Name of the iQ.Suite job that quarantined the email
Name of the Exchange server
Name of the email file
Processing historyWhen an iQ.Suite Quarantine is displayed using the iQ.Suite administration con-sole, the information from the quarantine database is shown first. When a quaran-tine entry is opened, further Information is read from the email file.
For communicating with the quarantine, iQ.Suite uses SOAP (Simple Object Access Protocol) and SSL (Secure Socket Layer). This applies both to "local"
access directly on the server and to access from remote Windows workstations.
By default, port 8008 is used for communication. You can change this port in the iQ.Suite administration console (IQ.SUITE SERVERS node), but you must then also make this change in all other iQ.Suite administration consoles that access the server. All computers must use the same port. SSL is used to encrypt the SOAP communications channel. All of the required components are included in the ins-tallation package.
Only authorized persons have access to the iQ.Suite quarantines via the network.
The user privileges are set through the access rights in the access.acl file (...\GBS\iQ.Suite\AppData\). These privileges are checked by the iQ.Suite service. If not logged in to the server, you must authenticate yourself when calling the iQ.Suite Quarantine for the first time. The authentication infor-mation is temporarily stored so that subsequent calls (in particular of other qua-rantines) use the same login information. If that fails, a user name and password input dialog appears. Users who have access rights to the access.acl file also have access to the quarantines.
For successful access, the following requirements must be met:
The iQ.Suite Service is running.
The communication port (default: 8008) is available.
Exception: In a privacy quarantine you can configure that information like the sub-ject line, the names of the attachments and/or the sender addresses or recipient addresses are not displayed in the quarantine view.
GETTING STARTED - TECHNICAL DESCRIPTION
The computer name can be resolved and accessed through TCP/IP.
The user has the required Windows user rights for the access.acl file.4.1.2.4 Active Directory / LDIF
The iQ.Suite does not make any changes or additions to the Active Directory (AD). However, iQ.Suite does read various information from the Active Directory.
When started, the iQ.Suite Service determines the available Global Catalog ser-ver, which is used, for instance, for resolving addresses in distribution lists during email processing.
The iQ.Suite administration console uses the Active Directory to select sen-der/recipient conditions.
With iQ.Suite Trailer, sender information can be incorporated in outgoing emails, with iQ.Suite looking for the required details in the Active Directory.
If no Active Directory is available, for instance because the corresponding ports are not open, an LDIF file can be used. Using the LDIF file can be enabled during the installation (‘LDIF Support’ mode). This file can be created, for instance, be created an LDAP export from an Active Directory, a Exchange user directory or a Notes Address Book (NAB).
4.1.2.5 Compressed Files and Archives: iQ.Suite Unpacker
Files are often compressed (zipped) before being sent by email. To allow com-pressed files to be scanned for viruses, iQ.Suite unpacks the files before running the scan. An unpacker is automatically installed with the iQ.Suite.
The unpacker supports the following archive formats:
ACE ACE SFX ARJ BINHEX (Mac)
BZIP2 CAB GZIP Java Archive (.jar)
LZH (LH ARC) MacBinary MSCOMPRESS RAR
RPM Self-extracting
4.1.2.6 Network Service
To ensure that the network service is working properly certain rights on the iQ.Suite/Log directory, the iQ.Suite/GRPData/InQ directory, and the iQ.Suite/GRPData/OutQ directory are pre-set by default. If you use different directories in your iQ.Suite configuration, please make sure that the following rights are set:
Full-access
Change
Read, Process
Listing directory content
Read
WriteSelf-extracting RAR
Self-extracting ZIP TAR TGZ (Tape Archiv)
UUE (Executable compressed ASCII archive)
ZIP ZOO 7-Zip
Archives can themselves contain further archives. By default, such recursively compressed files are extracted to a recursion depth of ‘5’. All archives excee-ding this recursion depth are moved to the Badmail quarantine (refer to “Bad-mails” on page 140). The standard upper limit for an email including unpacked files is 500 MB. Such a limit is particularly important to handle so-called "ZIP of Death" attacks. The recursion depth and the space restriction can be changed under IQ.SUITE SERVERS -> PROPERTIES -> GENERALTAB.
GETTING STARTED - TECHNICAL DESCRIPTION4.1.2.7 Email Processing Sequence
1. An incoming or outgoing email follows the transport flow and arrives on the mail server.
2. iQ.Suite monitors the transport flow (SMTP Transport) at position x and tem-porarily removes the email from the delivery process. The designations of SMTP Transport and Transport Grabber depend on the system used:
3. The iQ.Suite Service fetches the email and checks the iQ.Suite configuration to determine whether or not the email needs to be processed by iQ.Suite.
4. The emails to be checked are processed according to their job priority set in the iQ.Suite configuration. When processing is complete, the iQ.Suite Service releases the email and performs any configured changes to the email, as required.
5. The email is returned to the transport flow.
6. The email transport is resumed and the email is delivered to the recipient.
4.1.3 iQ.Suite Configuration
All information required to run iQ.Suite is saved in the iQ.Suite configuration file, as ConfigData.xml.
The structure of the ConfigData.xml file is similar to that of a database: various entries exist for each configuration area. Since all configuration settings are stored in a single file, the configuration can be easily distributed and backed up. If you have a problem with the configuration, you can simply send the Config-Data.xml file to the GBS Support Team for assistance.
The configuration settings are needed by both the iQ.Suite server and the iQ.Suite administration console. The iQ.Suite server needs them, for instance, to be informed of the iQ.Suite jobs to be carried out. To make changes to the confi-guration with the iQ.Suite administration console, the console must be able to
Designation MS Exchange 2003 / SMTP Gateway
MS Exchange 2007/2010/2013
SMTP Transport SMTP Advanced Queue MS Exchange Transport Service
Transport Grabber Transport Grabber Transport Agent
GETTING STARTED - TECHNICAL DESCRIPTIONaccess the ConfigData.xml file. The configuration file can be placed either in a local directory or a network share. The iQ.Suite configuration used by the iQ.Suite administration console and the iQ.Suite server is specified through an entry in the Windows Registry. The path to the configuration file can be entered in the format C:\...\ConfigData.xml or as UNC path (\\Servername\Share\ConfigData.xml). If the iQ.Suite configuration file specified is not available, iQ.Suite uses the "last known good" configuration, which is logged in the Windows Event Log.
The last known good configuration is saved locally for each server and is updated whenever the iQ.Suite configuration is changed and access from the iQ.Suite configuration file to the last known good configuration is possible.
To open a non-standard configuration with the administration console, you must specify the file with a special parameter. Run the iQ.Suite.msc file with the para-meter config and the desired configuration file, e.g.:“C:\Program Files\GBS\iQ.Suite\iQ.Suite.msc“ config "C:\OtherDirectory\Sub-directory\ConfigData.xml"
You can also specify a UNC path here.
4.2 User Interface
The iQ.Suite administration console is divided into three areas:
Menu and toolbar
Configuration area for global, cross-module functions such as saving, updating, etc.
Navigation area
Multi-level menu for the configuration and administration of iQ.Suite.