Trend Micro InterScan™ Messaging Security Virtual Appliance 9.1 Online Help

Collapse AllExpand All
  • about IMSVA [1]
  • activate
  • add
    • administrator accounts [1]
  • address group
  • address groups
    • examples of [1]
    • understand [1]
  • administrator accounts
  • Advanced Threat Scan Engine [1]
  • adware [1]
  • antivirus rule [1]
  • APOP [1]
  • approved list
    • add hosts [1]
  • approved senders list
    • configure [1]
  • archive
    • configure settings [1]
  • archive areas
  • archived messages
  • asterisk wildcard
  • attachment size
    • scanning conditions [1]
  • backing up [1]
  • back up [1]
  • blocked list
    • add hosts [1]
  • blocked senders list
    • configure [1]
  • bounced mail settings
    • configure [1]
  • C&C email [1]
  • CA certificates [1]
  • change
    • management console password [1]
  • child
    • configure IP Settings [1]
  • Cloud Pre-Filter
    • configure DNS MX records [1]
    • create account [1]
    • create policy [1]
    • policies [1]
    • suggested settings with IMSVA [1]
    • understand [1]
    • verify it works [1]
  • Cloud Pre-Filter tab [1]
  • Command & Control (C&C) Contact Alert Services [1]
  • community [1]
  • component update [1]
  • condition statements [1]
  • Configuration Wizard
  • configure [1]
    • approved senders list [1]
    • archive settings [1]
    • blocked senders list [1]
    • child IP settings [1]
    • connection settings [1] [2]
    • Control Manager server settings [1] [2]
    • database maintenance schedule [1]
    • delivery settings [1]
    • Deployment Settings [1] [2]
    • Direct Harvest Attack (DHA) settings [1]
    • DNS MX records [1]
    • Email reputation [1]
    • encrypted message scan actions [1]
    • expressions [1]
    • internal addresses [1] [2] [3]
    • LDAP settings [1]
    • log settings [1]
    • Message Delivery settings [1]
    • Message Rule settings [1]
    • notification messages [1]
    • notification settings [1] [2]
    • other scanning exceptions scan actions [1] [2]
    • POP3 settings [1] [2]
    • product settings [1] [2]
    • quarantine settings [1]
    • route [1]
    • scan exceptions [1]
    • scheduled reports [1]
    • security setting violation exceptions [1] [2]
    • security setting violation scan actions [1]
    • Sender Filtering [1]
    • Sender Filtering bounced mail settings [1]
    • Sender Filtering SMTP traffic throttling settings [1]
    • Sender Filtering spam settings [1]
    • Sender Filtering virus settings [1]
    • SMTP routing [1] [2] [3]
    • SMTP settings [1]
    • spam text exemption rules [1]
    • System Settings [1] [2]
    • TMCM settings [1]
    • update source [1] [2]
    • Web EUQ Digest settings [1]
  • configure event criteria [1]
  • configuring
    • Encryption settings [1]
  • connection settings
  • Control Manager
    • enable agent [1]
    • replicate settings [1]
    • see Trend Micro Control Manager [1]
  • Control Manager server settings
  • Conventional scan [1]
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2] [3]
  • customized keywords [1]
  • customized templates [1]
  • dashboard
  • database
    • configure maintenance schedule [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keywords [1]
  • Data Loss Prevention [1]
  • Data Loss Prevention (DLP) [1]
  • default tabs [1]
  • delete
    • address group [1]
    • administrator accounts [1]
  • delivery settings
    • configure [1]
  • Deployment Settings
  • dialers [1]
  • Direct Harvest Attack (DHA) settings
    • configure [1]
  • display
    • domains [1]
    • suspicious IP addresses [1]
  • DKIM Signing [1]
  • DLP [1]
  • domains
  • edit
    • address group [1]
    • administrator accounts [1]
  • Email Encryption
    • managing domains [1]
    • registering domains [1]
    • understand [1]
  • email relay [1]
  • Email reputation
  • email threats
    • spam [1]
    • unproductive messages [1]
  • enable
    • Control Manager agent [1]
    • Email reputation [1]
    • End-User Access [1] [2]
    • EUQ [1] [2]
    • IP Profiler [1]
    • POP3 scanning [1]
    • sender filtering rules [1]
    • SMTP Traffic Throttling [1]
  • encrypting messages [1]
  • Encryption settings
    • configuring [1]
  • End-User Access
  • ERS
  • EUQ [1]
  • event criteria
    • configure [1]
  • event notifications [1]
  • export notes [1]
  • expression lists
  • expressions [1] [2]
  • file attributes [1] [2] [3] [4]
  • File Reputation Services [1]
  • filtering, how it works [1]
  • filters
    • examples of [1]
  • generate
  • graymail [1]
  • hacking tools [1]
  • import notes [1]
  • IMSVA
  • internal addresses
  • IP Profiler
  • joke program [1]
  • keywords [1] [2]
  • known hosts [1]
  • LDAP settings
  • license
  • logical operators [1]
  • logs [1]
    • configure settings [1]
    • query [1]
    • query message tracking [1]
    • query MTA event [1]
    • query policy event [1]
    • query quarantine event [1]
    • query sender filtering [1]
    • query system event [1]
    • query URL click tracking [1]
  • manage
    • administrator accounts [1]
    • expression lists [1]
    • notifications list [1]
    • one-time reports [1]
    • product licenses [1]
  • manage domains for Email Encryption [1]
  • management console password
  • manual update [1]
  • mass mailing viruses
  • Message Delivery settings
    • configure [1]
  • Message Rule settings
    • configure [1]
  • messages in the Virtual Analyzer queue
  • message size
    • scanning conditions [1]
  • message traffic tab [1]
  • MIME content type
    • scanning conditions [1]
  • MTA
  • MTA queues
  • notes
  • notification messages
    • configure [1]
  • notifications
  • notification settings
  • notifications list
  • one-time reports
  • online
    • community [1]
  • other rule [1]
  • password
    • management console [1]
  • password cracking applications [1]
  • pattern files
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • permitted senders [1]
  • policies
  • policy management
  • policy notification
  • POP3 messages
  • POP3 scanning
  • POP3 settings
  • postponed messages
  • predefined expressions [1]
  • predefined keywords
    • distance [1]
    • number of keywords [1]
  • predefined templates [1]
  • product licenses
  • product services [1]
  • product settings
  • quarantine
    • configure settings [1]
  • quarantine and archive [1]
  • quarantine areas
  • quarantined messages
  • query
    • archive areas [1]
    • logs [1]
    • messages [1]
    • messages in the Virtual Analyzer queue [1]
    • MTA event logs [1]
    • MTA messages [1]
    • policy event logs [1]
    • postponed messages [1]
    • quarantine areas [1]
    • quarantine event logs [1]
    • sender filtering logs [1]
    • system event logs [1]
    • URL click tracking logs [1]
  • register domains for Email Encryption [1]
  • remote access tools [1]
  • renew
  • replicating settings [1]
  • reports
  • restore [1] [2]
  • roll back
    • components [1]
  • route
    • configure [1]
    • configure exceptions [1]
    • specify [1]
  • route exceptions [1]
  • scan
    • POP3 messages [1]
  • scan actions
    • configure encrypted message settings [1]
    • configure other scanning exceptions settings [1] [2]
  • scan engine
  • scan exceptions
    • configure [1]
  • Scan methods [1]
  • scanning conditions [1]
    • attachment names [1]
    • attachment number [1] [2]
    • attachments [1]
    • attachment size [1]
    • extensions [1]
    • message size [1]
    • MIME content type [1]
    • spam [1]
    • specify [1]
    • true file type [1]
  • scheduled reports
  • scheduled updates [1]
  • security risks
    • spyware/grayware [1]
  • security setting violations
    • configure exceptions [1] [2]
    • configure scan actions [1]
  • Sender Filtering
    • configure [1]
    • configure bounced mail settings [1]
    • configure Direct Harvest Attack (DHA) settings [1]
    • configure SMTP traffic throttling settings [1]
    • configure spam settings [1]
    • configure virus settings [1]
  • Sender Filtering Service
  • Sender Filtering tab [1]
  • services [1]
    • Sender Filtering Service [1]
  • smart protection [1] [2]
  • Smart Protection [1]
  • Smart Protection Network [1]
  • Smart Scan [1]
  • SMTP and HTTPS certificates [1]
  • SMTP routing [1]
  • SMTP settings
    • configure [1]
  • SMTP Traffic Throttling
  • SMTP traffic throttling settings
    • configure [1]
  • spam settings
    • configure [1]
  • spam text exemption rules
    • configure [1]
  • specify
    • actions [1]
    • route [1]
    • scanning conditions [1]
    • update source [1]
  • spyware/grayware [1]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • start
  • support
    • knowledge base [1]
    • resolve issues faster [1]
    • TrendLabs [1]
  • suspicious IP addresses
  • system overview tab [1]
  • System Settings
  • System Status screen [1]
  • tabs
    • add a tab [1]
    • Cloud Pre-Filter [1]
    • configure a tab [1]
    • default tabs [1]
    • message traffic [1]
    • Sender Filtering [1]
    • system overview [1]
    • understand [1]
  • tag subject
  • templates [1] [2] [3] [4] [5] [6]
  • TMCM settings
    • configure [1]
  • Transport Layer Security [1]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
  • true file type [1]
  • understand
    • Email Encryption [1]
    • widgets [1]
  • update
    • application files [1]
    • automatically [1]
    • manually [1]
    • pattern files [1]
    • scan engine [1]
    • system files [1]
  • update source
  • view
    • archived messages [1]
    • messages in the Virtual Analyzer queue [1]
    • MTA queues [1]
    • postponed messages [1]
    • product licenses [1]
    • quarantined messages [1]
  • Virtual Analyzer [1]
  • virus settings
    • configure [1]
  • Web EUQ Digest
    • configure settings [1]
  • Web Reputation Services [1]
  • widgets
    • add a widget [1]
    • configure a widget [1]
    • edit a widget [1]
    • understanding [1]
    • using a widget [1]
  • wildcards [1]
    • file attributes [1]

Configuring Connection Settings Parent topic

To enable the scanner to receive messages, configure the connection settings.

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnections.
    The Components tab appears by default.
  2. Under Settings for All Policy Services, configure the following:
    • Protocol: Select the type of protocol the scanner uses to communicate with the policy service (HTTP or HTTPS).
    • Keep-alive: Select the check box to enhance policy retrieval by maintaining a constantly active connection between the scanner and policy services.
    • Maximum number of backlogged requests: Specify a number that represents the maximum number of requests IMSVA will preserve until it can process them later.
  3. Click Save.

About LDAP Settings Parent topic

Configure LDAP settings for user-group definition, administrator privileges, or end-user quarantine authentication.
Configure multiple and mixed type LDAP servers from the AdministrationIMSVA ConfigurationConnections | LDAP screen. You cannot configure more than one LDAP server from the Configuration Wizard.
If more than one LDAP server is used, IMSVA synchronizes the account information from the LDAP servers to the IMSVA local cache. The time required for synchronization between the servers depends on the number of accounts on your LDAP servers. When synchronization completes, the time and date appear in the Last Synchronized column. IMSVA automatically synchronizes the accounts daily. You can manually trigger synchronization by clicking Save & Synchronize.
Note
Note
If more than one LDAP server is enabled, End-User Quarantine using LDAP authentication and EUQ single sign-on cannot be enabled.
If the LDAP settings on the AdministrationConnectionsLDAP screen are not configured, the following LDAP related features will not work:
  • PolicyInternal Addresses[Search for LDAP groups]
  • Policy[any rule][Sender to Recipient][Search for LDAP user and groups]
  • AdministrationEnd-User QuarantineUser Quarantine Access[Select LDAP groups to enable access]
  • AdministrationAdmin AccountsAdd[LDAP authentication]

LDAP Server Types Parent topic

LDAP Server Types

LDAP Server
LDAP Admin Account (examples)
Base Distinguished Name (examples)
Authentication Method
Active Directory
Without Kerberos: user1@domain.com (UPN) or domain\user1
With Kerberos: user1@domain.com
dc=domain, dc=com
Simple
Advanced (with Kerberos)
Active Directory Global Catalog
Without Kerberos: user1@domain.com (UPN) or domain\user1
With Kerberos: user1@domain.com
dc=domain, dc=com
dc=domain1,dc=com (if mutiple unique domains exist)
Simple
Advanced (with Kerberos)
OpenLDAP
cn=manager, dc=test1, dc=com
dc=test1, dc=com
Simple
Lotus Domino
user1/domain
Not applicable
Simple
Sun iPlanet Directory
uid=user1, ou=people, dc=domain, dc=com
dc=domain, dc=com
Simple

Adding LDAP Servers Parent topic

Procedure

  1. Go to one of the following to access the LDAP tab:
    • AdministrationIMSVA ConfigurationConnections | LDAP
    • AdministrationIMSVA ConfigurationConfiguration Wizard | Step 6: LDAP Settings
  2. Click Add.
    The LDAP Settings screen appears.
  3. Specify a meaningful description for the LDAP server.
  4. Next to LDAP server type, select the type of LDAP servers on your network:
    • Domino
    • Microsoft Active Directory
    • Microsoft AD Global Catalog
    • OpenLDAP
    • Sun iPlanet Directory
  5. Next to Enable LDAP 1, select the check box.
  6. Next to LDAP server, specify the server name or IP address.
  7. Next to Listening port number, specify the port number that the LDAP server uses to listen to access requests.
  8. Configure the settings under LDAP 2 if necessary.
  9. Under LDAP cache expiration for policy services and EUQ services, specify the Time to live in minutes.
    Time To Live: Determines how long IMSVA retains the LDAP query results in the cache. Specifying a longer duration enhances LDAP query during policy execution. However, the policy server will be less responsive to changes in the LDAP server. A shorter duration means that IMSVA has to perform the LDAP query more often, thus reducing performance.
  10. Under LDAP admin, specify the administrator account, the corresponding password and the base distinguished name.
    Refer to LDAP Server Types for assistance.
  11. Select an authentication method:
    • Simple
    • Advanced: Uses Kerberos authentication for Active Directory. Configure the following:
      • Kerberos authentication default realm: Default Kerberos realm for the client. For Active Directory use, the Windows domain name must be upper case (Kerberos is case-sensitive).
      • Default domain: The Internet domain name equivalent to the realm.
      • KDC and admin server: Hostname or IP address of the Key Distribution Center for this realm. For Active Directory, it is usually the domain controller.
      • KDC port number: The associated port number.
  12. Select the Enable encrypted communication between IMSVA and LDAP check box and click Browse to upload a CA certificate file to verify the certificate used by the LDAP server.
  13. Click Add.
    If you are using the Configuration Wizard, click Next.
    Note
    Note
    Only Active Directory and Active Directory Global Catalog support Kerberos Authentication.
  14. Under LDAP Email Address Attribute, select the LDAP attribute from which IMSVA retrieves user email addresses.
    • mail: This is the default LDAP attribute that stores email addresses.
    • proxyAddresses: This is the recommended attribute to choose if you use Microsoft Exchange Server.
    • Other attribute: Specify an LDAP attribute that stores email addresses.
  15. Click Save & Synchronize.

Enabling and Disabling LDAP Servers Parent topic

LDAP servers can be enabled or disabled depending on the requirements for your network.

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnectionsLDAP to access the LDAP tab.
  2. Click a server that you want to enable or disable in the LDAP server table.
    The LDAP Settings screen appears.
  3. Under LDAP server type, select or clear the Enable LDAP 1 and Enable LDAP 2 check boxes to enable or disable the LDAP server.
    Note
    Note
    LDAP 1 and LDAP 2 refers to backup servers for each other. If you select only one check box, the LDAP server status is enabled, but its backup server is not enabled.
  4. Click Save.

Configuring POP3 Settings Parent topic

In addition to SMTP traffic, IMSVA can scan POP3 messages at the gateway as your clients retrieve them.
Tip
Tip
To use the POP3 message filter, enable Accept POP3 connection from System Status screen. This option is not selected by default.

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnections.
    The Components tab displays by default.
  2. Click the POP3 tab.
  3. To configure a connection from unknown POP3 servers on the Internet, specify the port number IMSVA uses for incoming POP3 connections under Generic POP3 Connection.
  4. To configure connections from specific POP3 servers, do the following:
    1. Click Add under Dedicated POP3 Connections.
      The Dedicated POP3 Connection window appears.
    2. Specify the port IMSVA uses for incoming POP3 connections, the POP3 server IP address, and the POP3 server port number.
    3. Click OK.
    4. To modify an existing connection, click the connection name.
  5. Under Message Text, modify the message that IMSVA sends to users if messages that they are trying to receive trigger a filter and are quarantined or deleted.
  6. Click Save.
    Note
    Note
    The incoming port on your scanners must be idle or the IMSVA daemon might not function properly.

Configuring POP3 Generic Services Parent topic

For a generic POP3 service, the POP3 client logs on using the USER command and specifies the actual POP3 server and optional port number along with the user's name using the UserServerSeparator character to separate the values.
Example 1: To connect user "User1" to server "Server1", and the UserServerSeparator character is "#", the client issues the following USER command:
USER User1#Server1
Example 2: To connect to port 2000 on Server1, the following command is used:
USER User1#Server1#2000
Note
Note
If you do not specify a port number, IMSVA uses the default value of 110.
The following example shows how to configure generic POP3 settings for Outlook:

Procedure

  1. Specify the POP3 server address with IMSVA scanner IP 192.168.11.147.
  2. Specify user name test123#192.168.11.252.
  3. Set POP3 port to 110.

Configuring POP3 Dedicated Services Parent topic

For a POP3 dedicated service, the POP3 service always connects to a specific POP3 server. IMSVA uses this service for a POP3 logon and for any type of logon using the AUTH command. For this service, a separate port on the proxy has to be set up for each specific POP3 server that any client might want to connect.
The following example shows how to configure dedicated POP3 settings in Microsoft Outlook:

Procedure

  1. Specify the POP3 server address with IMSVA scanner IP 192.168.11.147.
  2. Specify user name test123.
  3. Set the POP3 port to 1100, which is the port that the IMSVA dedicated POP3 service is listening on.

Configuring Database Settings Parent topic

Configure the database connection settings so IMSVA can save messages and data.

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnections.
    The Components tab displays by default.
  2. Click the Database tab.
    The IMSVA admin database type, server IP address, port number, user name and database name appear at the top of the table.
    Note
    Note
    If you want to change the password for the admin database, run the following script:
    /opt/trend/imss/script/dbupdate.sh setpw newPassword
  3. Under EUQ Database, perform operations to manage EUQ databases as required.
    Note
    Note
    For detailed operations, see Managing EUQ Databases.

Configuring TMCM Settings Parent topic

To use Trend Micro Control Manager (TMCM) to manage IMSVA, enable the Control Manager/MCP agent on the IMSVA server and configure Control Manager server settings. If a proxy server is between the Control Manager server and IMSVA, configure proxy settings. If a firewall is between the Control Manager server and IMSVA, configure port forwarding to work with the firewall's port-forwarding functionality.
Note
Note
For additional information about Control Manager, see the Control Manager documentation.

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnections.
    The Components tab displays by default.
  2. Click the TMCM Server tab.
  3. Under TMCM Server Settings, specify the following parameters:
    Option Description
    Enable MCP Agent
    Select the check box to enable the agent.
    Server
    Specify the Control Manager IP address or FQDN.
    Communication protocol
    Select HTTP or HTTPS and specify the corresponding port number. The default port number for HTTP access is 80, and the default port number for HTTPS is 443.
    Web server authentication
    Specify the credentials to access the Control Manager web server.
  4. Under Proxy Settings, specify the following parameters:
    Option Description
    Enable proxy
    Select the check box to enable the proxy server.
    Proxy type
    Select the protocol that the proxy server uses: HTTP, SOCKS4, or SOCKS5.
    Proxy server
    Specify the proxy server FQDN or IP address, port number, and the user name and password.
    Port
    Specify the port for the proxy server.
    User name
    Specify the user name to access the proxy server.
    Password
    Specify the password for the user name.
  5. Under Suspicious Object List Settings, do the following:
    • If you want IMSVA to detect suspicious files, select the Suspicious file list check box and specify the interval to synchronize the suspicious file list from Control Manager. The default synchronization interval is 5 minutes, and the minimum interval is 1 minute.
    • If you want IMSVA to detect suspicious URLs, select the Suspicious URL list check box.
      Note
      Note
      IMSVA detects suspicious URLs based on Web Reputation Services available through Smart Protection Servers. Make sure you have properly configured Web Reputation settings and Smart Protection Servers.
  6. Click Save.
    If you are using the Configuration Wizard, click Next.
    If you enabled the agent, it will soon register to the Control Manager server. If you disabled the agent, IMSVA will soon log off from the Control Manager server. Verify the change on the Control Manager management console.
    Note
    Note
    In addition, make sure that your Control Manager version is 6.0 SP3 Patch 1 or later and the Smart Protection Server version is 3.0 Patch 1 or later.

Providing IMSVA Logon Credentials in Control Manager Parent topic

To make your settings effective, provide your IMSVA logon credentials for authentication on the Control Manager management console.

Procedure

  1. Log on to the Control Manager management console.
  2. Go to AdministrationManager Servers.
  3. Next to Server Type, select InterScan Messaging Security Virtual Appliance.
  4. Find your IMSVA server and click the Edit icon in the Actions column.
    The Edit Server screen appears.
  5. Under Authentication, provide your IMSVA logon credentials.
    Note
    Note
    Trend Micro recommends that you create a separate administrator account other than the default "admin" account for Control Manager to manage IMSVA. The account is required for authentication on the Control Manager management console.
  6. Click Save.

Unregistering from Control Manager Parent topic

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnections.
    The Components tab displays by default.
  2. Click the TMCM Server tab.
  3. Click the Un-register All Agents button.

Configuring NTP Settings Parent topic

The Network Time Protocol (NTP) synchronizes the clocks of computer systems across the Internet. To synchronize the computer clock of an IMSVA device with the clock of an NTP server, configure the NTP setting.

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnections.
    The Components tab displays by default.
  2. Click the NTP Setting tab.
  3. Select the Enable NTP check box.
  4. Specify the domain name or IP address of the NTP server.
  5. Click Save.

Configuring Child IP Settings Parent topic

Devices in the Child IP address list can access each other for internal communications in a group. Add all IP addresses of child devices in the current group to this list before you register these child devices to the parent.

Procedure

  1. Go to AdministrationIMSVA ConfigurationConnections.
    The Components tab displays by default.
  2. Click the Child IP tab.
  3. Under Add IP Address, specify the child device IP address.
  4. Click >>.
    The address appears in the table.
  5. Click Save.