f Secure Anti Virus Msexchange

8/13/2019 f Secure Anti Virus Msexchange

1/401

F-Secure Anti-Virus forMicrosoft Exchange

Administrators Guide


2/401

"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure

product names and symbols/logos are either trademarks or registered trademarks of F-Secure

Corporation. All product names referenced herein are trademarks or registered trademarks of their

respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of

others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,

F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure

Corporation reserves the right to modify specifications cited in this document without prior notice.

Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of

this document may be reproduced or transmitted in any form or by any means, electronic or

mechanical, for any purpose, without the express written permission of F-Secure Corporation.

Copyright 1993-2006 F-Secure Corporation. All rights reserved.

Portions Copyright 1991-2006 Kaspersky Lab.

This product includes software developed by the Apache Software Foundation (http://

www.apache.org/). Copyright 2000-2006 The Apache Software Foundation. All rights reserved.

This product includes PHP, freely available from http://www.php.net/. Copyright 1999-2006 The PHP

Group. All rights reserved.

This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution

are Copyright 2000-2002 Justin Mason and others, unless specified otherwise in that particular file.

All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the

Artistic License.

This product may be covered by one or more F-Secure patents, including the following:

12000040-6J16

GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233

GB2374260


3/401

3

Contents

About This Guide 9How This Guide Is Organized ............................................................................................ 10

Conventions Used in F-Secure Guides .............................................................................. 12

Symbols .................................................................................................................... 12

Chapter 1 Introduction 14

1.1 Overview ....................................................................................................................15

1.2 How F-Secure Anti-Virus for Microsoft Exchange Works...........................................16

1.3 Key Features..............................................................................................................19

1.4 F-Secure Anti-Virus Mail Server and Gateway Products ...........................................21

Chapter 2 Deployment 23

2.1 Installation Modes ......................................................................................................24

2.2 Network Requirements...............................................................................................24

2.3 Deployment Scenarios...............................................................................................25

2.3.1 Minimum Installation.......................................................................................252.3.2 Medium to Large Installation ..........................................................................272.3.3 Performance-Critical Installation.....................................................................282.3.4 Microsoft Exchange Cluster Environment ......................................................30

Chapter 3 Installation 32

3.1 System Requirements................................................................................................33

3.1.1 Minimum System Requirements.....................................................................333.1.2 Which SQL Server to Use for the Quarantine Database?..............................35


4/401

4

3.1.3 Web Browser Software Requirements ...........................................................37

3.2 Improving Reliability and Performance ......................................................................38

3.3 Centrally Administered or Stand-alone Installation? ..................................................393.4 Installation Overview..................................................................................................39

3.5 Installing F-Secure Anti-Virus for Microsoft Exchange...............................................41

3.6 After the Installation ...................................................................................................60

3.6.1 Importing Product MIB files to F-Secure Policy Manager Console.................603.6.2 Configuring the Product..................................................................................61

3.7 Upgrading the Previous Version ................................................................................61

3.8 Upgrading the Evaluation Version..............................................................................64

3.9 Uninstalling F-Secure Anti-Virus for Microsoft Exchange ..........................................65

Chapter 4 Using F-Secure Anti-Virus for Microsoft Exchange 66

4.1 Overview ....................................................................................................................67

4.2 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................67

4.3 Using F-Secure Anti-Virus for Microsoft Exchange Web Console .............................68

4.3.1 Logging in for the First Time...........................................................................68

4.4 Home Page ................................................................................................................714.5 Checking the Product Status......................................................................................71

4.6 Configuring the F-Secure Anti-Virus for Microsoft Exchange Web Console..............74

4.7 Using F-Secure Policy Manager Console ..................................................................75

4.8 Modifying Settings and Viewing Statistics..................................................................76

4.8.1 Centrally Administered Mode .........................................................................764.8.2 Stand-alone Mode ..........................................................................................78

4.9 Manually Processing Mailboxes and Public Folders ..................................................78

4.9.1 Centrally Administered Mode .........................................................................794.9.2 Stand-alone Mode ..........................................................................................884.9.3 Creating Scanning Operations .......................................................................89

4.10 Configuring Alert Forwarding ...................................................................................121

4.10.1 Centrally Administered Mode .......................................................................1214.10.2 Stand-Alone Mode........................................................................................123

4.11 Alert Forwarding.......................................................................................................124

4.12 Viewing Alerts ..........................................................................................................125


5/401

5

Chapter 5 Centrally Managed Administration 127

5.1 Overview ..................................................................................................................128

5.2 F-Secure Anti-Virus for Microsoft Exchange Settings ..............................................1285.2.1 Real-Time Processing ..................................................................................1305.2.2 Manual Processing.......................................................................................1615.2.3 Scheduled Processing..................................................................................1765.2.4 Content Scanner Servers .............................................................................1775.2.5 Quarantine....................................................................................................1805.2.6 Reporting......................................................................................................1845.2.7 Advanced......................................................................................................184

5.3 F-Secure Anti-Virus for Microsoft Exchange Statistics.............................................186

5.3.1 Common.......................................................................................................1875.3.2 Real-Time Processing ..................................................................................1885.3.3 Manual Processing.......................................................................................1915.3.4 Quarantine....................................................................................................194

5.4 F-Secure Content Scanner Server Settings.............................................................195

5.4.1 Interface........................................................................................................1975.4.2 Virus Scanning .............................................................................................1985.4.3 Virus Statistics..............................................................................................201

5.4.4 Database Updates........................................................................................2035.4.5 Spam Filtering ..............................................................................................2045.4.6 Threat Detection Engine...............................................................................2065.4.7 Proxy Configuration......................................................................................2075.4.8 Advanced......................................................................................................208

5.5 F-Secure Content Scanner Server Statistics ...........................................................210

5.5.1 Server...........................................................................................................2105.5.2 Scan Engines ...............................................................................................211

5.5.3 Common.......................................................................................................2125.5.4 Spam Control................................................................................................2125.5.5 Virus Statistics..............................................................................................213

5.6 F-Secure Automatic Update Agent Settings ............................................................214

5.7 F-Secure Management Agent Settings....................................................................216

Chapter 6 Administration with Web Console 219

6.1 Overview ..................................................................................................................220


6/401

6

6.2 F-Secure Anti-Virus for Microsoft Exchange Settings ..............................................221

6.2.1 Summary ......................................................................................................2216.2.2 Virus Scanning .............................................................................................2236.2.3 Stripping Attachments ..................................................................................2396.2.4 Content Filtering ...........................................................................................2496.2.5 Manual Scanning..........................................................................................2566.2.6 Quarantine....................................................................................................2606.2.7 Advanced......................................................................................................2706.2.8 Internal Domains ..........................................................................................276

6.3 F-Secure Content Scanner Server Settings.............................................................278

6.3.1 Summary ......................................................................................................278

6.3.2 Database Updates........................................................................................2856.3.3 Scan Engines ...............................................................................................2876.3.4 Proxy Configuration......................................................................................2926.3.5 Archive Scanning..........................................................................................2956.3.6 Advanced......................................................................................................2986.3.7 Interface........................................................................................................300

6.4 F-Secure Automatic Update Agent Settings ............................................................301

6.4.1 Summary ......................................................................................................3026.4.2 Automatic Updates .......................................................................................304

6.4.3 HTTP Settings ..............................................................................................3066.4.4 PM Proxies ...................................................................................................307

6.5 F-Secure Management Agent Settings....................................................................308

Chapter 7 Quarantine Management 311

7.1 Introduction ..............................................................................................................312

7.2 Configuring Quarantine Options...............................................................................314

7.3 Searching the Quarantined Content.........................................................................314

7.4 Query Results Page.................................................................................................318

7.5 Viewing Details of a Quarantined Message .............................................................321

7.6 Reprocessing the Quarantined Content...................................................................323

7.7 Releasing the Quarantined Content.........................................................................324

7.8 Removing the Quarantined Content.........................................................................326

7.9 Deleting Old Quarantined Content Automatically.....................................................326

7.10 Quarantine Logging..................................................................................................327


7/401

7

7.11 Quarantine Statistics................................................................................................328

7.12 Moving the Quarantine Storage ...............................................................................329

Chapter 8 Administering F-Secure Spam Control 3318.1 Overview ..................................................................................................................332

8.2 Spam Control Settings in Centrally Managed Environments ...................................333

8.3 Spam Control Settings in Web Console...................................................................336

8.4 Realtime Blackhole List Configuration .....................................................................341

8.4.1 Enabling Realtime Blackhole Lists ...............................................................3418.4.2 Optimizing F-Secure Spam Control Performance ........................................343

Chapter 9 Updating Virus and Spam Definition Databases 345

9.1 Overview ..................................................................................................................346

9.2 Automatic Updates with F-Secure Automatic Update Agent....................................346

9.3 Configuring Automatic Updates ...............................................................................347

9.4 Manual Updates .......................................................................................................347

9.4.1 Using FSUPDATE........................................................................................3479.4.2 Updating the Virus Definition Database Remotely Using LATEST.ZIP........348

Appendix A Deploying the Product on a Clus ter 349

A.1 System and Network Recommendations................................................................ 350

A.2 Installation Overview................................................................................................352

A.3 Creating Quarantine Storage ...................................................................................353

A.3.1 Quarantine Storage in Active-Passive Cluster .............................................353A.3.2 Quarantine Storage in Active-Active Cluster ................................................358

A.4 Installing the Product................................................................................................361

A.4.1 Installing on Active-Passive Cluster .............................................................361A.4.2 Installing on Active-Active Cluster ................................................................363

A.5 Administering the Cluster Installation with F-Secure Policy Manager......................365

A.6 Using the Quarantine in the Cluster Installation.......................................................368

A.7 Troubleshooting .......................................................................................................368

Appendix B Variables in Warning Messages 369

List of Variables................................................................................................................ 370


8/401

8

Outbreak Management Alert Variables ............................................................................ 372

Appendix C Services and Processes 373

Chapter D Troubleshooting 379

D.1 Overview ..................................................................................................................380

D.2 Starting and Stopping...............................................................................................380

D.3 Viewing the Log File.................................................................................................380

D.4 Common Problems and Solutions............................................................................381

D.4.1 Installing Service Packs................................................................................384D.4.2 Securing the Quarantine...............................................................................384D.4.3 Administration Issues ...................................................................................385

D.5 Frequently Asked Questions ....................................................................................386

D.6 F-Secure Automatic Update Agent Troubleshooting................................................391

Technical Support 397

F-Secure Online Support Resources ............................................................................... 398

Web Club .........................................................................................................................400

Virus Descriptions on the Web .........................................................................................400


9/401

9

ABOUTTHISGUIDE

How This Guide Is Organized.................................................... 10

Conventions Used in F-Secure Guides..................................... 13
http://../00_atg/av4ex_conventions.pdfhttp://../00_atg/av4ex_conventions.pdf


10/401

About This Guide 10

How This Guide Is Organized

F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide isdivided into the following chapters:

Chapter 1. Introduction. General information about F-Secure Anti-Virusfor Microsoft Exchange and other F-Secure Anti-Virus Mail Server andGateway products.

Chapter 2. Deployment. Instructions and examples how to set up yournetwork environment before you can install F-Secure Anti-Virus forMicrosoft Exchange.

Chapter 3. Installation. Instructions how to install and set up F-SecureAnti-Virus for Microsoft Exchange.

Chapter 4. Using F-Secure Anti-Virus for Microsoft Exchange.Instructions how to use and administer F-Secure Anti-Virus for MicrosoftExchange.

Chapter 9. Updating Virus and Spam Definition Databases. Instructionshow to update your virus definition database.

Chapter 5. Centrally Managed Administration. Instructions how toremotely administer F-Secure Anti-Virus for Microsoft Exchange andF-Secure Content Scanner Server when they have been installed incentralized administration mode.

Chapter 6. Administration with Web Console. Instructions how toadminister F-Secure Anti-Virus for Microsoft Exchange with the WebConsole.

Chapter 8. Administering F-Secure Spam Control. General information

about and instructions on how to configure F-Secure Spam Control.

Appendix A . Deploying the Product on a Cluster. Describes how theproduct can be deployed and used on the cluster environment.

Appendix B . Variables in Warning Messages. Lists variables that canbe included in virus warning messages.

Appendix C. Services and Processes. Describes services, devices andprocesses of F-Secure Anti-Virus for Microsoft Exchange.


11/401

About This Guide 11

Chapter D. Troubleshooting. Solutions to some common problems.

Technical Support. Contains the contact information for assistance.

About F-Secure Corporation. Describes the company background andproducts.

See the F-Secure Policy Manager Administrator's Guide for detailedinformation about installing and using the F-Secure Policy Managercomponents:

F-Secure Policy Manager Console, the tool for remoteadministration of F-Secure Anti-Virus for Microsoft Exchange.

F-Secure Policy Manager Server, which enables communicationbetween F-Secure Policy Manager Console and the managedsystems.


12/401

12

Conventions Used in F-Secure Guides

This section describes the symbols, fonts, and terminology used in thismanual.

Symbols

An arrow indicates a one-step procedure.

Fonts

Ar ial bo ld (blue)is used to refer to menu names and commands, tobuttons and other items in a dialog box.

Arial Italics (blue)is used to refer to other chapters in the manual, booktitles, and titles of other manuals.

Arial Italics (black)is used for file and folder names, for figure and tablecaptions, and for directory tree names.

Cour i er Newis used for messages on your computer screen.

WARNING: The warning symbol indicates a situation with a

risk of irreversible destruction to data.

IMPORTANT: An exclamation mark provides important informationthat you need to consider.

REFERENCE - A book refers you to related information on thetopic available in another document.

l

NOTE - A note provides additional information that you shouldconsider.

TIP - A tip provides information that can help you perform a taskmore quickly or easily.


13/401

13

Courier New boldis used for information that you must type.

SMALLCAPS(BLACK)is used for a key or key combination on your

keyboard.Arial underlined (blue)is used for user interface links.

Arial italicsis used for window and dialog box names.

PDF Document

This manual is provided in PDF (Portable Document Format). The PDFdocument can be used for online viewing and printing using Adobe

Acrobat Reader. When printing the manual, please print the entiremanual, including the copyright and disclaimer statements.

For More Information

Visit F-Secure at http://www.f-secure.com for documentation, trainingcourses, downloads, and service and support contacts.

In our constant attempts to improve our documentation, we would

welcome your feedback. If you have any questions, comments, orsuggestions about this or any other F-Secure document, please contactus at [email protected].
http://www.f-secure.com/mailto:[email protected]:[email protected]://www.f-secure.com/


14/401

14

1 INTRODUCTIONOverview..................................................................................... 15

How F-Secure Anti-Virus for Microsoft Exchange Works........... 16

Key Features.............................................................................. 19

F-Secure Anti-Virus Mail Server and Gateway Products............ 21


15/401

CHAPTER 1 15Introduction

1.1 Overview

Malicious code, such as computer viruses, is one of the main threats forcompanies today. In the past, malicious code spread mainly via disks andthe most common viruses were the ones that infected disk boot sectors.When users began to use office applications with macro capabilities -such as Microsoft Office - to write documents and distribute them via mailand groupware servers, macro viruses started spreading rapidly.

After the millennium, the most common spreading mechanism has beenthe e-mail. Today about 90% of viruses arrive via e-mail. E-mails providea very fast and efficient way for viruses to spread themselves without any

user intervention and that is why e-mail worm outbreaks, like Sober,Netsky and Bagle, have caused a lot of damage around the world.

F-Secure Anti-Virus Mail Server and Gateway products are designed toprotect your company's mail and groupware servers and to shield thecompany network from any malicious code that travels in HTTP or SMTPtraffic. In addition, they protect your company network against spam. Theprotection can be implemented on the gateway level to screen allincoming and outgoing e-mail (SMTP), web surfing (HTTP andFTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can beimplemented on the mail server level so that it does not only protectinbound and outbound traffic but also internal mail traffic and publicsources, such as Public Folders on Microsoft Exchange servers.

Providing the protection already on the gateway level has plenty ofadvantages. The protection is easy and fast to set up and install,compared to rolling out antivirus protection on hundreds or thousands ofworkstations. The protection is also invisible to the end users whichensures that the system cannot be by-passed and makes it easy to

maintain. Of course, protecting the gateway level alone is not enough toprovide a complete antivirus solution; file server and workstation levelprotection is needed, also.

Why clean 1000 workstations when you can clean one attachment at thegateway level?


16/401


1.2 How F-Secure Anti-Virus for Microsoft ExchangeWorks

F-Secure Anti-Virus for Microsoft Exchange is designed to detect anddisinfect viruses and other malicious code from e-mail transmissionsthrough Microsoft Exchange 2000/2003 Server. Scanning is done in realtime as the mail passes through Microsoft Exchange Server. On-demandscanning of user mailboxes and Public Folders is also available.

ScanningAttachments andMessage Bodies

F-Secure Anti-Virus for Microsoft Exchange scans attachments andmessage bodies for malicious code. It can also be instructed to remove

particular attachments according to the file name or the file extension. Inaddition, it can filter out messages containing keywords that have beendefined as disallowed.

If the intercepted mail contains malicious code, F-Secure Anti-Virus forMicrosoft Exchange can be configured to disinfect or drop the content.

Any malicious code found during the scan process can be placed in theQuarantine, where it can be further examined. Stripped attachments canalso be placed in the Quarantine for further examination.

Flexible and ScalableAnti-Virus Protection

F-Secure Anti-Virus for Microsoft Exchange is installed on MicrosoftExchange 2000/2003 Server and it intercepts mail traveling throughmailboxes and Public folders. Intercepted attachments and documentsare sent to F-Secure Content Scanner Server, which returns disinfectedfiles back to F-Secure Anti-Virus for Microsoft Exchange.

The two-component product architecture ensures that the anti-virusprotection does not increase the load on the protected system and thatthe infected data is never stored on the production network. It alsoenables you to implement a server pool, so you can share the traffic loadbetween multiple F-Secure Content Scanner Servers and have backupservers if the traffic to primary servers stops for some reason.


17/401


Alerting F-Secure Anti-Virus for Microsoft Exchange has extensive alertingfunctions, which means that the system administrator can specify arecipient inside the company network to be notified about the infection

found in the data content. Of course, the network administrator can benotified about the infection also.

Powerful and AlwaysUp-to-date

F-Secure Anti-Virus for Microsoft Exchange uses the award-winningF-Secure Anti-Virus scanner to ensure the highest possible detection rateand disinfection capability. The daily F-Secure Anti-Virus signaturedatabase updates provide F-Secure Anti-Virus for Microsoft Exchange analways up-to-date protection capability.

F-Secure Anti-Virus scanner consistently ranks at the top when comparedto competing products. Our team of dedicated virus researchers is on call24-hours a day responding to new and emerging threats. In fact,F-Secure is one of the only companies to release tested virus definitionupdates on a daily basis, to make sure our customers are receiving thehighest quality service and protection.

Virus and SpamOutbreak Detection

Massive spam and virus outbreaks consist of millions of messages whichshare at least one identifiable pattern that can be used to distinguish the

outbreak. Any message that contains one or more of these patterns canbe assumed to be a part of the same spam or virus outbreak.

F-Secure Anti-Virus for Microsoft Exchange can identify these patternsfrom the message envelope, headers and body, in any language,message format and encoding type. It can detect spam messages andnew viruses during the first minutes of the outbreak.

Stand-alone andCentralized

Administration Modes

F-Secure Anti-Virus for Microsoft Exchange can be installed either instand-alone or centrally administered mode. Depending on how it has

been installed, F-Secure Anti-Virus for Microsoft Exchange is managedeither with the Web Console or F-Secure Policy Manager.

Scalability andReliability

F-Secure Policy Manager provides a scalable way to manage the securityof multiple applications on multiple operating systems, from one centrallocation.F-Secure Policy Manager is comprised of two components,F-Secure Policy Manager Console and F-Secure Policy Manager Server,


18/401


which are used to administer applications. They are seamlesslyintegrated with the F-Secure Management Agents that handle allmanagement functions on local hosts.

Easy to Administer If F-Secure Anti-Virus for Microsoft Exchange is installed in stand-alonemode it can be managed with the web-based user interface. With WebConsole, you can configure F-Secure Anti-Virus for Microsoft Exchangesettings, set up scheduled scans or run manual processes any time youwant.

If F-Secure Anti-Virus for Microsoft Exchange has been installed incentrally administered configuration, it is managed with F-Secure Policy

Manager. With its graphical user interface, F-Secure Policy ManagerConsole provides a centralized view of the domains and hosts in yournetwork and lets you configure the security policies for all F-Securecomponents. F-Secure Policy Manager receives status information fromF-Secure Anti-Virus for Microsoft Exchange.

F-Secure Policy Manager Server is the server side component thathandles communication between F-Secure Anti-Virus for MicrosoftExchange and F-Secure Policy Manager Console. It exchanges securitypolicies, software updates, status information, statistics, alerts, and other

information between F-Secure Policy Manager Console and all managedsystems.

Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for MicrosoftExchange, which (2) filters malicious content from mails and attachments, and (3)delivers cleaned files forward.


19/401


1.3 Key Features

F-Secure Anti-Virus for Microsoft Exchange provides the following

features and capabilities.

Superior Protection Superior detection rate with multiple scanning engines.

Automatic malicious code detection and disinfection.

Heuristic scanning detects also unknown Windows and macroviruses.

Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,RAR, TAR, TGZ, Z and ZIP archive files.

Automatic daily virus definition database updates.

Suspicious and unsafe attachments can be stripped away frome-mails.

Password protected archives can be treated as unsafe.

Intelligent file type recognition.

Message filtering based on keywords in message subjects andtext.

Utilizes the low-level Anti-Virus API (AV API 2.0) for MicrosoftExchange 2000 Server, and AV AP 2.5 for Microsoft Exchange2003 Server.

Virus OutbreakDetection

The virus outbreak detection is an additional active layer ofprotection that automatically detects virus outbreaks andquarantines suspicious messages.

Virus outbreaks are transparently detected and infectedmessages are quarantined before the outbreak becomes

widespread. The product can notify the administrator about virus outbreaks.

Quarantined unsafe messages can be reprocessedautomatically.


20/401


Transparency andScalability

Viruses are intercepted before they can enter the network andspread out on workstations and servers.

Real-time scanning of internal, inbound and outbound mail

messages and Public Folder notes.

Automatic protection of new mailboxes and Public Folders.

Total transparency to end-users. Users cannot bypass thesystem, which means that messages and documents cannot beexchanged without scanning.

Support for Windows 2000 Advanced Server or Windows Server2003 clusters. Both Active-Passive and Active-Active clusters aresupported.

Management Controlling and monitoring the behavior of the products remotely.

Starting predefined operations remotely.

Monitoring statistics provided by the products remotely withF-Secure Policy Manager or F-Secure Anti-Virus for MicrosoftExchange Web Console.

Possibility to configure and manage stand-alone installations withthe convenient F-Secure Anti-Virus for Microsoft Exchange Web

Console. Contains new quarantine management features: you can manage

and search quarantined content with the F-Secure Anti-Virus forMicrosoft Exchange Web Console.

Protection againstSpam

Possible spam messages are transparently detected before theybecome widespread.

Efficient spam detection based on different analyses on the

e-mail content. Multiple filtering mechanisms guarantee the high accuracy of

spam detection.

Spam detection works in every language and message format.

CHAPTER1 21


21/401


1.4 F-Secure Anti-Virus Mail Server and GatewayProducts

The F-Secure Anti-Virus product line consists of workstation, file server,mail server, gateway and mobile products.

F-Secure Internet Gatekeeperis a high performance, totallyautomated web (HTTP and FTP-over-HTTP) and e-mail (SMTP)virus scanning solution for the gateway level. F-Secure InternetGatekeeper works independently of firewall and e-mail serversolutions, and does not affect their performance.

F-Secure Anti-Virus for Microsoft Exchangeprotects yourMicrosoft Exchange users from malicious code contained withinfiles they receive in mail messages and documents they openfrom shared databases. Malicious code is also stopped inoutbound messages and in notes being posted on Public Folders.The product operates transparently and scans files in theExchange Server Information Store in real-time. Manual andscheduled scanning of user mailboxes and Public Folders is alsosupported.

F-Secure Anti-Virus for MIMEsweeperprovides a powerfulanti-virus scanning solution that tightly integrates with ClearswiftMIMEsweeper for SMTP and MIMEsweeper for Web products.F-Secure provides top-class anti-virus software with fast andsimple integration to Clearswift MAILsweeper and WEBsweeper,giving the corporation the powerful combination of completecontent security.

F-Secure Internet Gatekeeper fo r Linuxprovides ahigh-performance solution at the Internet gateway level, stoppingviruses and other malicious code before the spread to end usersdesktops or corporate servers. The product scans SMTP, HTTP,FTP and POP3 traffic for viruses, worms and trojans, and blocksand filters out specified file types. ActiveX and Java code canalso be scanned or blocked. The product receives updates

CHAPTER1 22


22/401


automatically from F-Secure, keeping the virus protection alwaysup to date. A powerful and easy-to-use management consolesimplifies the installation and configuration of the product.

F-Secure Messaging Security Gateway delivers theindustrys most complete and effective security for e-mail. Itcombines a robust enterprise-class messaging platform withperimeter security, antispam, antivirus, secure messaging andoutbound content security capabilities in an easy-to-deploy,hardened appliance.


23/401

23

2 DEPLOYMENTInstallation Modes....................................................................... 24

Network Requirements............................................................... 24

Deployment Scenarios............................................................... 25

CHAPTER2 24


24/401

CHAPTER 2 24Deployment

2.1 Installation Modes

F-Secure Anti-Virus for Microsoft Exchange can be installed either in

stand-alone or centrally administered mode. In stand-alone installation,F-Secure Anti-Virus for Microsoft Exchange is managed with WebConsole. In centrally administered mode, it is managed centrally withF-Secure Policy Manager components: F-Secure Policy Manager Serverand F-Secure Policy Manager Console.

To administer F-Secure Anti-Virus for Microsoft Exchange in the centrallyadministered mode, you have to install the following components:

F-Secure Policy Manager Server (on a dedicated machine)

F-Secure Policy Manager Console (on the administrator'smachine)

2.2 Network Requirements

This network configuration is valid for all scenarios described in thischapter. Make sure that the following network traffic can travel:

Service Process Inbound ports Outbound ports

F-Secure Content Scanner

Server

%ProgramFiles%\F-Secure\Content Scanner Server\fsavsd.exe

18971 (TCP) +

1024-65536 (TCP), only

with F-Secure Anti-Virusfor Internet Mail on a

separate host

DNS (53, UDP/TCP),

HTTP (80) or other known

port used for HTTP proxy

F-Secure Anti-Virus for

Microsoft Exchange WebConsole

%ProgramFiles%\F-Secure\

Web User Interface\bin\fswebuid.exe

25023 DNS (53, UDP and TCP),

1433 (TCP), only with thededicated SQL server

F-Secure AutomaticUpdate Agent

F-Secure Automatic Update.exe 371 (UDP), only ifBackWeb Polite Protocol

is used

DNS (53, UDP and TCP),HTTP (80)

CHAPTER 2 25


25/401

Deployment

2.3 Deployment ScenariosDepending on the number of protected systems and the amount of datatraffic, you might consider various scenarios of deploying F-Secure

Anti-Virus for Microsoft Exchange. There are various ways to deployF-Secure Anti-Virus for Microsoft Exchange that are suitable to differentenvironments.

If the mail traffic is not very heavy, see Minimum Installation, 25.

If the mail traffic is rather heavy, see Medium to LargeInstallation, 27.

For very large, performance-critical installations, seePerformance-Critical Installation, 28.

For Microsoft Exchange Cluster Environments, see MicrosoftExchange Cluster Environment, 30.

2.3.1 Minimum InstallationIf the mail traffic is not very heavy, you can install F-Secure ContentScanner Server on the same machine that runs Microsoft ExchangeServer. In this case, both F-Secure Content Scanner Server andF-Secure Anti-Virus for Microsoft Exchange will reside on the MicrosoftExchange Server.

FSNRB %ProgramFiles%\F-Secure\

Common\fnrb32.exe

- DNS (53, UDP/TCP),

HTTP (80)

FSMA (AMEH) %ProgramFiles%\F-Secure\Common\fameh32.exe

- DNS (53, UDP/TCP),

SMTP (25)

F-Secure QuarantineManager

%ProgramFiles%\F-Secure\Quarantine Manager\fqm.exe

- DNS (53, UDP/TCP),1433 (TCP), only with the

dedicated SQL server

Service Process Inbound ports Outbound ports

CHAPTER 2 26


26/401

Deployment

You can administer F-Secure Anti-Virus for Microsoft Exchange andF-Secure Content Scanner Server by using the F-Secure Anti-Virus forMicrosoft Exchange Web Console.

Figure 2-1 F-Secure Anti-Virus for Microsoft Exchange minimum installation

Alternatively, you can choose to install F-Secure Policy Manager toenable centralized administration of F-Secure Content Scanner Serverand F-Secure Anti-Virus for Microsoft Exchange.

CHAPTER 2 27


27/401

Deployment

2.3.2 Medium to Large Installation

If the mail traffic is rather heavy, F-Secure Content Scanner Server should

be installed on a dedicated machine. This minimizes the extra load on theMicrosoft Exchange Server.

You should install F-Secure Anti-Virus for Microsoft Exchange incentralized administration mode on each Microsoft Exchange Server.

Figure 2-2 F-Secure Anti-Virus for Microsoft Exchange, medium to largeinstallation

CHAPTER 2 28D l t


28/401

Deployment

2.3.3 Performance-Critical Installation

In very large, performance-critical installations you should use multiple

F-Secure Content Scanner Server installations. Each F-Secure ContentScanner Server should be installed on a dedicated machine. F-Secure

Anti-Virus for Microsoft Exchange can share the virus scanning loadbetween multiple F-Secure Content Scanner Servers.

Figure 2-3 F-Secure Anti-Virus for Microsoft Exchange with multiple F-SecureContent Scanner Servers



29/401

Deployment

F-Secure Anti-Virus for Microsoft Exchange should be installed incentralized administration mode on each Microsoft Exchange Server.

Figure 2-4 F-Secure Anti-Virus for Microsoft Exchange installed on eachMicrosoft Exchange Server



30/401

Deployment

2.3.4 Microsoft Exchange Cluster Environment

F-Secure Anti-Virus for Microsoft Exchange can be installed on a

Windows 2000 Advanced Server or Windows Server 2003 EnterpriseEdition cluster. The product supports standard two-node Active-Passiveand Active-Active clusters.

F-Secure Anti-Virus for Microsoft Exchange needs to be installedseparately on both cluster nodes. When installing in Microsoft Exchange

cluster environment, the product must be installed in centrally managedmode, so that you can configure and manage the product with F-SecurePolicy Manager. Changing the product settings with F-Secure Anti-Virusfor Microsoft Exchange Web Console is not supported in clusterenvironments, but it can be used for some quarantine managementfunctions.

The settings on both cluster nodes must be identical. To ensure this,place the servers as their own domain in the F-Secure Policy ManagerConsole and configure all the settings on the domain level, not on thehost level.

It is recommended to install a local F-Secure Content Scanner Server onboth cluster nodes. However, if a remote F-Secure Content ScannerServer is used, the dedicated IP address of each cluster node must bevisible to the remote F-Secure Content Scanner Server.

When installing the product, the setup program detects MicrosoftExchange Cluster automatically. The setup program also creates a cluster

resource for the product automatically. The cluster resource makes itpossible to use the product in the cluster, by giving the control of theresource to the cluster service. This and other resources togetherguarantee that the product works properly in the cluster in every situation.

You can check the state of the resource in Microsoft Cluster Administratorconsole, under the same branch where the Exchange resources reside.

For detailed instructions, see Deploying the Product on a Cluster, 349.

Microsoft Exchange needs to be properly configured and running inthe cluster before installing F-Secure Anti-Virus for MicrosoftExchange.



31/401

Deployment

A Note about Installing on Active-Passive Cluster

The product can be installed either on an active or a passive cluster node.When installing on a passive node (which does not have active Microsoft

Exchange services), the setup program may display a notification aboutmissing Microsoft Exchange components, but the installation can becontinued.


32/401

32

3 INSTALLATIONSystem Requirements................................................................ 33

Improving Reliability and Performance....................................... 38

Installation Overview.................................................................. 39

Installing F-Secure Anti-Virus for Microsoft Exchange............... 41

After the Installation.................................................................... 60

Upgrading the Previous Version................................................. 61

Upgrading the Evaluation Version.............................................. 64Uninstalling F-Secure Anti-Virus for Microsoft Exchange........... 65

CHAPTER 3 33Installation


33/401

3.1 System Requirements

F-Secure Anti-Virus for Microsoft Exchange is installed on the computer

running Microsoft Exchange Server and requires the following hardwareand software.

3.1.1 Minimum System Requirements

F-Secure Anti-Virus for Microsoft Exchange has to be installed to thesame machine that runs Microsoft Exchange Server. You need to log inwith administrator-level privileges to install F-Secure Anti-Virus for

Microsoft Exchange.In order to install the product successfully on a non-english versionof the operating system, your default system locale should be thesame as the language of the operating system. You can set thelocale in Control Panel > Regional Options > General > Your locale(location).



34/401

Operating system: Windows 2000 Server Family:

Microsoft Windows 2000 Server withService Pack 3 or later

Microsoft Windows 2000 AdvancedServer with Service Pack 3 or later

Windows 2003 Server Family:

Microsoft Windows Server 2003,Standard Edition with latest service pack

Microsoft Windows Server 2003,Enterprise Edition with latest servicepack

Microsoft ExchangeServer:

Microsoft Exchange 2000 Server Family:

Microsoft Exchange 2000 Server withService Pack 3 or later

Microsoft Exchange 2003 Server Family:

Microsoft Exchange 2003 Server withlatest service pack

Microsoft Exchange 2003 Enterprise

Server with latest service pack

Processor: Intel Pentium 800 MHz or equivalent.

Memory: 512 MB

Disk space to install: 70 MB.

Disk space forprocessing:

500 MB or more. The required disk spacedepends on the number of mailboxes, amount of

data traffic and the size of the Information Store.



35/401

3.1.2 Which SQL Server to Use for the Quarantine Database?

As a minimum requirement, the Quarantine database should have thecapacity to store information about all inbound and outbound mail to andfrom your organization that would normally be sent during 2-3 days.

Take into account the following SQL server specific considerations whendeciding which SQL server to use:

SQL server (forquarantinedatabase):

Microsoft SQL Server 2000 (Enterprise,Standard or Workgroup edition) withService Pack 4

Microsoft SQL Server 2005 Microsoft SQL Server 2000 Desktop

Engine (MSDE) with Service Pack 4

For more information, see Which SQL Server toUse for the Quarantine Database?, 35.

When centralized quarantine management isused, the SQL server must be reachable fromthe network and file sharing must be enabled.

F-Secure PolicyManager version:

F-Secure Policy Manager 6.0 or newer.

F-Secure Policy Manager is required only incentrally managed environments.

For Microsoft Windows Server 2003 Service Pack 1 related supportinformation, seehttp://support.f-secure.com/enu/corporate/w2003sp1/

The release notes document contains the latest information aboutthe product and might have changes to system requirements andthe installation procedure. It is highly recommended to read therelease notes before you proceed with the installation.

http://support.f-secure.com/enu/corporate/w2003sp1/http://support.f-secure.com/enu/corporate/w2003sp1/


36/401

Microsoft SQL ServerDesktop Engine and

SQL Server 2005

Express Edition

When using Microsoft SQL Server Desktop Engine (MSDE), theQuarantine database size is limited to 2 GB.

MSDE includes a concurrent workload governor that limits the

scalability of MSDE. For more information, seehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=true.

It is notrecommended to use MSDE or SQL Server 2005Express Edition if you are planning to use centralized quarantinemanagement with multiple F-Secure Anti-Virus for MicrosoftExchange installations.

Microsoft SQLServer 2000/2005

If your organization sends a large amount of e-mails, it isrecommended to use Microsoft SQL Server 2000/2005.

It is recommended to use Microsoft SQL Server 2000/2005 if youare planning to use centralized quarantine management withmultiple F-Secure Anti-Virus for Microsoft Exchange installations.

For more information, see Performance-Critical Installation, 28. Note that the product does not support Windows Authentication

when connecting to Microsoft SQL Server 2000/2005. TheMicrosoft SQL Server 2000/2005 that the product will use for theQuarantine database should be configured to use Mixed Modeauthentication.

MSDE is delivered together with F-Secure Anti-Virus for

Microsoft Exchange, and you can install it during the F-SecureInternet Anti-Virus for Microsoft Exchange Setup. For moreinformation, see Installation Overview, 39.

If you plan to use Microsoft SQL Server 2005, you mustpurchase it and obtain your own license before you start to

deploy F-Secure Anti-Virus for Microsoft Exchange. Topurchase Microsoft SQL Server 2005, contact your Microsoftreseller.

http://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=truehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=truehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=truehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=true


37/401

3.1.3 Web Browser Software Requirements

In order to administer the product with F-Secure Anti-Virus for Microsoft

Exchange Web Console, one of the following web browsers is required: Microsoft Internet Explorer 6.0 or later

Netscape Communicator 8.1 or later

Mozilla Firefox 1.5 or later

Opera 9.00 or later

Konqueror 3.5 or later

Any other web browser supporting HTTP 1.0, SSL, Java scripts and

cookies may be used as well. Microsoft Internet Explorer 5.5 or earliercannot be used to administer the product.



38/401

3.2 Improving Reliability and Performance

You can improve the system reliability and overall performance by

upgrading the following components.

Processor If the system load is high, a fast processor on the Microsoft ExchangeServer speeds up the e-mail message processing. As MicrosoftExchange Server handles a large amount of data, a fast processor aloneis not enough to guarantee a fast operation of F-Secure Anti-Virus forMicrosoft Exchange.

Memory Memory consumption is directly proportional to the size of processed

mails - scanning a single mail may use memory in amounts up to threetimes the size of the mail concerned. If the average size of mail messagesis big, or Microsoft Exchange Server has to process large messagesregularly, increasing the amount of physical memory increases the overallperformance.

If large messages are processed only now and then, it might be enoughto increase the size of the virtual memory. In this case, large messageswill slow the system down.

Hard Drive Hard drive size is an important reliability factor. Hard drive performance iscrucial for Microsoft Exchange Server to perform well. For bestperformance, a RAID system is recommended; for servers with onlymoderate load, SCSI hard disks are adequate. If your server has an IDEhard disk, DMA access support is recommended.

Operating System It is highly recommended to have the latest service packs for theoperating system being used. These fixes make the platform more stable

and thus increase the reliability of the system.



39/401

3.3 Centrally Administered or Stand-aloneInstallation?

F-Secure Anti-Virus for Microsoft Exchange can be managed either withF-Secure Anti-Virus for Microsoft Exchange Web Console or F-SecurePolicy Manager Console. You can select the management method whenyou install the product.

If you already use F-Secure Policy Manager to administer other F-Secureproducts, it is recommended to install F-Secure Anti-Virus for MicrosoftExchange in centralized administration mode.

The quarantined mails are managed using the F-Secure Anti-Virus forMicrosoft Exchange Web Console in both centrally administered andstand-alone installations. In centrally managed environments all otherfeatures are managed with F-Secure Policy Manager.

3.4 Installation Overview

Before you start to install F-Secure Anti-Virus for Microsoft Exchange,uninstall any potentially conflicting products, such as anti-virus, fileencryption, and disk encryption software that employ low-level devicedrivers. Close all Windows applications before starting the installation.

When installing in Microsoft Exchange cluster environment, theproduct must be installed in centrally managed mode, so that youcan configure and manage the product with F-Secure PolicyManager.



40/401

F-Secure Anti-Virus for Microsoft Exchange can be installed to the samecomputer that runs F-Secure Anti-Virus for Servers 5.50. You shoulduninstall any potentially conflicting products, such as other anti-virus, fileencryption, and disk encryption software, which employ low-level devicedrivers, before you install F-Secure Anti-Virus for Microsoft Exchange.

To administer F-Secure Anti-Virus for Microsoft Exchange in centralized

administration mode, you need to install F-Secure Policy ManagerConsole and F-Secure Policy Manager Server. Detailed information onF-Secure Policy Manager Console and F-Secure Policy Manager Serveris provided in the F-Secure Policy Manager Administrator's Guide.

Follow these steps to set up F-Secure Anti-Virus for Microsoft Exchange:

Centralized Administration mode:

1. Run F-Secure Policy Manager setup to set up F-Secure PolicyManager Server. See F-Secure Policy Manager Administrators

Guide for instructions.2. Install F-Secure Anti-Virus for Microsoft Exchange. For more

information, see Installing F-Secure Anti-Virus for MicrosoftExchange, 41.

3. Import the product MIB files to F-Secure Policy Manager, if theycannot be uploaded there during the installation. For moreinformation, see Importing Product MIB files to F-Secure PolicyManager Console, 60.

4. Check that F-Secure Automatic Update Agent can retrieve the latestvirus definition databases. For more information, see Updating Virusand Spam Definition Databases, 345.

If you want to run F-Secure Anti-Virus for Servers 5.50 on the samecomputer where you install F-Secure Anti-Virus for MicrosoftExchange, make sure that F-Secure Anti-Virus for Servers 5.50 isinstalled before you install F-Secure Anti-Virus for MicrosoftExchange.



41/401

Stand-alone mode:

1. Install F-Secure Anti-Virus for Microsoft Exchange. For moreinformation, see Installing F-Secure Anti-Virus for Microsoft

Exchange, 41.2. Check that F-Secure Automatic Update Agent can retrieve the latest

virus definition databases. For more information, see Updating Virusand Spam Definition Databases, 345.

After the installation is complete, check and configure settings forF-Secure Content Scanner Server, F-Secure Anti-Virus for MicrosoftExchange and F-Secure Management Agent.

3.5 Installing F-Secure Anti-Virus for MicrosoftExchange

Follow these instructions to install F-Secure Content Scanner Server andF-Secure Anti-Virus for Microsoft Exchange.

Step 1. 1. Insert the F-Secure CD in your CD-ROM drive.

2. Select F-Secure Anti-Virus for Microsoft Exchange from the InstallSoftwaremenu.

Step 2. Read the information in the Welcome screen.



42/401

Click Nextto continue.

Step 3. Read the licence agreement.



43/401

If you accept the agreement, check the I accept the agreementcheckbox and click Nextto continue.

Step 4. Enter the product keycode.




44/401

Step 5. Choose the components to install.

If you want to install F-Secure Content Scanner Server and F-SecureAnti-Virus for Microsoft Exchange on the Microsoft Exchange Server

computer, select all components. Click Nextto continue.

When you install F-Secure Spam Control, or F-Secure ContentScanner Server in stand-alone mode, F-Secure Automatic UpdateAgent is automatically installed to provide virus definition databaseupdates. For more information, see Automatic Updates withF-Secure Automatic Update Agent, 346.



45/401

Step 6. Choose the destination folder for the installation.



S


46/401

Step 7. Choose the administration method.

If you install F-Secure Anti-Virus for Microsoft Exchange in stand-alonemode, you cannot configure settings and receive alerts and statusinformation in F-Secure Policy Manager Console. Click Nextto continue.

If you selected the stand-alone installation, continue to Step 10. , 49.

If you select the stand-alone mode, use the F-Secure Anti-Virus forMicrosoft Exchange Web Console to change product settings andstatistics. For more information, see Administration with WebConsole, 219.


St 8


47/401

Step 8. Enter the path to the public management key file admin.pubthat wascreated during F-Secure Policy Manager Console setup.

You can transfer the public key in various ways (use a shared folder onthe file server, a floppy disk, or send the key as an attachment in ane-mail message). Click Nextto continue.


Step 9 E t th IP dd URL f th F S P li M S


48/401

Step 9. Enter the IP address or URL of the F-Secure Policy Manager Server youinstalled earlier.


If the product MIB files cannot be uploaded to F-Secure PolicyManager during installation, you can import them manually.

For more information, see Importing Product MIB files to F-SecurePolicy Manager Console, 60.


Step 10 E t SMTP dd th t ill b d b F S A ti Vi f


49/401

Step 10. Enter an SMTP address that will be used by F-Secure Anti-Virus forMicrosoft Exchange to send warning and informational messages toend-users.

The SMTP address should be a valid, existing address that is allowed tosend messages. Click Nextto continue.


Step 11 Select the user account that F Secure Outbreak Manager should use


50/401

Step 11. Select the user account that F-Secure Outbreak Manager should use.

Select either the local system account or enter the name and passwordfor the user account that F-Secure Outbreak Manager should use. Theaccount is used to run the outbreak handler scripts or programs.

If you do need to see the outbreak handler script running on the desktop

selectAllow to interact with desktop. By default, the script or programruns in the background.

For more information, see Outbreak Management, 158. Click Nexttocontinue.

If you want to use the default \SYSTEM account, do not enter anypassword.

Make sure that the account has all the necessary privileges to run

the outbreak handler script.


Step 12 Specify the Quarantine management method


51/401

Step 12. Specify the Quarantine management method.

If you want to manage quarantines locally, select Local quarantinemanagement. Select Centralized quarantine managementif you installthe product on multiple instances. For more information, see MicrosoftExchange Cluster Environment, 30.

ClickNextto continue.


Step 13. Specify the location of the Quarantine database.


52/401

Step 13. Specify the location of the Quarantine database.

If you want to install the Quarantine database on the same server as theproduct installation, select (a) Install and use Microsoft SQL ServerDesktop Engine.

If you are using Microsoft SQL Server or Microsoft SQL Server Desktop

Engine already, select (b) Use the existing installation of MIcrosoft SQLServer or MSDE.

ClickNextto continue.


a Specify the installation directory for Microsoft SQL Server


53/401

Desktop Engine and data files.

Enter the username and password for the server administratoraccount. ClickNextto continue.

b Specify the computer name of the SQL Server where you want tocreate the Quarantine database.

Enter the username and password to log on to the server. ClickNextto continue.



54/401

If the server has a database with the same name, you can eitheruse the existing database, remove the existing database andcreate a new one or keep the existing database and create a newone with a new name.


Step 14. Select whether you want to install the product with F-Secure World Map


55/401

Support.

The product can collect and send statistics about viruses and othermalware to the F-Secure World Map service. if you agree to sendstatistics to F-Secure World Map, select Yesand click Nextto continue.


Step 15. If you selected the centralized administration mode, the installationt t ifi d F S P li M S


56/401

program connects to specified F-Secure Policy Manager Serverautomatically to install F-Secure Anti-Virus for Microsoft Exchange MIBfiles. If the installation program cannot connect to F-Secure Policy

Manager Server, the following dialog opens.

Make sure that the computer where you are installing F-Secure Anti-Virusfor Microsoft Exchange is allowed to connect to the administration port onF-Secure Policy Manager Server, or if you use proxy, make sure that theconnection is allowed from the proxy to the server. Check that any firewalldoes not block the connection.

If you want to skip installing MIB files, click Cancel. You can install MIBfiles later either manually or by running the Setup again.


Step 16. The list of components that will be installed is displayed.


57/401

Click Startto install listed components.


Step 17. The installation status of the components is displayed.


58/401



Step 18. The installation is completed.


59/401

Click Finishto close the Setup wizard.

Step 19. If you are installing F-Secure Spam Control, the setup prompts you toselect whether to restart the Microsoft Exchange Information Storeservice automatically to complete the installation. Click Yesto restart theInformation Store service automatically.


3.6 After the Installation


60/401

This section describes what you have to do after the installation. Thesesteps include:

Importing product MIBs to F-Secure Policy Manager (if that isrequired), and

Initial configuration of the product.

3.6.1 Importing Product MIB files to F-Secure Policy ManagerConsole

If you are using the product in centrally managed mode, there are caseswhen the F-Secure Anti-Virus for Microsoft Exchange MIB JAR file cannotbe uploaded to F-Secure Policy Manager Server during the installation. Inthese cases you will have to import the MIB files to F-Secure PolicyManager. You will have to import the MIB files if:

F-Secure Anti-Virus for Microsoft Exchange is located in adifferent network segment than F-Secure Policy Manager, andthere is a firewall between them blocking access to Policy

Managers administrative port (8080). F-Secure Policy Manager Server has been configured so that

administrative connections from anywhere else than the localhostare blocked.

The recommended way is to import the MIBs via F-Secure PolicyManager Console Toolsmenu. You can do it as follows:

1. Open the Toolsmenu and select the Installation packages...option.

2. Click Import....3. When the Import Installation Packages dialog opens, browse to

locate the fsavmse660.mib.jarfile located under the Jars subdirectoryin the setup package. Then click Open.

4. After importing the new MIB files, restart F-Secure Policy ManagerConsole.


3.6.2 Configuring the Product


61/401

After the installation, F-Secure Anti-Virus for Microsoft Exchange isfunctional, but it is using mostly default values. It is highly recommended

to go through all the settings of all installed components. You should alsoretrieve the latest virus definition database updates.

Configure F-Secure Anti-Virus for Microsoft Exchange.

If F-Secure Anti-Virus for Microsoft Exchange has been installedin the centralized administration mode, use F-Secure PolicyManager Console to configure the settings for F-Secure ContentScanner Server and F-Secure Anti-Virus for Microsoft Exchangeand distribute the policy. For more information, see Centrally

Managed Administration, 127.If F-Secure Anti-Virus for Microsoft Exchange has been installedin stand-alone mode, use the F-Secure Anti-Virus for MicrosoftExchange Web Console to configure the settings of F-Secure

Anti-Virus for Microsoft Exchange. For more information, seeAdministration with Web Console, 219.

Specify the domains which should be considered to be internaldomains. For more information, see Internal Domains, 161.

Retrieve virus definition database updates. For more information,see Updating Virus and Spam Definition Databases, 345.

3.7 Upgrading the Previous Version

If you have a previous version of F-Secure Anti-Virus for MicrosoftExchange installed on your computer, you can upgrade it easily. You donot need to remove your previous version, F-Secure Setup uninstalls it

automatically.


During upgrade the setup will stop and restart Microsoft ExchangeInformation Store, IIS Admin Service and all services that depend onth


62/401

them:

Microsoft Exchange Information Store

World Wide Web Publishing Service

Simple Mail Transport Protocol (SMTP)

Microsoft Exchange Routing Engine

Microsoft Exchange POP3

Network News Transport Protocol (NNTP)

Microsoft Exchange MTA Stacks

Microsoft Exchange Information Store

Microsoft Exchange IMAP4

IIS Admin Service


Follow these instruc tions to upgrade F-Secure Anti-Virus for

Microsoft Exchange:


63/401

1. Run the Setup program. For more information, see InstallingF-Secure Anti-Virus for Microsoft Exchange, 41.

2. Depending on the installed F-Secure products, F-Secure Setup willsuggest upgrading one or more components.

Select the components you want to upgrade.

3. The setup needs to stop and restart Microsoft Exchange Serverrelated services during the upgrade.

Click OKto continue.

4. After the Setup finishes, restart the computer if the Setup programprompts you to do so.


5. Configure F-Secure Anti-Virus for Microsoft Exchange. For moreinformation, see Centrally Managed Administration, 127. If youinstalled F Secure Anti Virus for Microsoft Exchange in stand alone


64/401

installed F-Secure Anti-Virus for Microsoft Exchange in stand-alonemode, see Administration with Web Console, 219.

6. that F-Secure Automatic Update Agent can retrieve the latest virusdefinition databases. For more information, see Updating Virus andSpam Definition Databases, 345.

3.8 Upgrading the Evaluation Version

If you want to use F-Secure Anti-Virus for Microsoft Exchange after your

evaluation period expires, you need a new keycode. Contact yoursoftware vendor or renew your license online.

After you have received the new keycode, you can either reinstallF-Secure Anti-Virus for Microsoft Exchange with your new keycode (seeInstalling F-Secure Anti-Virus for Microsoft Exchange, 41) or register thenew keycode from F-Secure Settings and Statistics.

To register the new keycode from F-Secure Settings and Statist ics

1. Open F-Secure Settings and Statisticsby double-clicking the

F-Secure icon in the Windows system tray and select F-SecureAnti-Virus for Microsoft Exchange to open the evaluation screen.

2. Click Register Keycode...and enter the new keycode you havereceived.


If you do not want to continue to use F-Secure Anti-Virus for MicrosoftExchange after your evaluation license expires, you should uninstall thesoftware


65/401

software.

3.9 Uninstalling F-Secure Anti-Virus for MicrosoftExchange

To uninstall F-Secure Anti-Virus for Microsoft Exchange, selectAdd/Remove Programsfrom the Windows Control Panel. To uninstallF-Secure Anti-Virus for Microsoft Exchangecompletely, uninstall thecomponents in the following order:

1. F-Secure Anti-Virus for Microsoft Exchange

2. F-Secure SNMP Support (if it was installed)

3. F-Secure Spam Control

4. F-Secure Content Scanner Server

5. F-Secure Automatic Update Agent

IMPORTANT: If there is another F-Secure Anti-Virus product

installed on the same computer, check whether it uses F-SecureAutomatic Update Agent or F-Secure Policy Manager for gettingvirus definition database updates. If the other product gets theupdates from F-Secure Policy Manager, you can uninstall F-SecureAutomatic Update Agent.


66/401

66

4 USINGF-SECURE

ANTI-VIRUSFORMICROSOFTEXCHANGE

Overview..................................................................................... 67

Administering F-Secure Anti-Virus for Microsoft Exchange........ 67

Using F-Secure Anti-Virus for Microsoft Exchange Web Console...

68

Home Page................................................................................. 71

Checking the Product Status...................................................... 71

Configuring the F-Secure Anti-Virus for Microsoft Exchange WebConsole...................................................................................... 74

Using F-Secure Policy Manager Console................................... 75

Modifying Settings and Viewing Statistics.................................. 76

Manually Processing Mailboxes and Public Folders.................. 78

Configuring Alert Forwarding.................................................... 121

Viewing Alerts........................................................................... 125

CHAPTER 4 67Using F-Secure Anti-Virus for Microsoft Exchange

4.1 Overview

F-Secure Anti-Virus for Microsoft Exchange can be used either in the


67/401

F Secure Anti Virus for Microsoft Exchange can be used either in thestand-alone mode, or in the centrally administered mode, based on your

selections during the installation and the initial setup.

4.2 Administering F-Secure Anti-Virus for MicrosoftExchange

In the centralized administration mode, you can administer F-SecureAnti-Virus for Microsoft Exchange and F-Secure Content ScannerServers with F-Secure Policy Manager. You can use the F-Secure

Anti-Virus for Microsoft Exchange Web Console to start and stopF-Secure Anti-Virus for Microsoft Exchange, check its current status andto connect to F-Secure Web Club for support, but you cannot change anysettings with it.

In the stand-alone mode, you use the F-Secure Anti-Virus for MicrosoftExchange Web Console to start and stop F-Secure Anti-Virus forMicrosoft Exchange, modify its settings, edit scheduled tasks and start

manual processing.

To open the F-Secure Anti-Virus for Microsoft Exchange Web Console,start it from F-Secure Settings and Statistics or select F-Secure Anti-Virusfor Microsoft Exchangefrom theWindows Start menu > Programs >F-Secure Anti-Virus for Microsoft Exchange > F-Secure Anti-Virus forMicrosoft Exchange Web Console. You can open F-Secure Settings andStatisticsby double-clicking the F-Secure icon in the Windows systemtray.


4.3 Using F-Secure Anti-Virus for Microsoft ExchangeWeb Console


68/401

In centrally managed installations of F-Secure Anti-Virus for MicrosoftExchange, the F-Secure Anti-Virus for Microsoft Exchange Web Consolecan be used for monitoring the system status and statistics. It can also beused for viewing the settings currently in use and executing someoperations. However, in centrally managed installations it cannot be usedfor configuring the system or scanning settings; use F-Secure PolicyManager for this instead.

4.3.1 Logging in for the First Time

Microsof t Internet Explorer 6.0 users:

The address of the F-Secure Anti-Virus for Microsoft Exchange WebConsole, https://127.0.0.1:25023/, should be added to the Trusted sitesin

Internet Explorer 6.0 Security Options. This ensures that the F-SecureAnti-Virus for Microsoft Exchange Web Console works properly in allenvironments.

Before you log in the F-Secure Anti-Virus for Microsoft Exchange WebConsole for the first time, check that Java script and cookies are enabledin the browser you use.

F-Secure Anti-Virus for Microsoft Exchange Web Console does notsupport Microsoft Internet Explorer 5.5 or older.


When you log in for the first time, your browser will display a Security Alertdialog window about the security certificate for F-Secure Anti-Virus forMicrosoft Exchange Web Console. You can create a security certificatef F S A ti Vi f Mi ft E h W b C l b f


69/401

for F-Secure Anti-Virus for Microsoft Exchange Web Console before

logging in, and then install the certificate during the login process.

Step 1. Create the security certificate

1. Browse to the F-Secure Anti-Virus for Microsoft Exchange WebConsole installation directory, for example:

C:\Program Files\F-Secure\Web User Interface\bin\

2. Locate the certificate creation utility, makecert.bat, and double click itto run the utility.

3. The utility creates a certificate that will be issued to all local IPaddresses, and restarts the F-Secure Anti-Virus for Microsoft

Exchange Web Console service to take the certificate into use. Waituntil the utility completes, and the window closes. Now you canproceed to logging in.

Step 2. Log in and install the security certificate

1. Select Programs>F-Secure Anti-Virus for MicrosoftExchange>F-Secure Anti-Virus for Microsoft Exchange Web Console,

or enter the address of the F-Secure Anti-Virus for Microsoft

Exchange and the port number in your web browser. Note, that theprotocol used is https. For example:

https://127.0.0.1:25023

If your company has an established process for creating andstoring certificates, you can follow that process to create and storethe security certificate for F-Secure Anti-Virus for MicrosoftExchange Web Console.


70/401



71/401

Figure 4-2 F-Secure Anti-Virus for Microsoft Exchange Home page

4.4 Home Page

4.5 Checking the Product Status

You can check the overall product status on the Home page. The Homepage displays an overview of each component status and most importantstatistics of the installed F-Secure Anti-Virus for Microsoft Exchangecomponents. From the Home page you can also open the product logsand proceed to configure the product components.

This section describes the statistics and operations available on theHome page.


F-Secure Anti-Virus for Microsoft Exchange

The Home page displays the status the F-Secure Anti-Virus for MicrosoftExchange as well as a summary of the F-Secure Anti-Virus for Microsoft


72/401

Exchange statistics.

Click Configureto configure F-Secure Anti-Virus for Microsoft Exchange.For more information, see Overview, 220.

F-Secure Content Scanner Server

The Home page displays the status the F-Secure Content ScannerServer as well as a summary of the F-Secure Content Scanner Server

statistics.

Status indicator Displays the status of F-Secure Anti-Virus forMicrosoft Exchange.

Processed messages Displays the total number of messages thathave been processed.

Infected messages Displays the number of infected messagesfound since the last reset of statistics.

Stripped attachments Displays the number of attachments that havebeen stripped.

Status indicator Displays the status of F-Secure ContentScanner Server.

Last time virus definitiondatabases updated

Displays the last date and time when thevirus definition databases were updated.

Database update version Displays the version of the virus definitiondatabase update.


The version is shown in YYYY-MM-DD_NNformat, where YYYY-MM-DD is the releasedate of the update and NN is the number ofthe update for that day


73/401

Click Configureto configure F-Secure Content Scanner Server. For moreinformation, see F-Secure Content Scanner Server Settings, 278.

F-Secure Automatic Update Agent

Click Configureto configure F-Secure Automatic Update Agent. Formore information, see Updating Virus and Spam Definition Databases,345.

F-Secure Management Agent

the update for that day.

Scanned files Displays the number of files the server hasscanned for viruses.

Last time infection found Displays the last infection detected by theserver.

Status indicator Displays the status of F-Secure AutomaticUpdate Agent.

Communication method Displays the currently used client protocol.

Last connection to theserver

Displays the last date and time whenF-Secure Automatic Update Agent polled the

F-Secure Automatic Update Server for newupdates.

Status indicator Displays the status of F-SecureManagement Agent.

Management method Displays if the host is standalone (configuredlocally) or networked (at least sometimesconnected through a network or a temporarylink).


Click Configureto configure the F-Secure Management Agent. For moreinformation, see F-Secure Management Agent Settings, 308.

Toolbar Buttons


74/401

Click Show F-Secure Logto view the F-Secure log file (LogFile.log) in anew Internet browser window. Click Downloadto download and save theLogFile.log for later use.

Click Export Settingsto open a list of all F-Secure Anti-Virus forMicrosoft Exchange settings in a new Internet browser window. SelectFile > Save As...to save the file for later use.

Click Export Statisticsto open a list of all F-Secure Anti-Virus forMicrosoft Exchange statistics in a new Internet browser window. Select

File > Save As...to save or print the file for later use.Click Configure Console to configure the F-Secure Anti-Virus forMicrosoft Exchange Web Console. For instructions, see Configuring theF-Secure Anti-Virus for Microsoft Exchange Web Console, 74.

Click Helpto open the online help.

4.6 Configuring the F-Secure Anti-Virus for MicrosoftExchange Web Console

On the F-Secure Anti-Virus for Microsoft Exchange Web ConsoleConfiguration page you can specify settings for connections to the server.You can also open the F-Secure Anti-Virus for Microsoft Exchange WebConsole access log from this page.

Limit session timeout Specify the length of time a client can be

connected to the server. When the sessionexpires, the F-Secure Anti-Virus forMicrosoft Exchange Web Console displays awarning. The default value is 60 minutes.


Click Show Access Logto view the F-Secure Anti-Virus for MicrosoftExchange Web Console access log. Note that the Web Console accesslog differs from standard web server access logs, as it logs only the firstrequest per session.


75/401

To add a new host in the list, clickAddto add new a new line in the tableand then enter the IP address of the host.

4.7 Using F-Secure Policy Manager Console

In the centralized administration mode, you can open F-Secure Anti-Virusfor Microsoft Exchange components from the Windows Start menu >Programs > F-Secure Policy Manager Console. When the Policy

f Secure Anti Virus Msexchange

Documents

Transcript of f Secure Anti Virus Msexchange