Are viruses and malware getting past your email filters? If so, you are not alone. In an email security survey conducted by OPSWAT, 51% percent of IT Administrators experienced a malware breach within the last 18 months, and 50% percent had employees that clicked on phishing links. High profile data breaches, including those suffered by Target, Anthem, Sony and even the White House, all started with a spear phishing attack. Why are these spear phishing emails not being blocked by the email security and antivirus solutions that must undoubtedly be deployed by these organizations? Organizations require an additional layer of email security that can block more threats than existing email security defenses.
Metascan Mail Agent Blocks Threats Missed by your Email Security Solution
By deploying OPSWAT's Metascan® Mail Agent in addition to your existing email security solution, you can add a second layer of email defense and block significantly more email threats. Metascan's anti-malware technology leverages the power of the different detection algorithms and heuristics of multiple engines, resulting in significantly higher malware detection rates. Metascan further protects against advanced threats, including zero-day and targeted attacks, by utilizing extensive heuristic analysis as well as data sanitization technology that removes possible embedded threats such as those utilized in spear phishing attacks.
How to Deploy Metascan Mail Agent
The Metascan Mail Agent works in conjunction with your email security solution and acts as an SMTP relay between your email security gateway and mail server, scanning all email attachments that pass through for known and unknown threats before they are delivered to your mail server. Read on to learn how to deploy Metascan Mail Agent in your network and find out how many more threats you can block.
Getting started guide: |  |
Configuration Steps:
| Property | Description | Value |
| EmailRelayOutServer | Name (or IP adress) of server to forward all email to | String |
| EmailRelayOutPort | SMTP Port to forward emails to. Default is 25 | 0~ 65535 |
| EmailRelayInPort | Port to monitor by email relay. Default is 10025 | 0~ 65535 |
| EmailRelayInDirection | Determines the direction of emails. Possible values : 0 = Incoming, 1 = Outgoing, 2 = Determine email direction using the local domain list in parameter EmailRelayInLocalDomains (If sender's email domain exists in parameter EmailRelayInLocalDomains direction is outgoing, or else incoming) | 0, 1, 2 |
| EmailRelayInLocalDomains | List of local domains. Separate multiple domains with a semi colon (;). For example opswat.com;mycompany.com. Only used when parameter EmailRelayIn is set to 2. | See description |
- Download the MetaDefender Mail Agent from the Metascan Management Console
- http://<metascan server>:8008/management/#/sources-email
- Run the Mail Agent installer on the system that will be acting as the mail relay
- Configure the Mail Agent
- C:\Program Files\OPSWAT\MetaDefenderEmailAgent\MetaDefender.Email.Engine.Generic.Agent.dll.config
- Restart the Mail Agent Service
- Configure the incoming SMTP server to send email to the MetaDefender Mail Agent
Email Infection Notifications
Metascan can be configured to send email notifications whenever an email attachment is scanned and a threat is detected. These notifications can be enabled on the Quarantine page in the Metascan Management Console. The mail server configuration must also be correctly set for email notifications to be sent.
Email Quarantine
By default, the MetaDefender Mail Agent will only log email attachments where Metascan finds a threat, but will allow the email to be delivered. To quarantine those emails, select the checkbox on the Mail Agent configuration page in the Metascan Management Console.
System Requirements
The following systems are required to set up the MetaDefender Mail Agent:
- Incoming Mail Server
- Outgoing Mail Server
- MetaDefender Mail Agent
- Requires Windows Server 2008, 2008 R2, 2012, or Windows SBS 2011
- Metascan Server (can be the same system as the MetaDefender Mail Agent)
