Access to the VirusWall server from within the SMTP proxy is controlled by a service common object (viruswall-smtp)and a pair of variables (VirusWallServerSMTP and scan.0). The service object and variables are preconfigured as much as possible during installation, but the variables must be altered to activate the interface for scanning. In addition, you may need one or more rules to allow SunScreen firewall access to a VirusWall scanner that is operating on a separate server platform.
The viruswall-smtp service common object is employed by the interface between SunScreen's SMTP proxy and VirusWall. The TCP service port defined for this object is set to that used by the default VirusWall installation.
The VirusWallServerSMTP variable configures the interface between your Screen and VirusWall:
(Optional) sys=Screen
prg=scan
name=VirusWallServerSMTP
values={ vwvalues }
(Optional) description="descriptive text"
enabled | disabled (the initial configuration is enabled)
Options for the vwvalues portion of the VirusWallServerSMTP variable are:
type=VirusWall
svc=viruswall-smtp
addr=vwserver (the default is the undefined address object, viruswall-server)
(Optional) holddown=downsecs (the default is 30*60 seconds)
(Optional) maxconns=#maxconns (maximum concurrent connections; the default is 3)
(Optional) minconns=#minconns(minimum spare connections; the default is 1)
Note that multiple addr items can be configured, allowing the use of secondary scanning servers. Each addr item can designate address common objects by name, or may give a naked (dotted-quad) IP address.
The second variable, scan.0, connects the first variable to the proxy and specifies it as the first scanning facility to be used by that proxy:
(Optional) sys=Screen
prg=smtpp
name=scan.0
values={ scvalues }
(Optional) description="descriptive text"
enabled | disabled (the initial configuration is disabled)
For the variable scan.0, the scvalues portion is name=VirusWallServerSMTP. Note that the value of this variable is the name of the first variable.
Both variables--VirusWallServerSMTP and scan.0--are pre-defined. If you display their values from the command line configuration editor, you would see:
admin% ssadm -r primary edit Initial edit> vars print prg=scan name=VirusWallServerSMTP PRG="scan" NAME="VirusWallServerSMTP" ENABLED VALUES={ type="VirusWall" svc="viruswall-smtp" addr="viruswall-server" } DESCRIPTION="TrendMicro SMTP scanning server(s)" edit> vars print prg=smtpp name=scan.0 PRG="smtpp" NAME="scan.0" DISABLED VALUES={ name="VirusWallServerSMTP" } DESCRIPTION="SMTP proxy content scanner" |
One or more access rules may be needed to allow your Screen access to the VirusWall scanner server.
Because VirusWall scanning is optional, and because the viruswall-server address object cannot be preconfigured during installation, the following example shows prototypical post-installation steps to enable VirusWall scanning of SMTP content:
admin% ssadm --r primary edit Initial edit> add address viruswall-server 10.73.176.13 edit> add rule viruswall-smtp localhost viruswall-server ALLOW edit> add rule smtp 'inside' mail-server ALLOW PROXY_SMTP edit> vars add prg=smtpp name=scan.0 ENABLED VALUES={ name=VirusWallServerSMTP } DESCRIPTION="SMTP proxy content scanner" |
If content scanning has been configured, and once the aforementioned proxy-based content checks have been performed, the resulting content is passed to the scanner for inspection. The scanner may instruct that the content be blocked, or may alter (for example, clean viruses from) the content, or may return it unaltered. You receive scanning results (as being blocked, if so determined) that are reflected in SunScreen log entries regarding the SMTP request and its results.