Release 6.15 adds several new features for the message security service, including major improvements to Content Manager, Archive Manager and virus protection.
After the release is complete, you can find detailed information on features in the Administration Guide.
Release Schedule: The Early Detection feature will be made available to customers approximately one week after the release date.
Products: This features applies to Postini Service Provider Edition and Enterprise Edition, Google Message Filtering, Message Security, and Message Discovery, and Message Security and Discovery for Google Apps Premier
Release 6.15 introduces Early Detection threat protection against zero hour viruses. With Early Detection, incoming messages that contain suspicious content are temporarily quarantined for deeper analysis and rescanned by the service's antivirus engines with updated signatures.
|
Messages with executable file attachments (for example, .exe, .vbs, .cmd files). These file types typically serve as vectors for viruses.
|
If Early Detection determines that the message is uninfected, it's automatically released and delivered as normal to the user. In observations in the threat environment, we found that the new early detection feature has successfully identified and blocked zero-hour viruses in the wild.
To turn on Early Detection Filtering, the administrator must view the confidentiality wavier, as messages are temporarily held in quarantine for additional scanning.
You can give your users the ability to view and/or delivery messages quarantined by Early Detection in the Message Center (this feature is not available in Message Center Classic.
|
Note:
|
If you also have the Message Archiving or Message Discovery service, your users cannot view or delivery Early Detection messages in the Message Center. This is to prevent high-risk messages from being archived.
Administrators can always view or deliver a message in the Early Detection quarantine, and the message will be archived. |
If a user chooses to delivery the message from quarantine, they are prompted to with a warning about the potential risk of an infected message.
The User Access controls the Early Detection settings in the Message Center through a new permission, Pending Quarantine:
|
Users can view the message header information including the name of the file attachments, but not open the message.
|
|
|
Users can view the message header information, message text and deliver the message.
|
Users can receive a notification immediately when Early Detection places a message in the Pending quarantine. The notifications are off by default.
If Early Detection determines a messages has been infected with a virus, the message is included in the Virus reports.
If you have enabled Virus Blocking, you will see a new message header associated with Early Detection. If a message triggers Early Detection (whether or not you have turned on this feature), this tag appears in the message header:
X-pstn-neptune-cave-rslt: pbox
If the message found to be infected with a virus, the message header will include the virus disposition and virus name.
Early Detection examines messages after all the other email service protection filters processing. Key points:
|
|
Approved Senders and Content Manager do not bypass Early Detection. Similar to Virus Blocking, a message from an approved sender is subject to Early Detection filtering.
|
|
|
Attachment Manager: Approved file types do not bypass Early Detection. For example, even if you add .exe files as an approved file type in Attachment Manager, Early Detection will quarantine a message with a .exe file for additional scanning.
|
Release Schedule: The Message Archiving feature will be made available to customers on the release date.
Products: This features applies to Postini Message Archiving, Google Message Discovery, and Message Security and Discovery for Google Apps Premier
|
|
Secure FTP for Archive Export: Supports easier export of investigation results. Archive investigators no longer need to download search results directly via the Web. They can now export investigations and download securely via secure FTP.
|
|
|
Archive Search Restriction: This release introduces controlled access to archived data by investigator and users. Search administrators can configure investigators to search the archives of specified users.
|
Release Schedule: The Content Policy Management feature will be made available to customers approximately one week after the release date.
Products: This features applies to Postini Enterprise Edition, Google Message Message Security, Google Message Discovery, and Message Security and Discovery for Google Apps Premier.
Content Policy Management now includes a more powerful interface and new features. This powerful interface allows you to create flexible rules to control content filtering.
|
|
An indicator for each filter that lets you know what percentage of the currently used space that filter occupies.
|
|
|
Controls to change the priority of filters in the list. You can enter a numerical order, or click the Up and Down arrows to set the order of filters.
|
The Add Filter page lets you configure up to three rules for a new filter. You can set the filter to match any or all of the rules. For each rule, you select the part of the message you want to scan, the scanning method, and the content for which you want to scan messages. You also choose how the message is routed when it matches a filter, whether it is copied to a quarantine, and if so, to which quarantine.
|
|
starts with: If text in the specified location begins with the specified value, this filter captures the message.
|
|
|
ends with: If text in the specified location ends with the specified value, this filter captures the message.
|
|
|
contains text: If text in the specified rule location contains the specified rule value, this filter captures the message. This option matches whole words, parts of words, and parts of phrases. For example, if you specify the value foot, and a message contains the word football in the specified location, this filter captures the message. To capture messages with the word foot, without also capturing messages with the word football, you can use the matches regex option.
|
|
|
does not contain: If text in the specified location does not contain the specified value, this filter captures the message.
|
|
|
equals: If text in the specified location contains only the specified value, this filter captures the message. For example, if the value is storewide holiday bargains and the location is Subject Line, this filter captures the message only if the subject contains the text storewide holiday bargains, and no other text.
|
|
|
is empty: If there is no text in the specified location, this filter captures the message.
|
|
|
matches regex: If text in the specified location matches the regular expression you enter for the rule value, this filter captures the message.
|
When you select this filter type, the Test regex link appears. Click this link to open the Test Regular Expression panel, where you can make sure your expression syntax is valid, and catches the type of content you want.
You can set a disposition for each rule. You can choose to deliver, bounce or delete messages that trigger each filter. You can also set whether to bypass spam filters, and to copy messages to another quarantine.
These dispositions include more options than previous versions of Content Manager, in a different format. Your existing filters will be migrated to the new dispositions automatically. To map between these dispositions, see the following table. The filter results will be exactly the same.
|
No analagous disposition
|
Click Check Syntax to verify the syntax of your regular expression.
Click Test Match to see whether your regular expression matches the text you enter.
If you are testing whether your expression matches text you enter, the message here tells you whether or not the expression matches the text.
|
|
|
|
|
|
|
|
|
