3 Replies Latest reply on Jan 29, 2015 3:49 PM by Ryan Brady

    EMail Gateway failed to detect some threats from Free Email Security Check.

    gerrysole

      We have an EMail Gateway 7.0. We set it up following the document "McAfee Email Gateway 7.x anti-spam best practices refined".

      We tested the Email Gateay with Free Email Security Check (Free Email Security Check). This page sends 7 mails:


      The first mail (1/7) contains a harmless executable attachment. Even though it is harmless, it should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, this mail may never reach you.

      The next mail (2/7) contains a harmless executable attachment, the EICAR anti virus test file in a .zip archive. This file should be detected by every virus checker. Depending on the configuration of your virus checker, this mail may never reach you.

      The third mail (3/7) is harmless spam message (GTUBE spam signature), and should be detected by every spam filter. Depending on the configuration of your spam filter, this mail may never reach you.

      The remaining four mails (4/7 to 7/7) contain attachments disguised in different ways. Even though the attachments are harmless, they should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, these mails may never reach you.

       

      Our EMail Gateway did'nt filter mails 2, 4 and 7.

       

      I want to know what can we do to improve the protection, and block all the mails sended by Free Email Security Check.

       

      This is our setup:

       

      Spam:

      Spam: Mark when score >= 5.0

      Score >= 7.0: Deny the connection

      Score >= 6.0: Refuse the data

      Phish: Mark, Replace with an alert

      Sender authentication: Enabled

      McAfee GTI message reputation: Enabled

       

      Compliance:

      File filtering: Use default policy

      Data Loss Prevention: Disabled

      Mail size filtering: Enabled

      Compliance: 1 rule

      Image filtering: Disabled

      Signed or encrypted content: Use default policy

       

       

      Policy Options:

      Scanning limits: 20 MB or 2 minutes

      Alert settings: Use HTML alerts

      Content handling: Custom

      Notification and routing: Custom

      McAfee GTI feedback: Use default policy

      Encryption: Use default policy

       

       

      Thanks in advance