Trend micro Interscan m series Service manual

InterScanTM Gateway Security Appliance M-Series

Trend Micro Incorporated reserves the right to make changes to this document and to the

products described herein without notice. Before installing and using the software, please

review the readme files, release notes (if any), and the latest version of the Deployment Guide,

which are available from Trend Micro's Web site at:

http://www.trendmicro.com/download/documentation/

Trend Micro, the Trend Micro t-ball logo, IntelliTrap, InterScan, ScanMail, MacroTrap, and

TrendLabs are trademarks, registered trademarks, or servicemarks of Trend Micro,

Incorporated. All other product or company names may be trademarks or registered

trademarks of their owners.

Document Part No. SAEM13165/70423

Release Date: May 2007

Protected by U.S. Patent No. 5,623,600 and pending patents.

The Trend Micro InterScan Gateway Security Appliance M-Series Administrator’s Guide is

intended to provide detailed information about how to use and configure the features of the

hardware device. Read it before using the software.

Additional information about how to use specific features within the software is available in

the online help file and the online Knowledge Base at the Trend Micro Web site.

Trend Micro is always seeking to improve its documentation. If you have questions,

comments, or suggestions about this or any other Trend Micro documents, please contact us at

[email protected]. Your feedback is always welcome. Please evaluate this documentation

on the following site:

http://www.trendmicro.com/download/documentation/rating.asp

Contents

iii

Contents

About This Manual

About This Administrator’s Guide .................................................... xvi

Document Conventions .................................................................... xviii

Chapter 1: Introducing Trend Micro InterScan Gateway Security

Appliance

What Is InterScan Gateway Security Appliance? .............................. 1-2

Important Features and Benefits ........................................................ 1-3

How InterScan Gateway Security Appliance Works ......................... 1-5

Antivirus ........................................................................................ 1-6

Anti-Spyware ................................................................................. 1-6

Anti-Spam ...................................................................................... 1-7

Anti-Phishing ................................................................................. 1-7

Anti-Pharming ............................................................................... 1-7

Content and URL Filtering ............................................................ 1-8

Outbreak Defense .......................................................................... 1-8

Web Reputation ............................................................................. 1-9

The Appliance Hardware .................................................................1-10

The Front Panel ............................................................................ 1-10

LCD Module ................................................................................ 1-11

LED Indicators ............................................................................. 1-12

The Back Panel ............................................................................ 1-12

Port Indicators .............................................................................. 1-14

Preconfiguring and Deploying the Appliance .................................. 1-15

Connecting to the Network .............................................................. 1-16

Testing the Appliance Connectivity .................................................1-17

Activating the Appliance .................................................................1-17

Chapter 2: Deployment Options

Overview ............................................................................................ 2-2

Deployment Topologies ..................................................................... 2-4

Deploying in a Single Network Segment ......................................2-4

Deploying in a Network with Multiple Segments ......................... 2-5

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

Basic Deployment ..............................................................................2-8

Advanced Deployment Scenarios .......................................................2-9

Operation Modes ............................................................................2-9

Deployment in a DMZ Environment ...........................................2-12

Failover Deployment ....................................................................2-14

Deployment Recommendations ........................................................2-17

Deployment Issues ............................................................................2-18

Preconfiguring the Appliance ...........................................................2-18

Assigning an IP Address ..............................................................2-19

Connecting to the Network ..........................................................2-19

Testing the Appliance Connectivity .............................................2-20

Activating the Appliance ..............................................................2-20

Chapter 3: How InterScan Gateway Security Appliance Works

The Range and Types of Internet Threats ..........................................3-2

How InterScan Gateway Security Appliance Protects You ...............3-3

The Primary Functional Components ............................................3-4

Chapter 4: Getting Started with InterScan Gateway Security

Appliance

Preliminary Tasks ...............................................................................4-2

Accessing the Web Console ...............................................................4-3

The Summary Screen .........................................................................4-4

Information Above the Panels ........................................................4-4

Outbreak Prevention Service ..........................................................4-5

Damage Cleanup Service ...............................................................4-5

Component Version .......................................................................4-5

Antivirus .........................................................................................4-8

Anti-Spyware .................................................................................4-8

IntelliTrap .......................................................................................4-9

Anti-Spam: Content Scanning ........................................................4-9

Anti-Spam: Email Reputation Services .......................................4-10

Web Reputation: SMTP/POP3 .....................................................4-10

Web Reputation: HTTP ................................................................4-10

Others ...........................................................................................4-11

Additional Screen Actions ...........................................................4-11

Navigating the Web Console ............................................................4-12

Contents

The Online Help System .................................................................. 4-14

Chapter 5: SMTP Services

SMTP Services ................................................................................... 5-2

Enabling Scanning of SMTP Traffic ............................................. 5-3

Selecting an Alternative Service Port ............................................ 5-3

Configuring SMTP Virus Scanning .................................................. 5-4

SMTP Scanning - Target ............................................................... 5-5

SMTP Scanning - Action ............................................................... 5-7

SMTP Scanning - Notification ...................................................... 5-9

Configuring SMTP Anti-Spyware .................................................. 5-11

SMTP Anti-Spyware - Action .....................................................5-14

SMTP Anti-Spyware - Notification ............................................. 5-15

Configuring SMTP IntelliTrap ......................................................... 5-16

SMTP IntelliTrap - Target ........................................................... 5-16

SMTP IntelliTrap - Action ........................................................... 5-17

SMTP IntelliTrap - Notification .................................................. 5-18

Configuring SMTP Web Reputation ................................................ 5-19

SMTP Web Reputation - Target .................................................. 5-19

SMTP Web Reputation - Action .................................................. 5-20

SMTP Web Reputation - Notification ......................................... 5-21

Configuring SMTP Anti-Spam: Email Reputation .......................... 5-22

SMTP Anti-Spam: Email Reputation - Target ............................ 5-23

SMTP Anti-Spam: Email Reputation - Action ............................ 5-25

Configuring SMTP Anti-Spam: Content Scanning ......................... 5-26

SMTP Anti-Spam: Content Scanning - Target ............................ 5-27

SMTP Anti-Spam: Content Scanning - Action ........................... 5-29

Configuring SMTP Anti-Phishing ................................................... 5-30

SMTP Anti-Phishing - Target ...................................................... 5-31

SMTP Anti-Phishing - Action ..................................................... 5-32

SMTP Anti-Phishing - Notification ............................................. 5-33

Configuring SMTP Content Filtering .............................................. 5-34

SMTP Content Filtering - Target ................................................. 5-35

SMTP Content Filtering - Action ................................................ 5-37

SMTP Content Filtering - Notification ........................................ 5-38

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

Chapter 6: HTTP Services

HTTP Services ....................................................................................6-1

Enabling Scanning of HTTP Traffic ..............................................6-2

Selecting an Alternative Service Port ............................................6-2

Configuring the Global Access Lists .............................................6-3

Configuring HTTP Virus Scanning ....................................................6-5

HTTP Scanning - Target ................................................................6-6

HTTP Scanning - Action ..............................................................6-12

HTTP Scanning - Notification .....................................................6-13

Configuring HTTP Anti-Spyware ....................................................6-14

HTTP Anti-Spyware - Target .......................................................6-15

HTTP Anti-Spyware - Action ......................................................6-17

HTTP Anti-Spyware - Notification ..............................................6-18

Configuring IntelliTrap for HTTP ....................................................6-19

HTTP IntelliTrap - Target ............................................................6-19

HTTP IntelliTrap - Action ...........................................................6-20

HTTP IntelliTrap - Notification ...................................................6-21

Configuring HTTP Anti-Pharming ...................................................6-22

HTTP Anti-Pharming - Target .....................................................6-22

HTTP Anti-Pharming - Action .....................................................6-23

HTTP Anti-Pharming - Notification ............................................6-24

Configuring HTTP Anti-Phishing ....................................................6-25

HTTP Anti-Phishing - Target .......................................................6-25

HTTP Anti-Phishing - Action ......................................................6-26

HTTP Anti-Phishing - Notification ..............................................6-27

Configuring HTTP URL Filtering ....................................................6-28

HTTP URL Filtering - Rules ........................................................6-28

HTTP URL Filtering - Approved Clients List .............................6-29

HTTP URL Filtering - Settings ....................................................6-31

HTTP URL Filtering - Notification .............................................6-33

Configuring HTTP File Blocking .....................................................6-34

HTTP File Blocking - Target .......................................................6-35

HTTP File Blocking - Notification ..............................................6-36

Configuring HTTP Web Reputation ................................................6-36

HTTP Web Reputation - Target ...................................................6-37

HTTP Web Reputation - Notification ..........................................6-38

Contents

vii

Chapter 7: FTP Services

FTP Services ...................................................................................... 7-2

Enabling Scanning of FTP Traffic ................................................. 7-2

Selecting an Alternative Service Port ............................................ 7-3

Configuring FTP Virus Scanning ...................................................... 7-4

FTP Scanning - Target ...................................................................7-4

FTP Scanning - Action ..................................................................7-6

FTP Scanning - Notification .......................................................... 7-7

Configuring FTP Anti-Spyware ......................................................... 7-8

FTP Anti-Spyware - Target ........................................................... 7-9

FTP Anti-Spyware - Action ......................................................... 7-11

FTP Anti-Spyware - Notification ................................................ 7-12

Configuring FTP File Blocking ....................................................... 7-13

FTP File Blocking - Target ..........................................................7-13

FTP File Blocking - Notification .................................................7-14

Chapter 8: POP3 Services

POP3 Services .................................................................................... 8-2

Enabling Scanning of POP3 Traffic .............................................. 8-2

Selecting an Alternative Service Port ............................................ 8-3

Configuring POP3 Virus Scanning ....................................................8-4

POP3 Scanning - Target ................................................................8-4

POP3 Scanning - Action ................................................................ 8-6

POP3 Scanning - Notification ....................................................... 8-8

Configuring POP3 Anti-Spyware .................................................... 8-10

POP3 Anti-Spyware - Target ....................................................... 8-10

POP3 Anti-Spyware - Action ......................................................8-12

POP3 Anti-Spyware - Notification .............................................. 8-13

Configuring POP3 IntelliTrap .......................................................... 8-15

POP3 IntelliTrap - Target ............................................................ 8-15

POP3 IntelliTrap - Action ............................................................ 8-16

POP3 IntelliTrap - Notification ................................................... 8-17

Configuring POP3 Web Reputation ................................................. 8-18

POP3 Web Reputation - Target ...................................................8-18

POP3 Web Reputation - Action ................................................... 8-19

POP3 Web Reputation - Notification .......................................... 8-20

Configuring POP3 Anti-Spam ......................................................... 8-21

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

viii

POP3 Anti-Spam - Target ............................................................8-22

POP3 Anti-Spam - Action ............................................................8-23

Configuring POP3 Anti-Phishing .....................................................8-24

POP3 Anti-Phishing - Target .......................................................8-24

POP3 Anti-Phishing - Action .......................................................8-25

POP3 Anti-Phishing - Notification ..............................................8-26

Configuring POP3 Content Filtering ................................................8-27

POP3 Content Filtering - Target ..................................................8-28

POP3 Content Filtering - Action ..................................................8-30

POP3 Content Filtering - Notification .........................................8-31

Chapter 9: Outbreak Defense

The Outbreak Defense Services .........................................................9-2

Current Status .....................................................................................9-3

Configuring Internal Outbreak ...........................................................9-5

Configuring Damage Cleanup ............................................................9-6

Potential Threat ..............................................................................9-7

Configuring Settings ...........................................................................9-7

Outbreak Defense - Settings ...........................................................9-8

Outbreak Defense - Notification ....................................................9-9

Chapter 10: Quarantines

Quarantines Screen ...........................................................................10-2

Resending a Quarantined Email Message ........................................10-3

Adding an Inline Notification to Re-Sent Messages ........................10-3

Querying the Quarantine Folder .......................................................10-5

Performing Query Maintenance .......................................................10-9

Manual ........................................................................................10-10

Automatic ...................................................................................10-11

Chapter 11: Updating InterScan Gateway Security Appliance

Components

Update ...............................................................................................11-2

Updating Manually ...........................................................................11-3

Configuring Scheduled Updates .......................................................11-4

Configuring an Update Source .........................................................11-6

Contents

Chapter 12: Analyzing Your Protection

Using Logs

Logs .................................................................................................. 12-2

Querying Logs .................................................................................. 12-3

Configuring Log Settings ................................................................. 12-5

Configuring Log Maintenance ......................................................... 12-6

Manual ......................................................................................... 12-7

Automatic .................................................................................... 12-8

Chapter 13: Administrative Functions

Administration ................................................................................. 13-2

Access Control ................................................................................. 13-3

Configuration Backup ...................................................................... 13-4

Control Manager Settings ................................................................ 13-6

Registering InterScan Gateway Security Appliance to Control

Manager ................................................................................ 13-7

Disk SMART Test ........................................................................... 13-9

Firmware Update ............................................................................ 13-10

IP Address Settings ........................................................................ 13-11

Managing IP Address Settings ...................................................13-12

Static Routes .............................................................................. 13-13

Notification Settings ...................................................................... 13-17

Settings ...................................................................................... 13-18

Events ........................................................................................ 13-19

Operation Mode ............................................................................. 13-20

Password ........................................................................................ 13-21

Product License .............................................................................. 13-22

Proxy Settings ................................................................................ 13-26

SNMP Settings ...............................................................................13-27

System Time .................................................................................. 13-28

Reboot from Web Console ............................................................. 13-31

World Virus Tracking ....................................................................13-33

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

Chapter 14: Technical Support, Troubleshooting, and FAQs

Contacting Technical Support ..........................................................14-2

Readme.txt ........................................................................................14-3

Troubleshooting ................................................................................14-4

Frequently Asked Questions (FAQ) .................................................14-7

Recovering a Password .....................................................................14-8

Virus Pattern File ..............................................................................14-9

Spam Engine and Pattern File ........................................................14-10

Hot Fixes, Patches, and Service Packs ...........................................14-10

Licenses ..........................................................................................14-11

Renewing Maintenance ..................................................................14-12

EICAR Test Virus ..........................................................................14-13

Best Practices ..................................................................................14-14

Handling Compressed Files ......................................................14-14

Handling Large Files ..................................................................14-16

Sending Trend Micro Suspected Internet Threats ......................14-18

Chapter 15: Updating the InterScan Gateway Security Appliance

Firmware

Identifying the Procedures to Follow ...............................................15-2

Updating the Device Image Through the Web Console ...................15-3

Updating the Device Image Using the AFFU ..................................15-4

Preparing InterScan Gateway Security Appliance for the Device

Image Update ........................................................................15-4

Uploading the New Device Image .............................................15-14

Completing the Process After the Device Image Is Uploaded ...15-29

Reverting to the Previous Version of the Program File .............15-30

BMC and BIOS Firmware Updates Using the Appliance Firmware Flash

Utility ......................................................................................15-32

Updating the Appliance BMC Firmware ...................................15-32

Updating the InterScan Gateway Security Appliance BIOS Firmware

15-40

Appendix A: Terminology

BOT ...................................................................................................A-2

Grayware ...........................................................................................A-2

Macro Viruses ...................................................................................A-2

Contents

Mass-Mailing Attacks ....................................................................... A-3

Network Viruses ............................................................................... A-3

Pharming ........................................................................................... A-3

Phishing ............................................................................................. A-4

Spam .................................................................................................. A-4

Spyware ............................................................................................. A-4

Trojans .............................................................................................. A-4

Viruses .............................................................................................. A-5

Worms ............................................................................................... A-5

Appendix B: Introducing Trend Micro Control Manager™

Control Manager Basic Features ........................................................B-2

Understanding Trend Micro Management Communication Protocol B-3

Reduced Network Loading and Package Size ...............................B-3

NAT and Firewall Traversal Support ............................................B-4

HTTPS Support .............................................................................B-5

One-Way and Two-Way Communication Support .......................B-5

Single Sign-on (SSO) Support .......................................................B-6

Cluster Node Support ....................................................................B-6

Control Manager Agent Heartbeat .....................................................B-7

Using the Schedule Bar .................................................................B-8

Determining the Right Heartbeat Setting ......................................B-8

Registering InterScan Gateway Security Appliance M-Series to Control

Manager ......................................................................................B-9

Managing InterScan Gateway Security Appliances From Control

Manager ....................................................................................B-11

Understanding Product Directory ................................................B-11

Accessing a InterScan Gateway Security Appliance M-Series Default

Folder ....................................................................................B-12

Configure InterScan Gateway Security Appliances and Managed

Products ................................................................................B-15

Issue Tasks to InterScan Gateway Security Appliances and Managed

Products ................................................................................B-16

Query and View InterScan Gateway Security Appliance M-Series and

Managed Product Logs .........................................................B-17

Understanding Directory Manager ...................................................B-20

Using the Directory Manager Options .........................................B-21

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

xii

Create Folders .............................................................................B-22

Understanding Temp .......................................................................B-24

Using Temp ................................................................................. B-24

Download and Deploy New Components From Control Manager . B-28

Understanding Update Manager .................................................B-28

Understanding Manual Downloads .............................................B-29

Configure Scheduled Download Exceptions .............................. B-37

Understanding Scheduled Downloads ........................................B-37

Using Reports .................................................................................. B-45

Understanding Report Templates ................................................B-46

Understanding Report Profiles ....................................................B-47

Generate On-demand Scheduled Reports ...................................B-54

Appendix C: Technology Reference

Deferred Scan ....................................................................................C-2

Diskless Mode ...................................................................................C-2

False Positives ...................................................................................C-3

LAN Bypass ......................................................................................C-3

Link State Failover ............................................................................C-4

Enabling or Disabling LAN Bypass and Link State Failover ........... C-5

Scan Engine Technology .................................................................C-10

IntelliScan ................................................................................... C-10

IntelliTrap .................................................................................... C-10

MacroTrap ...................................................................................C-11

WormTrap ...................................................................................C-11

Supported DCS Clients ....................................................................C-11

Feature Execution Order ..................................................................C-12

SMTP Feature Execution Order ..................................................C-12

POP3 Feature Execution Order ...................................................C-12

HTTP Feature Execution Order ..................................................C-12

FTP Feature Execution Order ..................................................... C-12

Contents

xiii

Appendix D: Removing the Hard Disk

Appendix E: System Checklist

Appendix F: File Formats Supported

Compression Types ............................................................................F-2

Blockable File Formats ......................................................................F-4

Malware Naming Formats .................................................................F-6

Appendix G: Specifications and Environment

Hardware Specifications ................................................................... G-2

Dimensions and Weight .................................................................... G-2

Power Requirements and Environment ............................................. G-3

Index

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

xiv

Introduction

About This Manual

Welcome to the Trend Micro™ InterScan™ Gateway Security Appliance M-Series

Administrator’s Guide. This book contains information about the tasks involved in

configuring, administering, and maintaining the Trend Micro InterScan Gateway

Security Appliance. Use it in conjunction with the Trend Micro™ InterScan™

Gateway Security Appliance M-Series Deployment Guide, which provides up-front

details about initial planning, preconfiguring, and deploying the appliance.

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

xvi

Audience

This book is intended for network administrators who want to configure, administer,

and maintain InterScan Gateway Security Appliance. The manual assumes a working

knowledge of security systems and devices, as well as network administration.

About This Administrator’s Guide

The InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

discusses the following topics:

Chapters

Chapter 1, Introducing Trend Micro InterScan Gateway Security Appliance

Chapter 2, Deployment Options

Chapter 3, How InterScan Gateway Security Appliance Works

Chapter 4, Getting Started with InterScan Gateway Security Appliance

Chapter 5, SMTP Services

Chapter 6, HTTP Services

Chapter 7, FTP Services

Chapter 8, POP3 Services

Chapter 9, Outbreak Defense

Chapter 10, Quarantines

Chapter 11, Updating InterScan Gateway Security Appliance Components

Chapter 12, Analyzing Your Protection Using Logs

Chapter 13, Administrative Functions

Chapter 14, Technical Support, Troubleshooting, and FAQs

Chapter 15, Updating the InterScan Gateway Security Appliance Firmware

xvii

Appendixes

Appendix A, Terminology

Appendix B, Introducing Trend Micro Control Manager™

Appendix C, Technology Reference

Appendix D, Removing the Hard Disk

Appendix E, System Checklist

Appendix F, File Formats Supported

Appendix G, Specifications and Environment

Index

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide

xviii

Document Conventions

To help you locate and interpret information easily, the InterScan Gateway Security

Appliance M-Series Administrator’s Guide uses the following conventions:

TABLE 1. Conventions used in the Trend Micro InterScan Gateway Security

Appliance M-Series documentation

CONVENTION DESCRIPTION

Abbreviations, and names of certain commands and

keys on the keyboard

Bold Menus and menu commands, command buttons,

tabs, options, and ScanMail tasks

Italics References to other documentation

Monospace Examples, sample command lines, program code,

Web URL, file name, and program output

Note: Configuration notes

Tip: Recommendations

WARNING! Reminders about actions or configurations to avoid

INT InterScan Gateway Security Appliance interface con-

nected to the protected network

EXT InterScan Gateway Security Appliance interface con-

nected to the external or public network (usually the

Internet)

Table of contents

Other Trend Micro Gateway manuals

Trend Micro

Trend Micro InterScan Technical manual

Trend Micro

Trend Micro Cloud Edge 70 G2 User manual

Trend Micro

Trend Micro Cloud Edge 50 G2 Technical manual

Popular Gateway manuals by other brands

Browan

Browan Pico Next user guide

Solo

Solo 1150 Service manual

HRW

HRW HPE-BNP1BUS manual

AudioCodes

AudioCodes MP-252 quick guide

MRS

MRS 1.033 operating instructions

Optex

Optex HX-40 installation instructions

Telco

Telco AC - 232 - TX user guide

Valcom

Valcom VIP-802B manual

Epygi

Epygi QuadroM-T1 installation guide

Intellinet

Intellinet 529930 user manual

Yeastar Technology

Yeastar Technology TB200 user manual

Pathport

Pathport 6822 manual

Huawei

Huawei HG630B user guide

HDL

HDL KNX-DALI manual

Arris

Arris Xfinity TG1682 user guide

CYP

CYP CLUX-18EU Operation manual

Linksys

Linksys AG241 user guide

Exsys

Exsys EX-6010 manual

Trend Micro InterScan M Series Service manual

Popular Gateway manuals by other brands