Scanning the GroupWise Message Store for Viruses and Content
Novell Cool Solutions: Trench
Digg This -
Posted: 10 Mar 2005
GWAVA has the ability to scan mail at the MTA level as well as directly at the Post Office level. The Post Office scanning features in GWAVA are very similar to the features used by GWAVA at the MTA. The way that GWAVA facilitates the Post Office scanning is through a Trusted Application, which requires GroupWise 6.5 or later.
The architecture of the GroupWise Post Office currently prevents GWAVA from scanning mail in a real-time fashion at the Post Office as it does at the Domain.
A few examples of how Post Office scanning with GWAVA can be beneficial include:
- Identify any message in the Post Office that may be infected with a virus, or that may contain a blocked attachment, or word list.
- Search all users sent items for company confidential information, to identify with whom the information may have been shared.
- Archive or export specific mail items from the Post Office message store. This could be used to help comply with various legal requirements.
Post Office Scanning Architecture
The GWAVA Post Office scanning has a different architecture than the MTA Scanning functions of GWAVA. Instead of scanning mail as it passes through the POA, the Post Office scanning functions of GWAVA scan the message store at administrator-defined intervals.
For example, say User1 sends mail to User2 and there is an attached virus. The GWAVA Post Office scanner will not immediately pick up the virus; instead, when the Post Office scanner runs its scheduled Virus scan (as defined by the Administrator) it would then see the virus in the mailbox of User2 and take the appropriate action.
How GWAVA Accesses the Post Office Message Store
In order for an application or program to access the Post Office message store, it uses the IMAP port of the GroupWise POA (Post Office Agent). Because of this you MUST have the IMAP port defined in Console One, and IMAP enabled for a Post Office that you wish to enable GWAVA to scan. The combination of the GroupWise POA listening on its IMAP port AND the fact that a Trusted Application has been defined in the GroupWise system, is how GWAVA is able to access the Post Office message store.
GWAVA Components Involved in Post Office Scanning
The main NLM that performs the GWAVA Post Office scanning functions is the GWAVAPOA.NLM file.
When GWAVAPOA loads, you will see a new GWAVAPOA Agent Server console screen.
Setting Up Post Office Scanning with GWAVA
There are two processes to enabling GWAVA to scan the Post Office. One is a GroupWise configuration, and the second is the GWAVA configuration.
Enabling IMAP on a GroupWise Post Office in ConsoleOne
The first thing that must be enabled for GWAVA to scan a Post Office is the POA IMAP port, and that IMAP is enabled. You can verify the IMAP port of a Post Office by going to the properties of the POA object and selecting NetWork Address.
Make sure that if GWIA is running on the same server as the POA that you use an alternate IMAP port for the POA, as GWIA will be listening on the default IMAP port of 143.
Next, go to the Agent Settings tab and check the Enable IMAP check box. This causes the GroupWise POA to listen on the defined IMAP port.
Enabling GWAVA Post Office Scanning
To enable GWAVA to scan the Post Office, use the Configuration Manager and select the Post Office Scan section. Figure 1 displays the Post Office Scan interface:
Figure 1 - Post Office Scan Configuration Interface
When you first check the option to Enable scheduled Post Office scanning, you will receive a prompt stating that this feature is ONLY available when you are using GroupWise 6.5. Clicking OK will begin the process of setup and configuration of this feature. You are taken through the necessary steps to configure Post Office scanning with GWAVA.
The first step is to create the Trusted Application Key. Figure 2 displays this prompt:
Figure 2 - Generate Trusted Application Key Prompt
In order to generate a Trusted Application in your GroupWise system, you must have a mapped drive to the Primary domain in your GroupWise system. It must be the Primary domain; you cannot create a Trusted Application through a secondary domain.
Figure 3 displays the prompt to select the Primary domain:
Figure 3 - Defining the Path to the Primary Domain
With the path to the primary domain defined, click on the Generate Key button. It will report back the key that has just been generated. Click OK to close the dialog box displaying the key. The Key Generation Wizard is now complete and you are returned back to the GWAVA Configuration console. The next step is to assign this key to a particular GroupWise Post Office server. From the GWAVA Configuration console, under the Post Office Scan section, click the option to Enable scheduled Post Office scanning.
You will be prompted to assign and then use the previously generated key for the particular server on which the GWAVA Configuration program is connected.
Figure 4 displays the prompt to assign the key to the server to which you are connected:
Figure 4 - Enabling the Trusted Application Key
With a Trusted Application Key generated and assigned to a server, you may now begin defining the Post Office scanning configuration.
By default the GWAVA POA Scanner will look for new jobs every 5 minuets. This setting is configurable from the Post Office Scanning interface as shown in the Scan for new PO jobs every X minutes section shown in Figure 1.
Adding Post Office to Scan
The first step is to add a Post Office that can be scanned by GWAVA. Clicking Add presents the Add Post Office settings, as shown in figure 5:
Figure 5 - Adding a Post Office
Name - Use a descriptive name such as the Post Office Name.
Hostname - This will be the IP Address or DNS name at which the Post Office is located.
IMAP Port - This will be the IMAP port that is defined for this particular Post Office in ConsoleOne. The default port is 143 but may need to be changed if any other IMAP service, such as GWIA, is running on the server.
The Configuration section is where you can define or edit what configuration file the GWAVA Post Office scanner will use for this particular Post Office.
The Receive configuration from window is dynamically updated depending on which option you select below it. This window identifies the source path or location from which the Post Office configuration will be obtained.
Use the MTA Configuration file - When this option is selected, the GWAVA POA agent will read all of its configuration information and settings from the GMTACFG.INI file that is also used by the GWAVA MTA agent.
Use - This field allows you to select a predefined Post Office from which to read the configuration file. If you had two Post Office agents on the same server you could use the same *.POC file for both Post Offices.
- The Save configuration to window identifies exactly what the Post Office configuration file will be. This window is dynamically updated based on what has been selected under the Receive configuration from section.
- Create new configuration file based on above selection - This check box allows you to create a new configuration file unique to the Post Office that you are adding. The filename is automatically defined based on the Name you chose to identify this Post Office.
The Scheduling button is used to define when the GWAVA Post Office scanner will connect to the POA and scan it. Figure 6 displays the Scheduling interface:
Figure 6 - Post Office Scan Scheduled Jobs Interface
You must create at least one job in order for the GWAVA POA agent to perform any GWAVA functions against the Post Office.
You can always run a job immediately by clicking on the Submit button on the right. If a job is currently running you can abort it through the Abort button on the right.
The Refresh Status button queries the POQ for any jobs.
Clicking Create presents you with the Create a New Job interface. Figure 7 displays this interface:
Figure 7 - Creating a Post Office Scan Job
Job Name - Used to uniquely identify the job name.
The Schedule Tab is where you define when this job should run. You may also define whether you will scan users, resources or trash items.
Post Offices Tab
The Post Offices tab allows you to select against which Post Offices the job can run. You must have the Post Office defined on the main Post Office Scan page for it to show up here. More than one Post Office may be selected for a configured job, as long as the GWAVAPOA program has network access configured for each POA.
Mailbox Scope Tab
The Mailbox Scope tab allows you to select exactly to which users the job should apply. Figure 8 displays the Mailbox Scope options:
Figure 8 - Defining the Mailbox Scope of a Post Office Scan Job
Date Range Tab
The Date Range tab allows you to define the date or range of dates of email that will be scanned by the job. Figure 9 displays the Date Range tab:
Figure 9 - Configuring the Date Range of a Post Office Scan Job
Scan all messages, regardless of date - Causes ALL mail regardless of date to be scanned.
Scan messages within the last - X - days prior to job's starting date - This setting allows you to scan mail that exists in the Post Office for X days prior to the current date.
Scan messages between - Identify a date range of mail to scan.
When you click on OK to complete the job configuration you are prompted whether you want to submit the job now. If you click Yes then the job is submitted to the GWAVA Post Office scanner for processing. If you click No the job is retained but not posted to run.
The Switch Configuration button allows you to manage different configuration files for each Post Office that has been defined. You are presented with a list of each configuration file that you may access in order to manage the configuration settings that each particular configuration file contains:
Figure 10 - Switch Configuration Dialog Box
In the above example there are three different configuration files that may be selected. The MTA configuration file (always named GMTACFG.INI) allows you to manage the MTA configuration. Remember that you can point a Post Office configuration to use the MTA configuration file. PO1 and PO2 each have their own configuration files here. If you select either one, you will be prompted to reload the Configuration Manager.
When connected to a Post Office configuration file (*.POC) the GWAVA Configuration screen is a bit different. Figure 10-11 displays the GWAVA Configuration program while connected to a Post Office configuration file:
Figure 11 - Configuring a Post Office
Note the path to the *.POC file at the top, and the color change to pink on the heading.
Remember that, when connected to a Post Office POC file, all settings are unique to this configuration. For example, if you have a setting on the MTA Configuration that archives all of a particular user's mail, when switching to a POC file this will NOT be in effect.
You may switch to a different configuration file while managing a Post Office configuration file through the Post Office Scan page.
GWAVA POA Agent Console Screen
The GWAVA POA Agent console is similar to the GWAVA MTA Agent Console. Remember that it will be automatically loaded when the Enable Post Office Scan option is selected through the MTA Configuration file. Otherwise, you run SAPO.NCF to load the GWAVA POA Agent.
Figure 12 shows the GWAVA POA Agent:
Figure 12 - GWAVA POA Scanner Console Screen
The following Hot keys allow you to navigate around the GWAVA POA Scanner agent screen:
|?||Displays basic help commands.|
|F1-F5||Changes to appropriate screen of the console.|
|F9||Browse log file in memory (does not require EDIT.NLM).|
|Ctrl-A||Abort active POA scans.|
|Ctrl-B||Toggle GWAVA bypass mode.|
|Ctrl-C||Clear real-time log window. NOTE: this does not clear the log file. Hence you can still press F9 to view the log file.|
|Ctrl-E||View current log file in NetWare Edit. NOTE: EDIT.NLM must NOT be loaded when selecting this.|
|Ctrl-G||Scan job queue for new jobs. This allows you to force the POA Scanner to look for new jobs immediately.|
|Ctrl-J||Release next scheduled job now.|
|Ctrl-L||Roll over log.|
|Ctrl-R||Initiate remote log connection.|
|Ctrl-S||Reload system configuration.|
|Ctrl-V||Display internal system configuration. This will dump the POA Scanners configuration into the log.|
|Ctrl-Z||Zero the stats out.|
The GWAVA Post Office scanner allows GWAVA access directly into the GroupWise Post Office message store.
The GWAVA Post Office scanner does not scan mail in a real-time fashion. Instead it scans mail at Administrator-defined intervals. These are referenced as Jobs.
The GWAVA Post Office scanner can use the same configuration file as the MTA (GMTACFG.INI), or can use its own .POC configuration file.
You may manually load the POA scanner by running the SAPO.NCF file.
When using separate configuration files you can Switch Configuration to any of these from within the GWAVA Configuration program. When configuring a Post Office the header color turns pink, and the path to the configuration file is displayed across the title bar.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com