User's Manual
Table Of Contents
- ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
- Contents
- About This Manual
- Chapter 1 Introduction
- Chapter 2 Using the Setup Wizard to Provision the STM in Your Network
- Choosing a Deployment Scenario
- Understanding the Steps for Initial Connection
- Logging In to the STM
- Using the Setup Wizard to Perform the Initial Configuration
- Setup Wizard Step 1 of 10: Introduction
- Setup Wizard Step 2 of 11: Networking Settings
- Setup Wizard Step 3 of 11: Time Zone
- Setup Wizard Step 4 of 11: Email Security
- Setup Wizard Step 5 of 11: Web Security
- Setup Wizard Step 6 of 11: Email Notification Server Settings
- Setup Wizard Step 7 of 11: Update Settings
- Setup Wizard Step 8 of 11: HTTP Proxy Settings
- Setup Wizard Step 9 of 11: Web Categories
- Setup Wizard Step 10 of 11: Configuration Summary
- Setup Wizard Step 11 of 11: Restarting the System
- Verifying Proper Installation
- Registering the STM with NETGEAR
- What to Do Next
- Chapter 3 Performing Network and System Management
- Configuring Network Settings
- Configuring Session Limits and Timeouts
- Configuring the HTTP Proxy Settings
- About Users with Administrative and Guest Privileges
- Configuring Remote Management Access
- Using an SNMP Manager
- Managing the Configuration File
- Updating the Software
- Configuring Date and Time Service
- Managing Digital Certificates
- Managing the Quarantine Settings
- Performance Management
- Chapter 4 Content Filtering and Optimizing Scans
- About Content Filtering and Scans
- Configuring E-mail Protection
- Configuring Web and Services Protection
- Configuring Application Control
- Setting Scanning Exclusions and Web Access Exceptions
- Chapter 5 Managing Users, Groups, and Authentication
- About Users, Groups, and Domains
- Configuring Groups
- Configuring User Accounts
- Configuring Authentication
- Global User Settings
- Viewing and Logging Out Active Users
- Chapter 6 Monitoring System Access and Performance
- Chapter 7 Troubleshooting and Using Online Support
- Appendix A Default Settings and Technical Specifications
- Appendix B Related Documents
- Index
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
Content Filtering and Optimizing Scans 4-19
v1.0, September 2009
Configuring Distributed Spam Analysis
Spam, phishing, and other e-mail-borne threats consist of millions of messages intentionally
composed differently to evade commonly-used filters. Nonetheless, all messages within the same
outbreak share at least one unique, identifiable value which can be used to distinguish the
outbreak.
With distributed spam analysis, message patterns are extracted from the message envelope,
headers, and body with no reference to the content, itself. Pattern analysis can then be applied to
identify outbreaks in any language, message format, or encoding type. Message patterns can be
divided into distribution patterns and structure patterns. Distribution patterns determine if the
message is legitimate or a potential threat by analyzing the way it is distributed to the recipients,
while structure patterns determine the volume of the distribution.
The STM uses a Distributed Spam Analysis architecture to determine whether or not an e-mail is
spam for SMTP and POP3 e-mails. Any e-mail that is identified as spam is tagged as spam (an
option for both SMTP and POP3), blocked, or quarantined (the latter two are options possible only
for SMTP).
To configure Distributed Spam Analysis and the anti-spam engine settings:
1. Select Email Security > Anti-Spam from the menu. The Anti-Spam submenu tabs appear,
with the Whitelist/Blacklist screen in view.
2. Click the Distributed Spam Analysis submenu tab. The Distributed Spam Analysis screen
displays (see Figure 4-8 on page 4-20).
Note: Unlike other scans, you do not need to configure the spam score because the
NETGEAR Spam Classification Center performs the scoring automatically as long
as the STM is connected to the Internet. However, this does mean that the STM
must be connected to the Internet for the spam analysis to be performed correctly.