How to link Webaccess 18.2 and Secure Messaging Gateway 7

  • 7024690
  • 18-Jun-2020
  • 31-Aug-2020

Environment


GWAVA (Secure Messaging Gateway) 7
GroupWise 18.2

Situation

You would like to have a control over a contents of emails being sent from mobile devices via WebAccess.

Resolution

This article describes a way how to make WebAccess 18.2 working together with Secure Messaging Gateway 7 (SMG).
First start with the SMG host.
Login to webadmin tool of SMG host and choose System Administration from options provided.
Under Module Management, there is a section Interfaces with 3rd Party Application Manager.
Click on Add new. Name it WebAccess, for instance.
Once you expand it, in the Host server choose from the drop down menu your SMG server. Activate Service OU set [root] option. Once you save it and then return back, you will see server address and application key being auto-populated. Those values we will need later in WebAccess configuration part.


In next step go into Organization/Policy Management and click on Policy Management.
Here click on Add New since there is no wizard for it. Name it for simplicity WebAccess.
Once it is created and changes saved, you can expand and configure next settings.
First, make sure it is enabled.
WebAccess has no message direction, so leave it unchecked.
Activate "Limit by interface type" and in Matched interface types type wasp. Note, you could choose whatever other names for the policy or interface, but here a string "wasp" is a must.
Choose also Limit interface option and select from the list the one you just created, i.e WebAccess in this example.
Save changes.



After that you can find under Policy scan configuration new entry WebAccess and in a workbench you can start configuring what you want to scan and protect.

Furthermore, if this is still not working, check in the Module Management -> Scan Engine Manager following settings:

Enable REST Service -> activate a check-box
Enable REST Service (SSL) -> leave it unchecked, i.e. do not use SSL option

Once this is done, save changes and restart all modules.

After you are ready with SMG section, move to a WebAccess server.
Go into /var/opt/novell/groupwise/webaccess directory.
First make a copy of the existing webacc.cfg file prior you start editing it.
Somewhere towards the end of this file add few lines:

#------------------------------------------------------------------------------
# GWAVA Virus Scan
#------------------------------------------------------------------------------

GWAVA.enabled=true

GWAVA.version=7

GWAVA.host=mysg7.com

GWAVA.apiKey=aade7f29-d3e5-4c17-86ed-63d4db68a725

In your case in the host section type fully distinguished name of your SMG host or its IP address.
For the apiKey string, return back to Interfaces -> 3rd party -> your WebAccess. Once you expand it, you will find the application key which you copy and paste into the webacc.cfg file.
Save changes and restart WebAccess application, rcgrpwise-tomcat restart.
Since now, your WebAccess and SMG are linked.
If you login into some mailbox via WebAccess and try to send any test bad email, upon sending you get a new pop-up message saying that your message was not possible to send.

What can also happen and cause problems, is that once you link WebAccess with SMG, this auto-adds lines like:

#------------------------------------------------------------------------------
# GWAVA Virus Scan
#------------------------------------------------------------------------------
GWAVA.enabled=false
GWAVA.version=
GWAVA.host=
GWAVA.port=49284
GWAVA.Service.id=
GWAVA.Service.version=1.0.0.0
GWAVA.Interface.id=
GWAVA.username=
GWAVA.password=
GWAVA.apiKey=
GWAVA.Log.level=normal

into your webacc.cfg file. Remove them or disable. Those can cause your WebAccess scanning will be skipped. Especially if you try to add there missing values. The problem is a port number which is not valid. This might originate from older SMG versions but is not valid anymore.
What you indeed need are only those 3 configuration statements:

GWAVA.version=7
GWAVA.host=mysg7.com
GWAVA.apiKey=aade7f29-d3e5-4c17-86ed-63d4db68a725

and nothing else.

A way to check whether or not WebAccess works with SMG is to look at the scanner logs.
Go into /vastorage/smg/services/logs/smg-scanner-XX directory and check the last log file.
If it works you shall be able to see lines like:

[140379745134336] 2020-08-31 10:49:42 (rrqs)<0> Constructing REST handler for /api/1/mimescan.xml
[140379745134336] 2020-08-31 10:49:42 (rrqs)<0> Processing REST POST function
[140379745134336] 2020-08-31 10:49:42 (ppst)<0> Received scan request from <WA host IP> for application aade7f29-d3e5-4c17-86ed-63d4db68a725

This is a REST client login request (here WebAccess) and login using apikey string used in webacc.cfg file.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.