metadefender email gateway security 5.0 - opswat email... · install, configure, and manage...

54
© 2020 OPSWAT, Inc. All rights reserved. OPSWAT®, MetadefenderTM and the OPSWAT logo are trademarks of OPSWAT, Inc. All other trademarks, trade names, service marks, service names, and images mentioned and/or used herein belong to their respective owners. MetaDefender Email Gateway Security 5.0.0

Upload: others

Post on 24-Aug-2020

21 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

© 2020 OPSWAT, Inc. All rights reserved. OPSWAT®, MetadefenderTM and the OPSWAT logo are trademarks of OPSWAT, Inc.All other trademarks, trade names, service marks, service names, and images mentioned and/or used herein belong to their respective owners.

MetaDefender Email Gateway Security 5.0.0

Page 2: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

Table of Contents

About MetaDefender Email Gateway Security 5

Second Layer of Defense for Your Email Security Gateway 5

About this guide 6

7. Legal 7

Copyright 7DISCLAIMER OF WARRANTY 7COPYRIGHT NOTICE 7

MetaDefender Export Classification 7

8. Knowledge Base Articles 9

Emails released or forwarded from Quarantine and retried from Failed emails, fail permanently on Exchange Server 9

How do I perform a clean re-install of MetaDefender Email Security v4? 9Overview 10Details 10

How long is the support life cycle for a specific version/release of MetaDefender Email Security v4? 15

Manually registering MetaDefender Email Security in Exchange server 17

What is the difference between MetaDefender Email Security 3.X vs 4.X? 21

Configuration 31

Policy 31

Settings 31

Users 31

Page 3: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

Evaluation 32

Deployment modes 32

SPAN/TAP support 32

Simple PoC environment 32Prerequisites 33Architecture 33Setup 33

Licensing 34

Feature plans 34

License activation 34

User counting 36Licensed users 37

Onboarding 39

Insertion 39

Installation 39

Migration 39

Prerequisites 39Operating system 39

Wizard 39

Operation 40

Bypassing 40

Dashboard 40

Email History 40

Quarantine 40

Releases 41

Page 4: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

What's cooking for Email Gateway Security v5? 42

Failsafe 43Bundled Core and engines 43Core fail-over option 43Active Directory-based license counting 43

Packaging 44Evaluation 44Licensing 45Separated re-scan page 45

Usability 45New UI & UX 45Disclaimer editor 51

Active Directory integration 52AD-based policy enforcement 52

Vault integration 53

Page 5: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 5

About MetaDefender Email Gateway Security

Second Layer of Defense for Your Email Security Gateway

Email security gateways, although offering tremendous protection, are not perfect.

MetaDefender Email Gateway Security enhances existing email security gateways by offering:

Proactive Phishing Prevention using or the MetaDefender Cloud Deep Content Disarm technology;and Reconstruction

Zero-Day Malware Prevention with OPSWAT’s Deep Content Disarm and Reconstructiontechnology;

Disarm Password-Protected Attachments giving the opportunity to recipients to decrypt the files;

Prevent Sensitive Data Loss while still delivering emails with our Proactive Data Loss technology;Prevention

Advanced Threat Prevention with (leveraging both more than 30 anti-malware enginesheuristics and signature-based detection);

Intelligent Threat Prevention with machine learning anti-malware techniques;

Secure Retrieval of Attachments for Outbreak Prevention when integrated to .MetaDefender Valut

Page 6: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 6

About this guide

This guide is not exhaustive

This guide does not cover all aspects of the product: not all configuration options and functional capabilities are detailed here.

The user interface was built to be intuitive enough to make proper operation of the product possible in all cases.

This guide is intended to provide the information you need to:

Install, configure, and manage MetaDefender Email Gateway Security v5;

Learn about new and updated features, and bug fixes on each release;

Learn about concepts through our library of knowledge base articles.

Optimized for viewing in browser

While we offer the option to download this guide to a PDF file, it is optimized for online browser viewing.

Update frequency

OPSWAT updates the online version of this guide regularly on an basis. By as neededviewing this document online, you are assured that you are always seeing the most recent and most comprehensive version of the guide.

Page 7: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 7

7. Legal

Copyright

MetaDefender Export Classification

Copyright

DISCLAIMER OF WARRANTY

OPSWAT Inc. makes no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for any implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.

COPYRIGHT NOTICE

OPSWAT, OESIS, Metascan, Metadefender, AppRemover and the OPSWAT logo are trademarks and registered trademarks of OPSWAT, Inc. All other trademarks, trade names and images mentioned and/or used herein belong to their respective owners.

No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means (photocopying, recording or otherwise) without prior written consent of OPSWAT Inc. No patent liability is assumed with respect to the use of the information contained herein. While every precaution has been taken in the preparation of this publication, OPSWAT Inc. assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

MetaDefender Export Classification

MetaDefender United States Export Classification Number (ECCN) is 5D002, subparagraph c.1

Exports and re-exports of MetaDefender are subject to U.S. export controls and sanctions administered by the Commerce Department’s Bureau of Industry and Security (BIS) under the U.S. Export Administration Regulations (EAR).

This page provides export control information on MetaDefender. MetaDefender provides encryption features that are subject to the EAR and other U.S. laws. These features have been approved for export from the United States, subject to certain requirements and limitations. You may find the information on this page useful for determining exportability to particular countries or parties, and for completing export or shipping documentation, recordkeeping, or post-shipment reporting.

Page 8: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 8

Although we provide the information on this page, you remain responsible for exporting or re-exporting MetaDefender in accordance with U.S. law. We encourage you to seek appropriate legal advice and/or consult the EAR and the BIS Information Technology Controls Division before exporting, re-exporting, or distributing MetaDefender. The information provided here is subject to change without notice.

Page 9: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 9

8. Knowledge Base Articles

Page:Emails released or forwarded from Quarantine and retried from Failed emails, fail permanently on Exchange Server

Page:How do I perform a clean re-install of MetaDefender Email Security v4?

Page:How long is the support life cycle for a specific version/release of MetaDefender Email Security v4?

Page:Manually registering MetaDefender Email Security in Exchange server

Page:What is the difference between MetaDefender Email Security 3.X vs 4.X?

Emails released or forwarded from Quarantine and retried from Failed emails, fail permanently on Exchange Server

parameterThe " MessageExpirationTimeout" of Microsoft Exchange Server specifies the If a message remains in the maximum time that a particular message can remain in the queue.

queue for longer than the value defined in " , the message will be MessageExpirationTimeout"returned to the sender as a permanent failure.

This parameter is likely to affect the delivery of emails released or forwarded from Quarantine (see 4.3 Quarantine ) or emails retried from Audit > Email History (see 4.4 Email history ).

The default value of " is 2 days. This means that if an email spends MessageExpirationTimeout"more than 2 days in or in then releasing or forwarding and Quarantine Audit > Email Historyretrying (accordingly) after 2 days will fail.

The maximum value that " can be extended to is 90 days.MessageExpirationTimeout"

For further details see .3.10 Onsite Microsoft Exchange deployment

This article pertains to Email Security v4.0.0 or aboveMetaDefender This article was last updated on 2019-10-09VM

How do I perform a clean re-install of MetaDefender Email Security v4?

Overview

Page 10: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 10

1.

2.

3.

4.

Details

Uninstall the previous version

Delete installation directory

Clean-up Windows registry

Install the current version

Overview

In certain cases (e.g: upgrading to a newer release candidate, or downgrading to a previous version) a clean install of the product is required.

In case of a clean reinstall, data from the previous installation will be lost.

For a clean re-installation:

Uninstall the previous version.

Delete installation directory.

Clean-up Windows registry.

Install the current version.

Details

Uninstall the previous version

Step Description Details

Page 11: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 11

Step Description Details

1 > Control Panel > Programs > Uninstall a program

2 In Programs and Features, find MetaDefender Email Security.Right click and select

.Uninstall

3 Follow the steps of the installer

Delete installation directory

Step Description Details

1 Delete the directory and its contents where

Email MetaDefender Security is installed.

The default is C:\Program .Files\OPSWAT\MetaDefender Email Security

Page 12: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 12

Deleting the installation directory may be blocked by running applications that hold or use files that are included in the installation directory.

A common example of this issue is , which is not stopped by the emailrelay.exe

uninstallation process.

Please lookup in the task manager and stop it manually. After this, emailrelay.exe

try deleting the folder again.

Clean-up Windows registry

Step Description Details

1 Start Registry Editor:

> regedit

Page 13: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 13

Step Description Details

2 Navigate to the following key:HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\MetaDefender

Email Security

Page 14: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 14

Step Description Details

3 Delete the key and all of its MetaDefender Email Securitysubkeys

4 Confirm deletion

Install the current version

Follow the instructions in to install the new version of the product.1.1 Installation

This article pertains to Email Security v4.0.0 or aboveMetaDefender This article was last updated on 2019-10-09VM

Page 15: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 15

How long is the support life cycle for a specific version/release of MetaDefender Email Security v4?

OPSWAT provides support on each release of MetaDefender Email Security v4 for 18 monthsafter the publication of the next release of the product (i.e. once a new release is published, you have 18 more months of support on the previous release). However, bug fixes and enhancements are applied only to the next release of a product, not to the current release or historical releases, even when those releases are still under support. In some cases, hot-fixes can be provided for the current release of the product and then incorporated as a regular fix in the next release.

OPSWAT strongly encourages customers to upgrade to the latest release on a regular basis and not to wait until the end of a release supported life-cycle.

Release number Release date End-of-life date

4.7.9 20 Feb 2020

4.7.8 28 Jan 2020 20 Aug 2021

4.7.7 19 Dec 2019 28 Jul 2021

4.7.6 27 Nov 2019 19 Jun 2021

4.7.5 12 Nov 2019 27 May 2021

4.7.4 23 Oct 2019 12 May 2021

4.7.3 30 Sep 2019 23 Apr 2021

4.7.2 22 Aug 2019 30 Mar 2021

4.7.1 01 Jul 2019 22 Feb 2021

4.7.0 31 May 2019 01 Jan 2021

4.6.2 07 May 2019 30 Nov 2020

4.6.1 15 Apr 2019 07 Nov 2020

Page 16: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 16

4.6.0 12 Mar 2019 15 Oct 2020

4.5.3 16 Jan 2019 12 Sep 2020

4.5.2 19 Dec 2018 16 Jul 2020

4.5.1 27 Nov 2018 19 Jun 2020

4.5.0 11 Oct 2018 27 May 2020

4.4.1 19 Sep 2018 11 Apr 2020

4.4.0 03 Sep 2018 19 Mar 2020

4.3.3 15 Aug 2018 03 Mar 2020

4.3.2 31 Jul 2018 15 Feb 2020

4.3.1 18 Jul 2018 31 Jan 2020

4.3.0 06 Jun 2018 18 Jan 2020

4.2.1 21 May 2018 06 Dec 2019

4.2.0 11 Apr 2018 21 Nov 2019

4.1.3 12 Mar 2018 11 Oct 2019

4.1.2 19 Jan 2018 12 Sep 2019

4.1.1 08 Dec 2017 19 Jul 2019

4.1.0 01 Dec 2017 08 Jun 2019

4.0.0 10 Jul 2017 01 Jun 2019

This article pertains to all supported releases of MetaDefender Email Security v4 This article was last updated on 2020-02-24

VM

Page 17: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 17

1.

2.

3.

Manually registering MetaDefender Email Security in Exchange server

In case MetaDefender Email Security Transport Agents registrations are missing or failed to register at installation time this step can also be performed manually as described below.

Open an Exchange Management Shell.

Check which transport agents are registered by typing:

Get-TransportAgent

If the following transport agent registrations are present, MetaDefender Email Security is already registered. Otherwise, proceed to next step to start registration.

Identity Enabled Priority-------- ------- --------...Metadefender Email Security Smtp Agent True [n]Metadefender Email Security Routing Agent True [n]...

Page 18: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 18

4.

a.

b.

c.

5.

Register the MetaDefender Email Security Smtp Agent by typing:

Install-TransportAgent

Provide the path to the Metadefender.Email.Exchange.dll file (adjust the path as required):

AssemblyPath: C:\Program Files\OPSWAT\Metadefender Email Security\mailagenthost\Metadefender.Email.Exchange.dll

Provide the transport agent name:

Name: Metadefender Email Security Smtp Agent

Specify the transport agent factory as below:

TransportAgentFactory: Metadefender.Email.Exchange.ReceiverAgentFactory

If the transport agent registration is successful, the following information is displayed:

Identity Enabled Priority-------- ------- --------Metadefender Email Security Smtp Agent False [n]WARNING: Please exit Windows PowerShell to complete the installation.WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport

Page 19: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 19

6.

a.

7.

a.

b.

c.

Enable the newly created transport agent by typing:

Enable-TransportAgent

Specify the transport agent identity as below:

Identity: Metadefender Email Security Smtp Agent

Continue to register the MetaDefender Email Security Routing Agent by typing:

Install-TransportAgent

Provide the path to the Metadefender.Email.Exchange.dll file (adjust the path as required):

AssemblyPath: C:\Program Files\OPSWAT\Metadefender Email Security\mailagenthost\Metadefender.Email.Exchange.dll

Provide the transport agent name:

Name: Metadefender Email Security Routing Agent

Specify the transport agent factory as below:

TransportAgentFactory: Metadefender.Email.Exchange.RoutingAgentFactory

Page 20: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 20

8.

9.

a.

10.

a.

b.

If the transport agent registration is successful, the following information is displayed:

Identity Enabled Priority-------- ------- --------Metadefender Email Security Routing Agent False nWARNING: Please exit Windows PowerShell to complete the installation.WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport

Enable the transport agent by typing:

Enable-TransportAgent

Specify the transport agent identity as below:

Identity: Metadefender Email Security Routing Agent

Complete the transport agent installation by restarting the Microsoft Exchange Transport service.

Stop the service by typing:

net stop MSExchangeTransport

Re-start the service by typing:

net start MSExchangeTransport

Transport agent registration is now complete.

This article pertains to Email Security v4.0.0 or aboveMetaDefender This article was last updated on 2019-10-09VM

Page 21: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 21

What is the difference between MetaDefender Email Security 3.X vs 4.X?

If you are running a previous version of Email Security, OPSWAT recommends MetaDefender upgrading to the latest released version whenever it is practically possible. For users who may be using Email Security 3.X, there are significant architectural differences when MetaDefender upgrading to the latest version. To help with the upgrade, the table below compares the functionality between the two generations of the product and provides links to any relevant documentation.

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

MetaDefender Core compatibility

CORE V3 CORE V4.7.0+ 2.1.2 System requirements

Licensing BUNDLED INTO CORE

STANDALONE 2.4 MetaDefender Email Security licensing

Based on count of recipient email addresses

NO YES 2.4.3 Maximum number of email addresses

Security

Accountability SINGLE ACCOUNT

PER USER ACCOUNT

3.3 User management

Human Authentication

GROUP PASSWORD

PER USER PASSWORD

3.3 User management

API KEY API KEY 3.3 User management

Page 22: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 22

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

Machine Authentication

Inbound SMTP TLS version negotiation

TLS 1.0 ONLY NEGOTIABLE

TLS version customization

NO YES Via OS configuration (Use https://www.nartac.com

) to easily /Products/IISCryptoconfigure

TLS cipher customization

NO YES Via OS configuration (Use https://www.nartac.com

) to easily /Products/IISCryptoconfigure

Inbound SMTP over TLS

NO YES

Access control

EXPLICIT RBAC 3.3 User management

Role based access control

NO YES

User management

NO YES

Active Directory integration

NO YES

Page 23: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 23

User interface BUNDLED INTO CORE

STANDALONE

Dashboard BUNDLED INTO CORE

OWN 4.1 Dashboard

Dashboard auto-refresh

NO CONFIGURABLE Dashboard

Email history YES YES Email History 4.4 Email history

Scan details in email history

NO YES 4.4 Email history (Email details)

Email history cleanup

NO YES Audit > Email History / CLEANUP

Configuration history

NO YES 4.11 Config history

Configuration diffs

NO YES 4.11 Config history

History auto cleanup

YES YES Configuration From Config File (MetaDefender.Engine.History.dll.config> HistoryEntryExpireSpan)

3.4 General settings (Data retention)

NO YES Audit > Email History

Page 24: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 24

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

History custom date filtering

Audit > Refused Emails

Audit > Config History / FILTER BY DATE

Search keys NAME MULTIPLE Not documented 4.10 Search.html

Full-text search

NO YES 4.10 Search.html

Policy PARTIAL YES Single workflow 4.2 Security rules

Inventory NO YES 3.7 Server profiles

Web-based configuration settings

PARTIAL YES Some global settings configurable via UI or REST API, others via config files

3.4 General settings

Batch operations

PARTIAL YES

Resource management

Page 25: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 25

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

Core load balancing

YES YES Configuration From Config File (MetaDefender.Scanner.dll.config)

3.7 Server profiles

3.7.1 MetaDefender Core specific inventory properties

Core high availability

YES YES Configuration From Config File (MetaDefender.Scanner.dll.config)

3.7 Server profiles

3.7.1 MetaDefender Core specific inventory properties

SMTP relay load balancing

NO YES 3.7 Server profiles

SMTP relay high availability

YES YES Configuration From Config File (MetaDefender.Email.Engine.Generic.Agent.dll.config > EmailRelayOutHosts)

3.7 Server profiles

Workflow

Security rules IMPLICIT YES 4.2 Security rules

Workflow SINGLE PER RULE Email Processing Workflow (MetaDefender Core)

4.2 Security rules

Email filtering NO PER RULE 4.2 Security rules

Email routing SINGLE PER RULE 4.2 Security rules

NO PER RULE 4.2 Security rules

Page 26: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 26

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

Override Core results

Bypass Core NO PER RULE 4.2 Security rules (Advanced scan settings)

Core rule selection

SINGLE PER RULE 4.2 Security rules

Email processing

Scan emails and attachments

YES YES Email Processing Workflow (MetaDefender Core)

4.2 Security rules

Sanitize emails and attachments

YES YES

Block emails and attachments

ATTACHMENTS ONLY

YES

Disclaimers SINGLE PER RULE Customizing Disclaimers

Infection Email Notification

Sanitized Email Notifications

4.2 Security rules

Merge fields PARTIAL YES (LIMITED) Infection Email Notification

Page 27: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 27

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

Sanitized Email Notifications

Subject rewriting

PARTIAL PLANNED Infection Email Notification

Sanitized Email Notifications

Custom email headers

SINGLE PER RULE Custom Email Headers 4.2 Security rules

Scan information headers

YES YES Custom Email Headers

Retry mechanism

YES YES Requires manual monitoring of notifications and folders

3.4 General settings (Retry settings)

Handling permanent failures

MANUAL YES Manual reprocessing of failed items

4.4 Email history (Failed emails)

Handling refused emails

NO YES

Support for password-protected attachments

NO YES

Quarantine

Page 28: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 28

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

Quarantine location

BUNDLED INTO CORE

OWN 4.3 Quarantine

Quarantine original copy

GLOBAL PER RULE Quarantine Email 4.2 Security rules

Email details YES YES

Operations (Download, Release, Forward, Delete)

PARTIAL YES Not documented 4.3 Quarantine

Batch operations

GENERAL YES 2.6. Quarantine Management

External quarantine

YES YES Quarantine Email On Another Mail Server

3.6.1 Quarantine emails on another mail server

Quarantine reports

YES YES Quarantine Reports 3.6 Quarantine configuration

Quarantine report contents

GENERAL SPECIFIC 3.6 Quarantine configuration (Quarantine reports)

Custom quarantine report schedule

NO NO

Page 29: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 29

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

Notification emails

Email threat alerts

YES YES Infection Email Notification

4.2 Security rules (Actions for emails with blocked contents)

Service status alerts

YES YES Error Email Notification 3.5.1 Configuration

SMTP relay BUNDLED INTO CORE

STANDALONE

Email flow direction (per deployment)

ONE-WAY BIDIRECTIONAL Configuring Incoming Threat Protection

Configuring Outgoing Threat Protection

4.2 Security rules

TLS configuration

EXTERNAL TOOL BUILT-IN TLS support (Incoming/Outgoing emails)

3.2 Configuring TLS

SPF lookups YES YES Enable Sender Policy Framework (SPF) Lookup

3.4 General settings (Sender Policy Framework lookup)

HELO/EHLO domain customization

NO YES 3.1.2 Windows Registry configuration

Integration

YES YES 4. Onsite Microsoft Exchange Deployment

3.10 Onsite Microsoft Exchange deployment

Page 30: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 30

Feature MetaDefender Email 3.X

MetaDefender Email Security 4.X

3.X Documentation 4.X Documentation

Microsoft Exchange plugin

Cloud (AppRiver, Google Apps, Office 365)

YES YES 3. Cloud Deployment 3.9 Cloud deployment configuration

Operation

Monitoring LIMITED ADVANCED Dashboard / Mail Agent 4.1 Dashboard

General audit logs

YES YES Email Event Log

Configuration audit logs

NO INTEGRATED 4.11 Config history

Syslog integration

LIMITED YES Logging Configuration 3.5.1 Configuration

Multiple log destinations

YES YES Apache log4net 3.5.1 Configuration

Unique message ID

NO YES

This article pertains to Email Security v4.0.0 or aboveMetaDefender This article was last updated on 2019-10-09VM

Page 31: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 31

Configuration

Policy

Settings

Users

Page 32: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 32

1.

2.

Evaluation

Deployment modes

SPAN/TAP support

Simple PoC environment

Prerequisites

Hardware

Software

Architecture

Setup

Email Gateway Security is evaluation friendly. With its straightforward onboarding and intuitive user interface, PoC-ing the product is simpler than ever before.

Deployment modes

Besides –that is to protect production environments, Email Gateway Security protection modesupports the following monitoring modes for evaluation purposes:

Out-of-band monitoring modeTODO: image

Inline monitoring modeTODO: image

SPAN/TAP support

Email Gateway Security can extract and process emails from SPAN mirrored or TAP monitored network traffic. Using this setup it is possible to evaluate the product under real production conditions but without affecting production performance or employee productivity.

TODO: image

Simple PoC environment

It is simply possible to set up an evaluation environment on a standalone machine.

Page 33: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 33

Limitations

A simple PoC environment is unable provide the performance and response times that a real production environment can.

Prerequisites

Hardware

For a simple PoC environment any modern personal computer hardware should be adequate.

Virtualization

It is also possible to implement the simple PoC environment in a virtual machine.

The is that the host operating system will be unchanged.benefit

The may be that the performance and response times will be even more drawback poor.

Software

Operating system See the operating system prerequisites

Mail server hMailServer

Email client Mozilla Thunderbird

Architecture

Error rendering macro 'drawio' : null

Setup

Page 34: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 341.

Licensing

Feature plans

License activation

User counting

Licensed users

Feature plans

MetaDefender Email Gateway Security is available in the following feature plans:

Feature plans

Benefits CDR Basic Standard Advanced

Zero-Day Malware Prevention

Proactive Anti-Phishing

Advanced Threat Prevention 1 engine 4 engines 8 engines 20 engines

Disarm Password-Protected Attachments

Prevent Sensitive Data Loss

License activation

The license must be activated so that Email Gateway Security can be used to process emails.

To activate the product:

Page 35: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 35

1.

2.

3.

Go to the page and click ACTIVATE License

Select your activation method

Page 36: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 36

3. Follow the on-screen instructions to complete activation. For online activation provide your activation key and an optional description of the deployment.

User counting

The product can be licensed by the number of users, and licensed users are counted by MetaDefender Email Gateway Security.

Page 37: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 37

1.

2.

User limit exceeded

When the license limit is exceeded then the emails of the exceeding users will be .bypassed

Emails of licensed users will be processed normally.

Licensed users

Licensed users may be added manually or discovered by machine learning techniques.

To add a user manually:

Go to the page and click License +

Page 38: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 38

2. Provide the display name and user name of the user to add

User name

The user name is the of the user’s email address.local part

Page 39: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 39

Onboarding

Insertion

Installation

Migration

Prerequisites

Operating system

Wizard

Page 40: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 40

Operation

Bypassing

Dashboard

Email History

Quarantine

Page 41: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 41

Releases

Page 42: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 42

What's cooking for Email Gateway Security v5?

This page is under construction.

Failsafe

Bundled Core and engines

Core fail-over option

Active Directory-based license counting

Packaging

Evaluation

Bundled OPSWAT technologies

Evaluation with a single virtual machine

SPAN/TAP monitoring

Licensing

Feature plans to better fit needs

Real-user verification

Separated re-scan page

Usability

New UI & UX

User-based settings

Customizable dashboard

Statistics

Compact Email History

Processing timeline

Advanced filtering

Disclaimer editor

Active Directory integration

AD-based policy enforcement

Vault integration

Page 43: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 43

Failsafe

Email Gateway Security v5 will do its best to have an email processed. If processing fails finally for any reason within a reasonable time, then it will let the email go, not affecting the email flow.

Bundled Core and engines

Email Gateway Security v5 is available now as a bundle of the MetaDefender Core and engines package. Core, Deep CDR, Proactive DLP, and other utility engines are locked to their well known and tested versions thus not will be updated automatically.

Still, anti-malware engines and their databases will be updated and kept on their latest versions.

Core fail-over option

Email Gateway Security v5 includes Core and engines, it is, however, still possible to connect additional Core instances. All further Core instances can serve as fail-over spares (i.e.: HA) or load-balancing pairs to the bundled Core.

Active Directory-based license counting

Email Gateway Security v5 has comprehensive integration capabilities to Active Directory. Users are counted for licensing purposes and verified from the Active Directory. As a result, the license will be counted for real users only, who are present in the domain.

Page 44: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 44

Packaging

Evaluation

Email Gateway Security v5 is evaluation friendly. With its straightforward onboarding and intuitive user interface, PoC-ing the product is simpler than ever before.

Bundled OPSWAT technologies

All relevant OPSWAT technologies: Advanced Threat Prevention, Zero-Day Malware Prevention, Sensitive Data Loss Prevention, and Proactive Phishing Prevention are bundled into Email Gateway Security v5. From now on, users do not need to understand OPSWAT’s architecture and technology, because all necessary components are compiled into a single package.

Evaluation with a single virtual machine

A ready-made virtual machine is available to offer the easiest evaluation process (PoC) with Email Gateway Security v5. It only needs to be deployed to VirtualBox or VMWare, and the exploration shall begin.

Page 45: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 45

SPAN/TAP monitoring

Email Gateway Security v5 can extract and process emails from SPAN mirrored or TAP monitored network traffic. On the customer side, the configuration of the network requires a maximum of 10 min. Using this setup it is possible to evaluate the product under real production conditions without affecting production performance or employee productivity.

Licensing

Feature plans to better fit needs

Email Gateway Security v5 is licensed in separate feature plans. The higher packages the customer will choose, the more features will be available. Since there will be no limitation on the maximum number of users in different plans, customers are going to pay for features only that they intend to use.

Real-user verification

Email Gateway Security v5 has a user-based licensing model, instead of the previous “instance-based” model. Users are and verified, to count real users matched against Active Directoryonly. This restriction will not allow customers to use more licenses than what was purchased, also helps them not to pay for email addresses which don't exist.

Licensed users can be added manually or discovered by machine learning automatically.

Separated re-scan page

Email Gateway Security v5 provides a separate port where the re-scan page will be hosted. This separate port is intended to be available on the internet for business users to initiate their re-scans, while the web management console port is still restricted to internal network access only.

Usability

New UI & UX

Email Gateway Security v5 has a new user interface and new user experience: the UI is more intuitive, the user journey is more clear and simple.

Page 46: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 46

User-based settings

Users can have their own settings in Email Gateway Security v5. These settings are restored every time the user logs in to the system.

For example, users can easily change language and time zone depending on their location. It's a very useful feature to search Email History regardless of the administrator’s time zone. An example of Email History entry when the time zone is set to CET:

Page 47: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 47

The same entry when the time zone is set to PST:

Page 48: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 48

The time zone setting for the user won’t affect timestamps in logs.

Customizable dashboard

The dashboard is customizable in Email Gateway Security v5. Each user can configure the displayed widgets and their size.

The customized dashboard account.settings are also stored for that specific user

Page 49: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 49

Statistics

For certain widgets detailed information is available in the Dashboard of Email Gateway Security v5. Depending on the widget, the view shows statistics or other additional data Details that help interpreting the information provided by the widget.

Page 50: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 50

Compact Email History

Email History has been further optimized for enhanced user experience in Email Gateway Security v5. New colors and better utilization of the available space has been applied. Thanks to the new layout, administrators will have a more convenient overview of each history entry in their systems.

Processing timeline

For each entry in the Email History, Email Gateway Security v5 provides a compact processing history that serves as a log for the specific email showing all relevant events.

This new feature makes investigations and forensics much simpler in Email Gateway Security v5.

Advanced filtering

Filtering has improved in Email Gateway Security v5. The list of emails can be filtered by the date, sender, recipient, subject or by whether they have attachments or not. For the status even multiple values can be specified.

Page 51: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 51

Disclaimer editor

From now, it is no more needed to write HTML markup for disclaimers in Email Gateway Security v5. The new what-you-see-is-what-you-get disclaimer editor has all needed functionality built-in. For example, it has support for text styles, links and lists.

Page 52: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 52

Active Directory integration

Active Directory can be integrated to Email Gateway Security v5 via server profiles.

AD-based policy enforcement

An Active Directory type server profile can be used in security rule filters to enforce a security rule on emails sent to or from members of Active Directory groups.

Page 53: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 53

Vault integration

Email Gateway Security v5 provides smooth integration with Vault. After Vault has been added, all attachments will be uploaded automatically to Vault storage for outbreak prevention. Until released upon supervisor approval continuous malware scanning is processed.

Page 54: MetaDefender Email Gateway Security 5.0 - OPSWAT Email... · Install, configure, and manage MetaDefender Email Gateway Security v5; Learn about new and updated features, and bug fixes

5.0.0 54

Below, part of the configuration of Vault integration in the of Email Gateway security rulesSecurity v5.

Example of Vault integrated architecture: