f Secure Anti Virus Msexchange
Transcript of f Secure Anti Virus Msexchange
-
8/13/2019 f Secure Anti Virus Msexchange
1/401
F-Secure Anti-Virus forMicrosoft Exchange
Administrators Guide
-
8/13/2019 f Secure Anti Virus Msexchange
2/401
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure
product names and symbols/logos are either trademarks or registered trademarks of F-Secure
Corporation. All product names referenced herein are trademarks or registered trademarks of their
respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of
others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,
F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure
Corporation reserves the right to modify specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of
this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of F-Secure Corporation.
Copyright 1993-2006 F-Secure Corporation. All rights reserved.
Portions Copyright 1991-2006 Kaspersky Lab.
This product includes software developed by the Apache Software Foundation (http://
www.apache.org/). Copyright 2000-2006 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www.php.net/. Copyright 1999-2006 The PHP
Group. All rights reserved.
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution
are Copyright 2000-2002 Justin Mason and others, unless specified otherwise in that particular file.
All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the
Artistic License.
This product may be covered by one or more F-Secure patents, including the following:
12000040-6J16
GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233
GB2374260
-
8/13/2019 f Secure Anti Virus Msexchange
3/401
3
Contents
About This Guide 9How This Guide Is Organized ............................................................................................ 10
Conventions Used in F-Secure Guides .............................................................................. 12
Symbols .................................................................................................................... 12
Chapter 1 Introduction 14
1.1 Overview ....................................................................................................................15
1.2 How F-Secure Anti-Virus for Microsoft Exchange Works...........................................16
1.3 Key Features..............................................................................................................19
1.4 F-Secure Anti-Virus Mail Server and Gateway Products ...........................................21
Chapter 2 Deployment 23
2.1 Installation Modes ......................................................................................................24
2.2 Network Requirements...............................................................................................24
2.3 Deployment Scenarios...............................................................................................25
2.3.1 Minimum Installation.......................................................................................252.3.2 Medium to Large Installation ..........................................................................272.3.3 Performance-Critical Installation.....................................................................282.3.4 Microsoft Exchange Cluster Environment ......................................................30
Chapter 3 Installation 32
3.1 System Requirements................................................................................................33
3.1.1 Minimum System Requirements.....................................................................333.1.2 Which SQL Server to Use for the Quarantine Database?..............................35
-
8/13/2019 f Secure Anti Virus Msexchange
4/401
4
3.1.3 Web Browser Software Requirements ...........................................................37
3.2 Improving Reliability and Performance ......................................................................38
3.3 Centrally Administered or Stand-alone Installation? ..................................................393.4 Installation Overview..................................................................................................39
3.5 Installing F-Secure Anti-Virus for Microsoft Exchange...............................................41
3.6 After the Installation ...................................................................................................60
3.6.1 Importing Product MIB files to F-Secure Policy Manager Console.................603.6.2 Configuring the Product..................................................................................61
3.7 Upgrading the Previous Version ................................................................................61
3.8 Upgrading the Evaluation Version..............................................................................64
3.9 Uninstalling F-Secure Anti-Virus for Microsoft Exchange ..........................................65
Chapter 4 Using F-Secure Anti-Virus for Microsoft Exchange 66
4.1 Overview ....................................................................................................................67
4.2 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................67
4.3 Using F-Secure Anti-Virus for Microsoft Exchange Web Console .............................68
4.3.1 Logging in for the First Time...........................................................................68
4.4 Home Page ................................................................................................................714.5 Checking the Product Status......................................................................................71
4.6 Configuring the F-Secure Anti-Virus for Microsoft Exchange Web Console..............74
4.7 Using F-Secure Policy Manager Console ..................................................................75
4.8 Modifying Settings and Viewing Statistics..................................................................76
4.8.1 Centrally Administered Mode .........................................................................764.8.2 Stand-alone Mode ..........................................................................................78
4.9 Manually Processing Mailboxes and Public Folders ..................................................78
4.9.1 Centrally Administered Mode .........................................................................794.9.2 Stand-alone Mode ..........................................................................................884.9.3 Creating Scanning Operations .......................................................................89
4.10 Configuring Alert Forwarding ...................................................................................121
4.10.1 Centrally Administered Mode .......................................................................1214.10.2 Stand-Alone Mode........................................................................................123
4.11 Alert Forwarding.......................................................................................................124
4.12 Viewing Alerts ..........................................................................................................125
-
8/13/2019 f Secure Anti Virus Msexchange
5/401
5
Chapter 5 Centrally Managed Administration 127
5.1 Overview ..................................................................................................................128
5.2 F-Secure Anti-Virus for Microsoft Exchange Settings ..............................................1285.2.1 Real-Time Processing ..................................................................................1305.2.2 Manual Processing.......................................................................................1615.2.3 Scheduled Processing..................................................................................1765.2.4 Content Scanner Servers .............................................................................1775.2.5 Quarantine....................................................................................................1805.2.6 Reporting......................................................................................................1845.2.7 Advanced......................................................................................................184
5.3 F-Secure Anti-Virus for Microsoft Exchange Statistics.............................................186
5.3.1 Common.......................................................................................................1875.3.2 Real-Time Processing ..................................................................................1885.3.3 Manual Processing.......................................................................................1915.3.4 Quarantine....................................................................................................194
5.4 F-Secure Content Scanner Server Settings.............................................................195
5.4.1 Interface........................................................................................................1975.4.2 Virus Scanning .............................................................................................1985.4.3 Virus Statistics..............................................................................................201
5.4.4 Database Updates........................................................................................2035.4.5 Spam Filtering ..............................................................................................2045.4.6 Threat Detection Engine...............................................................................2065.4.7 Proxy Configuration......................................................................................2075.4.8 Advanced......................................................................................................208
5.5 F-Secure Content Scanner Server Statistics ...........................................................210
5.5.1 Server...........................................................................................................2105.5.2 Scan Engines ...............................................................................................211
5.5.3 Common.......................................................................................................2125.5.4 Spam Control................................................................................................2125.5.5 Virus Statistics..............................................................................................213
5.6 F-Secure Automatic Update Agent Settings ............................................................214
5.7 F-Secure Management Agent Settings....................................................................216
Chapter 6 Administration with Web Console 219
6.1 Overview ..................................................................................................................220
-
8/13/2019 f Secure Anti Virus Msexchange
6/401
6
6.2 F-Secure Anti-Virus for Microsoft Exchange Settings ..............................................221
6.2.1 Summary ......................................................................................................2216.2.2 Virus Scanning .............................................................................................2236.2.3 Stripping Attachments ..................................................................................2396.2.4 Content Filtering ...........................................................................................2496.2.5 Manual Scanning..........................................................................................2566.2.6 Quarantine....................................................................................................2606.2.7 Advanced......................................................................................................2706.2.8 Internal Domains ..........................................................................................276
6.3 F-Secure Content Scanner Server Settings.............................................................278
6.3.1 Summary ......................................................................................................278
6.3.2 Database Updates........................................................................................2856.3.3 Scan Engines ...............................................................................................2876.3.4 Proxy Configuration......................................................................................2926.3.5 Archive Scanning..........................................................................................2956.3.6 Advanced......................................................................................................2986.3.7 Interface........................................................................................................300
6.4 F-Secure Automatic Update Agent Settings ............................................................301
6.4.1 Summary ......................................................................................................3026.4.2 Automatic Updates .......................................................................................304
6.4.3 HTTP Settings ..............................................................................................3066.4.4 PM Proxies ...................................................................................................307
6.5 F-Secure Management Agent Settings....................................................................308
Chapter 7 Quarantine Management 311
7.1 Introduction ..............................................................................................................312
7.2 Configuring Quarantine Options...............................................................................314
7.3 Searching the Quarantined Content.........................................................................314
7.4 Query Results Page.................................................................................................318
7.5 Viewing Details of a Quarantined Message .............................................................321
7.6 Reprocessing the Quarantined Content...................................................................323
7.7 Releasing the Quarantined Content.........................................................................324
7.8 Removing the Quarantined Content.........................................................................326
7.9 Deleting Old Quarantined Content Automatically.....................................................326
7.10 Quarantine Logging..................................................................................................327
-
8/13/2019 f Secure Anti Virus Msexchange
7/401
7
7.11 Quarantine Statistics................................................................................................328
7.12 Moving the Quarantine Storage ...............................................................................329
Chapter 8 Administering F-Secure Spam Control 3318.1 Overview ..................................................................................................................332
8.2 Spam Control Settings in Centrally Managed Environments ...................................333
8.3 Spam Control Settings in Web Console...................................................................336
8.4 Realtime Blackhole List Configuration .....................................................................341
8.4.1 Enabling Realtime Blackhole Lists ...............................................................3418.4.2 Optimizing F-Secure Spam Control Performance ........................................343
Chapter 9 Updating Virus and Spam Definition Databases 345
9.1 Overview ..................................................................................................................346
9.2 Automatic Updates with F-Secure Automatic Update Agent....................................346
9.3 Configuring Automatic Updates ...............................................................................347
9.4 Manual Updates .......................................................................................................347
9.4.1 Using FSUPDATE........................................................................................3479.4.2 Updating the Virus Definition Database Remotely Using LATEST.ZIP........348
Appendix A Deploying the Product on a Clus ter 349
A.1 System and Network Recommendations................................................................ 350
A.2 Installation Overview................................................................................................352
A.3 Creating Quarantine Storage ...................................................................................353
A.3.1 Quarantine Storage in Active-Passive Cluster .............................................353A.3.2 Quarantine Storage in Active-Active Cluster ................................................358
A.4 Installing the Product................................................................................................361
A.4.1 Installing on Active-Passive Cluster .............................................................361A.4.2 Installing on Active-Active Cluster ................................................................363
A.5 Administering the Cluster Installation with F-Secure Policy Manager......................365
A.6 Using the Quarantine in the Cluster Installation.......................................................368
A.7 Troubleshooting .......................................................................................................368
Appendix B Variables in Warning Messages 369
List of Variables................................................................................................................ 370
-
8/13/2019 f Secure Anti Virus Msexchange
8/401
8
Outbreak Management Alert Variables ............................................................................ 372
Appendix C Services and Processes 373
Chapter D Troubleshooting 379
D.1 Overview ..................................................................................................................380
D.2 Starting and Stopping...............................................................................................380
D.3 Viewing the Log File.................................................................................................380
D.4 Common Problems and Solutions............................................................................381
D.4.1 Installing Service Packs................................................................................384D.4.2 Securing the Quarantine...............................................................................384D.4.3 Administration Issues ...................................................................................385
D.5 Frequently Asked Questions ....................................................................................386
D.6 F-Secure Automatic Update Agent Troubleshooting................................................391
Technical Support 397
F-Secure Online Support Resources ............................................................................... 398
Web Club .........................................................................................................................400
Virus Descriptions on the Web .........................................................................................400
-
8/13/2019 f Secure Anti Virus Msexchange
9/401
9
ABOUTTHISGUIDE
How This Guide Is Organized.................................................... 10
Conventions Used in F-Secure Guides..................................... 13
http://../00_atg/av4ex_conventions.pdfhttp://../00_atg/av4ex_conventions.pdf -
8/13/2019 f Secure Anti Virus Msexchange
10/401
About This Guide 10
How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide isdivided into the following chapters:
Chapter 1. Introduction. General information about F-Secure Anti-Virusfor Microsoft Exchange and other F-Secure Anti-Virus Mail Server andGateway products.
Chapter 2. Deployment. Instructions and examples how to set up yournetwork environment before you can install F-Secure Anti-Virus forMicrosoft Exchange.
Chapter 3. Installation. Instructions how to install and set up F-SecureAnti-Virus for Microsoft Exchange.
Chapter 4. Using F-Secure Anti-Virus for Microsoft Exchange.Instructions how to use and administer F-Secure Anti-Virus for MicrosoftExchange.
Chapter 9. Updating Virus and Spam Definition Databases. Instructionshow to update your virus definition database.
Chapter 5. Centrally Managed Administration. Instructions how toremotely administer F-Secure Anti-Virus for Microsoft Exchange andF-Secure Content Scanner Server when they have been installed incentralized administration mode.
Chapter 6. Administration with Web Console. Instructions how toadminister F-Secure Anti-Virus for Microsoft Exchange with the WebConsole.
Chapter 8. Administering F-Secure Spam Control. General information
about and instructions on how to configure F-Secure Spam Control.
Appendix A . Deploying the Product on a Cluster. Describes how theproduct can be deployed and used on the cluster environment.
Appendix B . Variables in Warning Messages. Lists variables that canbe included in virus warning messages.
Appendix C. Services and Processes. Describes services, devices andprocesses of F-Secure Anti-Virus for Microsoft Exchange.
-
8/13/2019 f Secure Anti Virus Msexchange
11/401
About This Guide 11
Chapter D. Troubleshooting. Solutions to some common problems.
Technical Support. Contains the contact information for assistance.
About F-Secure Corporation. Describes the company background andproducts.
See the F-Secure Policy Manager Administrator's Guide for detailedinformation about installing and using the F-Secure Policy Managercomponents:
F-Secure Policy Manager Console, the tool for remoteadministration of F-Secure Anti-Virus for Microsoft Exchange.
F-Secure Policy Manager Server, which enables communicationbetween F-Secure Policy Manager Console and the managedsystems.
-
8/13/2019 f Secure Anti Virus Msexchange
12/401
12
Conventions Used in F-Secure Guides
This section describes the symbols, fonts, and terminology used in thismanual.
Symbols
An arrow indicates a one-step procedure.
Fonts
Ar ial bo ld (blue)is used to refer to menu names and commands, tobuttons and other items in a dialog box.
Arial Italics (blue)is used to refer to other chapters in the manual, booktitles, and titles of other manuals.
Arial Italics (black)is used for file and folder names, for figure and tablecaptions, and for directory tree names.
Cour i er Newis used for messages on your computer screen.
WARNING: The warning symbol indicates a situation with a
risk of irreversible destruction to data.
IMPORTANT: An exclamation mark provides important informationthat you need to consider.
REFERENCE - A book refers you to related information on thetopic available in another document.
l
NOTE - A note provides additional information that you shouldconsider.
TIP - A tip provides information that can help you perform a taskmore quickly or easily.
-
8/13/2019 f Secure Anti Virus Msexchange
13/401
13
Courier New boldis used for information that you must type.
SMALLCAPS(BLACK)is used for a key or key combination on your
keyboard.Arial underlined (blue)is used for user interface links.
Arial italicsis used for window and dialog box names.
PDF Document
This manual is provided in PDF (Portable Document Format). The PDFdocument can be used for online viewing and printing using Adobe
Acrobat Reader. When printing the manual, please print the entiremanual, including the copyright and disclaimer statements.
For More Information
Visit F-Secure at http://www.f-secure.com for documentation, trainingcourses, downloads, and service and support contacts.
In our constant attempts to improve our documentation, we would
welcome your feedback. If you have any questions, comments, orsuggestions about this or any other F-Secure document, please contactus at [email protected].
http://www.f-secure.com/mailto:[email protected]:[email protected]://www.f-secure.com/ -
8/13/2019 f Secure Anti Virus Msexchange
14/401
14
1 INTRODUCTIONOverview..................................................................................... 15
How F-Secure Anti-Virus for Microsoft Exchange Works........... 16
Key Features.............................................................................. 19
F-Secure Anti-Virus Mail Server and Gateway Products............ 21
-
8/13/2019 f Secure Anti Virus Msexchange
15/401
CHAPTER 1 15Introduction
1.1 Overview
Malicious code, such as computer viruses, is one of the main threats forcompanies today. In the past, malicious code spread mainly via disks andthe most common viruses were the ones that infected disk boot sectors.When users began to use office applications with macro capabilities -such as Microsoft Office - to write documents and distribute them via mailand groupware servers, macro viruses started spreading rapidly.
After the millennium, the most common spreading mechanism has beenthe e-mail. Today about 90% of viruses arrive via e-mail. E-mails providea very fast and efficient way for viruses to spread themselves without any
user intervention and that is why e-mail worm outbreaks, like Sober,Netsky and Bagle, have caused a lot of damage around the world.
F-Secure Anti-Virus Mail Server and Gateway products are designed toprotect your company's mail and groupware servers and to shield thecompany network from any malicious code that travels in HTTP or SMTPtraffic. In addition, they protect your company network against spam. Theprotection can be implemented on the gateway level to screen allincoming and outgoing e-mail (SMTP), web surfing (HTTP andFTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can beimplemented on the mail server level so that it does not only protectinbound and outbound traffic but also internal mail traffic and publicsources, such as Public Folders on Microsoft Exchange servers.
Providing the protection already on the gateway level has plenty ofadvantages. The protection is easy and fast to set up and install,compared to rolling out antivirus protection on hundreds or thousands ofworkstations. The protection is also invisible to the end users whichensures that the system cannot be by-passed and makes it easy to
maintain. Of course, protecting the gateway level alone is not enough toprovide a complete antivirus solution; file server and workstation levelprotection is needed, also.
Why clean 1000 workstations when you can clean one attachment at thegateway level?
-
8/13/2019 f Secure Anti Virus Msexchange
16/401
CHAPTER 1 16Introduction
1.2 How F-Secure Anti-Virus for Microsoft ExchangeWorks
F-Secure Anti-Virus for Microsoft Exchange is designed to detect anddisinfect viruses and other malicious code from e-mail transmissionsthrough Microsoft Exchange 2000/2003 Server. Scanning is done in realtime as the mail passes through Microsoft Exchange Server. On-demandscanning of user mailboxes and Public Folders is also available.
ScanningAttachments andMessage Bodies
F-Secure Anti-Virus for Microsoft Exchange scans attachments andmessage bodies for malicious code. It can also be instructed to remove
particular attachments according to the file name or the file extension. Inaddition, it can filter out messages containing keywords that have beendefined as disallowed.
If the intercepted mail contains malicious code, F-Secure Anti-Virus forMicrosoft Exchange can be configured to disinfect or drop the content.
Any malicious code found during the scan process can be placed in theQuarantine, where it can be further examined. Stripped attachments canalso be placed in the Quarantine for further examination.
Flexible and ScalableAnti-Virus Protection
F-Secure Anti-Virus for Microsoft Exchange is installed on MicrosoftExchange 2000/2003 Server and it intercepts mail traveling throughmailboxes and Public folders. Intercepted attachments and documentsare sent to F-Secure Content Scanner Server, which returns disinfectedfiles back to F-Secure Anti-Virus for Microsoft Exchange.
The two-component product architecture ensures that the anti-virusprotection does not increase the load on the protected system and thatthe infected data is never stored on the production network. It alsoenables you to implement a server pool, so you can share the traffic loadbetween multiple F-Secure Content Scanner Servers and have backupservers if the traffic to primary servers stops for some reason.
-
8/13/2019 f Secure Anti Virus Msexchange
17/401
CHAPTER 1 17Introduction
Alerting F-Secure Anti-Virus for Microsoft Exchange has extensive alertingfunctions, which means that the system administrator can specify arecipient inside the company network to be notified about the infection
found in the data content. Of course, the network administrator can benotified about the infection also.
Powerful and AlwaysUp-to-date
F-Secure Anti-Virus for Microsoft Exchange uses the award-winningF-Secure Anti-Virus scanner to ensure the highest possible detection rateand disinfection capability. The daily F-Secure Anti-Virus signaturedatabase updates provide F-Secure Anti-Virus for Microsoft Exchange analways up-to-date protection capability.
F-Secure Anti-Virus scanner consistently ranks at the top when comparedto competing products. Our team of dedicated virus researchers is on call24-hours a day responding to new and emerging threats. In fact,F-Secure is one of the only companies to release tested virus definitionupdates on a daily basis, to make sure our customers are receiving thehighest quality service and protection.
Virus and SpamOutbreak Detection
Massive spam and virus outbreaks consist of millions of messages whichshare at least one identifiable pattern that can be used to distinguish the
outbreak. Any message that contains one or more of these patterns canbe assumed to be a part of the same spam or virus outbreak.
F-Secure Anti-Virus for Microsoft Exchange can identify these patternsfrom the message envelope, headers and body, in any language,message format and encoding type. It can detect spam messages andnew viruses during the first minutes of the outbreak.
Stand-alone andCentralized
Administration Modes
F-Secure Anti-Virus for Microsoft Exchange can be installed either instand-alone or centrally administered mode. Depending on how it has
been installed, F-Secure Anti-Virus for Microsoft Exchange is managedeither with the Web Console or F-Secure Policy Manager.
Scalability andReliability
F-Secure Policy Manager provides a scalable way to manage the securityof multiple applications on multiple operating systems, from one centrallocation.F-Secure Policy Manager is comprised of two components,F-Secure Policy Manager Console and F-Secure Policy Manager Server,
-
8/13/2019 f Secure Anti Virus Msexchange
18/401
CHAPTER 1 18Introduction
which are used to administer applications. They are seamlesslyintegrated with the F-Secure Management Agents that handle allmanagement functions on local hosts.
Easy to Administer If F-Secure Anti-Virus for Microsoft Exchange is installed in stand-alonemode it can be managed with the web-based user interface. With WebConsole, you can configure F-Secure Anti-Virus for Microsoft Exchangesettings, set up scheduled scans or run manual processes any time youwant.
If F-Secure Anti-Virus for Microsoft Exchange has been installed incentrally administered configuration, it is managed with F-Secure Policy
Manager. With its graphical user interface, F-Secure Policy ManagerConsole provides a centralized view of the domains and hosts in yournetwork and lets you configure the security policies for all F-Securecomponents. F-Secure Policy Manager receives status information fromF-Secure Anti-Virus for Microsoft Exchange.
F-Secure Policy Manager Server is the server side component thathandles communication between F-Secure Anti-Virus for MicrosoftExchange and F-Secure Policy Manager Console. It exchanges securitypolicies, software updates, status information, statistics, alerts, and other
information between F-Secure Policy Manager Console and all managedsystems.
Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for MicrosoftExchange, which (2) filters malicious content from mails and attachments, and (3)delivers cleaned files forward.
-
8/13/2019 f Secure Anti Virus Msexchange
19/401
CHAPTER 1 19Introduction
1.3 Key Features
F-Secure Anti-Virus for Microsoft Exchange provides the following
features and capabilities.
Superior Protection Superior detection rate with multiple scanning engines.
Automatic malicious code detection and disinfection.
Heuristic scanning detects also unknown Windows and macroviruses.
Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,RAR, TAR, TGZ, Z and ZIP archive files.
Automatic daily virus definition database updates.
Suspicious and unsafe attachments can be stripped away frome-mails.
Password protected archives can be treated as unsafe.
Intelligent file type recognition.
Message filtering based on keywords in message subjects andtext.
Utilizes the low-level Anti-Virus API (AV API 2.0) for MicrosoftExchange 2000 Server, and AV AP 2.5 for Microsoft Exchange2003 Server.
Virus OutbreakDetection
The virus outbreak detection is an additional active layer ofprotection that automatically detects virus outbreaks andquarantines suspicious messages.
Virus outbreaks are transparently detected and infectedmessages are quarantined before the outbreak becomes
widespread. The product can notify the administrator about virus outbreaks.
Quarantined unsafe messages can be reprocessedautomatically.
-
8/13/2019 f Secure Anti Virus Msexchange
20/401
CHAPTER 1 20Introduction
Transparency andScalability
Viruses are intercepted before they can enter the network andspread out on workstations and servers.
Real-time scanning of internal, inbound and outbound mail
messages and Public Folder notes.
Automatic protection of new mailboxes and Public Folders.
Total transparency to end-users. Users cannot bypass thesystem, which means that messages and documents cannot beexchanged without scanning.
Support for Windows 2000 Advanced Server or Windows Server2003 clusters. Both Active-Passive and Active-Active clusters aresupported.
Management Controlling and monitoring the behavior of the products remotely.
Starting predefined operations remotely.
Monitoring statistics provided by the products remotely withF-Secure Policy Manager or F-Secure Anti-Virus for MicrosoftExchange Web Console.
Possibility to configure and manage stand-alone installations withthe convenient F-Secure Anti-Virus for Microsoft Exchange Web
Console. Contains new quarantine management features: you can manage
and search quarantined content with the F-Secure Anti-Virus forMicrosoft Exchange Web Console.
Protection againstSpam
Possible spam messages are transparently detected before theybecome widespread.
Efficient spam detection based on different analyses on the
e-mail content. Multiple filtering mechanisms guarantee the high accuracy of
spam detection.
Spam detection works in every language and message format.
CHAPTER1 21
-
8/13/2019 f Secure Anti Virus Msexchange
21/401
CHAPTER 1 21Introduction
1.4 F-Secure Anti-Virus Mail Server and GatewayProducts
The F-Secure Anti-Virus product line consists of workstation, file server,mail server, gateway and mobile products.
F-Secure Internet Gatekeeperis a high performance, totallyautomated web (HTTP and FTP-over-HTTP) and e-mail (SMTP)virus scanning solution for the gateway level. F-Secure InternetGatekeeper works independently of firewall and e-mail serversolutions, and does not affect their performance.
F-Secure Anti-Virus for Microsoft Exchangeprotects yourMicrosoft Exchange users from malicious code contained withinfiles they receive in mail messages and documents they openfrom shared databases. Malicious code is also stopped inoutbound messages and in notes being posted on Public Folders.The product operates transparently and scans files in theExchange Server Information Store in real-time. Manual andscheduled scanning of user mailboxes and Public Folders is alsosupported.
F-Secure Anti-Virus for MIMEsweeperprovides a powerfulanti-virus scanning solution that tightly integrates with ClearswiftMIMEsweeper for SMTP and MIMEsweeper for Web products.F-Secure provides top-class anti-virus software with fast andsimple integration to Clearswift MAILsweeper and WEBsweeper,giving the corporation the powerful combination of completecontent security.
F-Secure Internet Gatekeeper fo r Linuxprovides ahigh-performance solution at the Internet gateway level, stoppingviruses and other malicious code before the spread to end usersdesktops or corporate servers. The product scans SMTP, HTTP,FTP and POP3 traffic for viruses, worms and trojans, and blocksand filters out specified file types. ActiveX and Java code canalso be scanned or blocked. The product receives updates
CHAPTER1 22
-
8/13/2019 f Secure Anti Virus Msexchange
22/401
CHAPTER 1 22Introduction
automatically from F-Secure, keeping the virus protection alwaysup to date. A powerful and easy-to-use management consolesimplifies the installation and configuration of the product.
F-Secure Messaging Security Gateway delivers theindustrys most complete and effective security for e-mail. Itcombines a robust enterprise-class messaging platform withperimeter security, antispam, antivirus, secure messaging andoutbound content security capabilities in an easy-to-deploy,hardened appliance.
-
8/13/2019 f Secure Anti Virus Msexchange
23/401
23
2 DEPLOYMENTInstallation Modes....................................................................... 24
Network Requirements............................................................... 24
Deployment Scenarios............................................................... 25
CHAPTER2 24
-
8/13/2019 f Secure Anti Virus Msexchange
24/401
CHAPTER 2 24Deployment
2.1 Installation Modes
F-Secure Anti-Virus for Microsoft Exchange can be installed either in
stand-alone or centrally administered mode. In stand-alone installation,F-Secure Anti-Virus for Microsoft Exchange is managed with WebConsole. In centrally administered mode, it is managed centrally withF-Secure Policy Manager components: F-Secure Policy Manager Serverand F-Secure Policy Manager Console.
To administer F-Secure Anti-Virus for Microsoft Exchange in the centrallyadministered mode, you have to install the following components:
F-Secure Policy Manager Server (on a dedicated machine)
F-Secure Policy Manager Console (on the administrator'smachine)
2.2 Network Requirements
This network configuration is valid for all scenarios described in thischapter. Make sure that the following network traffic can travel:
Service Process Inbound ports Outbound ports
F-Secure Content Scanner
Server
%ProgramFiles%\F-Secure\Content Scanner Server\fsavsd.exe
18971 (TCP) +
1024-65536 (TCP), only
with F-Secure Anti-Virusfor Internet Mail on a
separate host
DNS (53, UDP/TCP),
HTTP (80) or other known
port used for HTTP proxy
F-Secure Anti-Virus for
Microsoft Exchange WebConsole
%ProgramFiles%\F-Secure\
Web User Interface\bin\fswebuid.exe
25023 DNS (53, UDP and TCP),
1433 (TCP), only with thededicated SQL server
F-Secure AutomaticUpdate Agent
F-Secure Automatic Update.exe 371 (UDP), only ifBackWeb Polite Protocol
is used
DNS (53, UDP and TCP),HTTP (80)
CHAPTER 2 25
-
8/13/2019 f Secure Anti Virus Msexchange
25/401
Deployment
2.3 Deployment ScenariosDepending on the number of protected systems and the amount of datatraffic, you might consider various scenarios of deploying F-Secure
Anti-Virus for Microsoft Exchange. There are various ways to deployF-Secure Anti-Virus for Microsoft Exchange that are suitable to differentenvironments.
If the mail traffic is not very heavy, see Minimum Installation, 25.
If the mail traffic is rather heavy, see Medium to LargeInstallation, 27.
For very large, performance-critical installations, seePerformance-Critical Installation, 28.
For Microsoft Exchange Cluster Environments, see MicrosoftExchange Cluster Environment, 30.
2.3.1 Minimum InstallationIf the mail traffic is not very heavy, you can install F-Secure ContentScanner Server on the same machine that runs Microsoft ExchangeServer. In this case, both F-Secure Content Scanner Server andF-Secure Anti-Virus for Microsoft Exchange will reside on the MicrosoftExchange Server.
FSNRB %ProgramFiles%\F-Secure\
Common\fnrb32.exe
- DNS (53, UDP/TCP),
HTTP (80)
FSMA (AMEH) %ProgramFiles%\F-Secure\Common\fameh32.exe
- DNS (53, UDP/TCP),
SMTP (25)
F-Secure QuarantineManager
%ProgramFiles%\F-Secure\Quarantine Manager\fqm.exe
- DNS (53, UDP/TCP),1433 (TCP), only with the
dedicated SQL server
Service Process Inbound ports Outbound ports
CHAPTER 2 26
-
8/13/2019 f Secure Anti Virus Msexchange
26/401
Deployment
You can administer F-Secure Anti-Virus for Microsoft Exchange andF-Secure Content Scanner Server by using the F-Secure Anti-Virus forMicrosoft Exchange Web Console.
Figure 2-1 F-Secure Anti-Virus for Microsoft Exchange minimum installation
Alternatively, you can choose to install F-Secure Policy Manager toenable centralized administration of F-Secure Content Scanner Serverand F-Secure Anti-Virus for Microsoft Exchange.
CHAPTER 2 27
-
8/13/2019 f Secure Anti Virus Msexchange
27/401
Deployment
2.3.2 Medium to Large Installation
If the mail traffic is rather heavy, F-Secure Content Scanner Server should
be installed on a dedicated machine. This minimizes the extra load on theMicrosoft Exchange Server.
You should install F-Secure Anti-Virus for Microsoft Exchange incentralized administration mode on each Microsoft Exchange Server.
Figure 2-2 F-Secure Anti-Virus for Microsoft Exchange, medium to largeinstallation
CHAPTER 2 28D l t
-
8/13/2019 f Secure Anti Virus Msexchange
28/401
Deployment
2.3.3 Performance-Critical Installation
In very large, performance-critical installations you should use multiple
F-Secure Content Scanner Server installations. Each F-Secure ContentScanner Server should be installed on a dedicated machine. F-Secure
Anti-Virus for Microsoft Exchange can share the virus scanning loadbetween multiple F-Secure Content Scanner Servers.
Figure 2-3 F-Secure Anti-Virus for Microsoft Exchange with multiple F-SecureContent Scanner Servers
CHAPTER 2 29Deployment
-
8/13/2019 f Secure Anti Virus Msexchange
29/401
Deployment
F-Secure Anti-Virus for Microsoft Exchange should be installed incentralized administration mode on each Microsoft Exchange Server.
Figure 2-4 F-Secure Anti-Virus for Microsoft Exchange installed on eachMicrosoft Exchange Server
CHAPTER 2 30Deployment
-
8/13/2019 f Secure Anti Virus Msexchange
30/401
Deployment
2.3.4 Microsoft Exchange Cluster Environment
F-Secure Anti-Virus for Microsoft Exchange can be installed on a
Windows 2000 Advanced Server or Windows Server 2003 EnterpriseEdition cluster. The product supports standard two-node Active-Passiveand Active-Active clusters.
F-Secure Anti-Virus for Microsoft Exchange needs to be installedseparately on both cluster nodes. When installing in Microsoft Exchange
cluster environment, the product must be installed in centrally managedmode, so that you can configure and manage the product with F-SecurePolicy Manager. Changing the product settings with F-Secure Anti-Virusfor Microsoft Exchange Web Console is not supported in clusterenvironments, but it can be used for some quarantine managementfunctions.
The settings on both cluster nodes must be identical. To ensure this,place the servers as their own domain in the F-Secure Policy ManagerConsole and configure all the settings on the domain level, not on thehost level.
It is recommended to install a local F-Secure Content Scanner Server onboth cluster nodes. However, if a remote F-Secure Content ScannerServer is used, the dedicated IP address of each cluster node must bevisible to the remote F-Secure Content Scanner Server.
When installing the product, the setup program detects MicrosoftExchange Cluster automatically. The setup program also creates a cluster
resource for the product automatically. The cluster resource makes itpossible to use the product in the cluster, by giving the control of theresource to the cluster service. This and other resources togetherguarantee that the product works properly in the cluster in every situation.
You can check the state of the resource in Microsoft Cluster Administratorconsole, under the same branch where the Exchange resources reside.
For detailed instructions, see Deploying the Product on a Cluster, 349.
Microsoft Exchange needs to be properly configured and running inthe cluster before installing F-Secure Anti-Virus for MicrosoftExchange.
CHAPTER 2 31Deployment
-
8/13/2019 f Secure Anti Virus Msexchange
31/401
Deployment
A Note about Installing on Active-Passive Cluster
The product can be installed either on an active or a passive cluster node.When installing on a passive node (which does not have active Microsoft
Exchange services), the setup program may display a notification aboutmissing Microsoft Exchange components, but the installation can becontinued.
-
8/13/2019 f Secure Anti Virus Msexchange
32/401
32
3 INSTALLATIONSystem Requirements................................................................ 33
Improving Reliability and Performance....................................... 38
Installation Overview.................................................................. 39
Installing F-Secure Anti-Virus for Microsoft Exchange............... 41
After the Installation.................................................................... 60
Upgrading the Previous Version................................................. 61
Upgrading the Evaluation Version.............................................. 64Uninstalling F-Secure Anti-Virus for Microsoft Exchange........... 65
CHAPTER 3 33Installation
-
8/13/2019 f Secure Anti Virus Msexchange
33/401
3.1 System Requirements
F-Secure Anti-Virus for Microsoft Exchange is installed on the computer
running Microsoft Exchange Server and requires the following hardwareand software.
3.1.1 Minimum System Requirements
F-Secure Anti-Virus for Microsoft Exchange has to be installed to thesame machine that runs Microsoft Exchange Server. You need to log inwith administrator-level privileges to install F-Secure Anti-Virus for
Microsoft Exchange.In order to install the product successfully on a non-english versionof the operating system, your default system locale should be thesame as the language of the operating system. You can set thelocale in Control Panel > Regional Options > General > Your locale(location).
CHAPTER 3 34Installation
-
8/13/2019 f Secure Anti Virus Msexchange
34/401
Operating system: Windows 2000 Server Family:
Microsoft Windows 2000 Server withService Pack 3 or later
Microsoft Windows 2000 AdvancedServer with Service Pack 3 or later
Windows 2003 Server Family:
Microsoft Windows Server 2003,Standard Edition with latest service pack
Microsoft Windows Server 2003,Enterprise Edition with latest servicepack
Microsoft ExchangeServer:
Microsoft Exchange 2000 Server Family:
Microsoft Exchange 2000 Server withService Pack 3 or later
Microsoft Exchange 2003 Server Family:
Microsoft Exchange 2003 Server withlatest service pack
Microsoft Exchange 2003 Enterprise
Server with latest service pack
Processor: Intel Pentium 800 MHz or equivalent.
Memory: 512 MB
Disk space to install: 70 MB.
Disk space forprocessing:
500 MB or more. The required disk spacedepends on the number of mailboxes, amount of
data traffic and the size of the Information Store.
CHAPTER 3 35Installation
-
8/13/2019 f Secure Anti Virus Msexchange
35/401
3.1.2 Which SQL Server to Use for the Quarantine Database?
As a minimum requirement, the Quarantine database should have thecapacity to store information about all inbound and outbound mail to andfrom your organization that would normally be sent during 2-3 days.
Take into account the following SQL server specific considerations whendeciding which SQL server to use:
SQL server (forquarantinedatabase):
Microsoft SQL Server 2000 (Enterprise,Standard or Workgroup edition) withService Pack 4
Microsoft SQL Server 2005 Microsoft SQL Server 2000 Desktop
Engine (MSDE) with Service Pack 4
For more information, see Which SQL Server toUse for the Quarantine Database?, 35.
When centralized quarantine management isused, the SQL server must be reachable fromthe network and file sharing must be enabled.
F-Secure PolicyManager version:
F-Secure Policy Manager 6.0 or newer.
F-Secure Policy Manager is required only incentrally managed environments.
For Microsoft Windows Server 2003 Service Pack 1 related supportinformation, seehttp://support.f-secure.com/enu/corporate/w2003sp1/
The release notes document contains the latest information aboutthe product and might have changes to system requirements andthe installation procedure. It is highly recommended to read therelease notes before you proceed with the installation.
CHAPTER 3 36Installation
http://support.f-secure.com/enu/corporate/w2003sp1/http://support.f-secure.com/enu/corporate/w2003sp1/ -
8/13/2019 f Secure Anti Virus Msexchange
36/401
Microsoft SQL ServerDesktop Engine and
SQL Server 2005
Express Edition
When using Microsoft SQL Server Desktop Engine (MSDE), theQuarantine database size is limited to 2 GB.
MSDE includes a concurrent workload governor that limits the
scalability of MSDE. For more information, seehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=true.
It is notrecommended to use MSDE or SQL Server 2005Express Edition if you are planning to use centralized quarantinemanagement with multiple F-Secure Anti-Virus for MicrosoftExchange installations.
Microsoft SQLServer 2000/2005
If your organization sends a large amount of e-mails, it isrecommended to use Microsoft SQL Server 2000/2005.
It is recommended to use Microsoft SQL Server 2000/2005 if youare planning to use centralized quarantine management withmultiple F-Secure Anti-Virus for Microsoft Exchange installations.
For more information, see Performance-Critical Installation, 28. Note that the product does not support Windows Authentication
when connecting to Microsoft SQL Server 2000/2005. TheMicrosoft SQL Server 2000/2005 that the product will use for theQuarantine database should be configured to use Mixed Modeauthentication.
MSDE is delivered together with F-Secure Anti-Virus for
Microsoft Exchange, and you can install it during the F-SecureInternet Anti-Virus for Microsoft Exchange Setup. For moreinformation, see Installation Overview, 39.
If you plan to use Microsoft SQL Server 2005, you mustpurchase it and obtain your own license before you start to
deploy F-Secure Anti-Virus for Microsoft Exchange. Topurchase Microsoft SQL Server 2005, contact your Microsoftreseller.
CHAPTER 3 37Installation
http://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=truehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=truehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=truehttp://msdn.microsoft.com/library/?url=/library/en-us/architec/8_ar_sa2_0ciq.asp?frame=true -
8/13/2019 f Secure Anti Virus Msexchange
37/401
3.1.3 Web Browser Software Requirements
In order to administer the product with F-Secure Anti-Virus for Microsoft
Exchange Web Console, one of the following web browsers is required: Microsoft Internet Explorer 6.0 or later
Netscape Communicator 8.1 or later
Mozilla Firefox 1.5 or later
Opera 9.00 or later
Konqueror 3.5 or later
Any other web browser supporting HTTP 1.0, SSL, Java scripts and
cookies may be used as well. Microsoft Internet Explorer 5.5 or earliercannot be used to administer the product.
CHAPTER 3 38Installation
-
8/13/2019 f Secure Anti Virus Msexchange
38/401
3.2 Improving Reliability and Performance
You can improve the system reliability and overall performance by
upgrading the following components.
Processor If the system load is high, a fast processor on the Microsoft ExchangeServer speeds up the e-mail message processing. As MicrosoftExchange Server handles a large amount of data, a fast processor aloneis not enough to guarantee a fast operation of F-Secure Anti-Virus forMicrosoft Exchange.
Memory Memory consumption is directly proportional to the size of processed
mails - scanning a single mail may use memory in amounts up to threetimes the size of the mail concerned. If the average size of mail messagesis big, or Microsoft Exchange Server has to process large messagesregularly, increasing the amount of physical memory increases the overallperformance.
If large messages are processed only now and then, it might be enoughto increase the size of the virtual memory. In this case, large messageswill slow the system down.
Hard Drive Hard drive size is an important reliability factor. Hard drive performance iscrucial for Microsoft Exchange Server to perform well. For bestperformance, a RAID system is recommended; for servers with onlymoderate load, SCSI hard disks are adequate. If your server has an IDEhard disk, DMA access support is recommended.
Operating System It is highly recommended to have the latest service packs for theoperating system being used. These fixes make the platform more stable
and thus increase the reliability of the system.
CHAPTER 3 39Installation
-
8/13/2019 f Secure Anti Virus Msexchange
39/401
3.3 Centrally Administered or Stand-aloneInstallation?
F-Secure Anti-Virus for Microsoft Exchange can be managed either withF-Secure Anti-Virus for Microsoft Exchange Web Console or F-SecurePolicy Manager Console. You can select the management method whenyou install the product.
If you already use F-Secure Policy Manager to administer other F-Secureproducts, it is recommended to install F-Secure Anti-Virus for MicrosoftExchange in centralized administration mode.
The quarantined mails are managed using the F-Secure Anti-Virus forMicrosoft Exchange Web Console in both centrally administered andstand-alone installations. In centrally managed environments all otherfeatures are managed with F-Secure Policy Manager.
3.4 Installation Overview
Before you start to install F-Secure Anti-Virus for Microsoft Exchange,uninstall any potentially conflicting products, such as anti-virus, fileencryption, and disk encryption software that employ low-level devicedrivers. Close all Windows applications before starting the installation.
When installing in Microsoft Exchange cluster environment, theproduct must be installed in centrally managed mode, so that youcan configure and manage the product with F-Secure PolicyManager.
CHAPTER 3 40Installation
-
8/13/2019 f Secure Anti Virus Msexchange
40/401
F-Secure Anti-Virus for Microsoft Exchange can be installed to the samecomputer that runs F-Secure Anti-Virus for Servers 5.50. You shoulduninstall any potentially conflicting products, such as other anti-virus, fileencryption, and disk encryption software, which employ low-level devicedrivers, before you install F-Secure Anti-Virus for Microsoft Exchange.
To administer F-Secure Anti-Virus for Microsoft Exchange in centralized
administration mode, you need to install F-Secure Policy ManagerConsole and F-Secure Policy Manager Server. Detailed information onF-Secure Policy Manager Console and F-Secure Policy Manager Serveris provided in the F-Secure Policy Manager Administrator's Guide.
Follow these steps to set up F-Secure Anti-Virus for Microsoft Exchange:
Centralized Administration mode:
1. Run F-Secure Policy Manager setup to set up F-Secure PolicyManager Server. See F-Secure Policy Manager Administrators
Guide for instructions.2. Install F-Secure Anti-Virus for Microsoft Exchange. For more
information, see Installing F-Secure Anti-Virus for MicrosoftExchange, 41.
3. Import the product MIB files to F-Secure Policy Manager, if theycannot be uploaded there during the installation. For moreinformation, see Importing Product MIB files to F-Secure PolicyManager Console, 60.
4. Check that F-Secure Automatic Update Agent can retrieve the latestvirus definition databases. For more information, see Updating Virusand Spam Definition Databases, 345.
If you want to run F-Secure Anti-Virus for Servers 5.50 on the samecomputer where you install F-Secure Anti-Virus for MicrosoftExchange, make sure that F-Secure Anti-Virus for Servers 5.50 isinstalled before you install F-Secure Anti-Virus for MicrosoftExchange.
CHAPTER 3 41Installation
-
8/13/2019 f Secure Anti Virus Msexchange
41/401
Stand-alone mode:
1. Install F-Secure Anti-Virus for Microsoft Exchange. For moreinformation, see Installing F-Secure Anti-Virus for Microsoft
Exchange, 41.2. Check that F-Secure Automatic Update Agent can retrieve the latest
virus definition databases. For more information, see Updating Virusand Spam Definition Databases, 345.
After the installation is complete, check and configure settings forF-Secure Content Scanner Server, F-Secure Anti-Virus for MicrosoftExchange and F-Secure Management Agent.
3.5 Installing F-Secure Anti-Virus for MicrosoftExchange
Follow these instructions to install F-Secure Content Scanner Server andF-Secure Anti-Virus for Microsoft Exchange.
Step 1. 1. Insert the F-Secure CD in your CD-ROM drive.
2. Select F-Secure Anti-Virus for Microsoft Exchange from the InstallSoftwaremenu.
Step 2. Read the information in the Welcome screen.
CHAPTER 3 42Installation
-
8/13/2019 f Secure Anti Virus Msexchange
42/401
Click Nextto continue.
Step 3. Read the licence agreement.
CHAPTER 3 43Installation
-
8/13/2019 f Secure Anti Virus Msexchange
43/401
If you accept the agreement, check the I accept the agreementcheckbox and click Nextto continue.
Step 4. Enter the product keycode.
Click Nextto continue.
CHAPTER 3 44Installation
-
8/13/2019 f Secure Anti Virus Msexchange
44/401
Step 5. Choose the components to install.
If you want to install F-Secure Content Scanner Server and F-SecureAnti-Virus for Microsoft Exchange on the Microsoft Exchange Server
computer, select all components. Click Nextto continue.
When you install F-Secure Spam Control, or F-Secure ContentScanner Server in stand-alone mode, F-Secure Automatic UpdateAgent is automatically installed to provide virus definition databaseupdates. For more information, see Automatic Updates withF-Secure Automatic Update Agent, 346.
CHAPTER 3 45Installation
-
8/13/2019 f Secure Anti Virus Msexchange
45/401
Step 6. Choose the destination folder for the installation.
Click Nextto continue.
CHAPTER 3 46Installation
S
-
8/13/2019 f Secure Anti Virus Msexchange
46/401
Step 7. Choose the administration method.
If you install F-Secure Anti-Virus for Microsoft Exchange in stand-alonemode, you cannot configure settings and receive alerts and statusinformation in F-Secure Policy Manager Console. Click Nextto continue.
If you selected the stand-alone installation, continue to Step 10. , 49.
If you select the stand-alone mode, use the F-Secure Anti-Virus forMicrosoft Exchange Web Console to change product settings andstatistics. For more information, see Administration with WebConsole, 219.
CHAPTER 3 47Installation
St 8
-
8/13/2019 f Secure Anti Virus Msexchange
47/401
Step 8. Enter the path to the public management key file admin.pubthat wascreated during F-Secure Policy Manager Console setup.
You can transfer the public key in various ways (use a shared folder onthe file server, a floppy disk, or send the key as an attachment in ane-mail message). Click Nextto continue.
CHAPTER 3 48Installation
Step 9 E t th IP dd URL f th F S P li M S
-
8/13/2019 f Secure Anti Virus Msexchange
48/401
Step 9. Enter the IP address or URL of the F-Secure Policy Manager Server youinstalled earlier.
Click Nextto continue.
If the product MIB files cannot be uploaded to F-Secure PolicyManager during installation, you can import them manually.
For more information, see Importing Product MIB files to F-SecurePolicy Manager Console, 60.
CHAPTER 3 49Installation
Step 10 E t SMTP dd th t ill b d b F S A ti Vi f
-
8/13/2019 f Secure Anti Virus Msexchange
49/401
Step 10. Enter an SMTP address that will be used by F-Secure Anti-Virus forMicrosoft Exchange to send warning and informational messages toend-users.
The SMTP address should be a valid, existing address that is allowed tosend messages. Click Nextto continue.
CHAPTER 3 50Installation
Step 11 Select the user account that F Secure Outbreak Manager should use
-
8/13/2019 f Secure Anti Virus Msexchange
50/401
Step 11. Select the user account that F-Secure Outbreak Manager should use.
Select either the local system account or enter the name and passwordfor the user account that F-Secure Outbreak Manager should use. Theaccount is used to run the outbreak handler scripts or programs.
If you do need to see the outbreak handler script running on the desktop
selectAllow to interact with desktop. By default, the script or programruns in the background.
For more information, see Outbreak Management, 158. Click Nexttocontinue.
If you want to use the default \SYSTEM account, do not enter anypassword.
Make sure that the account has all the necessary privileges to run
the outbreak handler script.
CHAPTER 3 51Installation
Step 12 Specify the Quarantine management method
-
8/13/2019 f Secure Anti Virus Msexchange
51/401
Step 12. Specify the Quarantine management method.
If you want to manage quarantines locally, select Local quarantinemanagement. Select Centralized quarantine managementif you installthe product on multiple instances. For more information, see MicrosoftExchange Cluster Environment, 30.
ClickNextto continue.
CHAPTER 3 52Installation
Step 13. Specify the location of the Quarantine database.
-
8/13/2019 f Secure Anti Virus Msexchange
52/401
Step 13. Specify the location of the Quarantine database.
If you want to install the Quarantine database on the same server as theproduct installation, select (a) Install and use Microsoft SQL ServerDesktop Engine.
If you are using Microsoft SQL Server or Microsoft SQL Server Desktop
Engine already, select (b) Use the existing installation of MIcrosoft SQLServer or MSDE.
ClickNextto continue.
CHAPTER 3 53Installation
a Specify the installation directory for Microsoft SQL Server
-
8/13/2019 f Secure Anti Virus Msexchange
53/401
Desktop Engine and data files.
Enter the username and password for the server administratoraccount. ClickNextto continue.
b Specify the computer name of the SQL Server where you want tocreate the Quarantine database.
Enter the username and password to log on to the server. ClickNextto continue.
CHAPTER 3 54Installation
-
8/13/2019 f Secure Anti Virus Msexchange
54/401
If the server has a database with the same name, you can eitheruse the existing database, remove the existing database andcreate a new one or keep the existing database and create a newone with a new name.
CHAPTER 3 55Installation
Step 14. Select whether you want to install the product with F-Secure World Map
-
8/13/2019 f Secure Anti Virus Msexchange
55/401
Support.
The product can collect and send statistics about viruses and othermalware to the F-Secure World Map service. if you agree to sendstatistics to F-Secure World Map, select Yesand click Nextto continue.
CHAPTER 3 56Installation
Step 15. If you selected the centralized administration mode, the installationt t ifi d F S P li M S
-
8/13/2019 f Secure Anti Virus Msexchange
56/401
program connects to specified F-Secure Policy Manager Serverautomatically to install F-Secure Anti-Virus for Microsoft Exchange MIBfiles. If the installation program cannot connect to F-Secure Policy
Manager Server, the following dialog opens.
Make sure that the computer where you are installing F-Secure Anti-Virusfor Microsoft Exchange is allowed to connect to the administration port onF-Secure Policy Manager Server, or if you use proxy, make sure that theconnection is allowed from the proxy to the server. Check that any firewalldoes not block the connection.
If you want to skip installing MIB files, click Cancel. You can install MIBfiles later either manually or by running the Setup again.
CHAPTER 3 57Installation
Step 16. The list of components that will be installed is displayed.
-
8/13/2019 f Secure Anti Virus Msexchange
57/401
Click Startto install listed components.
CHAPTER 3 58Installation
Step 17. The installation status of the components is displayed.
-
8/13/2019 f Secure Anti Virus Msexchange
58/401
Click Nextto continue.
CHAPTER 3 59Installation
Step 18. The installation is completed.
-
8/13/2019 f Secure Anti Virus Msexchange
59/401
Click Finishto close the Setup wizard.
Step 19. If you are installing F-Secure Spam Control, the setup prompts you toselect whether to restart the Microsoft Exchange Information Storeservice automatically to complete the installation. Click Yesto restart theInformation Store service automatically.
CHAPTER 3 60Installation
3.6 After the Installation
-
8/13/2019 f Secure Anti Virus Msexchange
60/401
This section describes what you have to do after the installation. Thesesteps include:
Importing product MIBs to F-Secure Policy Manager (if that isrequired), and
Initial configuration of the product.
3.6.1 Importing Product MIB files to F-Secure Policy ManagerConsole
If you are using the product in centrally managed mode, there are caseswhen the F-Secure Anti-Virus for Microsoft Exchange MIB JAR file cannotbe uploaded to F-Secure Policy Manager Server during the installation. Inthese cases you will have to import the MIB files to F-Secure PolicyManager. You will have to import the MIB files if:
F-Secure Anti-Virus for Microsoft Exchange is located in adifferent network segment than F-Secure Policy Manager, andthere is a firewall between them blocking access to Policy
Managers administrative port (8080). F-Secure Policy Manager Server has been configured so that
administrative connections from anywhere else than the localhostare blocked.
The recommended way is to import the MIBs via F-Secure PolicyManager Console Toolsmenu. You can do it as follows:
1. Open the Toolsmenu and select the Installation packages...option.
2. Click Import....3. When the Import Installation Packages dialog opens, browse to
locate the fsavmse660.mib.jarfile located under the Jars subdirectoryin the setup package. Then click Open.
4. After importing the new MIB files, restart F-Secure Policy ManagerConsole.
CHAPTER 3 61Installation
3.6.2 Configuring the Product
-
8/13/2019 f Secure Anti Virus Msexchange
61/401
After the installation, F-Secure Anti-Virus for Microsoft Exchange isfunctional, but it is using mostly default values. It is highly recommended
to go through all the settings of all installed components. You should alsoretrieve the latest virus definition database updates.
Configure F-Secure Anti-Virus for Microsoft Exchange.
If F-Secure Anti-Virus for Microsoft Exchange has been installedin the centralized administration mode, use F-Secure PolicyManager Console to configure the settings for F-Secure ContentScanner Server and F-Secure Anti-Virus for Microsoft Exchangeand distribute the policy. For more information, see Centrally
Managed Administration, 127.If F-Secure Anti-Virus for Microsoft Exchange has been installedin stand-alone mode, use the F-Secure Anti-Virus for MicrosoftExchange Web Console to configure the settings of F-Secure
Anti-Virus for Microsoft Exchange. For more information, seeAdministration with Web Console, 219.
Specify the domains which should be considered to be internaldomains. For more information, see Internal Domains, 161.
Retrieve virus definition database updates. For more information,see Updating Virus and Spam Definition Databases, 345.
3.7 Upgrading the Previous Version
If you have a previous version of F-Secure Anti-Virus for MicrosoftExchange installed on your computer, you can upgrade it easily. You donot need to remove your previous version, F-Secure Setup uninstalls it
automatically.
CHAPTER 3 62Installation
During upgrade the setup will stop and restart Microsoft ExchangeInformation Store, IIS Admin Service and all services that depend onth
-
8/13/2019 f Secure Anti Virus Msexchange
62/401
them:
Microsoft Exchange Information Store
World Wide Web Publishing Service
Simple Mail Transport Protocol (SMTP)
Microsoft Exchange Routing Engine
Microsoft Exchange POP3
Network News Transport Protocol (NNTP)
Microsoft Exchange MTA Stacks
Microsoft Exchange Information Store
Microsoft Exchange IMAP4
IIS Admin Service
CHAPTER 3 63Installation
Follow these instruc tions to upgrade F-Secure Anti-Virus for
Microsoft Exchange:
-
8/13/2019 f Secure Anti Virus Msexchange
63/401
1. Run the Setup program. For more information, see InstallingF-Secure Anti-Virus for Microsoft Exchange, 41.
2. Depending on the installed F-Secure products, F-Secure Setup willsuggest upgrading one or more components.
Select the components you want to upgrade.
3. The setup needs to stop and restart Microsoft Exchange Serverrelated services during the upgrade.
Click OKto continue.
4. After the Setup finishes, restart the computer if the Setup programprompts you to do so.
CHAPTER 3 64Installation
5. Configure F-Secure Anti-Virus for Microsoft Exchange. For moreinformation, see Centrally Managed Administration, 127. If youinstalled F Secure Anti Virus for Microsoft Exchange in stand alone
-
8/13/2019 f Secure Anti Virus Msexchange
64/401
installed F-Secure Anti-Virus for Microsoft Exchange in stand-alonemode, see Administration with Web Console, 219.
6. that F-Secure Automatic Update Agent can retrieve the latest virusdefinition databases. For more information, see Updating Virus andSpam Definition Databases, 345.
3.8 Upgrading the Evaluation Version
If you want to use F-Secure Anti-Virus for Microsoft Exchange after your
evaluation period expires, you need a new keycode. Contact yoursoftware vendor or renew your license online.
After you have received the new keycode, you can either reinstallF-Secure Anti-Virus for Microsoft Exchange with your new keycode (seeInstalling F-Secure Anti-Virus for Microsoft Exchange, 41) or register thenew keycode from F-Secure Settings and Statistics.
To register the new keycode from F-Secure Settings and Statist ics
1. Open F-Secure Settings and Statisticsby double-clicking the
F-Secure icon in the Windows system tray and select F-SecureAnti-Virus for Microsoft Exchange to open the evaluation screen.
2. Click Register Keycode...and enter the new keycode you havereceived.
CHAPTER 3 65Installation
If you do not want to continue to use F-Secure Anti-Virus for MicrosoftExchange after your evaluation license expires, you should uninstall thesoftware
-
8/13/2019 f Secure Anti Virus Msexchange
65/401
software.
3.9 Uninstalling F-Secure Anti-Virus for MicrosoftExchange
To uninstall F-Secure Anti-Virus for Microsoft Exchange, selectAdd/Remove Programsfrom the Windows Control Panel. To uninstallF-Secure Anti-Virus for Microsoft Exchangecompletely, uninstall thecomponents in the following order:
1. F-Secure Anti-Virus for Microsoft Exchange
2. F-Secure SNMP Support (if it was installed)
3. F-Secure Spam Control
4. F-Secure Content Scanner Server
5. F-Secure Automatic Update Agent
IMPORTANT: If there is another F-Secure Anti-Virus product
installed on the same computer, check whether it uses F-SecureAutomatic Update Agent or F-Secure Policy Manager for gettingvirus definition database updates. If the other product gets theupdates from F-Secure Policy Manager, you can uninstall F-SecureAutomatic Update Agent.
-
8/13/2019 f Secure Anti Virus Msexchange
66/401
66
4 USINGF-SECURE
ANTI-VIRUSFORMICROSOFTEXCHANGE
Overview..................................................................................... 67
Administering F-Secure Anti-Virus for Microsoft Exchange........ 67
Using F-Secure Anti-Virus for Microsoft Exchange Web Console...
68
Home Page................................................................................. 71
Checking the Product Status...................................................... 71
Configuring the F-Secure Anti-Virus for Microsoft Exchange WebConsole...................................................................................... 74
Using F-Secure Policy Manager Console................................... 75
Modifying Settings and Viewing Statistics.................................. 76
Manually Processing Mailboxes and Public Folders.................. 78
Configuring Alert Forwarding.................................................... 121
Viewing Alerts........................................................................... 125
CHAPTER 4 67Using F-Secure Anti-Virus for Microsoft Exchange
4.1 Overview
F-Secure Anti-Virus for Microsoft Exchange can be used either in the
-
8/13/2019 f Secure Anti Virus Msexchange
67/401
F Secure Anti Virus for Microsoft Exchange can be used either in thestand-alone mode, or in the centrally administered mode, based on your
selections during the installation and the initial setup.
4.2 Administering F-Secure Anti-Virus for MicrosoftExchange
In the centralized administration mode, you can administer F-SecureAnti-Virus for Microsoft Exchange and F-Secure Content ScannerServers with F-Secure Policy Manager. You can use the F-Secure
Anti-Virus for Microsoft Exchange Web Console to start and stopF-Secure Anti-Virus for Microsoft Exchange, check its current status andto connect to F-Secure Web Club for support, but you cannot change anysettings with it.
In the stand-alone mode, you use the F-Secure Anti-Virus for MicrosoftExchange Web Console to start and stop F-Secure Anti-Virus forMicrosoft Exchange, modify its settings, edit scheduled tasks and start
manual processing.
To open the F-Secure Anti-Virus for Microsoft Exchange Web Console,start it from F-Secure Settings and Statistics or select F-Secure Anti-Virusfor Microsoft Exchangefrom theWindows Start menu > Programs >F-Secure Anti-Virus for Microsoft Exchange > F-Secure Anti-Virus forMicrosoft Exchange Web Console. You can open F-Secure Settings andStatisticsby double-clicking the F-Secure icon in the Windows systemtray.
CHAPTER 4 68Using F-Secure Anti-Virus for Microsoft Exchange
4.3 Using F-Secure Anti-Virus for Microsoft ExchangeWeb Console
-
8/13/2019 f Secure Anti Virus Msexchange
68/401
In centrally managed installations of F-Secure Anti-Virus for MicrosoftExchange, the F-Secure Anti-Virus for Microsoft Exchange Web Consolecan be used for monitoring the system status and statistics. It can also beused for viewing the settings currently in use and executing someoperations. However, in centrally managed installations it cannot be usedfor configuring the system or scanning settings; use F-Secure PolicyManager for this instead.
4.3.1 Logging in for the First Time
Microsof t Internet Explorer 6.0 users:
The address of the F-Secure Anti-Virus for Microsoft Exchange WebConsole, https://127.0.0.1:25023/, should be added to the Trusted sitesin
Internet Explorer 6.0 Security Options. This ensures that the F-SecureAnti-Virus for Microsoft Exchange Web Console works properly in allenvironments.
Before you log in the F-Secure Anti-Virus for Microsoft Exchange WebConsole for the first time, check that Java script and cookies are enabledin the browser you use.
F-Secure Anti-Virus for Microsoft Exchange Web Console does notsupport Microsoft Internet Explorer 5.5 or older.
CHAPTER 4 69Using F-Secure Anti-Virus for Microsoft Exchange
When you log in for the first time, your browser will display a Security Alertdialog window about the security certificate for F-Secure Anti-Virus forMicrosoft Exchange Web Console. You can create a security certificatef F S A ti Vi f Mi ft E h W b C l b f
-
8/13/2019 f Secure Anti Virus Msexchange
69/401
for F-Secure Anti-Virus for Microsoft Exchange Web Console before
logging in, and then install the certificate during the login process.
Step 1. Create the security certificate
1. Browse to the F-Secure Anti-Virus for Microsoft Exchange WebConsole installation directory, for example:
C:\Program Files\F-Secure\Web User Interface\bin\
2. Locate the certificate creation utility, makecert.bat, and double click itto run the utility.
3. The utility creates a certificate that will be issued to all local IPaddresses, and restarts the F-Secure Anti-Virus for Microsoft
Exchange Web Console service to take the certificate into use. Waituntil the utility completes, and the window closes. Now you canproceed to logging in.
Step 2. Log in and install the security certificate
1. Select Programs>F-Secure Anti-Virus for MicrosoftExchange>F-Secure Anti-Virus for Microsoft Exchange Web Console,
or enter the address of the F-Secure Anti-Virus for Microsoft
Exchange and the port number in your web browser. Note, that theprotocol used is https. For example:
https://127.0.0.1:25023
If your company has an established process for creating andstoring certificates, you can follow that process to create and storethe security certificate for F-Secure Anti-Virus for MicrosoftExchange Web Console.
-
8/13/2019 f Secure Anti Virus Msexchange
70/401
CHAPTER 4 71Using F-Secure Anti-Virus for Microsoft Exchange
-
8/13/2019 f Secure Anti Virus Msexchange
71/401
Figure 4-2 F-Secure Anti-Virus for Microsoft Exchange Home page
4.4 Home Page
4.5 Checking the Product Status
You can check the overall product status on the Home page. The Homepage displays an overview of each component status and most importantstatistics of the installed F-Secure Anti-Virus for Microsoft Exchangecomponents. From the Home page you can also open the product logsand proceed to configure the product components.
This section describes the statistics and operations available on theHome page.
CHAPTER 4 72Using F-Secure Anti-Virus for Microsoft Exchange
F-Secure Anti-Virus for Microsoft Exchange
The Home page displays the status the F-Secure Anti-Virus for MicrosoftExchange as well as a summary of the F-Secure Anti-Virus for Microsoft
-
8/13/2019 f Secure Anti Virus Msexchange
72/401
Exchange statistics.
Click Configureto configure F-Secure Anti-Virus for Microsoft Exchange.For more information, see Overview, 220.
F-Secure Content Scanner Server
The Home page displays the status the F-Secure Content ScannerServer as well as a summary of the F-Secure Content Scanner Server
statistics.
Status indicator Displays the status of F-Secure Anti-Virus forMicrosoft Exchange.
Processed messages Displays the total number of messages thathave been processed.
Infected messages Displays the number of infected messagesfound since the last reset of statistics.
Stripped attachments Displays the number of attachments that havebeen stripped.
Status indicator Displays the status of F-Secure ContentScanner Server.
Last time virus definitiondatabases updated
Displays the last date and time when thevirus definition databases were updated.
Database update version Displays the version of the virus definitiondatabase update.
CHAPTER 4 73Using F-Secure Anti-Virus for Microsoft Exchange
The version is shown in YYYY-MM-DD_NNformat, where YYYY-MM-DD is the releasedate of the update and NN is the number ofthe update for that day
-
8/13/2019 f Secure Anti Virus Msexchange
73/401
Click Configureto configure F-Secure Content Scanner Server. For moreinformation, see F-Secure Content Scanner Server Settings, 278.
F-Secure Automatic Update Agent
Click Configureto configure F-Secure Automatic Update Agent. Formore information, see Updating Virus and Spam Definition Databases,345.
F-Secure Management Agent
the update for that day.
Scanned files Displays the number of files the server hasscanned for viruses.
Last time infection found Displays the last infection detected by theserver.
Status indicator Displays the status of F-Secure AutomaticUpdate Agent.
Communication method Displays the currently used client protocol.
Last connection to theserver
Displays the last date and time whenF-Secure Automatic Update Agent polled the
F-Secure Automatic Update Server for newupdates.
Status indicator Displays the status of F-SecureManagement Agent.
Management method Displays if the host is standalone (configuredlocally) or networked (at least sometimesconnected through a network or a temporarylink).
CHAPTER 4 74Using F-Secure Anti-Virus for Microsoft Exchange
Click Configureto configure the F-Secure Management Agent. For moreinformation, see F-Secure Management Agent Settings, 308.
Toolbar Buttons
-
8/13/2019 f Secure Anti Virus Msexchange
74/401
Click Show F-Secure Logto view the F-Secure log file (LogFile.log) in anew Internet browser window. Click Downloadto download and save theLogFile.log for later use.
Click Export Settingsto open a list of all F-Secure Anti-Virus forMicrosoft Exchange settings in a new Internet browser window. SelectFile > Save As...to save the file for later use.
Click Export Statisticsto open a list of all F-Secure Anti-Virus forMicrosoft Exchange statistics in a new Internet browser window. Select
File > Save As...to save or print the file for later use.Click Configure Console to configure the F-Secure Anti-Virus forMicrosoft Exchange Web Console. For instructions, see Configuring theF-Secure Anti-Virus for Microsoft Exchange Web Console, 74.
Click Helpto open the online help.
4.6 Configuring the F-Secure Anti-Virus for MicrosoftExchange Web Console
On the F-Secure Anti-Virus for Microsoft Exchange Web ConsoleConfiguration page you can specify settings for connections to the server.You can also open the F-Secure Anti-Virus for Microsoft Exchange WebConsole access log from this page.
Limit session timeout Specify the length of time a client can be
connected to the server. When the sessionexpires, the F-Secure Anti-Virus forMicrosoft Exchange Web Console displays awarning. The default value is 60 minutes.
CHAPTER 4 75Using F-Secure Anti-Virus for Microsoft Exchange
Click Show Access Logto view the F-Secure Anti-Virus for MicrosoftExchange Web Console access log. Note that the Web Console accesslog differs from standard web server access logs, as it logs only the firstrequest per session.
-
8/13/2019 f Secure Anti Virus Msexchange
75/401
To add a new host in the list, clickAddto add new a new line in the tableand then enter the IP address of the host.
4.7 Using F-Secure Policy Manager Console
In the centralized administration mode, you can open F-Secure Anti-Virusfor Microsoft Exchange components from the Windows Start menu >Programs > F-Secure Policy Manager Console. When the Policy