Mail Security can detect security risks. Security risks are programs that do any of the following:
■ Provide unauthorized access to computer
■ Compromise data integrity, privacy, confidentiality, or security
■ Present some type of disruption or nuisance
These programs can put your employees and your organization at risk for the following:
■ Identity theft or fraud by logging keystrokes
■ Capture of email and instant messaging traffic
■ Theft of personal information such as passwords and login identifications Security risks can be introduced into your computer unknowingly when users visit a Web site, download shareware or freeware software programs, click links or attachments in email messages, or through instant messaging clients. They can also be installed after or as a by-product of accepting an end user license
agreement from another software program related to or linked in some way to the security risk.
Enable the Security Risk Rule for Mail Security to detect security risks.
Table 6-2lists the categories of security risks that Mail Security detects.
Table 6-2 Security risk categories
Description Category
Stand-alone or appended programs that gather personal information through the Internet and relay it back to a remote computer without the user's knowledge. Adware might monitor browsing habits for advertising purposes. It can also deliver advertising content. Adware
Programs used to gain unauthorized access to a user's computer.
For example, a keystroke logger tracks and records individual keystrokes and sends this information to a remote computer. The remote user can perform port scans or vulnerability scans. Hack tools might also be used to create viruses.
Hack tools
Programs that use a computer, without the user's permission or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges. Dialers
Programs that alter or interrupt the operation of a computer in a way that is intended to be humorous or bothersome. For example, a joke program might move the Recycling Bin away from the mouse when the user tries to click on it. Joke programs
Programs that let a remote user to gain access to a computer over the Internet to gain information from, attack, or alter the host computer.
Remote access programs
Stand-alone programs that can secretly monitor computer activity and detect passwords and other confidential information and then relay the information back to a remote computer.
Spyware
Stand-alone or appended applications that trace a user's path on the Internet and relay the information to a remote computer.
To configure security risk detection
1
In the console on the primary navigation bar, click Policies.2
In the sidebar under Antivirus, click Antivirus Settings.3
In the content area, in the Rules table, on the Security Risk Rule row, click the box under the Status column, and then select Enabled from the drop-down menu.This rule is enabled by default.
4
In the preview pane, in the Action to take list, use the drop-down menu to select the action to take when a security risk is detected.5
In the Replacement text box, type your customized message if you are replacing the message or attachment body with a text message.The default text is: Symantec Mail Security replaced %attachment% with this text message. The original file contained %violation% and was %action%. You can use variables in your customized text.
See“About alert and notification variables”on page 235.
6
Check one or more of the following to send email notifications about the detection:■ Notify administrators
Click the down arrow and type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:
■ Default Subject line text: Administrator Alert: Symantec Mail Security detected %violation%
■ Default Message body text: Location of the infected item: %location% Sender of the infected item: %sender% Subject of the message: %subject% The attachment(s) "%attachment%" was %action% for the following reasons: %information% This was done due to the following Symantec Mail Security settings: Scan: %scan% Rule: %rule%
■ Notify internal sender
Click the down arrow and type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:
■ Default Subject line text: Symantec Mail Security detected %violation% in a message sent from your address
■ Default Message body text: %subject% Recipient of the message: %recipient%
■ Notify external sender
Click the down arrow and type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:
■ Default Subject line text: Symantec Mail Security detected %violation% in a message sent from your address
■ Default Message body text: Subject of the message: %subject% Recipient of the message: %recipient%
See“About alert and notification variables”on page 235.
7
On the toolbar, click Deploy changes to apply your changes.See“Deploying settings and changes to a server or group”on page 75.