F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 - Administrator'S Manual Download Page 213 | Manualshive

Page: 213 / 397

background image

CHAPTER 5

213

Centrally Managed Administration

You can set Policy Manager Proxies in priority
order. Updates are downloaded from the primary
sources first, secondary update sources can be
used as a backup.

The product connects to the Update Server
through any configured Policy Manager Proxies.
If the product cannot connect to Policy Manger
Proxy, it connects directly to the Update Server

Intermediate Server
failover time

Define the failover time to connect to specified
update servers.

If the product cannot connect to update servers
during the specified time, it retrieves the latest
virus definition updates from F-Secure Update
Server if

Allow fetching updates from F-Secure

Update Server

is enabled.

Intermediate Server
polling interval

Define how often the product checks the virus
definition database update sources for new
updates.

Allow fetching
updates from
F-Secure Update
Server

Enable the product to download virus definition
updates from F-Secure Update Server when it
cannot connect to specified update servers.

«
...
211
212
213
214
215
...
»

Summary of Contents for ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 -

Page 1: ...F Secure Anti Virus for Microsoft Exchange Administrator s Guide ...

Page 2: ...transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2006 F Secure Corporation All rights reserved Portions Copyright 1991 2006 Kaspersky Lab This product includes software developed by the Apache Software Foundation http www apache org Copyright 2000 2006 The Apache Software Foundation All ri...

Page 3: ...rus Mail Server and Gateway Products 21 Chapter 2 Deployment 23 2 1 Installation Modes 24 2 2 Network Requirements 24 2 3 Deployment Scenarios 25 2 3 1 Minimum Installation 25 2 3 2 Medium to Large Installation 27 2 3 3 Performance Critical Installation 28 2 3 4 Microsoft Exchange Cluster Environment 30 Chapter 3 Installation 32 3 1 System Requirements 33 3 1 1 Minimum System Requirements 33 3 1 2...

Page 4: ...apter 4 Using F Secure Anti Virus for Microsoft Exchange 65 4 1 Overview 66 4 2 Administering F Secure Anti Virus for Microsoft Exchange 66 4 3 Using the Web Console 67 4 3 1 Logging in for the First Time 67 4 4 Checking the Product Status 70 4 5 Configuring the Web Console 73 4 6 Using F Secure Policy Manager Console 74 4 7 Modifying Settings and Viewing Statistics 75 4 7 1 Centrally Administered...

Page 5: ...6 5 3 3 Manual Processing 189 5 3 4 Quarantine 192 5 4 F Secure Content Scanner Server Settings 193 5 4 1 Interface 195 5 4 2 Virus Scanning 196 5 4 3 Virus Statistics 199 5 4 4 Database Updates 201 5 4 5 Spam Filtering 202 5 4 6 Threat Detection Engine 204 5 4 7 Proxy Configuration 205 5 4 8 Advanced 206 5 5 F Secure Content Scanner Server Statistics 208 5 5 1 Server 208 5 5 2 Scan Engines 209 5 ...

Page 6: ...nced 295 6 3 7 Interface 297 6 4 F Secure Automatic Update Agent Settings 298 6 4 1 Summary 299 6 4 2 Automatic Updates 301 6 4 3 PM Proxies 303 6 5 F Secure Management Agent Settings 304 Chapter 7 Quarantine Management 307 7 1 Introduction 308 7 2 Configuring Quarantine Options 309 7 3 Searching the Quarantined Content 310 7 4 Query Results Page 314 7 5 Viewing Details of a Quarantined Message 31...

Page 7: ...342 9 4 1 Using FSUPDATE 342 9 4 2 Updating the Virus Definition Database Remotely Using LATEST ZIP 343 Appendix A Deploying the Product on a Cluster 344 A 1 System and Network Recommendations 345 A 2 Installation Overview 347 A 3 Creating Quarantine Storage 348 A 3 1 Quarantine Storage in Active Passive Cluster 348 A 3 2 Quarantine Storage in Active Active Cluster 353 A 4 Installing the Product 3...

Page 8: ...e 375 D 4 Common Problems and Solutions 376 D 4 1 Installing Service Packs 379 D 4 2 Securing the Quarantine 379 D 4 3 Administration Issues 380 D 5 Frequently Asked Questions 381 D 6 F Secure Automatic Update Agent Troubleshooting 386 Technical Support 392 F Secure Online Support Resources 393 Web Club 395 Virus Descriptions on the Web 395 ...

Page 9: ...9 ABOUT THIS GUIDE How This Guide Is Organized 10 Conventions Used in F Secure Guides 13 ...

Page 10: ... Definition Databases Instructions how to update your virus definition database Chapter 5 Centrally Managed Administration Instructions how to remotely administer F Secure Anti Virus for Microsoft Exchange and F Secure Content Scanner Server when they have been installed in centralized administration mode Chapter 6 Administration with Web Console Instructions how to administer F Secure Anti Virus ...

Page 11: ...ground and products See the F Secure Policy Manager Administrator s Guide for detailed information about installing and using the F Secure Policy Manager components F Secure Policy Manager Console the tool for remote administration of F Secure Anti Virus for Microsoft Exchange F Secure Policy Manager Server which enables communication between F Secure Policy Manager Console and the managed systems...

Page 12: ...cs black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a situation with a risk of irreversible destruction to data IMPORTANT An exclamation mark provides important information that you need to consider REFERENCE A book refers you to related information on the...

Page 13: ...e used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F Secure at http www f secure com for documentation training courses downloads and service and support contacts In our constant attempts to improve our documentation we would welcome your feedback If y...

Page 14: ...14 1 INTRODUCTION Overview 15 How F Secure Anti Virus for Microsoft Exchange Works 16 Key Features 19 F Secure Anti Virus Mail Server and Gateway Products 21 ...

Page 15: ...ld the company network from any malicious code that travels in HTTP or SMTP traffic In addition they protect your company network against spam The protection can be implemented on the gateway level to screen all incoming and outgoing e mail SMTP web surfing HTTP and FTP over HTTP and file transfer FTP traffic Furthermore it can be implemented on the mail server level so that it does not only prote...

Page 16: ...ge can be configured to disinfect or drop the content Any malicious code found during the scan process can be placed in the Quarantine where it can be further examined Stripped attachments can also be placed in the Quarantine for further examination Flexible and Scalable Anti Virus Protection F Secure Anti Virus for Microsoft Exchange is installed on Microsoft Exchange 2000 2003 Server and it inte...

Page 17: ...are receiving the highest quality service and protection Virus and Spam Outbreak Detection Massive spam and virus outbreaks consist of millions of messages which share at least one identifiable pattern that can be used to distinguish the outbreak Any message that contains one or more of these patterns can be assumed to be a part of the same spam or virus outbreak F Secure Anti Virus for Microsoft ...

Page 18: ...hical user interface F Secure Policy Manager Console provides a centralized view of the domains and hosts in your network and lets you configure the security policies for all F Secure components F Secure Policy Manager receives status information from F Secure Anti Virus for Microsoft Exchange F Secure Policy Manager Server is the server side component that handles communication between F Secure A...

Page 19: ...from e mails Password protected archives can be treated as unsafe Intelligent file type recognition Message filtering based on keywords in message subjects and text Utilizes the low level Anti Virus API AV API 2 0 for Microsoft Exchange 2000 Server and AV AP 2 5 for Microsoft Exchange 2003 Server Virus Outbreak Detection The virus outbreak detection is an additional active layer of protection that...

Page 20: ... the products remotely Starting predefined operations remotely Monitoring statistics provided by the products remotely with F Secure Policy Manager or F Secure Anti Virus for Microsoft Exchange Web Console Possibility to configure and manage stand alone installations with the convenient F Secure Anti Virus for Microsoft Exchange Web Console Contains new quarantine management features you can manag...

Page 21: ... product operates transparently and scans files in the Exchange Server Information Store in real time Manual and scheduled scanning of user mailboxes and Public Folders is also supported F Secure Anti Virus for MIMEsweeper provides a powerful anti virus scanning solution that tightly integrates with Clearswift MIMEsweeper for SMTP and MIMEsweeper for Web products F Secure provides top class anti v...

Page 22: ...lation and configuration of the product F Secure Messaging Security Gateway delivers the industry s most complete and effective security for e mail It combines a robust enterprise class messaging platform with perimeter security antispam antivirus secure messaging and outbound content security capabilities in an easy to deploy hardened appliance ...

Page 23: ...23 2 DEPLOYMENT Installation Modes 24 Network Requirements 24 Deployment Scenarios 25 ...

Page 24: ...ager Console on the administrator s machine 2 2 Network Requirements This network configuration is valid for all scenarios described in this chapter Make sure that the following network traffic can travel Service Process Inbound ports Outbound ports F Secure Content Scanner Server ProgramFiles F Secure Content Scanner Server fsavsd exe 18971 TCP 1024 65536 TCP only with F Secure Anti Virus for Int...

Page 25: ...tical Installation 28 For Microsoft Exchange Cluster Environments see Microsoft Exchange Cluster Environment 30 2 3 1 Minimum Installation If the mail traffic is not very heavy you can install F Secure Content Scanner Server on the same machine that runs Microsoft Exchange Server In this case both F Secure Content Scanner Server and F Secure Anti Virus for Microsoft Exchange will reside on the Mic...

Page 26: ...e F Secure Anti Virus for Microsoft Exchange Web Console Figure 2 1 F Secure Anti Virus for Microsoft Exchange minimum installation Alternatively you can choose to install F Secure Policy Manager to enable centralized administration of F Secure Content Scanner Server and F Secure Anti Virus for Microsoft Exchange ...

Page 27: ...ver should be installed on a dedicated machine This minimizes the extra load on the Microsoft Exchange Server You should install F Secure Anti Virus for Microsoft Exchange in centralized administration mode on each Microsoft Exchange Server Figure 2 2 F Secure Anti Virus for Microsoft Exchange medium to large installation ...

Page 28: ...canner Server installations Each F Secure Content Scanner Server should be installed on a dedicated machine F Secure Anti Virus for Microsoft Exchange can share the virus scanning load between multiple F Secure Content Scanner Servers Figure 2 3 F Secure Anti Virus for Microsoft Exchange with multiple F Secure Content Scanner Servers ...

Page 29: ...Secure Anti Virus for Microsoft Exchange should be installed in centralized administration mode on each Microsoft Exchange Server Figure 2 4 F Secure Anti Virus for Microsoft Exchange installed on each Microsoft Exchange Server ...

Page 30: ... and configure all the settings on the domain level not on the host level It is recommended to install a local F Secure Content Scanner Server on both cluster nodes However if a remote F Secure Content Scanner Server is used the dedicated IP address of each cluster node must be visible to the remote F Secure Content Scanner Server When installing the product the setup program detects Microsoft Exc...

Page 31: ...uct can be installed either on an active or a passive cluster node When installing on a passive node which does not have active Microsoft Exchange services the setup program may display a notification about missing Microsoft Exchange components but the installation can be continued ...

Page 32: ...lity and Performance 37 Installation Overview 38 Installing F Secure Anti Virus for Microsoft Exchange 40 After the Installation 59 Upgrading the Previous Version 60 Upgrading the Evaluation Version 63 Uninstalling F Secure Anti Virus for Microsoft Exchange 64 ...

Page 33: ...he operating system your default system locale should be the same as the language of the operating system You can set the locale in Control Panel Regional Options General Your locale location Operating system Microsoft Windows 2000 Server with the latest service pack Microsoft Windows 2000 Advanced Server with the latest service pack Microsoft Windows Server 2003 Standard Edition with latest servi...

Page 34: ... SQL Server to Use for the Quarantine Database 35 When centralized quarantine management is used the SQL server must be reachable from the network and file sharing must be enabled F Secure Policy Manager version F Secure Policy Manager 6 0 or newer F Secure Policy Manager is required only in centrally managed environments For Microsoft Windows Server 2003 Service Pack 1 related support information...

Page 35: ...QL Server Desktop Engine MSDE the Quarantine database size is limited to 2 GB MSDE includes a concurrent workload governor that limits the scalability of MSDE For more information see http msdn microsoft com library url library en us architec 8_ar_sa2_0ciq asp frame true It is not recommended to use MSDE or SQL Server 2005 Express Edition if you are planning to use centralized quarantine managemen...

Page 36: ...e should be configured to use Mixed Mode authentication 3 1 3 Web Browser Software Requirements In order to administer the product with F Secure Anti Virus for Microsoft Exchange Web Console one of the following web browsers is required Microsoft Internet Explorer 6 0 or later Netscape Communicator 8 1 or later Mozilla Firefox 1 5 or later Opera 9 00 or later Konqueror 3 5 or later Any other web b...

Page 37: ...ize of mail messages is big or Microsoft Exchange Server has to process large messages regularly increasing the amount of physical memory increases the overall performance If large messages are processed only now and then it might be enough to increase the size of the virtual memory In this case large messages will slow the system down Hard Drive Hard drive size is an important reliability factor ...

Page 38: ...the F Secure Anti Virus for Microsoft Exchange Web Console in both centrally administered and stand alone installations In centrally managed environments all other features are managed with F Secure Policy Manager 3 4 Installation Overview Before you start to install F Secure Anti Virus for Microsoft Exchange uninstall any potentially conflicting products such as anti virus file encryption and dis...

Page 39: ...Microsoft Exchange Centralized Administration mode 1 Run F Secure Policy Manager setup to set up F Secure Policy Manager Server See F Secure Policy Manager Administrator s Guide for instructions 2 Install F Secure Anti Virus for Microsoft Exchange For more information see Installing F Secure Anti Virus for Microsoft Exchange 40 3 Import the product MIB files to F Secure Policy Manager if they cann...

Page 40: ...er the installation is complete check and configure settings for F Secure Content Scanner Server F Secure Anti Virus for Microsoft Exchange and F Secure Management Agent 3 5 Installing F Secure Anti Virus for Microsoft Exchange Follow these instructions to install F Secure Content Scanner Server and F Secure Anti Virus for Microsoft Exchange Step 1 1 Insert the F Secure CD in your CD ROM drive 2 S...

Page 41: ...CHAPTER3 41 Installation Click Next to continue Step 3 Read the licence agreement ...

Page 42: ...42 If you accept the agreement check the I accept the agreement checkbox and click Next to continue Step 4 Enter the product keycode Click Next to continue ...

Page 43: ...on the Microsoft Exchange Server computer select all components Click Next to continue When you install F Secure Spam Control or F Secure Content Scanner Server in stand alone mode F Secure Automatic Update Agent is automatically installed to provide virus definition database updates For more information see Automatic Updates with F Secure Automatic Update Agent 341 ...

Page 44: ...44 Step 6 Choose the destination folder for the installation Click Next to continue ...

Page 45: ...gs and receive alerts and status information in F Secure Policy Manager Console Click Next to continue If you selected the stand alone installation continue to Step 10 48 If you select the stand alone mode use the F Secure Anti Virus for Microsoft Exchange Web Console to change product settings and statistics For more information see Administration with Web Console 216 ...

Page 46: ... file admin pub that was created during F Secure Policy Manager Console setup You can transfer the public key in various ways use a shared folder on the file server a floppy disk or send the key as an attachment in an e mail message Click Next to continue ...

Page 47: ...Policy Manager Server you installed earlier Click Next to continue If the product MIB files cannot be uploaded to F Secure Policy Manager during installation you can import them manually For more information see Importing Product MIB files to F Secure Policy Manager Console 59 ...

Page 48: ...ess that will be used by F Secure Anti Virus for Microsoft Exchange to send warning and informational messages to end users The SMTP address should be a valid existing address that is allowed to send messages Click Next to continue ...

Page 49: ...to run the outbreak handler scripts or programs If you do need to see the outbreak handler script running on the desktop select Allow to interact with desktop By default the script or program runs in the background For more information see Outbreak Management 156 Click Next to continue If you want to use the default SYSTEM account do not enter any password Make sure that the account has all the ne...

Page 50: ...f you want to manage quarantines locally select Local quarantine management Select Centralized quarantine management if you install the product on multiple instances For more information see Microsoft Exchange Cluster Environment 30 Click Next to continue ...

Page 51: ...e Quarantine database on the same server as the product installation select a Install and use Microsoft SQL Server Desktop Engine If you are using Microsoft SQL Server or Microsoft SQL Server Desktop Engine already select b Use the existing installation of MIcrosoft SQL Server or MSDE Click Next to continue ...

Page 52: ... and data files Enter the username and password for the server administrator account Click Next to continue b Specify the computer name of the SQL Server where you want to create the Quarantine database Enter the username and password to log on to the server Click Next to continue ...

Page 53: ...stallation If the server has a database with the same name you can either use the existing database remove the existing database and create a new one or keep the existing database and create a new one with a new name ...

Page 54: ... the product with F Secure World Map Support The product can collect and send statistics about viruses and other malware to the F Secure World Map service if you agree to send statistics to F Secure World Map select Yes and click Next to continue ...

Page 55: ...icy Manager Server the following dialog opens Make sure that the computer where you are installing F Secure Anti Virus for Microsoft Exchange is allowed to connect to the administration port on F Secure Policy Manager Server or if you use proxy make sure that the connection is allowed from the proxy to the server Check that any firewall does not block the connection If you want to skip installing ...

Page 56: ...56 Step 16 The list of components that will be installed is displayed Click Start to install listed components ...

Page 57: ...CHAPTER3 57 Installation Step 17 The installation status of the components is displayed Click Next to continue ...

Page 58: ...tup wizard Step 19 If you are installing F Secure Spam Control the setup prompts you to select whether to restart the Microsoft Exchange Information Store service automatically to complete the installation Click Yes to restart the Information Store service automatically ...

Page 59: ...have to import the MIB files if F Secure Anti Virus for Microsoft Exchange is located in a different network segment than F Secure Policy Manager and there is a firewall between them blocking access to Policy Manager s administrative port 8080 F Secure Policy Manager Server has been configured so that administrative connections from anywhere else than the localhost are blocked The recommended way ...

Page 60: ...y For more information see Centrally Managed Administration 125 If F Secure Anti Virus for Microsoft Exchange has been installed in stand alone mode use the F Secure Anti Virus for Microsoft Exchange Web Console to configure the settings of F Secure Anti Virus for Microsoft Exchange For more information see Administration with Web Console 216 Specify the domains which should be considered to be in...

Page 61: ...rvices that depend on them Microsoft Exchange Information Store World Wide Web Publishing Service Simple Mail Transport Protocol SMTP Microsoft Exchange Routing Engine Microsoft Exchange POP3 Network News Transport Protocol NNTP Microsoft Exchange MTA Stacks Microsoft Exchange Information Store Microsoft Exchange IMAP4 IIS Admin Service ...

Page 62: ...ft Exchange 40 2 Depending on the installed F Secure products F Secure Setup will suggest upgrading one or more components Select the components you want to upgrade 3 The setup needs to stop and restart Microsoft Exchange Server related services during the upgrade Click OK to continue 4 After the Setup finishes restart the computer if the Setup program prompts you to do so ...

Page 63: ...osoft Exchange after your evaluation period expires you need a new keycode Contact your software vendor or renew your license online After you have received the new keycode you can either reinstall F Secure Anti Virus for Microsoft Exchange with your new keycode see Installing F Secure Anti Virus for Microsoft Exchange 40 or register the new keycode from F Secure Settings and Statistics To registe...

Page 64: ...xchange completely uninstall the components in the following order 1 F Secure Anti Virus for Microsoft Exchange 2 F Secure SNMP Support if it was installed 3 F Secure Spam Control 4 F Secure Content Scanner Server 5 F Secure Automatic Update Agent IMPORTANT If there is another F Secure Anti Virus product installed on the same computer check whether it uses F Secure Automatic Update Agent or F Secu...

Page 65: ...for Microsoft Exchange 66 Using the Web Console 67 Checking the Product Status 70 Configuring the Web Console 73 Using F Secure Policy Manager Console 74 Modifying Settings and Viewing Statistics 75 Manually Processing Mailboxes and Public Folders 77 Configuring Alert Forwarding 119 Viewing Alerts 123 ...

Page 66: ...ft Exchange check its current status and to connect to F Secure Web Club for support but you cannot change any settings with it In the stand alone mode you use the F Secure Anti Virus for Microsoft Exchange Web Console to start and stop F Secure Anti Virus for Microsoft Exchange modify its settings edit scheduled tasks and start manual processing To open the F Secure Anti Virus for Microsoft Excha...

Page 67: ...rity Options This ensures that the F Secure Anti Virus for Microsoft Exchange Web Console works properly in all environments Before you log in the F Secure Anti Virus for Microsoft Exchange Web Console for the first time check that Java script and cookies are enabled in the browser you use When you log in for the first time your browser will display a Security Alert dialog window about the securit...

Page 68: ...nter the address of the F Secure Anti Virus for Microsoft Exchange and the port number in your web browser Note that the protocol used is https For example https 127 0 0 1 25023 2 The Security Alert about the F Secure Anti Virus for Microsoft Exchange Web Console certificate is displayed If you install the certificate now you will not see the Security Alert window again Click View Certificate to v...

Page 69: ...icrosoft Exchange Figure 4 1 F Secure Anti Virus for Microsoft Exchange Web Console Login page 7 You will be forwarded to the home page which displays a summary of the system status Figure 4 2 F Secure Anti Virus for Microsoft Exchange Home page ...

Page 70: ...ti Virus for Microsoft Exchange The Home page displays the status the F Secure Anti Virus for Microsoft Exchange as well as a summary of the F Secure Anti Virus for Microsoft Exchange statistics Click Configure to configure F Secure Anti Virus for Microsoft Exchange For more information see Overview 217 Status indicator Displays the status of F Secure Anti Virus for Microsoft Exchange Processed me...

Page 71: ... and time when the virus definition databases were updated Database update version Displays the version of the virus definition database update The version is shown in YYYY MM DD_NN format where YYYY MM DD is the release date of the update and NN is the number of the update for that day Scanned files Displays the number of files the server has scanned for viruses Last time infection found Displays...

Page 72: ... Anti Virus for Microsoft Exchange settings in a new Internet browser window Select File Save As to save the file for later use Click Export Statistics to open a list of all F Secure Anti Virus for Microsoft Exchange statistics in a new Internet browser window Select File Save As to save or print the file for later use Click Configure Console to configure the F Secure Anti Virus for Microsoft Exch...

Page 73: ...nly the first request per session To add a new host in the list click Add to add new a new line in the table and then enter the IP address of the host Limit session timeout Specify the length of time a client can be connected to the server When the session expires the F Secure Anti Virus for Microsoft Exchange Web Console displays a warning The default value is 60 minutes Listen on address Specify...

Page 74: ...ariable marked by the leaf icon in the Properties pane and enter the value in the Editor pane the right pane After a policy is created it must be distributed to hosts by choosing Distribute from the File menu After changing the settings and distributing the policy you have to wait for F Secure Anti Virus for Microsoft Exchange to poll the policy For detailed information on installing and using F S...

Page 75: ...he Editor pane to change it You can either type the new value or select it from a list box If you enter an invalid value it will be displayed in red in the Properties pane Click Clear to revert to the default value or Undo to cancel the most recent change that has not been distributed For detailed explanations of all variables see F Secure Anti Virus for Microsoft Exchange Settings 126 Select the ...

Page 76: ... the setting is shown in normal black font then the setting has been modified locally You must mark the setting as Final when you change it 4 7 2 Stand alone Mode To change F Secure Anti Virus for Microsoft Exchange settings in stand alone mode open the F Secure Anti Virus for Microsoft Exchange Web Console and select the variables you want to change from the options tree For detailed explanations...

Page 77: ...Secure Anti Virus for Microsoft Exchange Operations Manual Scanning Click Start in the Editor pane Choose Distribute from the File menu To stop a manual scan select Stop under F Secure Anti Virus for Microsoft Exchange Operations Manual Scanning Click Stop in the Editor pane Choose Distribute for the File menu To view the scanning report the total numbers of mailboxes and Public Folders and the nu...

Page 78: ...Every week at the specified time on the same day when the first operation is scheduled to start Monthly Every month at the specified time on the same date when the first operation is scheduled to start Click Next to continue Step 2 Specify whether you want to process all messages or only those messages that have not been processed previously during the manual processing Do not use any special char...

Page 79: ...CHAPTER4 79 Using F Secure Anti Virus for Microsoft Exchange Specify how many concurrent transactions the scanner can have with F Secure Content Scanner Server Click Next to continue ...

Page 80: ...s all mailboxes specified in the list Scan all except excluded mailboxes Process all except those mailboxes specified in the list Click Add to add a new mailbox to the list Click Edit to edit a previously created entry Click Remove to remove the selected folder or Remove All to remove all entries from the list By default F Secure Anti Virus for Microsoft Exchange examines all mailboxes Click Next ...

Page 81: ...1 Using F Secure Anti Virus for Microsoft Exchange Step 4 Choose settings for virus scanning of mailboxes during the scheduled operation and Click Next to continue For settings descriptions see Virus Scanning 130 ...

Page 82: ...82 Step 5 Choose settings for stripping attachments during the scheduled operation and click Next to continue For settings descriptions see Stripping Attachments 147 ...

Page 83: ...d Public Folders Process all notes posted to Public Folders specified in the list Scan all except excluded Public Folders Process all notes posted to all Public Folders except those specified in the list Click Add to add a new Public Folder to the list Click Edit to edit a previously created entry Click Remove to remove the selected folder or Remove All to remove all entries from the list By defau...

Page 84: ...84 Step 7 Choose settings for virus scanning of Public Folders during the scheduled operation and click Next to continue For settings descriptions see Virus Scanning 130 ...

Page 85: ...CHAPTER4 85 Using F Secure Anti Virus for Microsoft Exchange Step 8 Choose settings for stripping attachments during the scheduled operation and click Next to continue ...

Page 86: ... After you have specified the manual scanning settings select the Manual Processing and click Start Under Progress you can view the progress of the manual scan the total numbers of mailboxes and Public Folders and the numbers of processed mailboxes and Public Folders In the bottom of the property page the results of the previous manual scan are shown the numbers of processed infected and suspiciou...

Page 87: ...tly you can set up scheduled operations For more information see Creating Scheduled Operation 102 Creating Manual Scanning Operation Start the Manual Scanning Wizard by clicking the Configure button on the Manual Scanning page Step 1 Specify Messages to Process 1 Specify whether you want to process all messages or only those messages that have not been processed previously 2 Specify how many concu...

Page 88: ...s Process all except these mailboxes Process all except specified mailboxes If F Secure Anti Virus for Microsoft Exchange is operating on a system that has multiple processors or you are using a high performance computer you can increase performance by increasing the number of concurrent transactions If you want to use the default settings for most of the scanning settings click Last to proceed to...

Page 89: ...o the list Click the checkbox in the column to mark a mailbox to be removed Click Clear to remove all currently marked entries from the list By default F Secure Anti Virus for Microsoft Exchange examines all mailboxes 2 Click Next to continue Step 3 Specify Virus Scanning Settings for Mailboxes ...

Page 90: ...ename extensions Scan all attachments except with these extensions Scan all attachments except those with specified filename extensions You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes Separate the extensions by spaces Scan mail message body Specify whether the body of the e mail message should be scanned for malicious code By defau...

Page 91: ...content that has a safe filename extension for example a Microsoft Word document using the rtf filename extension and you do not accidentally block safe content that has unsafe filename extension for example a text file using the doc filename extension Intelligent File Type Recognition can degrade the system performance Action Action on infected attachments Specify whether infected attachments sho...

Page 92: ...ntine infected attachments Specify whether infected attachments should be placed in the Quarantine or not For more information see Quarantine Management 307 Send warning message to mailbox owner Specify whether to send a message to the mailbox owner when an infected attachment is found Click Edit to edit the informational text file that replaces the infected attachment if it is dropped ...

Page 93: ...ns in the allowed and disallowed attachments text boxes Separate the extensions by spaces Enable File Type Recognition Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether yo...

Page 94: ...ttachment is stripped Click Edit to edit the message Notify administrator Specify whether the administrator should be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning alert Send a warning alert to the administrator Send ...

Page 95: ...es posted to the listed Public Folders Process all except excluded public folders Process all notes posted to all Public Folders except the listed ones Click Add to add a new Public Folder to the list Click Clear to remove the selected folder or Clear All to remove all entries from the list By default F Secure Anti Virus for Microsoft Exchange processes all Public Folders 2 Click Next to continue ...

Page 96: ...chments are checked for viruses Do not scan attachments for viruses Do not scan any attachments Scan all attachments Scan all message attachments Scan all attachments with these extensions Scan all attachments with specified filename extensions Scan all attachments except with these extensions Scan all attachments except those with specified filename extensions ...

Page 97: ... usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to use Intelligent File Type Recognition or not By default Intelligent File Type Recognition is disabled during the real time processing Intelligent File Type Recognition strengthens the security you can...

Page 98: ...ct or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quarantine infected attachments Specify whether infected attachments should be placed in the Quarantine or not For more information see Quarantine Management 307 Send warning message to the originator Specify whether to send a warning...

Page 99: ... Strip attachments Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments except these allowed Strip all except specified attachments Strip only these disallowed attachments Strip only specified attachments ...

Page 100: ...ed Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachments Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quarantine For more information see Quarantine Management 307 Drop attachment All stripped attachments are deleted automatically By default F Secure An...

Page 101: ...uld be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning alert Send a warning alert to the administrator Send security alert Send a security alert to the administrator ...

Page 102: ...rd displays the summary of created operation Click Finish accept the new manual scanning operation and to exit the wizard Creating Scheduled Operation Start the Scheduled Operation Wizard by clicking Add Task in the Scheduled Processing window ...

Page 103: ...ery day at the specified time starting from the specified date Weekly Every week at the specified time on the same day when the first operation is scheduled to start Monthly Every month at the specified time on the same date when the first operation is scheduled to start 2 Enter the start time of the task in hh mm format 3 Enter the start date of the task in mm dd yyyy format 4 Click Next to conti...

Page 104: ...er you want to process all messages or only those messages that have not been processed previously during the scheduled processing 2 Specify how many concurrent transactions the scanner can have with F Secure Content Scanner Server 3 Click Next to continue ...

Page 105: ...ailboxes Process all mailboxes Process only these mailboxes Process all specified mailboxes Process all except these mailboxes Process all except specified mailboxes Click Add to add a new mailbox to the list Click the checkbox in the column to mark a mailbox to be removed Click Clear to remove all currently marked entries from the list By default F Secure Anti Virus for Microsoft Exchange examine...

Page 106: ...ts to scan Specify which message attachments are checked for viruses Do not scan attachments for viruses Process messages without scanning any attachments for viruses Scan all attachments Scan all message attachments regardless of filename extension Scan all attachments with these extensions Scan all attachments with specified filename extensions ...

Page 107: ... File Type Recognition Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to use Intelligent File Type Recognition or not By default Intelligent File Type Recognit...

Page 108: ...ipient Drop attachment Do not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quarantine infected attachments Specify whether infected attachments should be placed in the Quarantine or not For more information see Quarantine Management 307 Send warning message to mailbox own...

Page 109: ...led operation Strip attachments Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments except these allowed Strip all except specified attachments Strip only these disallowed attachments Strip only specified attachments ...

Page 110: ...sed Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quarantine For more information see Quarantine Management 307 Drop attachment All stripped attachments are deleted automatically By default F Secure An...

Page 111: ...he administrator should be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning alert Send a warning alert to the administrator Send security alert Send a security alert to the administrator ...

Page 112: ...lders Process all except excluded public folders Process all notes posted to all Public Folders except the listed ones Click Add to add a new Public Folder to the list Click Clear to remove the selected folder or Clear All to remove all entries from the list By default F Secure Anti Virus for Microsoft Exchange processes all Public Folders 2 Click Next to continue The notes and attachments to be p...

Page 113: ...ttachments to scan Specify which message attachments are checked for viruses Do not scan attachments for viruses Do not scan any attachments Scan all attachments Scan all message attachments Scan all attachments with these extensions Scan all attachments with specified filename extensions Scan all attachments except with these extensions Scan all attachments except those with specified filename ex...

Page 114: ...se Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to use Intelligent File Type Recognition or not By default Intelligent File Type Recognition is disabled during the real time processing Intelligent File Type Recognition strengthens the security you can block unsafe content that ha...

Page 115: ...rop attachment Do not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quarantine infected attachments Specify whether infected attachments should be placed in the Quarantine or not For more information see Quarantine Management 307 Send warning message to the originator Spec...

Page 116: ...ments Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments except these allowed Strip all except specified attachments Strip only these disallowed attachments Strip only specified attachments ...

Page 117: ...ile the attachment is processed Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quarantine For more information see Quarantine Management 307 Drop attachment All stripped attachments are deleted automati...

Page 118: ... Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning alert Send a warning alert to the administrator Send security alert Send a security alert to the administrator ...

Page 119: ...are sent if security has been compromised or a program wants to notify about some specific events such as starting stopping modules low disk space etc Alerts are also sent when a program or operation has encountered a problem 4 9 1 Centrally Administered Mode You can configure where F Secure Anti Virus for Microsoft Exchange sends alerts by editing the Alert Forwarding table which is located under...

Page 120: ...rts to e mail you will need to specify the recipient s e mail address This is done as follows 1 Click Add to add a new row in the E mail Address table 2 Type the e mail address on the new row 3 Select the types of alerts that are to be sent to this address 4 Click Apply If you choose to send alerts as e mails to administrators using the SMTP protocol you will need to specify the e mail address of ...

Page 121: ...have a large domain structure specifying very strict alert forwarding rules may flood F Secure Policy Manager console with alerts In addition you can configure the alert target by setting the policy variables under target specific branches For example F Secure Management Agent Settings Alerting F Secure Policy Manager Console Retry Send Interval specifies how often a host will attempt to send aler...

Page 122: ... Management Agent section When the F Secure Management Agent Configuration page opens click the Alert Forwarding button to open the F Secure Management Agent Configuration Alert Forwarding page Figure 4 5 F Secure Management Agent Configuration Alert Forwarding page You can specify where an alert is sent according to its severity level You can send an alert to any of the following F Secure Policy ...

Page 123: ...found a virus there is not enough disk space to do some operation and so on Alerts are displayed on the Alerts tab of the Properties pane When an alert is received Alert in the F Secure Policy Manager Console toolbar will light up To view the alerts click Alert The Alerts tab in the Properties pane will open Every received alert is displayed in the following format Informational and warning level ...

Page 124: ...ert Forwarding table under F Secure Management Agent Settings Alerting branch Warning Warning from the host Error Recoverable error on the host Fatal error Unrecoverable error on the host Security alert Virus or other security hazard detected Date Time Date and time of the alert Description Description of the problem Host User Name of the host and user where the alert originated Product The F Secu...

Page 125: ...s for Microsoft Exchange Settings 126 F Secure Anti Virus for Microsoft Exchange Statistics 184 F Secure Content Scanner Server Settings 193 F Secure Content Scanner Server Statistics 208 F Secure Automatic Update Agent Settings 212 F Secure Management Agent Settings 214 ...

Page 126: ...change and to connect to F Secure Web Club for support but you cannot change any settings with it 5 2 F Secure Anti Virus for Microsoft Exchange Settings In the centralized administration mode you can change settings and start operations using F Secure Policy Manager Console For more information see Using F Secure Policy Manager Console 74 Figure 5 1 F Secure Anti Virus for Microsoft Exchange sett...

Page 127: ...soft Exchange uses these settings when you manually process mailboxes and Public Folders For more information see Manual Processing 159 For more information on how to start the manual processing see Manually Processing Mailboxes and Public Folders 77 Scheduled Processing Change scheduled processing settings F Secure Anti Virus for Microsoft Exchange can process mailboxes and Public Folders at sche...

Page 128: ...k of the company Figure 5 2 Real Time Processing settings Reporting Change the address of the notification sender For more information see Reporting 182 Advanced Change mailbox and Public Folder polling intervals For more information see Advanced 182 Operations Reset Statistics Manual Scanning Use operations to reset F Secure Anti Virus for Microsoft Exchange statistics or manually scan mailboxes ...

Page 129: ...tent Blocking 145 Spam Control Change settings used when incoming messages are scanned for spam For more information see Spam Control Settings in Centrally Managed Environments 328 The Spam Control settings branch is displayed only if you have F Secure Spam Control installed Outbreak Management Change virus outbreak notification settings For more information see Outbreak Management 156 Internal Do...

Page 130: ...ious code Figure 5 3 Real Time Processing Virus Scanning settings Examine Attachments Specify which message attachments are checked for viruses All Attachments Scan all message attachments in e mail messages and public folder notes for malicious code All Attachments with Included Extensions Scan all attachments with extensions specified in the Included Extensions setting ...

Page 131: ...s of files that are not scanned if the Examine Attachments setting is set to All Attachments except Excluded Extensions You can modify Included Extensions and Excluded Extensions lists as needed Separate each extension by a space Wildcards and can be used To specify the files that have no extension type a dot Action On Infected Attachments Specify whether infected attachments should be disinfected...

Page 132: ...pped F Secure Anti Virus for Microsoft Exchange replaces it with the Virus Informational File Specify the text of the replacement file For more information about the variables you can use in the text see Variables in Warning Messages 364 Scan Message Body Specify whether the body of the e mail message should be scanned for malicious code By default F Secure Anti Virus for Microsoft Exchange scans ...

Page 133: ...hether you want to use Intelligent File Type Recognition or not By default Intelligent File Type Recognition is disabled during the real time processing Intelligent File Type Recognition strengthens the security you can block unsafe content that has a safe filename extension for example a Microsoft Word document using the rtf filename extension and you do not accidentally block safe content that h...

Page 134: ...134 Inbound Mail Figure 5 4 Real Time Processing Virus Scanning Inbound Mail settings ...

Page 135: ...ilboxes Keep all trusted mailboxes on a separate message store as messages are scanned always when they are sent to another store Stop the Whole Message if Infection Found Specify whether F Secure Anti Virus for Microsoft Exchange should stop inbound messages that contain malicious code By default F Secure Anti Virus for Microsoft Exchange does not stop these messages Yes Inbound messages with inf...

Page 136: ...rning Messages 364 Warning Message Specify the text of the warning message For more information about the variables you can use in the text see Variables in Warning Messages 364 Send Warning Message To Sender Specify whether a virus warning message should be sent to the sender of the mail message which had infected content If you want to add the warning message the original message is attached to ...

Page 137: ...ide the company domain For more information see Internal Domains 159 Proactive Virus Threat Detection Specify whether proactive virus threat detection is enabled or disabled Proactive virus threat detection can identify new and unknown e mail malware including viruses and worms When proactive virus threat detection is enabled the product analyzes inbound e mail messages for possible security threa...

Page 138: ...138 Outbound Figure 5 5 Real Time Processing Virus Scanning Outbound Mail settings ...

Page 139: ...o the sender if the Send Warning Message to Sender setting is set to Yes By default F Secure Anti Virus for Microsoft Exchange stops the whole message A note about MAPI clients If you set F Secure Anti Virus for Microsoft Exchange to disinfect infected files and to stop the whole message if an infection is found messages that are sent from MAPI clients are not stopped if they can be disinfected Me...

Page 140: ...bout the variables you can use in the subject line see Variables in Warning Messages 364 Warning Message Specify the text of the warning message For more information about the variables you can use in the text see Variables in Warning Messages 364 If the sender sends an infected message to internal and external recipients the sender can receive two warning messages about the same infection Add Dis...

Page 141: ...chments from Public Folder notes Proactive virus threat detection can identify new and unknown e mail malware including viruses and worms When proactive virus threat detection is enabled the product analyzes inbound e mail messages for possible security threats All possibly harmful messages are quarantined as unsafe Unsafe messages can be reprocessed periodically as antivirus updates may confirm t...

Page 142: ...142 Figure 5 6 Real Time Processing Virus Scanning Public Folders settings ...

Page 143: ...viruses if the Examine Public Folders setting is set to Process Only Included Folders Excluded Folders Specify Public Folders to be excluded from scanning if the Examine Public Folders setting is set to Process All except Excluded Folders To add Public Folders to Included Folders and Excluded Folders table click Add in the Editor pane of F Secure Policy Manager Console Double click the Folder Name...

Page 144: ...will be sent only if the originator of the note with the infected attachment belongs to an internal domain This means that no warnings will be sent outside the company Warning Subject Specify the subject of the virus warning message For more information about the variables you can use in the subject line see Variables in Warning Messages 364 Warning Message Specify the text of the warning message ...

Page 145: ...ccess scanning of messages Inbound Mail Inbound mail includes all e mail messages coming into the Microsoft Exchange Information Store from external sources such as an SMTP server It also includes all internal mail that someone inside the organization sends to another mailbox which is inside the organization For more information see Internal Domains 159 Inbound Mail settings consist of the followi...

Page 146: ...s Define attachments that should be stripped from inbound messages For more information see Stripping Attachments 147 Content Filtering Define how inbound content should be filtered based on keywords For more information see Content Filtering 151 Outbound Mail Outbound mail includes all e mail messages which leave the Microsoft Exchange Information Store and go out via SMTP Outbound Mail settings ...

Page 147: ...soft Exchange can strip attachments from mailboxes and Public Folders when you run the manual scan For more information see Manual Processing 159 For more information on how to run the manual scan see Manually Processing Mailboxes and Public Folders 77 Figure 5 8 The Stripping Attachments settings in On Access Inbound Mail and Outbound Mail branches Strip Attachments Specify which attachments shou...

Page 148: ...ting is set to All Disallowed Attachments You can modify Allowed Attachments and Disallowed Attachments lists as needed Separate each extension by a comma Wildcards and can be used To specify the files that have no extension type a dot Intelligent File Type Recognition Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use Intelli...

Page 149: ...inally had the stripped attachment During the on access scanning the informational message can be sent to the mailbox owner or to the originator of an infected message or an infected Public Folder note By default F Secure Anti Virus for Microsoft Exchange does not add the informational message Informational Subject Specify the subject of the informational message For more information about the var...

Page 150: ...nformation see Configuring Alert Forwarding 119 Send Informational Message To Sender Specify whether an informational message should be sent to the sender of the mail message which had the stripped attachment By default F Secure Anti Virus for Microsoft Exchange does not send informational message to the sender Informational Subject For Sender Specify the subject of the informational message For m...

Page 151: ...ext The informational message will be sent to the sender of the stripped attachment only if the sender belongs to the internal domain F Secure Anti Virus for Microsoft Exchange does not send the informational message outside the company domain For more information see Internal Domains 159 If a message contains some stripped and some disinfected content the message is considered to be infected In t...

Page 152: ...152 Figure 5 9 Real Time Processing Content Blocking Inbound Mail Content Filtering settings ...

Page 153: ...subjects are filtered out The action to take on these messages depends on the Action on Disallowed Content setting see below Disallowed Keywords in Message Text Specify disallowed keywords in message bodies When Content Filtering is enabled messages that have these keywords in the body text are filtered out Action on Disallowed Content Specify whether filtered messages should be quarantined or dro...

Page 154: ...disallowed content is an internal user This means that no informational messages will be sent outside the company Informational Subject for Recipient Specify the subject of the informational message For more information about the variables you can use in the subject line see Variables in Warning Messages 364 This setting exists in the Inbound Mail branch only Informational Message for Recipient Sp...

Page 155: ...rity alert to the administrator By default F Secure Anti Virus for Microsoft Exchange sends an informational alert to the administrator For more information see Configuring Alert Forwarding 119 F Secure Management Agent alert forwarding table controls where alerts with certain severity level will be sent Send Informational Message to Sender Specify whether an informational message should be sent t...

Page 156: ... 364 This setting exists in the Outbound Mail branch only Informational Message for Sender Specify the text of the informational message For more information about the variables you can use in the text see Variables in Warning Messages 364 This setting exists in the Outbound Mail branch only The informational message will be sent to the sender of the disallowed content only if the sender belongs t...

Page 157: ...should be found within the time period specified in the Notify When Number Of Infections Detected Within setting which should be considered as a virus outbreak Use the value zero 0 to disable the outbreak notification By default the outbreak notification is disabled 0 Notify When Number Of Infections Detected Within Specifies the outbreak notification time frame By default the time frame is 30 min...

Page 158: ...change does not send the outbreak notification Notification Addresses Specify the e mail addresses of the recipients who should receive the outbreak notification e mail Separate each address with a comma or space Notification Subject Specify the subject of the outbreak notification e mail message For more information about the variables you can use in the subject line see Variables in Warning Mess...

Page 159: ...ocess mailboxes and Public Folders see Manually Processing Mailboxes and Public Folders 77 Outbreak Handler Script Specify the pathname and filename of an external program or script that should be run when a virus outbreak is detected Use quotation marks if the path or the filename contains spaces for example C Program Files Example Outbreak Detected exe You can use the following environment varia...

Page 160: ...ally process mailboxes and Public Folders or just the messages that have not been processed yet For more information see Common 161 Mailboxes Specify manual mailbox processing settings For more information see Mailboxes 163 Public Folders Specify manual Public Folder processing settings For more information see Public Folders 169 ...

Page 161: ...Process all messages every time you run a manual scan Only Recent Messages Process only recent messages which have not been processed previously By default F Secure Anti Virus for Microsoft Exchange processes only recent messages You can process all messages for example after the F Secure Anti Virus for Microsoft Exchange virus definition database has been updated For more information see Updating...

Page 162: ...anner can have with F Secure Content Scanner Server By default F Secure Anti Virus for Microsoft Exchange uses two concurrent transactions with F Secure Content Scanner Server You can increase the performance on a multiprocessor system by increasing the number of concurrent transactions ...

Page 163: ...d be processed during the manual scanning Process Only Included Mailboxes Process all mailboxes specified in the Included Mailboxes setting Process All Except Excluded Mailboxes Process all mailboxes except those specified in the Excluded Mailboxes setting Process All Mailboxes Process all mailboxes Don t Process Mailboxes Do not process any mailboxes ...

Page 164: ...ame of the mailbox to be included Check the Inbox Outbox Sent Items and Deleted Items check boxes to include or exclude them from the scan The Others check box contains all other folders of the selected mailbox You can change whether folders should be included or excluded from the scan by double clicking the cell and selecting either Yes or No Attachments To Scan Specify which attachments should b...

Page 165: ...y the default set of Included and Excluded Extensions as needed Separate each extension by a space Wildcards and can be used To specify the files that have no extension type a dot Intelligent File Type Recognition Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real file t...

Page 166: ... infected attachments Send Warning Message To Mailbox Owner Specify whether a virus warning message should be sent to the mailbox owner of the mail message which had infected content If you want to add the warning message the original message is embedded in the virus warning message By default F Secure Anti Virus for Microsoft Exchange sends the warning message to mailbox owner Warning Subject Spe...

Page 167: ...ll infected and dropped files are deleted automatically By default F Secure Anti Virus for Microsoft Exchange places infected attachments in the Quarantine Scan Message Body Specify whether the body of the e mail message should be scanned for malicious code As some viruses can be carried inside a message body it is recommended to scan them Scanning message bodies can slow down the performance By d...

Page 168: ...sion without even scanning them for malicious code Using the variables under the Manual Scanning Mailboxes Stripping Attachments branch you can configure the options for stripping attachments during manual processing of the mailboxes Figure 5 14 Manual Processing Mailboxes Stripping Attachments settings For more information see Stripping Attachments 147 ...

Page 169: ...s settings Examine Public Folders Specify Public Folders that should be scanned for viruses Process Only Included Folders Process all notes posted to the Public Folders specified in the Included Folders setting Process All Except Excluded Folders Process all notes posted to all Public Folders except those specified in the Excluded Folders setting Process All Public Folders Process all notes posted...

Page 170: ...Folders setting is set to Scan Only Included Folders Excluded Folders Specify Public Folders to be excluded from scanning if the Examine Public Folders setting is set to Scan All Except Excluded Folders To add Public Folders to Included and Excluded Folders tables click Add in the Editor pane of F Secure Policy Manager Console Double click the Folder Name cell and enter the name and path of the Pu...

Page 171: ...with the extensions specified in the Excluded Extensions setting None Attachments will not be checked for malicious code By default F Secure Anti Virus for Microsoft Exchange scans all attachments Included Extensions Specify attachments that should be scanned if the Attachments To Scan setting is set to All Attachments with Included Extensions Excluded Extensions Specify extensions of files that a...

Page 172: ...be disinfected or dropped Disinfect Try to disinfect the infected attachment If the disinfection succeeds the recipient receives the disinfected file instead of the original one If the disinfection fails the infected attachment is dropped and it is not delivered to the recipient Action On Infected Attachments Drop Do not disinfect or deliver infected attachments All infected attachments are droppe...

Page 173: ...ttachments Specify whether infected attachments should be placed in the Quarantine or not Yes All infected and dropped attachments are placed in the Quarantine For more information see Quarantine 178 No All infected and dropped files are deleted automatically By default F Secure Anti Virus for Microsoft Exchange places infected attachments in the Quarantine Scan Message Body Specify whether the bo...

Page 174: ...task select it from the list and click Copy To edit a previously created task click Edit To remove the selected task from the list click Clear Row Click Clear Table to remove all tasks from the list Force Row enforces the current scheduled task to be active in all subdomains and hosts Force Table enforces all current scheduled tasks to be active in all subdomains and hosts For more information see...

Page 175: ...where F Secure Anti Virus for Microsoft Exchange should send files to be processed If you list more than one F Secure Content Scanner Server F Secure Anti Virus for Microsoft Exchange uses load sharing between them IMPORTANT This setting must be defined as Final with the Restriction Editor before the policies are distributed Otherwise the setting will not be changed in the product ...

Page 176: ...ning on the same host Enabled Data are transferred via local temporary files and or shared memory which provides the best performance possible Disabled Data are transferred via data stream sockets Usually you do not need to change this setting It is recommended to use the local interaction mode to obtain the optimum performance Max Size of Data Processed in Memory Specifies the maximum size in kil...

Page 177: ...rus for Microsoft Exchange automatically adjusts the access rights so that only the operating system and the local administrator can access files in the Working directory If you change this setting after the installation make sure that the new folder has secure access permissions Connection Timeout Specify the time interval in seconds how long F Secure Anti Virus for Microsoft Exchange should wait...

Page 178: ...178 5 2 5 Quarantine Figure 5 17 Quarantine settings ...

Page 179: ...he new location has secure access permissions Retain Items in Quarantine Specify how long quarantined e mails are stored in the Quarantine before they are deleted automatically The setting defines the default retention period for all Quarantine categories To change the retention period for different categories configure Quarantine Cleanup Exceptions settings Delete Old Items Every Specify how ofte...

Page 180: ...ld is Reached Specify the level of the alert that is sent to administrator when threshold levels are reached Quarantine Worms Specify if the product should quarantine mails infected with mass mail worms or viruses such as Netsky or Bagle Quarantine Problematic Mails Specify if mails that contain malformed or broken attachments should be quarantined for later analysis or recovery Released Quarantin...

Page 181: ...if the message is retained in the Quarantine after the maximum attempts Final Action on Unsafe Messages Specify the action to unsafe messages after the maximum number of reprocesses have been attempted Leave in Quarantine Leave messages in the Quarantine and process them manually Release to Intended Recipients Release messages from the Quarantine and send them to original recipients Quarantine Log...

Page 182: ... Advanced Figure 5 19 Advanced settings Notification sender address Specify the address used by F Secure Anti Virus Agent for Microsoft Exchange for sending warning and informational messages to the end users for example recipients senders and mailbox owners ...

Page 183: ...or Microsoft Exchange should check for newly established Public Folders You can disable the new mailbox polling by using the value 0 zero By default F Secure Anti Virus for Microsoft Exchange polls new folders every 1 hour Max Levels of Nested Messages Specify how many levels deep to scan in nested e mail messages A nested e mail message is a message that includes one or more e mail messages as at...

Page 184: ...Secure Anti Virus for Microsoft Exchange Operations branch Action on Mails with Exceeding Nesting Levels Specify the action to take on inbound e mail messages with nesting levels exceeding the upper level specified in the Max Levels of Nested Messages setting Drop E mail messages with exceeding nesting levels are not delivered to the recipient s The nested messages are quarantined if the Quarantin...

Page 185: ...istics have been reset 5 3 1 Common Figure 5 20 Common statistics Version Displays the F Secure Anti Virus for Microsoft Exchange version number Previous Reset of Statistics Displays the last date and time when the statistics were reset MIB Version Displays the MIB version number Installation Directory Displays the complete path where F Secure Anti Virus for Microsoft Exchange is installed Build D...

Page 186: ...F Secure Anti Virus for Microsoft Exchange is running started stopped or whether the current status of the agent is unknown Real Time Processing Displays the number of mailboxes and Public Folders that are protected in real time For more information see Real Time Processing 186 Manual Processing Displays the statistics of the last manual scan and attachment stripping For more information see Manua...

Page 187: ...s for Microsoft Exchange has detected within the last outbreak interval For more information see Outbreak Management 156 Inbound Mail Displays the real time inbound mail processing statistics See the following section for more information Outbound Mail Displays the real time outbound mail processing statistics See the following section for more information Public Folders Displays the real time Pub...

Page 188: ...c Folders statistics display statistics for processed Public Folder notes Figure 5 22 Inbound Mail Outbound Mail and Public Folders statistics Processed Messages Displays the total number of processed messages Infected Messages Displays the total number of messages that have been infected with malicious code Suspicious Messages Displays the number of messages that have not been scanned reliably Th...

Page 189: ...t contained disallowed keywords Last Infection Found Displays the name of the last virus found Last Time Infection Found Displays the date and time when the last infection was found Number of Spam Messages Displays the total number of inbound messages found to be spam This setting exists under the Inbound Mail branch only Size of Spam Messages Displays the total size in kilobytes of the inbound ma...

Page 190: ...cure Anti Virus for Microsoft Exchange processes during the manual processing Scanned Public Folders Displays the number of Public Folders that have been scanned Estimated Time Left Displays the estimated time left to finish the manual processing Elapsed Time Displays the time that has elapsed since the manual processing was started Mailboxes Displays the manual mailbox processing statistics See t...

Page 191: ...r of messages that have been infected with malicious code Suspicious Messages Displays the number of messages that have not been scanned reliably The message is considered to be suspicious if it is encrypted or it has been compressed with an unknown algorithm or there was a scanning problem when the message was being scanned Stripped Attachments Displays the number attachments that have been strip...

Page 192: ...g exists under the Public Folders branch only Total Number of Quarantined Items Displays the total number of items in the Quarantine E mail messages and infected suspicious and disallowed attachments are stored as separate items in the Quarantine storage For example if a message has 3 attachments and only one attachment is infected 2 items will be created in the Quarantine storage and both items h...

Page 193: ...us Scanning Specify the scanning engines to be used when F Secure Content Scanner Server scans files for viruses and the files that should be scanned For more information see Virus Scanning 196 Virus Statistics Specify the settings for the list of Most Active Viruses for more information see Virus Statistics 199 Database Updates Specify how you want to keep the virus definition databases up to dat...

Page 194: ...Detection Engine 204 Proxy Configuration Specify proxy server parameters that Content Scanner Server uses when it connects to the threat detection center For more information see Proxy Configuration 205 Advanced Specify the location and the minimum size of the Working directory For more information see Advanced 206 ...

Page 195: ... 0 0 the server responds to all IP addresses assigned to the host TCP Port Specifies the TCP port that the server listens for incoming requests The default port number is 18971 If you change this port number you must modify the connection settings of the client accordingly so that the client sends requests to the same port Accept Connections Specifies a comma separated list of IP addresses the ser...

Page 196: ...ltaneous connections the server can accept from a particular host Value zero 0 means no limit Send Content Timeout Specifies how long the server should wait before it timeouts on sending data to the client Receive Content Timeout Specifies how long the server should wait before it timeouts when receiving data from the client Keep Alive Timeout Specifies the length of time before the server closes ...

Page 197: ...tensions field and separate each extension with a space The Excluded extensions field supports and wildcards Scan Inside Archives Specify whether files inside compressed archive files should be scanned for viruses if they are not excluded from scanning Scanning inside archives takes time Disabling scanning inside archives improves performance but it also means that the network users need to use up...

Page 198: ...mount of nested archives exceeds the value specified in the Max Levels in Nested Archives the file is stopped if Treat as Unsafe is selected If Treat as Safe is selected the archive file is sent to the user Suspect Password Protected Archives Compressed archive files can be protected with passwords These archives can be opened only with a valid password so F Secure Content Scanner Server cannot sc...

Page 199: ...xtensions Inside Archives Enter all the extensions you want to scan inside archives Extensions Allowed in Password Protected Archives Define a space separated list of the file extensions allowed in password protected archives Wildcards can be used Example DO ML Max Scan Timeout Specify the maximum time that one scanning task can last The Max Scan Timeout is 10 minutes by default ...

Page 200: ...sible values are Top 5 Top 10 and Top 30 Send Statistics to F Secure World Map The product can collect and send statistics about viruses and other malware to the F Secure World Map service When the F Secure World Map support is enabled the product sends encrypted e mail reports periodically to the service These reports list only the name and the amount of found malware and they do not contain any ...

Page 201: ...r Port Specify the port of the mail transfer agent E mail Addresses for Unencrypted Reports Specify e mail addresses where the unencrypted report is sent Verify Integrity of Downloaded Databases Specify whether the product should verify that the downloaded virus definition databases are the original databases published by F Secure Corporation and that they have not been altered or corrupted in any...

Page 202: ...r F Secure Content Scanner Server should notify the administrator if virus definition databases have not been updated recently Notify When Databases Older Than Specify the time in days how old virus definition databases can be before F Secure Content Scanner Server sends the notification to the administrator ...

Page 203: ... messages will undergo spam analysis simultaneously The default value is 3 You might need to modify this setting if you enable Realtime Blackhole Lists DNSBL RBL for spam filtering For more information see Enabling Realtime Blackhole Lists 238 and Optimizing F Secure Spam Control Performance 240 The server must be restarted after this setting has been changed IMPORTANT Spam analysis is a processor...

Page 204: ...cify the maximum number of patterns to cache for spam detection service By default the cache size is 10000 cached patterns Increasing cache sizes may increase the threat detection performance but it requires more disk space and may degrade the threat detection rate Cache sizes can be disabled set the size to 0 for troubleshooting purposes Action on Connection Failure Specify the action for message...

Page 205: ...euristics Trusted Networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers and do not have open relays or open proxies Define the network as a network netmask pair 10 1 0 0 255 255 0 0 with the network nnn CIDR specification 10 1 0 0 16 or use wildcard to match any number and to define a range of numbers 172 16 1 172 16 4 10 110 ...

Page 206: ...n center 5 4 8 Advanced Figure 5 33 Advanced settings Use Proxy Server Specify whether F Secure Content Scanner Server uses a proxy server when it connects to the threat detection center Proxy Server Address Specify the address of the proxy server Proxy Server Port Specify the port number of the proxy server ...

Page 207: ...usted so that only the operating system and the local administrator can access files in the Working directory If you make changes to Working Directory settings make sure that the new directory has the same rights Working Directory Clean Interval Specify the time after which the inactive temporary files in the Working directory are deleted The default clean interval is 15 minutes Free Space Thresho...

Page 208: ...of F Secure Content Scanner Server installation directory 5 5 1 Server The Server branch contains the following information Version The version of the F Secure Content Scanner Server daemon Status The status of F Secure Content Scanner Server whether it has been started and it is running or it is stopped Start Time The date and time when the server was started Previous Reset of Statistics The date...

Page 209: ...st infection was found Name The name of the scan engine Version The version number of the scan engine Status The status of the scan engine whether it has been loaded and enabled is loaded but disabled has not been loaded at all or is malfunctioning Last Database Update The last date and time when virus definition database was taken into use for this scan engine Database Date The date the virus sig...

Page 210: ...this scan engine Disinfected Files Displays the number of files successfully disinfected by this scan engine Spam Scanner Version Displays the version and build number of the Spam Scanner Status Displays the status of the Spam Scanner Previous Reset of Statistics Displays when the Spam Scanner statistics were reset last time Database Version Displays the version of the database currently used by t...

Page 211: ...Statistics Number of Processed Messages Displays the total number of e mail messages that have been analyzed for spam Total Spam Statistics These statistics show how many mail messages have been identified with each spam confidence level rating Last Updated Displays the date and time when the virus statistics were updated last time Most Active Viruses Displays the list of most active viruses ...

Page 212: ...fy whether the product should check for a usable Internet connection before trying to connect to the Update Server HTTP settings Configure HTTP proxy settings If you use HTTP proxy all connections to the Update Server or F Secure Policy Manager Proxy go through the proxy If the HTTP proxy cannot be reached the product connects directly to the Update Server Use download schedule Specify whether you...

Page 213: ...lover time Define the failover time to connect to specified update servers If the product cannot connect to update servers during the specified time it retrieves the latest virus definition updates from F Secure Update Server if Allow fetching updates from F Secure Update Server is enabled Intermediate Server polling interval Define how often the product checks the virus definition database update...

Page 214: ...de Shows whether the host is stand alone or centrally administered Active Protocol Sets the active protocol Protocols A subdirectory containing the settings for the File Sharing and the HTTP protocol These settings should be carefully checked before distribution Errors can result in problems with communicating with the hosts Slow Connection Definition This setting can be used to disallow F Secure ...

Page 215: ... Interval Defines how often the host tries to fetch incoming packages such as Base Policy files or new virus signature databases from the F Secure Policy Manager Server Outgoing Packages Update Interval Defines how often the host tries to transmit to the administrator information that is periodically updated such as statistics Spool Time Limit The maximum time the host will store the information i...

Page 216: ...ION WITH WEB CONSOLE Overview 217 F Secure Anti Virus for Microsoft Exchange Settings 218 F Secure Content Scanner Server Settings 275 F Secure Automatic Update Agent Settings 298 F Secure Management Agent Settings 304 ...

Page 217: ... stand alone mode it can be administered with F Secure Anti Virus for Microsoft Exchange Web Console The Web Console is installed with F Secure Anti Virus for Microsoft Exchange To open the Web Console double click the F Secure Settings and Statistics icon in the Windows system tray and double click F Secure Anti Virus for Microsoft Exchange or select it from the Start menu Programs F Secure Anti ...

Page 218: ...oft Exchange Web Console to start and stop F Secure Anti Virus for Microsoft Exchange modify its settings edit scheduled tasks and start manual processing 6 2 1 Summary The Summary page displays the current status of the product and a summary of the most important product statistics Figure 6 1 Summary page ...

Page 219: ... the build number of installed F Secure Anti Virus for Microsoft Exchange Protected mailboxes Displays the number of currently protected mailboxes Protected public folders Displays the number of currently protected Public Folders Infections found Displays the number of infections found Infections found within outbreak interval Displays the number of infections that have been found within the curre...

Page 220: ... to be checked for malicious code Figure 6 2 Virus Scanning Statistics page Statistics Infections found Displays the total number of infections found Infections found within outbreak interval Displays the number of infections that have been found during the currently defined outbreak interval Last time infection found Displays the date and time when the last infection was found ...

Page 221: ...d attachments Infected Displays the number of attachments that have been infected with malicious code Suspicious Displays the number of stripped messages and messages that have not been scanned reliably The message is considered to be suspicious if it is encrypted or it has been compressed with an unknown algorithm or there was a scanning problem when the message was being scanned ...

Page 222: ... Edit the Virus Scanning Common settings to specify which messages should be scanned for malicious code Figure 6 3 Virus Scanning Common settings Note that you may have to scroll the page to view all the settings ...

Page 223: ...ilename extensions You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes Separate the extensions by spaces Scan mail message body Specify whether the body of the e mail message should be scanned for malicious code By default F Secure Anti Virus for Microsoft Exchange scans message bodies Although scanning message bodies can slow down the...

Page 224: ... safe content that has unsafe filename extension for example a text file using the doc filename extension Intelligent File Type Recognition can degrade the system performance Max level of nested messages Set the maximum number of levels of messages inside messages that F Secure Anti Virus for Microsoft Exchange should scan If the number of levels exceeds the specified limit F Secure Anti Virus for...

Page 225: ...d messages are quarantined if the Quarantine Problematic Mails setting on the General Quarantine page is set to Yes Pass Through Nested e mail messages will be scanned up to level specified in the Max Levels of Nested Messages setting and then delivered to the recipient s Quarantine infected attachments Specify whether infected attachments should be placed in the Quarantine or not For more informa...

Page 226: ... is found and to specify the trusted mailboxes and the warning messages for infected inbound mails These settings are specific to the mails that are destined to the internal domains defined under the General Internal Domains branch For more information see Internal Domains 273 Figure 6 4 Real Time Scanning Inbound Mail settings ...

Page 227: ...ng Message to Sender setting enabled When this setting is enabled all messages are scanned when they enter the system The clean messages will be delivered to the mailbox server where they will be scanned again On the other hand enabling this setting reduces internal network traffic because infected messages are stopped before they enter the system Trusted mailboxes Trusted mailboxes Define users m...

Page 228: ...y are sent to another store Notification message options Add warning message to the original message Specify whether a virus warning message should be added to the mail message which had infected content and which goes to the original message recipient If you want to add the warning message the original message is embedded in the virus warning message without the infected attachment Click Edit to ...

Page 229: ...ed content By default F Secure Anti Virus for Microsoft Exchange does not send the virus warning message to the sender The virus warning message will be sent to the sender of the infected message only if the sender belongs to the internal domain F Secure Anti Virus for Microsoft Exchange does not send the warning message outside the company domain ...

Page 230: ...it Virus Scanning Outbound Mail real time processing settings to define what should be done to infected outbound messages and set warning messages to infected outbound mails Figure 6 5 Virus Scanning Outbound Mail settings ...

Page 231: ...Microsoft Exchange to disinfect infected files and stop the whole message if an infection is found messages are not stopped if they are send from a MAPI client if they can be disinfected Messages are scanned and disinfected when they are in the Outbox When a message leaves the Outbox folder it does not contain malicious code anymore so it is not stopped Notifications Send warning message to sender...

Page 232: ...ode and to set warning messages to infected Public Folder notes Figure 6 6 Virus Scanning Public Folders settings Add disclaimer to all outgoing messages Specify whether you want to add a disclaimer to all outgoing messages Click Edit to edit the disclaimer text By default F Secure Anti Virus for Microsoft Exchange adds a disclaimer ...

Page 233: ...d Public Folders from the list Examine public folders Examine public folders Specify public folders that should be scanned for viruses Do not scan public folders Do not process any Public Folders Scan all public folders Process all notes posted to all Public Folders Scan only included public folders Process all notes posted to the listed Public Folders Scan all except excluded public folders Proce...

Page 234: ...xceeds a specified value Notifications Send warning message to originator Specify whether a virus warning message should be sent to the original writer of the note which had infected content that could not be disinfected Click Edit to edit the warning message By default F Secure Anti Virus for Microsoft Exchange sends the virus warning message to the originator ...

Page 235: ...r of infected objects that should be found within a specified time period for it to be considered as a virus outbreak Use the value zero 0 to disable the outbreak notification By default the outbreak notification is disabled 0 Action Send security alert to the administrator Specify whether a security alert should be sent to the administrator when a virus outbreak is detected ...

Page 236: ...c folders Send outbreak notification message Specify whether outbreak notification e mail should be sent to the notification addresses specified in the Notification Addresses setting when a virus outbreak is detected By default F Secure Anti Virus for Microsoft Exchange does not send the outbreak notification Click Edit to edit the outbreak notification message Run outbreak handler script Specify ...

Page 237: ...dit On Access stripping attachments settings to set which attachments should be stripped during the on access scanning Statistics Attachments stripped Displays the number of stripped attachments in inbound mail outbound mail and public folders Note that you have to scroll the page to view all the settings ...

Page 238: ...ments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments except these allowed Strip all except specified attachments Strip only these disallowed attachments Strip only specified attachments ...

Page 239: ...d attachment Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quarantine For more information see Quarantine 257 Drop attachment All stripped attachments are deleted automatically By default F Secure Anti Virus for Microsoft Exchange quarantines stripped attachments Add informational...

Page 240: ...re Anti Virus for Microsoft Exchange does not send an informational message to the sender Notify administrator Specify whether the administrator should be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning alert Send a war...

Page 241: ...pping Attachments Inbound Mail settings to specify which attachments should be stripped from the inbound mail For settings descriptions see below Figure 6 10 Stripping Attachments Inbound Mail settings Note that you may have to scroll the page to view all the settings ...

Page 242: ...types on the extensions lists by typing the file extensions in the file extensions text boxes Separate the extensions by spaces Enable File Type Recognition Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the atta...

Page 243: ...ld be excluded from real time content filtering and attachment stripping Trusted mailbox feature works only for messages that are sent directly to an address defined as trusted mailbox If the message has multiple recipients and some of them are defined on the Trusted mailboxes list but some are not the message will be scanned Action on stripped attachment Action on stripped attachment Specify whet...

Page 244: ... to sender Specify whether an informational message should be sent to the sender of the mail message which had the stripped attachment Click Edit to edit the warning message that is sent to the sender of the mail message which contained the stripped attachment By default F Secure Anti Virus for Microsoft Exchange does not send an informational message to the sender Notify administrator Specify whe...

Page 245: ...s see Inbound Mail 241 Send security alert Send a security alert to the administrator By default F Secure Anti Virus for Microsoft Exchange sends an informational alert to the administrator For more information see Configuring Alert Forwarding 119 F Secure Management Agent alert forwarding table controls where alerts with certain severity level will be sent Note that you have to scroll the page to...

Page 246: ...e Content Filtering settings specify how content should be filtered based on keywords found in message subject and content The Spam Control settings are also located under the Content Filtering branch but they are displayed only if you have installed F Secure Spam Control with the product ...

Page 247: ... total number of spam messages that have been found Size of spam messages Displays the total size of spam messages that have been found Filtered inbound messages Displays the total number of inbound messages that have been filtered Filtered outbound messages Displays the total number of outbound messages that have been filtered ...

Page 248: ...l settings see Spam Control Settings in Web Console 331 Inbound Mail Edit Content Filtering Inbound Mail settings to define how content should be filtered in the inbound mail based on keywords in message subjects and text For settings descriptions see below ...

Page 249: ...d messages is filtered based on the subjects and texts of the messages as defined on this tab List of disallowed keywords in message subject Lists the keywords that are not allowed in message subject and that are used as filtering criteria List of disallowed keywords in message text Lists the keywords that are not allowed in message text and that are used as filtering criteria ...

Page 250: ...add new disallowed keywords or remove keywords from the list Select the checkbox in the column to mark the entries that you want to remove Click Clear to remove the selected entries from the list Trusted mailboxes Trusted mailboxes Define users mailboxes that should be excluded from real time content filtering and attachment stripping Trusted mailbox feature works only for messages that are sent d...

Page 251: ... content Quarantine message The filtered message is placed in the Quarantine Drop message The filtered message will be deleted automatically Send informational message to recipient Specify whether a warning message will be sent to the recipient of the disallowed content that has been filtered The warning message will be sent only if the recipient of the message with the disallowed content is a use...

Page 252: ...t For settings descriptions see Inbound Mail 248 Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning alert Send a warning alert to the administrator Send security alert Send a security alert to the administrator F Secure Management Agent alert forwarding table controls where alerts with certain sever...

Page 253: ...CHAPTER6 253 Administration with Web Console Figure 6 14 Content Filtering Outbound Mail settings 6 2 5 Manual Scanning You can process mailboxes and public folders manually as needed ...

Page 254: ...254 Figure 6 15 Manual Processing page ...

Page 255: ...ng Elapsed time Displays the time that has elapsed since the manual processing was started Processed number mailboxes Displays the number of mailboxes that have been processed out of the total number of mailboxes Last processed mailbox Displays the mailbox that is currently being processed Processed number public folders Displays the number of public folders that have been processed out of the tot...

Page 256: ...duled Scan Tasks Figure 6 16 Scheduled Processing page Editing Scheduled Tasks The Scheduled tasks table displays all scheduled tasks and the date and time when the next scheduled task occurs for the next time ...

Page 257: ...uarantine Quarantine in F Secure Anti Virus for Microsoft Exchange is handled through a SQL database The product is able to quarantine e mails and attachments which contain malicious or otherwise unwanted content such as spam messages The Quarantine management is divided into two different parts Quarantine related configuration and the management of the quarantined content for example searching fo...

Page 258: ...258 Quarantine Thresholds Figure 6 17 Quarantine thresholds settings ...

Page 259: ...d disallowed attachments are stored and counted as separate items in the Quarantine storage For example if a message has three attachments and only one of them has been found infected two items will be created in the Quarantine storage These items still have the same Quarantine ID in the Quarantine database Quarantine size threshold Specify the critical size in megabytes of the quarantine folder I...

Page 260: ...o the intended recipients For more information see Reprocessing the Quarantined Content 318 Notify when quarantine threshold is reached Specify how the administrator should be notified when the Quarantine Size Threshold and or Quarantined Items Threshold are reached No alert is sent if both thresholds are set to zero 0 The options available are ...

Page 261: ...at are retained in the Quarantine Set the value to Disabled to keep all unsafe to process unsafe messages manually Max attempts to process unsafe messages Specify how many times the product tries to reprocess unsafe messages that are retained in the Quarantine Use the Final Action on Unsafe Messages setting to specify the action that takes place if the message is retained in the Quarantine after t...

Page 262: ...ions table to change the retention period for a particular Quarantine category Delete old items every Specify how often the storage should be cleaned of old quarantined items Use the Quarantine Cleanup Exceptions table to change the cleanup interval for a particular Quarantine category Exceptions Specify separate quarantine retention period and cleanup interval for each Quarantine category If rete...

Page 263: ...afe Retention period Specify an exception to the default retention period for the selected Quarantine category Cleanup interval Specify an exception to the default cleanup interval for the selected Quarantine category Send informational alert Send warning alert Send error alert Send security alert ...

Page 264: ...rectory Specify the path for Quarantine log files Rotate quarantine logs Specify how often the product rotates Quarantine log files At the end of each rotation time a new log file is created Keep rotated quarantine logs Specify how many rotated log flies should be stored in the Quarantine ...

Page 265: ...iles infected with mass worms or mail viruses such as Sobig or Bagle Quarantine problematic messages Specify if messages that contain malformed or broken attachments should be quarantined for later analysis or recovery This setting works together with the Security Options Action on Malformed Mails setting in the inbound and outbound mail settings ...

Page 266: ...d and from which it is retrieved Quarantine database SQL server name The name of the SQL server where the database is located Database name The name of the Quarantine database The default name is FSMSE_Quarantine User name The user name the product uses when accessing the database Password The password the product uses when accessing the database ...

Page 267: ...hanges to the Quarantine storage settings make sure that the new directory has the same rights IMPORTANT This setting must be defined as Final with the Restriction Editor before the policies are distributed Otherwise the setting will not be changed in the product Make sure that F Secure Anti Virus for Microsoft Exchange service has write access to this directory Adjust the access rights to the dir...

Page 268: ...umber of times to try to send a message if sending it fails Mail sending timeout Specify the number of seconds to wait to try sending a message Scanning Interface Parameters Number of scanning threads Specify the maximum number of scans to be run simultaneously When the upper limit of simultaneous scanning threads is reached messages are queued until a thread is finished ...

Page 269: ...t F Secure Anti Virus for Microsoft Exchange polls new mailboxes every 60 minutes New Public Folder polling interval Specify how often F Secure Anti Virus for Microsoft Exchange should check for newly established Public Folders You can disable the new mailbox polling by using the value 0 zero By default F Secure Anti Virus for Microsoft Exchange polls new folders every 60 minutes Message scan time...

Page 270: ... settings to configure the connection between F Secure Anti Virus for Microsoft Exchange and F Secure Content Scanner Server Figure 6 22 Advanced Scanning Servers settings Note that you may have to scroll the page to view all the settings ...

Page 271: ...s load sharing between them Backup Content Scanner Servers Specify F Secure Content Scanner Servers that act as backup servers for primary servers If F Secure Anti Virus for Microsoft Exchange cannot contact primary F Secure Content Scanner Servers it interacts with backup servers Connection timeout Enter the time interval in seconds that specifies how long F Secure Anti Virus for Microsoft Exchan...

Page 272: ... interaction mode is disabled data is transferred via data stream sockets It is recommended to use the local interaction mode to obtain the optimum performance Maximum shared memory data size Specify the maximum size of data to be transferred between the Anti Virus Agent and the F Secure Content Scanner Server via shared memory By default the maximum size is 1024 kilobytes When the amount of data ...

Page 273: ... can use wildcard for example example com Working directory Specify the name and location of the Working directory where temporary files are placed During the installation F Secure Anti Virus for Microsoft Exchange automatically adjusts the access rights so that only the operating system and the local administrator can access files in the Working directory If you change this setting after the inst...

Page 274: ...l and Content Filtering Inbound Mail settings Editing Internal Domain Addresses To add a new domain name to the list click Add You can use wildcard For example example com To import a list of domain addresses from a CSV file click Import To delete a domain name from the list click on column to select addresses that you want to delete Click Clear to delete the currently marked addresses permanently...

Page 275: ...oduct is installed in the centralized administration mode you cannot change any settings from the F Secure Anti Virus for Microsoft Exchange Web Console and should use F Secure Policy Manager Console instead 6 3 1 Summary You can see the current status of the F Secure Content Scanner Server and virus and spam scanner statistics under the Summary branch Status You can see the statistics of all viru...

Page 276: ...splays the current version number and build of F Secure Content Scanner Server Start time Displays the start date and time of F Secure Content Scanner Server Scanned files Displays how many files have been scanned since the last reset Last database update Displays the last date and time when virus definition databases were updated ...

Page 277: ...n the Summary Virus Statistics page in F Secure Anti Virus for Microsoft Exchange Web Console Database Update Version Displays the version of the virus definition database update The version is shown in YYYY MM DD_NN format where YYYY MM DD is the release date of the update and NN is the number of the update for that day Last infection found Displays the name of the last virus that was found Last ...

Page 278: ...often found viruses during the specified time period It also displays the number of times each virus has been found and the percentage that each virus represents of the total number of viruses encountered Click Configure to specify the statistics you want to view Time period Specify the number of days from which the virus information is displayed ...

Page 279: ...orld Map support is enabled the product sends encrypted e mail reports periodically to the service These reports list only the name and the amount of found malware and they do not contain any sensitive information such as IP or e mail addresses or user names You can also forward unencrypted reports to a configurable e mail address and use the same statistics for your own internal purposes MTA IP a...

Page 280: ... and build number of the F Secure Spam Scanner Status Shows the status of the F Secure Spam Scanner The possible statuses are Unknown or not installed This status might be displayed right after installation when the product statistics are not yet updated or if the F Secure Spam Scanner is not installed ...

Page 281: ...gine should be disabled for troubleshooting purposes only Loaded and enabled This status is normally shown for the scan engine It means that the engine has been loaded and will be used for scanning Database version Shows the version of the database currently used by the F Secure Spam Scanner Last database update Shows the date and time when the F Secure Spam Scanner database was last updated Numbe...

Page 282: ...istrator if it detects that virus and or spam definition databases are outdated You can change the notification and other database updates settings on the Updates page For more information about virus definition database updates see Updating Virus and Spam Definition Databases 340 ...

Page 283: ...ion databases are the original databases published by F Secure Corporation and that they have not been altered or corrupted in any way before taking them to use Notify when databases become old Specify what kind of an alert F Secure Content Scanner Server should send to the administrator when virus definition databases are not up to date Send informational alert Send an informational alert to the ...

Page 284: ...ates on the Scan Engines page Send warning alert Send a warning alert to the administrator Send security alert Send a security alert to the administrator Do not notify Do not send any notification to the administrator Notify when databases older than Specify when virus definition databases are outdated If databases are older than the specified amount of days F Secure Content Scanner Server sends a...

Page 285: ...Scan engines Scan Engine Displays the name of the scan engine Version Displays the version number of the scan engine Database Date Displays the date of the currently used virus definition database Last Updated Displays the last date when the virus definition database was updated ...

Page 286: ... page Figure 6 29 Scan Engines Properties page Note that you have to scroll the page to view all the settings Scan engine Number of processed files Displays the number of files the selected scan engine has scanned Number of files found infected Displays the number of infected files the selected scan engine has found ...

Page 287: ...atabase date Displays the date of the currently used virus definition database for the selected scan engine Last database update Displays the last date when the virus definition database was updated Last infection found Displays the name of the latest infection that was found with the selected scan engine Last time infection found Displays the date and time of the last infection Engine excluded ex...

Page 288: ...for spam detection service By default the cache size is 10000 cached patterns Increasing cache sizes may increase the threat detection performance but it requires more disk space and may degrade the threat detection rate Cache sizes can be disabled set the size to 0 for troubleshooting purposes Advanced Action on connection failure Specify the action for messages when the threat detection center c...

Page 289: ...g it for spam Heuristic Scanning F Secure Content Scanner Server checks the message using spam heuristics Trusted networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers and do not have open relays or open proxies Define the network as a network netmask pair 10 1 0 0 255 255 0 0 with the network nnn CIDR specification 10 1 0 0 16 or use wil...

Page 290: ...n center Proxy server address Specify the address of the proxy server Proxy server port Specify the port number of the proxy server Authentication method Specify the authentication method to use to authenticate to the proxy server NoAuth The proxy server does not require authentication Basic The proxy uses the basic authentication scheme NTLM The proxy uses NTLM authentication scheme ...

Page 291: ...ation with Web Console User name Specify the user name for the proxy server authentication Password Specify the password for the proxy server authentication Domain Specify the domain name for the proxy server authentication ...

Page 292: ...canning F Secure Content Scanner Server can scan files inside archives You can change the archive scanning and other advanced settings in the Virus Scanning Archive Scanning page Figure 6 32 Archive Scanning settings page ...

Page 293: ...at archives with more nested levels than you have set above as safe or unsafe Treat as safe Archives are scanned to the specified level and allowed through if no infections are found Treat as unsafe Archives with exceeding nested levels are always quarantined Suspect password protected archives Password protected archives cannot be scanned Select whether to treat them as safe or unsafe As password...

Page 294: ... archive suspicious and corresponding action will be taken Scan these extensions in archive files Specify files that are scanned inside archives Click Modify to edit the list of extensions you want to scan inside archives Extensions allowed in password protected archives Specify a space separated list of the file extensions allowed in password protected archives Wildcards can be used Example DO ML...

Page 295: ... are stored Figure 6 33 Advanced settings Advanced Working directory Specify the working directory Enter the complete path to the field or click Browse to browse to the path you want to set as the new working directory Working directory clean interval Specify how often the working directory is cleaned of all files that may be left there By default files are cleaned every 30 minutes ...

Page 296: ... the number of Spam Scanner instances to be created and used for spam analysis As one instance of the spam scanner is capable of processing one mail message at a time this setting defines how many messages will undergo spam analysis simultaneously The default value is 3 You might need to modify this setting if you enable Realtime Blackhole Lists DNSBL RBL for spam filtering The server must be rest...

Page 297: ...ange Figure 6 34 Interface settings Service connections IP address Specify the IP address that F Secure Content Scanner Server listens to If you do not assign any IP address 0 0 0 0 F Secure Content Scanner Server responds to all connections TCP port Specify the port number that F Secure Content Scanner Server listens for incoming connections By default the port number is 18971 ...

Page 298: ...aneous connections that F Secure Content Scanner Server accepts If you do not want to limit the number of connections set the value to 0 Limit max connections per host to Specify the maximum number of simultaneous connections per client that F Secure Content Scanner Server accepts If you do not want to limit the number of connections per client set the value to 0 Send content timeout Specify how l...

Page 299: ...tic Update Agent Channel name Displays the channel from where the updates are downloaded Channel address Displays the address of the Automatic Updates Server Latest installed update Displays the version and name of the latest installed update Last check time Displays the date and time when the last update check was done Last check result Displays the result of the last update check ...

Page 300: ...uccessful update check was done Current HTTP proxy Displays the address of the HTTP proxy that is currently used Current Policy Manager proxy Displays the address of the F Secure Policy Manager proxy that is currently used Title Displays the title of the downloaded package Download time Displays the download date and time Size Displays the size of the downloaded package ...

Page 301: ...gure the Download options on the Downloads page Updates TItle Displays the title of the downloaded package Installation time Displays the date and time when the update was installed Result Displays the installation status Enable automatic updates Select whether automatic updates are enabled or disabled ...

Page 302: ...e Internet Detect connections Detect when the computer is connected to the Internet Detect traffic Assume that there is an Internet connection when the product detects any traffic Use HTTP proxy Select whether HTTP proxy should be used No HTTP proxy is not used From browser settings Use the same HTTP proxy settings as the web browser User defined Define the HTTP proxy User defined proxy Define the...

Page 303: ...failover time Define in hours the failover time to connect to specified update servers Server polling interval Define in minutes how often the product checks F Secure Policy Manager Proxies for new updates Allow fetching updates from F Secure Update Server Enable the product to download virus definition updates from F Secure Update Server when it cannot connect to specified update servers ...

Page 304: ...s and provides a common interface for all F Secure applications and operates within the policy based management infrastructure You can access F Secure Management Agent settings from F Secure Anti Virus for Microsoft Exchange Web Console Home page by clicking the Configure button in the F Secure Management Agent section Note that you may have to scroll the page to view all the settings ...

Page 305: ...n page Status The Status section displays detailed information on the host for example the DNS and WINS names and the IP address In addition it displays the date and time when the policy file that is currently in use was issued and the date and time when the host connected to the server last time ...

Page 306: ...n directory hierarchy This must be specified as a UNC path for example server commdir Do not use mapped drive letters for example S commdir User account The user account that is used for accessing the shared directory Password The password of the account that is used for accessing the shared directory Stand alone Select Stand alone if you have use F Secure Anti Virus for Exchange Web Console to ad...

Page 307: ... Query Results Page 314 Viewing Details of a Quarantined Message 316 Reprocessing the Quarantined Content 318 Releasing the Quarantined Content 319 Removing the Quarantined Content 321 Deleting Old Quarantined Content Automatically 321 Quarantine Logging 322 Quarantine Statistics 323 Moving the Quarantine Storage 324 ...

Page 308: ...ance Critical Installation 28 and Microsoft Exchange Cluster Environment 30 The quarantine consists of Quarantine database Quarantine storage Quarantine Database The quarantine database contains information about the quarantined messages If there are several F Secure Anti Virus for Microsoft Exchange installations in the network they can either have their own quarantine databases or they can use a...

Page 309: ...tore Messages and attachments that are infected and cannot be automatically disinfected Infected Suspicious content for example password protected archives nested archives and malformed messages Suspicious Messages and attachments that have been blocked by their filename or filename extension Disallowed Messages that are considered spam Spam Files that could not be scanned for example severely cor...

Page 310: ...ngs Quarantine branch For more information see Quarantine 178 The actual quarantine management is done through F Secure Anti Virus for Microsoft Exchange Web Console 7 3 Searching the Quarantined Content You can search the quarantined content on the F Secure Anti Virus for Microsoft Exchange Quarantine page in the Web Console Figure 7 1 Quarantine query options ...

Page 311: ...specify the Message ID and the Sender host of the quarantined mail Mails and attachments Search for both quarantined mails and attachments Reason Select the quarantining reason from the drop down menu For more information see Quarantine Reasons 309 Reason details Specify details about the scanning or processing results that caused the message to be quarantined For Example The message is classified...

Page 312: ...tion is progressing The options available are Unprocessed e mails Displays only e mails that the administrator has not set to be released reprocessed or deleted E mails to be released Displays only e mails that are currently set to be released but have not been released yet E mails to be reprocessed Displays only e mails that are currently set to be reprocessed but have not been reprocessed yet E ...

Page 313: ...onth day hour minute when the data has been quarantined Sort Results Specify how the search results are sorted by selecting one of the options in the Sort Results by drop down menu based on Date Sender Recipients Subject or Reason Display Select how many items you want to view per page Wildcard Explanation Any string of zero or more characters _ underscore Any single character Any single character...

Page 314: ...more information see Viewing Details of a Quarantined Message 316 The Query Results page displays status icons of the content that was found in the search Icon E mail status Quarantined e mail The administrator has not specified any actions to be taken on this e mail Quarantined e mail with attachments The administrator has not specified any actions to be taken on this e mail Quarantined e mail th...

Page 315: ...g the Quarantined Content 319 Click Delete to delete the currently selected e mail from the quarantine or click Delete All to delete all e mail messages that were found For more information see Removing the Quarantined Content 321 Quarantined e mail that the administrator has set to be reprocessed The reprocessing operation has not been completed yet Quarantined e mail that the administrator has s...

Page 316: ...the currently selected e mail from the quarantine or click Delete All to delete all e mail messages that were found For more information see Removing the Quarantined Content 321 7 5 Viewing Details of a Quarantined Message To view the details of a quarantined message do the following 1 On the Query Search Results page click the Quarantine ID QID number link in the QID column 2 The Quarantined Cont...

Page 317: ...tine Processing server The F Secure Anti Virus for Microsoft Exchange server that processed the message Sender The address of the message sender Recipients The addresses of all the message recipients Sender host The address of the sender mail server or client Subject The message subject Message size The size of the quarantined message Quarantine reason The reason why the content was quarantined Cl...

Page 318: ...e of the attachment Attachment size The size of the attachment file Quarantine reason The reason why the content was quarantined Click Download to download the quarantined attachment to your computer to check it 7 6 Reprocessing the Quarantined Content When quarantined content is reprocessed it is scanned again and if it is found clean it is sent to the intended recipients For example if some cont...

Page 319: ...that have been reprocessed and found clean are delivered to the intended recipients They are also automatically deleted from the quarantine The progress of the reprocessing operation is displayed in the Web Console 7 7 Releasing the Quarantined Content When quarantined content is released it is sent to the intended recipients without any further processing You might need to do this for example to ...

Page 320: ... The Release Quarantined Content dialog opens 5 Specify whether you want to release the content to the original recipient or specify an address where the content is to be forwarded 6 Specify what happens to the quarantined content after it has been released by selecting one of the Action after release options Leave in the quarantine Delete from quarantine 7 Click Release The content is now deliver...

Page 321: ... messages that have been classified as spam Click the Delete All button to delete all the displayed quarantined content 5 You are prompted to confirm the deletion Click OK The content is now removed from the quarantine 7 9 Deleting Old Quarantined Content Automatically Quarantined content is deleted automatically based on the Quarantine Retention and Cleanup settings on the Quarantine Options page...

Page 322: ...e Retention Period column 5 Specify a cleanup interval that is shorter than the default value for example 30 minutes in the Cleanup Interval column 6 Enable the exception you just created by selecting the Enabled check box 7 Click Apply 7 10 Quarantine Logging To view the Quarantine Log open the F Secure Anti Virus for Microsoft Exchange tab in the Web Console and go to the Quarantine page Then cl...

Page 323: ...ntine Figure 7 4 Quarantine Statistics page E mail messages and infected suspicious and disallowed attachments are stored and counted as separate items in the quarantine storage For example if a message has three attachments and only one of them has been found infected two items will be created in the quarantine storage These items still have the same quarantine ID in the quarantine database ...

Page 324: ...nformation In the following example the Quarantine storage is moved from C Program Files F Secure Quarantine Manager quarantine to D Quarantine 1 Stop F Secure Quarantine Manager service to prevent any quarantine operations while you move the location of the Quarantine storage Run the following command from the command prompt net stop F Secure Quarantine Manager 2 Run the following command from th...

Page 325: ...ermissions page select Administrators have full access other users have read only access Note that the Quarantine storage has file directory security permissions set only for the SYSTEM and Administrators group f Click Finish 4 Change the location of the Quarantine storage from the F Secure Policy Manager Console F Secure Anti Virus for Exchange Settings Quarantine Quarantine Storage or F Secure A...

Page 326: ...326 8 ADMINISTERING F SECURE SPAM CONTROL Overview 327 Spam Control Settings in Centrally Managed Environments 328 Spam Control Settings in Web Console 331 Realtime Blackhole List Configuration 336 ...

Page 327: ... installed on the same computer as F Secure Spam Control Database updates are digitally signed for maximum security and you can use only these updates for updating the F Secure Spam Control spam definition databases In Microsoft Exchange 2003 environment the Microsoft Exchange server can move messages to the Junk mail folder based on the spam confidence level value This feature is available immedi...

Page 328: ...stalled with the product Otherwise they will be ignored Figure 8 1 Spam Control settings in a centrally managed environment Spam filtering Specify whether inbound mails should be scanned for spam Realtime Blackhole List RBL spam filtering is not enabled by default even if you enable spam filtering from the settings For information on configuring Realtime Blackhole Lists see Realtime Blackhole List...

Page 329: ...s may be falsely identified as spam Increasing the level allows more spam to pass but a smaller number of regular e mail messages are falsely identified as spam For example if the spam filtering level is set to 3 more spam is filtered but also more regular mails may be falsely identified as spam If the spam filtering level is set to 7 more spam may pass undetected but a smaller number of regular m...

Page 330: ...fy if the summary of triggered hits will be added to the mail as X Spam Status header in the following format X Spam Status flag hits scr required sfl tests tests where flag is Yes or No scr is the spam confidence rating returned by the spam scanner sfl is the current spam filtering level tests is the comma separated list of tests run against the mail Example X Spam Status Yes hits 8 required 5 te...

Page 331: ...red Modify spam message subject Specify if the product modifies the subject of mail messages considered spam Add this text to spam message subject Specifies the text that will be added in the beginning of the subject of an e mail considered spam Max message size Specify the maximum size of mail messages to be scanned for spam If the size of a mail message exceeds the specified maximum size spam fi...

Page 332: ...ault even if you enable spam filtering from the settings For information on configuring Realtime Blackhole Lists see Realtime Blackhole List Configuration 336 Enable heuristic spam analysis Specify whether heuristic spam analysis is used to filter inbound mails for spam When the heuristic spam analysis is enabled all messages that the threat detection engine does not classify as spam are further a...

Page 333: ...also more regular mails may be falsely identified as spam If the spam filtering level is set to 7 more spam will pass undetected but a smaller number of regular mails will be falsely identified as spam The allowed values are from 1 to 9 The spam levels are determined by calculating points for each e mail The spam scanning involves a large number of different rules which give each e mail different ...

Page 334: ...pam NO the mail is not considered spam Example X Spam Flag YES Add X Header with summary Specify if the summary of triggered hits will be added to the mail as X Spam Status header in the following format X Spam Status flag hits scr required sfl tests tests where flag is Yes or No scr is the spam confidence rating returned by the spam scanner sfl is the current spam filtering level tests is the com...

Page 335: ...essage subject Specify the text that will be added in the beginning of the subject of an e mail considered spam Maximum message size to process for spam Specify the maximum size of mail messages to be scanned for spam If the size of a mail message exceeds the specified maximum size spam filtering for this mail will be omitted Since all spam messages are relatively small in size it is recommended t...

Page 336: ...ver should be configured to allow recursive DNS queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the host where F Secure Spam Control is running 3 Test the DNS functionality by running the nslookup command at Microsoft Windows command prompt on the host running F Secure Spam Control An example C nslookup 2 0 0 127 sbl xbl ...

Page 337: ...ng correctly you should see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DUL Tests like RCVD_IN_DSBL RCVD_IN_NJABL RCVD_IN_SORBS RCVD_IN_BL_SPAMCOP_NET RCVD_IN_DSBL RCVD_IN_XBL indicate that DNSBL RBL was successfully used to classify the mail 2 If DNS functionality is not ...

Page 338: ...ncreases when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default the product processes a maximum of three e mails at the same time because there can be three Spam Scanner engine instances running simultaneously The number of Spam Scanner instances can be controlled by using a command line...

Page 339: ... 3 6 1 4 1 2213 18 1 35 500 has been set to 5 To take the new setting into use restart F Secure Content Scanner Server IMPORTANT Each additional instance of the Spam Scanner takes approximately 25Mb of memory process fsavsd exe Typically you should not need more than 5 instances ...

Page 340: ...340 9 UPDATING VIRUS AND SPAM DEFINITION DATABASES Overview 341 Automatic Updates with F Secure Automatic Update Agent 341 Configuring Automatic Updates 342 Manual Updates 342 ...

Page 341: ...finition database updates are retrieved automatically when they are published When a new virus is found F Secure provides a new virus definition database update F Secure Automatic Update Agent uses HTTP protocol to fetch this update Virus and spam definition updates are digitally signed for maximum security In order to update the spam definition databases F Secure Automatic Update Agent must be in...

Page 342: ...ng the F Secure Automatic Update Agent settings To change these settings use F Secure Policy Manager Console For more information see F Secure Automatic Update Agent Settings 212 9 4 Manual Updates If you do not want to use F Secure Automatic Update Agent to automatically update your virus definition database you can do it manually with a program called FSUPDATE or by downloading the LATEST ZIP fi...

Page 343: ...se remotely by using F Secure Policy Manager and downloading the LATEST ZIP archive as follows 1 Download the LATEST ZIP archive from http www f secure com download purchase updates shtml 2 Run F Secure Policy Manager console 3 Open the Tools menu and select Update Virus Definitions on the Server 4 Browse to the location where you saved the LATEST ZIP file and click Open ...

Page 344: ...nd Network Recommendations 345 Installation Overview 347 Creating Quarantine Storage 348 Installing the Product 356 Administering the Cluster Installation with F Secure Policy Manager 360 Using the Quarantine in the Cluster Installation 363 Troubleshooting 363 ...

Page 345: ...ded if your organization sends and receives a large amount of e mail messages Microsoft SQL Server 2000 Desktop Edition MSDE cannot be used with the product installed on a cluster Server for the quarantine storage if you plan to deploy the product on an active active cluster the quarantine storage requires a dedicated server The server must belong in the same domain with Microsoft Exchange Servers...

Page 346: ...346 Sample Active Active Cluster Deployment The following diagram displays how the product can be deployed and used on the active active cluster environment ...

Page 347: ...ntine storage for quarantined e mail messages and attachments If you plan to install the product on an active passive cluster see Quarantine Storage in Active Passive Cluster 348 If you plan to install the product on an active active cluster see Quarantine Storage in Active Active Cluster 353 4 Install the product on each node If you plan to install the product on an active passive cluster see Ins...

Page 348: ...istrator account 2 Create a directory for the quarantine storage on the physical disk shared by the cluster nodes You can create it on the same disk with MIcrosoft Exchange Server storage and log files For example create Quarantine directory on disk D 3 Go to Windows Start menu All Programs Administrative Tools and select Cluster Administrator 4 Under Groups right click Exchange Virtual Server and...

Page 349: ...F Secure Quarantine Storage Resource Type File Share Group make sure that your Exchange Virtual Server is selected Click Next 5 Possible Owners dialog opens 6 Verify that all nodes that are running Exchange Server are listed under Possible owners and click Next 7 Dependencies dialog opens ...

Page 350: ...Available resources select the Exchange Server Network Name and the disk with the quarantine storage directory and click Add to add them to Resource dependencies Click Next 8 File Share Parameters dialog opens ...

Page 351: ...e name makes the share hidden when you view network resources of the cluster with Windows Explorer E Enter the directory name you created on step 2 as Path for example D Quarantine In the Comment box type F Secure Quarantine Storage Make sure that User limit is set to Maximum allowed Click Permissions 9 Permissions dialog opens ...

Page 352: ...or Exchange Domain Servers and SYSTEM and Full Control Change and Read permissions for Administrator account Click OK 10 In File Share Parameters dialog click Advanced Make sure that Normal share is selected in Advanced File Share Properties Click OK 11 In File Share Parameters dialog click Finish to create F Secure Quarantine Storage resource ...

Page 353: ...ust be set on a dedicated computer This computer should be the member of the same domain as your Exchange Servers 1 Log on to the server where you plan to create the quarantine storage for example APPSERVER with a domain administrator account 2 Create a directory for example C Quarantine for the quarantine storage on the local hard disk 3 Right click the directory in the Windows Explorer and selec...

Page 354: ...log opens Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names Remove Everyone account Grant Change and Read permissions for Exchange Domain Servers and SYSTEM and Full Control Change and Read permissions for Administrator account Click OK 6 In the directory properties dialog go to the Security tab ...

Page 355: ...ll except Full Control permissions for Exchange Domain Servers and SYSTEM Grant all permissions for Administrator Click OK 7 To verify that the quarantine storage is accessible log on as the domain administrator to any node in the cluster and try to open Server FSAVMSEQS with Windows Explorer where Server is the name of the server where you created the quarantine storage share ...

Page 356: ...r Microsoft Exchange setup wizard Install the product in the centralized management mode Specify the IP address of F Secure Policy Manager Server and admin pub that you created during the F Secure Policy Manager installation For more information see Installation 32 3 The setup wizard asks for the location of the quarantine directory Specify the UNC path to the Quarantine Storage share that you cre...

Page 357: ...e quarantine database Select the server running Microsoft SQL Server 5 Complete the installation on the active node 6 Log on to the passive node of the cluster using a domain administrator account Repeat steps 2 4 7 After you specify the SQL Server to use the setup wizard asks you to specify the quarantine database ...

Page 358: ...irst node of the cluster using a domain administrator account 2 Run F Secure Anti Virus for Microsoft Exchange setup wizard Install the product in the centralized management mode Specify the IP address of F Secure Policy Manager Server and admin pub that you created during the F Secure Policy Manager installation For more information see Installation 32 3 The setup wizard asks for the location of ...

Page 359: ...ou created before the installation as the Quarantine Directory For example Server FSAVMSEQS where Server is the name of the server where you created the quarantine storage share 4 The setup program asks to specify the SQL Server to use for the quarantine database Select the server running Microsoft SQL Server ...

Page 360: ...L Server to use the setup wizard asks you to specify the quarantine database Select Use the existing database 8 Complete the installation on the second node A 5 Administering the Cluster Installation with F Secure Policy Manager To administer the product installed on a cluster create a new subdomain under your organization or network domain Import all cluster nodes to this subdomain ...

Page 361: ...oduct configuration on all cluster nodes follow these instructions 1 Select the cluster subdomain in the Policy Domains tree 2 Change required settings 3 Distribute the policy 4 All nodes receive new settings next time they poll the F Secure Policy Manager Server ...

Page 362: ...n a particular node follow these instructions 1 Select the corresponding host in the Policy Domains 2 Change required settings 3 Distribute the policy 4 The host receives new settings next time it polls the F Secure Policy Manager Server ...

Page 363: ...ne node of the cluster is online Use the IP address of the Exchange Virtual Server s when you connect to F Secure Anti Virus for Microsoft Exchange Web Console A 7 Troubleshooting If the product fails to quarantine a file or reports that the quarantine storage is not accessible make sure that directory sharing and security permissions are set as follows change write and read operations are allowed...

Page 364: ...364 B APPENDIX Variables in Warning Messages List of Variables 365 Outbreak Management Alert Variables 367 ...

Page 365: ...le will be replaced with Unknown Variable Description ANTI VIRUS SERVER The DNS WINS name or IP address of F Secure Anti Virus for Microsoft Exchange CSS NAME The DNS WINS name or IP address of F Secure Content Scanner Server NAME OF SENDER The e mail address where the original content comes from NAME OF RECIPIENT The e mail addresses where the original content is sent SUBJECT The original e mail ...

Page 366: ...M E The name of the original file or attachment AFFECTED FILESIZE The size of the original file or attachment THREAT The name of the threat that was found in the content For example it can contain the name of the found infection etc TAKEN ACTION The action that was taken to remove the threat These include the following dropped disinfected etc QUARANTINE ID The identification number of the quaranti...

Page 367: ...ent Alert Variables INTERVAL TIME Detection interval in minutes INTERVAL MINUTES Outbreak limit of infections within detection interval INFECTIONS LIMIT Actual number of infections found within the detection interval INFECTIONS FOUND Detection interval in minutes ...

Page 368: ...nd Processes F Secure Anti Virus for Microsoft Exchange 369 F Secure Content Scanner Server 370 F Secure Anti Virus for Microsoft Exchange Web Console 370 F Secure Management Agent FSMA 371 F Secure Automatic Updates Agent 373 ...

Page 369: ...icrosoft Exchange and it is used to get the whole system up and running fswbsthk exe The F Secure Web Storage Hook processes mail in mailboxes and public folders as well as composes and sends warning and notification messages to end users fsstrods exe The F Secure Web Storage On Demand Scanner performs manual and scheduled operations under mailboxes and public folders F SecureOutbreak Manager fsob...

Page 370: ...otocol SCIP compliant clients F Secure Management Agent starts and controls the service automatically fsdbuh exe The Database Update Handler process verifies and checks the integrity of virus definition and spam control database updates Service Process Descriptions F Secure Web UI Daemon fswebuid exe HTTP server that hosts F Secure Anti Virus for Microsoft Exchange Web Console Supports HTTP 1 0 HT...

Page 371: ...s the communication with F Secure Policy Manager via the network shared directory or HTTP interface F Secure Management Agent starts and controls the service automatically fsmb32 exe F Secure Message Broker provides the inter process communication interface for integrated services and applications fch32 exe F Secure Configuration Handler that works with F Secure Policy Manager driver and enables o...

Page 372: ...le LogFile log Windows event log and SMTP server fih32 exe F Secure Installation Handler enables the remote installation and updating of integrated F Secure products fsm32 exe The F Secure Settings and Statistics User Interface The process is not running unless the user is logged in to the system Service Process Description ...

Page 373: ...ocess that polls and automatically downloads virus and spam definition database updates from F Secure It also handles F Secure Automatic Updates Agent settings and provides the local user interface for a logged on user FSBWSYS exe The Automatic Update Agent process provides automatic updates of virus definition databases for F Secure Content Scanner Server THe process receives virus definition dat...

Page 374: ...374 D TROUBLESHOOTING Overview 375 Starting and Stopping 375 Viewing the Log File 375 Common Problems and Solutions 376 Frequently Asked Questions 381 F Secure Automatic Update Agent Troubleshooting 386 ...

Page 375: ... Summary page and click Start to activate F Secure Anti Virus for Microsoft Exchange Click Stop to stop it From the command line enter NET STOP FSAVAG4MSE to the command line to stop the service and NET START FSAVAG4MSE to start the service D 3 Viewing the Log File F Secure Anti Virus for Microsoft Exchange uses the log file Logfile log that is maintained by F Secure Management Agent and contains ...

Page 376: ...ent Scanner Server are up and running Checking F Secure Anti Virus for Microsoft Exchange 1 Make sure that F Secure Anti Virus for Microsoft Exchange service and all its processes have started Open Services in the Windows Control Panel and check that the F Secure Anti Virus for Microsoft Exchange service has started Open the Windows Task Manager and check that the following processes are running 2...

Page 377: ...ter running F Secure Anti Virus for Microsoft Exchange has two or more network interfaces including dial up modem connection make sure that all files forwarded to F Secure Content Scanner Server use the right network interface Edit the routing table if needed Checking F Secure Content Scanner Server Problem When the F Secure Anti Virus for Microsoft Exchange tries to send an attachment to F Secure...

Page 378: ...Management Agent F Secure Network Request Broker Check the Task Manager The following processes should be running If any of these processes are not started uninstall and reinstall the F Secure Anti Virus Content Scanner Server Checking F Secure Anti Virus for Microsoft Exchange Web Console Problem I cannot open or access F Secure Anti Virus for Microsoft Exchange Web Console Solution 1 Make sure t...

Page 379: ...rvice Packs If you wish to install a Microsoft Exchange Server Service Pack and F Secure Anti Virus for Microsoft Exchange is already installed stop F Secure Anti Virus for Microsoft Exchange before installing the Service Pack and restart it after the Service Pack installation D 4 2 Securing the Quarantine Problem I have installed F Secure Anti Virus for Microsoft Exchange and I m worried about se...

Page 380: ...e and adjust access rights to the Quarantine storage manually when you change its path from F Secure Policy Manager Console or F Secure Anti Virus for Microsoft Exchange Web Console D 4 3 Administration Issues Some settings are initially configured during the installation of F Secure Anti Virus for Microsoft Exchange and F Secure Content Scanner Server They can be viewed on the Status tab of F Sec...

Page 381: ...er is up and running If a mail cannot be scanned access to it is not allowed Q Why does e mail stay in the Outbox for a while after being sent A F Secure Anti Virus for Microsoft Exchange scans each message for viruses hence the delay with sending the message Q F Secure Anti Virus for Microsoft Exchange complains about connection timeout to F Secure Content Scanner Server What should be done A Mak...

Page 382: ...se them to report that they have lost the connection to F Secure Content Scanner Server Settings Q Is it possible to strip attachments with size greater than or equal to a given value A No this is not possible at the moment Use the Exchange Manager to limit the size of attached files Q Are the newly created mailboxes and Public Folders automatically covered by F Secure Anti Virus A Yes The default...

Page 383: ... and to the Working directory and Quarantine storage settings of F Secure Content Scanner Server Q A message has an attachment with a file extension that should be stripped Why the attachment was not stripped A F Secure Anti Virus for Microsoft Exchange does not strip attachments with a size of 0 Kb as they cannot contain any malicious code Q I have a Public Folder that is excluded from the virus ...

Page 384: ...imes two warning messages are sent to the recipient Why A When you release an e mail that has an infected attachment from the Quarantine and the user uses POP3 to retrieve mail from the server the user may receive two warning messages while the infected attachment remains in the Quarantine Local Protection with F Secure Anti Virus for Windows Servers Q Can all files on a Microsoft Exchange compute...

Page 385: ...d and replaced with the Attachment_Information txt file As embedded OLE objects have to be replaced with text attachments to avoid corrupting OLE objects the Attachment_Information txt is an embedded OLE object that causes the warning message The VirusInfo text file contains information about the infection that has been removed The Attachment_Information txt file may appear also in Public Folder m...

Page 386: ...ent that is set to be stripped When users try to attach the attachment they receive an error message and the sending will fail D 6 F Secure Automatic Update Agent Troubleshooting The F Secure Automatic Update Agent log file may be useful when solving problems when virus and or spam definition databases do not update properly Open the F Secure Automatic Update Agent from F Secure Settings and Stati...

Page 387: ...lled the update has been downloaded but the F Secure Automatic Update Agent could not copy it into the destination directory The F Secure Automatic Update Agent tries to copy it there again in one minute intervals Click Package Properties to see the error message If the Last Result value is Installed check the date and time in the First Installed column at the bottom of the Received Packages page ...

Page 388: ...y Check that the current user has appropriate access rights to the destination directory Note that if the destination is a communication directory the same rights are also required for its subdirectories If the destination is the Other subdirectory the same rights are required for its parent directory Could not switch database update directory to a new one Another application has a file open in th...

Page 389: ...ings page in the F Secure Automatic Update Agent window and check that you have selected the correct communication directory as the destination for the updates If you are not sure try downloading Latest zip from http www F Secure com download purchase updates shtml and import it to F Secure Policy Manager Console If the update succeeds this way but not with F Secure Automatic Update Agent and the ...

Page 390: ... cannot connect to the server make sure that your browser can access the Internet Open your browser and connect to http fsbwserver f secure com If you cannot connect to the web page check your network settings If the connection was successful open the Settings page If Polite Agent is selected in the Communication section change it to HTTP If you change the protocol from Polite Agent to HTTP or vic...

Page 391: ... server enable the Use HTTP proxy checkbox on the F Secure Automatic Update Agent window s Settings page and type in the field the proxy server address and port number that you retrieved from your browser i e myproxy mydomain com 80 If you are not connected through a proxy server ensure that the Use HTTP proxy option is not selected After these operations your Automatic Update Agent client should ...

Page 392: ...392 Technical Support F Secure Online Support Resources 393 Web Club 395 Virus Descriptions on the Web 395 ...

Page 393: ...s no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an online Web submit form accessible through F Secure support web pages under the Contact Support page Fill in all the fields and describe the problem as accurately as possible Please include the FSDiag report taken from the problematic server with the support request...

Page 394: ...rsion number of the operating system on which F Secure products and protected systems are running For Windows include the build number and Service Pack number The version number and the configuration of your Microsoft Exchange Server If possible describe your network configuration and topology A detailed description of the problem including any error messages displayed by the program and any other...

Page 395: ...k in the banner Alternatively right click on the F Secure icon in the Window taskbar and choose the Web Club command To connect to the Web Club directly from within your Web browser go to http www f secure com anti virus webclub corporate Virus Descriptions on the Web F Secure Corporation maintains a comprehensive collection of virus related information on its Web site To view the Virus Informatio...

Page 396: ...ter Communications The latest real time virus threat scenario news are available at the F Secure Antivirus Research Team weblog at http www f secure com weblog Services for Individuals and Businesses F Secure services and software protect individuals and businesses against computer viruses and other threats coming through the Internet or mobile networks Our award winning solutions include antiviru...

Page 397: ......

Reviews:

No comments

Related manuals for ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 -

AlliedWare Plus 5.2.1

Brand: Allied Telesis Pages: 1294

Brand: MAGIX Pages: 88

GigaStudio 3.04

Brand: Tascam Pages: 2

ENTERPRISE SOLUTION ERASING FI

Brand: Blackberry Pages: 10

Persona Persona M30e

Brand: Fargo Pages: 31

WISE INSTALLATION EXPRESS 7.0 SP2

Brand: Symantec Pages: 50

FreeAgent Desktop 1TB

Brand: Seagate Pages: 2

Brand: Toshiba Pages: 1

dynadock Drivers

Brand: Toshiba Pages: 3

e-STUDIO Printer/Fax/Scanner/Copier

Brand: Toshiba Pages: 4

Brand: Toshiba Pages: 53

Brand: SkyLink Pages: 6

Brand: MINOLTA-QMS Pages: 60

Stereo and Mono Side chain Compressor

Brand: Mackie Pages: 28

Brand: Qualcomm Pages: 192

ANTI-VIRUS 5.6 - FOR MICROSOFT ISA SERVER 2004-2006 STANDARD...

Brand: KAPERSKY Pages: 75

E027SLL-H - Tivoli Monitoring - PC

Brand: IBM Pages: 310

INSIGHT - TEACHER

Brand: FARONICS Pages: 9

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands