Appendix 1: The GEE Whiz NLM
Transcription
Appendix 1: The GEE Whiz NLM
NOT COMPLETE OR FINAL GEE Whiz 2 Getting Started........................................................................................................... 1 Technical Support..................................................................................................... 1 Sales..................................................................................................................... 1 About GEE Whiz ....................................................................................................... 1 Copyright Notices ........................................................................................................ 2 Introduction .............................................................................................................. 4 What is new in GEE Whiz 2 ............................................................................................. 4 Hardware Requirements ............................................................................................. 5 Operating Systems .................................................................................................... 5 Licenses................................................................................................................. 7 Pre-Installation........................................................................................................... 8 Installation ...............................................................................................................11 Installation Step 1 – Getting Started ..............................................................................12 ClamAV ................................................................................................................16 Post Installation .........................................................................................................17 Migrate GEE Whiz 1.4.x Configuration Files......................................................................18 The GEE Whiz Interface................................................................................................19 Certificates............................................................................................................19 Getting started .......................................................................................................19 Trouble shooting .....................................................................................................25 Options ...................................................................................................................28 Web client options ...................................................................................................28 GidClient ..............................................................................................................30 Server Options...........................................................................................................32 Anti-Virus Configuration ............................................................................................32 Filters ..................................................................................................................35 GroupWise Anti-Spam (GAS) ........................................................................................37 Copyright © Beginfinite 2005 - All rights reserved. NOT COMPLETE OR FINAL GEE Whiz 2 General ................................................................................................................41 Logging.................................................................................................................41 GroupWise options ...................................................................................................43 Interface Daemon ....................................................................................................44 NetMail.................................................................................................................45 Sauce Server configuration .........................................................................................46 Signature ..............................................................................................................47 SMTP ...................................................................................................................48 Statistics .................................................................................................................50 Logs .......................................................................................................................51 Ipauth.....................................................................................................................51 Spam Control ............................................................................................................52 Filters.....................................................................................................................57 Quarantine ...............................................................................................................59 License ...................................................................................................................61 Using GEE Whiz..........................................................................................................62 Appendix 1: The GEE Whiz NLM .........................................................................................64 Appendix 2: Configuring CLAMAV .......................................................................................65 Appendix 3: Trouble Shooting ...........................................................................................66 Appendix 4: Uninstalling GEE Whiz .....................................................................................68 Contact Technical Support ...............................................................................................69 Copyright © Beginfinite 2005 - All rights reserved. GEE Whiz 2 1 Getting Started This manual is intended for IT administrators in their use of GEE Whiz 2 or anyone wanting to learn more about GEE Whiz 2. It includes installation instructions and features descriptions as well as detailed instructions for the operation of this software. Technical Support If you have a technical support question, please consult the GEE Whiz Technical Support section of our website at http://www.gwava.com/ or e-mail [email protected]. The technical support number is 801437-5678. Sales To contact a Beginfinite sales team member, please e-mail [email protected] call Tel: 866-GO-GWAVA (866-464-9282) in North America or +1 514 639 4850. Corporate Headquarters 100 Alexis Nihon Blvd., Suite 500 Montreal, Quebec, H4M 2P1, Canada About GEE Whiz Thank you for your interest in GEE Whiz, a leading product for protecting GroupWise and NetMail e-mail environments from the dangerous threats present on the Internet. This manual provides administrators with sufficient information to best deploy GEE Whiz for protecting their e-mail environments. 2cv Copyright © Beginfinite 2005 - All rights reserved. 1 GEE Whiz 2 2 Copyright Notices The content of this manual is for informational use only, and may change without notice. Beginfinite Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in this documentation. GroupWise is a registered trademark of Novell, and is copyrighted by Novell. © 2005 Beginfinite Inc. All rights reserved. ® GEE Whiz is a registered Trademark. Open-Source Project Acknowledgements - GEE Whiz makes use of several open-source projects, all of which are listed here in no particular order, with respect to their licenses, developers, and the open-source community in general. Beginfinite would like to acknowledge and thank the following Open-Source projects that we either make use of in our product, have studied in the making of this product, or intend to use in the product at a later date: Zlib - Zlib is © 1995-2002 Jean-loup Gailly and Mark Adler. The library was entirely written by Jean-loup Gailly and Mark Adler. ([email protected] and [email protected]) GEE Whiz uses the original library which has not been modified. Source distributions can be obtained from either of: http://www.zlib.org or http://www.gzip.org/zlib/ GEE Whiz makes use of Zlib subject to it's license, excerpt quoted: “Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely.” (Subject to restrictions which we believe we have followed). Minizip - Minizip is © 1998 Gilles Vollant. GEE Whiz uses the original library which has not been modified. GEE Whiz makes use of Minizip subject to it's license, excerpt quoted: “Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely.” (Subject to restrictions which we believe we have followed). PCRE - PCRE is © 1997-2001 University of Cambridge. The library was entirely written by Philip Hazel. ([email protected]). GEE Whiz uses the original library which has not been modified. Source distributions can be obtained from: ftp://ftp.csx.cam.ac.uk/pub/software/programming/ pcre/ GEE Whiz makes use of PCRE subject to its license, excerpt quoted: “Permission is granted to anyone to use this software for any purpose on any computer system, and to redistribute it freely.” (Subject to restrictions which we believe we have followed). Additionally, subject to the PCRE license: Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel, and copyright by the University of Cambridge, England. SpamAssassin - SpamAssassin is © 2002-2004 Justin Mason. The library was partially written by Justin Mason. GEE Whiz only uses parts of the original package, namely the files which make up the ruleset. These portions of the original package have not been modified from their original state, other than possibly changing the file names to suit 8.3 namespace. All original SpamAssassin source files and documentation can be found here: http://spamassassin.org/. GEE Whiz makes use of SpamAssassin ruleset with special permission. CDK - CDK is © 1990 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgement: “This product includes software developed by the University of California, Berkeley and its contributors.” Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. This software is provided by the regents and contributors ``as is'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the regents or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort(including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. LibCURL cURL is © 1996 - 2004, Daniel Stenberg, <[email protected]>. All rights reserved. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. LibGD - LibGD is © Thomas Boutell. Subject to the LibGD license, we include the following information:Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Cold Spring Harbor Laboratory. Funded under Grant P41-RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 by Boutell.Com, Inc. Portions relating to GD2 format copyright 1999, 2000, 2001, 2002, 2003, 2004 Philip Warner. Portions relating to PNG copyright 1999, 2000, 2001, 2002, 2003, 2004 Greg Roelofs. Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002, 2003, 2004 John Ellson ([email protected]). Portions relating to gdft.c copyright 2001, 2002, 2003, 2004 John Ellson ([email protected]). Portions relating to JPEG and to color quantization copyright 2000, 2001, 2002, 2003, 2004, Doug Becker and copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Thomas G. Lane. This software is based in part on the work of the Independent JPEG Group. See the file README-JPEG.TXT for more information. Portions relating to GIF compression copyright 1989 by Jef Poskanzer and David Rowley, with modifications for thread safety by Thomas Boutell. Portions relating to GIF decompression copyright 1990, 1991, 1993 by David Koblas, with modifications for thread safety by Thomas Boutell. Portions relating to WBMP copyright 2000, 2001, 2002, 2003, 2004 Maurice Szmurlo and Johan Van den Brande. Portions relating to GIF animations copyright 2004 Jaakko Hyvätti ([email protected]). Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application, provided that this notice is present in useraccessible supporting documentation. This does not affect ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd, not to interfere with your productive use of gd. If you have questions, ask. "Derived works" includes all programs that utilize the library. Credit must be given in user-accessible documentation. This software is provided "AS IS." The copyright holders disclaim all warranties, either express or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying documentation. Although their code does not appear in the current release, the authors also wish to thank Hutchison Avenue Software Corporation for their prior contributions. LibJPEG - The authors make NO WARRANTY or representation, either express or implied, with respect to this software, its quality, accuracy, merchantability, or fitness for a particular purpose. This software is provided "AS IS", and you, its user, assume the entire risk as to its quality and accuracy. This software is copyright (C) 1991-1998, Thomas G. Lane. All Rights Reserved except as specified below. Permission is hereby granted to use, copy, modify, and distribute this software (or portions thereof) for any purpose, without fee, subject to these conditions: 1. If any part of the source code for this software is distributed, then this README file must be included, with this copyright and no-warranty notice unaltered; and any additions, deletions, or changes to the original files must be clearly indicated in accompanying documentation. 2. If only executable code is distributed, then the accompanying documentation must state that "this software is based in part on the work of the Independent JPEG Group". 3. Permission for use of this software is granted only if the user accepts full responsibility for any undesirable consequences; the authors accept NO LIABILITY for damages of any kind. These conditions apply to any software derived from or based on the IJG code, not just to the unmodified library. If you use our work, you ought to acknowledge us. Permission is NOT granted for the use of any IJG author's name or company name in advertising or publicity relating to this software or products derived from it. This software may be referred to only as "the Independent JPEG Group's software". We specifically permit and encourage the use of this software as the basis of commercial products, provided that all warranty or liability claims are assumed by the product vendor. Ansi2knr.c is included in this distribution by permission of L. Peter Deutsch, sole proprietor of its copyright holder, Aladdin Enterprises of Menlo Park, CA.ansi2knr.c is NOT covered by the above copyright and conditions, but instead by the usual distribution terms of the Free Software Foundation; principally, that you must include source code if you redistribute it. (See the file ansi2knr.c for full details.) However, since ansi2knr.c is not needed as part of any program generated from the IJG code, this does not limit you more than the foregoing paragraphs do. The Unix configuration script "configure" was produced with GNU Autoconf. It is copyright by the Free Software Foundation but is freely distributable. The same holds for its supporting scripts (config.guess, config.sub, ltconfig, ltmain.sh). Another Copyright © Beginfinite 2005 - All rights reserved. 2 GEE Whiz 2 3 support script, install-sh, is copyright by M.I.T. but is also freely distributable. 6. Redistributions of any form whatsoever must retain the following acknowledgment: It appears that the arithmetic coding option of the JPEG spec is covered by patents owned by IBM, AT&T, and Mitsubishi. Hence arithmetic coding cannot legally be used without obtaining one or more licenses. For this reason, support for arithmetic coding has been removed from the free JPEG software. (Since arithmetic coding provides only a marginal gain over the unpatented Huffman mode, it is unlikely that very many implementations will support it.) So far as we are aware, there are no patent restrictions on the remaining code. The IJG distribution formerly included code to read and write GIF files. To avoid entanglement with the Unisys LZW patent, GIF reading support has been removed altogether, and the GIF writer has been simplified to produce "uncompressed GIFs". This technique does not use the LZW algorithm; the resulting GIF files are larger than usual, but are readable by all standard GIF decoders. We are required to state that: "The Graphics Interchange Format(c) is the Copyright property of CompuServe Incorporated. GIF(sm) is a Service Mark property of CompuServe Incorporated." "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" LUA - Copyright © 1994-2004 Tecgraf, PUC-Rio. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: Original SSLeay License - Copyright (C) 1995-1998 Eric Young ([email protected]) . All rights reserved. This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software. OpenSSL - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected]. OpenSSL License - Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment:"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. This software is provided by the openssl project “as is” and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the openssl project or its contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson([email protected]). 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young ([email protected])" The word 'cryptographic' can be left out if the routines from the library being used are not cryptographic related. 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson ([email protected])" This software is provided by Eric Young ``as is'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the author or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] Copyright © Beginfinite 2005 - All rights reserved. 3 GEE Whiz 2 4 Introduction GEE Whiz is a NLM and ELF-based anti-spam and anti-virus program that is built from the ground up with flexibility in mind and runs on NetWare and Linux. Mail is examined in the GWIA, in NetMail or using the STMP Proxy using SpamAssassin rules and text classifier filtering for: improper content and plain language, fingerprinting and extension blocking. GEE Whiz 2.x We hope you find the product applicable to any environment in which you may choose to deploy it. What is new in GEE Whiz 2 New web interface Cross-Platform Support of Linux and NetWare. SuRBL URI-based RBL Support. SPF Support. Scripted processing for easy and flexible customization. A much more efficient textual classifier which builds tokens for single words and groups of words. You can now build a more accurate token set with a smaller corpus. Complete support for meta-style anti-spam rules. Complete support for the SpamAssassin 3.1 rule set. Ability to deploy GEE Whiz 2 at the SMTP level. ClamAV support These changes are just the tip of the iceberg. For a complete list of changes, visit www.gwava.com. Copyright © Beginfinite 2005 - All rights reserved. 4 GEE Whiz 2 5 Successful Installations and Upgrades Installing or upgrading GEE Whiz is a straightforward process whether you are installing GEEWhiz in a Linux or NetWare environment. Verify that all necessary prerequisites are met Prepare the server Perform an upgrade or a new installation Test Hardware Requirements Pentium III processor or equivalent An additional 512 MB of RAM over minimum requirement for the server and GWIA or NetMail. A minimum of 35 MB of free disk storage space on the SYS: volume (for default installation). A recommended minimum of 750 MB of free disc storage space on the SYS: volume (for the default installation) to hold the GEE directory structure, for working space to process e-mail and for quarantine directories. The work directories can be located on any volume so sufficient free space must be available on the volume containing the work directories. Hard drive space demands are determined largely by the number of messages processed, message size and the sizes of the spam and ham libraries used to teach the classifier. As these grow, so does the need for disc space. GEE Whiz is more CPU dependent than RAM dependent. Installing copious amounts of extra memory may help process extra threads, but will not provide significant performance gains. Operating Systems NetWare SuSE NetWare 5.1 (Service Pack 8 ) NetWare 6.05 (Service Pack 5 or greater) NetWare 6.5 (Service Pack 3 or greater) SuSE Linux 8 or 9 (Other Linux-based installations may be successful but are not officially supported) Copyright © Beginfinite 2005 - All rights reserved. 5 GEE Whiz 2 6 Mail Systems GEE Whiz supports three mail systems: GroupWise, NetMail and SMTP. GroupWise - GroupWise 5, 5.5 Enhancement Pack, 6.0, and 6.5 (recommended latest SP). NetMail - NetMail 3.1x and 3.5x (recommended latest SP) GEE Whiz should be installed on the server hosting the e-mail system. SMTP - Most any mail system supporting standard SMTP mail connections. Internet connection The installation process requires a connection to the internet to download the GEEWhiz 2 software. A connection to the internet is needed to the run network tests. Upgrades Run the installer. When asked Can I use the network for updates? window choose Yes. Press Enter. At the Should I check for an update to the installation software? window choose Yes. Press Enter. Note – if you get a 'Failed to communicate with auto-update server.' error and your server is behind a firewall, you will need to enable outbound connections to 209.115.221.132 (au.submersion.com) on Port 35000 at your firewall. If there is an update available, you will see a There is an update <version> to <version> update available. Should I update? window. Choose Yes. Press Enter. An update will be downloaded. Progress bars will alert you of this. At the Shutdown so you can install with an updated installer? window choose Yes. Press Enter. Updates To check for updates, merely unload GEE Whiz 2 and the web component, and run the Ginst installer again. For example: LOAD SYS:/GEE2/GINST.NLM and LOAD SYS:/GEE2WEB/GINST.NLM It is not necessary to unload the GWIA to perform an update. Copyright © Beginfinite 2005 - All rights reserved. 6 GEE Whiz 2 7 Licenses GEE Whiz is licensed per user. You must purchase a license for the appropriate number of users on your system. Note that GEE Whiz 1.x licenses are incompatible with 2.x For information about your license, select the Licence item in the GEEWhiz2 navigational menu. Types of Licenses Trial – Full function license with support for 30 days. You can perform an upgrade within the period of a Trial license and have full access to all product features. You also have access to e-mail and telephone support. Full License – Full access to the product features, but is not upgradeable to newer versions Full License with Support and Upgrade Path – Full access to the product features, and is upgradeable to newer versions. You have full access for technical and configuration support by e-mail and telephone. Price protection is also included with this license type. Replacing licence files If you must replace the existing licence files with a new licence file, before loading GEE Whiz on your server ensure there are no .PEM files in the GEE2 and GEE2WEB directories. Copy the replacement licence file into the GEE Whiz installation directory. Please make sure that GEE is not running when you copy a new licence file into the GEE Whiz installation directory. GEE must be unloaded to carry out all license change operations. Manage Licenses GEEWhiz will look for the private and public .PEM files when it first loads. If GEE Whiz does not find the correct license file the software will not start. If you are installing a new or replacement license file you must: Unload GEE Whiz. Copy the new licences Restart GEE Whiz. Copyright © Beginfinite 2005 - All rights reserved. 7 GEE Whiz 2 8 Pre-Installation Overview Despite the large number of possible combinations of installations overall process is fairly straightforward. This manual documents them as two pre-installation steps, six post installation steps, and postinstallation tidying. The operating systems supported (NetWare and SuSE) generally have the same installation process. The only real differences are the directories into which components are installed and a few of the questions that the installation process asks you. For example, NetWare asks for a start-up NCF, as this is a necessary component for that operating system. Finally, once the installation appropriate for your environment is completed, you will need to configure GEE Whiz to operate on your mail systems (GroupWise, NetMail and SMTP). There are three groups of tasks to install GEE Whiz 2. Some of these are elementary decision points; others require a detailed knowledge of your network. Pre-installation 1) Create the Extraction Directories 2) Prepare the mail platform GroupWise NetMail Installation 3) Ensure the install scripts are configured to load both GEE2 and GEE2Web 4) Install for your mail platform 5) Create start-up files 6) Install GEE Whiz web server 7) Configure your AV software SMTP Copyright © Beginfinite 2005 - All rights reserved. Post-Installation 8) Post installation Run GEE2 and then GEE2 Web Note that for NetWare, do not use the load command, instead use the GEE2.NCF and GEE2Web.NCF files provided. Migrate your 1.4x files as needed. 8 GEE Whiz 2 9 Pre-Installation Step 1 – Create Directories Run GINST however it is started on your operating system. For example: Netware: SYS:\GEE2INST\GINST.NLM Linux: ./gee2inst/ginst Create extraction directories A series of prompts follows for choosing installation directories. You will be asked to accept the default "installation" directory (SYS:/GEE) or identify a different directory. If you do not accept the default (SYS:/GEE) during the initial installation, or if you change the installation location later, you will need to edit the work directory settings in both the server and web consoles. NetWare Extraction Directory: Sys\GEE2inst Linux Extraction Directory: /opt/gee2inst/ Inventory No matter what OS, the directories and files that are extracted contain the licence files and the installation script files for the GEE Whiz 2.0 Anti-Spam and Anti-Virus application and the GEE2 web server application: ginst.nlm - installer file for NetWare server ginst ginst - installer for 32-bit versions of Linux public.pem and private.pem - public and private licence keys for the ginst installers to communicate securely with the GEE Whiz 2.0 update server hosted by gwava.com config\sauce.gop - configuration file for the ginst installer files. products\gee2\scripts\inst.lua – This is the installation script used by ginst installers to install the GEE2 application. products\gee2web\public.pem and private.pem - public and private licence keys for GEE Whiz 2.0 web server. products\gee2\public.pem and private.pem - public and private licence keys for GEE Whiz 2.0 daemon. products\geet2web\scripts\inst.lua – This installation script is used by the installer to install the GEE Whiz 2.0 web server application. The second and final pre-installation step will be to prepare the server whether it is NetMail, GroupWise, SMTP or any combination of the above. Once that is complete, the installer may be run. Copyright © Beginfinite 2005 - All rights reserved. 9 GEE Whiz 2 10 Pre-Installation Step 2 – Prepare the Mail Platform The second and final pre-installation process is to prepare the mail platform. Pre-Installation on GroupWise Begin by creating a \GWIA\Third directory. For example, MAIL:\GWDOM\WPGATE\GWIA\Third. Then run ConsoleOne. Perform the following steps: Right-click the GWIA object and choose Properties Click on the Server Directories tab In the SMTP Queues Directory choose the UNC path to the GWIA directory (e.g. \\SERVER\MAIL\GWDOM\WPGATE\GWIA). Then and copy it to the clipboard Click the Advanced button. Paste the UNC path into the SMTP Service Queues Directory textbox. In the same screen, click the end of the UNC path to add "\Third", e.g. \\SERVER\MAIL\GWDOM\WPGATE\GWIA\Third. Click OK to confirm these edits. Then click OK through the rest of the screens until you close the GWIA properties window and exit ConsoleOne. Unload GWIA (use F7 in the GWIA server console to Exit). Load GWIA using GWIA.NCF. (This ensures that the GWIA loads using the GWIA\Third directory settings.) GEE Whiz does not alter the gwia.cfg file to include the SMTP home switch. Gwia.cfg must be edited to point via UNC path to the third party directory, usually /third. Note - Create the /third if it has not yet been created. (An alternate method of generating this change is by using ConsoleOne by means of the GWIA object screen.) Restart the GWIA Test the set up by sending and receiving mail. IMPORTANT: Every support pack upgrade will likely remove the SMTP home switch from gwia.cfg, hence it is preferable to submit changes through Novell ConsoleOne so that the NDS Object is Updated. Remember to back up configuration files before applying upgrades. Pre-Installation on NetMail If NetMail is running on another server, you will need to know the IP address of the NetMail server Begin by unloading NetMail. Rename the SYS:\Novonyx\mail\dbf to SYS:\Novonyx\mail\dbfold Re-load NetMail. Pre-Installation on SMTP For SMTP environments, you must configure your SMTP server to send outbound mail through the GEE Whiz 2.0 installation. This configuration is dependant on the particular SMTP server and is beyond the scope of this document. Refer to your SMTP server documentation. Copyright © Beginfinite 2005 - All rights reserved. 10 GEE Whiz 2 11 Installation These instructions presume that you are choosing the default or recommended directories. The GEE2INST extraction directory will contain a GINST and a GINST.NLM file. To install GEE Whiz for the first time, you must run the GINST installer script. There are five steps. 1 - Start the installer and check for updates 2 - Install for your Mail Platform 4 - Install the Web server 5 – Configure the AV software 3 - Create Start-Up files The post installation is simply to ensure the scripts are configured to load both GEE2 and the GEE2 web component. A successful installation of GEE Whiz2 involves setting up both GEE Whiz (the motor of the car) and GEE Whiz’s web administration console (the steering wheel). There are an almost infinite number of combinations for installing this software. On a basic installation, the software, the web administration console, the GWIA, GroupWise, et cetera, can all exist on one server with the same IP. In a more complex arrangement, these components can exist in separate locations. For example, GEE Whiz might communicate via IP to NetMail, or GEE Whiz might be set up as a SMTP proxy to connect with the GWIA. Copyright © Beginfinite 2005 - All rights reserved. 11 GEE Whiz 2 12 Installation Step 1 – Getting Started Getting started and checking for updates Start the installer and (in Linux) <cd> to /opt/gee2inst. At the server console, type ./ginst to run the installer. For Netware, the command at the console will be ginst.nlm from whatever location on your system, for example, sys:\gee2inst\ginst.nlm. You will be asked: At the Can I use the network for updates? window choose Yes and press Enter. You will be asked Should I check for an update to the installation software? Choose Yes and press Enter. If you get a 'Failed to communicate with auto-update server' error and your server is behind a firewall, you will need to enable outbound connections to 209.115.221.132 (au.submersion.com) on Port 35000 at your firewall. If there is an update available, you will see a "There is an update <version> to <version> update available. Should I update?" window. Choose Yes and press Enter. An update will be downloaded and you will see a set of progress bars. At the Shutdown so you can install with an updated installer? window choose Yes and press Enter. At the Would you like to install Gee2? window choose Yes and press Enter. At the Install path for Gee2 window type /opt/gee2 You will be asked Install gee2? Press Enter to begin. The GEE Interface Daemon or GID The GEE Interface Daemon is a listener that GEE2 runs to listen for input from the GEE2WEB web server that hosts the Web Admin Console. When asked whether to configure the GEE Interface Daemon? Choose Yes and press Enter. At the GID Listener Port: (default: 320025): window you can specify a port number and press Enter, or just press Enter and then choose Yes at the Use default? (32005) window to accept the default. Press Enter at the GID configured window Copyright © Beginfinite 2005 - All rights reserved. 12 GEE Whiz 2 13 Installation Step 2 – Mail Platform Installing GEE Whiz for GroupWise for the first time At the Would you like to configure GEE Whiz for GroupWise? window choose: No if you are running NetMail only and proceed to Installing GEE Whiz for NetMail for the first time, or Yes if you are running GroupWise. The next six windows will ask for the GroupWise \GWIA and \GWIA\Third directory paths. In each window enter the path using forward slashes and end the path with a forward slash. Here are example paths: GWIA send path – MAIL:/GWDOM/WPGATE/GWIA/Send/ GWIA receive path - MAIL:/GWDOM/WPGATE/GWIA/Receive/ GWIA result path - MAIL:/GWDOM/WPGATE/GWIA/Result/ GWIA third/send path - MAIL:/GWDOM/WPGATE/GWIA/Third/Send/ GWIA third/receive path - MAIL:/GWDOM/WPGATE/GWIA/Third/Receive/ GWIA third/result path - MAIL:/GWDOM/WPGATE/GWIA/Third/Result/ At the GEE Whiz for GroupWise configured. Enable it? window choose No and press Enter. Why? Administrators can choose Yes but GEE2 will start to process mail as soon as it is loaded. Choose No so that when you load GEE2, you will have time to configure options before you enable GEE Whiz for GroupWise and process any mail. Installing GEE Whiz for NetMail for the first time At the Would you like to configure GEE Whiz for NetMail? window choose: No if you are not running NetMail. Proceed to step 3. Yes if you are running NetMail. The next four windows will ask for specific configuration information on your NetMail installation: NetMail NMAP Server IP = 127.0.0.1 (if NetMail is on the same server as GEE Whiz, otherwise type in the IP address of the NMAP server NetMail NMAP Server Port - press Enter to accept default of 689 GEE Whiz NMAP Listener IP - press Enter to accept default of all (If GEE Whiz is installed on a BorderManager Server, then type in the private IP address of that server. See the appendices for more information.) GEE Whiz NMAP Listener Port - press Enter to accept default of 32001 At the GEE Whiz for NetMail configured. Enable it? window choose No. Complete this portion of the installation process by pressing Enter. (You can choose Yes but GEE2 will start to process mail as soon as it is loaded. Choose No so that when you load GEE2, you will have time to configure options before you enable GEE Whiz for NetMail and process any mail.) Copyright © Beginfinite 2005 - All rights reserved. 13 GEE Whiz 2 14 Installation Step 3 – Create Start-Up Files (NetWare only) At the Create a startup NCF for GEE2 in SYS:/SYSTEM? window choose Yes and press Enter. At the NCF created window press Enter. Installation Step 4 – Install the GEE Whiz web server This portion of the installation process is fairly straightforward. Administrators will be presented with a succession of screens: Two screens will be presented in a row-Gee2 successfully installed and Would you like to install gee2web?, press Yes and Enter to both. At the Install Path for gee2web: window type opt/gee2web or sys:/gee2web and press Enter. At the Install gee2web to /opt/gee2web? window choose Yes and press Enter At the Would you like to configure the web client? window choose Yes and press Enter A prompt will appear asking for a user name for you to enter the web administration console. Enter a nonNDS user name which will authenticate to the GEE Whiz Web Administration Console, e.g. geewhizadmin, and press Enter. Enter a case sensitive password you want to assign for the account. We strongly advise for security reasons that you do not use a NDS account. At the GEE Whiz Daemon GID IP (default 127.0.0.1): window press choose Yes and press Enter. At the GEE Whiz Daemon GID Port (default 32005): window press choose Yes and press Enter At the GEE Whiz Web Server Port (default 33333): window press choose Yes and press Enter At the GEE Whiz web client configured window press Enter. At the Create a startup NCF for GEE2WEB in SYS:SYSTEM? window choose Yes and press Enter Press enter at the NCF created window and again at the gee2web successfully installed window. Installation Step 5 – Configure your anti-virus software You must modify your anti-virus software to perform real-time scanning and to delete or quarantine infected files. The anti-virus scanner must be configured to: Exclude the GWIA\Third directory structure Exclude the GEE2WEB directory structure Exclude the GEE2 directory structure except: scan the opt/gee2/work and all child folders and files If your anti-virus solution cannot scan a child folder of a directory that is being excluded, then you can move GEE2’s work directory: Create a GEE2WORK directory, for example /opt/gee2web or sys:/gee2work Configure your anti-virus software to exclude the /opt/gee2/directory Configure your anti-virus software to scan the /opt/gee2/work/directory Unload GEE2.NLM (use F7 in the GEE2 Server console screen) Open the \GEE2\config\antivirus.gop file in a text editor, find the [workPath] option Remove the "valueIsRelativeToSubSection" = "installationDirectory" and the "valueIsRelativeToSection" = "general" lines Change the value to the full path, so: "value" = "/work/" changes to "value" = "SYS:/GEE2WORK/" Load GEE2 using GEE2.NCF Copyright © Beginfinite 2005 - All rights reserved. 14 GEE Whiz 2 Copyright © Beginfinite 2005 - All rights reserved. 15 15 GEE Whiz 2 16 ClamAV GEE Whiz 2 now supports ClamAV. This GPL virus scanner package provides a flexible and scalable multithreaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam anti-virus package, which you can use with your own software. Other features include: A database updater with support for digital signatures Virus scanner C library On-access scanning (Linux and FreeBSD) Detection of more than 32000 viruses, worms and trojans Support for RAR (2.0), Zip, Gzip, Bzip2, Tar, MS OLE2, MS Cabinet files, MS CHM (Compressed HTML), MS SZDD, mbox, Maildir and raw mail files, portable executable files compressed with UPX, FSG. Milter interface for sendmail Copyright © Beginfinite 2005 - All rights reserved. 16 GEE Whiz 2 17 Post Installation NetWare Do NOT use the LOAD command at the server console to start either GEE2.NLM or GEE2WEB.NLM. The installation created two .NCF files to start GEE Whiz: GEE2.NCF - starts GEE2.NLM in protected memory mode GEE2WEB.NCF - starts GEE2WEB.NLM in protected memory mode The next step will be to start both GEE2 and the GEE2 web service. At the server console type GEE2 to run GEE Whiz. Once it has loaded, at the server console type GEE2WEB to start the GEE Whiz web server. Important GEE2 must be running before attempting to load GEE2WEB. To have Gee Whiz load automatically, at the server console type EDIT AUTOEXEC.NCF <enter> and add the following three items below to the lines which load GWIA: GEE2.NCF DELAY 10 GEE2WEB.NCF Press <Esc>. Remember to save the AUTOEXEC.NCF file. Linux At the server console type ./gee2 to start GEE Whiz. At the server console type ./gee2web to start the GEE Whiz web server. At the server console, edit the applicable init scripts so that GEE2 and GEE2WEB are started when the server restarts in normal run level (e.g. runlevel 3 or 5). Copyright © Beginfinite 2005 - All rights reserved. 17 GEE Whiz 2 18 Migrate GEE Whiz 1.4.x Configuration Files Black and White Lists GEE Whiz 2.0 uses the same files for Black Lists and White Lists as GEE Whiz 1.4.x.To migrate the files, copy the blackfr.txt, blackto.txt, whitefr.txt and whiteto.txt from the GEE Whiz 1.4.x GEE\TMPLTS directory to the GEE Whiz 2.0 /opt/gee2/gas/lists directory. Administrators can copy the files while GEE2 is loaded and they will become active immediately. Apply Lists GEE Whiz 2.0 uses the same level of Apply Lists (General, Filter, Spam Control now Gas) and Antivirus) as GEE Whiz 1.4.x but you cannot copy the files. If you enable “DOS-style apply lists:” in GEE Whiz 2.0, you can copy the contents of an apply list from the GEE Whiz 1.4.x and paste it into the applicable apply list in the GEE Whiz 2.0 Web Admin Console: Copy data from GEE 1.4.x path GEE\TMPLTS\APPLY.TXT to GEE 2.0 General Apply List Copy data from GEE 1.4.x path GEE\TMPLTS\FAPPLY.TXT to GEE 2.0 Filter Apply List Copy data from GEE 1.4.x path GEE\TMPLTS\SCAPPLY.TXT to GEE 2.0 GAS Apply List Copy data from GEE 1.4.x path GEE\TMPLTS\AVAPPLY.TXT to GEE 2.0 Antivirus Apply List Header and Content Filters Header and content filter files cannot be migrated. Filters are created and saved in LUA script files in GEE Whiz 2.0. Rebuild each filters in the Filters section of the GEE Whiz web administration console. Custom SA Rules GEE Whiz 1.4.x stored custom Spam Control Rules in the GEE\GASC\CUST.CF file which should NOT be copied from GEE Whiz 1.4.x to GEE Whiz 2.0. Since a newer version of SpamAssassin rules are used in GEE Whiz 2.0 we cannot guarantee that an old cust.cf file will work with the new Spam Assassin 3.0 ruleset. You should create your custom rules in the Spam Control screen (top menu row). Multiple versions of GEE Whiz Do not attempt to run GEE Whiz 1.x and 2.x products at the same time on the same system. This may cause an abend or it will result in both GEE.NLM and GEE2.NLM competing to process mail from the GWIA\Third\Receive and GWIA\Send directories. GEE Whiz 1.4x and GEE Whiz 2.x can be installed in the same environment, but in different directories however, they cannot both be in operation at the same time. If you are upgrading from GEE Whiz 1.4.x, and you configure your GEE Whiz 2.0 "work and scan" directories to be the same as GEE Whiz 1.4x, you can retain both systems if you need to revert to GEE Whiz 1.4.x. Should you need to revert back to GEE Whiz 1.4.x, you can unload the GEE Whiz 2.0 NLMs and load the GEE Whiz 1.4.x NLMs. Copyright © Beginfinite 2005 - All rights reserved. 18 GEE Whiz 2 19 The GEE Whiz Interface Certificates GEE Whiz 2 uses certificates for three purposes: to manage licensing states (for example, when you upgrade your demo to a working copy,) to ensure updates are pushed to GEE Whiz installations, and for encryption. Upon first logging into the GEE Whiz web administration console, administrators will be presented with a certificate authentication screen. Click OK to continue to the GEE Whiz 2 web administrator. Clicking the View Certificate button will present a detailed screen about the information contained in the certificate. Getting started The web-based GEE Whiz Admin Web Console is where most of the management of GEE Whiz is performed. This console is available through any standard web browser at https://<ip address of the server>:33333. You will have to authenticate using the user name and password set up during the set up process. This console has two sections. Below is pictured the log-in screen, as well as a sample screen from the GEE Whiz web administration console. The version number is presented beneath the log-in window. Copyright © Beginfinite 2005 - All rights reserved. 19 GEE Whiz 2 20 GEE Whiz at a Glance Use the menus to navigate between GEE Whiz’s various screens. Options General Web Client Options GidClient Mine Sauce Web Antivirus Gee Whiz Options Filter GAS General GroupWise Ideamon NetMail Sauce Signature SMTP Stats Logs Client Logs Server Logs Statistics Client Statistics Copyright © Beginfinite 2005 - All rights reserved. 20 GEE Whiz 2 21 Ipauths Server Statistics No Stats Copyright © Beginfinite 2005 - All rights reserved. 21 GEE Whiz 2 22 Spam Control Classifier RBLS Ruleset All Body Header Rawbody Meta Uri Search SPF SURBL Filters Quarantine GroupWise NetMail SMTP License Copyright © Beginfinite 2005 - All rights reserved. 22 GEE Whiz 2 23 Content Pane This is where the administrator changes existing options, enable and disable different features in GEE Whiz. Content panes usually have General Options and Advanced Options. This manual assumes that the Advanced Options are selected. Help In the GEE Whiz Admin web console, hovering the option title to see the help information for that option. A popup window will provide contextual help. Click Submit At the top of every page in the web administration console is a Submit button. Remember to click it otherwise your edits and changes to the Gee2 environment will not be applied. Copyright © Beginfinite 2005 - All rights reserved. 23 GEE Whiz 2 24 Enabling the Major Features of GEE Whiz GEE Whiz can be installed in a disabled state so that it does not start processing e-mail when it is loaded for the first time. This allows administrators time to configure the major features before enabling GEE Whiz. You need to also enable GEE Whiz against the particular e-mail system you are protecting and click Submit. If GEE Whiz is not enabled for a mail system then it will not provide any protection. Script Flow The /scripts/process/control.lua controls the flow of GEE Whiz 2 scripts. The control file directs that each message that comes into GEE Whiz passed through various scripts. There are scripts for pre-processing, processing, and post-processing scripts. Within these sub sections, the order is controlled by naming the scripts alphabetically. Pre-processing - Pre-processing scripts are contained in /scripts/process/pre. These are scripts which have actions that are taken first. AA_init - This script sets up the message part functions which are used by later scripts. BB_applylists - This script checks to see if an apply list match has been found, and if so, sets a flag. Processing - Processing scripts make up the bulk of GEE Whiz. These scripts perform their processing actions on the message and set flags as found. AA_init - This script loads the white/black to/from lists, and performs any necessary Dos-style or case insensitive conversions as necessary. BB_gas - This script runs the GEE Whiz Anti-Spam engine on the message, if the message is not larger than the ignore size setting. The Anti-Spam engine runs the various SpamAssassin rules on the message, as well as applies the textual classifier. The Anti-Spam engine itself runs various LUA scripts as part of its operation. These scripts are located in /gas/scripts. CC_filter - This script runs through any filters which have been created and sets a filter found flag. This script in turn runs the scripts found in /scripts/process/filter/file DD_antivirus - This script saves out any found attachments from the message and waits to see if they are removed by an anti-virus program. This script runs the scripts located in /scripts/process/antivirus/ Post-Processing - The Post-processing scripts check the flags which have been set and decide on a course of action to take with the message. AA_init - This script sets up various utility functions to be used by scripts later on. BB_stats - This script increments or decrements the various statistics based on what was found in the message DD_quarantine-orig - Before any changes are made to the message, this script quarantines the original if the options are set for it to do so. It does add a few special headers to the message before quarantining which reflect the reason for the quarantine. EE_antivirus - If any viruses were detected in the message, this script will perform the required actions based on the option settings. FF_filter - If any filters were matched on the message, this script performs the required actions according to the option settings. GG_gas - This script performs the various anti-spam related message alterations, such as adding the results file, adding headers, and modifying the subject header. HH_inter-redir - This script performs any interceptions or redirections as required. ZZ_quarantine-mod - Now that the message has passed through all the altering scripts, the modified message is saved out to the quarantine if required. Copyright © Beginfinite 2005 - All rights reserved. 24 GEE Whiz 2 25 Trouble shooting GWAVA support has speedy procedures to handle an abend (abnormal end) when a customer experiences one. If an abend occurs, the administrator should contact support by e-mail at [email protected]. Append the following to your message along with a description of the event, and any screen shots you believe may help our support team diagnose the problem. A copy of the server ABEND.LOG file A copy of the server CONSOLE.LOG file The brand name and version of the anti-virus software installed on the server A copy of the server AUTOEXEC.NCF file Upon receipt of the files and information, the support team will examine the files to determine if they can resolve the cause of the abend, otherwise the GWAVA support team will forward the files to the developers of GEE Whiz for their resolution. Location of settings If for some reason, an administrator needs to diagnose ports or other fundamental configuration settings, consult the GOP files in your GEE2 installation. Note that in the case of administrative lock-out, the admin password for the web client is stored in gee2web\config\general.gop Because of the encryption, it must be changed from to [pass] “value” = * 432324example * [pass] “value” = “mypass” For example, an administrator attempts to add so many threads that the ram requirements are exceeded, the server will crash. Editing the number of threads stored in the GOP will be how one resets the thread value to a workable number. The software cannot see NetMail NetMail has to be loaded completely before GEEWhiz 2 is launched. If this does not happen, Gee may fail to 'see' the mail system. Moreover, if NetMail is taken down for any reason while Gee Whiz 2 is operating, the software must be restarted so that it can again connect with the NetMail system. NetMail should try to reconnect to GEE Whiz on loading as GEE Whiz saves its queue handlers. Copyright © Beginfinite 2005 - All rights reserved. 25 GEE Whiz 2 26 About Apply Lists An “Apply List” is a list in GEE Whiz that is used to define exceptions or inclusions to the normal functioning of GEE Whiz. Note that putting a wildcard of your own domain in the General Apply List and choosing the “Disable” feature will cripple GEE Whiz against your entire e-mail domain. For example, if your domain is mydomain.com, do not put *@mydomain.com in the General Apply List and choose the “Disable for only those addressees in the list”. This will prevent GEE Whiz from processing e-mail addressed to your e-mail domain. By default “Apply Lists” are disabled and normally do not need to be used unless there is demand for a specific exception. There are four “Apply Lists” Top level list is for all features of GEE Whiz Filtering Spam-Control Antivirus Four Apply lists The Apply lists controls appear four times in the GEE Whiz2 interface: Apply lists can be configured separately for Anti-virus, Filters, GAS and General. This can cause some confusion in the minds of some users. For example, the Anti-Spam Apply Lists checkbox activates this feature. The DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender. If Inclusive is enabled, GEE Whiz will run filtration scans only on users listed in the apply list. If not, GEE Whiz will run spam filters on all users except those on the apply list. More simply, ‘all of these’ versus ‘everything but these’. Recipient and sender are less problematic: these fields are line-by-line regular expression lists of users against which to processing for sending or receiving. Copyright © Beginfinite 2005 - All rights reserved. 26 GEE Whiz 2 27 Mail processing Apply List examine the SMTP envelope only, ignoring the informational TO, FROM, CC, etc, which can be spoofed. (The envelope information is the SMTP session; it tells you where the message is really going whereas the headers can be anything a spammer wants them to be). The hierarchy of apply lists If there is a conflict between the general apply list and a apply list for a specific feature, the general apply list takes precedence over the apply list for the specific feature. Copyright © Beginfinite 2005 - All rights reserved. 27 GEE Whiz 2 28 Options Web client options The options screens of the GEE Whiz web administration console has two major sub sections. The Web client Options and the GEE Whiz server options. Below are the General Web Client Options. The Advanced Options checkbox must be enabled for all of the configuration options to be visible. Parameter Comment Web Client User Name and Password These fields set the user name and password for GEE Whiz administrators of this web client. Statistics Save Path This field determines where statistics are saved. Logs save path This field determines where logs are saved. Private License Certificate This field is for setting the path to your private license certificates file. Public Licence Certificate This field is for setting the path to your public license certificates file. Gid Server License Certificate This field is for setting the path to your Gid server license certificate certificates file. Enable Interface Enabling this checkbox activates the Console interface, depending upon an administrator’s preference. Thread Stack Size This field sets the size of stacks for each thread. Its default value is 10485760. Revision Number The installed edition of GEEWhiz 2. Copyright © Beginfinite 2005 - All rights reserved. 28 GEE Whiz 2 29 Show Advanced Options Enabling this checkbox allows Gee Whiz 2 administrators to view additional features and settings. Installation Directory This field is used to change the installation directory. Enable Advanced Option Editing Enabling this checkbox allows Gee Whiz 2 administrators to edit additional features and settings. Copyright © Beginfinite 2005 - All rights reserved. 29 GEE Whiz 2 30 GidClient Two options are available for configuring the GID client: the GEE Whiz Daemon IP field configures which IP GEE Whiz runs on. The GEE Whiz Daemon Port entry field determines which port to which the daemon listens. Mime Clicking the Mime tab in the GEE Whiz web configuration console allows administrators to set the mime headers. Generally, Mime information will not have to be changed. Entries cannot be added or subtracted from this screen; administrators can set the mime options for html, jpg, gt, jpe, html, lua, gif, jpeg and png files. Note that you must enable the Advanced Options checkbox to see all of these options. Copyright © Beginfinite 2005 - All rights reserved. 30 GEE Whiz 2 31 Sauce configuration The Sauce (GEE Whiz’s auto update client) screen contains configuration options for GEE Whiz. To see all of the options, click the Advanced Options checkbox. The screen options here are used to configure or reference the names and paths to the Licence Public Certificate, extension used for temporary files, whether to use the network for updates, the update directory, the licence private key, the back-up directory, the extract directory, the manifest file name and revision number. The mani.mf file exists only during the updating process. After a successful update, the file disappears. Note that editing the file name may cause problems with the update process. Do not change this name without the direction of GEE Whiz technical support. The gadHost data entry field is used to determine the location from which GEEWhiz updates are taken. Note that there is also a Sauce screen for the Gee Whiz Server screen. It contains the same options except that it is used to configure the server. Web Options This settings screen is used to control options of the GEE Whiz web client. These will allow you to customize how GEE Whiz’s web interface behaves. To see all of the options, enable the Advanced Options checkbox. Options listed here include the Listener Port and IP, trusted hosts, web root path, default error page, the default web index files, the maximum session time, worker thread pool size and the path to the Lua Init script. Copyright © Beginfinite 2005 - All rights reserved. 31 GEE Whiz 2 32 Server Options GEE Whiz’s Server options are configured here. Anti-Virus Configuration Settings for anti-virus options, filters, GEE Whiz’s anti-spam (GAS), GroupWise, Idaemon, NetMail, sauce and signature options are configured from this point. The default is the anti-virus screen. Note that the Advanced Options checkbox must be enabled to see all of these options. Note – In earlier versions of Gee Whiz, GEE Whiz2 employed a ‘user' to open and close a file to force the AV to check it. GEE2.0.1 uses a new method on Netware that negates the need for a user account. Lists The Anti-virus Apply Lists enabled checkbox allows the use of apply lists for anti-virus protection. The DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender. If Inclusive is enabled, GEE Whiz will run AV scans only on users listed in the apply list. If not, GEE Whiz will run AV scans on all users except those on the apply list. Recipient and sender are less problematic: these fields are line-by-line regular expression lists of users against which to processing for sending or receiving. More simply, ‘all of these’ versus ‘everything but these’. Copyright © Beginfinite 2005 - All rights reserved. 32 GEE Whiz 2 33 Additional AV configuration options If you are going to use GEE Whiz as part of your anti-virus strategy, anti-virus software must be installed and active on the NetWare server before installing GEE Whiz. Most NLM-based anti-virus software will work with GEE Whiz. Popular choices include: Kaspersky Anti-Virus for NetWare – www.kaspersky.com Sophos Anti-Virus for NetWare – www.sophso.com eTrust Anti-Virus for NetWare – www.etrust.com Server Protect for NetWare – www.trendmicro.com Symantec Anti-Virus for NetWare – www.symantec.com Panda Anti-Virus for NetWare – www.pandasoftware.com McAfee NetShield for NetWare – www.mcafee.com Norman FireBreak for NetWare – www.norman.com Regardless of the Vendor, your choice of anti-virus software must be able to permit real time scanning of the file system, it must support the ability to exclude directories or volumes, and it must support the ability to purge, delete, quarantine or move infected files. To permit GEE Whiz to protect your system against virus threats in conjunction with your third party AV scanner, click the Enable GEE Whiz Anti-Virus checkbox otherwise the anti-virus protection is disabled. The Enable Generic Anti-Virus Scanning checkbox must also be enabled unless Clam AV is being used. Antivirus checking in GEE Whiz is a scan-match-action process in which the software scans attachments of each e-mail using the native third party anti-virus scanning software. When enabled, GEE Whiz places a copy of each attachment in the correct “work” directory for examination. Once per hour (as defined by avcheck.lua), GEE Whiz will examine the work directory to see if the file is still there. If the file is not there, the e-mail is considered to be infected. The default work directory is GEE2\WORK. Test your anti-virus settings Once an hour, GEE copies the Eicar test virus file to the work directories to test whether the anti-virus scanner is working. This process is accomplished via the avcheck.lua file. Use this option to periodically check that the anti-virus scanner is still functioning. If the anti-virus scanner is found to be off, GEE Whiz will continue to relay messages but will not scan them, and will continue to check and will resume scanning when the anti-virus scanner is functional again. Other configuration options for anti-virus settings are: Parameter Comment Enable Anti-Virus Enabling this checkbox enables GEE Whiz’s Quarantine infected messages This checkbox will hold infected messages in GEE Whiz2’s quarantine directory. Scanner wait time This value controls the amount of time that GEE waits for the virus scanner to move the attachment if it is infected. This may need to be increased from the default of 10 seconds for those times when the GEE Whiz server is really busy. Delete infected message Enabling this will delete messages upon the discovery of an infection. Copyright © Beginfinite 2005 - All rights reserved. 33 GEE Whiz 2 34 Strip Infected Attachments from Messages Enabling this will remove infected attachments messages upon the discovery of an infection in those attachments. Replace Infected Attachments Enabling this will replace infected attachments messages upon the discovery of an infection in those attachments. The replacement file can be selected below. Infected Attachment Replacement path and Name This data entry field controls the name of the replacement attachment that appended to files in the event of an infection. The file path is also provided for reference. Infected Attachment Replacement File This data entry field selects the replacement attachment appended to files in the event of an infection. Edit – Clicking Edit presents an editing window for changing the .txt message used as a caution when an infection is discovered. Un-Zip Zips Enabling this check box will allow Gee Whiz 2 to unzip files for virus scanning. The recursion level can also be set with the Un-Zip Depth box. Antivirus Check This checkbox runs a script every hour to determine whether the antivirus software is responsive. If it is not, an alert will be generated. Temporary Work Path This field reports the work AV work directory. Scripts Path This field is used to locate the processing script used by GEE Whiz2’s anti-virus features. Clam AV settings Clam AV scanning is enabled here. Ticking this checkbox will make Gee Whiz attempt to connect with a CLAM AV scanner. Note that the Daemon Port and IP needed for this feature must also be configured here. Lastly, the Enable Generic Antivirus scanning copies the file to a temporary work path. After a pause, if the file is still present, Gee Whiz 2 assumes that the file has been found uninfected by resident antivirus products. Generic scanning can be used in conjunction with ClamAV. Copyright © Beginfinite 2005 - All rights reserved. 34 GEE Whiz 2 35 Filters The Filters configuration screen has several sections. The most important configuration options are presented first. The Filtering Apply Lists checkbox activates this feature. The DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender. The Enable Message filters checkbox enables filtering of messages based upon their content. Below this is a field for the Message Filter Scripts Path, which is the location of the script for GEE Whiz’s message filters. Two other checkboxes in this section are Quarantine Filtered Messages and Disable Filtering on Outgoing Messages. Enabling these checkboxes will hold filtered messages for examination by administrators or let all outbound mail pass through without examination by GEE Whiz. Quarantine will not involve deletion unless that option is chosen specifically. File Attachment Filtering Click the Enable File Attachment Filtering checkbox to permit GEE Whiz to filter attachments. Note that this feature can function independently from message filtering. Below that is a checkbox for the enabling of File Name Filtering. This processes attachments on the basis of their names as compiled in the File Name Filter List field. Each entry is a regular expression. The File Size Filtering checkbox allows GEE Whiz to filter files using their sizes. This helps prevent oversized messages from consuming resources. The entry field below controls the size. The default is 1000k. Copyright © Beginfinite 2005 - All rights reserved. 35 GEE Whiz 2 36 File Type Filtering Often called Fingerprinting, this feature allows GEE Whiz administrators to delete files, which are non-business related, or to control the flow of certain types of attachments through their e-mail systems. To activate this feature, click the File Type Filtering checkbox and then the file types available: Executable, Music, Compressed, WindowsFile, Document, Image, Movie and Password Protected Zip File. Additional File Filtering Options Several other configuration options for handling and processing files by GEE Whiz are also available. The Remove Filtered Attachments checkbox will strip attachments, which trigger filters from their associated messages while the Delete Entire Message option deletes prevents delivery of both the message, and the attachment. The Replace Filtered Attachments, Attachment Replacement Name and Attachment Replacement File contain associated entry fields for the replacement of those file components. The File Filter Scripts Path points to the location of the scripts that GEE Whiz references for its processing of filtered files. GEE Whiz also allows administrators to configure the addresses affected by Incoming and Outgoing message Interception and Redirection. These can be added to and customized individually by their associated data entry fields. Note that DOS-style editing is permitted and can be activated individually. Remember! After you make changes on a filtration option, remember to click Submit button or your changes will not be applied GEE Whiz. Copyright © Beginfinite 2005 - All rights reserved. 36 GEE Whiz 2 37 GroupWise Anti-Spam (GAS) The GEE Whiz Anti-Spam settings allows administrators fine control over their spam settings. The Anti-Spam Apply Lists checkbox activates this feature. The DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender. Anti-Spam To activate the GEE Whiz Antispam protection feature, enable the checkbox. Quarantine Messages Found As Spam Enabling this feature quarantines all e-mail with a GAS value that is equal to or greater than the value in the spam identification threshold. This feature will disable the “Redirect” and “Auto-Delete” if all three features are enabled. You can indicate the number of days to hold e-mail in the quarantine; the default value is 30 days. Enable spam identification places a text string at the subject line so users can identify spam in their inboxes quickly. This text can be edited in the data entry field provided. When mail is identified as spam is controlled by means of the Spam identification threshold entry field. The default value is four. The Enable Non-Spam Identification allows GeeWhiz2 to mark messages as non-spam by changing the message subject by means of the accompanying identification string. Other options include Insert GEE Whiz anti- spam headers into messages and only add anti-spam headers on messages found as spam. These insert headers into all mail processed by GEE Whiz or only those identified as spam based upon your settings respectively. Enabling the Add anti-spam results file to messages checkbox will include the results of GEE Whiz processing in delivered messages. Activating the Only add anti-spam results on messages found as spam adds the result only to messages which trigger spam filtration. This can be useful when tweaking and diagnosing spam settings. Redirection GEE Whiz allows administrators to customize how mail is redirected. To activate this feature, click the Enable spam redirection checkbox. You now have the option of setting the Spam redirection threshold and the Spam redirection address. If you enable this feature, e-mail with a GAS score that is equal or higher than the “Redirect Threshold” will be delivered to the e-mail account specified in the “Address To Redirect To”. The default value for the “Redirect Threshold” is 10.0. GroupWise Warning - Do NOT enable the Redirect feature and forget to specify a valid e-mail account to which to redirect spam e-mail. If you start GEE Whiz without the “Address To Redirect To” field empty, your GroupWise server will abend. Do not set the number of “Days” as a high value, or as a blank value as e-mail will accumulate and eventually you will encounter a space usage problem on the volume. Copyright © Beginfinite 2005 - All rights reserved. 37 GEE Whiz 2 38 Message Ignore Threshold - This sets the maximum size of the message file that GEE Whiz will perform anti-spam checking on. The value is set in kb (1024 bytes), with a minimum score of 0 and a maximum score or 1000. The default score is 100. Be careful setting this score, as the file size increases the time to perform anti-spam checking also increases. Automatically deleting spam The Enable spam auto-delete checkbox permits GEE Whiz to remove spam immediately once it has been identified. The threshold for doing this is set with the data entry field below this checkbox. The advantage of this feature is that messages that are obviously junk mail are deleted so that they do not consume system resources. Two additional options are presented on this screen. The Message ignore size threshold allows administrators to set GEE Whiz to not process spam above a certain specified size. Spammers generally keep their mails quite short in order to send out millions of messages daily. Larger messages tend not to be spam. Finally, the GAS scripts path determines where GEE Whiz keeps its GAS scripts file for processing spam. Textual Classification These customizations allow for precise control over how GAS functions when processing mail. Enable textual classifier to have access to these settings. Currently, GAS supports two types of Score Method. Select either Geometric or Arithmetic from the drop down menu provided. These control how a mean is established. The Token pipeline stages sets the number of processing pipelines the classifier uses to create tokens. A setting of one will function as a Bayesian classifier. Any increases to the token database will be exponential; hence there the limit is five. The Cut-off tweak value field will add itself to the calculated value that the textual classifier resolves for a message. The usefulness of this feature is to help compare classifier numbers with Spam Assassin’s Bayesian scores. The Default score sets the value of tokens that the classifier has not yet seen. Scale factor is a weighing or weighting factor. The larger the value, the more weight given to the default score in instances where there are low token counts. The Required tokens field determines how often a token must appear before it is considered in calculations. The Ham corpus path indicates the path to the messages that are not ham for use by the textual classifier are kept. The Ham corpus work path controls the temporary work path for creating tokens. Finally, the Ham corpus work level controls the number of subdirectories generated. All three corresponding Spam corpus path, Spam corpus work path and Spam corpus work level function the same way. The Token data file path is where the data file resides which is used to score incoming messages. The Learning Cache Size data entry field limits the size of caches. The Minimum Tokens (Scoring) data entry field sets the minimum number of number of tokens that must be generated by a message before its classifications are treated as valid. Copyright © Beginfinite 2005 - All rights reserved. 38 GEE Whiz 2 39 Network Tests Click the Enable network tests checkbox to permit network (mostly DNS) testing to function. Note that disabling this checkbox disables all network testing, including the Enable RBL tests function below. The Maximum IPs to check RBLs against in a message sets the maximum number of IP addresses that will be referenced against a RBL. The Maximum URI DNSBL checks per message similarly limits the number of SuRBL checks performed against messages. White Lists The GAS configuration screen also permits administrators to set white listing and blacklisting functions including: Blacklist 'From' path Whitelist ‘From’ path Whitelist 'To’ path Blacklist 'To' path More Spam ‘To’ Path: Users in this list have the score of the rule titled USER_IN_MORE_TO_SPAM rule subtracted from messages sent to them. This also affects anyone else to whom the message was sent. More Spam ‘All’ Path: Users in this list have the score of the rule titled USER_IN_MORE_TO_ALL rule subtracted from messages sent to them. This also affects anyone else to whom the message was sent. DOS-style list entries: Selecting this option will permit list entries to be processed in DOS style Check list matches in envelope: Enabling this permits GEE Whiz to check the entire message envelope for blacklist and white list matches Case insensitive list entries: Enabling this turns off case sensitivity when processing lists Languages and Locales The GAS options configuration screen permits administrators to customize both Acceptable Incoming Message Languages and Acceptable Incoming Message Locales. This can be useful in eliminating foreign language spam or spam originating from offshore. The defaults are to accept all languages and all locales. By default, English-only rules are loaded. If you select to add another rule, those rules will take precedence over the English rules if there is a conflict. Adding additional language rules will increase the time to perform anti-spam checking. Copyright © Beginfinite 2005 - All rights reserved. 39 GEE Whiz 2 40 Trusted Networks Entering an IP into the Trusted Network data entry field tells Gee Whiz 2 to treat that any IPs or Hosted Networks listed will not be treated as spammers, open relays or open proxies. No DNS blacklist checks will be made against the listed IPs or hosted networks. Infer Network Trust based on Helo MX should only be used if no trusted networks have been entered. A network is considered trustworthy if its IP address is close to the MX used for the hostname. Note that this slows Gee Whiz 2’s processing considerably. It is strongly recommended that a traditional list of IPs and Hosted networks be used. Finally, the DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before processing. Enable Remote Rulesets Enable this checkbox to download the list of specified remote rules automatically. The Remote Rulesets Path and entry field reports where remote rules will be stored. The next entry field box, Remote Rulesets, contains the list of URLs from which rulesets will be updated. Rules Path Grouped at the bottom of the GAS configuration screen are the paths and settings for Rules. The Rules Path entry field determines where the software references GAS rules. Typically this is in /gas/rules/. The Rules Score Set drop down menu has five options: 1, 2, 3, 4 and Automatic, the default. 1 – No Network and No Bayesian 2- Network but no Bayesian 3 – Bayesian but no Network 4 – Network and Bayesian Automatic – Configure the score set based on both Network and Bayesian settings. Additionally there is an entry field for setting a Custom Rules Path and a Rule Language Modifier for making use of language specific modifications. Copyright © Beginfinite 2005 - All rights reserved. 40 GEE Whiz 2 41 General The General Server settings allows administrators fine control over basic GEE Whiz operations. The General Apply Lists checkbox activates this feature. The DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender. Interface The General configuration screen has an Enable Interface checkbox. Clicking it so that there is a checkbox activates the console interface. Logging There are several configuration options available for controlling how GEE Whiz’s logging is accomplished. Console Log Level and Log File Log Level. Both are controlled by drop down menus. These have three settings: Normal, Verbose and Debug. The default is Normal. There are several other Debug Output options that may be enabled: URI – URIs parsed from the scanned message Received Header Parses – Relays found during header processing. LUA Globals – Threats found in LUA scripts Remote Rulesets –Remote ruleset script operations RBLs – RBL and SuRBL results DNS – DNS resolver output GAS – Anti-spam module output The Log file save path determines the directory where logs are stored. The Purge log files check box will, if enabled, permit GEE Whiz to delete logs automatically when the value in the next field -Log file purge age (days) – is reached. The default is 30 days. Delete on Quarantine is also a feature located here. Enabling this checkbox will delete material which is held back after triggering filters. These messages and attachments will NOT be sent to the user. DNS The DNS Root Server Hosts Path field identifies the location of the DNS Root server host description file. The DNS Cache Max Entries limits the number of entries in the DNS cache while the DNS Cache Wait Time determines the time to wait before these entries expire. Copyright © Beginfinite 2005 - All rights reserved. 41 GEE Whiz 2 42 Scheduled Events Periodic events are controlled through crontab style entries in a data field, followed by a notice of which script to employ. For example: * 3 * * * quarcleanup.lua Paths This portion of the General screen allows GEE Whiz 2 administrators to set: General Gee Whiz scripts path The statistics save path Private license key path Public certificate path AV NDS User The AV NDS User Name and AV NDS User Password are used to ‘touch’ files in order to trigger anti-virus scanning operations. Bypass Enabled Enabling this checkbox permits mail and attachments flow to bypass GEE Whiz processing. Bypass lists can be set for GAS, filters and anti-virus. General configuration options General Thread Stack size in bytes determines the stack sizes DNS server operations Installation Directory Full text ignore size Revision Number Cache Cleanup interval in seconds Revision number Copyright © Beginfinite 2005 - All rights reserved. 42 GEE Whiz 2 43 GroupWise options GEE Whiz also has a configuration screen for managing its interactions with GroupWise. The Enable GroupWise Handler checkbox must be clicked in order for it to function with Novell’s GroupWise. Below that are data entry fields for several interactions with GroupWise. The Worker Thread Pool Size has a default of 5. This value can be increased to raise performance; however, each worker thread takes 10 megabytes of memory. Raising the value too high will exceed the amount of ram in your server and cause it to crash. The Directory Poll Wait Time – The time in milliseconds for polling resources. The default value is 1000 milliseconds. The GroupWise RFC822 Message save path and the Work Path for GroupWise Messages fields are used to inform GEE Whiz of the location of where GroupWise saves internet mail messages that are being processed. Messages sent from GroupWise to the Internet must be converted from GroupWise format to MIME or RFC822 format. By default, the Internet Agent converts messages to MIME format. If the GroupWise users on your network need to send messages in both MIME format and RFC-822 format, you may want to create separate directories for these. Additionally, the Save Path for Unparseable Messages can be set from this screen. This screen is also used to set quarantine options. The Quarantine Directory entry field is set from this location. How GEE Whiz 2 uses this directory is customized by the two options beneath it: the Purge Quarantine Directory checkbox and Quarantine Message Purge Age field. Enabling the checkbox will delete contents of the GEE2 quarantine directory when the age of those files exceeds the age in days, as set by the age field. Additionally, there are data entry fields for directing GEE Whiz to other paths: GWIA receive Path GWIA send Path GWIA third/receive Path GWIA third/send Path GWIA result Path GWIA third/result Path Copyright © Beginfinite 2005 - All rights reserved. 43 GEE Whiz 2 44 Interface Daemon The Interface Daemon, or Idaemon can be configured from GEE Whiz’s web administration screens. The Listener IP for the Interface Daemon can be set from this screen. The Listener IP permits connections to the daemon. A setting of all, the default, will permit connections from any IP. The Listener Port over which the interface connections will occur is set here. Trusted Connections is a list of IPs allowed to connect to the Interface Daemon. Again, a setting of all will permit any connection. Trusted hosts is a list of IPs which will automatically be authenticated. Remember to configure the trusted connections to ensure that proxy connections function. The Worker Pool Thread Size for use by the daemon is settable. Note that adding many threads might seem the best way to boost performance, GEE Whiz is in fact more CPU than ram dependent. Moreover, each thread increases GEE Whiz’s memory requirements. Remember! After you make changes on a filtration option, remember to click Submit button or your changes will not be applied GEE Whiz. Copyright © Beginfinite 2005 - All rights reserved. 44 GEE Whiz 2 45 NetMail GEE Whiz has a screen for the configuration of NetMail-related settings. The Enable GEE Whiz for NetMail checkbox must be checked for GEE Whiz to interact with each NetMail. Below that is a field for the Worker Pool Thread Size. This sets the number of worker threads, which are available to use for NetMail. The NetMail done path field sets the temporary storage directory where messages are held before being reintroduced to the queue while the Save Path field notes the temporary directory where translated RFC822 files are stored. The Trusted Hosts field lists IPs permitted to connect to the GEE Whiz NMAP listener, also known as the NetMail IP server. The default setting is All. Remember to configure the trusted connections to ensure that mail flows. Quarantine Three configuration settings for quarantine functions are on this configuration screen. The Quarantine Directory chooses the path where quarantined NetMail messages are stored. Enabling the Purge Quarantine Directory checkbox permits GEE Whiz to delete old messages and files from its quarantine directory for NetMail. The Quarantine Message Purge Age (Days) value determines the number of days before which files are removed. Nmap Configuration The NetMail configuration options screen also includes five entry fields for Nmap IP settings. The NetMail NMAP IP is the number for the Nmap NetMail server. This is a vital setting in the installation process. The NMAP Port setting determines which port the Nmap server is running on. The NMAP Listener IP determines which IP GEE Whiz will listen for Nmap on while the NMAP Listener Port will be the port for this operation. GEE Whiz NMAP Identifier is the extension GEE Whiz will add to the NetMail envelope to identify already processed messages. Redirect Spam to Mailbox Enabling the Redirect Spam to Mailbox allows for collection of spam in one location. The Redirection Work-around Password is employed to determine whether mail has been modified by an alias agent. If a message was not going to a mail box and it has the password in it, it will be redirected. Set the name of the spam catching mailbox in the data field provided here: Redirection Mailbox Name. Copyright © Beginfinite 2005 - All rights reserved. 45 GEE Whiz 2 46 Sauce Server configuration The Sauce (GEE Whiz’s auto update client) screen contains configuration options for GEE Whiz. To see all of the options, click the Advanced Options checkbox. The screen options here are used to configure or reference the names and paths to the Licence Public Certificate, extension used for temporary files, whether to use the network for updates, the update directory, overwrite locally modified files, the licence private key, the back-up directory, the extract directory, the manifest file name and revision number. The mani.mf file exists only during the updating process. After a successful update, the file disappears. Note that there is also a Sauce screen for the Gee Whiz Web screen. It contains exactly the same options except that it is used to configure the web administrator rather than the server. Remember! After you make changes on a filtration option, remember to click Submit button or your changes will not be applied GEE Whiz. Copyright © Beginfinite 2005 - All rights reserved. 46 GEE Whiz 2 47 Signature GEE Whiz offers administrators the ability to add corporate disclaimers be added to the top or bottom of each email. “Signature / Disclaimer Options” provide that capability. Administrators may add disclaimers to the top and/or bottom of each message. You can also select to add disclaimers to outgoing email only. There are various options that deal with text only and html formatted e-mail and you have the ability to add images to html-formatted disclaimers. Refer to the online contextual help in GEE Whiz for specific instructions The Signature Apply Lists checkbox activates this feature. The DOS Style Apply Lists checkbox will, if enabled, convert apply list entries from DOS style syntax to PERL style regular expressions before processing. There are three other apply lists configuration options here: Inclusive, Recipient and Sender. Copyright © Beginfinite 2005 - All rights reserved. 47 GEE Whiz 2 48 SMTP GEE Whiz allows administrators to configure SMTP settings. The SMTP proxy server based filter sitting between the internet and the mail server. Incoming mail is accepted from the internet, checked by GEE Whiz for either viruses or spam, and then delivered to the SMTP mail server. As far as the outside world is considered, the proxy is for all intents and purposes the proxy is your mail system. As far as your mail system knows, the proxy is the outside world. Begin by clicking the Enable GEE Whiz SMTP Proxy checkbox. Beneath that are several directories that can be configured. The Worker Thread Pool Size and Outgoing Thread Pool Size determine the number of threads used to process inbound or outbound mail. These can be increased to boost performance but each additional thread demands additional RAM. The Save Path and SMTP Done path have defaults of smtp/save/ and smtp/done/. Mail that is bounced for what ever reason—no such user or another error—can have an accompanying message. This text is stored in the SMTP Bounce Path. To change the default text associated with this action, click the Edit button. Quarantine Three configuration settings for quarantine functions are on this configuration screen. The Quarantine Directory chooses the path where quarantined SMTP messages are stored. Enabling the Purge Quarantine Directory checkbox permits GEE Whiz to delete old messages and files from its quarantine directory for STMP mail. The Quarantine Message Purge Age (Days) value determines the number of days before which files are removed. To set the SMTP Host Name, use the provided data entry field. Testing your installation – Administrators should be able to telnet to the port 25 and get the GEE Whiz banner rather than the GWIA banner. Suppress banner prevents the broadcasting of a lot of information about your mail server. While not an immediate risk, GWAVA advises that this information be suppressed. SMTP Listener IP controls the address to which GEE Whiz 2 will bind. All is the default but administrators may want to bind to only the public IP instead. The setting of All will work generally, but for some complex mail systems this setting may need to be altered. SMTP Listener Port is set to the standard of Port 25. Do not change this: it must be port 25 to be publicly viewable service. For testing and diagnosis, it may occasionally be useful to change this value to another port, but it must be changed back to Port 25 as all mail systems default to port 25. Trusted relay hosts If the sender’s IP is listed here, then the message is accepted without further authentication, otherwise, the message is rejected. While this is generally used for inbound mail; however it may be that an IP for outbound mail may be listed here. For example, a program generating reports that are mailed automatically to remote locations may need to be listed here. What if your message system is running GEE Whiz and GWIA on the same server? Only one server can listen to an IP address a particular port. To get outgoing mail flowing l through GEE Whiz with GroupWise edit gwia.cfg. Find the lines with switch /mh. Add the IP address of the GEE Whiz server and restart the GEE Whiz server. This will relay all mail through Gee Whiz. Copyright © Beginfinite 2005 - All rights reserved. 48 GEE Whiz 2 49 The Internal SMTP Servers/Domains has two fields. The first field is used to list the IP of an internal server. The second larger field beneath it is details what domains are serviced. The SMTP Server Lists are DOS-Style checkbox will, if enabled, convert apply SMTP list entries to DOS style syntax. Outgoing Thread Stack Size limits the stack size memory allocation. This value is expressed in bytes. The SMTP Bad path is the directory where failed mail transfers are kept. The default is smtp/bad. Copyright © Beginfinite 2005 - All rights reserved. 49 GEE Whiz 2 50 Statistics GEE Whiz’s statistical reporting is collected into the statistics screen. These can be enabled separately, as can the more granular options within them. General Statistics Message Statistics Message Numbers Message Attachments statistics Message Virus Statistics Message Filtered Statistics Message Spam Statistics Detail Antivirus Detail Viruses Received Statistics Viruses Sent Statistics Viruses Name Statistics Filter Detail Statistics Message Filter Statistics Attachment Size Filter Statistics Attachment File Name Filter Statistics Attachment File Type Filter Statistics Redirection Filter Statistics Interception Filter Statistics Spam Detail Statistics Identified Spam Statistics Redirected Spam Statistics Auto-deleted Spam Statistics User Based Spam Statistics Score Based Spam Statistics Rules Based Spam Statistics Bayes Classifier Based Spam Statistics RBL Rules Based Spam Statistics Lists Based Spam Statistics Copyright © Beginfinite 2005 - All rights reserved. 50 GEE Whiz 2 51 Logs GEE Whiz’s gives administrators access to all stored client logs and server logs. Click on the Logs tab in menu. The available logs are presented by date in this format: Year/Month/Date. Clicking any of the date files presents the selected log file. Ipauth Additional Client and Server statistics are available from the Statistics menu in the Gee2 Web administrative console. Client and Server Statistics are available for IP authorizations—called IPauths. To re-zero the collected statistics, click Reset Stats. Copyright © Beginfinite 2005 - All rights reserved. 51 GEE Whiz 2 52 Spam Control GEE Whiz’s Spam control configuration screens allow for granular customization of its spam protection behaviors. The Spam Control section of the GEE Whiz configuration program has five major sub sections. Classifier RBLs RuleSet SPF SuRBLs Many of these are only one screen deep. The section with the most number of sub screens is Ruleset. The RuleSet screen contains all the filtration rules installed on your GEE Whiz environment (as opposed to externally sourced items like RBL lists, for example). These pages present the paths to both the ham and spam corpus as well as the classifier’s readiness status. For sorting convenience, three screens will be highlighted. All, Search and Add. All lists every rule in the system. To find a specific rule, either go to the sorting sections in between (Body, Header, Rawbody, Meta or Uri depending upon the data for which you are seeking) or click Search. All the sorting screens, including All, list the rules by Name, Description, Score and Type. Rules can also be edited. The Edit a Rule screen has the same functionality as the Add a Rule Screen. Administrators can search for a specific rule by Name, Description or Rule Type (All, Body, Header, RawBody, Meta or Uri). Anti-spam checking in GEE Whiz is a condition-match-score-action process in which our software checks each e-mail against all of the defined rule sets, which includes Spam Assassin rules, Bayesian Classifier rules, and Realtime Blackhole List (RBL) rules. If there is a match, then the pre-defined score is assigned to the e-mail. Once all of the rules have been processed and scores have been assigned to the e-mail, the total aggregate score is determined and a pre-defined action is taken, otherwise GEE Whiz passes the email on to anti-virus software for further processing. Both Header and Content Filters lists can be modified to assign a GAS score to the e-mail instead of applying the configured filter actions used for other filters. In effect, this feature will forward e-mail that match header or content filter rules on to Spam Control for further processing, instead of being placed in the Filter quarantine. SARE The spam configuration screens have a built-in link to the Spam Assassin Rules Emporium. Clicking the SARE button will open a new browser window at this web site. Copyright © Beginfinite 2005 - All rights reserved. 52 GEE Whiz 2 53 Adding/Editing a rule Click the Add button to begin. Give the rule a Name. Then, choose the rule Type: Body is the default, but administrators can also select Body, Rawbody, Header, Uri or Meta. Next, add a Description. Preferably, a plain text description as to what the rule does, permits or denies that will be understood by colleagues at a glance. Four suggested score fields follow. These scores can be adjusted later. Lastly, include the rule string itself and, if necessary, enable DOS style for the rule string. Click Submit to conclude or Reload Ruleset as needed. RBL GEE Whiz makes use of the checking RBLs to assign a GAS value to e-mail if they are found on a listed RBL. Select RBL in the navigator pane and then choose to Enable RBL Checking. You have the option to assign the same default GAS score of 2.5 (adjustable) or to use the score associated to the listed RBLs. Administrators can also delete existing RBLs, add new RBLs to the list and modify GAS values for each RBL in the list. RBL spam filtration rules are configurable also. Existing RBL rules are shown at the bottom of the RBL screen and are identified by Name, Description, Score and Type. These can be edited, and new rules created in largely the same way as discussed in the Ruleset section of this manual. To Add a RBL entry, use the form at the top of this screen. Enter the RBL Name, Type (select A or Type from the drop down menu), the RBL Address, the RBL subtest (optional), and the Scores then submit or reload. A or Type? Some RBLs use TXT resolves instead of Type A.A/TXT specifies if GEE Whiz will do an 'A' rr lookup, or a 'TXT' rr lookup. Most of the time, this setting should be left on Type A, which is the default. Copyright © Beginfinite 2005 - All rights reserved. 53 GEE Whiz 2 54 SuRBL The SuRBL configuration screen allows administrators to view the SuRBL rules as sorted by rule Name, Description, Score and Type. Adding and editing SuRBL rules function as rule adding and editing elsewhere in this section. Copyright © Beginfinite 2005 - All rights reserved. 54 GEE Whiz 2 55 SPF The SuRBL configuration screen allows administrators to view the SuRBL rules as sorted by Name, Description, Score and Type. Adding and editing SuRBL rules function as rule adding and editing elsewhere in this section. Copyright © Beginfinite 2005 - All rights reserved. 55 GEE Whiz 2 56 Classifier GEE Whiz includes a “Textual Classifier” which is an algorithm and a body of e-mail (known as a “corpus”) that e-mail can be assessed against. It is 20 times more effective than the Bayesian classifier used in the previous version of GEE Whiz. Tokens? The GEE Whiz 2 textual classifier builds tokens based upon individual words and word groups. (A maximum of five words per group.) The default scores will work reliably throughout an evaluation. You can implement a more aggressive e-mail corpus but that can also increase the number of false negatives and false positives. Ham and spam directories Beyond hard drive space and RAM, there is no limit to the number of e-mails that may be kept as samples in the spam and ham directories for the Textual Classifier; however, GEE Whiz 2.0 is as effective with 500 of each type of e-mail as GEE Whiz 1.x was with 10,000 SPAM and 2,500 ham. The GEEWhiz 2.x classifier is more sensitive to quality than quantity. Each time one presses Teach, the existing token set (contained in the tclass.dat file) is deleted and a new token set is built. To maximize the accuracy of the textual classifier, build your own corpus of spam and ham. Spam is a numbers game. Spammers send out millions of e-mails about the most generic subjects. Building a good corpus of spam and ham will involve selecting e-mails which are representative of your industry as spam. You should select for your corpus e-mails that GEE Whiz falsely identified as spam, and update your samples. How? You can export e-mail from the quarantine to obtain ham e-mail. You should place e-mail that GEE Whiz failed to identify as spam (false-negatives) into the spam corpus folder. You can export e-mail from GroupWise clients [similar to what was done with GEE Whiz 1.4.x). Your e-mail corpus should contain original e-mail with no duplicates multiple e-mails that have very similar content). Once you have a sufficient corpus of good and bad e-mail, click Teach button. We recommend performing this process during quiet hours to reduce the impact to your users. Copyright © Beginfinite 2005 - All rights reserved. 56 GEE Whiz 2 57 Filters Filtering in GEE Whiz is a condition-match-action process in which GEE Whiz will check each e-mail including attachments against all of the defined filters. If there is a match, then the pre-defined action is taken, otherwise GEE Whiz passes the e-mail on to spam control for further processing. The GEE Whiz filter creation screens for easy creation and management of custom filters. GEE Whiz ships with no customized corporate filters, but these are easy to create. To begin, click the Filters button in the menu and then Add. This presents the filter-editing window. The first and most global characteristic to decide upon in your filter is whether the filter applies to the Header, Content or Size. Use the drop down menu to make your choice and click Next. The next step in constructing your filter is entering the search string itself. The determine whether the filter applies to Text, Raw Text, URI Text or HTML and whether the string in question is to match or not match that in the entry field below these drop down menus. Click Next when ready. The filter is essentially complete. The next screen presented will summarize your filter (in our example, plain text of the string “toner cartridge” in the body of an e-mail). You now have the option of selecting Filter Complete, Clear this filter or Add a Filter Segment based on the message filter, which essentially uses the current filter as the basis of an extended filter by the means of an And/Or operation. Otherwise, you will be asked to name this filter. Do so in the field provided and click Next when ready. The filter will now appear in your list of active filters. Copyright © Beginfinite 2005 - All rights reserved. 57 GEE Whiz 2 58 Using Regular Expressions You can use regular expressions to define filter conditions for “File-Name” filters, “Header” filters and “Content” filters. If you are not familiar with regular expressions, you can find useful information on the Internet at: http://www.regular-expressions.info/tutorial.html http://www.perldoc.com/perl5.8.4/pod/perlre.html http://weitz.de/regex-coach/ Once you are familiar with regular expressions, or ‘regexs’, or if you are already familiar with them, there are a few points to note in GEE Whiz’s particular implementation of them. Firstly, we wanted our lists to be easy to use by persons familiar with DOS-like pattern matching such as “person?@domain.*”. Therefore, we parse each list into the regular expression equivalent of the DOS-like pattern match. This only affects three regular expression characters, Star (*), Dot (.), and Question Mark (?). Star (*) will be interpreted as Dot Star (.*). Therefore it will match any number of any characters. Dot (.) will be interpreted as an Escaped Dot (\.). Therefore it will only match the character ‘.’. Question Mark (?) will be interpreted as Dot Curly One Curly (.{1}). Therefore it will only match one of any character. The parsing of lists means that you will have to alter your regular expressions to reflect the parsing. For example, if you want a completed regular expression that looks like “.*boy@place\.com” then you should enter “*[email protected]”. Note that if you enter something like “.*boy@place\.com” that it will be interpreted as “\..*boy@place\\.com”, which is probably not what is wanted. All other regular expression forms will not be parsed and taken at face value. (For example, {1,10}, +, ^, ect.). Using Recipient Filters GEE Whiz provides two types of Recipient filters to allow the redirection of inbound e-mail. With Redirection Filters, you can create one or more filters to redirect an inbound e-mail to a different e-mail account. The original recipient will not receive the e-mail. With Interception Filters, administrators can create one or more filters that will send a blind carbon copy to the new recipient and send the original e-mail to the original recipient or recipients. Copyright © Beginfinite 2005 - All rights reserved. 58 GEE Whiz 2 59 Quarantine The configuration screens for GroupWise, Netmail and SMTP are identical. A General Warning About Quarantines There are e-mail Quarantines in each of “Filtering”, “SpamControl” and “Antivirus”. GEE Whiz places a copy of e-mail in memory and processes that copy against all filters and rulesets it encounters. If a condition is matched and the applicable Quarantine is enabled, the original copy of the e-mail with attachments is placed in the Quarantine. The administrator has the ability to hold that e-mail in the Quarantine, to delete it, or release it. If an e-mail is released it is considered fully processed and will be delivered directly to the recipient without any further processing. For example, if the “Buy Vicodin Online nqwsdwpbz” e-mail was released from the Filter Quarantine, GEE Whiz would consider that e-mail to be safe and would deliver it to the intended recipient without any further processing, thus by-passing all filter, spam control and anti-virus checking. Parameter Comment Subject This field is the search parameter or string required. The DOS Style checkbox, if enabled, allows the search method to include DOS style information in its parsing of the searched material. Sender This field is used to locate a specific sender. The DOS Style checkbox, if enabled, allows the search method to include DOS style information in its parsing of the searched material. Similarly, the Check Envelope is also used to specify the search criteria. Recipient This field is used to locate a specific recipient. The DOS Style checkbox, if enabled, allows the search method to include DOS style information in its parsing of the searched material. Similarly, the Check Envelope is also used to specify the search criteria. Size This adds a custom search size in bytes. Administrators can search for values of greater, lesser or equal to this value. Age This adds a custom search size in age as measured by days old. Administrators can search for values of greater, lesser or equal to this value. Quarantine Type Administrators can search for quarantined mail for mail type: spam, virus or filter. Max Results This field limits the number of returned results from the query. Copyright © Beginfinite 2005 - All rights reserved. 59 GEE Whiz 2 Show fields 60 Remove, To Spam, To Ham, Release (Orig), Release (Mod), Release To, Message ID. Subject, To, From, Date, Age, Size Copyright © Beginfinite 2005 - All rights reserved. 60 GEE Whiz 2 61 License Clicking the Licence entry in the GEEWhiz 2 navigational menu presents a screen detailing the licensing information for your installation. Copyright © Beginfinite 2005 - All rights reserved. 61 GEE Whiz 2 62 Using GEE Whiz General Administrative Routines How Configuration Settings Are Stored Configurations settings are stored in sys:/gee2/config directory as a .GOP file. There are several things that you can do to prevent a disaster and to ensure an easy recovery from a disaster: Perform Regular Backups At minimum, you should perform a regular backup of the GEE2 directories. Correctly Apply Anti-virus scanning GEE Whiz needs to be able to write to all of its pem license files, configuration files, filter files, and Spam Assassin Ruleset files. You need to ensure that anti-virus scanning is correctly configured for the following directories: Exclude the GWIA\Third directory structure Exclude the GEE2WEB directory structure Exclude the GEE2 directory structure except: scan the opt/gee2/work and all child folders and files Verify File System Rights and Attributes Perform an effective rights check for the account that GEE Whiz uses and confirm that the user has rights to the Gee directories and to the directories. Also ensure that all GEE folders and files are set to purge immediate and to read-write. Anti-Spam Anti-spam checking in GEE Whiz is a condition-match-score-action process in which our software checks each e-mail against the defined rule sets that includes SpamAssassin rules, bayesian classifier rules, and real time black hole List (RBL) rules. If there is a match, then the pre-defined score is assigned to the email. Once all of the rules are processed and scores have been assigned to the e-mail, the total aggregate score is determined and a pre-defined action is taken, otherwise GEE Whiz passes the e-mail on to Antivirus for further processing. Anti-Spam checking is only available to customers who have purchased GEE Whiz. Enable spam controls Begin by enabling the spam controls in the GAS screen otherwise spam control is disabled. Generally speaking, spam control can be enabled to either quarantine e-mail or deliver/redirect/auto-delete e-mail that is determined to be potential spam. There are several different threshold values that can be set. The default values are considered to be non-aggressive and could allow real spam to be delivered to users without being detected. Copyright © Beginfinite 2005 - All rights reserved. 62 GEE Whiz 2 63 Setting Identification You can configure how GEE Whiz modifies the Subject line of an e-mail to mark it as spam and optionally display the GAS value assigned to the e-mail. You can also indicate that a Gas Results.txt file is attached to the e-mail that will show all of the rules that triggered by the anti-spam processing. Alternatively, you can choose to imbed those rules in the header of the e-mail. Using Lists Before GEE Whiz evaluates e-mail against the rules. White Lists indicate addressees that should be allowed to bypass anti-spam checking. This is done by adding a negative score to the GAS value assigned to the e-mail. The default score is –100. There are two white lists: WhiteList To checks addressees in the To: and Cc: fields. WhiteList From checks addressees in the From: field. Black Lists indicate addresses that should be guaranteed to be assessed as spam. Adding a positive score to the GAS value assigned to the e-mail does this. The default score is +100. There are two black lists: BlackList To checks addressees in the To: and Cc: fields Blacklist From checks addressees in the From: field. Additional Bypass notes An alias agent can create an entirely new message, without the third-party extension in the envelope which tells GEE Whiz2 that a given message has already been processed. The GEE Whiz2 bypass system adds a header with a base64 encoded sha1 hash of the password set by the administrator. If this field is found, the message is not sent for processing and so loops are avoided where messages are processed and processed again. Inter-product functionality - This feature can also be used to allow spam messages released from GWAVA to not be picked up by GEE Whiz. GWAVA would need to give a base64 encoded sha1 hash of the same password, and same header. SpamAssassin 3 Rulesets GEE Whiz makes use of the Spam Assassin 3.1 ruleset. Copyright © Beginfinite 2005 - All rights reserved. 63 GEE Whiz 2 64 Appendix 1: The GEE Whiz NLM GEE Whiz Server Console This permits general option changes to be made, and should be used to properly unload GEE Whiz. If you make any general option changes, remember that those changes are only written in the config directory when GEE Whiz unloads, so you must choose the F7 option and unload GEE2.NLM; but it normally saves the applied options after changes as well. The NLM console reports the system uptime, outgoing messages and attachments as well as viruses. It also reports incoming message attachments and incoming viruses and spam. Below that pane are reported messages detailing actions taken by Gee Whiz. There are two function keys: F7 and F10. These exit and provide access to configuration options respectively. The F9 Key allows Gee2 to change the reported statistics at the top of the console screen. Additional statistics which replace the categories above include SMTP incoming threads, SMTP outgoing threads, NetMail threads, GroupWise threads, Current messages per second, peak messages per second, 20-second average message and Incoming Spam Found. F10 allows administrators to set the listener daemon port. Enter the new value as needed, or click escape to leave your current settings unedited. The GEE Whiz web server console The GEE2Web admin console reports the health of your network’s GEE Whiz installation. Uptime and system events are reported here. Click F7 to exit or F10 to edit the GEE Whiz Daemon port and the Web Listener port. Copyright © Beginfinite 2005 - All rights reserved. 64 GEE Whiz 2 65 Appendix 2: Configuring CLAMAV The version of Clam AV is based on latest source code of Version 0.83. Note that the current version does not support actions like removing or moving infected files. Unpack clamav-devel-latest.tar.gz #cd clamav-devel-latest #patch -p1 < ../netware-patch #tar zxvf ../netware_env.tar.gz #cd libclamav/mspack;make -f Makefile.NLM #cd ../zlib-netware; make -f Makefile.NLM #cd ../zziplib; make -f Makefile.NLM #cd ../; make -f Makefile.NLM #cd ../clamd; make -f Makefile.NLM #cd ../freshclam; make -f Makefile.NLM #cd .. Copy clamd/clamd.nlm and freshclam/freshclam.nlm to the Netware installation, then, run clamd in memory-protected mode. Operations There are two methods of using CLAM AV. Continue Scan - Connect to port 3310 and send over your scan command, such like CONTSCAN sys:/clamav/, you will scan all files under clamav directory on sys volume. After a while, you will receive result from the same port. Stream Scan - Connect to port 3310, and send STERAM command, port 3310 will send you a new port. Connect to the new port, and send over the content you want to scan, after a while, you will receive result from this port. Closing Clam If you want to quit clamd, connect to port 3310. Sending Quit will end the current session. Connect to port 3310 again to clear up the clamd.nlm. Originally ClamAV was designed to run on Linux. The Quit command kills all related processes. Netware requires a two-stage shutdown. Step 1 is to send a Quit command to close the scanner workers and setup a quit flag. Step 2 is to connect to the daemon one more time, the main thread will meet the quit flag and clean up the resources. Copyright © Beginfinite 2005 - All rights reserved. 65 GEE Whiz 2 66 Appendix 3: Trouble Shooting Installation Problems There are several problems that are common after an installation or upgrade: GEE Whiz for Netmail will not Load GEE Whiz fails to load and reports an e “unable to connect to netmail”. This is caused because either GEE Whiz is not properly configured or the Netmail NMAP Object is not configured correctly. Use the following procedure to correct this problem: Load GEE Whiz Using the GEE Whiz Admin web console ensure that the IP address for GEE Whiz for Netmail is configured with the correct IP address (refer to GEE Whiz for Netmail installation steps.) Using NetWare Administrator or the Netmail Admin web console ensure that the IP addresses listed in the Trusted Host property of the NMAP object is properly configured (refer to GEE Whiz for Netmail installation steps). Unload GEE Whiz Load Netmail and ensure that it is fully loaded Load GEE Whiz Confirm e-mail is processing through GEE Whiz by monitoring the GEE Whiz server console. GEE Whiz is operating but is not processing mail (NetMail and GroupWise) The GEE Whiz server console is available on the server, but there are no messages being processed in the message screen. There are two possible causes and solutions. GEE Whiz for GroupWise Solution – this is normally caused because GWIA was not restarted after the GWIA\Third directory was configured as the SMTP Services Queue, or the home switches are not configured in the GWIA.CFG file. The following steps can be use to verify and fix the problem: Unload GEE Whiz Open the GWIA.CFG file and confirm that the /home and /dhome switches identify the path to the GWIA directory while the /smtphome switch identifies the GWIA\Third directory Close and save the GWIA.CFG file Unload and load GWIA Load GEE Whiz Confirm e-mail is processing through GEE Whiz by monitoring the GEE Whiz server console GEE Whiz for Netmail Solution –this is normally caused because the Netmail Anti-Spam Agent and / or Anti-Virus Agent are configured or were not properly disabled before installing GEE Whiz. The following steps can be use to verify and fix the problem: Unload Netmail and GEE Whiz Using the Netmail Administration Web Console disable and delete the Anti-Spam and Anti-Virus Agents Rename the SYS:\Novonyx\Mail\DBF to SYS:\Novonyx\Mail\DBFOLD Load Netmail and confirm that it is fully loaded Load GEE Whiz Confirm e-mail is processing through GEE Whiz by monitoring the GEE Whiz server console. Copyright © Beginfinite 2005 - All rights reserved. 66 GEE Whiz 2 67 Testing using VMWare Configuring a VMWare installation for testing GEE Whiz 2 is beyond the scope of this manual and GWAVA technical support but, to remark on the matter generally, if an administrator is testing GEE2 with VMWare, the environment can run in NAT mode. To install and update GEE2, VMWare must be switched to bridged mode. Some GEEWhiz operations will take inordinately long when running in VMWare; consequently, running GEEWhiz in VMWare is NOT advised for anything other than testing. Click the networking card icon at the bottom of the VMWare window Choose between Bridged or NAT in the dialogue box presented. Confirm your choice by clicking OK. Type inetcfg. Choose reinitialize system and press enter. Copyright © Beginfinite 2005 - All rights reserved. 67 GEE Whiz 2 68 Appendix 4: Uninstalling GEE Whiz Should you choose to completely uninstall GEE Whiz, use the following procedure: Open the GEE Whiz Administration Web Console and write down the file paths for the GEE Work directories. Shutdown GEE Whiz Delete the gee2 directory (sys:/gee2/) Delete the gee2web directory (sys:/gee2web/) Delete the gee2.ncf and gee2web.ncf (sys:/system/gee2.ncf, gee2web.ncf) At this point, please ensure that your GWIA is operating satisfactorily. Move any files in GWIA\THIRD\RECEIVE to GWIA\RECEIVE Move any files in GWIA\SEND to GWIA\THIRD\SEND Please verify that all messages were sent (should be no files in GWIA\RECEIVE or GWIA\THIRD\SEND) Shutdown the GWIA Delete GWIA.CFG from SYS:\SYSTEM Rename GWIA.BAK in SYS:\SYSTEM to GWIA.CFG Restart GWIA Gee whiz 2 does not back up the GWIA. From ConsoleOne, reverse the STMP configuration steps accomplished during the installation (Step 2). Copyright © Beginfinite 2005 - All rights reserved. 68 GEE Whiz 2 69 Contact Technical Support Your copy of Gee Whiz includes 30 days or 3 incidents (whichever comes first) of complimentary technical support. For all of your support and purchasing needs, please visit our home page at www.gwava.com. 100 Alexis Nihon, Suite 500 Montreal, QC Canada H4M 2P1 Tel: +1 801 772 1880 in North America E-mail [email protected] Technical support: 1 (801) 437-5678 Copyright © Beginfinite 2005 - All rights reserved. 69