Viewing and Managing the Quarantine Files. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance
Add to My manuals261 Pages
advertisement
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 60. Advanced Filtering Options Settings (Continued)
Setting
Destination
(continued)
Description
Category From the drop-down list to the right of the Limit to drop-down list, select one of the following options:
• Web Categories. The screen displays a table with all Web categories, each one with an individual Add table button that lets you add the category to the Destination table. You can add multiple categories to the Destination table.
• Applications. The screen displays a table with all applications, each one with an individual Add table button that lets you add the application to the Destination table. You can add multiple applications to the Destination table.
6.
In the Report Templates section of the screen, select the check boxes for the reports that you want to generate. For information, see
.
7.
Depending on the whether you selected to generate or schedule a report, perform one of the following actions:
•
If you selected Generate Report, click Generate in the Generate Report section of the screen. For more information, see
Generating Reports for Downloading
•
If you selected Schedule Report, configure the settings in the Schedule Report section of the screen, and click the Add table button. For more information, see
Scheduling Automatic Generation and Emailing of Reports
Viewing and Managing the Quarantine Files
Depending on the selections that you made on the screens of the Email Security and Web
Security main menus (see
Chapter 4, Content Filtering and Optimizing Scans
intercepts and saves emails that are infected by spam and both emails and files that are infected by malware threats (viruses and spyware) to its quarantine files. You can search these files, view the search results through the Web Management Interface, and then take a variety of actions that are described in
Viewing and Managing the Quarantined Spam Table
Viewing and Managing the Quarantined Infected Files Table
You can also specify how many entries are displayed per page (the default setting is 15 entries).
Note:
For information about how to specify the quarantine settings, see
Managing the Quarantine Settings
208 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
You can query and view the spam quarantine file and the malware quarantine file separately and filter the information based on a number of criteria. You can filter the spam quarantine file using the following criteria:
•
Start date and time
•
End date and time
•
Domain name
•
User name
•
Source IP address
•
Sender email address
•
Recipient email address
•
Subject
•
Size of the email
You can filter the malware quarantine file using the following criteria:
•
Start date and time
•
End date and time
•
Protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP)
•
Domain name
•
User name
•
Malware name
•
Client IP address
•
Recipient email address
•
Recipient email address
•
URL or subject
•
Size of the file
Chapter 6. Monitoring System Access and Performance | 209
ProSecure Web/Email Security Threat Management (STM) Appliance
To query the quarantine files:
1.
Select Monitoring > Quarantine from the menu. The Quarantine screen displays (see the following figure).
2.
Depending on the selection that you make from the Quarantine File Type drop-down list, the screen adjusts to display the settings for the selected type of quarantine file. The following figure displays the spam quarantine file settings as an example.
Figure 116.
3.
Select the check boxes and radio buttons, make your selections from the drop-down lists, and complete the fields as explained in the following table:
Table 61. Quarantine File Settings
Setting
File Type
Description (or Subfield and Description)
Select one of the following file types from the drop-down list:
• Spam. Quarantined spam that was detected through distributed spam analysis.
• Malware. All quarantined spyware and viruses.
View All
Search Criteria
Select one of the following radio buttons:
• View All. Display or download the entire selected quarantine file.
• Search Criteria. Query the selected quarantine file by configuring the search criteria that are available for the selected file.
210 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 61. Quarantine File Settings (Continued)
Setting Description (or Subfield and Description)
Search Criteria
(continued)
Start Date/Time From the drop-down lists, select the year, month, day, hours, and minutes for the start date and time.
End Date/Time From the drop-down lists, select the year, month, day, hours, and minutes for the end date and time.
Protocols Select one or more check boxes to specify the protocols that are queried (malware quarantine file only).
Domain
User
Malware Name
The domain name that is queried.
The user name that is queried.
The name of the spyware or virus that is queried (malware quarantine file only).
Display
Client IP
Source IP
Sender Email
The client IP address that is queried (malware quarantine file only).
The source IP address that is queried (spam quarantine file only).
The email address of the sender that is queried (spam quarantine file only).
Recipient Email The email address of the recipient that is queried.
URL/Subject The URL or subject that is queried (malware quarantine file only).
Subject
Size
The subject that is queried (spam quarantine file only).
The file’s minimum and maximum size (in bytes) that are queried.
The maximum number of entries that are displayed on a page. The default setting is
15 entries.
4.
Click Search. Depending on the selected quarantine file (spam or malware), the Quarantine screen displays the Quarantined Spam table or the Quarantined Infected Files table, which are explained in the following sections.
Chapter 6. Monitoring System Access and Performance | 211
ProSecure Web/Email Security Threat Management (STM) Appliance
Viewing and Managing the Quarantined Spam Table
When you query the spam quarantine file, the Quarantine screen with the Quarantined Spam table displays:
Figure 117.
The Quarantined Spam table shows the following columns:
•
Check box. Lets you select the table entry.
•
Date. The date that the email was received.
•
Protocol. The protocol (SMTP) in which the spam was found.
•
Domain. The domain in which the spam was found.
•
User. The user name that was used to log in to the STM.
•
Client IP. The client IP address from which the spam originated.
•
From. The email address of the sender.
•
To. The email address of the recipient.
•
Subject. The email subject line.
•
Size (Bytes). The size of the email in bytes.
The following figure show the Quarantined Spam table with data. (Normally, this data does not fit on screen, and you need to scroll to see all data.)
Figure 118.
After you have selected one or more table entries, take one of the following actions (or click the Return link to return to the previous screen):
•
Send as Spam. The selected spam email files are tagged as spam for distributed spam
analysis, and are sent to the intended recipients.
•
Send as Ham. The selected spam email files are not tagged as spam for distributed
spam analysis, are removed from quarantine, and are sent to the intended recipients.
212 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
•
Delete. The selected spam email files are removed from quarantine and deleted.
Viewing and Managing the Quarantined Infected Files Table
When you query the malware quarantine file, the Quarantine screen with the Quarantined
Infected Files table displays:
Figure 119.
The Quarantined Infected Files table shows the following columns:
•
Check box. Lets you select the table entry.
•
Date. The date that the file was received.
•
Protocol. The protocol (SMTP, POP3, IMAP, HTTP, FTP, HTTPS) in which the spyware
or virus was found.
•
Domain. The domain name that was used to log in to the STM.
•
User. The user name that was used to log in to the STM.
•
Malware name. The name of the spyware or virus.
•
File name. The name of the file in which the spyware or virus was found.
•
Client IP. The client IP address from which the spyware or virus originated.
•
Server IP. The server IP address from which the spyware or virus originated.
•
From. The email address of the sender.
•
To. The email address of the recipient.
•
URL/Subject. The URL or subject that is associated with the spyware or virus.
•
Size (Bytes). The size of the virus or spyware file in bytes.
The following figure shows the Quarantined Infected Files table with data. (Normally, this data does not fit onscreen, and you need to scroll to see all data.)
Chapter 6. Monitoring System Access and Performance | 213
ProSecure Web/Email Security Threat Management (STM) Appliance
Figure 120.
After you have selected one or more table entries, take one of the following actions (or click the Return link to return to the previous screen):
•
Resend to Admin. The selected malware files are removed from quarantine, zipped
together as an email attachment, and then send to the recipient that you have specified on the Email Notification Server screen (see
Configuring the Email Notification Server
•
Delete. The selected malware files are removed from quarantine and deleted.
User-Generated Spam Reports
Users logging in through the User Portal Login screen can select to receive a report with intercepted spam emails that were intended for their email address.
To send a spam report to an email address, a user should do the following:
1.
On the User Portal Login screen (see
on page 156), click the here link in the
Check your quarantined mail here section. The Send Spam Report screen displays.
(The following figure shows the STM300).
Figure 121.
2.
Select the start date and time from the Begin Date/Time drop-down lists.
3.
Specify the recipient’s email address in the Send to field.
214 | Chapter 6. Monitoring System Access and Performance
advertisement
Related manuals
advertisement