User Manual Part 2
Table Of Contents
- Using SmartDefense
- Using Antivirus and Antispam Filtering
- Overview
- Using VStream Antivirus
- Using VStream Antispam
- How VStream Antispam Works
- Header Marking
- Default Antispam Policy
- Enabling/Disabling VStream Antispam
- Viewing VStream Antispam Statistics
- Configuring the Content Based Antispam Engine
- Configuring the Block List Engine
- Configuring the IP Reputation Engine
- Configuring the VStream Antispam Policy
- Configuring the Safe Sender List
- Configuring VStream Antispam Advanced Settings
- Using Centralized Email Filtering
- Using Web Content Filtering
- Updating the Firmware
- Using Subscription Services
- Working With VPNs
- Overview
- Setting Up Your Safe@Office Appliance as a VPN Server
- Adding and Editing VPN Sites
- Viewing and Deleting VPN Sites
- Enabling/Disabling a VPN Site
- Logging in to a Remote Access VPN Site
- Logging Out of a Remote Access VPN Site
- Using Certificates
- Viewing VPN Tunnels
- Viewing IKE Traces for VPN Connections
- Viewing VPN Topology
- Managing Users
- Using Remote Desktop
- Controlling the Appliance via the Command Line
- Maintenance
- Viewing Firmware Status
- Upgrading Your Software Product
- Configuring a Gateway Hostname
- Configuring Syslog Logging
- Configuring HTTPS
- Configuring SNMP
- Setting the Time on the Appliance
- Using Diagnostic Tools
- Backing Up and Restoring the Safe@Office Appliance Configuration
- Using Rapid Deployment
- Resetting the Safe@Office Appliance to Defaults
- Running Diagnostics
- Rebooting the Safe@Office Appliance
- Using Network Printers
- Troubleshooting
- Specifications
- Glossary of Terms
- Index
Using VStream Antispam
Chapter 15: Using Antivirus and Antispam Filtering 487
Using VStream Antispam
The Safe@Office appliance includes VStream Antispam, an embedded antispam engine
that scans emails for spam. VStream Antispam is composed three antispam engines, each
of which can be enabled or disabled separately:
• IP Reputation
The IP Reputation engine protects mail servers by checking the email sender’s IP
address against an online and constantly updated IP reputation database, before
accepting the SMTP email connection. If the IP address belongs to a known spammer,
the connection can be immediately blocked at the TCP connection level, thereby
stopping the spam before it reaches your mail server.
Note: If you have a mail server in your network, it is recommended to enable the IP
Reputation engine as a first line of defense for incoming SMTP connections. When
enabled, the IP Reputation engine blocks emails that would otherwise reach your
mail server and require extensive analysis by the Content Based Antispam and
Block List engines, both of which examine email content and consume network,
gateway, and mail server resources. By reducing the amount of emails that require
in-depth analysis, the IP Reputation engine helps prevent Denial of Service (DoS)
attacks on your gateway or mail server.
If you do not have a mail server in your network, there is no need to enable the IP
Reputation engine. (If you do enable this engine anyway, it will have no negative
effects.)
• Block List
VStream Antispam allows configuring a list of senders whose emails should be
blocked. When an email reaches your mail server, the Block List engine determines
whether the sender's email address appears on the list. If so, then VStream Antispam
blocks the emails.
• Content Based Antispam
The Content Based Antispam engine calculates a “spam fingerprint” for each
incoming email message. The fingerprint is then sent to a VStream Antispam data
center and compared to a constantly updated database of spam messages. The data
center returns a "spam score", which is a value in percentages indicating the likelihood