SonicWALL Essential SMTP Settings for Enhanced Email Protection
Page 10

SonicWALL Gateway Anti-Virus

Note 8-bit encoding is handled natively for all email based protocols (SMTP, POP3, and IMAP) since no decoding is required for each encoding scheme.

SMTP

Capabilities: base64 decoding, zip (including archives) and gzip decompression.

Prevention Mechanism: The message which contains the virus is removed from the head of the sent queue, thus preventing it from being resent, via 552 SMTP response and the connection is terminated.

POP3

Capabilities: base64 decoding, zip (including archives) and gzip decompression.

Prevention Mechanism: The message which contains the virus is removed from the POP3 server via 'DELE' command and the connection is terminated. Continuation of message downloads following termination requires the user to re-initiate the download process on their POP3 client in order to download the rest of the messages from the POP3 server.

Note: POP3 client behavior varies from one client to the next. SonicWALL GAV attempts to determine the type of POP3 client being used, and to compensate for behavioral differences. In rare cases, some clients may require special GAV settings - these settings have been made available in the /diag.html page.

Disable Gateway AV POP3 Auto Deletion - When a POP3 client is identified as Outlook Express, DELE (delete) message sequencing is tailored to Outlook Express' behavior. This setting can resolve problems caused by misidentification that are encountered during the deletion of virus-infected emails.

Disable Gateway AV POP3 UIDL Rewriting - Certain Netscape POP3 clients have difficulty with the UIDL (unique ID listing - RFC1939) command. When a POP3 client is recognized as Netscape, UIDL messages are suppressed, which is allowable because they are optional. This setting can resolve problems caused by misidentification that are encountered during the message retrieval process.

IMAP

Capabilities: base64 decoding, zip (including archives) and gzip decompression.

Prevention Mechanism: The connection is terminated, preventing the user from downloading the mail containing the violation. The user must manually mark the mail deleted and purge it from the server.

HTTP

Capabilities: zip (including archives), gzip and deflate decompression. Deflate decompression method is not supported when HTTP response is Chunk Encoded. All HTTP traffic is inspected, not just TCP port 80. Suppresses the use of HTTP Byte-Range requests to prevent the sectional retrieval and reassembly of potentially malicious content.

Note Suppression of HTTP Byte-Range requests may inhibit the use of certain download accelerator programs that attempt to retrieve files as multiple simultaneous requests.

10 SonicWALL TZ 180 TotalSecure

Page 9 Page 11
Image 10
Page 9 Page 11
Contents Introduction What is TotalSecure?Document Scope Every SonicWALL TotalSecure solution includes the following Benefits of TotalSecureHow Does GAV Work? SonicWALL Gateway Anti-VirusGAV Overview BenefitsSonicWALL Gateway Anti-Virus/Intrusion Prevention Features SonicWALL GAV Multi-Layered Approach Remote Site Protection Internal Network ProtectionHttp File Downloads SonicWALL GAV Architecture Server ProtectionDisabling the SonicWALL GAV/IPS Engine Protocol HandlingSmtp IPS Overview SonicWALL Intrusion Prevention ServiceHow Does IPS Work? What is a Zone? SonicWALL Anti-Spyware SonicWALL Anti-Spyware Security ServiceSpyware Threat SonicWALL Anti-Spyware CFS Overview SonicWALL Content Filtering Service PremiumHow Does CFS Premium Work? DPI Overview SonicWALL Deep Packet InspectionHow Does DPI Work? Deep Packet Inspection Flow Diagram SonicWALL Security Dashboard Security Dashboard Overview SonicWALL Security Dashboard What is Security Dashboard? How Does the Security Dashboard Work?Registering Your Appliance on MySonicWALL Registering Your Appliance on MySonicWALL TotalSecure Configuration Task List Registering Your SonicWALL Security ApplianceEnabling SonicWALL GAV Setting Up SonicWALL GAV ProtectionApplying SonicWALL GAV Protection on Interfaces Applying SonicWALL GAV Protection on Zones SonicOS Enhanced Edit ZoneViewing SonicWALL GAV Status Information Specifying Protocol Filtering Updating SonicWALL GAV SignaturesEnabling Inbound Inspection Configuring Client Alerts and an Exclusion List Enabling Outbound Smtp InspectionConfiguring a SonicWALL GAV Exclusion List Configuring Client AlertsRestricting File Transfers Viewing SonicWALL GAV Signatures Displaying SignaturesNavigating the Gateway Anti-Virus Signatures Table Enabling SonicWALL IPSEnable IPS Logging Brute-force Baseline SetupSetting Up SonicWALL Anti-Spyware Protection Enabling SonicWALL Anti-Spyware Glossary Setting Up CFS PremiumSpecifying Spyware Danger Level Protection Glossary Related Documentation Solution Document Version History Version Number Date Related Documentation SonicWALL TZ 180 TotalSecure
Related manuals
Manual 34 pages 40.02 Kb Manual 38 pages 55.88 Kb
Top Page Image Contents