We have an EMail Gateway 7.0. We set it up following the document "McAfee Email Gateway 7.x anti-spam best practices refined".
We tested the Email Gateay with Free Email Security Check (Free Email Security Check). This page sends 7 mails:
The first mail (1/7) contains a harmless executable attachment. Even though it is harmless, it should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, this mail may never reach you.
The next mail (2/7) contains a harmless executable attachment, the EICAR anti virus test file in a .zip archive. This file should be detected by every virus checker. Depending on the configuration of your virus checker, this mail may never reach you.
The third mail (3/7) is harmless spam message (GTUBE spam signature), and should be detected by every spam filter. Depending on the configuration of your spam filter, this mail may never reach you.
The remaining four mails (4/7 to 7/7) contain attachments disguised in different ways. Even though the attachments are harmless, they should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, these mails may never reach you.
Our EMail Gateway did'nt filter mails 2, 4 and 7.
I want to know what can we do to improve the protection, and block all the mails sended by Free Email Security Check.
This is our setup:
Spam: Mark when score >= 5.0
Score >= 7.0: Deny the connection
Score >= 6.0: Refuse the data
Phish: Mark, Replace with an alert
Sender authentication: Enabled
McAfee GTI message reputation: Enabled
File filtering: Use default policy
Data Loss Prevention: Disabled
Mail size filtering: Enabled
Compliance: 1 rule
Image filtering: Disabled
Signed or encrypted content: Use default policy
Scanning limits: 20 MB or 2 minutes
Alert settings: Use HTML alerts
Content handling: Custom
Notification and routing: Custom
McAfee GTI feedback: Use default policy
Encryption: Use default policy
Thanks in advance
This will depend entirely on the details of your configuration. What's above isn't quite enough data to go on. I would recommend calling in to support and opening an SR. A tech can then look at your configuration and make specific recommendations on what to change.