Appendix 1: The GEE Whiz NLM

Transcription

Appendix 1: The GEE Whiz NLM
NOT COMPLETE OR FINAL GEE Whiz 2
Getting Started........................................................................................................... 1
Technical Support..................................................................................................... 1
Sales..................................................................................................................... 1
About GEE Whiz ....................................................................................................... 1
Copyright Notices ........................................................................................................ 2
Introduction .............................................................................................................. 4
What is new in GEE Whiz 2 ............................................................................................. 4
Hardware Requirements ............................................................................................. 5
Operating Systems .................................................................................................... 5
Licenses................................................................................................................. 7
Pre-Installation........................................................................................................... 8
Installation ...............................................................................................................11
Installation Step 1 – Getting Started ..............................................................................12
ClamAV ................................................................................................................16
Post Installation .........................................................................................................17
Migrate GEE Whiz 1.4.x Configuration Files......................................................................18
The GEE Whiz Interface................................................................................................19
Certificates............................................................................................................19
Getting started .......................................................................................................19
Trouble shooting .....................................................................................................25
Options ...................................................................................................................28
Web client options ...................................................................................................28
GidClient ..............................................................................................................30
Server Options...........................................................................................................32
Anti-Virus Configuration ............................................................................................32
Filters ..................................................................................................................35
GroupWise Anti-Spam (GAS) ........................................................................................37
Copyright © Beginfinite 2005 - All rights reserved.
NOT COMPLETE OR FINAL GEE Whiz 2
General ................................................................................................................41
Logging.................................................................................................................41
GroupWise options ...................................................................................................43
Interface Daemon ....................................................................................................44
NetMail.................................................................................................................45
Sauce Server configuration .........................................................................................46
Signature ..............................................................................................................47
SMTP ...................................................................................................................48
Statistics .................................................................................................................50
Logs .......................................................................................................................51
Ipauth.....................................................................................................................51
Spam Control ............................................................................................................52
Filters.....................................................................................................................57
Quarantine ...............................................................................................................59
License ...................................................................................................................61
Using GEE Whiz..........................................................................................................62
Appendix 1: The GEE Whiz NLM .........................................................................................64
Appendix 2: Configuring CLAMAV .......................................................................................65
Appendix 3: Trouble Shooting ...........................................................................................66
Appendix 4: Uninstalling GEE Whiz .....................................................................................68
Contact Technical Support ...............................................................................................69
Copyright © Beginfinite 2005 - All rights reserved.
GEE Whiz 2
1
Getting Started
This manual is intended for IT administrators in their use of GEE Whiz 2 or anyone wanting to learn more
about GEE Whiz 2. It includes installation instructions and features descriptions as well as detailed
instructions for the operation of this software.
Technical Support
If you have a technical support question, please consult the GEE Whiz Technical Support section of our
website at http://www.gwava.com/ or e-mail [email protected]. The technical support number is 801437-5678.
Sales
To contact a Beginfinite sales team member, please e-mail [email protected] call Tel: 866-GO-GWAVA
(866-464-9282) in North America or +1 514 639 4850.
Corporate Headquarters
100 Alexis Nihon Blvd., Suite 500
Montreal, Quebec, H4M 2P1, Canada
About GEE Whiz
Thank you for your interest in GEE Whiz, a leading product for protecting GroupWise and NetMail e-mail
environments from the dangerous threats present on the Internet. This manual provides administrators
with sufficient information to best deploy GEE Whiz for protecting their e-mail environments.
2cv
Copyright © Beginfinite 2005 - All rights reserved.
1
GEE Whiz 2
2
Copyright Notices
The content of this manual is for informational use only, and may change without notice. Beginfinite Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in
this documentation. GroupWise is a registered trademark of Novell, and is copyrighted by Novell. © 2005 Beginfinite Inc. All rights reserved. ® GEE Whiz is a registered Trademark.
Open-Source Project Acknowledgements - GEE Whiz makes use of several
open-source projects, all of which are listed here in no particular order,
with respect to their licenses, developers, and the open-source
community in general. Beginfinite would like to acknowledge and thank
the following Open-Source projects that we either make use of in our
product, have studied in the making of this product, or intend to use in
the product at a later date:
Zlib - Zlib is © 1995-2002 Jean-loup Gailly and Mark Adler. The library
was entirely written by Jean-loup Gailly and Mark Adler. ([email protected]
and [email protected]) GEE Whiz uses the original library
which has not been modified. Source distributions can be obtained from
either of: http://www.zlib.org or http://www.gzip.org/zlib/ GEE Whiz
makes use of Zlib subject to it's license, excerpt quoted: “Permission is
granted to anyone to use this software for any purpose, including
commercial applications, and to alter it and redistribute it freely.”
(Subject to restrictions which we believe we have followed).
Minizip - Minizip is © 1998 Gilles Vollant. GEE Whiz uses the original
library which has not been modified. GEE Whiz makes use of Minizip
subject to it's license, excerpt quoted: “Permission is granted to anyone
to use this software for any purpose, including commercial applications,
and to alter it and redistribute it freely.” (Subject to restrictions which
we believe we have followed).
PCRE - PCRE is © 1997-2001 University of Cambridge. The library was
entirely written by Philip Hazel. ([email protected]). GEE Whiz uses the
original library which has not been modified. Source distributions can be
obtained from: ftp://ftp.csx.cam.ac.uk/pub/software/programming/
pcre/ GEE Whiz makes use of PCRE subject to its license, excerpt
quoted: “Permission is granted to anyone to use this software for any
purpose on any computer system, and to redistribute it freely.” (Subject
to restrictions which we believe we have followed). Additionally, subject
to the PCRE license: Regular expression support is provided by the PCRE
library package, which is open source software, written by Philip Hazel,
and copyright by the University of Cambridge, England.
SpamAssassin - SpamAssassin is © 2002-2004 Justin Mason. The library
was partially written by Justin Mason. GEE Whiz only uses parts of the
original package, namely the files which make up the ruleset. These
portions of the original package have not been modified from their
original state, other than possibly changing the file names to suit 8.3
namespace. All original SpamAssassin source files and documentation
can be found here: http://spamassassin.org/. GEE Whiz makes use of
SpamAssassin ruleset with special permission.
CDK - CDK is © 1990 The Regents of the University of California. All
rights reserved. Redistribution and use in source and binary forms, with
or without modification, are permitted provided that the following
conditions are met:
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer. Redistributions in
binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution. All advertising materials
mentioning features or use of this software must display the following
acknowledgement: “This product includes software developed by the
University of California, Berkeley and its contributors.” Neither the
name of the University nor the names of its contributors may be used to
endorse or promote products derived from this software without specific
prior written permission. This software is provided by the regents and
contributors ``as is'' and any express or implied warranties, including,
but not limited to, the implied warranties of merchantability and fitness
for a particular purpose are disclaimed. In no event shall the regents or
contributors be liable for any direct, indirect, incidental, special,
exemplary, or consequential damages (including, but not limited to,
procurement of substitute goods or services; loss of use, data, or profits;
or business interruption) however caused and on any theory of liability,
whether in contract, strict liability, or tort(including negligence or
otherwise) arising in any way out of the use of this software, even if
advised of the possibility of such damage.
LibCURL
cURL is © 1996 - 2004, Daniel Stenberg, <[email protected]>. All rights
reserved. Permission to use, copy, modify, and distribute this software
for any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
LibGD - LibGD is © Thomas Boutell. Subject to the LibGD license, we
include the following information:Portions copyright 1994, 1995, 1996,
1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Cold Spring Harbor
Laboratory. Funded under Grant P41-RR02188 by the National Institutes
of Health. Portions copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002,
2003, 2004 by Boutell.Com, Inc. Portions relating to GD2 format
copyright 1999, 2000, 2001, 2002, 2003, 2004 Philip Warner. Portions
relating to PNG copyright 1999, 2000, 2001, 2002, 2003, 2004 Greg
Roelofs. Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002,
2003, 2004 John Ellson ([email protected]). Portions relating to gdft.c
copyright 2001, 2002, 2003, 2004 John Ellson ([email protected]).
Portions relating to JPEG and to color quantization copyright 2000, 2001,
2002, 2003, 2004, Doug Becker and copyright (C) 1994, 1995, 1996, 1997,
1998, 1999, 2000, 2001, 2002, 2003, 2004 Thomas G. Lane. This software
is based in part on the work of the Independent JPEG Group. See the file
README-JPEG.TXT for more information. Portions relating to GIF
compression copyright 1989 by Jef Poskanzer and David Rowley, with
modifications for thread safety by Thomas Boutell. Portions relating to
GIF decompression copyright 1990, 1991, 1993 by David Koblas, with
modifications for thread safety by Thomas Boutell. Portions relating to
WBMP copyright 2000, 2001, 2002, 2003, 2004 Maurice Szmurlo and
Johan Van den Brande. Portions relating to GIF animations copyright
2004 Jaakko Hyvätti ([email protected]). Permission has been granted
to copy, distribute and modify gd in any context without fee, including a
commercial application, provided that this notice is present in useraccessible supporting documentation. This does not affect ownership of
the derived work itself, and the intent is to assure proper credit for the
authors of gd, not to interfere with your productive use of gd. If you
have questions, ask. "Derived works" includes all programs that utilize
the library. Credit must be given in user-accessible documentation. This
software is provided "AS IS." The copyright holders disclaim all
warranties, either express or implied, including but not limited to
implied warranties of merchantability and fitness for a particular
purpose, with respect to this code and accompanying documentation.
Although their code does not appear in the current release, the authors
also wish to thank Hutchison Avenue Software Corporation for their prior
contributions.
LibJPEG - The authors make NO WARRANTY or representation, either
express or implied, with respect to this software, its quality, accuracy,
merchantability, or fitness for a particular purpose. This software is
provided "AS IS", and you, its user, assume the entire risk as to its quality
and accuracy. This software is copyright (C) 1991-1998, Thomas G. Lane.
All Rights Reserved except as specified below.
Permission is hereby granted to use, copy, modify, and distribute this
software (or portions thereof) for any purpose, without fee, subject to
these conditions:
1. If any part of the source code for this software is distributed, then
this README file must be included, with this copyright and no-warranty
notice unaltered; and any additions, deletions, or changes to the original
files must be clearly indicated in accompanying documentation.
2. If only executable code is distributed, then the accompanying
documentation must state that "this software is based in part on the
work of the Independent JPEG Group".
3. Permission for use of this software is granted only if the user accepts
full responsibility for any undesirable consequences; the authors accept
NO LIABILITY for damages of any kind.
These conditions apply to any software derived from or based on the IJG
code, not just to the unmodified library. If you use our work, you ought
to acknowledge us. Permission is NOT granted for the use of any IJG
author's name or company name in advertising or publicity relating to
this software or products derived from it. This software may be referred
to only as "the Independent JPEG Group's software". We specifically
permit and encourage the use of this software as the basis of
commercial products, provided that all warranty or liability claims are
assumed by the product vendor. Ansi2knr.c is included in this
distribution by permission of L. Peter Deutsch, sole proprietor of its
copyright holder, Aladdin Enterprises of Menlo Park, CA.ansi2knr.c is
NOT covered by the above copyright and conditions, but instead by the
usual distribution terms of the Free Software Foundation; principally,
that you must include source code if you redistribute it. (See the file
ansi2knr.c for full details.) However, since ansi2knr.c is not needed as
part of any program generated from the IJG code, this does not limit you
more than the foregoing paragraphs do. The Unix configuration script
"configure" was produced with GNU Autoconf. It is copyright by the Free
Software Foundation but is freely distributable. The same holds for its
supporting scripts (config.guess, config.sub, ltconfig, ltmain.sh). Another
Copyright © Beginfinite 2005 - All rights reserved.
2
GEE Whiz 2
3
support script, install-sh, is copyright by M.I.T. but is also freely
distributable.
6. Redistributions of any form whatsoever must retain the following
acknowledgment:
It appears that the arithmetic coding option of the JPEG spec is covered
by patents owned by IBM, AT&T, and Mitsubishi. Hence arithmetic coding
cannot legally be used without obtaining one or more licenses. For this
reason, support for arithmetic coding has been removed from the free
JPEG software. (Since arithmetic coding provides only a marginal gain
over the unpatented Huffman mode, it is unlikely that very many
implementations will support it.) So far as we are aware, there are no
patent restrictions on the remaining code. The IJG distribution formerly
included code to read and write GIF files. To avoid entanglement with
the Unisys LZW patent, GIF reading support has been removed
altogether, and the GIF writer has been simplified to produce
"uncompressed GIFs". This technique does not use the LZW algorithm;
the resulting GIF files are larger than usual, but are readable by all
standard GIF decoders. We are required to state that: "The Graphics
Interchange Format(c) is the Copyright property of CompuServe
Incorporated. GIF(sm) is a Service Mark property of CompuServe
Incorporated."
"This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit (http://www.openssl.org/)"
LUA - Copyright © 1994-2004 Tecgraf, PUC-Rio. Permission is hereby
granted, free of charge, to any person obtaining a copy of this software
and associated documentation files (the "Software"), to deal in the
Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
Original SSLeay License - Copyright (C) 1995-1998 Eric Young
([email protected]) . All rights reserved. This package is an SSL
implementation written by Eric Young ([email protected]). The
implementation was written so as to conform with Netscapes SSL. This
library is free for commercial and non-commercial use as long as the
following conditions are aheared to. The following conditions apply to all
code found in this distribution, be it the RC4, RSA, lhash, DES, etc.,
code; not just the SSL code. The SSL documentation included with this
distribution is covered by the same copyright terms except that the
holder is Tim Hudson ([email protected]). Copyright remains Eric
Young's, and as such any Copyright notices in the code are not to be
removed. If this package is used in a product, Eric Young should be given
attribution as the author of the parts of the library used. This can be in
the form of a textual message at program startup or in documentation
(online or textual) provided with the package. Redistribution and use in
source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software. The software is
provided "as is", without warranty of any kind, express or implied,
including but not limited to the warranties of merchantability, fitness
for a particular purpose and noninfringement. In no event shall the
authors or copyright holders be liable for any claim, damages or other
liability, whether in an action of contract, tort or otherwise, arising
from, out of or in connection with the software or the use or other
dealings in the software.
OpenSSL - The OpenSSL toolkit stays under a dual license, i.e. both the
conditions of the OpenSSL License and the original SSLeay license apply
to the toolkit. See below for the actual license texts. Actually both
licenses are BSD-style Open Source licenses. In case of any license issues
related to OpenSSL please contact [email protected].
OpenSSL License - Copyright (c) 1998-2003 The OpenSSL Project. All
rights reserved. Redistribution and use in source and binary forms, with
or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgment:"This product includes
software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used
to endorse or promote products derived from this software without prior
written permission. For written permission, please contact [email protected].
5. Products derived from this software may not be called "OpenSSL" nor
may "OpenSSL" appear in their names without prior written permission of
the OpenSSL Project.
This software is provided by the openssl project “as is” and any
expressed or implied warranties, including, but not limited to, the
implied warranties of merchantability and fitness for a particular
purpose are disclaimed. In no event shall the openssl project or its
contributors be liable for any direct, indirect, incidental, special,
exemplary, or consequential damages (including, but not limited to,
procurement of substitute goods or services; loss of use, data, or profits;
or business interruption) however caused and on any theory of liability,
whether in contract, strict liability, or tort (including negligence or
otherwise) arising in any way out of the use of this software, even if
advised of the possibility of such damage. This product includes
cryptographic software written by Eric Young ([email protected]). This
product includes software written by Tim Hudson([email protected]).
1. Redistributions of source code must retain the copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement: "This product includes
cryptographic software written by Eric Young ([email protected])" The
word 'cryptographic' can be left out if the routines from the library being
used are not cryptographic related.
4. If you include any Windows specific code (or a derivative thereof)
from the apps directory (application code) you must include an
acknowledgement: "This product includes software written by Tim
Hudson ([email protected])"
This software is provided by Eric Young ``as is'' and any express or
implied warranties, including, but not limited to, the implied warranties
of merchantability and fitness for a particular purpose are disclaimed. In
no event shall the author or contributors be liable for any direct,
indirect, incidental, special, exemplary, or consequential damages
(including, but not limited to, procurement of substitute goods or
services; loss of use, data, or profits; or business interruption) however
caused and on any theory of liability, whether in contract, strict
liability, or tort (including negligence or otherwise) arising in any way
out of the use of this software, even if advised of the possibility of such
damage. The licence and distribution terms for any publically available
version or derivative of this code cannot be changed. i.e. this code
cannot simply be copied and put under another distribution licence
[including the GNU Public Licence.]
Copyright © Beginfinite 2005 - All rights reserved.
3
GEE Whiz 2
4
Introduction
GEE Whiz is a NLM and ELF-based anti-spam and anti-virus program that is built from the ground up with
flexibility in mind and runs on NetWare and Linux. Mail is examined in the GWIA, in NetMail or using the
STMP Proxy using SpamAssassin rules and text classifier filtering for: improper content and plain language,
fingerprinting and extension blocking. GEE Whiz 2.x We hope you find the product applicable to any
environment in which you may choose to deploy it.
What is new in GEE Whiz 2
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
New web interface
Cross-Platform Support of Linux and NetWare.
SuRBL URI-based RBL Support.
SPF Support.
Scripted processing for easy and flexible customization.
A much more efficient textual classifier which builds tokens for single words and groups of words. You can
now build a more accurate token set with a smaller corpus.
Complete support for meta-style anti-spam rules.
Complete support for the SpamAssassin 3.1 rule set.
Ability to deploy GEE Whiz 2 at the SMTP level.
ClamAV support
These changes are just the tip of the iceberg. For a complete list of changes, visit www.gwava.com.
Copyright © Beginfinite 2005 - All rights reserved.
4
GEE Whiz 2
5
Successful Installations and Upgrades
Installing or upgrading GEE Whiz is a straightforward process whether you are installing GEEWhiz in a
Linux or NetWare environment.
ƒ
ƒ
ƒ
ƒ
Verify that all necessary prerequisites are met
Prepare the server
Perform an upgrade or a new installation
Test
Hardware Requirements
ƒ
ƒ
ƒ
ƒ
Pentium III processor or equivalent
An additional 512 MB of RAM over minimum requirement for the server and GWIA or NetMail.
A minimum of 35 MB of free disk storage space on the SYS: volume (for default installation).
A recommended minimum of 750 MB of free disc storage space on the SYS: volume (for the default
installation) to hold the GEE directory structure, for working space to process e-mail and for quarantine
directories. The work directories can be located on any volume so sufficient free space must be available
on the volume containing the work directories.
Hard drive space demands are determined largely by the number of messages processed, message size and
the sizes of the spam and ham libraries used to teach the classifier. As these grow, so does the need for
disc space.
GEE Whiz is more CPU dependent than RAM dependent. Installing copious amounts of extra memory may
help process extra threads, but will not provide significant performance gains.
Operating Systems
NetWare
SuSE
ƒ
ƒ
ƒ
ƒ
ƒ
NetWare 5.1 (Service Pack 8 )
NetWare 6.05 (Service Pack 5 or greater)
NetWare 6.5 (Service Pack 3 or greater)
SuSE Linux 8 or 9
(Other Linux-based installations may be successful but are not officially supported)
Copyright © Beginfinite 2005 - All rights reserved.
5
GEE Whiz 2
6
Mail Systems
GEE Whiz supports three mail systems: GroupWise, NetMail and SMTP.
ƒ
ƒ
ƒ
GroupWise - GroupWise 5, 5.5 Enhancement Pack, 6.0, and 6.5 (recommended latest SP).
NetMail - NetMail 3.1x and 3.5x (recommended latest SP) GEE Whiz should be installed on the server
hosting the e-mail system.
SMTP - Most any mail system supporting standard SMTP mail connections.
Internet connection
The installation process requires a connection to the internet to download the GEEWhiz 2 software. A
connection to the internet is needed to the run network tests.
Upgrades
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Run the installer.
When asked Can I use the network for updates? window choose Yes. Press Enter.
At the Should I check for an update to the installation software? window choose Yes. Press Enter.
Note – if you get a 'Failed to communicate with auto-update server.' error and your server is behind a
firewall, you will need to enable outbound connections to 209.115.221.132 (au.submersion.com) on Port
35000 at your firewall.
If there is an update available, you will see a There is an update <version> to <version> update available.
Should I update? window. Choose Yes. Press Enter.
An update will be downloaded. Progress bars will alert you of this. At the Shutdown so you can install with
an updated installer? window choose Yes. Press Enter.
Updates
ƒ
ƒ
ƒ
To check for
updates, merely
unload GEE Whiz 2
and the web
component, and run
the Ginst installer
again.
For example: LOAD SYS:/GEE2/GINST.NLM and LOAD SYS:/GEE2WEB/GINST.NLM
It is not necessary to unload the GWIA to perform an update.
Copyright © Beginfinite 2005 - All rights reserved.
6
GEE Whiz 2
7
Licenses
GEE Whiz is licensed per user. You must purchase a license for the appropriate number of users on your
system. Note that GEE Whiz 1.x licenses are incompatible with 2.x For information about your license,
select the Licence item in the GEEWhiz2 navigational menu.
Types of Licenses
ƒ
ƒ
ƒ
Trial – Full function license with support for 30 days. You can perform an upgrade within the period of a
Trial license and have full access to all product features. You also have access to e-mail and telephone
support.
Full License – Full access to the product features, but is not upgradeable to newer versions
Full License with Support and Upgrade Path – Full access to the product features, and is upgradeable to
newer versions. You have full access for technical and configuration support by e-mail and telephone. Price
protection is also included with this license type.
Replacing licence files
If you must replace the existing licence files with a new licence file, before loading GEE Whiz on your
server ensure there are no .PEM files in the GEE2 and GEE2WEB directories. Copy the replacement licence
file into the GEE Whiz installation directory.
Please make sure that GEE is not running when you copy a new licence file into the GEE Whiz installation
directory. GEE must be unloaded to carry out all license change operations.
Manage Licenses
GEEWhiz will look for the private and public .PEM files when it first loads. If GEE Whiz does not find the
correct license file the software will not start. If you are installing a new or replacement license file you
must:
ƒ
ƒ
ƒ
Unload GEE Whiz.
Copy the new licences
Restart GEE Whiz.
Copyright © Beginfinite 2005 - All rights reserved.
7
GEE Whiz 2
8
Pre-Installation
Overview
Despite the large number of possible combinations of installations overall process is fairly straightforward.
This manual documents them as two pre-installation steps, six post installation steps, and postinstallation tidying.
The operating systems supported (NetWare and SuSE) generally have the same installation process. The
only real differences are the directories into which components are installed and a few of the questions
that the installation process asks you. For example, NetWare asks for a start-up NCF, as this is a necessary
component for that operating system.
Finally, once the installation appropriate for your environment is completed, you will need to configure
GEE Whiz to operate on your mail systems (GroupWise, NetMail and SMTP). There are three groups of
tasks to install GEE Whiz 2. Some of these are elementary decision points; others require a detailed
knowledge of your network.
Pre-installation
1) Create the Extraction
Directories
2) Prepare the mail
platform
GroupWise
NetMail
Installation
3) Ensure the install scripts are configured
to load both GEE2 and GEE2Web
4) Install for your mail platform
5) Create start-up files
6) Install GEE Whiz web server
7) Configure your AV software
SMTP
Copyright © Beginfinite 2005 - All rights reserved.
Post-Installation
8) Post installation
Run GEE2 and then GEE2
Web
Note that for NetWare, do
not use the load command,
instead use the GEE2.NCF
and GEE2Web.NCF files
provided.
Migrate your 1.4x files as
needed.
8
GEE Whiz 2
9
Pre-Installation Step 1 – Create Directories
Run GINST however it is started on your operating system.
For example:
ƒ
ƒ
Netware: SYS:\GEE2INST\GINST.NLM
Linux: ./gee2inst/ginst
Create extraction directories
A series of prompts follows for choosing installation directories. You will be asked to accept the default
"installation" directory (SYS:/GEE) or identify a different directory. If you do not accept the default
(SYS:/GEE) during the initial installation, or if you change the installation location later, you will need to
edit the work directory settings in both the server and web consoles.
ƒ
ƒ
NetWare Extraction
Directory: Sys\GEE2inst
Linux Extraction Directory:
/opt/gee2inst/
Inventory
No matter what OS, the directories and
files that are extracted contain the
licence files and the installation script
files for the GEE Whiz 2.0 Anti-Spam
and Anti-Virus application and the
GEE2 web server application:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ginst.nlm - installer file for
NetWare server ginst
ginst - installer for 32-bit versions of Linux
public.pem and private.pem - public and private licence keys for the ginst installers to communicate securely
with the GEE Whiz 2.0 update server hosted by gwava.com
config\sauce.gop - configuration file for the ginst installer files.
products\gee2\scripts\inst.lua – This is the installation script used by ginst installers to install the GEE2
application.
products\gee2web\public.pem and private.pem - public and private licence keys for GEE Whiz 2.0 web server.
products\gee2\public.pem and private.pem - public and private licence keys for GEE Whiz 2.0 daemon.
products\geet2web\scripts\inst.lua – This installation script is used by the installer to install the GEE Whiz 2.0
web server application.
The second and final pre-installation step will be to prepare the server whether it is NetMail, GroupWise,
SMTP or any combination of the above. Once that is complete, the installer may be run.
Copyright © Beginfinite 2005 - All rights reserved.
9
GEE Whiz 2
10
Pre-Installation Step 2 – Prepare the Mail Platform
The second and final pre-installation process is to
prepare the mail platform.
Pre-Installation on GroupWise
Begin by creating a \GWIA\Third directory. For example, MAIL:\GWDOM\WPGATE\GWIA\Third. Then run
ConsoleOne. Perform the following steps:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Right-click the GWIA object and choose Properties
Click on the Server Directories tab
In the SMTP Queues Directory choose the UNC path to the GWIA directory (e.g.
\\SERVER\MAIL\GWDOM\WPGATE\GWIA). Then and copy it to the clipboard
Click the Advanced button. Paste the UNC path into the SMTP Service Queues Directory
textbox.
In the same screen, click the end of the UNC path to add "\Third", e.g.
\\SERVER\MAIL\GWDOM\WPGATE\GWIA\Third.
Click OK to confirm these edits. Then click OK through the rest of the screens until you close the GWIA properties
window and exit ConsoleOne.
Unload GWIA (use F7 in the GWIA server console to Exit). Load GWIA using GWIA.NCF. (This ensures that
the GWIA loads using the GWIA\Third directory settings.)
GEE Whiz does not alter the gwia.cfg file to include the SMTP home switch.
ƒ
ƒ
ƒ
Gwia.cfg must be edited to point via UNC path to the third party directory, usually /third. Note - Create the
/third if it has not yet been created. (An alternate method of generating this change is by using ConsoleOne by
means of the GWIA object screen.)
Restart the GWIA
Test the set up by sending and receiving mail.
IMPORTANT: Every support pack upgrade will likely remove the SMTP home switch from gwia.cfg, hence
it is preferable to submit changes through Novell ConsoleOne so that the NDS Object is Updated.
ƒ
Remember to back up configuration files before applying upgrades.
Pre-Installation on NetMail
If NetMail is running on another server, you will need to know the IP address of the
NetMail server
ƒ
ƒ
ƒ
Begin by unloading NetMail.
Rename the SYS:\Novonyx\mail\dbf to SYS:\Novonyx\mail\dbfold
Re-load NetMail.
Pre-Installation on SMTP
For SMTP environments, you must configure your SMTP server to send outbound mail through the GEE
Whiz 2.0 installation. This configuration is dependant on the particular SMTP server and is beyond the
scope of this document. Refer to your SMTP server documentation.
Copyright © Beginfinite 2005 - All rights reserved.
10
GEE Whiz 2
11
Installation
These instructions presume that you are choosing the default or recommended directories. The GEE2INST
extraction directory will contain a GINST and a GINST.NLM file. To install GEE Whiz for the first time, you
must run the GINST installer script.
There are five steps.
ƒ
ƒ
ƒ
1 - Start the installer and check for
updates
2 - Install for your Mail Platform
ƒ
ƒ
4 - Install the Web server
5 – Configure the AV software
3 - Create Start-Up files
The post installation is simply to ensure the scripts are configured to load both GEE2 and the GEE2 web
component. A successful installation of GEE Whiz2 involves setting up both GEE Whiz (the motor of the
car) and GEE Whiz’s web administration console (the steering wheel).
There are an almost infinite number of combinations for installing this software. On a basic installation,
the software, the web administration console, the GWIA, GroupWise, et cetera, can all exist on one
server with the same IP. In a more complex
arrangement, these components can exist in
separate locations. For example, GEE Whiz might
communicate via IP to NetMail, or GEE Whiz might
be set up as a SMTP proxy to connect with the
GWIA.
Copyright © Beginfinite 2005 - All rights reserved.
11
GEE Whiz 2
12
Installation Step 1 – Getting Started
Getting started and checking for updates
Start the installer and (in Linux) <cd> to
/opt/gee2inst. At the server console, type
./ginst to run the installer. For Netware, the
command at the console will be ginst.nlm
from whatever location on your system, for
example, sys:\gee2inst\ginst.nlm.
You will be asked:
ƒ
ƒ
ƒ
ƒ
ƒ
At the Can I use the network for
updates? window
choose Yes and
press Enter. You
will be asked
Should I check for
an update to the
installation
software? Choose
Yes and press
Enter.
If you get a 'Failed to communicate with auto-update server' error and your server is behind a firewall, you will
need to enable outbound connections to 209.115.221.132 (au.submersion.com) on Port 35000 at your firewall.
If there is an update available, you will see a "There is an update <version> to <version> update available. Should
I update?" window. Choose Yes and press Enter. An update will be downloaded and you will see a set of progress
bars. At the Shutdown so you can install with an updated installer? window choose Yes and press Enter.
At the Would you like to install Gee2? window choose Yes and press Enter. At the Install path for Gee2 window
type /opt/gee2
You will be asked Install gee2? Press Enter to begin.
The GEE Interface Daemon or GID
The GEE Interface Daemon is a listener that GEE2 runs to listen for input from the GEE2WEB web server
that hosts the Web Admin Console.
ƒ
ƒ
ƒ
When asked whether to configure the GEE Interface Daemon? Choose Yes and press Enter.
At the GID Listener Port: (default: 320025): window you can specify a port number and press Enter, or just
press Enter and then choose Yes at the Use default? (32005) window to accept the default.
Press Enter at the GID configured window
Copyright © Beginfinite 2005 - All rights reserved.
12
GEE Whiz 2
13
Installation Step 2 – Mail Platform
Installing GEE Whiz for GroupWise
for the first time
At the Would you like to configure GEE Whiz for GroupWise? window choose:
ƒ
ƒ
No if you are running NetMail only and proceed to Installing GEE Whiz for NetMail for the first time, or
Yes if you are running GroupWise.
The next six windows will ask for the GroupWise \GWIA and \GWIA\Third directory paths. In each window
enter the path using forward slashes and end the path with a forward slash. Here are example paths:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
GWIA send path – MAIL:/GWDOM/WPGATE/GWIA/Send/
GWIA receive path - MAIL:/GWDOM/WPGATE/GWIA/Receive/
GWIA result path - MAIL:/GWDOM/WPGATE/GWIA/Result/
GWIA third/send path - MAIL:/GWDOM/WPGATE/GWIA/Third/Send/
GWIA third/receive path - MAIL:/GWDOM/WPGATE/GWIA/Third/Receive/
GWIA third/result path - MAIL:/GWDOM/WPGATE/GWIA/Third/Result/
At the GEE Whiz for GroupWise configured. Enable it? window choose No and press Enter.
Why? Administrators can choose Yes but GEE2 will start to process mail as soon as it is loaded. Choose No
so that when you load GEE2, you will have time to configure options before you enable GEE Whiz for
GroupWise and process any mail.
Installing GEE Whiz for NetMail for the first time
At the Would you like to configure GEE Whiz for NetMail? window choose:
ƒ
ƒ
No if you are not running NetMail. Proceed to step 3.
Yes if you are running NetMail.
The next four windows will ask for specific configuration information on your NetMail installation:
ƒ
ƒ
ƒ
ƒ
NetMail NMAP Server IP = 127.0.0.1 (if NetMail is on the same server as GEE Whiz, otherwise type in the IP
address of the NMAP server
NetMail NMAP Server Port - press Enter to accept default of 689
GEE Whiz NMAP Listener IP - press Enter to accept default of all (If GEE Whiz is installed on a BorderManager
Server, then type in the private IP address of that server. See the appendices for more information.)
GEE Whiz NMAP Listener Port - press Enter to accept default of 32001
At the GEE Whiz for NetMail configured. Enable it? window choose No. Complete this portion of the
installation process by pressing Enter. (You can choose Yes but GEE2 will start to process mail as soon as
it is loaded. Choose No so that when you load GEE2, you will have time to configure options before you
enable GEE Whiz for NetMail and process any mail.)
Copyright © Beginfinite 2005 - All rights reserved.
13
GEE Whiz 2
14
Installation Step 3 – Create Start-Up Files (NetWare only)
ƒ
ƒ
At the Create a startup NCF for GEE2 in
SYS:/SYSTEM? window choose Yes and press Enter.
At the NCF created window press Enter.
Installation Step 4 – Install the GEE Whiz web server
This portion of the installation process is fairly
straightforward. Administrators will be presented with a
succession of screens:
ƒ
ƒ
ƒ
ƒ
Two screens will be presented in a row-Gee2 successfully installed and Would you like to install gee2web?,
press Yes and Enter to both.
At the Install Path for gee2web: window type opt/gee2web or sys:/gee2web and press Enter.
At the Install gee2web to /opt/gee2web? window choose Yes and press Enter
At the Would you like to configure the web client? window choose Yes and press Enter
A prompt will appear asking for a user name for you to enter the web administration console. Enter a nonNDS user name which will authenticate to the GEE Whiz Web Administration Console, e.g. geewhizadmin,
and press Enter. Enter a case sensitive password you want to assign for the account. We strongly advise
for security reasons that you do not use a NDS account.
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
At the GEE Whiz Daemon GID IP (default 127.0.0.1): window press choose Yes and press Enter.
At the GEE Whiz Daemon GID Port (default 32005): window press choose Yes and press Enter
At the GEE Whiz Web Server Port (default 33333): window press choose Yes and press Enter
At the GEE Whiz web client configured window press Enter.
At the Create a startup NCF for GEE2WEB in SYS:SYSTEM? window choose Yes and press Enter
Press enter at the NCF created window and again at the gee2web successfully installed window.
Installation Step 5 – Configure your anti-virus software
You must modify your anti-virus software to perform
real-time scanning and to delete or quarantine infected
files. The anti-virus scanner must be configured to:
ƒ
ƒ
ƒ
Exclude the GWIA\Third directory structure
Exclude the GEE2WEB directory structure
Exclude the GEE2 directory structure except: scan the opt/gee2/work and all child folders and files
If your anti-virus solution cannot scan a child folder of a directory that is being excluded, then you can
move GEE2’s work directory:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Create a GEE2WORK directory, for example /opt/gee2web or sys:/gee2work
Configure your anti-virus software to exclude the /opt/gee2/directory
Configure your anti-virus software to scan the /opt/gee2/work/directory
Unload GEE2.NLM (use F7 in the GEE2 Server console screen)
Open the \GEE2\config\antivirus.gop file in a text editor, find the [workPath] option
Remove the "valueIsRelativeToSubSection" = "installationDirectory" and the "valueIsRelativeToSection" = "general"
lines
Change the value to the full path, so: "value" = "/work/" changes to "value" = "SYS:/GEE2WORK/"
Load GEE2 using GEE2.NCF
Copyright © Beginfinite 2005 - All rights reserved.
14
GEE Whiz 2
Copyright © Beginfinite 2005 - All rights reserved.
15
15
GEE Whiz 2
16
ClamAV
GEE Whiz 2 now supports ClamAV. This GPL virus scanner package provides a flexible and scalable multithreaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam anti-virus package, which you can use with your
own software. Other features include:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
A database updater with support for digital signatures
Virus scanner C library
On-access scanning (Linux and FreeBSD)
Detection of more than 32000 viruses, worms and trojans
Support for RAR (2.0), Zip, Gzip, Bzip2, Tar, MS OLE2, MS Cabinet files, MS CHM (Compressed HTML), MS SZDD,
mbox, Maildir and raw mail files, portable executable files compressed with UPX, FSG.
Milter interface for sendmail
Copyright © Beginfinite 2005 - All rights reserved.
16
GEE Whiz 2
17
Post Installation
NetWare
Do NOT use the LOAD command at the server console to start either GEE2.NLM or GEE2WEB.NLM. The
installation created two .NCF files to start GEE Whiz:
ƒ
ƒ
GEE2.NCF - starts GEE2.NLM in protected memory mode
GEE2WEB.NCF - starts GEE2WEB.NLM in protected memory mode
The next step will be to start both GEE2 and the GEE2 web service. At
the server console type GEE2 to run GEE Whiz. Once it has loaded, at
the server console type GEE2WEB to start the GEE Whiz web server.
Important
GEE2 must be running before attempting to load GEE2WEB. To have
Gee Whiz load automatically, at the server console type EDIT
AUTOEXEC.NCF <enter> and add the following three items below to the lines which load GWIA:
ƒ
ƒ
ƒ
GEE2.NCF
DELAY 10
GEE2WEB.NCF
Press <Esc>. Remember to save the AUTOEXEC.NCF file.
Linux
At the server console type ./gee2 to start GEE Whiz. At the server console type
./gee2web to start the GEE Whiz web server. At the server console, edit the applicable
init scripts so that GEE2 and GEE2WEB are started when the server restarts in normal
run level (e.g. runlevel 3 or 5).
Copyright © Beginfinite 2005 - All rights reserved.
17
GEE Whiz 2
18
Migrate GEE Whiz 1.4.x Configuration Files
Black and White Lists
GEE Whiz 2.0 uses the same files for Black Lists and White Lists as GEE Whiz 1.4.x.To migrate the files,
copy the blackfr.txt, blackto.txt, whitefr.txt and whiteto.txt from the GEE Whiz 1.4.x GEE\TMPLTS
directory to the GEE Whiz 2.0 /opt/gee2/gas/lists directory. Administrators can copy the files while GEE2
is loaded and they will become active immediately.
Apply Lists
GEE Whiz 2.0 uses the same level of Apply Lists (General, Filter, Spam Control now Gas) and Antivirus) as
GEE Whiz 1.4.x but you cannot copy the files. If you enable “DOS-style apply lists:” in GEE Whiz 2.0, you
can copy the contents of an apply list from the GEE Whiz 1.4.x and paste it into the applicable apply list
in the GEE Whiz 2.0 Web Admin Console:
ƒ
ƒ
Copy data from GEE 1.4.x path
GEE\TMPLTS\APPLY.TXT to GEE 2.0
General Apply List
Copy data from GEE 1.4.x path
GEE\TMPLTS\FAPPLY.TXT to GEE 2.0
Filter Apply List
ƒ
ƒ
Copy data from GEE 1.4.x path
GEE\TMPLTS\SCAPPLY.TXT to GEE 2.0
GAS Apply List
Copy data from GEE 1.4.x path
GEE\TMPLTS\AVAPPLY.TXT to GEE 2.0
Antivirus Apply List
Header and Content Filters
Header and content filter files cannot be migrated. Filters are created and saved in LUA script files in GEE
Whiz 2.0. Rebuild each filters in the Filters section of the GEE Whiz web administration console.
Custom SA Rules
GEE Whiz 1.4.x stored custom Spam Control Rules in the GEE\GASC\CUST.CF file which should NOT be
copied from GEE Whiz 1.4.x to GEE Whiz 2.0. Since a newer version of SpamAssassin rules are used in GEE
Whiz 2.0 we cannot guarantee that an old cust.cf file will work with the new Spam Assassin 3.0 ruleset.
You should create your custom rules in the Spam Control screen (top menu row).
Multiple versions of GEE Whiz
Do not attempt to run GEE Whiz 1.x and 2.x products at the same time on the same system. This may
cause an abend or it will result in both GEE.NLM and GEE2.NLM competing to process mail from the
GWIA\Third\Receive and GWIA\Send directories. GEE Whiz 1.4x and GEE Whiz 2.x can be installed in the
same environment, but in different directories however, they cannot both be in operation at the same
time.
If you are upgrading from GEE Whiz 1.4.x, and you configure your GEE Whiz 2.0 "work and scan"
directories to be the same as GEE Whiz 1.4x, you can retain both systems if you need to revert to GEE
Whiz 1.4.x. Should you need to revert back to GEE Whiz 1.4.x, you can unload the GEE Whiz 2.0 NLMs and
load the GEE Whiz 1.4.x NLMs.
Copyright © Beginfinite 2005 - All rights reserved.
18
GEE Whiz 2
19
The GEE Whiz Interface
Certificates
GEE Whiz 2 uses certificates for three purposes: to manage
licensing states (for example, when you upgrade your demo to
a working copy,) to ensure updates are pushed to GEE Whiz
installations, and for encryption. Upon first logging into the
GEE Whiz web administration console, administrators will be
presented with a certificate authentication screen.
Click OK to continue to the GEE Whiz 2 web administrator.
Clicking the View Certificate button will present a detailed
screen about the information contained in the certificate.
Getting started
The web-based GEE Whiz Admin Web
Console is where most of the management
of GEE Whiz is performed. This console is
available through any standard web browser
at https://<ip address of the server>:33333.
You will have to authenticate using the user
name and password set up during the set up
process. This console has two sections.
Below is pictured the log-in screen, as well
as a sample screen from the GEE Whiz web
administration console.
The version number is presented beneath
the log-in window.
Copyright © Beginfinite 2005 - All rights reserved.
19
GEE Whiz 2
20
GEE Whiz at a Glance
Use the menus to navigate between GEE Whiz’s various screens.
Options
General
ƒ
Web Client Options
GidClient
Mine
Sauce
Web
Antivirus
ƒ
Gee Whiz Options
Filter
GAS
General
GroupWise
Ideamon
NetMail
Sauce
Signature
SMTP
Stats
Logs
ƒ
ƒ
Client Logs
Server Logs
Statistics
ƒ
Client Statistics
Copyright © Beginfinite 2005 - All rights reserved.
20
GEE Whiz 2
ƒ
ƒ
ƒ
21
Ipauths
Server Statistics
No Stats
Copyright © Beginfinite 2005 - All rights reserved.
21
GEE Whiz 2
22
Spam Control
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Classifier
RBLS
Ruleset
All
Body
Header
Rawbody
Meta
Uri
Search
SPF
SURBL
Filters
Quarantine
ƒ
ƒ
ƒ
GroupWise
NetMail
SMTP
License
Copyright © Beginfinite 2005 - All rights reserved.
22
GEE Whiz 2
23
Content Pane
This is where the administrator changes existing options,
enable and disable different features in GEE Whiz.
Content panes usually have General Options and
Advanced Options. This manual assumes that the
Advanced Options are selected.
Help
In the GEE Whiz Admin web console, hovering the option
title to see the help information for that option. A popup window will provide contextual help.
Click Submit
At the top of every page in the web administration
console is a Submit button. Remember to click it
otherwise your edits and changes to the Gee2
environment will not be applied.
Copyright © Beginfinite 2005 - All rights reserved.
23
GEE Whiz 2
24
Enabling the Major Features of GEE Whiz
GEE Whiz can be installed in a disabled state so that it does not start processing e-mail when it is loaded
for the first time. This allows administrators time to configure the major features before enabling GEE
Whiz. You need to also enable GEE Whiz against the particular e-mail system you are protecting and click
Submit. If GEE Whiz is not enabled for a mail system then it will not provide any protection.
Script Flow
The /scripts/process/control.lua controls the flow of GEE Whiz 2 scripts.
The control file directs that each message that comes into GEE Whiz passed through various scripts. There
are scripts for pre-processing, processing, and post-processing scripts. Within these sub sections, the
order is controlled by naming the scripts alphabetically.
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Pre-processing - Pre-processing scripts are contained in /scripts/process/pre. These are scripts which have
actions that are taken first.
AA_init - This script sets up the message part functions which are used by later scripts.
BB_applylists - This script checks to see if an apply list match has been found, and if so, sets a flag.
Processing - Processing scripts make up the bulk of GEE Whiz. These scripts perform their processing actions on
the message and set flags as found.
AA_init - This script loads the white/black to/from lists, and performs any necessary Dos-style or case insensitive
conversions as necessary.
BB_gas - This script runs the GEE Whiz Anti-Spam engine on the message, if the message is not larger than the
ignore size setting. The Anti-Spam engine runs the various SpamAssassin rules on the message, as well as applies
the textual classifier. The Anti-Spam engine itself runs various LUA scripts as part of its operation. These scripts
are located in /gas/scripts.
CC_filter - This script runs through any filters which have been created and sets a filter found flag. This script in
turn runs the scripts found in /scripts/process/filter/file
DD_antivirus - This script saves out any found attachments from the message and waits to see if they are
removed by an anti-virus program. This script runs the scripts located in /scripts/process/antivirus/
Post-Processing - The Post-processing scripts check the flags which have been set and decide on a course of
action to take with the message.
AA_init - This script sets up various utility functions to be used by scripts later on.
BB_stats - This script increments or decrements the various statistics based on what was found in the message
DD_quarantine-orig - Before any changes are made to the message, this script quarantines the original if the
options are set for it to do so. It does add a few special headers to the message before quarantining which reflect
the reason for the quarantine.
EE_antivirus - If any viruses were detected in the message, this script will perform the required actions based on
the option settings.
FF_filter - If any filters were matched on the message, this script performs the required actions according to the
option settings.
GG_gas - This script performs the various anti-spam related message alterations, such as adding the results file,
adding headers, and modifying the subject header.
HH_inter-redir - This script performs any interceptions or redirections as required.
ZZ_quarantine-mod - Now that the message has passed through all the altering scripts, the modified message is saved
out to the quarantine if required.
Copyright © Beginfinite 2005 - All rights reserved.
24
GEE Whiz 2
25
Trouble shooting
GWAVA support has speedy procedures to handle an abend (abnormal end) when a customer experiences
one. If an abend occurs, the administrator should contact support by e-mail at [email protected].
Append the following to your message along with a description of the event, and any screen shots you
believe may help our support team diagnose the problem.
ƒ
ƒ
ƒ
A copy of the server ABEND.LOG file
A copy of the server CONSOLE.LOG file
ƒ
The brand name and version of the anti-virus
software installed on the server
A copy of the server AUTOEXEC.NCF file
Upon receipt of the files and information, the support team will examine the files to determine if they
can resolve the cause of the abend, otherwise the GWAVA support team will forward the files to the
developers of GEE Whiz for their resolution.
Location of settings
If for some reason, an administrator needs to diagnose ports or
other fundamental configuration settings, consult the GOP files in
your GEE2 installation. Note that in the case of administrative
lock-out, the admin password for the web client is stored in
gee2web\config\general.gop
Because of the encryption, it must be changed from
ƒ
to
ƒ
[pass]
“value” = *
432324example
*
[pass]
“value” = “mypass”
For example, an administrator attempts to add so many threads that the ram requirements are exceeded,
the server will crash. Editing the number of threads stored in the GOP will be how one resets the thread
value to a workable number.
The software cannot see NetMail
NetMail has to be loaded completely before GEEWhiz 2 is launched. If this does not happen, Gee may fail
to 'see' the mail system. Moreover, if NetMail is taken down for any reason while Gee Whiz 2 is operating,
the software must be restarted so that it can again connect with the NetMail system. NetMail should try
to reconnect to GEE Whiz on loading as GEE Whiz saves its queue handlers.
Copyright © Beginfinite 2005 - All rights reserved.
25
GEE Whiz 2
26
About Apply Lists
An “Apply List” is a list in GEE Whiz that is used to define exceptions or inclusions to the normal
functioning of GEE Whiz.
Note that putting a wildcard of your own domain in the General Apply List and choosing the “Disable”
feature will cripple GEE Whiz against your entire e-mail domain. For example, if your domain is
mydomain.com, do not put *@mydomain.com in the General Apply List and choose the “Disable for only
those addressees in the list”. This will prevent GEE Whiz from processing e-mail addressed to your e-mail
domain.
By default “Apply Lists” are disabled and normally do not need to be used unless there is demand for a
specific exception. There are four “Apply Lists”
ƒ
ƒ
Top level list is for all features of GEE
Whiz
Filtering
ƒ
ƒ
Spam-Control
Antivirus
Four Apply lists
The Apply lists
controls appear
four times in the
GEE Whiz2
interface: Apply
lists can be
configured
separately for
Anti-virus,
Filters, GAS and
General. This can
cause some
confusion in the
minds of some
users.
For example, the
Anti-Spam Apply
Lists checkbox
activates this
feature. The DOS
Style Apply Lists
checkbox will, if
enabled, convert
apply list entries
from DOS style syntax to PERL style regular expressions before processing.
There are three other apply lists configuration options here: Inclusive, Recipient and Sender. If Inclusive
is enabled, GEE Whiz will run filtration scans only on users listed in the apply list. If not, GEE Whiz will
run spam filters on all users except those on the apply list.
More simply, ‘all of these’ versus ‘everything but these’.
Recipient and sender are less problematic: these fields are line-by-line regular expression lists of users
against which to processing for sending or receiving.
Copyright © Beginfinite 2005 - All rights reserved.
26
GEE Whiz 2
27
Mail processing
Apply List examine the SMTP envelope only, ignoring the informational TO, FROM, CC, etc, which can be
spoofed. (The envelope information is the SMTP session; it tells you where the message is really going
whereas the headers can be anything a spammer wants them to be).
The hierarchy of apply lists
If there is a conflict between the general apply list and a apply list for a specific feature, the general
apply list takes precedence over the apply list for the specific feature.
Copyright © Beginfinite 2005 - All rights reserved.
27
GEE Whiz 2
28
Options
Web client options
The options screens of the GEE Whiz web administration console has two major sub sections. The Web
client Options and the GEE Whiz server options. Below are the General Web Client Options. The Advanced
Options checkbox must be enabled for all of the configuration options to be visible.
Parameter
Comment
Web Client User Name and
Password
These fields set the user name and password for GEE Whiz administrators
of this web client.
Statistics Save Path
This field determines where statistics are saved.
Logs save path
This field determines where logs are saved.
Private License Certificate
This field is for setting the path to your private license certificates file.
Public Licence Certificate
This field is for setting the path to your public license certificates file.
Gid Server License
Certificate
This field is for setting the path to your Gid server license certificate
certificates file.
Enable Interface
Enabling this checkbox activates the Console interface, depending upon an
administrator’s preference.
Thread Stack Size
This field sets the size of stacks for each thread. Its default value is
10485760.
Revision Number
The installed edition of GEEWhiz 2.
Copyright © Beginfinite 2005 - All rights reserved.
28
GEE Whiz 2
29
Show Advanced Options
Enabling this checkbox allows Gee Whiz 2 administrators to view additional
features and settings.
Installation Directory
This field is used to change the installation directory.
Enable Advanced Option
Editing
Enabling this checkbox allows Gee Whiz 2 administrators to edit additional
features and settings.
Copyright © Beginfinite 2005 - All rights reserved.
29
GEE Whiz 2
30
GidClient
Two options are available for configuring the GID client: the GEE Whiz Daemon IP field configures which IP
GEE Whiz runs on. The GEE Whiz Daemon Port entry field determines which port to which the daemon
listens.
Mime
Clicking the Mime tab in the GEE Whiz web configuration console allows administrators to set the mime
headers. Generally, Mime information will not have to be changed. Entries cannot be added or subtracted
from this screen; administrators can set the mime options for html, jpg, gt, jpe, html, lua, gif, jpeg and
png files. Note that you must enable the Advanced Options checkbox to see all of these options.
Copyright © Beginfinite 2005 - All rights reserved.
30
GEE Whiz 2
31
Sauce configuration
The Sauce (GEE Whiz’s auto update client) screen
contains configuration options for GEE Whiz. To see all of
the options, click the Advanced Options checkbox.
The screen options here are used to configure or
reference the names and paths to the Licence Public
Certificate, extension used for temporary files, whether
to use the network for updates, the update directory,
the licence private key, the back-up directory, the
extract directory, the manifest file name and revision
number.
The mani.mf file exists only during the updating process.
After a successful update, the file disappears. Note that
editing the file name may cause problems with the
update process. Do not change this name without the
direction of GEE Whiz technical support.
The gadHost data entry field is used to determine the
location from which GEEWhiz updates are taken.
Note that there is also a Sauce screen for the Gee Whiz Server screen. It contains the same options except
that it is used to configure the server.
Web Options
This settings screen is used to control options of the GEE
Whiz web client. These will allow you to customize how GEE
Whiz’s web interface behaves. To see all of the options,
enable the Advanced Options checkbox.
Options listed here include the Listener Port and IP, trusted
hosts, web root path, default error page, the default web
index files, the maximum session time, worker thread pool
size and the path to the Lua Init script.
Copyright © Beginfinite 2005 - All rights reserved.
31
GEE Whiz 2
32
Server Options
GEE Whiz’s Server options are configured here.
Anti-Virus Configuration
Settings for anti-virus options, filters, GEE Whiz’s anti-spam (GAS), GroupWise, Idaemon, NetMail, sauce
and signature options are configured from this point. The default is the anti-virus screen. Note that the
Advanced Options checkbox must be enabled to see all of these options.
Note – In earlier versions of Gee Whiz, GEE Whiz2 employed a ‘user' to open and close a file to force the
AV to check it. GEE2.0.1 uses a new method on Netware that negates the need for a user account.
Lists
The Anti-virus Apply Lists enabled checkbox allows the use of apply lists for anti-virus protection. The
DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL
style regular expressions before processing.
There are three other apply lists configuration options here: Inclusive, Recipient and Sender. If Inclusive
is enabled, GEE Whiz will run AV scans only on users listed in the apply list. If not, GEE Whiz will run AV
scans on all users except those on the apply list. Recipient and sender are less problematic: these fields
are line-by-line regular expression lists of users against which to processing for sending or receiving.
More simply, ‘all of these’ versus ‘everything but these’.
Copyright © Beginfinite 2005 - All rights reserved.
32
GEE Whiz 2
33
Additional AV configuration options
If you are going to use GEE Whiz as part of your anti-virus strategy, anti-virus software must be installed
and active on the NetWare server before installing GEE Whiz. Most NLM-based anti-virus software will
work with GEE Whiz. Popular choices include:
ƒ
ƒ
ƒ
ƒ
ƒ
Kaspersky Anti-Virus for NetWare –
www.kaspersky.com
ƒ
Sophos Anti-Virus for NetWare –
www.sophso.com
eTrust Anti-Virus for NetWare –
www.etrust.com
Server Protect for NetWare –
www.trendmicro.com
ƒ
ƒ
Symantec Anti-Virus for NetWare –
www.symantec.com
Panda Anti-Virus for NetWare –
www.pandasoftware.com
McAfee NetShield for NetWare –
www.mcafee.com
Norman FireBreak for NetWare –
www.norman.com
Regardless of the Vendor, your choice of anti-virus software must be able to permit real time scanning of
the file system, it must support the ability to exclude directories or volumes, and it must support the
ability to purge, delete, quarantine or move infected files.
To permit GEE Whiz to protect your system against virus threats in conjunction with your third party AV
scanner, click the Enable GEE Whiz Anti-Virus checkbox otherwise the anti-virus protection is disabled.
The Enable Generic Anti-Virus Scanning checkbox must also be enabled unless Clam AV is being used.
Antivirus checking in GEE Whiz is a scan-match-action process in which the software scans attachments of
each e-mail using the native third party anti-virus scanning software. When enabled, GEE Whiz places a
copy of each attachment in the correct “work” directory for examination. Once per hour (as defined by
avcheck.lua), GEE Whiz will examine the work directory to see if the file is still there. If the file is not
there, the e-mail is considered to be infected.
The default work directory is GEE2\WORK.
Test your anti-virus settings
Once an hour, GEE copies the Eicar test virus file to the work directories to test whether the anti-virus
scanner is working. This process is accomplished via the avcheck.lua file. Use this option to periodically
check that the anti-virus scanner is still functioning. If the anti-virus scanner is found to be off, GEE Whiz
will continue to relay messages but will not scan them, and will continue to check and will resume
scanning when the anti-virus scanner is functional again.
Other configuration options for anti-virus settings are:
Parameter
Comment
Enable Anti-Virus
Enabling this checkbox enables GEE Whiz’s
Quarantine infected
messages
This checkbox will hold infected messages in GEE Whiz2’s quarantine directory.
Scanner wait time
This value controls the amount of time that GEE waits for the virus scanner to
move the attachment if it is infected. This may need to be increased from the
default of 10 seconds for those times when the GEE Whiz server is really busy.
Delete infected
message
Enabling this will delete messages upon the discovery of an infection.
Copyright © Beginfinite 2005 - All rights reserved.
33
GEE Whiz 2
34
Strip Infected
Attachments from
Messages
Enabling this will remove infected attachments messages upon the discovery of
an infection in those attachments.
Replace Infected
Attachments
Enabling this will replace infected attachments messages upon the discovery of
an infection in those attachments. The replacement file can be selected below.
Infected Attachment
Replacement path and
Name
This data entry field controls the name of the replacement attachment that
appended to files in the event of an infection. The file path is also provided for
reference.
Infected Attachment
Replacement File
This data entry field selects the replacement attachment appended to files in
the event of an infection.
Edit – Clicking Edit presents an editing window for changing the .txt message
used as a caution when an infection is discovered.
Un-Zip Zips
Enabling this check box will allow Gee Whiz 2 to unzip files for virus scanning.
The recursion level can also be set with the Un-Zip Depth box.
Antivirus Check
This checkbox runs a script every hour to determine whether the antivirus
software is responsive. If it is not, an alert will be generated.
Temporary Work Path
This field reports the work AV work directory.
Scripts Path
This field is used to locate the processing script used by GEE Whiz2’s anti-virus
features.
Clam AV settings
Clam AV scanning is enabled here. Ticking this checkbox will make Gee Whiz
attempt to connect with a CLAM AV scanner. Note that the Daemon Port and IP
needed for this feature must also be configured here.
Lastly, the Enable Generic Antivirus scanning copies the file to a temporary work
path. After a pause, if the file is still present, Gee Whiz 2 assumes that the file
has been found uninfected by resident antivirus products. Generic scanning can
be used in conjunction with ClamAV.
Copyright © Beginfinite 2005 - All rights reserved.
34
GEE Whiz 2
35
Filters
The Filters configuration screen has several
sections. The most important configuration
options are presented first.
The Filtering Apply Lists checkbox activates this feature. The DOS Style Apply Lists checkbox will, if
enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before
processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender.
The Enable Message filters checkbox enables filtering of messages based upon their content. Below this is
a field for the Message Filter Scripts Path, which is the location of the script for GEE Whiz’s message
filters.
Two other checkboxes in this section are Quarantine Filtered Messages and Disable Filtering on
Outgoing Messages. Enabling these checkboxes
will hold filtered messages for examination by
administrators or let all outbound mail pass
through without examination by GEE Whiz.
ƒ
Quarantine will not involve deletion unless that option is chosen specifically.
File Attachment
Filtering
Click the Enable
File Attachment
Filtering checkbox
to permit GEE
Whiz to filter
attachments. Note
that this feature
can function
independently
from message
filtering. Below
that is a checkbox
for the enabling of
File Name
Filtering. This
processes
attachments on the basis of their names as compiled in the File Name
Filter List field. Each entry is a regular expression.
The File Size Filtering checkbox allows GEE Whiz to filter files using their sizes. This helps prevent
oversized messages from consuming resources. The entry field below controls the size. The default is
1000k.
Copyright © Beginfinite 2005 - All rights reserved.
35
GEE Whiz 2
36
File Type Filtering
Often called Fingerprinting, this feature allows GEE Whiz administrators to delete
files, which are non-business related, or to control the flow of certain types of
attachments through their e-mail systems.
To activate this feature, click the File Type Filtering checkbox and then the file
types available: Executable, Music, Compressed, WindowsFile, Document,
Image, Movie and Password Protected Zip File.
Additional File Filtering Options
Several other configuration options for
handling and processing files by GEE Whiz are
also available. The Remove Filtered
Attachments checkbox will strip attachments,
which trigger filters from their associated
messages while the Delete Entire Message
option deletes prevents delivery of both the
message, and the attachment.
The Replace Filtered Attachments,
Attachment Replacement Name and
Attachment Replacement File contain
associated entry fields for the replacement of
those file components. The File Filter Scripts
Path points to the location of the scripts that
GEE Whiz references for its processing of
filtered files.
GEE Whiz also allows administrators to
configure the addresses affected by Incoming
and Outgoing message Interception and
Redirection. These can be added to and
customized individually by their associated
data entry fields. Note that DOS-style editing is
permitted and can be activated individually.
Remember!
After you make changes on a filtration option, remember to click Submit button or your
changes will not be applied GEE Whiz.
Copyright © Beginfinite 2005 - All rights reserved.
36
GEE Whiz 2
37
GroupWise Anti-Spam (GAS)
The GEE Whiz Anti-Spam settings allows administrators fine control over their spam settings.
The Anti-Spam Apply Lists checkbox activates this feature. The DOS Style Apply Lists checkbox will, if
enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before
processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender.
Anti-Spam
To activate the GEE Whiz Antispam protection feature, enable the
checkbox.
Quarantine Messages Found As
Spam
Enabling this feature quarantines all
e-mail with a GAS value that is
equal to or greater than the value in
the spam identification threshold.
This feature will disable the
“Redirect” and “Auto-Delete” if all
three features are enabled. You can
indicate the number of days to hold
e-mail in the quarantine; the
default value is 30 days.
Enable spam identification places a
text string at the subject line so users can identify spam in their inboxes quickly. This text can be edited
in the data entry field provided. When mail is identified as spam is controlled by means of the Spam
identification threshold entry field. The default value is four. The Enable Non-Spam Identification
allows GeeWhiz2 to mark messages as non-spam by changing the message subject by means of the
accompanying identification string.
Other options include Insert GEE Whiz anti- spam headers into messages and only add anti-spam
headers on messages found as spam. These insert headers into all mail processed by GEE Whiz or only
those identified as spam based upon your settings respectively.
Enabling the Add anti-spam results file to messages checkbox will include the results of GEE Whiz
processing in delivered messages. Activating the Only add anti-spam results on messages found as spam
adds the result only to messages which trigger spam filtration. This can be useful when tweaking and
diagnosing spam settings.
Redirection
GEE Whiz allows administrators to customize how mail is redirected. To activate this feature, click the
Enable spam redirection checkbox. You now have the option of setting the Spam redirection threshold
and the Spam redirection address.
If you enable this feature, e-mail with a GAS score that is equal or higher than the “Redirect Threshold”
will be delivered to the e-mail account specified in the “Address To Redirect To”. The default value for
the “Redirect Threshold” is 10.0.
ƒ
ƒ
GroupWise Warning - Do NOT enable the Redirect feature and forget to specify a valid e-mail account to which to
redirect spam e-mail. If you start GEE Whiz without the “Address To Redirect To” field empty, your GroupWise
server will abend.
Do not set the number of “Days” as a high value, or as a blank value as e-mail will accumulate and eventually you
will encounter a space usage problem on the volume.
Copyright © Beginfinite 2005 - All rights reserved.
37
GEE Whiz 2
38
Message Ignore Threshold - This sets the maximum size of the message file that GEE Whiz will perform
anti-spam checking on. The value is set in kb (1024 bytes), with a minimum score of 0 and a maximum
score or 1000. The default score is 100.
ƒ
Be careful setting this score, as the file size increases the time to perform anti-spam checking also increases.
Automatically deleting spam
The Enable spam auto-delete checkbox permits GEE Whiz to remove spam immediately once it has been
identified. The threshold for doing this is set with the data entry field below this checkbox. The
advantage of this feature is that messages that are obviously junk mail are deleted so that they do not
consume system resources.
Two additional options are presented on this screen. The Message ignore size threshold allows
administrators to set GEE Whiz to not process spam above a certain specified size. Spammers generally
keep their mails quite short in order to send out millions of messages daily. Larger messages tend not to
be spam. Finally, the GAS scripts path determines where GEE Whiz keeps its GAS scripts file for
processing spam.
Textual Classification
These customizations allow for
precise control over how GAS
functions when processing
mail. Enable textual classifier
to have access to these
settings. Currently, GAS
supports two types of Score
Method. Select either
Geometric or Arithmetic from
the drop down menu provided.
These control how a mean is
established.
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
The Token
pipeline stages
sets the number
of processing
pipelines the
classifier uses to
create tokens. A
setting of one
will function as
a Bayesian
classifier. Any
increases to the
token database
will be
exponential;
hence there the limit is five.
The Cut-off tweak value field will add itself to the calculated value that the textual classifier resolves for a
message. The usefulness of this feature is to help compare classifier numbers with Spam Assassin’s Bayesian
scores.
The Default score sets the value of tokens that the classifier has not yet seen.
Scale factor is a weighing or weighting factor. The larger the value, the more weight given to the default score in
instances where there are low token counts.
The Required tokens field determines how often a token must appear before it is considered in calculations.
The Ham corpus path indicates the path to the messages that are not ham for use by the textual classifier are
kept. The Ham corpus work path controls the temporary work path for creating tokens. Finally, the Ham corpus
work level controls the number of subdirectories generated. All three corresponding Spam corpus path, Spam
corpus work path and Spam corpus work level function the same way.
The Token data file path is where the data file resides which is used to score incoming messages. The Learning
Cache Size data entry field limits the size of caches. The Minimum Tokens (Scoring) data entry field sets the
minimum number of number of tokens that must be generated by a message before its classifications are treated
as valid.
Copyright © Beginfinite 2005 - All rights reserved.
38
GEE Whiz 2
39
Network Tests
Click the Enable network tests checkbox to permit network (mostly DNS) testing to function. Note that
disabling this checkbox disables all network testing,
including the Enable RBL tests function below.
The Maximum IPs to check RBLs against in a message sets
the maximum number of IP addresses that will be
referenced against a RBL. The Maximum URI DNSBL checks
per message similarly limits the number of SuRBL checks performed against messages.
White Lists
The GAS configuration screen also permits administrators to set white listing and blacklisting functions
including:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Blacklist 'From' path
Whitelist ‘From’ path
Whitelist 'To’ path
Blacklist 'To' path
More Spam ‘To’ Path: Users in this list
have the score of the rule titled
USER_IN_MORE_TO_SPAM rule subtracted
from messages sent to them. This also
affects anyone else to whom the message
was sent.
More Spam ‘All’ Path: Users in this list
have the score of the rule titled
USER_IN_MORE_TO_ALL rule subtracted
from messages sent to them. This also
affects anyone else to whom the message
was sent.
DOS-style list entries: Selecting this
option will permit list entries to be
processed in DOS style
Check list matches in envelope: Enabling this permits GEE Whiz to check the entire message envelope for
blacklist and white list matches
Case insensitive list entries: Enabling this turns off case sensitivity when processing lists
Languages and Locales
The GAS options configuration screen permits
administrators to customize both Acceptable
Incoming Message Languages and Acceptable
Incoming Message Locales.
This can be useful in eliminating foreign language
spam or spam originating from offshore. The
defaults are to accept all languages and all
locales. By default, English-only rules are loaded.
If you select to add another rule, those rules will
take precedence over the English rules if there is
a conflict. Adding additional language rules will
increase the time to perform anti-spam checking.
Copyright © Beginfinite 2005 - All rights reserved.
39
GEE Whiz 2
40
Trusted Networks
Entering an IP into the Trusted Network data entry field tells Gee Whiz 2 to treat that any IPs or Hosted
Networks listed will not be treated as spammers, open relays or open proxies. No DNS blacklist checks will
be made against the listed IPs or hosted networks. Infer
Network Trust based on Helo MX should only be used if no
trusted networks have been entered. A network is
considered trustworthy if its IP address is close to the MX
used for the hostname. Note that this slows Gee Whiz 2’s
processing considerably. It is strongly recommended that a
traditional list of IPs and Hosted networks be used.
Finally, the DOS Style Apply Lists checkbox will, if
enabled, convert apply list entries from DOS style syntax
to PERL style regular expressions before processing.
Enable Remote Rulesets
Enable this checkbox to download the list of specified remote rules automatically.
The Remote
Rulesets Path and
entry field reports
where remote rules
will be stored. The
next entry field
box, Remote
Rulesets, contains
the list of URLs
from which
rulesets will be updated.
Rules Path
Grouped at the bottom of the GAS configuration screen are the paths and settings for Rules. The Rules
Path entry field determines where the software references GAS rules. Typically this is in /gas/rules/.
The Rules Score Set drop down menu has five
options: 1, 2, 3, 4 and Automatic, the
default.
ƒ
ƒ
ƒ
ƒ
ƒ
1 – No Network and No Bayesian
2- Network but no Bayesian
3 – Bayesian but no Network
4 – Network and Bayesian
Automatic – Configure the score set
based on both Network and Bayesian
settings.
Additionally there is an entry field for setting a Custom Rules Path and a Rule Language Modifier for
making use of language specific modifications.
Copyright © Beginfinite 2005 - All rights reserved.
40
GEE Whiz 2
41
General
The General Server settings allows administrators fine control
over basic GEE Whiz operations.
The General Apply Lists checkbox activates this feature. The
DOS Style Apply Lists checkbox will, if enabled, convert apply
list entries from DOS style syntax to PERL style regular
expressions before processing. There are three other apply lists
configuration options here: Inclusive, Recipient and Sender.
Interface
The General configuration screen has an Enable Interface
checkbox. Clicking it so that there is a checkbox activates the
console interface.
Logging
There are several configuration options available for
controlling how GEE Whiz’s logging is accomplished.
Console Log Level and Log File Log Level. Both are controlled
by drop down menus. These have three settings: Normal,
Verbose and Debug. The default is Normal. There are several
other Debug Output options that may be enabled:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
URI – URIs parsed from the scanned message
Received Header Parses – Relays found during header
processing.
LUA Globals – Threats found in LUA scripts
Remote Rulesets –Remote ruleset script operations
RBLs – RBL and SuRBL results
DNS – DNS resolver output
GAS – Anti-spam module output
The Log file save path determines the directory where logs are
stored. The Purge log files check box will, if enabled, permit
GEE Whiz to delete logs automatically when the value in the
next field -Log file purge age (days) – is reached. The default
is 30 days.
ƒ
Delete on Quarantine is also a feature located here. Enabling
this checkbox will delete material which is held back after
triggering filters. These messages and attachments will NOT be
sent to the user.
DNS
The DNS Root Server Hosts Path field identifies the location of
the DNS Root server host description file. The DNS Cache Max
Entries limits the number of entries in the DNS cache while the
DNS Cache Wait Time determines the time to wait before
these entries expire.
Copyright © Beginfinite 2005 - All rights reserved.
41
GEE Whiz 2
42
Scheduled Events
Periodic events are controlled through crontab style entries in a data field, followed by a notice of which
script to employ. For example: * 3 * * * quarcleanup.lua
Paths
This portion of the General screen allows GEE Whiz 2 administrators to set:
ƒ
ƒ
ƒ
ƒ
General Gee Whiz scripts path
The statistics save path
Private license key path
Public certificate path
AV NDS User
The AV NDS User Name and AV NDS User Password are used to ‘touch’ files in order to trigger anti-virus
scanning operations.
Bypass Enabled
Enabling this checkbox permits mail and attachments flow to bypass GEE Whiz processing. Bypass lists can
be set for GAS, filters and anti-virus.
General configuration options
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
General Thread Stack size in bytes determines the stack sizes
DNS server operations
Installation Directory
Full text ignore size
Revision Number
Cache Cleanup interval in seconds
Revision number
Copyright © Beginfinite 2005 - All rights reserved.
42
GEE Whiz 2
43
GroupWise options
GEE Whiz also has a configuration screen for managing its interactions with GroupWise.
The Enable GroupWise Handler checkbox must be clicked in order for it to function with Novell’s
GroupWise. Below that are data entry fields for several interactions with GroupWise.
The Worker Thread Pool Size has a default of 5. This value can be increased to raise performance;
however, each worker thread takes 10 megabytes of memory. Raising the value too high will exceed the
amount of ram in your server and cause it to crash. The Directory Poll Wait Time – The time in
milliseconds for polling resources. The default value is 1000 milliseconds.
The GroupWise RFC822 Message save path and the Work Path for GroupWise Messages fields are used
to inform GEE Whiz of the location of where GroupWise saves internet mail messages that are being
processed.
Messages sent from GroupWise to the Internet must be converted from GroupWise format to MIME or RFC822 format. By default, the Internet Agent converts messages to MIME format. If the GroupWise users on
your network need to send messages in both MIME format and RFC-822 format, you may want to create
separate directories for these. Additionally, the Save Path for Unparseable Messages can be set from this
screen.
This screen is also used to set quarantine options. The Quarantine Directory entry field is set from this
location. How GEE Whiz 2 uses this directory is customized by the two options beneath it: the Purge
Quarantine Directory checkbox and Quarantine Message Purge Age field. Enabling the checkbox will
delete contents of the GEE2 quarantine directory when the age of those files exceeds the age in days, as
set by the age field.
Additionally, there are data entry fields for directing GEE Whiz to other paths:
ƒ
ƒ
ƒ
ƒ
GWIA receive Path
GWIA send Path
ƒ
ƒ
GWIA third/receive Path
GWIA third/send Path
GWIA result Path
GWIA third/result Path
Copyright © Beginfinite 2005 - All rights reserved.
43
GEE Whiz 2
44
Interface Daemon
The Interface Daemon, or Idaemon can be configured from GEE Whiz’s web administration screens.
The Listener IP for the Interface
Daemon can be set from this screen.
The Listener IP permits connections
to the daemon. A setting of all, the
default, will permit connections from
any IP. The Listener Port over which
the interface connections will occur
is set here.
Trusted Connections is a list of IPs
allowed to connect to the Interface
Daemon. Again, a setting of all will
permit any connection. Trusted
hosts is a list of IPs which will
automatically be authenticated.
Remember to configure the trusted
connections to ensure that proxy
connections function.
The Worker Pool Thread Size for use by the daemon is settable. Note that adding many threads might
seem the best way to boost performance, GEE Whiz is in fact more CPU than ram dependent. Moreover,
each thread increases GEE Whiz’s memory requirements.
Remember!
After you make changes on a filtration option, remember to click Submit button or your
changes will not be applied GEE Whiz.
Copyright © Beginfinite 2005 - All rights reserved.
44
GEE Whiz 2
45
NetMail
GEE Whiz has a screen for the
configuration of NetMail-related
settings.
The Enable GEE Whiz for
NetMail checkbox must be
checked for GEE Whiz to interact
with each NetMail. Below that is
a field for the Worker Pool
Thread Size. This sets the
number of worker threads,
which are available to use for
NetMail.
The NetMail done path field sets
the temporary storage directory
where messages are held before
being reintroduced to the queue
while the Save Path field notes
the temporary directory where
translated RFC822 files are
stored.
The Trusted Hosts field lists IPs
permitted to connect to the GEE
Whiz NMAP listener, also known
as the NetMail IP server. The
default setting is All. Remember
to configure the trusted
connections to ensure that mail
flows.
Quarantine
Three configuration settings for quarantine functions are on this configuration screen. The Quarantine
Directory chooses the path where quarantined NetMail messages are stored. Enabling the Purge
Quarantine Directory checkbox permits GEE Whiz to delete old messages and files from its quarantine
directory for NetMail. The Quarantine Message Purge Age (Days) value determines the number of days
before which files are removed.
Nmap Configuration
The NetMail configuration options screen also includes five entry fields for Nmap IP settings.
ƒ
ƒ
ƒ
ƒ
The NetMail NMAP IP is the number for the Nmap NetMail server. This is a vital setting in the installation process.
The NMAP Port setting determines which port the Nmap server is running on.
The NMAP Listener IP determines which IP GEE Whiz will listen for Nmap on while the NMAP Listener Port will
be the port for this operation.
GEE Whiz NMAP Identifier is the extension GEE Whiz will add to the NetMail envelope to identify already
processed messages.
Redirect Spam to Mailbox
Enabling the Redirect Spam to Mailbox allows for collection of spam in one location. The Redirection
Work-around Password is employed to determine whether mail has been modified by an alias agent. If a
message was not going to a mail box and it has the password in it, it will be redirected. Set the name of
the spam catching mailbox in the data field provided here: Redirection Mailbox Name.
Copyright © Beginfinite 2005 - All rights reserved.
45
GEE Whiz 2
46
Sauce Server configuration
The Sauce (GEE Whiz’s auto
update client) screen contains
configuration options for GEE
Whiz. To see all of the options,
click the Advanced Options
checkbox.
The screen options here are used
to configure or reference the
names and paths to the Licence
Public Certificate, extension
used for temporary files,
whether to use the network for
updates, the update directory,
overwrite locally modified files,
the licence private key, the
back-up directory, the extract directory, the manifest file name and revision number.
The mani.mf file exists only during the updating process. After a successful update, the file disappears.
Note that there is also a Sauce screen for the Gee Whiz Web screen. It contains exactly the same options
except that it is used to configure the web administrator rather than the server.
Remember!
After you make changes on a filtration option, remember to click Submit button or your
changes will not be applied GEE Whiz.
Copyright © Beginfinite 2005 - All rights reserved.
46
GEE Whiz 2
47
Signature
GEE Whiz offers administrators the
ability to add corporate disclaimers be
added to the top or bottom of each email.
“Signature / Disclaimer Options”
provide that capability. Administrators
may add disclaimers to the top and/or
bottom of each message. You can also
select to add disclaimers to outgoing email only. There are various options
that deal with text only and html
formatted e-mail and you have the
ability to add images to html-formatted
disclaimers. Refer to the online
contextual help in GEE Whiz for
specific instructions
The Signature Apply Lists checkbox
activates this feature. The DOS Style
Apply Lists checkbox will, if enabled,
convert apply list entries from DOS
style syntax to PERL style regular
expressions before processing. There
are three other apply lists
configuration options here: Inclusive,
Recipient and Sender.
Copyright © Beginfinite 2005 - All rights reserved.
47
GEE Whiz 2
48
SMTP
GEE Whiz allows administrators to configure SMTP
settings.
The SMTP proxy server based filter sitting between
the internet and the mail server. Incoming mail is
accepted from the internet, checked by GEE Whiz
for either viruses or spam, and then delivered to
the SMTP mail server. As far as the outside world
is considered, the proxy is for all intents and
purposes the proxy is your mail system. As far as
your mail system knows, the proxy is the outside
world.
Begin by clicking the Enable GEE Whiz SMTP
Proxy checkbox. Beneath that are several
directories that can be configured.
ƒ
ƒ
ƒ
The Worker Thread Pool Size and Outgoing Thread Pool
Size determine the number of threads used to process
inbound or outbound mail. These can be increased to boost
performance but each additional thread demands
additional RAM.
The Save Path and SMTP Done path have defaults of
smtp/save/ and smtp/done/.
Mail that is bounced for what ever reason—no such user or
another error—can have an accompanying message. This
text is stored in the SMTP Bounce Path. To change the
default text associated with this action, click the Edit
button.
Quarantine
Three configuration settings for quarantine functions are on this configuration screen. The Quarantine
Directory chooses the path where quarantined SMTP messages are stored. Enabling the Purge Quarantine
Directory checkbox permits GEE Whiz to delete old messages and files from its quarantine directory for
STMP mail. The Quarantine Message Purge Age (Days) value determines the number of days before which
files are removed.
To set the SMTP Host Name, use the provided data entry field.
ƒ
Testing your installation – Administrators should be able to telnet to the port 25 and get the GEE Whiz banner rather
than the GWIA banner.
Suppress banner prevents the broadcasting of a lot of information about your mail server. While not an
immediate risk, GWAVA advises that this information be suppressed. SMTP Listener IP controls the
address to which GEE Whiz 2 will bind. All is the default but administrators may want to bind to only the
public IP instead. The setting of All will work generally, but for some complex mail systems this setting
may need to be altered.
SMTP Listener Port is set to the standard of Port 25. Do not change this: it must be port 25 to be publicly
viewable service. For testing and diagnosis, it may occasionally be useful to change this value to another
port, but it must be changed back to Port 25 as all mail systems default to port 25. Trusted relay hosts If the sender’s IP is listed here, then the message is accepted without further authentication, otherwise,
the message is rejected. While this is generally used for inbound mail; however it may be that an IP for
outbound mail may be listed here. For example, a program generating reports that are mailed
automatically to remote locations may need to be listed here.
ƒ
What if your message system is running GEE Whiz and GWIA on the same server? Only one server can listen to an IP
address a particular port. To get outgoing mail flowing l through GEE Whiz with GroupWise edit gwia.cfg. Find the lines
with switch /mh. Add the IP address of the GEE Whiz server and restart the GEE Whiz server. This will relay all mail
through Gee Whiz.
Copyright © Beginfinite 2005 - All rights reserved.
48
GEE Whiz 2
49
The Internal SMTP Servers/Domains has two fields. The first field is used to list the IP of an internal
server. The second larger field beneath it is details what domains are serviced. The SMTP Server Lists are
DOS-Style checkbox will, if enabled, convert apply SMTP list entries to DOS style syntax. Outgoing
Thread Stack Size limits the stack size memory allocation. This value is expressed in bytes. The SMTP
Bad path is the directory where failed mail transfers are kept. The default is smtp/bad.
Copyright © Beginfinite 2005 - All rights reserved.
49
GEE Whiz 2
50
Statistics
GEE Whiz’s statistical reporting is collected
into the statistics screen. These can be
enabled separately, as can the more granular
options within them.
General Statistics
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Message Statistics
Message Numbers
Message Attachments statistics
Message Virus Statistics
Message Filtered Statistics
Message Spam Statistics
Detail
ƒ
ƒ
ƒ
ƒ
Antivirus Detail
Viruses Received Statistics
Viruses Sent Statistics
Viruses Name Statistics
Filter Detail Statistics
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Message Filter Statistics
Attachment Size Filter Statistics
Attachment File Name Filter
Statistics
Attachment File Type Filter
Statistics
Redirection Filter Statistics
Interception Filter Statistics
Spam Detail Statistics
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Identified Spam Statistics
Redirected Spam Statistics
Auto-deleted Spam Statistics
User Based Spam Statistics
Score Based Spam Statistics
Rules Based Spam Statistics
Bayes Classifier Based Spam Statistics
RBL Rules Based Spam Statistics
Lists Based Spam Statistics
Copyright © Beginfinite 2005 - All rights reserved.
50
GEE Whiz 2
51
Logs
GEE Whiz’s gives administrators access to all stored client logs and server logs. Click on the Logs tab in
menu. The available logs are presented by date in this format: Year/Month/Date. Clicking any of the date
files presents the selected log file.
Ipauth
Additional Client and Server statistics are available from the Statistics menu in the Gee2 Web
administrative console. Client and Server Statistics are available for IP authorizations—called IPauths. To
re-zero the collected statistics, click Reset Stats.
Copyright © Beginfinite 2005 - All rights reserved.
51
GEE Whiz 2
52
Spam Control
GEE Whiz’s Spam control configuration
screens allow for granular customization
of its spam protection behaviors. The
Spam Control section of the GEE Whiz
configuration program has five major sub
sections.
ƒ
ƒ
ƒ
ƒ
ƒ
Classifier
RBLs
RuleSet
SPF
SuRBLs
Many of these are only one screen deep.
The section with the most number of sub
screens is Ruleset. The RuleSet screen
contains all the filtration rules installed
on your GEE Whiz environment (as
opposed to externally sourced items like
RBL lists, for example).
These pages present the paths to both the ham and spam corpus as well as the classifier’s readiness
status. For sorting convenience, three screens will be highlighted. All, Search and Add.
All lists every rule in the system. To find a specific rule, either go to the sorting sections in between
(Body, Header, Rawbody, Meta or Uri depending upon the data for which you are seeking) or click
Search. All the sorting screens, including All, list the rules by Name, Description, Score and Type. Rules
can also be edited. The Edit a Rule screen has the same functionality as the Add a Rule Screen.
ƒ
Administrators can search for a specific rule by Name, Description or Rule Type (All, Body, Header, RawBody,
Meta or Uri).
Anti-spam checking in GEE Whiz is a condition-match-score-action process in which our software checks
each e-mail against all of the defined rule sets, which includes Spam Assassin rules, Bayesian Classifier
rules, and Realtime Blackhole List (RBL) rules. If there is a match, then the pre-defined score is assigned
to the e-mail. Once all of the rules have been processed and scores have been assigned to the e-mail, the
total aggregate score is determined and a pre-defined action is taken, otherwise GEE Whiz passes the email on to anti-virus software for further processing.
Both Header and Content Filters lists can be modified to assign a GAS score to the e-mail instead of
applying the configured filter actions used for other filters. In effect, this feature will forward e-mail that
match header or content filter rules on to Spam Control for further processing, instead of being placed in
the Filter quarantine.
SARE
The spam configuration screens have a built-in link to the Spam Assassin Rules Emporium. Clicking the
SARE button will open a new browser
window at this web site.
Copyright © Beginfinite 2005 - All rights reserved.
52
GEE Whiz 2
53
Adding/Editing a rule
Click the Add button to begin.
Give the rule a Name. Then, choose
the rule Type: Body is the default,
but administrators can also select
Body, Rawbody, Header, Uri or Meta.
Next, add a Description. Preferably,
a plain text description as to what
the rule does, permits or denies that
will be understood by colleagues at a
glance.
Four suggested score fields follow.
These scores can be adjusted later.
Lastly, include the rule string itself
and, if necessary, enable DOS style
for the rule string. Click Submit to conclude or Reload Ruleset as needed.
RBL
GEE Whiz makes use of the checking
RBLs to assign a GAS value to e-mail
if they are found on a listed RBL.
Select RBL in the navigator pane and
then choose to Enable RBL
Checking. You have the option to
assign the same default GAS score of
2.5 (adjustable) or to use the score
associated to the listed RBLs.
Administrators can also delete
existing RBLs, add new RBLs to the
list and modify GAS values for each
RBL in the list.
RBL spam filtration rules are
configurable also.
Existing RBL rules are shown at the
bottom of the RBL screen and are
identified by Name, Description,
Score and Type. These can be
edited, and new rules created in
largely the same way as discussed in
the Ruleset section of this manual.
To Add a RBL entry, use the form at the top of this screen. Enter the RBL Name, Type (select A or Type
from the drop down menu), the RBL Address, the RBL subtest (optional), and the Scores then submit or
reload.
A or Type?
Some RBLs use TXT resolves instead of Type A.A/TXT specifies if GEE Whiz will do
an 'A' rr lookup, or a 'TXT' rr lookup. Most of the time, this setting should be left on
Type A, which is the default.
Copyright © Beginfinite 2005 - All rights reserved.
53
GEE Whiz 2
54
SuRBL
The SuRBL configuration screen allows administrators to view the SuRBL rules as sorted by rule Name,
Description, Score and Type. Adding and editing SuRBL rules function as rule adding and editing
elsewhere in this section.
Copyright © Beginfinite 2005 - All rights reserved.
54
GEE Whiz 2
55
SPF
The SuRBL configuration screen allows administrators to view the SuRBL rules as sorted by Name,
Description, Score and Type. Adding and editing SuRBL rules function as rule adding and editing
elsewhere in this section.
Copyright © Beginfinite 2005 - All rights reserved.
55
GEE Whiz 2
56
Classifier
GEE Whiz includes a “Textual Classifier” which is an algorithm and a body of e-mail (known as a “corpus”)
that e-mail can be assessed against. It is 20 times more effective than the Bayesian classifier used in the
previous version of GEE Whiz.
Tokens?
The GEE Whiz 2 textual classifier builds tokens based upon individual words and word groups. (A maximum
of five words per group.) The default scores will work reliably throughout an evaluation. You can
implement a more aggressive e-mail corpus but that can also increase the number of false negatives and
false positives.
Ham and spam directories
Beyond hard drive space and RAM, there is no limit to the number of e-mails that may be kept as samples
in the spam and ham directories for the Textual Classifier; however, GEE Whiz 2.0 is as effective with 500
of each type of e-mail as GEE Whiz 1.x was with 10,000 SPAM and 2,500 ham. The GEEWhiz 2.x classifier
is more sensitive to quality than quantity.
Each time one presses Teach, the existing token set (contained in the tclass.dat file) is deleted and a new
token set is built. To maximize the accuracy of the textual classifier, build your own corpus of spam and
ham.
Spam is a numbers game. Spammers send out millions of e-mails about the most generic subjects. Building
a good corpus of spam and ham will involve selecting e-mails which are representative of your industry as
spam. You should select for your corpus e-mails that GEE Whiz falsely identified as spam, and update your
samples.
How?
You can export e-mail from the quarantine to obtain ham e-mail. You should place e-mail that GEE Whiz
failed to identify as spam (false-negatives) into the spam corpus folder. You can export e-mail from
GroupWise clients [similar to what was done with GEE Whiz 1.4.x). Your e-mail corpus should contain
original e-mail with no duplicates multiple e-mails that have very similar content). Once you have a
sufficient corpus of good and bad e-mail, click Teach button. We recommend performing this process
during quiet hours to reduce the impact to your users.
Copyright © Beginfinite 2005 - All rights reserved.
56
GEE Whiz 2
57
Filters
Filtering in GEE Whiz is a condition-match-action process in which GEE Whiz will check each e-mail
including attachments against all of the defined filters. If there is a match, then the pre-defined action is
taken, otherwise GEE Whiz passes the e-mail on to spam control for further processing.
The GEE Whiz filter creation screens for easy creation and management of custom filters. GEE Whiz ships
with no customized corporate filters, but these are easy to create. To begin, click the Filters button in
the menu and then Add. This presents the filter-editing window.
The first and most global characteristic to decide upon in your filter is whether the filter applies to the
Header, Content or Size. Use the drop down menu to make your choice and click Next.
The next step in constructing your filter is entering the search string itself. The determine whether the
filter applies to Text, Raw Text, URI Text or HTML and whether the string in question is to match or not
match that in the entry field below these drop down menus.
Click Next when ready. The filter is essentially complete. The next screen presented will summarize your
filter (in our example, plain text of the string “toner cartridge” in the body of an e-mail). You now have
the option of selecting Filter Complete, Clear this filter or Add a Filter Segment based on the message
filter, which essentially uses the current filter as the basis of an extended filter by the means of an
And/Or operation.
Otherwise, you will be asked to name this filter. Do so in the field provided and click Next when ready.
The filter will now appear in your list of active filters.
Copyright © Beginfinite 2005 - All rights reserved.
57
GEE Whiz 2
58
Using Regular Expressions
You can use regular expressions to define filter conditions for “File-Name” filters, “Header” filters and
“Content” filters. If you are not familiar with regular expressions, you can find useful information on the
Internet at:
ƒ
ƒ
ƒ
http://www.regular-expressions.info/tutorial.html
http://www.perldoc.com/perl5.8.4/pod/perlre.html
http://weitz.de/regex-coach/
Once you are familiar with regular expressions, or ‘regexs’, or if you are already familiar with them,
there are a few points to note in GEE Whiz’s particular implementation of them. Firstly, we wanted our
lists to be easy to use by persons familiar with DOS-like pattern matching such as “person?@domain.*”.
Therefore, we parse each list into the regular expression equivalent of the DOS-like pattern match. This
only affects three regular expression characters, Star (*), Dot (.), and Question Mark (?).
ƒ
ƒ
ƒ
Star (*) will be interpreted as Dot Star (.*). Therefore it will match any number of any characters.
Dot (.) will be interpreted as an Escaped Dot (\.). Therefore it will only match the character ‘.’.
Question Mark (?) will be interpreted as Dot Curly One Curly (.{1}). Therefore it will only match one of any
character.
The parsing of lists means that you will have to alter your regular expressions to reflect the parsing. For
example, if you want a completed regular expression that looks like “.*boy@place\.com” then you should
enter “*[email protected]”. Note that if you enter something like “.*boy@place\.com” that it will be
interpreted as “\..*boy@place\\.com”, which is probably not what is wanted.
ƒ
All other regular expression forms will not be parsed and taken at face value. (For example, {1,10}, +, ^,
ect.).
Using Recipient Filters
GEE Whiz provides two types of Recipient filters to allow the redirection of inbound e-mail. With
Redirection Filters, you can create one or more filters to redirect an inbound e-mail to a different e-mail
account. The original recipient will not receive the e-mail.
With Interception Filters, administrators can create one or more filters that will send a blind carbon copy
to the new recipient and send the original e-mail to the original recipient or recipients.
Copyright © Beginfinite 2005 - All rights reserved.
58
GEE Whiz 2
59
Quarantine
The configuration screens
for GroupWise, Netmail
and SMTP are identical.
A General Warning About
Quarantines
There are e-mail
Quarantines in each of
“Filtering”, “SpamControl” and “Antivirus”.
GEE Whiz places a copy of
e-mail in memory and
processes that copy
against all filters and
rulesets it encounters. If a condition is matched and the applicable Quarantine is enabled, the original
copy of the e-mail with attachments is placed in the Quarantine. The administrator has the ability to hold
that e-mail in the Quarantine, to delete it, or release it. If an e-mail is released it is considered fully
processed and will be delivered directly to the recipient without any further processing.
For example, if the “Buy Vicodin Online nqwsdwpbz” e-mail was released from the Filter Quarantine, GEE
Whiz would consider that e-mail to be safe and would deliver it to the intended recipient without any
further processing, thus by-passing all filter, spam control and anti-virus checking.
Parameter
Comment
Subject
This field is the search parameter or string required.
The DOS Style checkbox, if enabled, allows the search method to
include DOS style information in its parsing of the searched
material.
Sender
This field is used to locate a specific sender.
The DOS Style checkbox, if enabled, allows the search method to
include DOS style information in its parsing of the searched
material. Similarly, the Check Envelope is also used to specify
the search criteria.
Recipient
This field is used to locate a specific recipient.
The DOS Style checkbox, if enabled, allows the search method to
include DOS style information in its parsing of the searched
material. Similarly, the Check Envelope is also used to specify
the search criteria.
Size
This adds a custom search size in bytes. Administrators can search
for values of greater, lesser or equal to this value.
Age
This adds a custom search size in age as measured by days old.
Administrators can search for values of greater, lesser or equal to
this value.
Quarantine Type
Administrators can search for quarantined mail for mail type:
spam, virus or filter.
Max Results
This field limits the number of returned results from the query.
Copyright © Beginfinite 2005 - All rights reserved.
59
GEE Whiz 2
Show fields
60
Remove, To Spam, To Ham, Release (Orig), Release (Mod),
Release To, Message ID. Subject, To, From, Date, Age, Size
Copyright © Beginfinite 2005 - All rights reserved.
60
GEE Whiz 2
61
License
Clicking the Licence entry in the GEEWhiz 2 navigational menu presents a screen detailing the licensing
information for your installation.
Copyright © Beginfinite 2005 - All rights reserved.
61
GEE Whiz 2
62
Using GEE Whiz
General Administrative Routines
How Configuration Settings Are Stored
Configurations settings are stored in sys:/gee2/config directory as a .GOP file. There are several things
that you can do to prevent a disaster and to ensure an easy recovery from a disaster:
Perform Regular Backups
At minimum, you should perform a regular backup of the GEE2 directories.
Correctly Apply Anti-virus scanning
GEE Whiz needs to be able to write to all of its pem license files, configuration files, filter files, and Spam
Assassin Ruleset files. You need to ensure that anti-virus scanning is correctly configured for the following
directories:
ƒ
ƒ
ƒ
Exclude the GWIA\Third directory structure
Exclude the GEE2WEB directory structure
Exclude the GEE2 directory structure except: scan the opt/gee2/work and all child folders and files
Verify File System Rights and Attributes
Perform an effective rights check for the account that GEE Whiz uses and confirm that the user has rights
to the Gee directories and to the directories. Also ensure that all GEE folders and files are set to purge
immediate and to read-write.
Anti-Spam
Anti-spam checking in GEE Whiz is a condition-match-score-action process in which our software checks
each e-mail against the defined rule sets that includes SpamAssassin rules, bayesian classifier rules, and
real time black hole List (RBL) rules. If there is a match, then the pre-defined score is assigned to the email. Once all of the rules are processed and scores have been assigned to the e-mail, the total aggregate
score is determined and a pre-defined action is taken, otherwise GEE Whiz passes the e-mail on to
Antivirus for further processing. Anti-Spam checking is only available to customers who have purchased
GEE Whiz.
Enable spam controls
Begin by enabling the spam controls in the GAS screen otherwise spam control is disabled. Generally
speaking, spam control can be enabled to either quarantine e-mail or deliver/redirect/auto-delete e-mail
that is determined to be potential spam. There are several different threshold values that can be set. The
default values are considered to be non-aggressive and could allow real spam to be delivered to users
without being detected.
Copyright © Beginfinite 2005 - All rights reserved.
62
GEE Whiz 2
63
Setting Identification
You can configure how GEE Whiz modifies the Subject line of an e-mail to mark it as spam and optionally
display the GAS value assigned to the e-mail. You can also indicate that a Gas Results.txt file is attached
to the e-mail that will show all of the rules that triggered by the anti-spam processing. Alternatively, you
can choose to imbed those rules in the header of the e-mail.
Using Lists
Before GEE Whiz evaluates e-mail against the rules. White Lists indicate addressees that should be
allowed to bypass anti-spam checking. This is done by adding a negative score to the GAS value assigned
to the e-mail. The default score is –100. There are two white lists:
ƒ
ƒ
WhiteList To checks addressees in the To: and Cc: fields.
WhiteList From checks addressees in the From: field.
Black Lists indicate addresses that should be guaranteed to be assessed as spam. Adding a positive score
to the GAS value assigned to the e-mail does this. The default score is +100. There are two black lists:
ƒ
ƒ
BlackList To checks addressees in the To: and Cc: fields
Blacklist From checks addressees in the From: field.
Additional Bypass notes
An alias agent can create an entirely new message, without the third-party extension in the envelope
which tells GEE Whiz2 that a given message has already been processed. The GEE Whiz2 bypass system
adds a header with a base64 encoded sha1 hash of the password set by the administrator. If this field is
found, the message is not sent for processing and so loops are avoided where messages are processed and
processed again.
ƒ
Inter-product functionality - This feature can also be used to allow spam messages released from GWAVA
to not be picked up by GEE Whiz. GWAVA would need to give a base64 encoded sha1 hash of the same
password, and same header.
SpamAssassin 3 Rulesets
GEE Whiz makes use of the Spam Assassin 3.1 ruleset.
Copyright © Beginfinite 2005 - All rights reserved.
63
GEE Whiz 2
64
Appendix 1: The GEE Whiz NLM
GEE Whiz Server Console
This permits general option changes to be made, and should be used to properly unload GEE Whiz. If you
make any general option changes, remember that those changes are only written in the config directory
when GEE Whiz unloads, so you must choose the F7 option and unload GEE2.NLM; but it normally saves
the applied options after changes as well.
The NLM console reports the system uptime, outgoing
messages and attachments as well as viruses. It also
reports incoming message attachments and incoming
viruses and spam. Below that pane are reported messages
detailing actions taken by Gee Whiz. There are two
function keys: F7 and F10. These exit and provide access to configuration options respectively.
The F9 Key allows Gee2 to change the reported statistics at the top of the console screen. Additional
statistics which replace the categories above include SMTP incoming threads, SMTP outgoing threads,
NetMail threads, GroupWise threads, Current messages per second, peak messages per second, 20-second
average message and Incoming Spam Found.
F10 allows administrators to set the
listener daemon port. Enter the new
value as needed, or click escape to
leave your current settings unedited.
The GEE Whiz web server
console
The GEE2Web admin console reports
the health of your network’s GEE Whiz
installation. Uptime and system events
are reported here. Click F7 to exit or
F10 to edit the GEE Whiz Daemon port
and the Web Listener port.
Copyright © Beginfinite 2005 - All rights reserved.
64
GEE Whiz 2
65
Appendix 2: Configuring CLAMAV
The version of Clam AV is based on latest source code of Version 0.83. Note that the current version does
not support actions like removing or moving infected files.
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Unpack clamav-devel-latest.tar.gz
#cd clamav-devel-latest
#patch -p1 < ../netware-patch
#tar zxvf ../netware_env.tar.gz
#cd libclamav/mspack;make -f Makefile.NLM
#cd ../zlib-netware; make -f Makefile.NLM
#cd ../zziplib; make -f Makefile.NLM
#cd ../; make -f Makefile.NLM
#cd ../clamd; make -f Makefile.NLM
#cd ../freshclam; make -f Makefile.NLM
#cd ..
Copy clamd/clamd.nlm and freshclam/freshclam.nlm to the Netware installation, then, run clamd in
memory-protected mode.
Operations
There are two methods of using CLAM AV.
ƒ
ƒ
Continue Scan - Connect to port 3310 and send over your scan command, such like CONTSCAN
sys:/clamav/, you will scan all files under clamav directory on sys volume. After a while, you will receive
result from the same port.
Stream Scan - Connect to port 3310, and send STERAM command, port 3310 will send you a new port.
Connect to the new port, and send over the content you want to scan, after a while, you will receive result
from this port.
Closing Clam
If you want to quit clamd, connect to port 3310. Sending Quit will end the current session. Connect to
port 3310 again to clear up the clamd.nlm. Originally ClamAV was designed to run on Linux. The Quit
command kills all related processes. Netware requires a two-stage shutdown.
ƒ
ƒ
Step 1 is to send a Quit command to close the scanner workers and setup a quit flag.
Step 2 is to connect to the daemon one more time, the main thread will meet the quit flag and clean up the
resources.
Copyright © Beginfinite 2005 - All rights reserved.
65
GEE Whiz 2
66
Appendix 3: Trouble Shooting
Installation Problems
There are several problems that are common after an installation or upgrade:
GEE Whiz for Netmail will not Load
GEE Whiz fails to load and reports an e “unable to connect to netmail”. This is caused because either GEE
Whiz is not properly configured or the Netmail NMAP Object is not configured correctly. Use the following
procedure to correct this problem:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Load GEE Whiz
Using the GEE Whiz Admin web console ensure that the IP address for GEE Whiz for Netmail is configured
with the correct IP address (refer to GEE Whiz for Netmail installation steps.)
Using NetWare Administrator or the Netmail Admin web console ensure that the IP addresses listed in the
Trusted Host property of the NMAP object is properly configured (refer to GEE Whiz for Netmail installation
steps).
Unload GEE Whiz
Load Netmail and ensure that it is fully loaded
Load GEE Whiz
Confirm e-mail is processing through GEE Whiz by monitoring the GEE Whiz server console.
GEE Whiz is operating but is not processing mail (NetMail and
GroupWise)
The GEE Whiz server console is available on the server, but there are no messages being processed in the
message screen. There are two possible causes and solutions. GEE Whiz for GroupWise Solution – this is
normally caused because GWIA was not restarted after the GWIA\Third directory was configured as the
SMTP Services Queue, or the home switches are not configured in the GWIA.CFG file. The following steps
can be use to verify and fix the problem:
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Unload GEE Whiz
Open the GWIA.CFG file and confirm that the /home and /dhome switches identify the path to the GWIA
directory while the /smtphome switch identifies the GWIA\Third directory
Close and save the GWIA.CFG file
Unload and load GWIA
Load GEE Whiz
Confirm e-mail is processing through GEE Whiz by monitoring the GEE Whiz server console
GEE Whiz for Netmail Solution –this is normally caused because the Netmail Anti-Spam Agent and / or
Anti-Virus Agent are configured or were not properly disabled before installing GEE Whiz. The following
steps can be use to verify and fix the problem:
ƒ
ƒ
ƒ
ƒ
ƒ
Unload Netmail and GEE Whiz
Using the Netmail Administration Web Console disable and delete the Anti-Spam and Anti-Virus Agents
Rename the SYS:\Novonyx\Mail\DBF to SYS:\Novonyx\Mail\DBFOLD
Load Netmail and confirm that it is fully loaded
Load GEE Whiz
Confirm e-mail is processing through GEE Whiz by monitoring the GEE Whiz server console.
Copyright © Beginfinite 2005 - All rights reserved.
66
GEE Whiz 2
67
Testing using VMWare
Configuring a VMWare installation for testing GEE Whiz 2 is beyond the scope of this manual and GWAVA
technical support but, to remark on the matter generally, if an administrator is testing GEE2 with
VMWare, the environment can run in NAT mode. To install and update GEE2, VMWare must be switched to
bridged mode. Some GEEWhiz operations will take inordinately long when running in VMWare;
consequently, running GEEWhiz in VMWare is NOT advised for anything other than testing.
ƒ
ƒ
ƒ
Click the networking card icon at the bottom of the VMWare window
Choose between Bridged or NAT in the dialogue box presented. Confirm your choice by clicking OK.
Type inetcfg. Choose reinitialize system and press enter.
Copyright © Beginfinite 2005 - All rights reserved.
67
GEE Whiz 2
68
Appendix 4: Uninstalling GEE Whiz
Should you choose to completely uninstall GEE Whiz, use the following procedure:
ƒ
ƒ
ƒ
ƒ
ƒ
Open the GEE Whiz Administration Web Console and write down the file paths for the GEE Work directories.
Shutdown GEE Whiz
Delete the gee2 directory (sys:/gee2/)
Delete the gee2web directory (sys:/gee2web/)
Delete the gee2.ncf and gee2web.ncf (sys:/system/gee2.ncf, gee2web.ncf)
At this point, please ensure that your GWIA is operating satisfactorily.
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
Move any files in GWIA\THIRD\RECEIVE to GWIA\RECEIVE
Move any files in GWIA\SEND to GWIA\THIRD\SEND
Please verify that all messages were sent (should be no files in GWIA\RECEIVE or GWIA\THIRD\SEND)
Shutdown the GWIA
Delete GWIA.CFG from SYS:\SYSTEM
Rename GWIA.BAK in SYS:\SYSTEM to GWIA.CFG
Restart GWIA
Gee whiz 2 does not back up the GWIA. From ConsoleOne, reverse the STMP configuration steps
accomplished during the installation (Step 2).
Copyright © Beginfinite 2005 - All rights reserved.
68
GEE Whiz 2
69
Contact Technical Support
Your copy of Gee Whiz includes 30 days or 3 incidents (whichever comes first) of complimentary technical
support. For all of your support and purchasing needs, please visit our home page at www.gwava.com.
100 Alexis Nihon, Suite 500
Montreal, QC Canada H4M 2P1
Tel: +1 801 772 1880 in North America
E-mail [email protected]
Technical support: 1 (801) 437-5678
Copyright © Beginfinite 2005 - All rights reserved.
69