Print Download PDF Send Feedback

Previous

Next

Configuring Threat Extraction on the Gateway

In This Section:

Configuring Threat Extraction on the Security Gateway

Configuring Threat Extraction in a Cluster

Threat Extraction Statistics

Using the Gateway CLI

Configuring Threat Extraction on the Security Gateway

  1. In the Gateways & Servers view, open the gateway properties > Threat Extraction page.
  2. Set the Activation Mode to Active.
  3. In the Resource Allocation section, configure the resource settings.
  4. Click OK.
  5. Install Policy.

Configuring Threat Extraction in a Cluster

To configure Threat Extraction in a cluster:

  1. In the Gateways & Servers view, right-click the cluster and click edit.
  2. Open the ClusterXL and VRRP page.
  3. Select High Availability.

    Note - Load Sharing is not supported.

  4. In the Upon cluster Member recovery section, select Switch to higher priority Cluster Member.
  5. On the Cluster Members page, make sure the primary member (the member at the top of the list that automatically becomes the active server) has strong memory and CPU resources.
  6. Enable the Threat Extraction Blade:
    1. On the General Properties > Network Security tab, select Threat Extraction.

      The Threat Extraction First Time Activation Wizard opens.

    2. Enable the gateway as a Mail Transfer Agent (MTA).
    3. From the drop-down box, select a mail server for forwarded emails.
    4. Click Next.
    5. Click Finish.
  7. In the Cluster Properties window, open Threat Extraction.
  8. Set the Activation Mode to Active.
  9. In the resource, allocate disk space resources.
  10. Click OK.
  11. Install Policy.

Threat Extraction Statistics

You can see Threat Extraction statistics in the CLI:

  1. Open the command line interface of the gateway with the Threat Extraction enabled.
  2. Run these commands:
    • cpview
    • cpstat scrub -f threat_extraction_statistics

Using the Gateway CLI

The R80.10 gateway has a Threat Extraction menu to:

To use the Threat Extraction command line:

  1. Log in to the Security Gateway.
  2. Enter expert mode.
  3. Enter: scrub

    A menu shows these options:

    Option

    Description

    debug

    Controls debug messages.

    queues

    Shows information on Threat Extraction queues. Using this command helps you understand the queue status and load on the mail transfer agent (MTA) and the scrubd daemon. The command shows:

    • Number of pending requests from the MTA to the scrubd daemon
    • Maximum number pending requests from the MTA to the scrubd daemon
    • Current number of pending requests from scrubd to scrub_cp_file_convert
    • Maximum number of pending requests from scrubd to scrub_cp_file_convert

    send_orig_email

    Sends original email to recipients. To send the original email get:

    • The reference number - Click on link in the email received by the user.
    • The email ID - Found in the Logs & Monitor logs or debug logs.

    bypass

    Bypasses all files. Use this command to debug issues with the scrub (Threat Extraction) daemon. When you set bypass to active, requests from the mail transfer agent (MTA) to the scrub daemon are not handled. Threat Extraction is suspended. No files are cleaned.

    counters

    shows and resets counters.

    update

    manages updates from the download center

    send_orig_file

    sends original file by email