Configuring Virtual Analyzer Settings

Procedure

1. Go to Virtual Analyzer.
2. Select Submit email messages to Virtual Analyzer.
3. Select a working mode for virtual analyzer. Inline mode is selected by default.
   See What are different working modes in Virtual Analyzer and which one should I choose?.
4. Configure the Virtual Analyzer server settings:
   • Type the IP address.

     Note The IP address supports IPv4 format.

   • Type the Port number.
   • Type the API key.

     Note Contact the Virtual Analyzer administrator to obtain the IP address, port number, and a valid API key.

5. Select Use a proxy server to connect to Deep Discovery Analyzer Server if ScanMail requires a proxy for server communication with Virtual Analyzer.
   1. Click the expand button () to display the proxy settings.
   2. Type the server name or IP address of the proxy server and its port number.
   3. If your proxy server requires a password, type your user name and password in the fields provided.
6. Click one of the following buttons:
   • Register: Establishes the connection to Deep Discovery Analyzer Server
   • Test Connection: Verifies the connection settings to Deep Discovery Analyzer Server but does not register ScanMail to the server

   Note To enable sending messages to Virtual Analyzer, register Virtual Analyzer before saving the connection settings.

7. Select the traffic direction of the messages to analyze.
8. Choose the sender to exclude from analysis by searching and selecting AD Users/Groups/Contacts/Special Groups and adding them to the Selected Account(s) list.

   Note You can find AD Users/Groups/Contacts only after email addresses have been specified for them.

9. Choose the recipients of the messages to analyze by searching and selecting AD Users/Groups/Contacts/Special Groups and adding them to the Selected Account(s) list.
10. Select the attachment types to analyze.

    Tip As application and executable files pose the greatest threats in respect to advanced threats, Trend Micro recommends only selecting to analyze these file types.

    Note By default, ScanMail sends highly recommendable file types to Virtual Analyzer for further scan. You can also select specific file types for scanning.

11. Select Enable Aggressive Mode for Advanced Spam, if you want to detect more potential threats by analyzing suspicious messages.
12. Do the following:
    1. Click Validate Virtual Analyzer Server Version to verify if the current virtual analyzer supports URL analysis. Once the verification process completes, navigate back to the previous screen.
    2. Select Enable URL Analysis.

       Note This option will not be enabled if the verification process is unsuccessful.

13. Configure the Security Level settings for the messages and files that Virtual Analyzer analyzes.
    • Security level: The security level determines whether ScanMail performs an action on messages and files analyzed and rated by Virtual Analyzer. The available security level settings are: High, Medium, or Low.

      Note For messages and files with a rating that violates the configured security level, ScanMail performs the action configured for Advanced threats on the Security Risk Scan Actions tab (Security Risk Scan → Action). For more information, see Configuring Security Risk Scan Actions.

    • Maximum wait time for analysis ratings: Select the maximum amount of time to temporarily quarantine messages while Virtual Analyzer analyzes the risk of the message.
    • Action on unanalyzed risks: Select the action that ScanMail performs on messages for which Virtual Analyzer did not return a rating within the configured wait time.