Configuring Threat Extraction on the Gateway

In This Section: Configuring Threat Extraction on the Security Gateway Configuring Threat Extraction in a Cluster Threat Extraction Statistics Using the Gateway CLI

Configuring Threat Extraction on the Security Gateway

1. In the Gateways & Servers view, open the gateway properties > Threat Extraction page.
2. Set the Activation Mode to Active.
3. In the Resource Allocation section, configure the resource settings.
4. Click OK.
5. Install Policy.

Configuring Threat Extraction in a Cluster

To configure Threat Extraction in a cluster:

1. In the Gateways & Servers view, right-click the cluster and click edit.
2. Open the ClusterXL and VRRP page.
3. Select High Availability.

   Note - Load Sharing is not supported.

4. In the Upon cluster Member recovery section, select Switch to higher priority Cluster Member.
5. On the Cluster Members page, make sure the primary member (the member at the top of the list that automatically becomes the active server) has strong memory and CPU resources.
6. Enable the Threat Extraction Blade:
   1. On the General Properties > Network Security tab, select Threat Extraction.

      The Threat Extraction First Time Activation Wizard opens.

   2. Enable the gateway as a Mail Transfer Agent (MTA).
   3. From the drop-down box, select a mail server for forwarded emails.
   4. Click Next.
   5. Click Finish.
7. In the Cluster Properties window, open Threat Extraction.
8. Set the Activation Mode to Active.
9. In the resource, allocate disk space resources.
10. Click OK.
11. Install Policy.

Threat Extraction Statistics

You can see Threat Extraction statistics in the CLI:

1. Open the command line interface of the gateway with the Threat Extraction enabled.
2. Run these commands:
   • cpview
   • cpstat scrub -f threat_extraction_statistics

Using the Gateway CLI

The R80.10 gateway has a Threat Extraction menu to:

• Control debug messages
• Get information on queues
• Send the initial email attachments to recipients
• Download updates automatically from the ThreatCloud

To use the Threat Extraction command line:

1. Log in to the Security Gateway.
2. Enter expert mode.
3. Enter: scrub

   A menu shows these options:

   Option	Description
   debug	Controls debug messages.
   queues	Shows information on Threat Extraction queues. Using this command helps you understand the queue status and load on the mail transfer agent (MTA) and the scrubd daemon. The command shows: Number of pending requests from the MTA to the scrubd daemon Maximum number pending requests from the MTA to the scrubd daemon Current number of pending requests from scrubd to scrub_cp_file_convert Maximum number of pending requests from scrubd to scrub_cp_file_convert
   send_orig_email	Sends original email to recipients. To send the original email get: The reference number - Click on link in the email received by the user. The email ID - Found in the Logs & Monitor logs or debug logs.
   bypass	Bypasses all files. Use this command to debug issues with the scrub (Threat Extraction) daemon. When you set bypass to active, requests from the mail transfer agent (MTA) to the scrub daemon are not handled. Threat Extraction is suspended. No files are cleaned.
   counters	shows and resets counters.
   update	manages updates from the download center
   send_orig_file	sends original file by email