meg_700_ig_vmt_700-3369A00_en-us

Installation GuideRevision A

McAfee® Email Gateway Appliance(VMtrial) 7.0 Software

COPYRIGHTCopyright © 2011 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or byany means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONSAVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registeredtrademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive ofMcAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee® Email Gateway Appliance (VMtrial) 7.0 Software Installation Guide

Contents

1 Introducing VMtrial 5Description of McAfee Email Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . 5Supported platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5McAfee Email Gateway features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Evaluation period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9About McAfee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9About VMware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9What you get . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9What happens when the evaluation expires . . . . . . . . . . . . . . . . . . . . . . . 10

2 Installing VMtrial 11Decide how you want to use the evaluation . . . . . . . . . . . . . . . . . . . . . . . 11Considerations before installing VMtrial . . . . . . . . . . . . . . . . . . . . . . . . 11Network information you need to collect . . . . . . . . . . . . . . . . . . . . . . . . 12System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Install VMtrial on VMware vSphere . . . . . . . . . . . . . . . . . . . . . . . . . . 12Install VMtrial on VMware Player . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Configure the virtual appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3 Getting started with VMtrial 17The Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . 18Dashboard panes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Testing the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Task — Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Task — Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . 20Task — Test mail traffic and virus detection . . . . . . . . . . . . . . . . . . . . 20Task — Test spam detection . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Exploring the appliance features . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Introduction to policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Compliance Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . . 26Task — Identify quarantined email messages . . . . . . . . . . . . . . . . . . . 27

Index 31

McAfee® Email Gateway Appliance (VMtrial) 7.0 Software Installation Guide 3

1 Introducing VMtrial

McAfee Email Gateway Appliance (VMtrial) lets you evaluate the latest McAfee Email GatewayAppliance on VMware vSphere, or VMware Player.

Contents

Description of McAfee Email Gateway Supported platforms McAfee Email Gateway features Evaluation period Performance About McAfee About VMware What you get What happens when the evaluation expires

Description of McAfee Email GatewayMcAfee® Email Gateway 7.0 delivers comprehensive, enterprise-class protection against email threatsin an integrated and simple-to-manage appliance for SMTP and POP3.

If you purchase the McAfee Email Gateway after this evaluation, McAfee can either supply the relevanthardware and other items that accompany an appliance, or you can access the software using a virtualappliance.

Supported platforms McAfee Email Gateway Appliance (VMtrial) works on the following virtual platforms:

• VMware vSphere (ESX) 4.x

• VMware vSphere Hypervisor (ESXi) 4.x

• VMware Player 3.x

1


McAfee Email Gateway features This information describes the features of the product and where to locate them in the product interface.

Email scanning features

Feature Description

Comprehensivescanningprotection

Offers anti-virus and anti-spam protection for the following network protocols:

• SMTP

• POP3

Anti-virusprotection

Email | Email Policies | Anti-Virus

Reduce threats to all protocol traffic using:

• Anti-virus settings to identify known and unknown threats in viruses inarchives files, and other file types

• Other threat detection settings to detect viruses, potentially unwantedprograms, packers, and other malware

• McAfee Global Threat Intelligence file reputation to complement theDAT-based signatures by providing the appliances access to millions ofcloud-based signatures; this reduces the delay between McAfee detecting anew malware threat and its inclusion in DAT files, providing broader coverage

Anti-spamprotection

Email | Email Policies | Spam

Reduce spam in SMTP and POP3 email traffic using:

• Anti-spam engine, the anti-spam, and anti-phishing rule sets

• Lists of permitted and denied senders

• McAfee Global Threat Intelligence message reputation to identifysenders of spam email messages

• Permit and deny lists that administrators and users can create using aMicrosoft Outlook plug-in (user-level only)

Detect phishing attacks and take the appropriate action.

Encryption Email | EncryptionThe McAfee Email Gateway includes several encryption methodologies:

• Server-to-server encryption

• Secure Web Mail

• Pull delivery

• Push delivery

The encryption features can be set up to provide encryption services to theother scanning features, or can be set up as an encryption-only server used justto encrypt email messages.

McAfee GlobalThreatIntelligencefeedback

Email | Email Policies | Policy Options | McAfee GTI feedback

System | Setup Wizard

McAfee analyzes data about detections and alerts, threat details, and usagestatistics from a broad set of customers to combat electronic attacks, protectvulnerable systems from exploit, and thwart cyber crime. By enabling thisfeedback service in your product, you will help us improve McAfee Global ThreatIntelligence, thereby making your McAfee products more effective, as well ashelp us work with law enforcement to address electronic threats.

1 Introducing VMtrialMcAfee Email Gateway features


Feature Description

ComplianceSettings

Email | Email Policies | Compliance

This release of the product includes enhancements to the way the applianceuses compliance rules:

• In the Compliance policy, use the Rule Creation wizard to specify the inbuiltdictionaries that you want to comply with, or create the a new rule using anexisting rule as a template.

• Use the Mail size filtering and File filtering policies to check SMTP email messagesfor true file types and take action on email based on size and number ofattachments.

Data LossPrevention

Email | DLP and Compliance

Use the Data Loss Prevention policy to upload and analyze your sensitivedocuments — known as training — and to create a fingerprint of each document.

Message Search Reports | Message search

From a single location within the user interface, Message Search allows you toconfirm the status of email messages that have passed through the appliance.It provides you with information about the email, including whether it wasdelivered or blocked, if the message bounced, if it was quarantined, or held in aqueue pending further action.

Quarantinefeatures

Email | Quarantine Configuration | Quarantine Options

• Quarantine digests — Allow users to handle quarantined items without involvingthe email administrator.

• McAfee Quarantine Manager — Consolidate quarantine management for McAfeeproducts.

Message TransferAgent

• Reroute traffic on-the-fly based on criteria set by the administrator. Forexample, encrypted mail can be rerouted for decryption.

• Allow the administrator to determine the final status of each message.

• See a quick view summary of inbound email messages by domain withdrill-down facilities per domain and undeliverable email by domain.

• Prioritize the redelivery of undeliverable email based on domain.

• Pipeline multiple email deliveries to each domain.

• Rewrite an email address on inbound and outbound email based on regularexpressions defined by the administrator.

• Strip email headers on outbound messages to hide internal networkinfrastructure.

• Deliver messages using TLS.

• Manage certificates.

Introducing VMtrialMcAfee Email Gateway features 1


Reporting and System features

Feature Description

ScheduledReports

Reports | Scheduled Reports

Schedule reports to run on a regular basis and send them to one or more emailrecipients.

Logging options System | Logging, Alerting and SNMP

You can configure the appliance to send emails containing information aboutviruses and other detected threats, and to use SNMP to transfer information fromyour appliance.

Dashboardstatistics

Dashboard

The Dashboard provides a single location for you to view summaries of theactivities of the appliance, such as the email flowing through the appliance, andthe overall system health of the appliance. You can also go directly to areas ofthe user interface that you often use.

ePolicyOrchestratormanagement ofappliances

System | Setup Wizard

Choose the ePO Managed Setup option to monitor the status of your appliances andalso manage your appliance from ePolicy Orchestrator.

You can directly manage your appliances from ePolicy Orchestrator, withoutneeding to launch the interface for each appliance.

In ePolicy Orchestrator, the user interface pages that you use to configure andmanage your appliance have a familiar look-and-feel to the pages that you findwithin the appliances.

ClusterManagement

System | System Administration | Cluster Management

Cluster management enables you to set up groups of appliances that worktogether to share your scanning workloads, and to provide redundancy in theevent of hardware failure.

From these pages you can back up and restore your configurations, pushconfigurations from one appliance to others, and set up load balancing betweenyour appliances.

Virtual Hosts System | Virtual Hosting | Virtual Hosts

For the SMTP protocol, you can specify the addresses where the appliancereceives or intercepts traffic on the Inbound Address Pool.

Using virtual hosts, a single appliance can appear to behave like severalappliances. Each appliance can manage traffic within specified pools of IPaddresses, enabling the appliance to provide scanning services to traffic frommany customers.

Role-basedAccess Control

System | Users | Users and Roles

System | Users | Login Services

In addition to the Kerberos authentication method, RADIUS authentication is alsoavailable.

Evaluation periodDuring the evaluation period, you get unlimited access to McAfee Email Gateway Appliance featuresthat can protect your organization from spam, phishing, viruses, undesirable content, data loss, andother threats.

1 Introducing VMtrialEvaluation period


The evaluation period lasts for 30 days, after which time the virtual appliance will cease to function.When the evaluation period ends, an Expiry Information dialog box on the VMtrial logon page tells you"The trial has now expired." All functionality stops working. Traffic continues to pass through theVMtrial appliance but is not scanned.

If you run out of time to complete your evaluation before it expires, you can save your configuration,begin another evaluation and apply your original configuration settings.

To purchase the product based on your evaluation, contact your preferred reseller. To locate a reseller,go to http://www.mcafee.com to find a Reseller or Distribution Partner or contact a sales representative.

PerformanceUsing virtual software to simulate a McAfee appliance impacts appliance performance and trafficthroughput.

Scanning throughput during the evaluation is not representative of the performance that would beachieved on a McAfee appliance with a similar hardware specification. Performance and trafficthroughput are also affected by the host computer specification and the size of your Internet connection.

About McAfeeMcAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largestdedicated security technology company. McAfee delivers proactive and proven solutions and servicesthat help secure systems, networks, and mobile devices around the world, allowing users to safelyconnect to the Internet, browse, and shop the web more securely. Backed by its unrivaled globalthreat intelligence, McAfee creates innovative products that empower home users, businesses, thepublic sector, and service providers by enabling them to prove compliance with regulations, protectdata, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security.McAfee is relentlessly focused on constantly finding new ways to keep our customers safe.

About VMwareVMware (NYSE:VMW), the global leader in virtualization and cloud infrastructure, deliverscustomer-proven solutions that accelerate IT by reducing complexity and enabling more flexible, agileservice delivery. VMware enables enterprises to adopt a cloud model that addresses their uniquebusiness challenges. VMware’s approach accelerates the transition to cloud computing whilepreserving existing investments and improving security and control. With more than 250,000customers and 25,000 partners, VMware solutions help organizations of all sizes lower costs, increasebusiness agility and ensure freedom of choice.

What you getIn the evaluation .zip file, you have the following items:

Introducing VMtrialPerformance 1


http://www.mcafee.com

• McAfee Email Gateway Appliance (VMtrial) installation files

• McAfee Email Gateway Appliance (VMtrial) Installation Guide

Sources of information

You can find installation and configuration information in the following locations:

• Online Help

• The configuration console contains page-sensitive Help information to guide you through theinstallation process.

• After installation, detailed context-sensitive Help with Search and Index features is available fromthe product interface. It provides an introduction to the product and its features, detailedinstructions for configuring the software, information on recurring tasks, and operatingprocedures.

• KnowledgeBase — Use the McAfee KnowledgeBase for answers to questions about McAfee EmailGateway Appliance.

Go to https://mysupport.mcafee.com/ and click Browse the KnowledgeBase. From the Product list, selectEmail Gateway.

• Documentation — You have access to the latest version of the McAfee Email Gateway Appliancedocumentation.

Go to https://mysupport.mcafee.com/, click Product Documentation, and select Email Gateway.

For help with VMware vSphere or VMware Player, go to http://www.vmware.com, type your questionto the Search VMware Knowledge Base box, and click Search.

What happens when the evaluation expiresFind out what to do when the McAfee® Email Gateway Appliance (VMtrial) evaluation finishes toconvert to a licensed product.

When the evaluation period ends, an Expiry Information dialog box on the VMtrial logon page tells you"The trial has now expired." All McAfee® Email Gateway Appliance (VMtrial) functionality stopsworking. Traffic continues to pass through the VMtrial appliance but is not scanned.

NOTE: If you run out of time to complete your evaluation before it expires, you can save yourconfiguration, begin another evaluation and apply your original configuration settings.

To purchase the product based on your evaluation, contact your preferred reseller. To locate a reseller,go to http://www.mcafee.com to find a Reseller or Distribution Partner or contact a sales representative.

1 Introducing VMtrialWhat happens when the evaluation expires


https://mysupport.mcafee.com/

https://mysupport.mcafee.com/

http://www.vmware.com

http://www.mcafee.com

2 Installing VMtrial

This information helps you prepare your evaluation environment and presents topics to considerbefore you install McAfee Email Gateway Appliance (VMtrial).

Contents

Decide how you want to use the evaluation Considerations before installing VMtrial Network information you need to collect System requirements Install VMtrial on VMware vSphere Install VMtrial on VMware Player Configure the virtual appliance

Decide how you want to use the evaluationBefore you start to install the evaluation, you must decide whether you want to:

• Use McAfee Email Gateway Appliance (VMtrial) to scan email traffic on your network.

• Just evaluate the McAfee Email Gateway Appliance features and interface options.

Considerations before installing VMtrialIf you want McAfee Email Gateway Appliance (VMtrial) to scan email traffic on your network, considerthe following before you start the installation process:

• Which protocols do you want to scan? Choose from SMTP and POP3.

• Do you want to scan these protocols without changing settings on clients or servers?

• Does your network have a DMZ? If so, which servers are located in it?

• Do you have an internal DNS server?

• The operational mode that you want to use. Choose from explicit proxy mode, transparent bridgemode, or transparent router mode. Information about the features of each operating mode can befound in the McAfee Email Gateway Virtual Appliance Installation Guide available from https://mysupport.mcafee.com.

If VMware vSphere is already installed and running correctly in your operating environment, McAfeerecommends that you use it to run McAfee Email Gateway Appliance (VMtrial).

2


https://mysupport.mcafee.com

https://mysupport.mcafee.com

Network information you need to collectGather the following information before you start the installation process:

• Protocols to scan (SMTP, POP3)

• Host name

• Domain name

• Default gateway

• Choose your operational mode: explicit proxy, transparent router, transparent bridge.

Information about the operational modes can be found in the McAfee Email Gateway Virtual ApplianceInstallation Guide available from http://mysupport.com.

• LAN1 port IP address and subnet mask

• LAN2 port IP address and subnet mask

• DNS server IP address

• Any onward email server IP address

System requirementsIf you plan to use VMtrial in your production environment, remember that traffic throughput andperformance are slower than an appliance with a similar hardware specification.

VMtrial does not run on the FAT32 filesystem.

Component Value

Processor 2.8 GHz Pentium 4 processor with Physical Address Extension (PAE) support

Available memory 1 GB

Free hard disk space 50 GB

Virtual environment If VMware vSphere is already installed and running correctly in your operatingenvironment, McAfee recommends that you use it to run McAfee EmailGateway Appliance (VMtrial).

Browser The appliance's interface is optimized for Microsoft Internet Explorer 7.0 orlater, and Mozilla Firefox 3.6 or later.

Install VMtrial on VMware vSphereUse this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer runningVMware vSphere 4.x or VMware vSphere Hypervisor (ESXi) 4.x.

Before you begin

• Download the McAfee Email Gateway Appliance (VMtrial) package .zip file from theMcAfee download site and extract it to a location where the VMware vSphere Client cansee it.

• Install a fully licensed copy of VMware vSphere 4.x or VMware vSphere Hypervisor(ESXi) 4.x.

2 Installing VMtrialNetwork information you need to collect


http://mysupport.com

The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for thefollowing parameters:

• Host name

• Domain name

• Default gateway

• DNS server

The console appears when the appliance restarts until you complete the settings.

Task

1 Start the VMware vSphere Client application.

2 Log on to the VMware vSphere server, or the vCenter Server.

3 From the Inventory list, select the host or cluster onto which you want to import the virtual appliancesoftware.

4 Click File | Deploy OVF Template | Deploy From File, and click Browse to go to where you extracted the .zip fileyou downloaded from the McAfee download site.

5 Open the VMtrial subfolder from the .zip file, and select the McAfee_MEG_VMtrial.vSphere_ESX.ovf file, andclick Open.

6 Click Next twice, and optionally type a new name.

7 Select the resource pool that you want to use if you have any configured.

8 Select the datastore that you want to use, and click Next.

9 Select the virtual networks to which the virtual appliance NICs will be connected.

10 Click Next, read the summary, then click Finish and wait for the import process to finish.

You can install the virtual appliance on more than one VMware vSphere server.

Install VMtrial on VMware PlayerUse this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer runningVMware Player.

Before you begin

Download the McAfee Email Gateway Appliance (VMtrial) package .zip file from the McAfeedownload site and extract it to the computer on which you plan to run the evaluation.

Download VMware Player from http://www.vmware.com/go/get-player.

The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for thefollowing parameters:

• Host name

• Domain name

• Default gateway

• DNS server

Installing VMtrialInstall VMtrial on VMware Player 2


http://www.vmware.com/go/get-player

The console appears when the appliance restarts until you complete the settings.

Task

1 Log on to the computer as an administrator.

2 Install VMware Player:

a Double-click the VMware Player installation file and click Run to start the installer.

b Click Next and continue through the installer selecting the desired options.

c On the last page, click Continue to begin the installation.

The computer must be restarted before you can run McAfee Email Gateway Appliance (VMtrial).

3 Run the VMtrial installation file:

a Browse to the folder where you extracted the McAfee Email Gateway Appliance (VMtrial)package .zip file.

b Open the VMtrial folder.

c Double-click the McAfee_MEG_VMtrial.VMware_Player.vmx file.

VMware Player starts, and the installation begins.

You can install the virtual appliance on more than one VMware Player server.

Configure the virtual appliance Use this task to configure the virtual appliance.

Before you begin

Ensure your virtual environment is installed and running correctly.

Task

1 Start the virtual appliance. The installation starts automatically.

2 Read the End-User License Agreement to continue with the installation, then click y to accept it andstart the installation.

3 At the installation menu, select a to perform a full installation and y to continue.

4 When the installation is complete, the virtual appliance restarts.

5 On the Welcome screen, choose the language that you want to use.

6 Accept the terms of the license agreement.

7 Configure the virtual appliance from the graphical configuration wizard.

2 Installing VMtrialConfigure the virtual appliance


8 Apply the configuration to the virtual appliance. Depending on the settings you entered, it mightrestart. You can install the virtual appliance on more than one VMware vSphere, VMware vSphereHypervisor, or VMware Player server. To do so:

a Follow the steps in this task on another VMware vSphere, VMware vSphere Hypervisor, orVMware Player server.

b Return to the previously installed virtual appliance user interface.

c Go to System | System Administration | Configuration Push to send the configuration details to thesecond virtual appliance.

Installing VMtrialConfigure the virtual appliance 2


3 Getting started with VMtrial

This information introduces you to the interface elements that make up McAfee Email GatewayAppliance (VMtrial).

Contents

The Dashboard Testing the configuration Exploring the appliance features

The DashboardThe Dashboard provides a summary of the activity of the appliance.

Dashboard

Use this page to access most of the pages that control the appliance.

On a cluster master appliance, use this page also to see a summary of activity on the cluster ofappliances.

3


Benefits of using the DashboardThe Dashboard provides a single location for you to view summaries of the activities of the appliancethrough a series of portlets.

Figure 3-1 Dashboard portlets

Some portlets display graphs that show appliance activity over the following periods of time:

• 1 hour • 2 weeks

• 1 day (the default) • 4 weeks

• 1 week

Within the Dashboard, you can make some changes to the information and graphs displayed:

•Expand and collapse the portlet data using the and icons in the portlet's top right-hand corner

• Drill down to specific data using the and icons

• See a status indicator that shows whether the item needs attention:

• — Healthy. The reported items is functioning normally

• — Requires Immediate Attention. A critical threshold has been exceeded

• — Disabled. A service is not enabled

•Use and to zoom in and zoom out of a timeline of information. There is a short delaywhile the view is updated. By default, the dashboard shows data relating to the previous one day.

• Move a portlet to another location on the Dashboard

3 Getting started with VMtrialThe Dashboard


• Double-click the top bar of a portlet to expand it across the top of the Dashboard

• Set your own alert and warning thresholds to trigger events. To do so, highlight the item and clickit, edit the alert and warning threshold fields, and click Save. When the item exceeds the thresholdyou set, an event is triggered.

Depending on the browser used to view the McAfee Email Gateway user interface, the Dashboard"remembers" the current state of each portlet (whether it is expanded or collapsed, and if you havedrilled down to view specific data) and attempts to recreate that view if you navigate to another pagewithin the user interface and then return to the Dashboard within the same browsing session.

Dashboard panesThis topic discusses the panes found on the dashboard within the user interface of your Email Gateway.

Option Definition

Email Detectionsand WebDetections

Displays the number of detections under each protocol. Click Edit to change the view inthis window. Although you can choose not to display information about a protocol, theappliance continues to scan that traffic

System Health Displays the status of important components and lets you change the settings ofrecommended system configuration changes:

• For Updates, a green checkmark indicates that the components will update itselfautomatically. To make a manual update, click the blue link

• For other components, a green checkmark indicates that the component is operatingwithin acceptable limits. For more information, click the blue links

• To adjust the levels at which the warning and alert icons appear, and to change whatthe recommended configuration changes dialog box displays, click Edit

Currentdetection rates

Displays the status of important detections by the appliance, using icons

Network Displays the number of connections under each protocol. Although you can deselect aprotocol after clicking Edit, the appliance continues to handle that traffic

Email Queues Displays the number of items, and the number of recipients for each queued item inthe Queued, Quarantined, and Release requests queues maintained by the appliance,using icons. To visit the pages that manage the queues, click the blue links. To quicklysearch through email in the queues, click Quick search

ScanningPolicies

Displays a list of the policies that the appliance is applying. Although you can deselecta protocol after clicking Edit, the appliance continues to apply policies to that traffic. Toview the scanning policies or add more policies, click the blue links

Tasks Displays a list of common tasks. To remove or reorganize the tasks, click Edit

Load balancing On a master cluster appliance, displays the state of the cluster of appliances. Tochange the settings of the meter, click Edit

Graphs ... Displays graphs that show appliance activity over time. Although you can deselect aprotocol after clicking Edit, the appliance continues to monitor that traffic

Testing the configurationThis information describes how to test that the appliance is functioning correctly after installation.

Contents

Task — Test connectivity Task — Update the DAT files Task — Test mail traffic and virus detection

Getting started with VMtrialTesting the configuration 3


Task — Test spam detection

Task — Test connectivityUse this task to confirm basic connectivity.

The McAfee Email Gateway checks that it can communicate with the gateway, update servers and DNSservers. It also confirms that the appliance name and domain name are valid.

Task

1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from theTasks area.

2 Select the Tests tab.

3 Click Start Tests.

Each test should return positively.

Task — Update the DAT filesUse this task to ensure that the McAfee Email Gateway has the most up-to-date detection definition(DAT) files. We recommend updating them before you configure the scanning options.

As you progress using the McAfee Email Gateway, you can choose to update individual types ofdefinition file and change the default scheduled updates to suit your requirements.

Task

1 Select System | Component Management | Update Status .

2 To update the anti-virus engine and anti-virus database, click Update Now.

To check that the update applied correctly, open the Services portlet in the Dashboard, and expandthe Updates status. The Anti-virus components will have a green status.

Task — Test mail traffic and virus detectionUse this task to test that mail traffic is passing successfully through the McAfee Email Gateway andthat threats are correctly identified. We use the EICAR test file, a harmless file that triggers a virusdetection.

Task

1 Send an email message from an outside email account (such as Hotmail) to an internal mailboxand confirm that it arrived.

2 On the Dashboard, look at the Detections areas. The listing for the protocol you used to send themessage should show that a message was received.

3 Copy the following line into a file, making sure you do not include any spaces or line breaks:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

4 Save the file with the name EICAR.COM.

5 From an external email account (SMTP client), create a message that contains the EICAR.COM fileas an attachment and send the message to an internal mailbox.

6 Return to the Dashboard and look at the Detections areas. You should see that a virus was detected.

7 Delete the message when you finish testing your installation, to avoid alarming unsuspecting users.

3 Getting started with VMtrialTesting the configuration


Task — Test spam detectionUse this task to run a General Test mail for Unsolicited Bulk Email (GTUBE) to verify that the McAfeeEmail Gateway is detecting incoming spam.

Task

1 From an external email account (SMTP client), create a new email message.

2 In the body of the message, copy the following text:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Make sure that you type this line with no line breaks.

3 Send the new email message to an internal mailbox address.

The device scans the message, recognizes it as a junk email message, and deals with itaccordingly. The GTUBE overrides blacklists and whitelists.

For more information about the GTUBE, visit http://spamassassin.apache.org/tests.html.

Exploring the appliance featuresThis information contains tasks to demonstrate the McAfee Email Gateway Virtual Appliance 7.0scanning features in action. It provides step-by-step instructions to create and test some samplepolicies and tells you how to generate applicable reports.

Contents

Introduction to policies Encryption Compliance Settings Data Loss Prevention settings Task — Identify quarantined email messages

Introduction to policiesThe appliance uses policies which describe the actions that the appliance must take against threatssuch as viruses, spam, unwanted files, and the loss of confidential information.

Email | Email Policies

Policies are collections of rules or settings that can be applied to specific types of traffic or to groups ofusers.

EncryptionThe Encryption pages enable you to set up McAfee Email Gateway to use the supported encryptionmethods to securely deliver your email messages.

Email | Encryption

Getting started with VMtrialExploring the appliance features 3


http://spamassassin.apache.org/tests.html

The McAfee Email Gateway includes several encryption methodologies, and can be set up to provideencryption services to the other scanning features, or can be set up as an encryption-only server usedjust to encrypt email messages.

Task — Encrypt all email traffic to a specific customerA common use of the encryption features is to configure a policy to use encryption for email messagesgoing to a specific customer.

This group of tasks show how to configure your McAfee Email Gateway so that all email messagesbeing sent to s specific customer are sent using encryption.

Task — Create a new scanning policyLearn how to create a new scanning policy.

Your appliance uses the policies you create to scan the email messages sent through the appliance.You can create multiple policies to control the way different users use email, or to specify differentactions based on specific circumstances.

Task

1 Click Email | Email Policies | Scanning Policies.

2 Select the required protocol using steps in Task — View policies for SMTP, POP3 or McAfee SecureWeb Mail.

3 Click Add policy...

4 In the Scanning Policies — New Policy page, enter the following information:

a A name for the policy.

b An optional description for the new policy.

c Where the new policy inherits its settings from.

If you have a similar policy already set up, select this to allow its settings to be inherited by thenew policy.

d Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only)

e Select the required Match logic for the policy.

f Select the type of rule, how it should match and the value that the rule tests against.

g If required, add additional rules, and use the and buttons to correctly order the rules.

5 Click OK.

The new policy is added to the top of the list of policies.

Task — Configure the encryption settingsConfigure your McAfee Email Gateway to use encryption.

Task

1 Click Email | Encryption | Secure Web Mail | Basic Settings.

2 Select Enable the Secure Web Mail Client.

3 Getting started with VMtrialExploring the appliance features


3 Click Email | Encryption | Secure Web Mail | User Account Settings.

Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. Theadministrator chooses whether to do push and/or pull encryption.

4 Click Email | Encryption | Secure Web Mail | Password Management.

The minimum password length is eight characters. The password expires after 365 days.

Task — Enable encryption within your email policyEnable the required encryption features on your McAfee Email Gateway.

Task

1 Click Email | Email Policies | Compliance

2 Click Enable compliance, and select Create new rule from template.

3 Search for the HIPAA Compliance rule and select it.

4 Click Next to progress through the wizard.

5 Select the primary action to Allow Through (Monitor).

6 In And also, select Deliver message using encryption.

7 Click Finish, and click OK to close the dialog box.

8 Click Email | Email Policies | Policy Options | Encryption.

9 In When to Encrypt, select Only when triggered from a scanner action.

10 In On-box Encryption Options, select Secure Web Mail, and click OK.

11 Apply the changes.

Compliance Settings Use this page to create and manage compliancy rules.

Email | Email Policies | Compliance | Compliance

Benefits of the compliance settings

Use compliance scanning to assist with conformance to regulatory compliance and corporate operatingcompliance. You can choose from a library of predefined compliance rules, or create your own rulesand dictionaries specific to your organization.

Compliance rules can vary in complexity from a straightforward trigger when an individual term withina dictionary is detected, to building on and combining score-based dictionaries which will only triggerwhen a certain threshold is reached. Using the advanced features of compliance rules, dictionaries canbe combined using logical operations of any of, all of, or except.



Task — Restrict the score contribution of a dictionary termUse this task to restrict the score contribution of a dictionary term.

Before you begin

This task assumes that your rule includes a dictionary which triggers the action based on athreshold score, such as the Compensation and Benefits dictionary.

You can restrict how many times a term can contribute to the overall score.

For example, if ’testterm’ within a dictionary has a score of 10 and is seen five times within an email,it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute onlytwice by setting ‘Maximum term count’ to 2.

Task

1 Select Email | Email Policies | Compliance.

2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose scoreyou want to change.

3 In Maximum term count, type the maximum number of times that you want a term to contribute to thescore.

Task — Edit the threshold associated with an existing ruleUse this task to edit the threshold associated with an existing rule.

Before you begin

This task assumes that your rule includes a dictionary which triggers the action based on athreshold, such as the Compensation and Benefits dictionary.

Task


2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose scoreyou want to change.

3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK.

Task — Create a rule to monitor or block at a thresholdFor score-based dictionaries you might want to monitor triggers that reach a low threshold, and onlyblock the email when a high threshold is achieved.

Task


2 Click Create new rule, type a name for it such as Discontent - Low, and click Next.

3 Select the Discontent dictionary, and in Threshold, type 20.

4 Click Next, and Next again.

5 In If the compliance rule is triggered, accept the default action.

6 Click Finish.



7 Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign ita threshold of 40.

8 In If the compliance rule is triggered, select Deny connection (Block).

9 Click Finish.

10 Click OK and apply the changes.

Task — Add a dictionary to a ruleUse this task to add a new dictionary to an existing rule.

Task


2 Expand the rule that you want to edit.

3 Select Add dictionaries.

4 Select the new dictionary that you want to include, and click OK.

Task — Create a complex custom ruleUse this task to create a complex rule that triggers when both Dictionary A and Dictionary B aredetected, except when Dictionary C is also detected.

Task

1 Select Email | Email Policies | Scanning Policies and select Compliance.

2 On the Default Compliance Settings dialog box, click Yes to enable the policy.

3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 Select two dictionaries to include in the rule, and click Next.

6 Select a dictionary that you want to exclude from the rule in the exclusion list.

7 Select the action that you want to take place if the rule triggers.

8 From the And conditionally drop down box, select All, and click Finish.

Task — Create a simple custom ruleUse this task to create a simple custom rule that blocks messages that contain social security numbers.

Task



3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 In the Search field, type social.



6 Select the Social Security Number dictionary, and click Next twice.

7 Select the Deny connection (Block) action, and click Finish.

Task — Block messages that violate a policyUse this to task to block messages that violate a threatening language policy.

Task



3 Click Create new rule from template to open the Rule Creation Wizard.

4 Select the Acceptable Use - Threatening Language policy, and click Next.

5 Optionally change the name of the rule, and click Next.

6 Change the primary action to Deny connection (Block), and click Finish.

7 Click OK and apply the changes.

Data Loss Prevention settings Use this page to create a policy that assigns data loss prevention actions against the registereddocument categories.

Email | Email Policies | Compliance | Data Loss Prevention

Benefits of using Data Loss Prevention (DLP)You can choose to restrict the flow of sensitive information sent in email messages by SMTP throughthe appliance using the Data Loss Prevention feature. For example, by blocking the transmission of asensitive document such as a financial report that is to be sent outside of your organization. Detectionoccurs whether the original document is sent as an email attachment, or even as just a section of texttaken from the original document.

Configuring DLP takes place in two phases:

• Registering the documents that you want to protect.

• Setting the DLP policy to action, and control the detection (this topic)

If an uploaded registered document contains embedded documents, their content is also fingerprintedso the combined content is used when calculating the percentage match at scan time. To haveembedded documents treated individually, they must be registered separately.

Task — Prevent a sensitive document from being leakedUse this task to block sensitive financial documents from being sent outside your organization.

Before you begin

This example assumes that you have already created a Finance category.



Task1 Select Email | Email Policies | Compliance | Data Loss Prevention.

2 On the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.

3 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.

4 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.

5 Click OK again, and apply the changes.

Task — Block a section of the documentUse this task to block just a small section of the document from being sent outside your organization.



3 Enable the consecutive signatures setting, and type the number of consecutive signatures againstwhich the DLP policy will trigger a detection. The level is set to 10 by default.

4 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.

5 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.


Task — Exclude a specific document for a policyUse this task to prevent a specific financial document from triggering the DLP policy settings.



3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK.


Task — Identify quarantined email messagesUse this task to discover which email messages have been quarantined by your McAfee Email GatewayAppliance.

To view a list of all messages that have been quarantined:

Task1 Click Reports | Message Search.

2 Select Quarantined from the Message status drop-down list.

3 Click Search/Refresh.

All messages that have been quarantined are displayed in the lower part of the page.



Tasks

• Task — Refine the search on page 28

• Task — View a specific email message on page 28

• Task — Release a quarantined email message on page 28After viewing the email message that has been quarantined, you may want to release themessage from Quarantine. This task allows you to do this.

Task — Refine the searchYou can further refine your search for quarantined email messages to show only those that have beenquarantined due to specific triggers. In this example, to find those email messages quarantined due tocompliancy issues:

Task

1 Complete the steps in Task — Find out which email messages are quarantined.

2 Select Compliancy from the Category drop-down list.


The lower part of the screen is refreshed to show only the messages that have been quarantined dueto compliancy issues.

Task — View a specific email messageYou can view the content of a quarantined email message.

Task

1 Complete the steps in Task — Refine the search.

2 Select the relevant quarantined message using the check-box to the left of the page.

3 Click View Message.

The selected message is displayed in a new window. From this window, you can view the content ofthe email message. You can also choose to view the detailed email header information. Once you haveviewed the message, by clicking the relevant buttons, you can choose further actions to perform onthe email message.

Task — Release a quarantined email messageAfter viewing the email message that has been quarantined, you may want to release the messagefrom Quarantine. This task allows you to do this.

To release a selected message from quarantine:

Task

1 Complete the steps in Task — View a specific email message.

2 Click Release Selected.

The selected email message is released from quarantine.

Email messages that contain viral content cannot be released from quarantine, as to do so would riskcausing damage to your systems.



Task — Refine the searchYou can further refine your search for quarantined email messages to show only those that have beenquarantined due to specific triggers. In this example, to find those email messages quarantined due tocompliancy issues:

Task

1 Complete the steps in Task — Find out which email messages are quarantined.

2 Select Compliancy from the Category drop-down list.


The lower part of the screen is refreshed to show only the messages that have been quarantined dueto compliancy issues.



Index

B

benefits of data loss prevention 26

benefits of DLP 26

C

cluster configurationstatistics 17

compliance 23

Compliancebenefits of 23

scanning for 23

configuration change messages 17

configure the virtual appliance 14

D

Dashboard 17

data loss preventionbenefits 26

data loss prevention (DLP) 26

detectionsrates and statistics 17

dictionariesadding to policies 23

editing scores and terms 23

DLPbenefits 26

DLP (data loss prevention) 26

E

email policiescompliance 23

email queues 17

email status 17

encryption 21

environmentsupported platforms 5

F

feature descriptions 6

G

graphsemail and network statistics 17

I

installationconfigure the virtual appliance 14

M

McAfee Global Threat Intelligence 17

N

network status 17

P

policiesintroduction to 21

status 17

product features 6

S

Scanningfor compliance 23

statisticsDashboard 17

supported platforms 5

T

threat feedback 17

V

virtual applianceinitial configuration 14

virtual platformssupported 5

W

warning messagesDashboard 17

web policiescompliance 23


700-3369A00

Documents

meg_700_ig_vmt_700-3369A00_en-us