[Top] [Prev] [Next] [Bottom]




Checking digital signatures


Authenticode is a mechanism which looks for the presence of digital signatures on the data being downloaded. It can be used to determine:

Authenticode checks the signature against the data which it supposedly signs, to determine if it is valid. It returns one of the following <Response> values:

The authenticode validator, AUTWNT, is configured to check the authenticity of digitally signed data. It is found in the [Validation] section of the http and ftp configuration files, HTTP.CFG and FTP.CFG.

For example:

[Validation]
Authenticode=AUTWNT

[Authenticode]
0=Success
...
721152=NoCertificate
721153=CertificateExpired
721154=CertificateExpired
...
721161=NotTrusted
...
614435=NoCertificate

Each <Response> has a corresponding entry in the [Disposal] configuration section, also found in the http and ftp configuration files, HTTP.CFG and FTP.CFG. These entries control the disposal actions taken.

For example:

[Disposal]
DefaultDisposal=Clean
Success=Clean
...
ScanFailed=NotSure
...
;NoCertificate=BlockedNoCertificate
CertificateExpired=BlockCertificateExpired
NotTrusted=BlockNotTrusted
...
VIRUSPRESENT=VIRUS

See the Disposal section on page 7-22 for more details.

Enabling Authenticode

The Authenticode validator will check to see if the software is from a publisher that is trusted. To inform WEBsweeper of trusted publishers two things need to be done.

Firstly, since each individual user can have their own set of trusted publishers you must choose which local user will administer the WEBsweeper service. You may create a WEBsweeper user specifically for the purpose.

The user must have Log on as a service rights. (Select the user in User Manager, select Policies/User Rights and check the Show Advanced User Rights box. Then select Log on as a service from the Rights drop-down list box.)

To select the publishers you wish to trust, perform the following steps:

1. Logon as the user with administrative rights to WEBsweeper.
2. Open Internet Explorer.1
3. Select View/Options, to display the Options dialog box.
4. Select the Security tab of the Options dialog box and then click on the Publishers... button. This will display an Authenticode(tm) Security Technology dialog box.

5. Check the Consider all commercial publishers trustworthy box. This will designate all software publishers and credentials agencies as trustworthy.

For only specific software publishers to be considered trustworthy, download a signed file from that publishers Web site, through Internet Explorer, and check the publishers name on the certificate, as shown below.

6. Each software publisher marked in this way will be displayed in the Trusted Publishers and Issuers of Credentials area of the Authenticode(tm) Security Technology dialog box. This dialog box is shown on the previous page.
To remove a trusted publisher, select the name from the Trusted Publishers and Issuers of Credentials area of the Authenticode(tm) Security Technology dialog box and then click on the Remove button.

Secondly, the WEBsweeper service must be configured to run as the chosen user (see page 5-66). This information must always be re-entered if you upgrade your WEBsweeper installation.

This is achieved using the following steps:

1. Double-click on the Services icon, found in the Control Panel.

2. A Services dialog box is displayed. Select WEBsweeper from the list of services and click on the Startup... button to display the following dialog box. In the Log On As section, click on This Account and display a list of user names by clicking on the ... button.

3. Select the user from the list by double-clicking on the name.
4. Type in the Password for the user name you selected. Confirm this password by retyping it in the Confirm Password field.
5. Click on the OK button.


[Top] [Prev] [Next] [Bottom]



1 This must be Internet Explorer version 3.02 or above.

msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.