Configuring Threat Extraction on the Gateway
Configuring Threat Extraction on the Security Gateway
- In the view, open the > page.
- Set the to .
- In the section, configure the resource settings.
- Click .
- .
Configuring Threat Extraction in a Cluster
To configure Threat Extraction in a cluster:
- In the view, right-click the cluster and click edit.
- Open the page.
- Select .
Note - Load Sharing is not supported.
- In the section, select .
- On the page, make sure the primary member (the member at the top of the list that automatically becomes the active server) has strong memory and CPU resources.
- Enable the Threat Extraction Blade:
- On the > tab, select .
The opens.
- Enable the gateway as a (MTA).
- From the drop-down box, select a mail server for forwarded emails.
- Click .
- Click .
- In the window, open .
- Set the to .
- In the resource, allocate disk space resources.
- Click .
- .
Threat Extraction Statistics
You can see Threat Extraction statistics in the CLI:
- Open the command line interface of the gateway with the Threat Extraction enabled.
- Run these commands:
cpview
cpstat scrub -f threat_extraction_statistics
Using the Gateway CLI
The R80.10 gateway has a Threat Extraction menu to:
- Control debug messages
- Get information on queues
- Send the initial email attachments to recipients
- Download updates automatically from the ThreatCloud
To use the Threat Extraction command line:
- Log in to the Security Gateway.
- Enter expert mode.
- Enter:
scrub
A menu shows these options:
Option
|
Description
|
debug
|
Controls debug messages.
|
queues
|
Shows information on Threat Extraction queues. Using this command helps you understand the queue status and load on the mail transfer agent (MTA) and the scrubd daemon. The command shows:
- Number of pending requests from the MTA to the
scrubd daemon - Maximum number pending requests from the MTA to the
scrubd daemon - Current number of pending requests from
scrubd to scrub_cp_file_convert - Maximum number of pending requests from scrubd to
scrub_cp_file_convert
|
send_orig_email
|
Sends original email to recipients. To send the original email get:
- The reference number - Click on link in the email received by the user.
- The email ID - Found in the logs or debug logs.
|
bypass
|
Bypasses all files. Use this command to debug issues with the scrub (Threat Extraction) daemon. When you set bypass to active, requests from the mail transfer agent (MTA) to the scrub daemon are not handled. Threat Extraction is suspended. No files are cleaned.
|
counters
|
shows and resets counters.
|
update
|
manages updates from the download center
|
send_orig_file
|
sends original file by email
|