info icon

Attachment detection by Cyren Premium AntiVirus

, , , ,

The Cyren Premium AntiVirus scanner is part of the Malware Scanner action and can be used if NoSpamProxy Protection is licensed. Cyren Premium AntiVirus checks attachments that are attached to an email. In doing so, it carries out two basic checks:

  • Local checks against definitions
    • The definitions are regularly downloaded from the Cyren servers. In case of access problems to the Cyren servers, the definitions must not be older than two days.
    • During the check, the attachment is placed in the directory C:\ProgramData\Net at Work Mail Gateway\Cyren\Temp, checked and deleted again.
  • Live checks – Zero Hour Protection
    • Check for conspicuous attachments in the recent past. A hash value is generated and sent to Cyren, which then sends a response with the corresponding classification by Cyren.

Unlike with the Cyren AntiSpam filter, the NoSpamProxy support has no way of influencing this behaviour in the case of a misclassification.
In the case of misclassifications – i.e. false positives or false negatives – the sender or the recipient of the email must always contact Cyren and have this corrected accordingly.

A description of the process can be found on the respective Cyren support page.

In case of local problems or missing definitions, please refer to the Knowledge Base article Cyren Engines – Troubleshooting

Note

To ensure parallel operation with other locally installed virus scanners on the gateway role, please refer to the Knowledge Base article How to configure on-access virus scanners and define the exceptions as described!

Further information

 

/by
Info Icon

Cyren Engines – Troubleshooting

, , , ,

It is possible that the Cyren engines used generate error messages that are not traceable to the engines themselves, but to communication problems with Cyren data centers. This article shows you ways to test the communication and function.

Details about the three Cyren engines in NoSpamProxy

NoSpamProxy currently has three Cyren engines that are active, depending on the configuration and licensed modules.

Cyren AntiSpam and Cyren Premium AntiVirus (ctasd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctasd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctasd.conf
  • Service name: NetatworkMailGatewayCyrenService
  • Service display name: NoSpamProxy – CYREN Service
  • Definitions folder: C:\ProgramData\Net at Work Mail Gateway\Cyren\Definitions
  • Definitions files: aivsecon-v2.def, antivir-v2.def, antivir-v2.ini, antivir-v2-hit.ini
    • these four files should always be in the directory
    • The file “antivir-v2-hit.ini” should never be older than 2 hours
    • To re-update,restart the service
  • External access: resolver1.netat.ctmail.com, resolver [2…5] .netat.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Cyren IP Reputation (ctipd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctipd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctipd.conf
  • Service Name: NetatworkMailGatewayCyrenIpReputationService
  • Service Display Name: NoSpamProxy – CYREN IP Reputation Service
  • External access: Iprep1.t.ctmail.com,Iprep[2… 5]. t.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Cyren URL Categorization (ctwsd)

  • Program folder: C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service
  • Program file: ctwsd.exe
  • Configuration folder: C:\ProgramData\Net at Work Mail Gateway\Cyren
  • Configuration file: ctwsd.conf
  • Service Name: NetatworkMailGatewayCyrenUrlService
  • Service Display Name: NoSpamProxy – CYREN URL Categorization Service
  • External access: webres1.t.ctmail.com,webres[2… 5]. t.ctmail.com
  • Licensed Module: NoSpamProxy Server Protection, NoSpamProxy Server Suite

Note: All paths are the default paths and may differ from your installation.

Troubleshooting

In the following section you will find a small checklist, which you should always check before the first request to the support

  • Is the necessary module licensed in NoSpamProxy? If not, you don’t need the services and can disable them on the system in the Windows services.
  • Has the Knowledge Base article How to configure on-access virus scanners been applied to all systems with the appropriate services?
  • Is a web proxy required for Internet communication in your company and is it registered according to the knowledge base article How to configure CYREN services?
    • This must be checked and re-entered after each NoSpamProxy Update/Upgrade.
    • Always edit the newly created file, never overwrite it with an old version of the file.
  • Is it possible to communicate with and/or without web proxy to all mentioned external systems of Cyren?
  • Are there any exceptions on the firewall to access all sub-domains from ctmail.com? These connections must not be used for virus scanning, content filtering, or other checks!
  • Are there any error messages when the services are running interactively via the command prompt (CMD)? To run interactively, please follow these steps aus and attach a screenshot of the request’s communication to support.
    1. Stop each service from Microsoft Windows services.
    2. Open a prompt with administrator privileges.
    3. Run the command for the service, to be tested. Use the path to the corresponding executable if you do not have NoSpamProxy installed in the default directory
      • Ctasd
        CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctasd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctasd.conf” -i
      • Ctipd
        CMD > “C:\Program Files\Net at Work Mail Gateway\Cyren Integration Service\ctipd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctipd.conf” -i
      • Ctwsd
        CMD > “C:\Program Files”Net at Work Mail Gateway\Cyren Integration Service\ctwsd.exe” -c “C:\ProgramData\Net at Work Mail Gateway\Cyren-ctwsd.conf” -i
    4. Copy the output or take a screenshot of the output.

If you have checked all these points, please open a support ticket with the information attached so that more logs can be created for analysis.

/by
Info Icon

How to configure CYREN services

, , , ,

Configuring the CYREN Services for use with a Web Proxy

This article describes how to configure a proxy server for the CYREN services with the Protection module in all NoSpamProxy versions from version 9.2 onwards. To do this you have to download the files

  • ctasd.conf
  • ctipd.conf (additionally available from version 12.x)
  • ctwsd.conf (additionally available as of version 13.x)

from the directory “C:\ProgramData\Net at Work Mail Gateway\CYREN\”.

The following section is responsible for this:

#   If you connect to the Internet through a proxy server, you
#   should uncomment the following parameters and assign appropriate
#   values.
#ProxyPort = 80
#ProxyServerAddress = myproxy
#ProxyAuth = NoAuth
#ProxyUserName = user@proxy
#ProxyPassword = 1234
#ProxyAccess = 1

If you are using a proxy server without authentication, remove the # character before the lines “ProxyPort”, “ProxyServerAddress”, “ProxyAuth” and “ProxyAccess”. Enter the corresponding port of your proxy server in ” ProxyPort”. Behind the entry “ProxyServerAddress” you configure either the IP address or the FQDN of your proxy server. For “ProxyAuth” leave the entry at “NoAuth”.

If you are using a proxy server with authentication, you must additionally configure the options “ProxyUserName” and “ProxyPassword”. Enter the corresponding logon information for “ProxyUserName” and “ProxyPassword”. Additionally, you must change the value “ProxyAuth” to “Basic”.

After you have saved the file, you must restart the services NoSpamProxy – CYREN Service (ctasd.conf), NoSpamProxy – CYREN IP Reputation Service (ctipd.conf) and NoSpamProxy – CYREN URL Categorization Service (ctwsd.conf) in order for the changes to take effect.

Note

In order for all Cyren services to function properly, unrestricted access to *.ctmail.com must be given. Also a virus scan on these connections must not be done, because the definitions for the Cyren Premium AntiVirus are downloaded there as well!

/by
info icon

Updating to version 9.2

,

From version 9.0

When updating from version 9.0 to version 9.1 or 9.2, all settings and user information are retained during the update.

From version 8.5

When upgrading to version 9.0, the subdivision into the new areas Monitoring, People and Identities and Configuration is immediately noticeable. For each of these areas, users can be explicitly allowed access via security groups. This means that you can assign the rights to a person in your company, e.g. to only use the Monitoring area. This person would then have no access to People and Identities or Configuration. The installation program of the Net at Work Mail Gateway automatically makes the user logged on during the installation a member of all three groups.

The security groups mentioned above are explained in more detail below.

Mail Gateway Monitoring Administrators

Members of this user group may use the Monitoring area. This area displays email statistics, email queues, or key figures about the performance of your server.

Mail Gateway People and Identities Administrators

Members of this user group may use the People and Identities area. This area manages internal and external communication partners and their cryptographic keys.

Mail Gateway Configuration Administrators

Members of this user group may use the Configuration area. This area contains the settings of the Net at Work Mail Gateway and its gateway roles, such as connectors, rules, notifications, and connections to other systems.

The new structure consistently combines previously redundant configuration settings and enables task-oriented administration. This means that the management console of version 9.0 no longer focuses on the roles of the Net at Work Mail Gateway, but on the task you have to perform.

This allowed many areas to be merged and simplified. An example: The address rewriting area of version 8.5 had to be configured to match the local users and their email addresses. The address transcriptions have now been moved to the email addresses of the local users, so that the assignment between email addresses and address transcriptions is made automatically.

Finally, the Commtouch service has been renamed to CYREN. CYREN continues to provide you with a high level of service.

Warning
An upgrade to version 9.0 is currently only supported by version 8.5.

Some changes of version 9.0 have a strong effect on the installation of the update. This is the replication of all configuration data between the intranet role and the connected gateway roles. In particular, installations with more than one gateway role must be updated to version 9.0 with great care.

Furthermore, the roles “Reporting Role” and “UserManagement Role” have been combined and are now managed as “Intranet Role”. The new Intranet role will continue to work with the previous database of the UserManagement role. This database will be extended by the update by the tables of the previous reporting role.

In the previous versions, a separate certificate with the name of the service was created for each service and used for the connection between the individual roles. Since version 9.0, a certificate with the server name is created in the CN.

Please note
If you use a custom MSC file instead of the Management Console (MSC file) shortcut created by Setup, this file may not work after the upgrade and the interface may display errors. In this case, please delete your custom MSC file and recreate it.

From version 8.0

When updating from version 8.0 to version 8.5, all settings and user information are retained during the update.

/by
info icon

NoSpamProxy Software Archive

, , , , , , , ,

Here you can find all versions that are required to upgrade to the current version. When upgrading, be sure to follow the installation and upgrade instructions for the respective version, as you may need to make manual changes. Also note that changes that you must make when upgrading from version 7.6 to 8.0, for example, are also required for a direct upgrade from 7.6 to 8.5.

The current version is available under Software Download.

Microsoft Report Viewer

Since the download has been officially discontinued, but it is needed for setups up to NoSpamProxy version 13.2 you can download it here

13.2 (Regulärer Kanal)
13.1 (Schneller Kanal)
13.1 (Regulärer Kanal)
13.0 (Schneller Kanal)
13.0 (Regulärer Kanal)
12.2 (Schneller Kanal)
12.2 (Regulärer Kanal)
12.1 (Fast Channel)
12.1 (Regular Channel)
12.0
11.1
11.0
10.1
9.2
8.5
/by
Info Icon

Setting concurrent inbound connections

, , , ,

This article describes how to manually set the number of concurrent connections. Since version 7.0, NoSpamProxy determines this number dynamically by itself. The basis for the decision is the CPU and memory usage. To prevent this behavior, proceed as follows:

First stop the Gateway Role. The corresponding setting is made in the “Gateway Role.config”. This file can be found in “C:\ProgramData\Net at Work Mail Gateway\Configuration\” on the respective Gateway Role.

Look for the line beginning with the following characters:

<netatwork.nospamproxy.proxyconfiguration...

Insert the following value directly below:
<connectionLimits hardUpperConnectionLimit="" minimumNumberOfConcurrentSessions="" />

If the values are not specified as in this example, the dynamic limit applies (depending on the CPU utilisation).

The values are both integer values.

The value hardUpperConnectionLimit setermines the maximum number of connections.
The value minimumNumberOfConcurrentSessions determines the maximum number of concurrent connections.

Example
<connectionLimits hardUpperConnectionLimit="100" minimumNumberOfConcurrentSessions="50" />

Finally, save the configuration file and restart the Gateway Role.

/by
info icon

Setting concurrent outbound connections

, , , ,

How to set the number of concurrent connections manually

This article describes how to change the number of outbound connections of the Gateway role.

The corresponding settings are specified in the file “Gateway Role.config” in “C:\ProgramData\Net at Work Mail Gateway\Configuration\” on the respective gateway role. To edit the file, first stop the gateway role.

Below the tag

<netatwork.nospamproxy.proxyconfiguration ... >

find the tag <queueConfiguration> and add the attributes maxConcurrentConnections="xx" and maxConcurrentConnectionsPerDomain="xx" to it. It should look like this:
<queueConfiguration maxConcurrentConnections="100" maxConcurrentConnectionsPerDomain="10" />

This limits the number of concurrent connections to 100, with a maximum of 10 concurrent connections allowed per domain.

/by
Info Icon

How to integrate SwissSign as a certificate provider

, , , ,

Important information on integrating SwissSign as a certificate provider

The following document was created in collaboration with SwissSign. It contains all relevant information on the integration of a Managed PKI from SwissSign into NoSpamProxy.

FAQNetAtWork.pdf

This document will be updated if necessary.

Last updated 03.09.2015.

SwissSign Silver ID products supported by NoSpamProxy

NoSpamProxy currently supports two out of three Silver ID products offered:

  • Silver certificates without state, organisation and country field
    • Name in the order process: Email ID Silver, email address validated (web interface or partner application)
    • Product name in NoSpamProxy: <<company name>>-perso-silver-emailonly
    • As of NoSpamProxy Version: 13.2.21230.1449
      Error Message before this version: Unconsumed SDN (i.e.: SDN attributes not needed and not utilized; please remove them and resubmit your request): o=[…]
  • Silver certificates without state field
    • Name in the order process: Email ID Silver, email address validated, organization, country (partner application only)
    • Product name in NoSpamProxy: <<company name>>-perso-silver
    • As of NoSpamProxy Version: 13.2.21111.1701
      Error Message before this version: Unconsumed SDN (i.e.: SDN attributes not needed and not utilized; please remove them and resubmit your request): state=[…]

Products not supported

The following Silver ID product is not supported:

  • Silver certificates with state field
    • Name in the order process: Email ID Silver, email address validated, organization, canton/state, country (partner application only)

Please take note of this information when ordering and make sure to only order the supported products!

If you have ordered the wrong product, you will find the form with which you can request the change from SwissSign under the following link:
https://www.swisssign.com/dam/jcr:85abf68a-1990-47f7-9530-9b1cce0397a7/MPKI_ChangeOrder_DE.pdf

Information in connection with SwissSign Gold products

If certificates for general or system mailboxes are to be requested, a Pseudo: must be placed in front of the common name (CN). This can not be set automatically by the NoSpamProxy in front of it, so that this information must come from the Active Directory or LDAP. This information must be placed at first position, so ideally it should be delivered as first name.

In order to send the correct order in the CN, please use the NoSpamProxy version 13.2.21111.1701 or higher.

/by