Secure Computing SSL Scanner User's Manual
Contents
1. At least one Anti Virus engine cannot be loaded Download new AY engine The URL Filter Database cannot be loaded Download a new URL Filter Data The default root certificate is Used by SSL Scanner In order to avoid security pr There has been no Anti Virus update check for at least 3 days Check Update Spam Filter method Real Time Blackhole Lists cannot operate without further Email server for notification delivery is not defined Define server and sender E Recipient for system notifications is not set Enter email address This section displays alerts to make you aware of any problems concerning the system status The function underlying these alerts is also known as Security Configurator To the left of each alert text a field in red orange or yellow color indicates the relative importance of the alert To the right of each alert text a link is displayed Click on this link to navigate to a tab where you can configure the relevant settings as a measure against the problem that caused the alert So e g the warning There has been no Anti Virus update check for at least 3 days is followed by a link labeled Check Update Manager Clicking on that link will take you to the AV Engine tab where an update of the kind requested by the alert can be performed An alert is repeated on tab or tabs dealing with the topic in question So e g the warning There has been no Anti Virus update check2. Add rule for O HTTP Request LJ HTTP Response LI HTTPS Request rines Response O sure Ol mail Condition Header Condition Value Result Header Result Value i h SES Action on mate one lt Enter description here gt Add to all policies Found 1 entries with Number of entries per page Select Rule ee Eiter HTTF Request E atte Response Fl HTS Request LI ates Response O sete O mail El Condition Header Condition Value Result Header Result Value KForwardedFor e Forwarded For i Action on match Block Drop hd Description Remove X Fwd For header O Select All Delete Selected There is one section on this tab e Header Filter List It is described in the following Common Header Filter List The Header Filter List section looks like this Header Filter List Adds deletes or modifies HTTP HTTPS or SMTP header add rule for C HTTP Request C HTTP Response Dl HTTPS Request LI HTTPS Re Condition Header Condition Walue Result Head _ Add to all policies Found 1 entries with Select Rule HTTP Request LJ HTTF Response Ll HTTPS Request Ll HTTPS Respon Condition Header Condition Value Result Heade d Forwarded For x Forwarde Action on match Block Drop w C Select All Delete Selected Using this section you can configure the Generic Header Filter to delete head ers and header content add customized headers modify existing header con tent and execute any pre defined or customize
3. Cl Select all Cielete Selected There is one section on this tab e Malware Feedback Media Type Black List It is described in the following 2 30 Home Malware Feedback Media Type Black List The Malware Feedback Media Type Black List section looks like this Malware Feedback Media Type Black List Defines malware media types that should not be putto Select media type trom catalog application ace e Description lt Enter description here Add to Malware Feedback Media Type Black List Found 1 entries with Media Type Description F applicationface lt Enter description here F Select All Delete Selected Using this section you can add a media type to the Media Type Black List for malware feedback Objects belonging to the media types on this list will not be entered in the malware feedback queue To add a media type to the black list use the area labeled e Select media type from catalog Select the media type you want to have blacklisted from the drop down list provided here e g application ace Furthermore use the following items when adding a media type Description Input in this field is optional You may enter a description of the media type here Add to Malware Feedback Media Type Black List After selecting a media type click on this button to add it to the list The Feedback Media Type Black List is displayed at the bottom of this section To displa
4. WY Webwasher Anti Spam PS Webwasher hom SSL Scanner EEE this product Helps you boost productivity by reducing non business related surfing to a minimum thus curbing your IT costs Suppresses offensive sites and prevents downloads of inappropriate files thus minimizing risks of legal liabilities Combines the strength of multiple anti virus engines concurrently scanning all Web and e mail traffic The Proactive Scanning filtering technology additionally detects and blocks unknown malicious code not relying on time delayed virus pattern updates This combination provides in depth security against a multitude of threats while offering unmatched performance through use of the Anti Virus PreScan technology Offers in depth security against all kinds of malicious code such as aggressive viruses potentially unwanted programs spyware day zero attacks and blended threats not covered by traditional anti virus and firewall solutions The highly efficient anti malware engine is used in combination with the Proactive Scanning filtering technology Offers complete protection of the central Internet gateway The highly accurate spam detection filters stem the flood of unwanted Spam mail before it reaches the user s desktop Your systems will not be impaired the availability of valuable internal mail infrastructures such as group servers is thus maintained Helps you protect your network against attacks via the HTTPS protocol
5. Webwasher SSL Scanner Version 6 5 SECURE COMPUTINGe Webwasher Web Gateway Security www securecomputing com Part Number 86 0946643 A All Rights Reserved Published and Printed in Germany 2007 Secure Computing Corporation This document may not in whole or in part be copied photocopied reproduced translated or reduced to any electronic medium or machine readable form without prior consent in writing from Secure Computing Corporation Every effort has been made to ensure the accuracy of this manual However Secure Computing Corporation makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose Secure Comput ing Corporation shall not be liable for any error or for incidental or consequential damages in connection with the furnishing performance or use of this manual or the examples herein The information in this document is subject to change without notice Webwasher MethodMix AV PreScan Live Reporting Content Reporter ContentReporter Real Time Classifier are all trademarks or registered trademarks of Secure Computing Cor poration in Germany and or other countries Microsoft Windows NT Windows 2000 are registered trademarks of Microsoft Corporation in the United States and or other countries McAfee is a business unit of Network Associates Inc CheckPoint OPSEC and FireWall 1 are trademarks or registered trademarks of CheckPoi
6. o gt 7 22 Y First known CA is trusted First known CA is untrusted Only unknown CAs found Trusted Certificate Authorities Add a CA to your list Balai ii ABA ECOM INC v ote lithe drop down box is empty all known CAs are already in this list Do nottrust Add to all policies Found 2 entries with Number of entries per page Certificate Authority El Beldgacom M Trusted F CL HET SecureNet CA Class A LI Trusted O Select All Delete Selected At the top of this tab there is the Known Certificate Authorities link A click on this link will take you to the tab with the same name where you can add Certificate Authorities to the list or delete them Furthermore there are two sections on this tab e Certificate Authorities e Trusted Certificate Authorities They are described in the following Certificate Authorities The Certificate Authorities section looks like this Certificate Authorities Actions for CAs First known CA is trusted First known CA is untrusted Only Unknown CAs found 4 18 SSL Scanner Using this section you can configure actions for content with certificates issued by known Certificate Authorities CAs that are either trusted or untrusted as well as for unknown Certificate Authorities A vendor having signed content by issuing a certificate may request a CA to issue a Certificate to sign this vendor certificate This CA may itself have been signed by an
7. 2 50 Using this section you can configure messages to be written to the system log if connections were refused due to heavy work load or license exhaustion After specifying the appropriate settings click on Apply Changes to make them effective Use the following items to configure log messages e Enable message to be written to system log Mark this checkbox if you want log messages to be written to the system log Message text In this input field enter the message text The default text is d generated t by 0 You can use the variable log file parameters appearing in the default text to set up your own message text Furthermore you can use an event name and a severity parameter The following table lists these parameters and their meanings e d S t 0 Short name of the event that caused the log file message to be written Description of the event Severity of the event Local time and timezone of the host that generated the log file message FQDN name of the host Chapter 3 Common The features that are described in this chapter are accessible over the Com mon tab of the Web interface Home Common URL Filter Anti Malware Anti Spam SSL Scanner These are filtering features that are common to the SSL Scanner and other Webwasher products e g media type filters the document inspector the white list etc The upcoming sections describe how to handle these features The de
8. Common Media Type Catalog The Media Type Catalog section looks like this Media Type Catalog Defines media types and howto recognize them Options C Magic bytes are necessary C Magic bytes are ambiguous Magic Bytes This table contains sequences for recognizing this media type Offset Magic Bytes Add f Modify Found 124 entries with Media Type applicationtace applicationtare applicationtar application basic source application batch application blakhole applicationicab applicationicrmad application cpio applicationfexecutable F Select All Delete Selected Using this section you can add a media type to the Media Type Catalog A media content type is a general category of data content such as an ap plication audio content a text message an image a video stream etc 3 87 Common 3 88 The media type tells the application that receives the data what kind of appli cation is needed to process the content e g Real Audio is to play the audio content for a user Each of these media types also have subtypes e g the text media type has four subtypes plain rich text enriched and tab separated values You can also specify how a media type should be recognized by the particular magic byte sequences of the files belonging to it To add a media type to the catalog use the area labeled e Add or modify Media Type In the upmost input field provided here enter the med
9. Dl deactivate C C deactivate O Dl deactivate F Dl deactivate dl Dl deactivate F Dl deactivate dl Dl deactivate dl Dl deactivate dl Dl deactivate Page lof Cl Select Al Delete Selected gt L There is this one section on this tab e Dimension Filter List It is described in the following 3 47 Common 3 48 Dimension Filter List The Dimension Filter List section looks like this Dimension Filter List Eliminates banner ads and objects by size Add new dimension Format width height in pixels F deactivate Add to Dimension filter List D Add to all policies Found 62 entries with Dimension Filter d LI deactivate 4 L deactivate L LI deactivate dl LI deactivate d LI deactivate L deactivate LI LI deactivate L LI deactivate d LI deactivate a LI deactivate CI Select all Using this section you can add dimension settings to the Dimension Filter List and edit them These an be used for filtering images applets and plug ins To do this use the area labeled e Add new dimension In the input field provided here enter a pair of pixel values to specify the height and width of an object that should be filtered e g 60x52 Furthermore use the following item when adding dimension settings to the list deactivate If this option is enabled the co
10. Provide information about the Webwasher appliances Appliance Installation and Configuration Guide PDF Appliance Upgrade Guide PDF There are four sections on this tab Content Reporter Documents Instant Message Filter Documents Special Environment Documents e Appliance Documents They are described in the following Content Reporter Documents The Content Reporter Documents section looks like this m Content Reporter Documents Provide information about installing configuring and operating the Web Content Reporter Installation and Configuration Guide Content Reporter User s Guide for Reporting This section allows you to view user documentation on the Webwasher report ing tool To view any of the documents listed here click on the PDF link in the same line This will open a pdf format version of the document 2 37 Home 2 38 Instant Message Filter Documents The Instant Message Filter Documents section looks like this Instant Message Filter Documents Provide information about installing configuring and operating the Instant Message Filter Installation Guide Instant Message Filter User s Guide This section allows you to view user documentation on the Webwasher instant message filtering tool To view any of the documents listed here click on the PDF link in the same line This will open a pdf format version of the do
11. Using this section you can enable an emergency mode to apply a single strict policy overruling all other policies This might be useful in a situation when e g a new virus emerges You may then want to replace all policies that were configured for different users and user groups by one single policy which is rather strict and binding for all 2 21 Home 2 22 To enable the emergency mode e Click on the Activate emergency mode button Activate emergency mode This button is a toggle switch After enabling the emergency mode the inscrip tion on it will read Back to normal mode To disable the emergency mode e Click on the Back to normal mode button Hack to normal mode When the emergency mode is enabled there is also an alert in the System Alerts section of this tab to remind you it is enabled Emergency profile used for all connections Turn it off when not necessary lt is recommended to turn the emergency mode off when it is no longer needed To select the policy that will be used under the emergency mode go to the Mapping Process section on the Web Mapping tab under User Manage ment gt Policy Management The default policy to be applied under the emergency mode is a policy named Emergency You may also retain this policy and its settings or modify them according to your requirements Version Information The Version Information section looks like this Version Information CSM Suite 6 0 0 Bet
12. You also want these settings to be part of your default filtering policy The following overview shows the main steps you need to complete in order to configure the feature in this way Configuring the Animation Filter Overview Step 1 Navigate to the section 2 Configure settings 3 Make settings effective In more detail these steps include the following activities 1 Navigate to the section a Select the Common tab Home Common URL Filter Anti Malware Anti Spam SSL Scanner b In the navigation area on the left select Advertising Filters which is located under Policy Policy default Media Type Filters Document Inspector Archive Handler Generic Header Filter Generic Body Filter Advertising Filters Privacy Filters Text Categorization HTTP Method Filter List FTP Command Filter List Welcome Page White List OE OOO DOO Introduction default is selected in the line below Policy which means that the settings you are going to configure now will be valid under your default filtering policy So leave this selection as it is Otherwise you could select a different filtering policy using the drop down list provided here c Enable Advertising Filters To do this mark the checkbox next to the inscription You need to do this because all features that are placed under this main feature like the Animation Filter will only work if it is enabled d From the tabs provided for configu
13. but no other activities are performed by the SSL Scanner SSL Scanner Bypass SSL Scanner The SSL Scanner is bypassed completely i e no activities whatso ever are performed Client Certificate Handling The Client Certificate Handling section looks like this Client Certificate Handling Defines what should happen if server asks for client certificate A Verity server certificate and use Client Certificates to decrypt session O Verity server certificate but do not decrypt session Block session Using this section you can configure what should happen if the server that is requested by a client asks for a client certificate Using this section you can configure tunneling for particular URL filtering cat egories You can configure up to three categories for tunneling These may pre defined or user defined categories lf you want to use additional categories you need to enter them in the global ini configuration file which is located in the conf folder of the Web washer program files This tunneling option is not enabled by default If you want to enable it mark the checkbox next to the section heading After specifying the appropriate information click on Apply Changes to make your settings effective Use the following radio buttons to configure the handling of client certificates e Verify server certificate and use client certificates to decrypt ses sion Enable this option to have both the server
14. ies mber of entries per page Media Type Description e CU 2 fee C type filter in media Cl ignore In web Upload filter Cl select All Delete Selected There is one section on this tab e Media Type White List It is described in the following Common Media Type White List The Media Type White List section looks like this Media Type White List Defines media types that will be allowed Select media type trom catalog applicationface 2 Description Enter description here gt O lanore in Media Type Filter lgnore in Web Upload Filter Add to Media Type White List D Add to all policies Found 1 entries with Media Type Description C messagelrca22 del Select All Delete Selected Using this section you can add a media type to the Media Type White List Objects belonging to the media types on this list will be allowed To add a media type to the white list use the area labeled e Select media type from catalog Select the media type you want to include in the white list from the drop down list provided here e g application ace Furthermore use the following items when adding a media type Description Input in this field is optional You may enter a description of the media type here Ignore in Media Type Filter If this option is enabled the media type in question will be ignored when the Media Type Filter is applied to Web and e mail downloads Ignore
15. mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy default v Media Type Filters The options are arranged under the following tabs Poff ta di Sadie a They are described in the upcoming sections e Settings see 3 8 1 e Link Filter List see 3 8 2 e Dimension Filter List see 3 8 3 3 35 Common 3 8 1 Settings The Settings tab looks like this Settings Link Filter List Dimension Filter List Link Filter Screens content based on information from the URL CJ Disable built in filter list Objects to be filtered Images Windows Scripts Layers Frames Embedded objects Forms Text links Backgrounds Dimension Filter Eliminates banner ads and objects by size Mm to be filtered Images Applets Plug ins C Ignore objects without specified dimensions C Filter objects that are located on the same server E Pop Up Filter Eliminates script initiated pop up browser windows C Also disable manually opened windows Filter scripts that a Web page executes on loading Filter scripts that a Web page executes on closing C Prevent supplementary modification of the ad
16. the software in question as is the case with self signed certificates depth 1 is for a certificate issued to certify a depth O certificate and so on The newly added exception will be shown in a list displayed below To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols You can also edit this list by specifying the appropriate settings for a given en try After doing this click on Apply Changes to make these settings effective Use the following items to perform other activities relating to the list e Filter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 4 25 SSL Scanner 4 8 Global Trusted Certificate Authorities The Global Trusted Certificate Authorities options are invoked by clicking on the corresponding button under
17. 3 INTO dUCUON veraia E EAEE l 1 ABOUE TAS GUIAS edades 1 2 What Else Will You Find in This Introduction cccceeeeeeneeeeeeeueeeees 1 2 Usina Webwas heras 1 3 FrStLare Tabs id 1 4 Configuring a Sample Setting ccccccccccccccncccnnncncnnnnncnnncnnnnana naar nannnnnns 1 5 General Features of the Web Interface cccccceeeeeeeeeenueeeeeeeueeenueueees t 7 Other DOCUMEN ti dd as 1 11 Documentation on Main Products cccceeeceeecceeeceeeuceuueeueueeuuueeuueeuues 1 12 Documentation on Special Products ococcccccccnccnnncnnncnnnnnncnnncnnnnnnnnnnnnas 1 13 The Webwasher Web Gateway Security Products 0cceseeeeeeeeeeeeees 1 14 HOME a Beet 2 1 DA O NN 2 2 DASMDO ANG e aid da si 2 2 EXE CUUVE SUNA is 2 8 TIMING Vollmer da cdas 2 11 A O vole EEE baie AT 2 13 OVGMIEW FEAU nseries 2 18 A a Ri 2 19 SUDDO ier ee ee ere re re A ce A ERA 2 23 o O a E 2 23 RUSTICA S OU CS waht ts vice ca vee aia 2 24 TTUSTOO SO UICO usaron rallada ubenda 2 25 Malware Feedback Black LiSt ccccecccceccceceucecceucceneusensuneeaueueennaues 2 30 0 oo AAA A AA 2 33 MantalS ta dad 2 34 Documentation on Main Products ccccceeceeeceeeeceeeeceuueeueueeuuueeuneeuaes 2 35 Documentation on Special Products coocccccocccncccccnnanonnnnnnnnnancnnnnna ranas 2 37 Additional DOCUMENTATION ccccceeccceecccencccucccunccuneecuneeeuceeunesunnnees 2 39 ii aea r a a a r ceases 2 40 o A 2 40 A e sans av
18. 41 0Odi41 08 41 Media Types by Hits Top10 sa pati Mediatype test ml text plain text html de o RMS wideo ms ast image jpeg gt Image git oe application pkix crl H 1 Last reset never Reset now Mediatype text xmil text html video s ms wys text plain wideo ms ast image gif image jpeg application pkix crl 664 06 There are four sections on this tab Frequent Media Types by Hits Frequent Media Types by Volume Media Types by Hits Media Types by Volume 3 4 Common They are described in the following Before this is done however the following subsection provides some general information on the quick snapshot features Handling the Quick Snapshot The quick snapshot features on this tab allow you to view summary information about several media type filtering parameters at a glance For two of them information is displayed with regard to a particular time interval e g the number of media that were processed by the Media Type Filter over the last three hours categorized and grouped according to the media type Percentages are calculated for the individual categories which are shown by means of a pie chart on the left side of the corresponding tab section On the right side of a section parameter values are shown as they developed in time using either a stacked or a line mode The pie chart and the representation in stacked or line mode are handled in the same
19. Document They are described in the following General Documents The General Documents section looks like this General Documents Provide information about Planning installing and configuring Webwwasherin gener Deployment Planning Guide Installation Guide Guick Configuration Guide system Configuration Guide Advanced configuration Guide Upgrade Guide This section allows you to view user documentation on planning installing and configuring Webwasher in general 2 35 Home 2 36 To view any of the documents listed here click on the PDF link in the same line This will open a pdf format version of the document Product Documents The Product Documents section looks like this Product Documents Provide information about configuring and operating particular Web URL Filter User s Guide Anti Malware Users Guide Anti Virus User s Guide nt Spam User s Guide SSL Scanner User s Guide This section allows you to view user documentation on individual Webwasher products To view any of the documents listed here click on the PDF link in the same line This will open a pdf format version of the document Reference Document The Reference Document section looks like this Reference Document Provides information about configuring items concerning more than one product Reference Guide This section allows you to view the Webwasher Reference Guide To view it click on the PDF link in the same line This will
20. Feedback Black List Feedback They are described in the upcoming section e TrustedSource see 2 5 1 e Malware Feedback Black List see 2 5 2 e Feedback see 2 5 3 2 24 Home 2 5 1 TrustedSource The TrustedSource tab looks like this TrustedSource Malware Feedback Black List Feedback E Spam False Positives Feedback Queue allows to send feedback to Webwasher to improve spam filter SMTP queue to Lise FeedbackFalsePuositves gt See Content of Queue Send interval in minutes 0 means no automatic send E Mail Address FalsePositivesFeedback WillbBeCatchedByWebwasher com F Spam False Negatives Feedback Queue allows to send feedback to Webwasher to improve spam filter SMTP queue to use FeedbackPalseMegatwes See Content of Queue Send interval in minutes 0 means no automatic send E Mail 4ddress FalseNegativesFeedbacka WillBeCatchedByWebwasher com O Malware Feedback QUEUE allows to send feedback to Webwasher to improve malware filter SMTP queue to use FeedbackMalhware gt See Content of Queue Send interval in minutes 0 means no automatic send F URL Feedback allows to send feedback about uncategorized URLs to Webwasher to improve URL filter ES Interval in minutes 0 means no automatic send There are four sections on this tab Spam False Positives Feedback Queue e Spam False Negatives Feedback Queue Malware Feedback Queue URL Feedback They are described in
21. Furthermore this color is used to represent the category in stacked or line mode Show last O Stacked Line et ae eae tj Idle Pea A vr a FL 4 D o 14 31 14 41 14 51 There is a limit to the display of some parameters There may be values in more than six categories for these parameters but only six categories and their values are shown at the same time By default these are the categories with the top six values You can how ever select other categories for display using the drop down lists which are provided with the categories but not more than six 4 Average last 1 Week text xml E text plain text html Wideo x ms wvx image jpeg Wideo x ms ast Selecttop 6 average values lt z lt al If you have made your own selection of categories a click on the button labeled Select top 6 average values will again display the six top value categories 2 5 Home Since only the categories are shown that yielded the top six values or the categories you selected on your own values that may have occurred in other categories are ignored here To get a representation of the total amount of values you need to select Others as a category y Average last 1 Week text xml text plain text html Wideo x ms wx image jpeg Others Select top 6 average values S lt lt lt ES GS GS ea ES The values for five selected categories wi
22. Inspector The Document Inspector tab looks like this Document Inspector Document Download Filter Filters inbound documents Encrypted document found PES O Apply gt Text Categorization on downloaded documents Encrypted document found MES Allow E Document Upload Filter Filters outbound user originating documents E Document Mail Filter Filters documents attached to e mails Encrypted document found Allow v Document Tynes Specifies which filters aye poniledtnwhich Sle a ee ee See Se Oasis Open Simple Object Microsoft Microsoft Microsoft Adobe Generic xm Microsoft Document Format Access Protocol SOAP Word Excel PowerPoint PDF OpenXML roer Filter adi Et or Mail Filte Y 0 General Options specifies options that apply to all Document Filters iy Replace quarantine and notify Word 95 document format not readable Block and notify ws Allow v Structured Storage document like Visio or MSI not readable Allow Replace quarantine and notify Office document not readable EEJ Block and notify Y Replace quarantine and notify Library not loadable or failed Block and notify There are five sections on this tab Document Download Filter Document Upload Filter Document Mail Filter Document Types General Options They a
23. Media Type Catalog The Media Type Catalog options are invoked by clicking on the correspond ing button under Common Media Type Catalog The options are arranged under the following tab Media Type Catalog They are described in the upcoming section e Media Type Catalog see 3 16 1 3 85 Common 3 16 1 Media Type Catalog The Media Type Catalog tab looks like this Media Type Catalog Media Type Catalog Defines media types and how to recognize them Add or modify Media Type O OS Options O Magic bytes are necessary C Magic bytes are ambiguous Magic Bytes This table contains sequences for recognizing this media type Offset Magic Bytes Add Modify Found 172 entries with Number of entries per page elect Medi Filter applicationface gt view details or edit applicationfarc gt view details or edit application ary view details or edit application basic saurce gt view details or edit application batch gt view details or edit application blakhole gt view details or edit aan annliratinn irah Pa arar doodle ne adi a Le wine x era a R R i view details or edit application cmd gt view details or edit application cpio view details or edit applicationfexecutable Page 1 of 15 ap Cl Select All Delete Selected There is one section on this tab e Media Type Catalog It is described in the following 3 86
24. SSL Scanner Global Trusted Certificate Authorities The options are arranged under the following tab Global Trusted Certificate Authorities They are described in the upcoming section e Global Trusted Certificate Authorities see 4 8 1 4 8 1 Global Trusted Certificate Authorities The Global Trusted Certificate Authorities tab looks like this Global Trusted Certificate Authorities Trusted Certificate Authorities Add a CA to your lit O Select CA ABA ECOM INC Vote lithe drop down box is empty all known CAs are already in this list Found no entry with Certificate Authority Cl Select All Delete Selected There is one section on this tab e Trusted Certificate Authorities It is described in the following 4 26 SSL Scanner Trusted Certificate Authorities The Trusted Certificate Authorities section looks like this Trusted Certificate Authorities Add a CA to your list selene ABA ECOM INC Wore lf the drop down box is empty all known CAs are already in this list Found no entry with Certificate Authority C Select All Delete Selected This section provides the global list of Trusted Certificate Authorities CAs i e the list that is valid for all policies configured under Webwasher If a CA is also in a policy dependent list the settings configured for this list will prevail Also provided is a list of known CAs from which you can select CAs to
25. SSL Scanner 4 2 1 Quick Snapshot The Quick Snapshot tab looks like this Quick Snapshot Certificate Verification Overview Show last stacked O Line 7 Average last 1 Hour d Malus Mismatch Mw Wildcard Match e Reyoced i Unresolvable Aly GRE mateo There is one section on this tab e Certificate Verification Overview It is described in the following Certificate Verification Overview The Certificate Verification Overview section displays the number of times Webwasher has completed a verification process for a certificate The result of the process may be a blocking or an another action that has previously been configured Values are shown for the following categories of results in a verification process e Name Mismatch The name given to a host in a certificate does not match the host name that is provided by the URL 4 4 4 3 SSL Scanner Wildcard Match A wildcard name has been used in a certificate for a host which matches the host name provided by the URL Whenever a verification process is passed by a certificate in this way an action will be executed by Webwasher This could also be an Allow Expired The certificate has expired Revoked The certificate has been revoked by the authority that issued it Unresolvable The status of a certificate could not be resolved CRL Match The certificate was found on a CRL Certificate Revocation List Certificate Verification The Cer
26. There are seven sections on this tab e Update Status e Open Ports e CPU Utilization e Memory Usage e Swap Utilization e Filesystem Utilization e Network Utilization They are described in the following Shaw last Stacked Line 1 75B 1 156 17r AMB 0 14 24 14 34 14 44 Show last 1 Day 26 1 44 9 33 6 22 4 11 2 0 14 44 18 44 Show last 1 Day 172 7EB s 138 1EB s 103 6KB s Bo 1EB s 345K B s o 14 44 18 44 Home Update Status The Update Status section displays the status of several Webwasher filtering features e g SmartFilter Secure Anti Malware etc which can be updated to ensure that the latest filtering rules methods signatures etc are used by Webwasher The following information is displayed for each feature e Feature Name of the feature e Version Version of the feature e Last Update Time when the feature was last updated Open Ports The Open Ports Webwasher Listener section displays the various ports that are currently open with Webwasher listening for requests sent over these ports The following information is displayed for each port e Interface IP address of site communicating with Webwasher over the port e Port Port number e Protocol The protocol under which communication is going on over the port Service The service Webwasher delivers over the port e g acting as HTTP proxy Status The status Webwasher has with regard to th
27. To sort the list in ascending or descending order click on the symbol next to the Media Type or Description column heading To edit an entry type the appropriate text in the input field of the Description column and enable or disable the Ignore in media type filter and Ignore in media type filter options Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filter Type a filter expression in the input field of the Media Type or Description column or in both and enter this using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 3 15 Common 3 3 3 Media Type White List 3 16 The Media Type White List tab looks like this Pa lt lt ATT Actions Media Type Black List Media Type White List Se a A RA AAA A feo ariaa E oD Select media type from catalog applicationface Description lt Enter description here gt F Ignore in Media Type Filter P Ignore in Wi Add to Media Type White List Add to all polic Found 1 entries with Nu 2b Upload Filter
28. abbreviated format is needed for two purposes the log files and the X Attribute header The X Attribute header is a type of REQMOD RESPMOD header and is a compatibility setting used to simplify the cooperation between the ICAP server and client Note that after changing an abbreviated name all the possible values of the X Attribute header will be sent in the OPTIONS response ICAP clients may run into problems until the next OPTIONS request if they rely on previous OP TIONS responses The categories that you configure here will be shown on the Category Actions tab under URL Filter gt Category Actions where you can configure actions e g Block Block log and notify Allow etc for these categories After specifying the appropriate settings click on Apply Changes to make them effective Use the following items to configure your own categories e Number of user defined categories In the input field provided here enter the number of categories you want to configure The maximum number is 15 Default 5 Then click on Apply Changes for the first time You need to click on this button a second time after specifying the settings for the individual cate gories The list of category input fields will then be enlarged or reduced according to the number you entered Common e Category 1 to Category n In the input fields provided here enter the category names you want to use and the abbreviated formats of these names 3 16
29. buttons to configure these settings e Replace filtered objects with Mark this checkbox if you want to have filtered objects replaced with some thing Then check the radio buttons below to specify with what they should be replaced a transparent image Enable this option to replace an animated image with a transparent image another image Make sure this option is enabled if you want to replace an animated image with another image In the input field provided here enter the path and name of the image you want to use The option is enabled by default Likewise a default image is config ured to replace animations e Do not filter objects located within Mark this checkbox if you want to exclude objects from filtering that are within the same path or domain 3 43 Common 3 8 2 Then check the radio buttons below to further specify the exclusion the same path Enable this option to exclude objects within the same place from filter ing the same domain Enable this option to exclude objects within the same domain from fil tering e Do not reduce filtered frame size Mark this checkbox to prevent filtered frame sizes from being reduced Link Filter List 3 44 The Link Filter List tab looks like this Settings Link Filter List Dimension Filter List Link Filter List Screens content based on information about the URL _ _ _ ____ Format funwanted dir a
30. default If you would like to help improve the URL filter please mark the checkbox next to the section heading After specifying this setting and the setting for the send interval click on Apply Changes to make these settings effective 2 29 Home Use the following item to configure the URL feedback e Send interval in minutes In the input field provided here enter a time interval in minutes to specify the time that is to elapse between sending e mails The default interval is 240 minutes Entering 0 here means that no e mails will be sent automatically E mails can be sent manually however using the QUeue Management page which is launched after clicking on the See Content of Queue link next to the drop down list On this page click on the button labeled Send All to SecureLabs now to send the e mails 2 5 2 Malware Feedback Black List The Malware Feedback Black List tab looks like this Feedback Feedback Queues Malware Feedback Black List Malware Feedback Media Type Black List Defines malware media types that should not be put to the feedback queue gt Select media type fram catalog applicationface a Description lt Enter description here Add to Malware Feedback Media Type Black List Found 1 entries with Number of entries per page Media Type Description F applicationface zEnter description herez H lanore in media ype ignore in web upload filter filter
31. downloadintormationtenns and conditions palt This section allows you to view the most recent version of the Webwasher end user license agreement To view the agreement click on the link that is provided here Import License The Import License section looks like this Import License PO You have to accept the EULA L have read the end user license agreement and accept it Using this section you can import a license for the Webwasher software 2 46 Home To import a license proceed as follows 1 Click on the Browse button provided here and browse for the license file you want to import Before you can import it you will have to accept the end user license agreement To read it click on the end user licencse agreement link provided here 2 If you accept the agreement mark the checkbox labeled have read This will turn the button saying You have to accept the EULA first into one saying Activate License 3 Click on this button to import the license Activate License Licensed Products The Licensed Products section looks like this Licensed Products ES URL Filter Included Anti Malware Included Ed Anti Virus Included T Anti Spam Included EN Content Protection Included er osL scanner Included esi Content Reporter Included 9 Instant Message Filter included This section displays the Webwasher products and provides information as to whether they are covered by your license For an over
32. e mail that is potentially malicious 3 23 Common Document Types The Document Types section looks like this Document Types Specifies which filters are to be applied to which file formats En i E i FA En i Microsoft Microsoft Microsoft Adobe Generic pL Micros wora Excel PowerPoint POF Opens Download Filter Upload Filter Mail Filter Using this section you can configure which of the filters that are accessible over the other sections of this tab should be applied to which document for mats The document formats that can be filtered include Microsoft Word 97 2003 Mi crosoft Excel 95 2003 Microsoft PowerPoint 95 2003 and all Known versions of Adobe Portable Document Format PDF Furthermore they include the following open document formats Generic XML Microsoft OpenXML Oasis Open Document Format and the Simple Object Access Protocol SOAP which is an XML based communications protocol for applications These documents may contain active content Word Excel PowerPoint and Microsoft Open XML support ActiveX controls and macros while PDF and the Oasis Open Document Format support embedded JavaScript This active content may be hostile rather than friendly so for full protection against files that are embedded in Microsoft Office PDF or open format docu ments you should use the filter provided by the Document Inspector to inspect these documents and block malicious content from entering your corp
33. for at least 3 days is repeated on the General Settings tab which is provided for configuring the general settings of virus scanning 2 20 Home System Summary The System Summary section looks like this System Summary Displays the latest system modifications and updates System Settings Admin Current Policy default Admin URL Fitter Database Database Number 1509 Anti Virus Engine and Signatures secure Anti Malware 6035 18 1 Computer Associates ETrust in 2006 6 13 McAfee Antivirus Engine 5 0 00 Version 4782 Sophos 2381 4 06 123312 virus Spam Filter Rules Database Number 9454 Certificate Revocation Lists Proactive Scanning Database Database Number O This section displays information on the system status Information is provided on the user who is currently logged in and on the anti virus engines that are installed showing also their current versions Furthermore the last updates of the databases containing the rules for filtering URLs viruses and spam are displayed as well as the version of the certificate revocation list Clicking on the links that are provided here e g on the Proactive Scanning Database link will take you to the corresponding Update Manager tabs where you can configure and manually perform updates of the databases One Click Lockdown The One Click Lockdown section looks like this One Click Lockdown Use single strict policy Activate emergency Oe et a
34. g 80 and you have configured read only access for other administrators while you are logged in this will apply to all adminis trators with a seniority level of 80 or below If an administrator with a level of e g 60 logs in a window will open providing access in read only mode At the same time the number of sessions is dis played that are currently active as well as the number of sessions where the seniority level is equal to or higher than that of the administrator who is trying to log in Furthermore the number of sessions is displayed where this administrator is allowed to modify access permissions In this case there are no such sessions because someone with an equal or higher seniority level i e you has already configured the corresponding settings in a particular way This administrator now has the choice of logging in with read only access or not On the other hand if an administrator with a seniority level of e g 100 logs in this administrator is entitled to modify what you configured since your senior ity level is only 80 This modification will also apply to sessions where other administrators are already logged in The seniority level is configured on the Role Definition tab under User Man agement gt Administrators Click on the Edit Role Permissions button there to open a window where you can configure a value for the seniority level After specifying the appropriate settings here click on Apply Changes t
35. include them in the list of trusted CAs To select a CA from the list of known CAs and add it to the list of trusted CAs use the area labeled e Select CA Select the CA you want to add to the list of trusted CAs from the drop down list provided here If this list is empty it means that all Known CAs have been included in the list of trusted CAs To add the CA you select use the following button Trust Click on this button to add a CA to the list as trusted The list of trusted CAs is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard 4 27 SSL Scanner 4 9 If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols To sort the list in ascending or descending order click on the symbol next to the Certificate Authority column heading To change the status of CA from trusted to not trusted or the other way round mark or clear the Trusted checkbox in the same line Then click on Apply Changes to make this setting effective You can edit more than one list entry and make the changes effective in one go Use the following items to perform other activities relating to the list e F
36. list will be compared to the domain where the cookie was sent from or will be sent to in order to determine whether the cookie is good neutral or bad Good cookies can pass bad cookies are filtered out and neutral cookies will vanish after the configured life span To add a cookie to the list use the area labeled e Add new cookie In the input field provided here enter the cookie Then classify it by checking of one of these three radio buttons good neutral bad The neutral button is checked by default Add to Cookie Filter List After specifying a cookie and classifying it click on this button to add it to the list This addition will be valid only under the policy you are currently con figuring To add a cookie to the list for all policies mark the checkbox labeled Add to all policies before clicking on the button If a cookie that was configured under another policy is already in the list the setting of the Add to all policies checkbox will have no effect 3 57 Common 3 10 The Cookie Filter List is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by
37. not only by the SSL Scanner but also by other Webwasher Web Gateway Security products Among these features are system alerts licensing features media type filters etc SSL Scanner SSL Scanner This is the top level tab for configuring the features that are specific to the SSL Scanner The tabs mentioned in the following are not described in this document URL Filter Anti Malware Anti Spam URL Filter Anti Malware Anti Spam These are tabs for configuring the features of other Webwasher Web Gateway Security products Note that the Anti Malware tab is used for both the Webwasher Anti Virus and the Webwasher Anti Malware product For a description of these tabs see the corresponding User s Guides User Management Reporting Proxies Configuration User Management Reporting Proxies Configuration These are tabs for configuring features that adapt Webwasher to the system environment it is running in For their description see the System Configuration Guide Introduction 1 3 2 Configuring a Sample Setting This section explains how to configure a sample setting of a Webwasher fea ture The feature chosen here for explanation is the Animation Filter In order to avoid the download of bandwidth consuming animated images this filter detects and modifies or removes them For this sample setting just Suppose you want to enable the filter and let it remove any such images from the filtered objects
38. on Apply Changes to make them effective Use the following items to configure filtering conditions and actions e Word 95 document format not readable From the drop down lists provided here select actions for documents in Web and e mail traffic e g Block or Allow These are required because this format is not supported by the Document Inspector which means the documents in question are unreadable for this filter 3 25 Common 3 5 e Structured Storage document like Visio or MSI not readable From the drop down lists provided here select actions for documents in Web and e mail traffic e g Block or Allow These actions will be executed if a structured storage document is unread able e Office document not readable From the drop down lists provided here select actions for documents in Web and e mail traffic e g Block or Allow These actions will be executed for any type of office documents that are unreadable perhaps due to encryption e Library not loadable or failed From the drop down lists provided here select actions for documents in Web and e mail traffic e g Block or Allow These actions will be executed if the Document Inspector library could not be loaded Archive Handler 3 26 The Archive Handler options are invoked by clicking on the corresponding button under Common Archive Handler If you want to enable any of these options make sure the checkbox on this button is also mar
39. open a pdf format version of the document Home 2 6 2 Documentation on Special Products The Documentation on Special Products tab looks like this Documentation on Main Products Documentation on Special Products Additional Documentation Content Reporter Documents Provide information about installing configuring and operating the Webwasher reporting tool Content Reporter Installation and Configuration Guide gt PDF Content Reporter User s Guide for Reporting PDF Instant Message Filter Documents Provide information about installing configuring and operating the Webwasher Instant Messager s Instant Message Filter Installation Guide PDF Instant Message Filter User s Guide PDF Special Environment Documents Provide information about setting up Webwasher or products running with it ina special environment z Setting Up NetCache with ICAP PDF Setting Up Webwashen on Microsoft 154 Server gt PDF Setting Up Webwashern with Blue Coat gt PDF NTML Agent Set up Guide PDF HSM Agent Set 4p Guide PDF Appliance Documents
40. operat ed ee Operations _ Add to all policies Using this section you can configure the Generic Body Filter blocking and other actions for Web and e mail content according to keywords regardless of the URL it originates from So you could use the Generic Body Filter e g to block Win32 executables When configuring the filter rules are set up of the following format If the 2nd byte of a file has the value of n and the 3rd byte does not have the value of n and within the bytes 100 to 200 a string of n can be found then The Generic Body Filter also supports case insensitive operands by using an uppercase in front of a quoted operand 3 34 3 8 Common So to block e g all HTML pages encoded as UTF 16 you can configure a rule like the following 0 128 Contains I lt OOh OO0Ot OOm OON 00 Or 0 128 Contains I 0OO0 lt 00h 00t 00m 001 With this rule the first expression blocks UTF 16LE and the second blocks UTF 16BE The rules for filtering body content in this way and the actions that are exe cuted when a rule matches are entered in the fields of this section For an explanation of them see the corresponding online help page On this page an example is also provided for configuring a body filtering rule Advertising Filters The Advertising Filters options are invoked by clicking on the corresponding button under Common Advertising Filters C If you want to enable any of these options
41. the paths leading to them The current tab and path are always visible in the display field e g Common gt Policy gt Media Type Filters gt Actions w Clicking on the arrow to the right of the path display will show the click history i e a list of the tabs you visited prior to this one Common gt Policy gt Media Type Filters gt Actions Common gt Policy gt Advertising Filters gt Settings SoL Scanner gt Quick Snapshot Common gt Quick Snapshot Home gt Dashboard gt Executive Summary Clicking on any of the entries displayed in the list will take you to the corre sponding tab Introduction The click history is only recorded for the current session i e until you log out After logging in for a new session the recording of tabs and paths will start all over again Information Update Some parts of the information that is provided on the tabs of the Web interface will change from time to time In these cases the information display is updated automatically every three seconds by Webwasher So e g you might have performed a manual update of the anti virus engines This means that the information provided in the Current Status and Log File Content sections on the corresponding AV Engine tab will begin to change continuously over a certain period of time until the update is completed These sections are then updated automatically every three seconds to reflect the status of the update pro
42. then displayed where you can select a particular page by clicking on the appropriate arrow symbols To sort the list in ascending or descending order click on the symbol next to the URL column heading To edit an entry type the appropriate text in the corresponding input field and mark or clear the deactivate and do not filter checkboxes in the same line Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button Common 3 8 3 Dimension Filter List The Dimension Filter List tab looks like this Settings Link Filter List Dimension Filter List Dimension Filter List Eliminates banner ads and objects by size Add new dimension e Format width height in pixels dl deactivate Add to Dimension filter List add to all policies Found 62 entries with Dimension Number of entries per page Filter dl C deactivate E
43. under the following tab Scan Encrypted Traffic They are described in the upcoming section e Scan Encrypted Traffic see 4 4 1 4 4 1 scan Encrypted Traffic The Scan Encrypted Traffic tab looks like this Scan Encrypted Trafic Tunneling by Category Allows to tunnel hosts by category 2 22 Define for which categories sessions should be tunneled Banking Finances Please select Delete category w Please select Delete category w Define tunneling behaviour a Verity certificate only Bypass SSL Scanner ie Client Certificate Handling Defines what should happen if server asks for client certificate E Verity server certificate and use Client Certificates to decrypt session O Verity server certificate but do not decrypt session O Block session T Decryption Warning Displays decryption notification for each best aa Some update servers for applications e g the server used for Windows updates require special treatment with regard to the SSL Scanner For further information see the FAQs under https suppon webwashercomAaq and search for entry ID 1532 There are three sections on this tab e Tunneling by Category e Client Certificate Handling e Decryption Warning They are described in the upcoming sections 4 9 SSL Scanner 4 10 Tunneling by Category The Tunneling by Category section looks like this C Tunneling by Category Allows to tunnel hosts by category Defi
44. under the following tab Generic Body Filter They are described in the upcoming section e Generic Body Filter see 3 7 1 3 7 1 Common Generic Body Filter The Generic Body Filter tab looks like this Generic Body Filter Body Filter List Blocks content according to binary pattern rules Add Rule Other Operations Add to all policies C Add to all policies A Applies to Transport Description applies to Media Types Directa lt Enter Enter description here gt Enter description here gt A o Ml Web Download Enabled lt Enter regular expression Enter regular expression expression MM web Upload Y mail Applies to Content of Size Offset Lenath ZEL E Clear and add expressions On match O Block v MMM Replace classify as Pleases Modify by Owe ia Add File Fingerprint we There is this section on this tab Body Filter List It is described in the following 3 33 Common Body Filter List The Body Filter List section looks like this Body Filter List Blocks content according to binary pattern rules Add Rule Description Applies to Med Enter description here gt lt Any Enabled Enter regular Unique ID Applies to Con E Offs et Length Operator Byte Sequence if Fae IE 5 Gri mateh ma Bock E Prepare Crclassify as 1 Sele O Modify by Malware _ Add to all policies
45. webvasher com enterprise download intormation terms_and_conditions pdf Import License Yau have to accept the EULA fst C 1 have read the end user license agreement and accept it Licensed Products ES URL Filter Included anti Malware Included E Anti Virus Included Anti Spam Included SSL Scanner Included Content Reporter Included EN Content Protection Included 2 Instant Message Filter Included There are four sections on this tab e License Information e Webwasher End User License Agreement e Import License e Licensed Products They are described in the following 2 45 Home License Information The License Information section looks like this License Information Company Mame Webwasher 60 Test Number of Clients 25000 Current Clients O Time Lirnit 01 07 2006 31 06 2008 Evaluation License Yes Customer number 1061 Key number System number 111 This section displays information regarding the license of the Webwasher soft ware Information is provided on the company that purchased the license the time interval during which the license is valid and other licensing issues Webwasher End User License Agreement The Webwasher End User License Agreement section looks like this Webwasher End User License Agreement The installation and deployment ot vWebwasher software products are exclusively governed by the the most recent version at http Wwaww webwashercomenterprise
46. whenever there is more than one entry in the list containing information on a particular object the entry that is first in the list wins Common 3 15 User Defined Categories The User Defined Categories options are invoked by clicking on the corre sponding button under Common User Defined Categories The options are arranged under the following tab User Defined Categories They are described in the upcoming section e User Defined Categories see 3 15 1 3 15 1 User Defined Categories The User Defined Categories tab looks like this ser Defined Categories User Defined Categories Names and abbreviates categories to be written to the log files O Mumber of user defined categories fup to 500 There is one section on this tab e User Defined Categories It is described in the following 3 83 Common 3 84 User Defined Categories The User Defined Categories section looks like this User Defined Categories Names and abbreviates categories to be written to the log files Number of user defined categories up to 15 ot Lat a gt ag O A SSGREHIE Eo ERAN TIRE Tc alada e Defined 2 E A ai I Defined 3 Pater Ae UserDefned4 Defined 4 ae 7 1 5 Category 4 UserDefinedS Defined 5 User Defined UE Using this section you can configure your own categories for URL classifica tion with names and abbreviated name formats You can configure up to 15 categories this way The
47. you can configure a filter to eliminate banner ads and ob jects based on their size To add dimensions to the Dimension Filter List go to the Dimension Filter List tab If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox is marked by default After specifying the appropriate settings click on Apply Changes to make them effective Use the following checkboxes to configure dimension filtering e Objects to be filtered Mark or clear the checkboxes provided here according to the content types you want to the filter to apply to 3 39 Common 3 40 Their meaning is as follows Images Enables or disables the filtering of images Applets Enables or disables the filtering of Java applets These are small programs accompanying a Web page that is sent to a user Java applets are able to perform interactive animations instant calculations and conversions etc without having to send a user re quest back to the server Plug ins Enables or disables the filtering of plug ins These are programs that can easily be installed and used as part of your Web browser Ignore objects without specified dimensions If this option is enabled objects that have their dimensions not specified will be ignored Filter objects that are located on the same server If this option is enabled objects will also be filtered if they are located on the same server By defau
48. you specify here 2 48 Home After specifying the appropriate information click on Apply Changes to make your settings effective Use the following items to configure the system notifications e Send notification upon license expiry Make sure the checkbox provided here is marked if you want to use this option and enter the recipient of the notification in the Recipient input field Send notification if number of licensed clients will soon be ex ceeded Make sure the checkbox provided here is marked if you want to use this option The recipient of this notification will be the one entered in the Recipient input field above To configure the settings for the server used to process the notifications click on the button labeled Edit Notification Mail Server This will open a window where you can specify the appropriate settings Notification Settings Specifies and tests the SMTP server for all notifications via e mail SMTP server port Sender Webwasheralocalhost After specifying the settings click OK to make them effective Furthermore there is a button labeled Send Test Messages in this section Click on this button to test your settings Too Many Clients The Too Many Clients section looks like this Too Many Clients writes system log messages if connections were refused due to heawy work load of licen Enable message to be written to system log Message text od generated Sot by 50 2 49 Home
49. List Media Type White List Media Type Black List Defines media types that will be blocked Select media type from catalog applicationface Description lt Enter description here gt d Ignore in Media Type Filter LI Ignore in Web Upload Filter Add to Media Type Black List add to all policies Mumber of entries per page Found 1 entries with Media Type Description ite Ld Na applicationface lt Enter description here gt Cl ignore in media Cl ignore in web type filter Upload filter C select All Delete Selected There is one section on this tab e Media Type Black List It is described in the following 3 13 Common 3 14 Media Type Black List The Media Type Black List section looks like this Media Type Black List Defines media types that will be blocked Select media type fram catalog application ace Pr Description lt Enter description here F lanore in Media Type Filter O lgnore in Web Upload Filter st Add to all policies Add to Media Type Black Li Found 1 entries with Description Selec Media Type Enter description he C applicationface C Select all Delete Selected Using this section you can add a media type to the Media Type Black List Objects belonging to the media types on this list will be blocked To add a media type to the black list use the area labeled e Service Name In this input field enter the service name Sele
50. TML Agent Set up Guide HSM Agent Set up Guide Appliances Installation and Configuration Guide Appliances Upgrade Guide What about Installing and configuring the Webwasher Content Reporter which is done separately from the main products Creating reports Installing and configuring the Webwasher Instant Message Filter which is done separately from the main products Description of features Setting up Webwasher or a product running with it in a special environment See above See above Setting up an additional Webwasher product to enable authentication using the NTLM method on platforms other than Windows Setting up an additional Webwasher product to enable use of a HSM High Security Module device Installing and configuring the Webwasher appliances What should know when upgrading to a new release of the Webwasher appliances Introduction 1 5 The Webwasher Web Gateway Security Products The Webwasher Web Gateway Security products provide an optimal solution for all your needs in the field of Web gateway security They are unique in that they offer best of breed security solutions for individual threats and at the same time a fully integrated architecture that affords in depth security and cost time savings through inter operability A brief description of these products is given in the following 27 Webwasher o URL Filter e Webwasher Anti Virus Webwasher Anti Malware
51. a Build Humber 2410 Part Number 101 0946150 4 Build Date Aug 31 2006 Operating System Windows This section displays information on the product version and also some related information such as the current software build or the operating system Web washer is running on To see if there is a newer version of the software available click on the Check for New Versions button Home 2 4 Support The Support options are invoked by clicking on the corresponding button un der Home Support The options are arranged under the following tab Support They are described in the upcoming section e Support see 2 4 1 2 4 1 support The Support tab looks like this support o Assistance For technical assistance please contact support as described on our corporate website under http fi securecomputing comftechsupport There is one section on this tab e Assistance It is described in the following 2 23 Home Assistance The Assistance section provides a link to contact the Secure Computing tech nical support team A click on this link takes you to the Welcome Page of this team Please read the information on this page and complete the activities described there in order to get the support you require 2 5 TrustedSource The TrustedSource options are invoked by clicking on the corresponding but ton under Home TrustedSource The options are arranged under the following tabs TrustedSource Malware
52. ab section Stacked Line The mode of display is immediately adapted according to what you se lected 2 7 Home 2 2 1 Executive Summary The Executive Summary tab looks like this Executive Summary Traffic Volume System Es URL Executive Summary Average last 1 Hour Mail Executive Summary Average last 1 Hour Number of Feedbacks sent Y Malware rare False Positives False Negatives Uncategorized URLs Show last Stacked Line 4 3 2 1 o 15 48 15 58 16 08 16 18 16 28 16 38 16 48 Show last 1 Hour ka Stacked Line o 15 48 15 58 16 08 16 18 16 28 16 38 16 42 Show last 1 Hour k Stacked Line o 15 48 15 58 16 08 16 18 16 28 16 38 16 48 There are three sections on this tab e URL Executive Summary e Mail Executive Summary e Number of Feedbacks Sent They are described in the following 2 8 Home URL Executive Summary The URL Executive Summary section displays the number of URLs that were processed by the Webwasher filters within a given time interval and either passed without restrictions or were blocked by one of these filters Values are shown for the following action categories e Good This category is for URLs that passed the Webwasher filters without any restrictions Blocked by AV Engine This category is for URLs that were blocked by one of the anti virus engines implemented within Webwasher Blocked by Proact
53. acks submitting samples of malware e False Positives This category is for feedbacks concerning e mails that were incorrectly marked as spam by Webwasher e False Negatives This category is for feedbacks concerning spam e mails that were not marked by Webwasher as such e URLs This category is for feedbacks concerning URLs Home 2 2 2 Traffic Volume The Traffic Volume tab looks like this Executive Summary Traffic Volume System 1 Traffic Volume per Policy Show last O Stacked OLine EXI MTS Average last 1 Day a Sony default oa aids 13 1KB 12 1KB 60KB 0 136 18 36 22136 02 36 06 36 10 36 14 36 Traffic Volume per Protocol Show last stacked O Line 2O 7MB Y fF 2 3 MB 14 36 18 36 22 36 02 36 06 36 10 36 14 36 There are two sections on this tab e Traffic Volume per Policy Traffic Volume per Protocol They are described in the following Traffic Volume per Policy The Traffic Volume per Policy section displays the traffic volume in bytes see also the Prefix List at the end of this subsection for the various policies that have been configured under Webwasher These may be the default poli cies but also policies that you have set up yourself Volumes for policies are displayed as they occurred within a given time interval Note that not more than six volumes for different policies are shown at the same time For more informat
54. ained in a response header Web Upload Filter The Web Upload Filter section looks like this Web Upload Filter Controls the flow of outbound useroriginating files via HTTP and FTP Maximal size of Uploaded parameter 20 kE C Forbid uploads of all files ATTP gt C Forbid uploads of all files FTP Default action for unlisted media tvpes BS Allow Entry found in Media Type Black List Ea Glock Entry found in Media Type White List MEE Allow Content not validated by magic bytes B Allow Go to gt REGOMOD Settings to enable Apply configured filters on uploaded and posted data to use Using this section you can configure actions e g Block Block log and notify Allow etc for the Web Upload Filter This filter protects corporate privacy and sensitive data by filtering what em ployees send out e g FTP uploads or file attachments sent through common HTTP based Web mail services such as Hotmail or GMX You can limit the size that uploads may have or even forbid uploads of all HTTP and FTP files The actions that you configure here will be executed according to the result achieved by the Media Type Filter for a filtered object You can also configure different actions for Web and e mail traffic After specifying the appropriate settings here click on Apply Changes to make them effective 3 11 Common 3 12 Furthermore you need to enable an option on the REQMOD Settings tab to use this filter To do thi
55. ake the modification effective The options are arranged under the following tab Global Certificate List They are described in the upcoming section e Global Certificate List see 4 7 1 4 7 1 Global Certificate List The Global Certificate List tab looks like this Global Certificate List Global Certificate List Add new exception to list Es Add new exception add new exception https Format host port by certificate Allow w by host Only Decryption w Add Exception 4 22 SSL Scanner There is one section on this tab e Global Certificate List It is described in the following Global Certificate List The Global Certificate List section looks like this Global Certificate List Add new exception to list AEL ety ERE aida Add new exception https Format host port by host Only Decryption W Add Exception Using this section you can add new exceptions to the global list of certificates i e to the list that is valid for all policies configured under Webwasher You can also configure actions for an exception relating to the certificate or host in question To add an exception to the list use the area labeled e Add new exception In the input field provided here enter the exception you want to add to the global certificate list https has been entered in this field as default information at the begin ning of an exception name The input format for its remai
56. and prevents the disclosure of confidential corporate data as well as infringements of Internet usage policies thus ensuring that no one is illicitly sharing sensitive corporate materials See next page Introduction These two products have their own user interfaces which are described in the corresponding documents Webwasher Features a library of rich customizable reports based on built in Content cache streaming media e mail activity Internet access and Reporter content filtering queries all supported by unmatched convenience and performance features 0 Webwasher Detects reports and selectively blocks the unauthorized use Instant of high risk and evasive P2P and IM from enterprise networks Message Filter and scans network traffic for characteristics that match the corresponding protocol signatures Do Chapter 2 Home The features that are described in this chapter are accessible over the Home tab of the Web interface Home Common URL Filter Anti Malware Anti Spam SSL Scanner These are basic features that are common to the SSL Scanner and other Web washer products e g system alerts contacting the support licensing fea tures etc The upcoming sections describe how to handle these features The description begins with an overview Home 24 Overview The following overview shows the sections that are in this chapter User s Guide Webwasher SSL Scanner Introduction Home Ove
57. and the client certificate i e the certificate the client was requested to submit by the server checked by the verification process The certificate list is searched for the client certificate in order to authen ticate the client If the search has been successful the session will be allowed and the communication decrypted If no appropriate client certifi cate is found the request will be denied Clicking on the Client Certificates link provided with this option takes you to the Client Certificate tab where you can add more certificates to this list 4 11 SSL Scanner 4 12 e Verify server certificate but do not decrypt session Enable this option to have the server certificate checked by the verification process If this is passed successfully the corresponding session is tunneled and allowed e Block Session Enable this option to forbid access to the server Decryption Warning The Decryption Warning section looks like this Decryption Warning Displays decryption notification for each host Using this section you can configure a decryption warning for HTTPS traffic It is inserted whenever a request to a domain without a path is made that involves this kind of traffic The warning includes a button to click on in case you want to proceed and view the requested page After specifying the appropriate information click on Apply Changes to make this setting effective Use the following drop down li
58. ategorization O HTTP Method Filter List 0 Maximal size of uploaded parameter 20 kb FTP Command Filter List cal O Forbid uploads of all files HTTP Welcome Page O C Forbid uploads of all files FTP White List Default action for unlisted media types P Allow v i Entry found in Media Type Black List EEJ Block v Policy Independent E User Defined Categories Entry found in Media Type White List BEA Allow Media Type Catalog Content not validated by magic bytes MEA Allow v Go to gt REQMOD Settings to enable Apply configured filters on uploaded and posted data to use the Web Upload Filter The following sections provide some information to make you familiar with this interface These sections e List the first level tabs of this interface and explain their meanings see 1 3 1 e Describe a sample procedure showing how a setting is configured for a Webwasher feature see 1 3 2 Explain more about the general features of this interface see 1 3 3 Introduction 1 3 1 First Level Tabs The Web interface displays a number of tabs and sections for configuring the Webwasher features On the topmost level there are these ten tabs e Home Common URL Filter Anti Malware Anti Spam SSL Scanner User Management Reporting Proxies and Configuration Their meaning is as follows Home Common Home Common These tabs are for configuring basic and filtering features that are used
59. ax recursion level exceeded BAJ Block and log MR ewent Replace and log Wail bomb found KAJ Block and log ME ewent Replace and log Mot Handled Archive found KAJ Block UMS Drop M Li Using this section you can configure blocking and other actions for encrypted corrupted multi part archives archives containing mail bombs an archive is a mail bomb if its content size exceeds the limit set by the user and archives exceeding the maximum recursion level i e how deep archives are nested within each other The size and recursion level limits are configured in the Archive Handling Options section which is also provided on this tab If a virus is contained within an archive that is compressed the virus cannot be detected and prevented from downloading The Archive Handler decompresses the members of an archive one by one and passes them on to the virus scanner When the archive member containing the virus is decompressed virus scanner detects the virus so the archive can be blocked You can configure different actions for archives in Web and e mail traffic After selecting these actions from the drop down lists provided here click on Apply Changes to make your settings effective Archive Handling Options The Archive Handling Options section looks like this Archive Handling Options Defines howto handle archives Maximum size of unpacked archive 750 WE Maximum recursion level 4 Using this section you can
60. ay take a moment The list will be cross checked with the policy dependent and independent cer tificate lists to avoid multiple entries SSL Scanner A list entry consists of the following fields Host URL that caused the incident Incidents can be added to the certificate lists either by host or by certifi cate as is shown in the fields used for configuring the policy dependent and independent certificate lists If by host was selected the input shown here under Host becomes available A wildcard may be used to include a range of URLs e g webwasher com C short for Common Name If an incident was caused by a Common Name mismatch it is indicated here by ared lamp symbol Otherwise there will be a green lamp symbol E short for Expired If a certificate has expired this incident is indicated here by a red lamp symbol S short for Self signed If an incident was caused by a self signed certificate it is indicated here by a red lamp symbol R short for Root Certificate Authority If an incident was caused by a failure during validation of the root certificate authority it is indicated here Policy Policy belonging to the certificate list this incident is going to be added to Action Action configured for the policy and host certificate that will apply when the incident is added to a certificate list The list is sortable by Host and the C ommon Name E xpired S elf Signed and R oot Certifi
61. bove the Media Type Filters button Policy default v Media Type Filters The options are arranged under the following tab HTTP Method Filter List They are described in the upcoming sections e HTTP Method Filter List see 3 11 1 3 64 3 11 1 HTTP Method Filter List The HTTP Method Filter List tab looks like this HTTP Method Filter List Common Add rule Method URL Category Action O continue Description Found 1 entries with Select Method HTTP Method Filter List Executes actions based on HTTP methods GET Please select Delete category v Allow Add to HTTP Method Filter List Add to all policies URL Category Number of entries per page 10 Action Cont Description Filter O GET z Please select Delete category C select All Delete Selected Allow O There is one section on this tab e HTTP Method Filter List It is described in the following 3 65 Common HTTP Method Filter List The HTTP Method Filter List section looks like this HTTP Method Filter List Executes actions based on HTTP methods Add rule Method GET we Acton L continue Description Po Add to all policies Found 1 entries with Filter i tc tw a Pease select D Oselec
62. box is marked by default All content types are also included in the filtering by default After modifying any of these settings click on Apply Changes to make the modification effective Use the following checkboxes to configure the filtering of links e Disable built in filter list If this option is enabled the built in filter list is used Note that disabling it will severely impair the efficiency of advertisement filtering You should only do this in case you provide a filter list of your own that you want to work with e Objects to be filtered Mark or clear the checkboxes provided here according to the content types you want the filter to apply 3 37 Common Common Text links Enables or disables the filtering of text links A text link is the grouping of linked text that when clicked on takes you to another page either within the same Web site or to an entirely different Web server It will often open up another browser window when clicked on Backgrounds Enables or disables the filtering of background images This option only removes advertising backgrounds but not all back ground images in general Dimension Filter The Dimension Filter section looks like this Dimension Filter Eliminates banner ads and objects by size Objects to be filtered Images Applets Plug ins E Ignore objects without specified dimensions Filter objects that are located on the same server Using this section
63. case the user came from a different Web site It leaves the referer unaffected if the user moves through the same Web site This allows the Webmaster to track user movement through this Web site The information may be useful for adjusting or optimizing the nav igational structure of the site As well some services such as online banking may need a referer to work properly Prefix Filter The Prefix Filter section looks like this Prefix Filter Removes URL prefixes used to track user behavior For example http search comearacktun http realud com WOU become btp realud com Using this section you can configure a filter to remove all prefixes from URLs that are used by some sites to track user behavior If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox is marked by default After modifying this setting click on Apply Changes to make the modification effective 3 53 Common 3 54 Cookie Filter The Cookie Filter section looks like this Cookie Filter Controls passing of cookies to and from Web servers C Disable builtin filter list Meutral cookies expire after a time period of 24h 0 min CO finishing the browser session Cookies notfound inthe Cookie Filter List are good O neutral O bad Using this section you can configure a filter to block bad cookies You can set the life span for neutral cookies or let them expire after finishing the b
64. cate Authority failure attributes Note An incident that occurred for two or more different reasons cannot be added by certificate Whenever a certificate is added this way errors that were caused by the cer tificate are ignored Different reasons may occur however when a certificate is inspected with regard to different policies If errors cannot be determined unambiguously as is the case when there are two or more reasons for an incident the by certificate method cannot be applied Incidents can then only be added by host You can select several incidents from the list and add or delete them in one go by clicking on the Add or the Delete button If you wish to process an entry separately use the Add and Delete buttons in the same line If an incident was deleted from the list it will not be ignored in the future but be generated again should it occur 4 31
65. cess Logout To logout from a Webwasher session click on the logout link which is located in middle position at the top of the Web interface area After logging out the login page is displayed where you can login again and start a new session Main Feature Enabling There are Webwasher settings that cannot only be modified if a corresponding main feature is disabled So e g if you want to modify the settings of the Phishing Filter section on the Settings tab under Anti Spam gt Message Filters you need to make sure the Message Filter feature itself is also en abled If you attempt to modify settings while the corresponding main feature is not enabled an alert is displayed to make you aware of this situation a Your changes will have no effect because the main feature is disabled Introduction 1 10 Search A Search input field and button are located in the top right corner of the Web interface area Using these you can start keyword queries of the entire Web interface by en tering a search term in the input field and clicking on the Search button The search output will be presented in a separate window which displays a list of the tabs the search term was found on and the paths leading to them 3 http 1 127 0 0 1 9090 Webwasher 6 5 0 beta build 2568 2 B The query for timeout produces following output Proxies gt Web Proxies gt HTTP Proxy gt Configuration gt 44 Engine Conf
66. cident dat files from Web washer instances It synchronizes and displays them adding hosts or certifi cates to the policy dependent or independent global certificate list e Note that an incident dat file will only be written if you have configured an Allow amp Log Incident or Block amp Log Incident action or a user defined action that leads to writing a log file You can view and edit the incidents list on the I ncident Management page It is opened with or without a refresh by clicking on one of the following buttons Open Or Open with Refresh For a description of this page see the next section Incident Management Using the Incident Management page you can inspect SSL incidents and add them either to the policy dependent or independent global certificate list On this page a table is provided listing all incidents that occurred after the last refresh of this list was performed All of them have not yet been processed O Select all on Page Add Hosty E E S R Policy Action Filter Clear Filter Found no entry out of O with O Select All on Page Add To perform a refresh click on the Refresh Incident List button which is lo cated above the left side of the table Refresh Incident List This will process the stored incidents and add them to the list lf Webwasher is running in a cluster a refresh will lead to a synchronization with the subscribed sites Depending on the sites load the refresh m
67. click on Apply Changes to make these settings effective Use the following checkboxes to configure script filtering e Filter scripts that a Web page executes on loading If this option is enabled the filter will suppress scripts that are started au tomatically when a Web page is loaded The option is enabled by default Filter scripts that a Web page executes on closing If this option is enabled the filter will suppress scripts that are started au tomatically when a Web page is closed The option is enabled by default Prevent supplementary modification of the address If this option is enabled the filter will suppress special JavaScript functions that modify the IP address e that automatically transfer you from one Web page to another 3 41 Common e Prevent modification of the browser s status bar If this option is enabled the filter will prevent the status bar of the browser from being modified by a Web page i e scrolling text Animation Filter The Animation Filter section looks like this Animation Filter Manages and filters animated images Animated images Show only the first picture of an animation Repeat animation 1 _ tirne s Remove all animated images Using this section you can configure a filter to detect animated images Ani mations will either be filtered completely or restricted in their execution If you want to use this filter mark the checkbox next to the se
68. clicking on the appropriate arrow symbols To edit an entry type the appropriate text in the input field of the cookie and check or uncheck the good neutral or bad button in the same line Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button Text Categorization 3 58 The Text Categorization options are invoked by clicking on the correspond ing button under Common Text Categorization al If you want to enable any of these options mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy Common To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy default w Media Type Fil
69. configure limits for archive sizes and recursion levels 3 28 3 6 Common After specifying the appropriate settings click on Apply Changes to make them effective Use the following input fields to configure limits for archives e Maximum size of unpacked archive Enter the maximum size in MB here that should be allowed for an archive e Maximum recursion level Enter the maximum number of recursion levels here that should be allowed for an archive Generic Header Filter The Generic Header Filter options are invoked by clicking on the correspond ing button under Common Generic Header Filter F If you want to enable any of these options mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy default v Media Type Filters The options are arranged under the following tab Generic Header Filter They are described in the upcoming section e Generic Header Filter see 3 6 1 3 29 3 30 Common 3 6 1 Generic Header Filter The Generic Header Filter tab looks like this Generic Header Filter Header Filter List Adds deletes or modifies HTTP HTTPS or SMTP header
70. content for a user Each of these media types also have subtypes e g the text media type has four subtypes plain rich text enriched and tab separated values The actions that you configure here will be executed according to the result achieved by the Media Type Filter for a filtered object You can also configure different actions for Web and e mail traffic After specifying the appropriate settings here click on Apply Changes to make them effective Use the drop down lists provided here to configure actions in the following way e Default action for unlisted media types Should this filter find a media type that is not currently listed in the Media Type White List or Black List this is what will happen to it e Entry found in Media Type Black List The actions configured here will be executed for media types that are found in the Media Type Black List e Entry found in Media Type White List The actions configured here will be executed for media types that are found in the Media Type White List Common e Non rectifiable media types with magic bytes mismatch The actions configured here will be executed when content types do not match their magic byte sequence So e g a PEG image named as a GI F file would be affected by a filtering action even though each of these media types are acceptable e Response without Content Type header The actions configured here will be executed when media type information is cont
71. ct the media type you want to have blacklisted from the drop down list provided here e g application ace Furthermore use the following items when adding a media type Description Input in this field is optional You may enter a description of the media type here Ignore in Media Type Filter If this option is enabled the media type in question will be ignored when the Media Type Filter is applied to Web and e mail downloads Ignore in Web Upload Filter If this option is enabled the media type in question will be ignored when the Web Upload Filter is applied to outbound user originating files via HTTP HTTPS and FTP Common Add to Media Type Black List After selecting a media type click on this button to add it to the list This addition will be valid only under the policy you are currently con figuring To add a media type to the black list for all policies mark the checkbox labeled Add to all policies before clicking on the button The Media Type Black List is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols
72. ction heading After specifying this setting or any other setting in this section click on Apply Changes to make these settings effective Use the following radio buttons to configure animation filtering e Animated images Use the radio buttons provided here according to the measures you want the filter to take against animations Show only the first picture of an animation Make sure this button is checked to terminate an animation after show ing the first picture This option is enabled by default Repeat animation time s Check this button to limit repetition of the animation In the input field provided here enter the number of times you want an animation to repeat itself Remove all animated images Check this button to remove animation completely 3 42 Common Advertising Filter Settings The Advertising Filter Settings section looks like this Advertising Filter Settings Define rules for filtered objects eplace filtered objects with Fepl filtered objects with atransparent image anotherimage CAProgrammetWebwasher CSM binifilestimag Do notfilter objects located within the same path O ihe same domain Go not reduce filtered frame size Using this section you can configure settings that will apply to all the filters on this tab After specifying the appropriate settings click on Apply Changes to make them effective Use the following checkboxes and radio
73. cument Special Environment Documents The Special Environment Documents section looks like this Special Environment Documents Provide information about setting up Webwasher or products runnin Setting Lip Metlache with ICAF Setting Up Webwashene on Microsoft ISA Serer Setting Up Webwashente with Blue Coat MTML Agent Setup Guide HSM Agent setup Guide This section allows you to view user documentation on setting up Webwasher or products running with it in a special environment To view any of the documents listed here click on the PDF link in the same line This will open a pdf format version of the document Appliance Documents The Appliance Documents section looks like this Appliance Documents Provide information about the Webwasher appliances Appliance Installation and Configuration Guide Appliance Upgrade Guide This section allows you to view user documentation on the Webwasher appli ance Home To view any of the documents listed here click on the PDF link in the same line This will open a pdf format version of the document 2 6 3 Additional Documentation The Additional Documentation tab looks like this Documentation on Main Products Documentation on Special Products Additional Gocumentatian Release Notes Provide the latest information about current releases of the Webwasher products Release Notes TXT There is one section on this tab e Release Notes It is described in the fol
74. cument The document formats that can be filtered include Microsoft Word 97 2003 Mi crosoft Excel 95 2003 Microsoft PowerPoint 95 2003 and all Known versions of Adobe Portable Document Format PDF Furthermore they include the following open document formats Generic XML Microsoft OpenXML Oasis Open Document Format and the Simple Object Access Protocol SOAP which is an XML based communications protocol for applications These documents may contain active content Word Excel PowerPoint and Microsoft Open XML support ActiveX controls and macros while PDF and the Oasis Open Document Format support embedded JavaScript This active content may be hostile rather than friendly so for full protection against files that are embedded in Microsoft Office PDF or open format docu ments you should use the filter provided by the Document Inspector to inspect these documents and block malicious content from entering your corporate net work If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox is marked by default After specifying the appropriate settings click on Apply Changes to make them effective Use the following items to configure actions for office documents e Encrypted document found From the drop down list provided here select an action e g Drop Drop and Quarantine or Allow This action will be taken if the filter detects an office document attached to an
75. d Categories tica di 3 83 3 16 Media Type Cala OO erisa outbi 3 85 916 1 Media Type Catala bled 3 86 Ghaptera SSL SCAMNer invalida dada 4 1 Ast COVA a Sa be a a senate wea a a acme cscaeuidedaee a 4 2 42 Quick Nao Olite sd dc 4 2 Ae JQUICKONAD E TO io 4 4 4 3 Certificate Verification cccccccecccceeccecceencceneueeeaneceuneneeennneennnessunnenes 4 5 4 31 Geniicatle Vertical Mis dad 4 6 AA SCaliEnery Pied Miras 4 8 441 Scan Encryptea Trae ti ac 4 9 4 58 COrmiliCale Lisiasen rider ener rienda 4 13 ADT COREG ALS ista aos 4 14 4 6 Trusted Certificate AUthOritieS ccccccecsceccccccccusuccecccuucesssseueuseseneuans 4 17 4 6 1 Trusted Certificate AUtHOFitieS ccccccccccccccccccnccucccsceuccesseceueuseseuauans 4 18 AT Global Geriiicatoe Listas e 4 22 ATA Global Cerincate st e e ee 4 22 4 8 Global Trusted Certificate Authorities ccccceeecceeceeeceeceeeeneeeseueneees 4 26 4 8 1 Global Trusted Certificate Authorities cece cece eeeeeeceeeeeeeeneeeseueneees 4 26 4 9 Incident Manager acena ERA 4 28 49 1 Incident Manager miii raek aua EREE ties ii ENEMA lel tneuds cede 4 29 Chapter 1 Introduction Welcome to the User s Guide Webwasher SSL Scanner It provides you with the information needed to configure and use the Webwasher SSL Scan ner which is one of the Web Gateway Security products developed by Secure Computing The Webwasher SSL Scanner enables you to extend
76. d action on appropriate filtering conditions The filter can be configured for Web traffic using the HTTP or HTTPS protocol as well as for e mail traffic For e mail traffic there are two options to choose from SMTP and Mail If SMTP is selected the configured settings will operate on the content of internal Webwasher headers such as X WW From X WW To or X Client IP If Mail is selected settings will operate on the content of standard e mail head ers such as Subject From and To The filtering conditions for handling headers in this way are entered in the fields of this section For an explanation of them see the corresponding online help page On this page examples are also provided for configuring the filter with regard to HTTP and HTTPS communication 3 31 Common 3 7 Generic Body Filter 3 32 The Generic Body Filter options are invoked by clicking on the corresponding button under Common Generic Body Filter dl If you want to enable any of these options mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy default w Media Type Filters The options are arranged
77. den which is also indicated in status messages Note that besides this list which is configured only for a particular policy there is also the list of Global Trusted Certificate Authorities Ifa CA does not appear in the list of trusted CAs configured here the settings configured for the global list will apply To select a CA from the list of known CAs and add it to the list of trusted CAs use the area labeled e Select CA Select the CA you want to add to the list of trusted CAs from the drop down list provided here If this list is empty it means that all Known CAs have been included in the list of trusted CAs either as trusted or not trusted The addition of a CA here will be valid only under the policy you are cur rently configuring SSL Scanner To make the addition valid for all policies mark the checkbox labeled Add to all policies before proceeding any further Then click on either of these two buttons according to whether you want to add the CA as trusted or not trusted Trust Click on this button to add a CA to the list as trusted Do not trust Click on this button to add a CA to the list as not trusted The list of trusted CAs is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this numb
78. documents If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox is marked by default After specifying the appropriate settings click on Apply Changes to make them effective Use the following items to configure actions for office documents e Encrypted document found From the drop down list provided here select an action e g Block or Allow This action will be taken if the filter detects an inbound office docu ment that is potentially malicious e Apply Text Categorization Mark the checkbox provided here to apply text categorization actions to inbound office documents 3 21 Common 3 22 To view or modify the actions that are currently configured for these actions click on the Text Categorization link in the checkbox inscription This will take you to the Text Categorization tab where you have access to the corresponding settings Document Upload Filter The Document Upload Filter section looks like this Document Upload Filter Fitters outbound useroriginating documents Encripted dacumentfound MAA Using this section you can configure actions for outbound user originating of fice documents that are potentially malicious The document formats that can be filtered include Microsoft Word 97 2003 Mi crosoft Excel 95 2003 Microsoft PowerPoint 95 2003 and all known versions of Adobe Portable Document Format PDF Furthermore they include the following
79. dress Prevent modification of the browser s status bar E Script Filter Manages code that manipulates browsers and systems Ol Animation Filter Manages and filters animated images Animated images Show only the first picture of an animation Repeat animation timets Remove all animated images Advertising Filter Settings Define rules for filtered objects C Replace filtered objects with O a transparent image C Do not filter objects located within the same path the same domain C Do not reduce filtered frame size There are six sections on this tab Link Filter e Dimension Filter Popup Filter Script Filter Animation Filter 3 36 Common e Advertising Filter Settings They are described in the following Link Filter The Link Filter section looks like this Link Filter Screens content based on information fram the URL Disable builtin filter list Objects to be filtered Images windows Scripts Layers Frames Embedded objects Forms Text links Backgrounds Using this section you can configure the filtering of content based on informa tion from the URL of an object and specify different types of content that you want to have filtered URLs can be added for filtering to the built in filter list or edited The list can be accessed on the Link Filter List tab If you want to use this filter make sure the checkbox next to the section heading is marked The check
80. e g by DNS Webwasher uses the pure ASCII notation as well therefore all IDN strings must be converted This is done automatically when you select nterna tional Domain Name and enter a string with non ASCII characters Note that you can not use shell expressions with IDN strings Furthermore use the following items when adding a new entry to the list deactivate Enable this option to insert a new URL in the list that will not yet be used for filtering however 3 45 Common 3 46 do not filter Enable this option to exclude the URL you entered above from filtering Add to Link Filter List After specifying the information for a URL click on this button to add it to the list This addition will be valid only under the policy you are currently con figuring To add a URL to the list for all policies mark the checkbox labeled Add to all policies before clicking on the button If a URL or shell expression that was configured under another policy is already in the list the setting of the Add to all policies checkbox will have no effect The Link Filter List is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is
81. e Password Enter the new password twice Current Password Password i Retpe password Using this section you can change the password you are using for access to Webwasher After specifying the appropriate input here click on Apply Changes to make the new password effective Use the following input fields to change your password e Current Password Enter your current Webwasher password here e Password Enter the new password here e Retype password Enter the new password here a second time to confirm it View Options The View Options section looks like this View Options Define view options View web related settings View mail related settings Show change warner dialog O is e E show configuration hash Using this section you can configure what you would like the Web interface to display or not 2 41 Home 2 42 If you are only interested in viewing and configuring settings for Web traffic you can hide the e mail related settings and vice versa Furthermore you can configure the change warner dialog and the configura tion hash to be displayed or not After specifying the appropriate settings click on Apply Changes to make them effective Use the following checkboxes to configure view options View web related settings Make sure this checkbox is marked if you want to view the Web related settings View web mail related settings Make sure this checkbox is marked if you wa
82. e a token ieee bas 2 44 IO a a a E aaa 2 45 NOTICIA tad 2 48 GOMO aura ta A 3 1 A A dew tu N 3 2 QA A A eR aE TENNER 3 3 QUICK Saps holerei co inicio cial seagate as 3 4 Media THC PIS nad A 3 8 A A O abubeel caceoeecet saan a 3 9 Media Type Blair a 3 13 Media Type While LIE ainia aida 3 16 User s Guide 24 DOCUMENT INS DCCION sida ted 3 19 S451 DOcuUment inspeccion A 3 20 39 Arenive Rander atana a a a a a A 3 26 gol Arve Fanda AAA EA ANNE ME 3 27 36 Generic Header Flat ia 3 29 3 6 1 Generic Header Filter cccccccccccecccccccccancecccccaueresencusursssaueessssauuens 3 30 Oar Genero Body Fl a 3 32 S Genen Body Ple iaa 3 33 3 8 Adv rising Flia 3 35 3 8 1 SENGS sirna dia OD sica 3 36 38 2 NK FIG LIST aida 3 44 3 09 DIMENSION Pte dsc 3 47 329 PUVaCyY FINOS ct baaa 3 50 dl OCUNI Seere N EN 3 51 39 2 COOKE FE ES di cho 3 56 3 10 Text Cale Gonzalo esas a ce ieceleat rea Mien aA 3 58 SAO SEUS id aa 3 59 3 10 2 Categotizallon llar lb 3 61 3 11 HTP Method Fiter Eist emaan aana ii 3 64 SAC AFLP Method Biter ist aisiara a oben aa 3 65 3 12 FTP Command Filter LiSt o o occcc ccccnccccccnccccnncccnnrocananccnn anna nnrananans 3 68 312 1 FIP Command Filler listasi t dois 3 69 Silo Welcome Fage naaa 3 73 2 019 WVEIGOME Paddle 3 74 Sa WAE ES eaaa decia 3 78 SAAT Wels arrera a A N OT 3 79 3 15 User Defined Categories eiacsesackseetevisdes i N a a a a EE 3 83 315 1 User Define
83. e like the fol lowing Bahamas AND Maledives AND NOT work term 1 more than term 2 times per term 3 words Check the radio button in this line to configure a rule according to the second method provided here lt is based on counting how often a particular word or combination ap pears in the text body of an office document or an e mail message In the input fields enter the word or word combination you want to filter e g money 3 10 to set up a rule like the following money more than 3 times per 10 words Select one or more categories to apply to the above rule From the drop down lists provided here select one or more categories The rule configured above will be applied within these categories Create Rule After setting up a text categorization rule click on this button to add it to the list This addition will be valid only under the policy you are currently con figuring To add a rule to the list for all policies mark the checkbox labeled Add to all policies before clicking on the button The Text Categorization List is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can se
84. e of a particular host This will open a window where you can specify the host and retrieve the certificate SSL Scanner Furthermore there is this section on the tab e Certificate Verification It is described in the following Certificate Verification The Certificate Verification section looks like this Cerificate Verification Defines actions to be taken for not fully trusted certificates Common Mame or with wildcard certificates wildcard does not match hostname Block Wildcard matches host name Block Cerificate is expired for more thanjo days Block Certificate has been revoked CRL Block Revocation status is unresolvable Allow EERE Using this section you can configure actions for particular verification tests After specifying the appropriate settings click on Apply Changes to make them effective Verification tests can be configured and performed according to the following criteria SSL Scanner 4 4 If the Common Name in a certificate is e g abcde com but the Web server s URL is in fact www abcde com no match is achieved Wildcard matches host name Compares the wildcard used in a certificate to represent a Common Name to the host name So e g the wildcard expression ccc de matches www ccc de If a match is achieved the configured action will be executed Certificate is expired for more than days Checks if a certificate has expired If more than the number of days config ured he
85. e port e g listening 2 15 Home 2 16 CPU Utilization The CPU Utilization All CPUs section shows to what extent the CPUs of the system Webwasher is running on have been used within a given time interval Values are shown for the following categories of CPU utilization e System The percentage of the CPU utilization caused by the system e Idle The percentage of idle time e Webwasher The percentage of the CPU utilization caused by Webwasher Memory Utilization The Memory Utilization Physical Memory section displays the percent ages and absolute values in bytes of free and used physical memory of the system Webwasher is running on within a given time interval Values are shown for the following categories of memory utilization e Free Amount of physical memory that was free e Used Amount of physical memory that was used Swap Utilization The Swap Utilization Virtual Memory section displays the percentages and absolute values in bytes of free and used swap memory of the system Webwasher is running on within a given time interval Values are shown for the following categories of swap utilization e Free Amount of swap memory that was free Home e Used Amount of swap memory that was used Filesystem Utilization Used Capacity The Filesystem Used Capacity section displays the percentages of used memory on the file systems where the various Webwasher folders reside Memory values are shown as th
86. ef description for each of them see 1 1 3 Introduction Using Webwasher A user friendly task oriented Web interface has been designed for handling the Webwasher features It looks like this SECURE COMPUTING Webwasher Webwasher 6 5 0 beta build 2568 on PDBXPWSHE21 S Ar h Admin Super Administrator read write gt logout om Home Common URL Filter Anti Malware Anti Spam SSL Scanner User Management Reporting Proxies Configuration Common gt Policy gt Media Type Filters gt Actions Quick Snapshot Apply Changes Actions Media Type Black List Media Type White List Policy Media Type Filter Manages the flow of media types for mail and Web downloads O default z Default action for unlisted media types ME Allow v Allow Madia Type Filters Entry found in Media Type Black List EEJ Block MEA Replace and Quarantine Document Inspector i i i i v Ea v archiva Handlar Entry found in Media Type White List EEJ Allow Allow Y Generic Header Filter O Non rectifiable media types with magic bytes mismatch MEN Block EEN Replace and Quarantine Generic Body Filter O Response without Content Type header ME Allow Y EE Allow v Advertising Filters Ol Privacy Filters Y O Web Upload Filter Controls the flow of outbound user originating files via HTTP and FTP GG Text C
87. er Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 3 49 Common 3 9 Privacy Filters The Privacy Filters options are invoked by clicking on the corresponding but ton under Common Privacy Filters F If you want to enable any of these options mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy detault w Media Type Filters The options are arranged under the following tabs Settings Cookie Filter List They are described in the upcoming sections e Settings see 3 9 1 e Cookie Filter List see 3 9 2 3 50 Common 3 9 1 Settings The Settings tab looks like this Settings Cookie Filter List Web Bug Filter Eliminates mini images used to track navigation ce applies using same technique in HTML mails Re
88. er Type a filtering term in the input field of the URL or Description column or in both or select a command URL filtering category or action or any combination ofthem from the drop down lists and enter this using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button The list will then display only entries matching the filter e Move Up Move Down Select the entry you wish to move by marking the Select checkbox next to it and click on either of these buttons depending on where you want to move the entry The position an entry takes in the list is important since whenever more than one of the entries i e rules in the list match a request the entry that is first in the list wins This means that all following entries are ignored unless the Continue op tion is set Common 3 13 Welcome Page The Welcome Page options are invoked by clicking on the corresponding button under Common Welcome Page dl If you want to enable any of these options mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configu
89. er the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols To sort the list in ascending or descending order click on the symbol next to the Certificate Authority column heading To change the status of CA from trusted to not trusted or the other way round mark or clear the Trusted checkbox in the same line Then click on Apply Changes to make this setting effective You can edit more than one list entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the list entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 4 21 SSL Scanner 4 7 Global Certificate List The Global Certificate List options are invoked by clicking on the corre sponding button under SSL Scanner Global Certificate List If you want to enable any of these options make sure the checkbox on this button is marked The checkbox is marked by default After modifying the setting of this checkbox click on Apply Changes to m
90. er Access commands or of Download commands etc The command categories used here include the following FTP commands e Server Access USER LIST NLIST e Partial REST APPE e Download RETR e Upload APPE STOR STOU MKD ALLO e Rename RNFR RNTO e Delete DELE RMD e Site SITE 3 70 Common To add a rule to the list use the area labeled e Add rule Use the following items to configure the rule Command category Common 3 72 The FTP Command Filter List is displayed at the bottom of the section You can edit list entries change their order or delete them To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols To edit an entry type the appropriate text in the input field of the URL or De scription column or in both select the appropriate method category and ac tion from the drop down lists and enable or disable the Continue option Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filt
91. er sections of this tab make sure this checkbox is marked The checkbox is marked by default 3 77 Common 3 14 White List 3 78 The White List options are invoked by clicking on the corresponding button under Common White List These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy detault w Media Type Filters The options are arranged under the following tab White List They are described in the upcoming section e White List see 3 14 1 3 14 1 White List The White List tab looks like this White List Common White List Prevents filters from being applied to shell expression entries LJ archive E Dl Generic Header Filter LI Privacy Filter LI text Categorization C Proactive C Proactive Scanning Script Scanning Code Mitigation LJ activex aes Cl embedded Scripts LJ Recipient Filter de Subject Filter LI pata trickling d Frogress pages Cl ETrust Cl Meafes add new entry a y None Description lt Enter description here gt Disable Cl Document LI media Type Filter spectar Dl Generic Body advertising Filter Filter Due Category O Filter by Actions Expressions LJembedded Dlauthe
92. ess Enables you to send your comments to the Webwasher team secure Computing values your feedback on the Webwasher products lf you have comments or e mail messages to the WWebwasher team gt feature esiasecur e com Using this section you can send feedback concerning the Webwasher prod ucts to Secure Computing To send your feedback click on the features securecomputing com link provided in this section This will open an e mail message sheet which you can fill in and send off 2 33 Home URL Filter Database Feedback The URL Filter Database Feedback section looks like this URL Filter Database Feedback Lets you submit incorrect or unclassified URLs and checks the progress Go to URL Filter Database feedback service to submit URLS or view progress ote You have to provide your ime bugiher AG extranet account and password The transmission is SSL securedi Using this section you can submit uncategorized or incorrectly categorized URLs to Secure Computing To do this click on the URL Filter Database feedback link provided in this section This will launch the login page for accessing the Webwasher Extranet After successfully logging in there a Welcome Page is displayed On this page click on the option labeled Feedback system for URL Filter categorization Then follow the instructions given on the URL Filter Feedback page 2 6 Manuals The Manuals options are invoked by clicking on t
93. eue and later be sent to Secure Computing This feature is not enabled by default If you would like to help improve the spam filter please mark the checkbox next to the section heading After specifying this setting and other settings of this section click on Apply Changes to make these settings effective Use the following items to configure the false negatives feedback e SMTP queue to use From this drop down list select an e mail queue After being received in the inbound queue an e mail with the address specified further below will be moved to this queue as false negative and later be sent to Secure Computing The queue should be used for no other purpose than that of collecting false negatives since it will be cleared after e mails have been sent off To see the e mails that are in this queue click on the See Content of Queue link next to the drop down list e Send interval in minutes In the input field provided here enter a time interval in minutes to specify the time that is to elapse between sending e mails The default interval is 240 minutes Entering O here means that no e mails will be sent automatically 2 27 Home 2 28 E mails can be sent manually however using the Queue Management page which is launched after clicking on the See Content of Queue link next to the drop down list On this page click on the button labeled Send All to SecureLabs now to send the e mails e E mail address I
94. ey occurred within a given time interval They are shown for the following folders e Webwasher temp Folder e Webwasher log Folder e Webwasher mail Folder e Webwasher conf Folder e Webwasher info Folder Network Utilization The Network Utilization All Interfaces section displays the percentages and absolute values in bytes of network utilization for requests that were re ceived or sent by Webwasher over all its interfaces within a given time interval Values are shown for the following request categories e Received Requests received over the network e Sent Requests sent over the network 2 17 Home 2 3 Overview Feature The Overview options are invoked by clicking on the corresponding button under Home Over ey The options are arranged under the following tab Cierva yy They are described in the upcoming section Home 2 3 1 Overview Feature The Overview tab looks like this Overview System Alerts Displays important system warnings and messages At least one Anti Virus engine cannot be loaded gt Download new AY engine The URL Filter Database cannot be loaded Download a new URL Filter Database ite default root certificate is used by SSL Scanner In order to avoid security problems gt create your own eee There has been no Anti virus Update check for at least 3 days Check Update Manager Spam Filter method Real Time Blackhole Lists cannot operate with
95. ey of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button The list will then display only entries matching the filter e Move Up Move Down Select the entry you wish to move by marking the Select checkbox next to it and click on either of these buttons depending on where you want to move the entry The position an entry takes in the list is important since whenever more than one of the entries i e rules in the list match a request the entry that is first in the list wins This means that all following entries are ignored unless the Continue op tion is set 3 12 FTP Command Filter List The FTP Command Filter List options are invoked by clicking on the corre sponding button under Common FTP Command Filter List If you want to enable any of these options make sure the checkbox on this button is also marked The checkbox is marked by default After modifying the setting of this checkbox click on Apply Changes to make the modification effective 3 68 Common These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the dr
96. f this column enter the offset values for the magic byte sequences Magic Bytes In the input fields of this column enter the values for the magic byte sequences themselves Add Modify After specifying the information for a media type click on this button to add it to catalog The list of the Media Type Catalog is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols To view the details of an entry or modify them click on the view details or edit link in the same line This will display the information that was configured for it in the input fields and checkboxes of the upper part of the section where you can modify it according to your requirements After modifying this information click on the Add Modify button to make the modification effective You can modify more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filter Type a filter expression in the input field of the Media Type column at the top of the list and enter it using the Enter key of your keyboa
97. ferer Filter Removes strings that report the last page visited Remove referer always if the domain or the path is different if the domain is different Prefix Filter Removes URL prefixes used to track user behavior 2 For example httpysearch comtrack url http ffrealur com would become http ffrealurl cam Cookie Filter controls passing of cookies to and from Web servers OO C Disable built in filter list Neutral cookies expire after a time period of 24 h o min finishing the browser session Cookies not found in the Cookie Filter List are good neutral bad There are four sections on this tab e Web Bug Filter Referer Filter Prefix Filter Cookie Filter They are described in the following Web Bug Filter The Web Bug Filter section looks like this Web Bug Filter Eliminates mini images used to track navigation aso applies usina same technique in HTML mails 3 51 Common 3 52 Using this section you can configure a filter to eliminate Web bugs These are also known as clear GIFs or Web beacons They are are usually 1 pixel x 1 pixel mini images in size and are used to track user navigation behavior on Web sites and in e mail to see if an e mail was opened by the recipient The filter is also applied to the same technique used in HTML messages If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox
98. g this method select an action from the drop down list provided here For the meaning of these actions see the description of the by cer tificate method above Add exception After specifying the appropriate settings click on this button to add an exception to the list Enabling the by host method means that the host is checked without a certificate being included in the verification process If the latter method is chosen shell expressions e g webwasher com may be used to specify an exception After enabling this method select an action from the drop down list provided here 4 24 SSL Scanner For the meaning of these actions see the description of the by cer tificate method above A message will then be displayed stating if the exception has been added successfully and providing information on the result of the verification process If the by certificate method has been configured you are informed whether the certificate in question was issued by a trusted or not trusted certification authority CA from the corresponding list If the CA could not be found on this list the certificate is implicitly forbidden If the inspection of a certificate results in an error or open issue the depth of the certificate is also stated in the corresponding error message By depth is meant the position the certificate takes within the certificate chain So e g depth O means the certificate has been issued immediately for
99. he corresponding button un der Home Manuals The options are arranged under the following tabs Documentation on Main Products Documentation on Special Products Additional Documentation They are described in the upcoming sections e Documentation on Main Products see 2 6 1 e Documentation on Special Products see 2 6 2 e Additional Documentation see 2 6 3 2 34 2 6 1 Home Documentation on Main Products The Documentation on Main Products tab looks like this Documentation on Main Products Documentation on Special Products Additional Documentation General Documents Provide information about planning installing and configuring Webwasher in general Deployment Planning Guide PDF Installation Guide gt PDF Quick Configuration Guide gt PDF System Configuration Guide gt PDF advanced Configuration Guide gt PDF Upgrade Guide PDF Product Documents Provide information about configuring and operating particular Webwasher products URL filtering categories IRL Filter User s Guide PDF ant Malware User s Guide PDF antivirus User s Guide PDF Anti Spam Users Guide PDF SSL Scanner Users Guide PDF Reference Document Provides information about configuring items concerning more than one product such as actions or Reference Guide PDF There are three sections on this tab e General Documents e Product Documents e Reference
100. her activities relating to the list e Filter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 4 6 Trusted Certificate Authorities The Trusted Certificate Authorities options are invoked by clicking on the corresponding button under SSL Scanner Trusted Certificate Authorities These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Certificate Verification button Policy default ha Certificate Verification The options are arranged under the following tab Trusted Certificate Authorities They are described in the upcoming section e Trusted Certificate Authorities see 4 6 1 4 17 SSL Scanner 4 6 1 Trusted Certificate Authorities The Trusted Certificate Authorities tab looks like this Trusted Certificate Authorities Goto Known Certificate Authorities to add or delete global Certificate Authorities Certificate Authorities Actions for CAs A _Ao
101. html CO deactivate O do not filter Add to Link Filter List Add to all policies Found 1 entries with Number of entries per page Select URL Fite O exampleybeis iel Udo not deactivate filter O select All Delete Selected There is one section on this tab e Link Filter List It is described in the following Common Link Filter List The Link Filter List section looks like this Link Filter List screens content based on information about the URL F deactivate dl do not filter Add to Link Filter List Add to all policies Found 1 entries with Format funmanted dinta html C example beis7iel deactivate C F Select All Delete Selected Using this section you can add URLs to the Link Filter List and edit them To do this use the area labeled e Add new URL Select String or International Domain Name from the first of the drop down lists provided here In the input field next to it enter a string to specify the object using shell expressions Select nternational Domain Name if you want to enter non ASCII char acters and the string should be used for the domain part of an URL In some countries like Germany Sweden or Japan domain names with non ASCII characters are allowed The IDNA International Domain Names in Applications standard describes how a Web browser should convert such a domain name into pure ASCII notation used
102. ia type you want to add to the catalog Furthermore use the following items when adding a media type to the cat alog File Extensions In the input fields provided here specify up to three extensions that files of the media type in question may have So e g the media type image jpeg can have jpg or jpeg as extensions Options Configure the following options by marking the checkboxes provided for each of them Magic bytes are necessary If this option is enabled a file that does not match the magic bytes sequences specified for its media type will be affected by the action e g Block configured for the Media Type Filter The corresponding setting is labeled Non rectifiable media types with magic bytes mismatch and can be configured in the Media Type Filter section of the Actions tab under Common gt Media Type Filters Magic bytes are ambiguous If this option is enabled a file that does not match the magic bytes sequences specified for its media type will be affected by the action e g Block configured for the Media Type Filter lt will however not be affected if several magic byte sequence were specified and one of them matches For the corresponding setting see the description of the Magic bytes are necessary option above Common Magic Bytes In the input fields provided here enter up to five magic byte sequences and their offsets to identify a media type Offset In the input fields o
103. iguration gt CRL s Configuration gt Master Settings gt Configuration gt Central Management User Management Import gt Home gt Overview gt Configuration gt Proactive Scanning Configuration gt Sessions gt Configuration gt Spam Filter gt Reporting gt Overall Reporting gt View Live Reports gt System Statistics Configuration gt Update Manager Clicking on any of the entries displayed in the list will take you to the corre sponding tab Note In order to be able to use the search function make sure JavaScript is enabled Session Length When working with the Web interface you need to mind the session length This interval can be configured in the Session Options section of the Ses sions tab under Configuration gt Web Interfaces Ls Introduction After modifying the interval specified there click on Apply Changes to make the modification effective When a session has timed out the following notification is displayed http 127 0 0 1 9090 The current Webwasher GUI session has timed out To change the length of sessions see Configuration gt Web Interfaces gt Sessions then Session length Click OK to acknowledge the notification After clicking on a tab or button of the Web interface the login window opens where you can login again and start a new session System Information At the top of the Web interface area system information is provided on the curre
104. ilter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the list entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button Incident Manager 4 28 The Incident Manager options are invoked by clicking on the corresponding button under SSL Scanner Incident Manager The options are arranged under the following tab Incident Manager SSL Scanner They are described in the upcoming section e Incident Manager see 4 9 1 4 9 1 Incident Manager The Incident Manager tab looks like this Incident Manager Incident Manager Retrieves and displays incident logs 7 Open the Incident Management page to view and edit the incidents list Open with Refresh There is one section on this tab e Incident Manager It is described in the following Incident Manager The Incident Manager section looks like this Incident Manager Retrieves and displays incident logs Open the Incident Management page to view and edit the incidents list Open with Refresh 4 29 SSL Scanner 4 30 Using this section you can inspect and manage incidents relating to SSL en crypted communication The Incident Manager enables you to retrieve in
105. in image jpeg etc that were most often processed by the Media Type Filter within a given time interval Frequent Media Types by Volume The Frequent Media Types by Volume section displays the media types e g text html text plain image jpeg etc that were processed by the Media Type Filter and consumed the greatest bandwidth volume in bytes Common Media Types by Hits The Media Types by Hits section displays a list of the top media types i e the media types that were most often processsed by the Media Type Filter showing the number of hits for each of them Hit numbers are accumulated until the section is reset The following information is displayed for each media type e Media type Name of the media type e g text html text plain image jpeg etc e Hits Number of times that this media type was processed by the Media Type Filter Media Types by Volume The Media Types by Hits section displays a list of the top media types that were processed by the Media Type Filter according to the bandwidth in bytes consumed by each of them Volumes are accumulated until the section is reset The following information is displayed for each media type e Media type Name of the media type e g text html text plain image jpeg etc e Bytes transferred Number of bytes transferred for the media type 3 7 Common 3 3 Media Type Filters 3 8 The Media Type Filters options are invoked by clicking on the correspo
106. in Web Upload Filter If this option is enabled the media type in question will be ignored when the Web Upload Filter is applied to outbound user originating files via HTTP HTTPS and FTP 3 17 Common 3 18 Add to Media Type White List After selecting a media type click on this button to add it to the list This addition will be valid only under the policy you are currently con figuring To add a media type to the white list for all policies mark the checkbox labeled Add to all policies before clicking on the button The Media Type White List is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols To sort the list in ascending or descending order click on the symbol next to the Media Type or Description column heading To edit an entry type the appropriate text in the input field of the Description column and enable or disable the Ignore in media type filter and Ignore in media type filter options Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in o
107. ing the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 2 32 2 9 9 Home Feedback The Feedback tab looks like this TrustedSource Malware Feedback Black List Feedback 2020202022020202 OT AI EE Feedback E Mail Address Enables you to send your comments to the Webwasher team Secure Computing values your feedback on the Webwasher products If you have comments or suggestions ES 4 BOP OBES IPE eee TRA Race pao Bee Te et rE Dren EERYSFE teg FASEN Deiis k e tat ten TS BIREN teami tees non ras pee Mats sit BUTE cnt ita Pie Ted Peg oe t aturestsecirecomi coin E Adi THUA ar A A Ne ed Shor a Rigs URL Filter Database Feedback Lets you submit incorrect ur unclassified URLS and checks the progress of previous j submissions 0 Go to URL Filter Database feedback service to submit URLS or view progress ree a Note You have to provide your Secure Computing extranet account and password The transmission is 55L secured There are two sections on this tab e Feedback E Mail Address e URL Filter Database Feedback They are described in the following Feedback E Mail Address The Feedback E Mail Address section looks like this Feedback E Mail Addr
108. ing this section you can configure options for the Welcome Page You can configure the time and frequency of its appearance and also if it should appear at all 3 74 Common Use the following items to configure the Welcome Page options e Show once a day at To let the Welcome Page appear only once a day make sure the radio button provided here is checked and enter the time of appearance in the input field Use the 24 hours format to enter a time 1 p m 13 00 e Show each minutes To let the Welcome Page appear after a particular time interval has elapsed check the radio button provided here and enter the time interval in minutes in the input field e Opt out If this checkbox is marked the Welcome Page will not appear in sessions of the user who configured this setting Manipulate User History The Manipulate User History section looks like this Manipulate User history Allows to set options for one individual user Format user name or 192 165 67 533 Using this section you can configure options for the Welcome Page with regard to an individual user You can configure that the Welcome Page is displayed to this user or not If it is displayed the options of appearance configured in the Welcome Page Options section above apply After specifying the appropriate settings click on Apply Changes to make them effective Use the following items to configure Welcome Page options for an individual user e U
109. ion about how to have volumes shown see the subsection labeled Handling the Dashboard at the beginning of 2 2 Values for the following policies are shown by default e AVonly e default 2 11 Home 2 12 e Emergency Prefix List The list below shows the prefixes that are used for multiples of bytes with byte values calculated in binary mode to measure and display e g traffic volumes It also shows the use of these prefixes with regard to multiples of 10 to measure and display other values e g numbers of hits Prefix List Symbol Name ByteSymbol Byte Unit Binary Value Decimal Value B Byte 29 10 K Kilo KB Kilobyte Dn 10 M Mega MB Megabyte ri 10 G Giga GB Gigabyte 29 10 T Tera TB Terabyte at 10 P Peta PB Petabyte ae 10 E Exa EB Exabyte pee 10 8 Z Zetta ZB Zettabyte Bue 105 Y Yotta YB Yottabyte Deo Vee Traffic Volume per Protocol The Traffic Volume per Protocol section displays the traffic volume in bytes that occurred on the connections used by Webwasher under the dif ferent protocols within a given time interval Values are shown for the following protocols HTTP HTTPS FTP e Mail 2 2 3 system Home The System tab is shown here in two parts because of its size The upper part of the tab looks like this Executive Summary Traffic Volume system Update Status Feature SmartFilter Secure Anti Malware ETrust Mcafee Sophos Spam Filter Rule
110. ire when sessions are ended A pop up is a display area usually a small window that suddenly pops up in the foreground of the visual interface e Cookies not found in the filter list are Use the radio buttons provided to configure a default classification for cook les good Check this radio button to classify unknown cookies as good neutral Check this radio button to classify unknown cookies as neutral Unknown cookies are classified so by default bad Check this radio button to classify unknown cookies as bad 3 55 Common 3 9 2 Cookie Filter List The Cookie Filter List tab looks like this Settings Cookie Filter List Cookie Filter List Stores information about cookies O good neutral bad Add to Cookie filter List add to all policies Found 1 entries with Mumber of entries per page lio ESAS Fiters La O good neutral bad Dl Select All Delete Selected There is one section on the tab e Cookie Filter List It is described in the following 3 56 Common Cookie Filter List The Cookie Filter List section looks like this Cookie Filter List Stores information about cookies good neutral bad Add to Cookie filter List Add to all policies Found 1 entries with LI O good neutral O bad al Select All Delete Selected Using this section you can add entries to the Cookie Filter List and edit them Shell expressions in this
111. is marked by default After modifying this setting click on Apply Changes to make the modification effective Referer Filter The Referer Filter section looks like this Referer Filter Removes strings that report the last page visited Remove referer O always O ifthe domain or the path is diferent ifthe domain is different Using this section you can configure a filter to remove referer strings that report the last page visited by a user If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox is marked by default After modifying this setting or any other setting in this section click on Apply Changes to make the modification effective To configure the filtering of referer strings use the radio buttons of the area labeled e Remove referer Check or uncheck one of these three radio buttons as needed always If this option is enabled a referer is always removed regardless of where the user in question came from if the domain or the path is different If this option is enabled a referer is removed if the user came from a different path or URL Common It leaves the referer unaffected if you the user moves through the same or subsequent path This option may be enabled if user movement should be hidden but there are services that rely on a referer to work properly if the domain is different If this option is enabled a referer is removed in
112. ive Use the drop down lists provided here to configure actions for the following situations e First known CA is trusted Select an action here that should be taken if the first known CA is trusted e First known CA is untrusted Select an action here that should be taken if the first known CA is untrusted e Only unknow CAs found Select an action here that should be taken if only unknown CAs have been found 4 19 SSL Scanner 4 20 Trusted Certificate Authorities The Trusted Certificate Authorities section looks like this Trusted Certificate Authorities Add a CA to your list Select CA ABA ECOM INC ote Ifthe drop down box is empty all known CAs are already in this list Do nottrust C Add to all policies Found 2 entries with Certificate Authority F Belgacom F Ce HET SecureMNet CA Class A dl Select All Delete Selected This section provides the list of Trusted Certificate Authorities CAs Also pro vided is a list of Known CAs from which you can select CAs to include them in the list of trusted CAs When including a CA in this list you can configure it as trusted or not trusted lf a CA has been included in the list of trusted CAs as not trusted certificates issued by it will be explicitly forbidden i e will also not be trusted This is indicated in status messages referring to a certificate If a CA is not included in the list at all certificates issued by it may be implicitly forbid
113. ive This category is for URLs that were blocked due to the configuration of the Webwasher Proactive Scanning Filter Blocked by URL Filter This category is for URLs that were blocked due to the configuration of the Webwasher URL Filter Mail Executive Summary The Mail Executive Summary section displays the number of e mails that were processed by the Webwasher filters within a given time interval The section is only displayed however if Webwasher is configured as an e mail gateway The corresponding option is enabled under Proxies see also the System Configuration Guide Webwasher Web Gateway Security Values are shown for the following e mail categories e Malware This category is for e mails that were found to contain malware e Spam level high This category is for e mails that were classified as high level spam e Spam level medium This category is for e mails that were classified as medium level spam 2 9 Home 2 10 e Spam level low This category is for e mails that were classified as low level spam Number of Feedbacks Sent The Number of Feedbacks Sent section displays the number of feedbacks that were sent to Webwasher by customers within a given time interval Customers can send these feedbacks using the link provided in the URL Filter Database Feedback section on the Feedback tab under Home gt Trust edSource Values are shown for the following feedback categories e Malware This category is for feedb
114. ked The checkbox is marked by default After modifying the setting of this checkbox click on Apply Changes to make the modification effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy default v Media Type Filters Common The options are arranged under the following tab Archive Handler They are described in the upcoming section e Archive Handler see 3 5 1 3 5 1 Archive Handler The Archive Handler tab looks like this Archive Handler Archive Handling Defines howto handle archives O Encrepted Archive found WEB Corrupted Archive found WEE Multi part Archive found WEB Max recursion level exceeded BAA Mot Handled Archive found WEB Archive Handling Options Defines how to handle archives gt O Maximum size of unpacked archive MB Maximum recursion level There are two sections on this tab e Archive Handling e Archive Handling Options They are described in the following 3 27 Common Archive Handling The Archive Handling section looks like this Archive Handling Defines howto handle archives Encrypted Archive found KaJ Block Drop Corrupted Archive found MES Block rop Multi part Archive found BS Block rop M
115. lect a particular page by clicking on the appropriate arrow symbols To edit an entry type the appropriate text in the input field of the rule Enable or disable a rule by marking or clearing the Deactivate checkbox in the corresponding line Then click on Apply Changes to make these settings effective You can edit more than one list entry and make the changes effective in one go 3 63 Common Use the following items to perform other activities relating to the list e Filter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 3 11 HTTP Method Filter List The HTTP Method Filter List options are invoked by clicking on the corre sponding button under Common HTTP Method Filter List _ If you want to enable any of these options mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated a
116. ll then be shown together with Others which means that actually all categories and their values are cov ered e Selecting a time interval You can select the time interval you want to view values for Use the Show last drop down list provided in the corresponding tab sec tion to do this O Stacked Line Show last 30 2KB 4 1kB 13 1 kB 12 1KB 6 DEB O 1 31 3 Months 6 Months 1 ear Show last Stacked Line The time scale and values displayed for the categories are immediately adapted according to the selected time interval 2 6 Home e Selecting stacked or line mode You can have parameter values displayed in stacked or line mode Inline mode lines are displayed to represent the development of values within a given time interval Show last 1 Hour O Stacked Line 14 11 14 21 14 31 14 41 In stacked mode filled out areas are displayed to represent the de velopment of values within a given time interval but with value areas stacked one on top of the other This means that you are always shown sums of values in this mode Show last Stacked Line 2 OCB 1 68 1 25B 513 4MB 407 MEB o 14 11 14 21 14 31 14 41 For this reason the value scale changes when switching from line to stacked mode since it takes more of a scale to display values in stacked than in line mode To select either stacked or line mode check the corresponding radio button in a t
117. lowing Release Notes The Release Notes section looks like this Release Notes Provide the latest information about current releases of the Webwasher pro Release Notes TXT This section allows you to view release notes and other documents containing the latest information on the Webwasher products To view any of the documents listed here click on the TXT link in the same line This will open a txt format version of the document 2 39 Home 27 Preferences The Preferences options are invoked by clicking on the corresponding button under Home Preferences The options are arranged under the following tab Preferences They are described in the upcoming section e Preferences see 2 7 1 2 7 1 Preferences The Preferences tab looks like this Preferences Change Password Enter the new password twice Current Password Password Ld Retype password Yiew Options Define view options View web related settings View mail related settings Show change warner dialog C Show configuration hash Access Permissions Define access permissions for other admins 17 Allow simultaneous access allow read write access O Allow read only access O Deny simultaneous access There are three sections on this tab e Change Password e View Options e Access Permissions 2 40 Home They are described in the following Change Password The Change Password section looks like this Chang
118. lt such objects will go unfiltered Popup Filter The Popup Filter section looks like this C Pop Up Filter Eliminates scriptinitiated pop up browser win dows C Also disable manually opened windows Using this section you can configure a filter to eliminate script initiated pop up browser windows Furthermore you can disable manually opened windows to ensure that pop up windows remain closed If you want to use this filter mark the checkbox next to the section heading After specifying this setting you may also specify the additional setting pro vided here Then click on Apply Changes to make your settings effective Common Use the following checkbox to configure the additional setting e Also disable manually opened windows If this option is enabled pop ups will not be opened even if the user clicks on the corresponding link Script Filter The Script Filter section looks like this Script Filter manages code that manipulates browsers and systems Filter scripts that a Web page executes on loading Filter scripts that a Web page executes on closing Prevent supplementary modification ofthe address al Prevent modification ofthe browser s status bar Using this section you can configure a filter to manage the code that manipu lates browsers and systems If you want to use this filter mark the checkbox next to the section heading After specifying this setting or any other setting in this section
119. n the input field next to it enter a string to specify the object using shell expressions To specify the object type select Web E Mail Archive Media Type Embedded Object or Header from the drop down list below the first one You can further specify the object type by selecting a value from the drop down list to the right So e g for Embedded Object you can further specify Any Type ActiveX or Link Furthermore use the following items when adding a new entry to the list Description Input in this field is optional You may enter a description of the media type here Disable In the list of filters provided here specify those that you want to exclude the object in question from To do this mark the corresponding check boxes If you would e g like to allow pop up windows from an online banking Web site enter the domain name of the site in the input field provided above and disable the Advertising Filter Add to White List After specifying the information for an object click on this button to add it to the list This addition will be valid only under the policy you are currently con figuring To add an object to the white list for all policies mark the checkbox labeled Add to all policies before clicking on the button The White List is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of en
120. n this input field enter an e mail address All e mails received by Web washer containing this address will be moved to the queue specified above The default address is FalseNegativesFeedback WillBeCaughtBy Webwasher com Malware Feedback Queue The Malware Feedback Queue section looks like this Malware Feedback Queue allows to send feedback to Webwasherto improve malware filter SMTP queue to Use Infected gt See Content of Queue Send interval in minutes 0 means no automatic send Using this section you can configure the sending of feedback in order to im prove the malware filter An e mail that was classified as spam and contains an attachment where no virus was found will be copied to the malware queue and later be sent to Se cure Computing Small downloads will also be copied to this queue if at least one of the Anti Virus engines or the Proactive Scanning filter detected a virus but not all engines came to the same result This feature is not enabled by default If you would like to help improve the malware filter please mark the checkbox next to the section heading After specifying this setting and other settings in this section click on Apply Changes to make these settings effective Use the following items to configure the malware feedback e SMTP queue to use From this drop down list select an e mail queue E mails and small down loads matching the criteria explained above will be moved to this
121. nding button under Common Media Type Filters If you want to enable any of these options make sure the checkbox on this button is also marked The checkbox is marked by default After modifying the setting of this checkbox click on Apply Changes to make the modification effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy default v Media Type Filters The options are arranged under the following tabs Actions Media Type Black List Media Type White List They are described in the upcoming sections e Actions see 3 3 1 e Media Type Black List see 3 3 2 e Media Type White List see 3 3 3 Common 3 3 1 Actions The Actions tab looks like this Actions Media Type Black List Media Type White List Media Type Filter Manages the flow of media types for mail and Web downloads Default action for unlisted media types WEB Entry found in Media Type Black List WEB Entry found in Media Type White List WEB Non rectifiable media types with magic bytes mismatch Ba Response without Content Type header WEB Web Upload Filter controls the flow of outbound user originating files via HTTP and FTP Maximal size of uploaded parameter kb C Forbid
122. ne for which categories sessions should be tunneled Banking Finances w Please select Delete category w Please select Delete category w Define tunneling behaviour Verity certificate only O Bypass SSL Scanner Using this section you can configure tunneling for particular URL filtering cat egories You can configure up to three categories for tunneling These may pre defined or user defined categories If you want to use additional categories you need to enter them in the lt pol icy gt ini configuration file which is located in the conf folder of the Webwasher program files This tunneling option is not enabled by default If you want to enable it mark the checkbox next to the section heading After specifying the appropriate information click on Apply Changes to make your settings effective Use the items in the following areas to configure tunneling by category e Define for which categories sessions should be tunneled Select up to three categories from the drop down lists provided here Cat egories may be selected from pre defined or user defined categories To delete a category click on the Please select Delete category list item in the corresponding drop down list e Define tunneling behavior To determine what tunneling should mean for the selected categories en able one of these options Verify certificate only The certificate belonging to the requested URL is checked by a ver ification procedure
123. ne go Use the following items to perform other activities relating to the list e Filter Type a filter expression in the input field of the Media Type or Description column or in both and enter this using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button Common 3 4 Document Inspector The Document Inspector options are invoked by clicking on the correspond ing button under Common Document Inspector If you want to enable any of these options make sure the checkbox on this button is also marked The checkbox is marked by default After modifying the setting of this checkbox click on Apply Changes to make the modification effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy detault w Media Type Filters The options are arranged under the following tab Document Inspector They are described in the upcoming section e Document Inspector see 3 4 1 3 19 Common 3 4 1 Document
124. ne or more of the sections on a tab you need to click on the Apply Changes button to make effective what you have modified The Apply Changes button is located in the top right corner of the Web inter face area Apply Changes When modifying settings that belong only to a particular filtering policy you can make the modified settings apply to all policies nevertheless An arrow is displayed next to the Apply Changes button on each tab where policy dependent settings can be configured apply Changes Introduction Clicking on this arrow will display a button which you can use to apply changes to all policies pply Changes to All Policies After clicking on this button your modifications will be valid for settings of all policies When you are attempting to leave a tab after modifying its settings but without clicking on Apply Changes an alert is displayed to remind you to save your changes Save changes Would you like to save your changes before leaving this page Answer the alert by clicking Yes or No according to what you intend to do about your changes This will take you to the tab you invoked before the alert was displayed Clicking on Cancel will make the alert disappear so you can continue your configuration activities on the current tab Click History The tabs you visited while configuring settings are recorded on the top left corner of the Web interface area They are recorded together with
125. ng button under SSL Scanner Quick Snapshot The following tab is then provided Quick Snapshot It is described in the upcoming section e Quick Snapshot see 4 2 1 4 2 SSL Scanner Before this is done however the following subsection provides some general information on this quick snapshot feature Handling the Quick Snapshot The quick snapshot feature on this tab allows you to view summary information about the certificate verification process performed by Webwasher at a glance The information is displayed with regard to a given time interval Percentages are calculated for the various categories of results that the verifi cation process may have The percentages are shown by means of a pie chart on the left side of the tab section On the right side of the section parameter values are shown as they developed in time using either a stacked or a line mode The pie chart and the representation in stacked or line mode are handled in the same way as on the Webwasher dashboard You can e Select and deselect categories for display by marking and clearing the cor responding checkboxes text html e text plain v e Select a time interval for display using the Show last drop down list e Select stacked or line mode for display by checking the corresponding radio button Stacked Line For a more detailed description of these activities see the subsection labeled Handling the Dashboard in 2 2 4 3
126. ning parts s host port Furthermore configure the following methods for a new exception by certificate Enabling the by certificate method means that the certificate issued for the host you are adding as an exception is checked by the verifica tion process After enabling this method select an action from the drop down list provided here 4 23 SSL Scanner For the meaning of these actions see the following table by certificate by host Allow The exception is allowed not available Block The exception is blocked The exception is blocked Tunnel The activities of the SSL The activities of the SSL Warn Incident Scanner are bypassed and no verification process is executed The exception is allowed but a warning is displayed Scanner are bypassed and no verification process is executed not available Only Cert not available The content provided by the Checking host you are adding as an exception is not decrypted and the exception is allowed Note In this case the certificate will be checked Only not available The content provided by the Decryption host you are adding as an exception is decrypted and the exception is allowed by host Enabling the by host method means that the host is checked without a certificate being included in the verification process If the latter method is chosen shell expressions e g webwasher com may be used to specify an exception After enablin
127. no verification process is executed not available The content provided by the host you are adding as an exception is not decrypted and the exception is allowed Note In this case the certificate will be checked The content provided by the host you are adding as an exception is decrypted and the exception is allowed 4 15 SSL Scanner 4 16 by host Enabling the by host method means that the host is checked without a certificate being included in the verification process If the latter method is chosen shell expressions e g webwasher com may be used to specify an exception After enabling this method select an action from the drop down list provided here For the meaning of these actions see the description of the by cer tificate method above Add exception After specifying the appropriate settings click on this button to add an exception to the list Enabling the by host method means that the host is checked without a certificate being included in the verification process If the latter method is chosen shell expressions e g webwasher com may be used to specify an exception After enabling this method select an action from the drop down list provided here For the meaning of these actions see the description of the by cer tificate method above A message will then be displayed stating if the exception has been added successfully and providing information on the result of the
128. nt Software Technologies Ltd or its affiliates Sun and Solaris are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other countries Squid is copyrighted by the University of Califor nia San Diego Squid uses some code developed by others Squid is Free Software licensed under the terms of the GNU General Public License The Mozilla SpiderMonkey and NSPR libraries distributed with Webwasher are built from the original Mozilla source code without modifications MPL section 1 9 The source code is avallable under the terms of the Mozilla Public License Version 1 1 NetCache is a registered trademark of Network Appliances Inc in the United States and other countries Linux is a registered trademark of Linus Torvalds Other product names mentioned in this guide may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers Secure Computing Corporation Webwasher A Secure Computing Brand Vattmannstrasse 3 33100 Paderborn Germany Phone 49 0 5251 50054 0 Fax 49 0 5251 50054 11 info webwasher com www webwasher com www securecomputing com European Hotline Phone 49 0 5251 50054 460 US Hotline Phone 1 800 700 8328 1 651 628 1500 Contents Chapter 1 1 1 2 4 2 4 1 2 9 2 5 1 2 5 2 2 5 3 2 6 2 6 1 2 6 2 2 6 3 2 17 2 7 1 2 8 2 8 1 2 8 2 Chapter 3 3 1 3 2 3 2 1 3 3 3 3 1 3 3 2 3 3
129. nt Webwasher session This information includes e Version and build of the Webwasher software e Name of the system Webwasher is running on e Name of the user logged in for the current session e g Admin e Role assigned to this user e g Super Administrator e Permissions granted to this user e g read write Other Documents This guide belongs to a series of documents provided for users of the Webwasher Web Gateway Security products The following sections give an overview of them The Webwasher user documentation can be viewed after navigating to the Manuals tab of the Web interface lt can also be viewed on the Webwasher Extranet and in the Secure Computing Resource Center Introduction The following is provided in this section for the Webwasher Web Gateway Se curity products e An overview of the documents on the main products see 1 4 1 e An overview of the documents on products for special tasks and environ ments see 1 4 2 1 4 1 Documentation on Main Products This section introduces the user documentation on the main Webwasher Web Gateway Security products Document Group General Documents Product Documents Reference Docu ment Document Name Deployment Planning Guide Installation Guide Quick Configuration Guide System Configuration Guide Advanced Configuration Guide Upgrade Guide User s Guide URL Filter User s Guide Anti Virus User s Guide Anti Malware User
130. nt to view the e mail related settings Show change warner dialog Make sure this checkbox is marked if you want the change warner dialog to appear whenever you are attempting to leave a tab without saving changed settings Show configuration hash Mark this checkbox to have the configuration hash displayed at the top of the Web interface area Access Permissions The Access Permissions section looks like this Access Permissions Define access permissions for other admins Allow simultaneous access Allow readMrite access O Allow read only access Deny simultaneous access Using this section you can configure permissions to control access to Web washer While you are logged in as administrator other administrators i e other users in administrator roles might also try to log in You can allow their simultaneous access restrict it to read only or even deny it completely Home To what extent you are allowed to configure access permissions for other ad ministrators depends on your seniority level This is measured by a value between O and 100 You can only configure permissions for administrators with seniority levels lower than your own On the other hand you may find your right to access Webwasher restricted or denied when trying to log in because an administrator with an equal or higher seniority level is currently logged in and has configured the corresponding set tings So if your seniority level is e
131. nticode Objects Cl spam Filter Cl sender Filter Peres Cl attachment Cl size Filter Sl Cl secure Hall av engines O sre al Sophos Add to White List 4dd to all policies Number of entries per page rites teststring Web Any lt Enter description here gt Disable l Dl Document Darchive Cl media Type Filter Inspector Bandler C Generic Header Filter O Generic Body Cl advertising Filter O Privacy Filter text Categorization Filter Cure Category O Filter by Cl Proactive C Proactive Scanning Script Code Actions Expressions Scanning Mitigation d LJ embedded LJ activex Cl suthenticode Objects Cantal ClEmbedded Scripts O Spam Filter Cl sender Filter F Recipient Filter O Subject Filter O size Filter Cl attachment Filter Ll Data trickling F Progress pages Cl secure OIA ay engines AM lwsre C ETrust Cl mcafee F Sophos Oselect Al Delete Selected There is one section on this tab e White List It is described in the following 3 79 Common 3 80 White List The White List section looks like this White List Prevents filters from being applied to shell expression entries ooo Description Enter description here Disable media Type Filter CJ Document Inspector LT archive Handler L Generic Body Filter LJ Advertising Filter O Privacy Filter I URL Category Actions Filter by Expressions Proac
132. o make them effective Use the following radio buttons to configure access permissions Allow simultaneous access Make sure this radio button is checked if you want to allow simultaneous access Furthermore specify what kind of simultaneous access should be allowed Allow read write access Make sure this radio button is checked if you want to allow read write access 2 43 Home Allow read only access Check this radio button to allow read only access e Deny simultaneous access Check this radio button to deny simultaneous access 2 8 License The License options are invoked by clicking on the corresponding button un der Home License The options are arranged under the following tabs Information Notification They are described in the upcoming sections e Information see 2 8 1 e Notification see 2 8 2 2 44 Home 2 8 1 Information The Information tab looks like this Information Notification License Information Company Name Webwasher 60 Test Number of Clients 25000 Current Clients 1 Time Limit 01 07 2006 31 06 2008 Evaluation License Yes Customer number 1061 key number System number dL fe i Secure Computing End User License Agreement The installation and deployment of Secure Computing software products are exclusively governed by the terms as set forth in Secure Computing Standard Terms and Conditions You can find the most recent version at gt http f swe
133. on Physical Memory Y Free S Average last 1 Hour ES By hovering over the sections of the pie chart with the mouse cursor you can display the individual percentages 61 5 Free 2 3 Home 2 4 On the right side of a section parameter values are shown as they developed in time using either a line or a stacked mode see also further below Show last O Stacked Line 1 25B TOS EEN o 16 31 16 41 16 31 More information about the values that are measured and displayed is provided in the upcoming sections The following activities can be performed for most of the dashboard values e Selecting categories You can select the categories you want to have values displayed for with regard to a particular parameter To do this just mark or clear the check boxes next to the categories Ll Blocked by AV Engine In the above example only the values numbers in this case of URLs that were good i e passed all filtering are selected for display together with those that were blocked by the URL Filter but omitting those that were blocked by an anti virus engine or by Proactive Scanning After selecting or deselecting a category it is immediately displayed or re moved from display Home Note that the color of a category in the selection list is also used when the category is displayed in proportion to other categories by means of a pie chart Y Free ss Average last 1 Hour ea Free
134. on https Format host port by host Only Decryption Add Exception Using this section you can add new exceptions to the list of certificates You can also configure actions for an exception relating to the certificate or host in question 4 14 SSL Scanner To add an exception to the list use the area labeled e Add new exception In the input field provided here enter the exception you want to add to the certificate list https has been entered in this field as default information at the begin ning of an exception name The input format for its remaining parts is host port Furthermore configure the following methods for a new exception by certificate Enabling the by certificate method means that the certificate issued for the host you are adding as an exception is checked by the verifica tion process After enabling this method select an action from the drop down list provided here For the meaning of these actions see the following table Allow Block Tunnel Warn Incident Only Cert Checking Only Decryption by certificate The exception is allowed The exception is blocked The activities of the SSL Scanner are bypassed and no verification process is executed The exception is allowed but a warning is displayed not available not available by host not available The exception is blocked The activities of the SSL Scanner are bypassed and
135. op down list labeled Policy which is lo cated above the Media Type Filters button Policy default v Media Type Filters The options are arranged under the following tab FTP Command Filter List They are described in the upcoming section e FTP Command Filter List see 3 12 1 3 12 1 FTP Command Filter List The FTP Command Filter List tab looks like this FTP Command Filter List There is one section on this tab e FTP Command Filter List It is described in the following 3 69 Common FTP Command Filter List The FTP Command Filter List section looks like this FTP Command Filter List Executes actions based on FTP command categories E Add rule Command category Server Access Action Dl continue Add to FTP Command Filter List Add to all policies Found 1 entries with Select Command Category Category CI select All Delete Selected Using this section you can configure rules for assigning actions to particular FTP commands that occur in user requests and add these rules to a list The rules may also include a categorization of the command and specify the URL it is applied to So you could set up a rule that e g categorizes a Server Access command when applied to a particular URL as Chat and blocks the corresponding re quest Note however that rules are not configured here for individual commands but rather for command categories such as the category of Serv
136. open document formats Generic XML Microsoft OpenXML Oasis Open Document Format and the Simple Object Access Protocol SOAP which is an XML based communications protocol for applications These documents may contain active content Word Excel PowerPoint and Microsoft Open XML support ActiveX controls and macros while PDF and the Oasis Open Document Format support embedded JavaScript This active content may be hostile rather than friendly so for full protection against files that are embedded in Microsoft Office PDF or open format docu ments you should use the filter provided by the Document Inspector to inspect these documents and block malicious content from entering your corporate net work If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox is marked by default After specifying the appropriate settings click on Apply Changes to make them effective Use the following drop down list to configure actions for office documents e Encrypted document found Select an action here e g Block or Allow This action will be taken if the filter detects an inbound office document that is potentially malicious Common Document Mail Filter The Document Mail Filter section looks like this Document Mail Filter Filters documents attached to e mails Using this section you can configure actions for office documents that are attached to e mails e g a pdf format do
137. orate net work By default all filters are configured to apply to all formats After modifying these settings click on Apply Changes to make the modifi cation effective Note that in order to use the filters for documents in Microsoft Open XML or Oasis Open Document Format you need to enable the Archive Handler see 3 9 3 24 Common Use the following checkboxes to modify the assignment of filters to document formats e Download Filter Mark or clear the checkboxes in this line to have the download filter apply to the corresponding document formats e Upload Filter Mark or clear the checkboxes in this line to have the upload filter apply to the corresponding document formats e Mail Filter Mark or clear the checkboxes in this line to have the mail filter apply to the corresponding document formats General Options The General Options section looks like this General Options Specifies options that apply to all Document Filters word 95 document format not readable WEB Structured Storage document like Visia or MSI not readable Wa Office document not readable Kaa Library not loadable or failed WEB Using this section you can configure filtering conditions and actions for office documents that will apply to all the filters made accessible over the other sec tions of this tab You can configure different actions for documents in Web and e mail traffic After specifying the appropriate settings click
138. ories of documents Furthermore you can configure different actions for Web and e mail traffic A confidential category is provided here for a start Apart from this you can configure actions for up to six categories of your own The rules for the keywords and combinations that should be filtered are con figured and listed on the Categorization List tab If you want to configure actions for text categorization select them from the appropriate drop down lists Then click on Apply Changes to make your settings effective Select actions for Web and e mail traffic from the following lists e Confidential Select actions for documents falling into the confidential category here e User Defined User Defined 1 etc Select actions for documents falling into any of your own categories here Common 3 10 2 Categorization List The Categorization List tab looks like this settings Categorization List Text Categorization List Uses Boolean Logic to define content categorization rules O more tan times per words Select one or more categories to apply to the above rule Category 1 Please select Category 2 Please select Category 3 Please select Create Fule Add to all policies Found 1 entries with Number of entries per page Select rae OOOO Fite i iO A a Do Categories Please select Please select Deactivate Please select Dl select All Delete Selected There is one
139. other CA issuing certificates on a higher level Together these certificates form a certificate chain which is inspected in a verification process The CA that signed a certificate located on a lower level of the certificate chain is also called the root CA The verification process begins by checking the CA that immediately signed the vendor certificate It may be known i e be included in the list of known CAs If the CA is unknown the verification process checks the CA on the next level and goes on to do so until a Known CA is found or all CAs in the certificate chain have proven to be unknown Usually there are no more than three levels to a certificate chain The first known CA to be found in the verification process is then checked as to whether it is trusted or untrusted To be trusted a CA must be included in the list of trusted CAs The list of trusted CAs is configured in the Trusted Certificate Authorities section which is also provided on this tab To edit the list of known CAs use the Known Certificate Authorities link which is located at the top of this tab to go to the tab provided for this purpose When configuring actions for trusted CAs remember that you have to select actions that include a Log Incident part e g Block Log Incident if you want to have incidents related to these CAs listed by the incident manager After specifying the appropriate settings here click on Apply Changes to make them effect
140. out further setup gt Setup REL filter Email server for notification delivery is not defined Define server and sender Recipient for system notifications is not set Enter email address System Settings System Sat Jan 13 03 54 33 2007 Current Policy default Admin Sat Jan 13 03 59 38 2007 URL Filter Database Database Number Not available Never updated gt Anti Virus Engine and Cannot load Secure Anti Malware engine Never updated Signatures Cannot load CA ETrust engine Cannot load Mcafee engine Cannot load Sophos scan engine gt Spam Filter Rules Database Number 13748 Sat Jan 13 03 55 03 2007 gt Certificate Revocation Lists Never updated gt Proactive Scanning Database Database Number O Never updated One Click Lockdown Use single strict policy AAAm gt a O Activate emergency mode CLA AAA AAA a2 System Summary Displays the latest systern modifications and updates Yersion Information Version 6 5 0 beta Build Number 2568 Part Number 91 09466153 4 Build Date Jan 12 2007 Operating System Windows There are four sections on this tab System Alerts System Summary One Click Lockdown Version Information They are described in the following 2 19 Home System Alerts The System Alerts section looks like this System Alerts Displays important system warnings and messages
141. queue as malware and later be sent to Secure Computing Home The queue should be used for no other purpose than that of collecting malware since it will be cleared after e mails and downloads have been sent off To see the e mails that are in this queue click on the See Content of Queue link next to the drop down list e Send interval in minutes In the input field provided here enter a time interval in minutes to specify the time that is to elapse between sending e mails The default interval is 240 minutes Entering 0 here means that no e mails will be sent automatically E mails can be sent manually however using the QUeue Management page which is launched after clicking on the See Content of Queue link next to the drop down list On this page click on the button labeled Send All to SecureLabs now to send the e mails URL Feedback The URL Feedback section looks like this C URL Feedback allows to send feedback about Uncategorized URLs to Webwasher to Send interval in minutes 0 means no automatic send Using this section you can configure the sending of feedback in order to im prove the URL Filter URLs that have not yet been included and categorized in URL Filter Database can be submitted to the URL Filter Database feedback service using the link provided on the Feedback tab under Home gt TrustedSource The time interval for sending feedback is configured here This feature is not enabled by
142. rd The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button 3 89 Chapter 4 SSL Scanner The features that are described in this chapter are accessible over the SSL Scanner tab of the Web interface Home Common URL Filter Anti Malware Anti spam SSL Scanner These features allow you to configure the filtering of SSL encrypted traffic thus protecting your network against viruses and other malicious content that may be hidden behind the SSL encryption The upcoming sections describe how to handle these features The description begins with an overview SSL Scanner 4 1 Overview The following overview shows the sections that are in this chapter User s Guide Webwasher SSL Scanner Introduction Home Common SSL Scanner Overview this section Quick Snapshot see 4 2 Policy Settings Certificate Verification see 4 3 scan Encrypted Traffic see 4 4 Certificate List see 4 5 Trusted Certificate Authorities see 4 6 Policy Independent Global Certificate List see 4 7 Settings Global Trusted Certificate Authorities see 4 8 Incident Manager see 4 9 4 2 Quick Snapshot The Quick Snapshot for the SSL Scanner functions is invoked by clicking on the correspondi
143. re described in the following 3 20 Common Document Download Filter The Document Download Filter section looks like this Document Download Filter Filters inbound documents Encrypted dacumentfound RS J Apply gt Text Categorization on downloaded documents Using this section you can configure actions for inbound office documents that may enter your corporate network from the Web and are potentially malicious The document formats that can be filtered include Microsoft Word 97 2003 Mi crosoft Excel 95 2003 Microsoft PowerPoint 95 2003 and all known versions of Adobe Portable Document Format PDF Furthermore they include the following open document formats Generic XML Microsoft OpenXML Oasis Open Document Format and the Simple Object Access Protocol SOAP which is an XML based communications protocol for applications These documents may contain active content Word Excel PowerPoint and Microsoft Open XML support ActiveX controls and macros while PDF and the Oasis Open Document Format support embedded JavaScript This active content may be hostile rather than friendly so for full protection against files that are embedded into Microsoft Office PDF or open format doc uments you should use the filter provided by the Document Inspector to in spect these documents and block malicious content from entering your corpo rate network In addition to this filter you can apply text categorization to these
144. re have elapsed since expiration of the certificate the configured action will be executed A grace period may allow the use of the certificate even after it has expired Enter the desired number of days in the input field provided with this option Certificate is revoked Checks if a certificate has been revoked For this purpose the Certificate Revocation List CRL is used If the certificate has been revoked the configured action will be executed Revocation status is unresolvable The reason why the revocation status is unresolvable could be that the cor responding certificate authority or the path leading to the Certificate Revo cation List CRL is not known scan Encrypted Traffic 4 8 The Scan Encrypted Traffic options are invoked by clicking on the corre sponding button under SSL Scanner Scan Encrypted Traffic lf you want to enable any of these options make sure the checkbox on this button is also marked The checkbox is marked by default After modifying the setting of this checkbox click on Apply Changes to make the modification effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy SSL Scanner To do this select a policy from the drop down list labeled Policy which is lo cated above the Certificate Verification button Policy Certificate Verification The options are arranged
145. ring the Advertising Filters op tions select the Settings tab MPAA ET Sad if E The Animation Filter section is located on this tab dl Animation Filter Manages and filters animated images ES Animated Images Show only the first picture of an animation Repeat animation timels Remove all animated Images Configure settings a Enable the feature To do this mark the checkbox next to the section heading b Check the radio button labeled Remove all animated images Note To get help information on these settings click on the question mark in the top right corner of the section The section should now look like this Animation Filter Manages and filters animated images ES Animated images show only the first picture of an animation Repeat animation times Remove all animated Images Introduction 3 Make settings effective Click on the Apply Changes button This completes the sample configuration 1 3 3 General Features of the Web Interface This section explains more about the features that are provided in the Web interface for solving general tasks e g applying changes to the Webwasher settings or searching for a term on the tabs of the interface The following features are explained here e Apply Changes Click History Information Update Logout Main Feature Enabling Search Session Length System Information Apply Changes After modifying the settings in o
146. ring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Media Type Filters button Policy detault w Media Type Filters The options are arranged under the following tab Welcome Page They are described in the upcoming section e Welcome Page see 3 13 1 3 73 Common 3 13 1 Welcome Page The Welcome Page tab looks like this Welcome Page p Welcome page options Defines options for this policy Define when and how often the welcome page should be shown Show once a day at O Show each minutes C Opt Out Manipulate user history Allows to set options for one individual user User identifier show again show never again Format user name or 192 168 67 33 Upload Allows to upload the welcome page content Store as A ony uploaded Mle is mat an archive Add or overwrite content Replace complete folder Show updated page immediately There are three sections on this tab e Welcome Page Options e Manipulate User History Upload They are described in the following Welcome Page Options The Welcome Page Options section looks like this Welcome page options Defines options for this policy Define when and how often the welcome page should be shown Show once a day at Show each minutes FP Opt out Us
147. rowser session The Cookie Filter controls the data stream between users and the Web in both directions a requirement for efficient filtering Transmitted cookies coming in on the Web server in addition to those from the browser are controlled by Webwasher The distinction between the good and thus necessary cookies and the bad cookies that invade privacy is carried out by Webwasher using an algorithm and the built in filter list depending on the URL of a cookie To add and edit cookies on this list go to the Cookie Filter List tab If you want to use this filter make sure the checkbox next to the section heading is marked The checkbox is marked by default After modifying any of these settings click on Apply Changes to make the modification effective Use the following items to configure cookie filtering e Disable built in filter list If this option is enabled the built in filter list is used The option is disabled by default Common e Neutral cookies expire after Use the radio buttons and input fields provided here in the following way a time period of h min Make sure this radio button is checked if you want to configure a life span for neutral cookies The radio button is checked by default Enter the appropriate time periods in hours and minutes in the input fields provided here The default value is 24 hours finishing the browser session Check this radio button to let neutral cookies exp
148. rresponding dimension settings will be added to the list but not yet used for filtering Common Add to Dimension Filter List After specifying the dimensions settings in the way described above click on this button to add them to the list This addition will be valid only under the policy you are currently con figuring To add dimensions to the list for all policies mark the checkbox labeled Add to all policies before clicking on the button If dimension settings that were configured under another policy are al ready in the list the setting of the Add to all policies checkbox will have no effect The Dimension Filter List is displayed at the bottom of this section To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols To edit an entry type the appropriate pixel values in the corresponding input field and mark or clear the deactivate checkbox in the same line Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filt
149. rview this section Dashboard see 2 2 Overview Feature see 2 3 Support see 2 4 TrustedSource see 2 5 Manuals see 2 6 Preferences see 2 7 License see 2 8 Common SSL Scanner 2 2 Dashboard The dashboard is invoked by clicking on the corresponding button under Home Dashboard After invoking the dashboard the number and quality of system alerts is dis played on the left side of the interface area System Alerts Clicking on each of the alert lines takes you to the Overview tab where the meaning of the alerts is explained and what to do about them see also 2 3 1 2 2 Home The dashboard provides the following tabs J Executive Summary Traffic Volume System They are described in the upcoming sections e Executive Summary see 2 2 1 e Traffic Volume see 2 2 2 e System see 2 2 3 Before this is done however the following subsection provides some general information on the dashboard Handling the Dashboard The dashboard allows you to view summary information on a number of Web washer and system parameters at a glance This information is in most cases displayed with regard to a particular time interval e g the number of URLs that were filtered by Webwasher over the last three hours If percentages were calculated for a group of related parameter values they are shown by means of a pie chart on the left side of the corresponding tab section Memory Utilizati
150. s Certificate Revocation Lists Proactive Scanning Database Open Ports Webwasher listener Interface Port Protocol all interfaces 9090 HTTP all interfaces 9093 HTTP all interfaces 9091 HTTPS all interfaces 1344 ICAP CPU Utilization all CPUs Boem EJ system tale ETT Average last 1 Day Free OOOO O Free ssid usd 7 Average last 1 Hour Version Not applicable Not applicable Not applicable Not applicable Not applicable 13 46 Not applicable Not applicable last update Never Updated Never updated Never Updated Never Updated Never Updated Never updated Never updated Never updated Memory Utilization One Memory Service Status Web Interface listening End User Requests listening Secure Web Interface listening ICAP Server listening Show last O Stacked Line 98 4 78 7 59 0 39 4 19 7 0 14 41 12 41 22 41 02 41 06 41 10 41 Show last fi Stacked O Line 2 056 1 60586 1 256 315 4MB 4 7 TMB o 1341 13 51 14 01 iili 14 21 14 31 O 14 41 14 41 2 13 Home 2 14 The lower part looks like this Swap Utilization Virtual Memory Average last 1 Hour 13 44 13 54 14 04 14 14 Filesystem Utilization Used Capacity Y O Stacked Line Average last 1 Day ES ES ES es 22144 02 44 D6id4 10 44 14 dd e O Stacked Line eee 22144 02 44 Odidd 10 44 14 44 Network Utilization all Interfaces Average last 1 Day
151. s click on the REQMOD Settings link provided at the bottom of this section The option in question is labeled Apply configured filters on uploaded and posted data Use the drop down lists provided here to configure actions for the Web Upload Filter Maximal size of uploaded parameter kb In the input field provided here enter a value to limit the size limit in KB of uploads Forbid uploads of all files HTTP Mark this checkbox to forbid uploads of all HTTP files Forbid uploads of all files FTP Mark this checkbox to forbid uploads of all FTP files Default action for unlisted media types Should this filter find a media type that is not currently listed in the Media Type White List or Black List this is what will happen to it Entry found in Media Type Black List The actions configured here will be executed for media types that are found in the Media Type Black List Entry found in Media Type White List The actions configured here will be executed for media types that are found in the Media Type White List Content not validated by magic bytes The actions configured here will be executed when content types do not match their magic byte sequence So e g a PEG image named as a GIF file would be affected by a filtering action even though each of these media types are acceptable Common Spon Media Type Black List The Media Type Black List tab looks like this SE E a i a Actions Media Type Black
152. s Guide Anti Spam User s Guide SSL Scanner this document Reference Guide What about Is Webwasher suited to my environ ment How to install Webwasher First steps to get Webwasher running Features for configuring Webwasher within the system environment More sophisticated configuration tasks What should know when upgrading to a new Webwasher release Features for configuring URL filtering policies Features for configuring anti virus filtering policies Features for configuring anti malware filtering policies Features for configuring anti spam filtering policies Features for configuring SSL encrypted traffic filtering policies Items concerning more than product e g features for customizing actions or log files 1 4 2 Introduction Documentation on Special Products This section introduces the user documentation on the Webwasher Web Gate way Security products for special tasks and environments Document Group Content Reporter Documents Instant Message Filter Documents Special Environment Documents Appliances Documents Document Name Content Reporter Installation and Configuration Guide Content Reporter User s Guide for Reporting Instant Message Filter Installation and Configuration Guide User s Guide Instant Message Filter Setting Up Webwasher on Microsoft ISA Server Setting Up Webwasher with Blue Coat Setting Up NetCache with ICAP N
153. scription begins with an overview Common 3 1 Overview 3 2 User s Guide Webwasher SSL Scanner Introduction Home Common SSL Scanner Policy Settings Policy Independent Settings The following overview shows the sections that are in this chapter Overview this section Quick Snapshot see 3 2 Media Type Filters see 3 3 Document Inspector see 3 4 Archive Handler see 3 5 Generic Header Filter see 3 6 Generic Body Filter see 3 7 Advertising Filters see 3 8 Privacy Filters see 3 9 Text Categorization see 3 10 HTTP Method Filter List see 3 11 FTP Command Filter List see 3 12 Welcome Page see 3 13 White List see 3 14 User Defined Categories see 3 15 Media Type Catalog see 3 16 Common 3 2 Quick Snapshot The Quick Snapshot for the common filtering functions is invoked by clicking on the corresponding button under Common Quick Snapshot The following tab is then provided Quick Snapshot It is described in the upcoming section e Quick Snapshot see 3 2 1 3 3 Common 3 2 1 Quick Snapshot The Quick Snapshot tab looks like this Quick Snapshot Frequent Media Types by Hits Show last 1 Day v Stacked Line image gif WI text plain Average last 1 Day 12 41 16 41 20 41 00 41 04 41 08 41 Frequent Media Types by Volume Show last 1 Day v O stacked Line text xml Sal n text html viden mS WWX Average last 1 Day 0 12 41 16 41 20 41 00
154. section on this tab e Text Categorization List It is described in the following 3 61 Common 3 62 Text Categorization List The Text Categorization List section looks like this Text Categorization List Uses Boolean Logic to define content categorization rules O more than times per words select one or more categories to apply to the above rule Add to all policies Found 1 entries with Categories User Defined 1 Please select Please select dl Select All Delete Selected Using the text categorization filter you can specify single keywords and combi nations of words and filter office documents and e mail attachments containing these words In this section you can configure rules for the keywords and combinations of keywords that should be filtered and add them to the Text Categorization List To add a text categorization rule to the list use the area labeled e Add rule Use the following items to configure a rule and add it to the list term 1 AND term 2 AND NOT term 3 Make sure the radio button in this line is checked if you want to configure a rule according to this method which is one of two provided here This method uses Boolean logic to determine the placement of words in an office document or e mail message It is enabled by default Common In the input fields enter the words or word combinations you want to filter e g Bahamas Maledives work to set up a rul
155. ser identifier In this input field enter information to identify the user This can either be the IP address of the user s system or the authenticated user name The Welcome Page will then be displayed to this user or not depending on which of the two buttons described below you click on 3 75 Common e Show again Click on this button to let the Welcome Page appear again for this user This means that the page is displayed not only once but also for the following requests of this user e Show never again Click on this button to hide the Welcome Page from this user Upload The Upload section looks like this Upload Allows to upload the welcome page content flename SSS upload Store as index html Needed oniy I uploade Add or overwrite content Replace complete folder Show updated page immediately Using this section you can configure and perform the upload of a file to display its content on the Welcome Page Furthermore you can let the Welcome Page appear immediately after the upload regardless of what was configured in the other sections of this tab Use the following items to handle the upload of a Welcome Page In this section you configure the actions that should be taken whenever the text categorization filter matches You can configure different actions for particular categories of documents Furthermore you can configure different actions for Web and e mail traffic A confidential categor
156. st to configure a decryption warning e Executed action Select Warning Decryption to configure the warning Select None to have no warning SSL Scanner 4 5 Certificate List The Certificate List options are invoked by clicking on the corresponding but ton under SSL Scanner Certificate List F If you want to enable any of these options mark the checkbox that is on this button Then click on Apply Changes to make this setting effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy To do this select a policy from the drop down list labeled Policy which is lo cated above the Certificate Verification button Policy default w Certificate Verification The options are arranged under the following tab Cerificate List They are described in the upcoming section e Certificate List see 4 5 1 4 13 SSL Scanner 4 5 1 Certificate List The Certificate List tab looks like this Certificate List Certificate List Add new exception to list Add new exception add pew exception https Format host port by host Only Decryption Add Exception There is one section on this tab e Certificate List It is described in the following Certificate List The Certificate List section looks like this Certificate List Add new exception to list Add new exception Add new excepti
157. t Al Delete Selected Using this section you can configure rules for assigning actions to particular HTTP methods that occur in user requests and add these rules to a list The rules may also include a categorization of the method and specify the URL it is applied to So you could set up a rule that e g categorizes the GET method when applied to a particular URL as Entertainment and blocks the corresponding request To add a rule to the list use the area labeled e Add rule Use the following Items to configure the rule Method From this drop down list select the HTTP method you want to configure a rule for e g GET URL In this input field enter the URL that is requested when the HTTP method is used Input in this field is optional 3 66 Common Category From this drop down list select a URL filtering category you want to assign to the HTTP method Seiting this category is also optional Action From this drop down list select the action you want to have executed if the rule matches Continue If this checkbox is marked Webwasher will look for further matches after the rule matched for the first time Otherwise filtering activities will be stopped after the first match Description Enter a description of the rule here Input in this field is optional Add to HTTP Method Filter List After specifying the appropriate information in the fields above click on this button
158. ters The options are arranged under the following tabs Settings Categorization List They are described in the upcoming sections e Settings see 3 10 1 e Categorization List see 3 10 2 3 10 1 Settings The Settings tab looks like this Settings Categorization List Text Categorization Defines which methods should be used to classify text content To Use text categorization you have to configure the categorization list Confidential BRS Allow x Allow e There is one section on this tab e Text Categorization It is described in the following 3 59 Common 3 60 Text Categorization The Text Categorization section looks like this Text Categorization Defines which methods should be used to classify text content To use text categorization you have to configure the categorization list Confidential Block WEB MAIL Replace e User Defined Mixer Block Block Block Block Block Alloy Mixect MAIL User Defined 1 Replace User Defined 2 Replace User Defined 3 Replace User Defined 4 Replace User Defined 5 Replace Alloy User Defined E Using the text categorization filter you can specify single keywords and combi nations of words and filter office documents and e mail attachments containing these words In this section you configure the actions that should be taken whenever the text categorization filter matches You can configure different actions for particular categ
159. the following Spam False Positives Feedback Queue The Spam False Positives Feedback Queue section looks like this Spam False Positives Feedback Queue allows to send feedback to Webwasherto improve SMTP queue to use Infected See Content of Queue Send interval in minutes 0 means no automatic send Using this section you can configure the sending of feedback in order to im prove the spam filter 2 25 Home 2 26 E mails that were released from a queue after receiving a digest e mail will be copied to the false positives queue and sent from there to Secure Computing This feature is not enabled by default If you would like to help improve the spam filter please mark the checkbox next to the section heading After specifying this setting and other settings in this section click on Apply Changes to make these settings effective Use the following items to configure the false positives feedback e SMTP queue to use From this drop down list select an e mail queue After being released from another queue e mails will be copied to this queue and later be sent to Secure Computing The queue should be used for no other purpose than that of collecting false positives since it will be cleared after e mails have been sent off To see the e mails that are in this queue click on the See Content of Queue link next to the drop down list e Send interval in minutes In the input field provided here enter a
160. tificate Verification options are invoked by clicking on the corre sponding button under SSL Scanner Certificate Verification If you want to enable any of these options make sure the checkbox on this button is also marked The checkbox is marked by default After modifying the setting of this checkbox click on Apply Changes to make the modification effective These are policy dependent options i e they are configured for a particular policy When you are configuring these options you need to specify this policy 4 5 SSL Scanner 4 3 1 To do this select a policy from the drop down list labeled Policy which is lo cated above the Certificate Verification button Policy default w Certificate Verification The options are arranged under the following tab Certificate Verification They are described in the upcoming section e Certificate Verification see 4 3 1 Certificate Verification 4 6 The Certificate Verification tab looks like this Certificate Verification Certificate Verification Defines actions to be taken for not fully trusted certificates Es Common Mame or amp vith wildcard certificates wildcard does not match host name Wildcard matches hostname Certificate is expired for more han o days Certificate has been revoked SRL Revocation status is unresolwable At the top of this tab there is the following button Inspect certificate Click on this button to inspect the certificat
161. time interval in minutes to specify the time that is to elapse between sending e mails The default interval is 240 minutes Entering O here means that no e mails will be sent automatically E mails can be sent manually however using the Queue Management page which is launched after clicking on the See Content of Queue link next to the drop down list On this page click on the button labeled Send All to SecureLabs now to send the e mails e E mail address In this input field enter an e mail address All e mails received by Web washer containing this address will be moved to the queue specified above The default address is FalseNegativesFeedbackOWIillBeCaughtBy Webwasher com Home Spam False Negatives Feedback Queue The Spam False Negatives Feedback Queue section looks like this C Spam False Negatives Feedback Queue allows to send feedback to Webmasher to improve SMTP queue to use Infected gt See Content of Queue send interval in minutes 0 means no automatic send EMail Address FalseNegativesFeedhbackevillbeCatchedbyvebwasher co Using this section you can configure the sending of feedback in order to im prove the spam filter You can send e mails that have erroneously not been classified as soam to an address that is configured in this section After e mails with this address have been received in the inbound queue of your Webwasher instance they will be moved from there to the false negatives qu
162. tive Scannin l Authenticode Embedded objects LI Activex Controls L Spam Filter L Sender Filter L Recipient Filter Size Filter attachment Filter 1 Data trickling Claras engines L Secure Anti Malware L ETrust il Sophos Add to White List Add to all policies Found 1 entries with Entry Web Any Disable media Type Filter L Document Inspector eneric Body Filter vertising Filter L Generic Body Filt l Advertising Filt CURL Category Actions DT Filter by Expressions El Dlauthenticode Embedded Objects pam Filter ender Filter Spam Filt Sender Filt Size Filter Dlattachment Filter LI Alay engines L Secure Anti Malware L Sophos Iselectall Delete Selected Af LIF DTF Dl OF Flr Le Using this section you can add an object to the White List and exclude it from the application of particular Webwasher filters The objects can be specified using shell expressions Furthermore you can specify the type of object you would like to exclude from filtering e g Web E Mail Media Type etc To specify exactly what the filters are that the object in question should be excluded from there is a list of filters provided here where you can disable and enable filters according to your requirements Common To add an object to the white list use the area labeled e Add new entry Select String or International Domain Name from the first of the drop down lists provided here I
163. to add the rule to the list The rule will be valid only under the policy you are currently configuring To add a rule to the list that is valid for all policies mark the checkbox labeled Add to all policies before clicking on the button The HTTP Method Filter List is displayed at the bottom of the section You can edit list entries change their order or delete them To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols To edit an entry type the appropriate text in the input field of the URL or De scription column or in both select the appropriate method category and ac tion from the drop down lists and enable or disable the Continue option Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go 3 67 Common Use the following items to perform other activities relating to the list e Filter Type a filtering term in the input field of the URL or Description column or in both or select a method category or action or any combination of them from the drop down lists and enter this using the Enter k
164. tries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols 3 81 Common 3 82 To sort the list in ascending or descending order click on the symbol next to the Media Type or Description column heading To edit an entry type the appropriate text in the input field for the object name or its description and enable or disable the filters as needed Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filter Type a filter expression in this input field and enter it using the Enter key of your keyboard The list will then display only entries matching the filter e Delete Selected Select the entry you wish to delete by marking the Select checkbox next to it and click on this button You can delete more than one entry in one go To delete all entries mark the Select all checkbox and click on this button e Move Up Move Down Select the entry you wish to move by marking the Select checkbox next to it and click on either of these buttons depending on where you want to move the entry The position an entry takes in the list is important since
165. uploads of all files HTTP C Forbid uploads of all files FTP Default action for unlisted media types Pa Entry found in Media Type Black List WEB Entry found in Media Type White List Ea Content not validated by magic bytes Ba Go to REQMOD Settings to enable Apply configured filters on uploaded and posted data to use the Web Upload Filter There are two sections on this tab e Media Type Filter e Web Upload Filter They are described in the following 3 9 Common 3 10 Media Type Filter The Media Type Filter section looks like this Media Type Filter Manages the flow of media types for mail and Web downloads Default action for unlisted media types MEA Block CE Entry found in Media Type Black List HE Block m Entry found in Media Type White List WEE Ha Mon rectifiable media types with magic bytes mismatch 33 CA Response without ContentType header WEB MAI lt lt Using this section you can configure actions e g Block Block log and notify Allow etc for the Media Type Filter This filter manages the flow of incoming media types for HTTP and FTP down loads as well as for SMTP A media content type is a general category of data content such as an ap plication audio content a text message an image a video stream etc The media type tells the application that receives the data what kind of application is needed to process the content e g Real Audio is to play the audio
166. verification process If the by certificate method has been configured you are informed whether the certificate in question was issued by a trusted or not trusted certification authority CA from the corresponding list lf the CA could not be found on this list the certificate is implicitly forbidden If the inspection of a certificate results in an error or open issue the depth of the certificate is also stated in the corresponding error message By depth is meant the position the certificate takes within the certificate chain So e g depth O means the certificate has been issued immediately for the software in question as is the case with self signed certificates depth l is for a certificate issued to certify a depth O certificate and so on The newly added exception will be shown in a list displayed below To display only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard SSL Scanner If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols You can also edit this list by specifying the appropriate settings for a given en try After doing this click on Apply Changes to make these settings effective Use the following items to perform ot
167. view of these products see 1 5 2 47 Home 2 8 2 Notification The Notification tab looks like this Information Notification System Notifications Send notifications upon license status Ge Send notification upon license expiry Recipient Send notification if number of licensed clients will soon be exceeded The Recipient from Send notification upon license expiry will be used i i T a E tl a Cree Eea eT E Tae A 1 Bontinecaca Tracor tate ees tc all CATE ose yen e Test Notihicatinn Settings send Test Messages cotarro comdinn gad or license axhaustio E Too Many Ghenks rites system log messages if connections were refused due to heavy work Ic There are two sections on this tab e System Notifications e Too Many Clients They are described in the following System Notifications The System Notifications section looks like this System Notifications Send notifications upon license status Send notification upon license expiry Send notification if number of licensed clients will soon be exceeded The Recipient trom Send notification upon license expiry willbe used Hefore sending system notifications you must configure the delivery options Edit Notification Mail Test Notification Settings Send Test Messages Using this section you can configure e mail notifications on license issues These will be sent to the e mail address of the recipient
168. way as on the Webwasher dashboard You can e Select and deselect categories for display by marking and clearing the cor responding checkboxes text Atml e text plain hd a e Select a time interval for display using the Show last drop down list e Select stacked or line mode for display by checking the corresponding radio button Stacked Line For a more detailed description of these activities see the subsection labeled Handling the Dashboard in 2 2 3 5 Common 3 6 There is however a property of the quick snapshot features that is not present on the dashboard tabs It is described in the following e Resetting top value lists For the Media Types by Hits and Media Types by Volume parameters top value lists are displayed using the length of bars to indicate the number of hits or the amount of bytes for various media types text html ET video x ms wyx MB s 6ke text plain 3 2K video s ms ast J 2 3KB Image git 2 SKB Image jpeg i 2 SKB You can choose to view the top 10 25 etc using a drop down list The top value lists can be reset with a reset button Reset now After clicking on this button all values in a list are set to zero so the mea surement of values can start all over again A timestamp is also displayed indicating date and time of the last reset Frequent Media Types by Hits The Frequent Media Types by Hits section displays the media types e g text html text pla
169. y is provided here for a start Apart from this you can configure actions for up to six categories of your own The rules for the keywords and combinations that should be filtered are con figured and listed on the Categorization List tab If you want to configure actions for text categorization select them from the appropriate drop down lists After modifying the settings in this section click on Apply Changes to make the modification effective 3 76 Common Use the following items to handle the upload of a Welcome Page Filename In this input field enter the name of the file you want to upload Type the file name or use the Browse button next to the input field to browse to the file Then click on the Upload button to perform the upload Store as In this input field enter the name you want store the uploaded file under If you are uploading an archive you need not enter a name here since the file name will be used that is in the archive Add or overwrite content To add the content of the uploaded file to the Welcome Page or have its content overwritten by the uploaded content make sure this radio button is checked The radio button is checked by default Replace complete folder To delete all old files providing content for the Welcome Page prior to the upload mark this checkbox Show updated page immediately To let the Welcome Page appear immediately after the upload regardless of the settings in the oth
170. y only a particular number of list entries at a time type this number in the input field labeled Number of entries per page and enter it using the Enter key of your keyboard If the number of entries is higher than this number the remaining entries are shown on successive pages A page indicator is then displayed where you can select a particular page by clicking on the appropriate arrow symbols 2 31 Home To sort the list in ascending or descending order click on the symbol next to the Media Type or Description column heading To edit an entry type the appropriate text in the input field of the Description column and enable or disable the following options e Ignore in media type filter If this option is enabled the media type in question will be ignored when the Media Type Filter is applied to Web and e mail downloads e Ignore ignore in web upload filter If this option is enabled the media type in question will be ignored when the Web Upload Filter is applied to outoound user originating files via HTTP HTTPS and FTP Then click on Apply Changes to make these settings effective You can edit more than one entry and make the changes effective in one go Use the following items to perform other activities relating to the list e Filter Type a filter expression in the input field of the Media Type or Description column or in both and enter this using the Enter key of your keyboard The list will then display only entries match
171. your existing Web usage and security policies to the HTTPS protocol and to prevent certificate misuse SSL encrypted content including viruses spyware MP3s pornography and confidential company files is beyond the reach of any Anti Virus scanner and content filter The SSL Scanner allows you to manage this encrypted content in the same way as HTTP content and thus to prevent policy evasion while it is also scan ning Web traffic for all kinds of threats to your network 1 1 Introduction 1 1 About This Guide The following overview lists the chapters of this guide and explains briefly what they are about User s Guide Webwasher SSL Scanner Introduction Provides introductory information Home Describes basic features that are common to the SSL Scanner and other Webwasher Web Gateway Security products Common Describes filtering features that are common to the SSL Scanner and other Webwasher Web Gateway Security products SSL Scanner Describes the filtering features that are specific to the SSL Scanner 1 2 What Else Will You Find in This Introduction In addition to the overview that was given in the previous section this intro duction also e Explains how to handle the Web interface that is provided for using Web washer see 1 3 e Informs you about the other documents that are provided for users of Web washer see 1 4 e Provides a list of the Webwasher Web Gateway Security products and gives a bri
Download Pdf Manuals
Related Search