Page 538 and 539:
Page 540 and 541:
Page 542 and 543:
Page 544 and 545:
Page 546 and 547:
Page 548 and 549:
Page 550 and 551:
Page 552 and 553:
Page 554 and 555:
Page 556 and 557:
Page 558 and 559:
Page 560 and 561:
Page 562 and 563:
Page 564 and 565:
Page 566:
show all

InterScanTM Messaging Security Virtual Appliance - Online Help ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?