4.

Content Filtering and Optimizing Scans

4

This chapter describes how to apply the content filtering features of the STM and how to optimize scans to protect your network. This chapter contains the following sections:

• About Content Filtering and Scans on this page

• Configuring Email Protection on page 87

• Configuring Web and Services Protection on page 105

• Configuring Application Control on page 127

• Setting Scanning Exclusions and Web Access Exceptions on page 130

About Content Filtering and Scans

The STM provides very extensive Web content and email content filtering options, Web browsing activity reporting, email antivirus and antispam options, and instant alerts via email.

You can establish restricted Web access policies that are based on the time of day, Web addresses, and Web address keywords. You can also block Internet access by applications and services, such as instant messaging and peer-to-peer file sharing clients.

Note:

For information about how to monitor blocked content and malware threats in realtime, see

Monitoring Real-Time Traffic, Security,

Statistics, and Web Usage

on page 184. For information about how

to view blocked content and malware threats in the logs, see

Querying Logs

on page 194. For information about how to view

quarantined content, see

Viewing and Managing the Quarantine

Files

on page 208.

Chapter 4. Content Filtering and Optimizing Scans | 84

ProSecure Web/Email Security Threat Management (STM) Appliance

Default Email and Web Scan Settings

For most network environments, the default scan settings and actions that are shown in the following table work well, but you can adjust these to meet the needs of your specific environment.

Table 24. Default Email and Web Scan Settings

Scan Type

Email Server Protocols

SMTP

POP3

IMAP

Web Server Protocols a

HTTP

HTTPS

FTP

Instant Messaging Services

Google Talk

ICQ mIRC

MSN Messenger

QQ

Yahoo Messenger

Media Applications

iTunes (music store, update)

Quicktime (update)

Real Player (guide)

Rhapsody (guide, music store)

Winamp (Internet radio/TV)

Peer-to-Peer (P2P) Services

BitTorrent eDonkey

Gnutella

Default Scan Setting

Enabled

Enabled

Enabled

Enabled

Disabled

Enabled

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Allowed

Default Action (if applicable)

Block infected email

Delete attachment if infected

Delete attachment if infected

Delete file if malware threat detected

No action (scan disabled)

Delete file if malware threat detected

Chapter 4. Content Filtering and Optimizing Scans | 85

ProSecure Web/Email Security Threat Management (STM) Appliance

Table 24. Default Email and Web Scan Settings (Continued)

Scan Type

Tools

Alexa Toolbar

GoToMyPC

Weatherbug

Yahoo Toolbar

Web Objects

Default Scan Setting

Allowed

Allowed

Allowed

Allowed

Embedded Objects (ActiveX/Java/Flash) Allowed

Javascript Allowed

Proxy

Cookies

Allowed

Allowed

Web Content Categories

Commerce

Drugs and Violence

Education

Allowed

Blocked

Allowed with the exception of School

Cheating

Default Action (if applicable)

Gaming Blocked

Inactive Sites Allowed

Internet Communication and Search Allowed with the exception of Anonymizers

Leisure and News Allowed

Malicious Blocked

Politics and Religion

Sexual Content

Allowed

Blocked

Technology Allowed

Uncategorized Allowed

a. For the STM300 and STM600, files and messages that are larger than 10240 KB are skipped by default.

For the STM150, files and messages that are larger than 8192 KB are skipped by default.

86 | Chapter 4. Content Filtering and Optimizing Scans