AntiVirus. Administrator Guide

(1)

Email AntiVirus

(2)

Email AntiVirus Administrator Guide

Documentation version: 1.0

Legal Notice

Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

Symantec Corporation 350 Ellis Street

Mountain View, CA 94043

http://www.symantec.com

Clients are advised to seek specialist advice to ensure that they use the Symantec services in accordance with relevant legislation and regulations. Depending on jurisdiction, this may include (but is not limited to) data protection law, privacy law, telecommunications regulations, and employment law. In many jurisdictions, it is a requirement that users of the service are informed of or required to give consent to their email being monitored or intercepted for the purpose of receiving the security services that are offered by Symantec. Due to local legislation, some features that are described in this documentation are not available in some countries.

Configuration of the Services remains your responsibility and entirely in your control. In certain countries it may be necessary to obtain the consent of individual personnel. Symantec advises you to always check local legislation prior to deploying a Symantec service. You should understand your company’s requirements around electronic messaging policy and any regulatory obligations applicable to your industry and jurisdiction. Symantec can accept no liability for any civil or criminal liability that may be incurred by you as a result of the operation of the Service or the implementation of any advice that is provided hereto. The documentation is provided "as is" and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are held to be legally invalid. Symantec Corporation shall not be liable for incidental or consequential damages in connection with the furnishing, performance, or use of this documentation. The information that is contained in this documentation is subject to change without notice.

(3)

Technical support

(4)

(5)

Technical support

... 3

Chapter 1 Introduction to AntiVirus

... 7

About Antivirus ... 7

Viral URL links ... 8

Chapter 2 Configuring AntiVirus

... 9

Defining global or domain settings ... 9

Defining administrator alerts ... 10

Defining user alerts ... 10

Releasing a quarantined email ... 11

Limiting the size of emails received into the organization ... 11

(6)

(7)

Introduction to AntiVirus

This chapter includes the following topics:

■ About Antivirus

■ Viral URL links

About Antivirus

Antivirus re-routes your inbound email and outbound email through the infrastructure. Multiple scanners including the Skeptic™ scanner scan the emails before they pass on to the final destination. Skeptic uses predictive technology to identify and stop new virus and malware outbreaks as they occur and before Antivirus signatures are available. (A virus signature is a unique string of bits that defines a specific computer virus. The signature is then used to detect instances of the virus.) Polling for signature updates is performed automatically every 10 minutes. Instant updates are carried out in the event of a new outbreak. If an email is virus-free, it is delivered to the intended recipient. If a virus is detected, the email is quarantined. Any email that is found to be infected with a virus is quarantined for 30 days. Notifications can be generated automatically to the intended recipient, and Administrator. The service has no discernible effect on email delivery times.

Use the portal to configure Antivirus to your requirements. See“Viral URL links”on page 8.

See“Defining administrator alerts”on page 10. See“Defining user alerts”on page 10.

1

(8)

Viral URL links

Antivirus offers protection against positively-identified viral URL links within emails. Such links differ from email virus threats; the user performs a direct action to follow the link to an infected Web site.

To counter such threats, Antivirus actively follows the suspicious link in an email and checks the Web site for viruses or other types of potentially harmful content or payload. If or when a suspicious link is confirmed as viral, a signature is created. Further emails that contain that link are treated as being infected with the virus and are quarantined.

To keep latency to a minimum, it is important to note that scanning for viral URL links does not happen in real time. Emails containing unknown URLs are delivered as normal, and the links are normally analyzed within a few minutes following the delivery. If a URL is found to be malicious, a signature is created and all future email with that link is quarantined.

This procedure means that on rare occasions you may receive an email that contains a potentially harmful link (before the link is confirmed as viral). When the URL is confirmed as viral, we email you a ‘missed’ report. The report informs you that you received an email containing a viral link before it was found to be malicious.

Note:To benefit from a real-time solution to protect your organization from Web-based threats and viruses, inquire about Web Security.

See“About Antivirus”on page 7.

(9)

Configuring AntiVirus

This chapter includes the following topics: ■ Defining global or domain settings

■ Defining administrator alerts

■ Defining user alerts

■ Releasing a quarantined email

■ Limiting the size of emails received into the organization

Defining global or domain settings

You can configure the Antivirus settings globally for all domains, or you can configure custom settings for an individual domain. Typically, you configure the Antivirus service using your global settings and making fewer changes for individual domains.

If you make changes to the settings for an individual domain, you cannot then change it back to using global settings.

To apply settings for a specific domain

1

Select Services > Email Services > Anti-Virus.

2

In the Virus Settings page, do one of the following:

■ To specify global settings, select Global Settings from the drop-down list. The settings in the page are editable. The changes you make are applied only to all of your domains.

■ To specify custom settings for a domain, select the domain from the Global Settings drop-down list.

When you select a specific domain to work with, the name of the domain is displayed as a heading.

2

(10)

The fields in the page are editable and inherit the global settings, until you make a change. The changes you make are applied only to the selected domain.

Defining administrator alerts

An administrator alert is an email that is sent to the Antivirus Administrator when a user has sent or has been sent a potential virus.

Alerts to Administrators contain the Pen number for the quarantined email. The Pen number is a unique reference number that is used to locate and release the email from within the portal. Currently, the content of virus alerts is not configurable.

To specify an address for administrator alerts to be sent to

1

2

In the Virus Settings page Administrator Alerts section, enter the Antivirus Administrator’s email address.

3

Click Save and Exit.

See“Defining user alerts”on page 10. See“About Antivirus”on page 7.

Defining user alerts

A user alert is an email that is sent to the intended recipient of a potential virus, if the recipient’s email address is inside the client’s network.

Alerts to users contain the Pen number for the quarantined email. The Pen number is a unique reference number that is used to locate and release the email from within the portal. Currently, the content of virus alerts is not configurable. To specify whether the recipients of an infected email receive alerts

1

2

In the Virus Settings tab, User Alerts section, select Yes or No as appropriate.

3

See“Defining administrator alerts”on page 10. See“About Antivirus”on page 7.

(11)

Releasing a quarantined email

When Antivirus intercepts a virus in an email, it places the infected email into a holding pen. The infected email is stored for up to 30 days before it is deleted. This quarantine period ensures that the virus is isolated and cannot infect the intended recipient’s computer.

Each quarantined email has a unique identifier, which is known as a Pen number. This number is stated in the administrator alerts and user alerts that are issued when an email containing a suspect virus is received.

An Administrator can allow a virus-infected email to be released from the quarantine pen and delivered to the intended recipient.

To release an email from quarantine

1

2

In the Virus Settings tab, select Virus Release.

3

Enter the Pen number of the virus.

The Pen number is found in the administrator alert.

4

Click Go.

Details of the quarantined email are displayed in a pop-up window.

5

Locate the required entry and click the Release option in the right-hand column.

A disclaimer is displayed.

6

To release the quarantined email, click Confirm.

A confirmation message is displayed. The email containing the virus is released to the intended recipient.

Limiting the size of emails received into the

organization

You can set a maximum size above which inbound emails are not received. You cannot specify the maximum size to be more than 1,000,000 KB.

(12)

To set an email size limit

1

2

In the Virus Settings tab, in the Set maximum email size to box, enter the maximum size for emails (in KB) .

3

Configuring AntiVirus