F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 - Administrator'S Manual Download | Manualshive

Page: 262 / 349

background image

262

7.1

Introduction

You can manage and search quarantined mails with the F-Secure
Anti-Virus for Microsoft Exchange Web Console. You can search for
quarantined content by using different search criteria, including the
quarantine ID, recipient and sender address, the time period during which
the message was quarantined, and so on. You can reprocess and delete
messages, and specify storage and automatic deletion times based on
the reason for quarantining the message.

If you have multiple F-Secure Anti-Virus for Microsoft Exchange
installations, you can manage the quarantined content on all of them from
one single F-Secure Anti-Virus for Microsoft Exchange Web Console.

The quarantine consists of:

Quarantine Database, and

Quarantine Storage.

Quarantine Database

The quarantine database contains information about the quarantined
messages and attachments. If there are several F-Secure Anti-Virus for
Microsoft Exchange installations in the network, they can either have their
own quarantine databases, or they can use a common quarantine
database. An SQL database server is required for the quarantine
database.

The following SQL databases can be used for storing information about
the quarantined content:

Microsoft SQL Server 2000 Desktop Engine (MSDE)

Microsoft SQL Server 2000

Microsoft SQL Server 2005

For more information on the SQL database servers that can be
used for deploying the quarantine database, see “

Server to Use for the Quarantine Database?

«
...
260
261
262
263
264
...
»

Summary of Contents for ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 -

Page 1: ...F Secure Anti Virus for Microsoft Exchange Administrator s Guide...

Page 2: ...ransmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2009 F Secure Corporation All rights reser...

Page 3: ...s 21 1 5 F Secure Anti Virus Mail Server and Gateway Products 22 Chapter 2 Deployment 23 2 1 Installation Modes 24 2 2 Network Requirements 25 2 3 Deployment Scenarios 26 2 3 1 Single Exchange Server...

Page 4: ...Version 6 62 63 3 9 Upgrading the Evaluation Version 65 3 10 Uninstalling F Secure Anti Virus for Microsoft Exchange 66 Chapter 4 Using F Secure Anti Virus for Microsoft Exchange 67 4 1 Administering...

Page 5: ...erver 142 5 5 2 Scan Engines 143 5 5 3 Common 144 5 5 4 Spam Control 144 5 5 5 Virus Statistics 145 5 6 F Secure Management Agent Settings 145 5 7 F Secure Automatic Update Agent Settings 147 Chapter...

Page 6: ...tine Options 264 7 3 Quarantine Status 264 7 3 1 Quarantine Logging 264 7 4 Searching the Quarantined Content 264 7 5 Query Results Page 269 7 5 1 Viewing Details of the Quarantined Message 270 7 6 Qu...

Page 7: ...stallation Overview 304 C 2 Creating Quarantine Storage 305 C 2 1 Quarantine Storage in Active Passive Cluster 305 C 2 2 Quarantine Storage in Active Active Cluster 310 C 2 3 Creating the Quarantine S...

Page 8: ...Troubleshooting 336 E 1 Overview 337 E 2 Starting and Stopping 337 E 3 Viewing the Log File 338 E 4 Common Problems and Solutions 338 E 4 1 Installing Service Packs 341 E 4 2 Securing the Quarantine 3...

Page 9: ...9 ABOUT THIS GUIDE How This Guide Is Organized 10 Conventions Used in F Secure Guides 13...

Page 10: ...Exchange Chapter 5 Centrally Managed Administration Instructions how to remotely administer F Secure Anti Virus for Microsoft Exchange and F Secure Content Scanner Server when they have been installe...

Page 11: ...oblems Technical Support Contains the contact information for assistance About F Secure Corporation Describes the company background and products See the F Secure Policy Manager Administrator s Guide...

Page 12: ...s black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a sit...

Page 13: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Page 14: ...14 1 INTRODUCTION Overview 15 How F Secure Anti Virus for Microsoft Exchange Works 16 Key Features 19 Scanning Methods 21 F Secure Anti Virus Mail Server and Gateway Products 22...

Page 15: ...d the company network from any malicious code that travels in HTTP or SMTP traffic In addition they protect your company network against spam The protection can be implemented on the gateway level to...

Page 16: ...d Stripped attachments can also be placed in the Quarantine for further examination Flexible and Scalable Anti Virus Protection F Secure Anti Virus for Microsoft Exchange is installed on Microsoft Exc...

Page 17: ...or Microsoft Exchange can be installed either in stand alone or centrally administered mode Depending on how it has been installed F Secure Anti Virus for Microsoft Exchange is managed either with the...

Page 18: ...ication between F Secure Anti Virus for Microsoft Exchange and F Secure Policy Manager Console It exchanges security policies software updates status information statistics alerts and other informatio...

Page 19: ...cursive scanning of ARJ BZ2 CAB GZ JAR LZH MSI RAR TAR TGZ Z and ZIP archive files Automatic and consistent virus definition database updates Suspicious and unsafe attachments can be stripped away fro...

Page 20: ...he products remotely with F Secure Policy Manager or F Secure Anti Virus for Microsoft Exchange Web Console Possibility to configure and manage stand alone installations with the convenient F Secure A...

Page 21: ...rus patterns and security threats All possibly harmful messages are quarantined as unsafe The proactive virus threat detection can detect new viruses during the first minutes of the outbreak Grayware...

Page 22: ...per for Linux provides a high performance solution at the Internet gateway level stopping viruses and other malicious code before they spread to end users desktops or corporate servers The product sca...

Page 23: ...23 2 DEPLOYMENT Installation Modes 24 Network Requirements 25 Deployment Scenarios 26...

Page 24: ...cure Policy Manager components F Secure Policy Manager Server and F Secure Policy Manager Console To administer F Secure Anti Virus for Microsoft Exchange in the centrally administered mode you have t...

Page 25: ...UDP and TCP 1433 TCP only with the dedicated SQL server F Secure Automatic Update Agent ProgramFiles F Secure FSA UA program fsaua exe DNS 53 UDP and TCP HTTP 80 and or another port used to connect t...

Page 26: ...07 27 If you have multiple Microsoft Exchange Servers see Multiple Exchange 2000 2003 Servers 28 If you have multiple Microsoft Exchange Servers with Exchange Edge and Mailbox Server roles see Multipl...

Page 27: ...uter Installing F Secure Anti Virus for Microsoft Exchange Install F Secure Anti Virus for Microsoft Exchange to the server running Microsoft Exchange Server or Microsoft Small Business Server Install...

Page 28: ...zation back end servers may be clustered Installing F Secure Anti Virus for Microsoft Exchange Install F Secure Anti Virus for Microsoft Exchange to both front end and back end Exchange servers Instal...

Page 29: ...change Edge and Mailbox Server roles are deployed to separate servers and the Hub Server is deployed either on a separate server or on the same server with the Mailbox Server The Edge Server handles i...

Page 30: ...licy Manager Console When you install the product configure each installation to connect to the same F Secure Policy Manager Server The product installations receive anti virus and spam database updat...

Page 31: ...trol If you have a license for F Secure Spam Control you can install it on the Edge server Administration Modes Install F Secure Policy Manager Server on a dedicated server You can administer the prod...

Page 32: ...r installations For example you have front end and back end servers running Exchange Server 2000 2003 or a network configuration with Edge and Mailbox roles running Exchange Server 2007 Microsoft SQL...

Page 33: ...erver 2005 Express Edition included in F Secure Anti Virus for Microsoft Exchange the Quarantine database size is limited to 4 GB You can use F Secure Anti Virus for Microsoft Exchange Web Console to...

Page 34: ...neral page and change the password Confirm the new password that you entered 6 Open the Status page and select Enabled in the Login section 7 Click OK 8 In Object Explorer right click on the server na...

Page 35: ...Improving Reliability and Performance 43 Installation Overview 45 Installing F Secure Anti Virus for Microsoft Exchange 46 After the Installation 60 Upgrading from the Version 6 62 63 Upgrading the E...

Page 36: ...t contains the latest information about the product and might have changes to system requirements and the installation procedure It is highly recommended to read the release notes before you proceed w...

Page 37: ...sk space to install 300 MB For performance and security reasons it is not possible to install the product on any other than an NTFS partition Disk space for processing 10 GB or more The required disk...

Page 38: ...system Microsoft Windows Server 2003 Standard x64 Edition with the latest service pack Microsoft Windows Server 2003 Enterprise x64 Edition with the latest service pack Microsoft Windows Server 2003 R...

Page 39: ...Copy Cluster SCC For performance and security reasons it is not possible to install the product on any other than an NTFS partition Disk space for processing 10 GB or more The required disk space dep...

Page 40: ...ions of Microsoft SQL Server are recommended to use Microsoft SQL Server 2005 Enterprise Standard Workgroup or Express edition with the latest service pack Microsoft SQL Server 2008 Enterprize Standar...

Page 41: ...rver 2005 2008 Express Edition supports Microsoft Windows Server 2008 It is not recommended to use Microsoft SQL Server 2005 Express Edition if you are planning to use centralized quarantine managemen...

Page 42: ...on 2 0 is required to install Microsoft SQL Server 2005 Express Edition and Microsoft NET Framework version 3 5 is required with Microsoft SQL Server 2008 Express Edition If you plan to have Microsoft...

Page 43: ...If the system load is high a fast processor on the Microsoft Exchange Server speeds up the e mail message processing As Microsoft Exchange Server handles a large amount of data a fast processor alone...

Page 44: ...tem 3 4 Centrally Administered or Stand alone Installation F Secure Anti Virus for Microsoft Exchange can be managed either with F Secure Anti Virus for Microsoft Exchange Web Console or F Secure Poli...

Page 45: ...soft Exchange Follow these steps to set up F Secure Anti Virus for Microsoft Exchange Centralized Administration mode 1 Run F Secure Policy Manager setup to set up F Secure Policy Manager Server See F...

Page 46: ...ases For more information see Updating Virus and Spam Definition Databases 293 After the installation is complete check and configure the product settings 3 6 Installing F Secure Anti Virus for Micros...

Page 47: ...tallation Step 2 Read the information in the Welcome screen Click Next to continue Step 3 Read the license agreement If you accept the agreement check the I accept this agreement checkbox and click Ne...

Page 48: ...4 Enter the product keycode Click Next to continue Step 5 Choose the components to install For more information about F Secure Spam Control see Administering F Secure Spam Control 278 Click Next to c...

Page 49: ...ation Click Next to continue Step 7 Choose the administration method If you install F Secure Anti Virus for Microsoft Exchange in stand alone mode you cannot configure settings and receive alerts and...

Page 50: ...during F Secure Policy Manager Console setup You can transfer the public key in various ways use a shared folder on the file server a USB device or send the key as an attachment in an e mail message C...

Page 51: ...r URL of the F Secure Policy Manager Server you installed earlier Click Next to continue If the product MIB files cannot be uploaded to F Secure Policy Manager during installation you can import them...

Page 52: ...e SMTP address should be a valid existing address that is allowed to send messages Click Next to continue Step 11 Specify the Quarantine management method If you want to manage the Quarantine database...

Page 53: ...same server as the product installation select a Install and use Microsoft SQL Server 2005 Express Edition If you are using Microsoft SQL Server already select b Use the existing installation of MIcr...

Page 54: ...tores information about the quarantined content Enter the user name and the password that you want to use to connect to the quarantine database Use a different account than the server administrator ac...

Page 55: ...atabase Enter the password for the sa account that you use to log on to the server Click Next to continue If the server has a database with the same name you can either use the existing database remov...

Page 56: ...atistics about viruses and other malware to the F Secure World Map service If you agree to send statistics to F Secure World Map select Yes and click Next to continue If you enable F Secure World Map...

Page 57: ...ll F Secure Anti Virus for Microsoft Exchange MIB files If the installation program cannot connect to F Secure Policy Manager Server the following dialog opens Make sure that the computer where you ar...

Page 58: ...install MIB files later either manually or by running the Setup again Step 16 The list of components that will be installed is displayed Click Start to install listed components Step 17 The installat...

Page 59: ...CHAPTER3 59 Installation Step 18 The installation is complete Click Finish to close the Setup wizard...

Page 60: ...o import the MIB files if F Secure Anti Virus for Microsoft Exchange is located in a different network segment than F Secure Policy Manager and there is a firewall between them blocking access to Poli...

Page 61: ...Microsoft Exchange and distribute the policy For more information see Centrally Managed Administration 75 If F Secure Anti Virus for Microsoft Exchange has been installed in stand alone mode use the...

Page 62: ...er hosts are considered inbound 4 E mail messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host If F Secure Anti Virus for Microsoft Exchange h...

Page 63: ...version of the product upgrade F Secure Policy Manager to version 8 11 1 Install F Secure Anti Virus for Microsoft Exchange For more information see Installing F Secure Anti Virus for Microsoft Excha...

Page 64: ...Policy Manager Console b Go to F Secure F Secure Anti Virus for Microsoft Exchange Operations Policy Migration c Click Migrate 6 After the policy migration is complete check the migration report and...

Page 65: ...and Statistics To register the new keycode from F Secure Settings and Statistics 1 Open F Secure Settings and Statistics by double clicking the F Secure icon in the Windows system tray and select F S...

Page 66: ...e Programs from the Windows Control Panel To uninstall F Secure Anti Virus for Microsoft Exchange completely uninstall the components in the following order 1 F Secure Spam Control if it was installed...

Page 67: ...67 4 USING F SECURE ANTI VIRUS FOR MICROSOFT EXCHANGE Administering F Secure Anti Virus for Microsoft Exchange 68 Using Web Console 69 Using F Secure Policy Manager Console 72...

Page 68: ...ou can use the F Secure Anti Virus for Microsoft Exchange Web Console to start and stop F Secure Anti Virus for Microsoft Exchange check its current status and to connect to F Secure Web Club for supp...

Page 69: ...in page opens enter your user name and the password and click Log In Note that you must have administrator rights to the host where F Secure Anti Virus for Microsoft Exchange Web Console is installed...

Page 70: ...e Anti Virus for Microsoft Exchange Web Console service to take the certificate into use 4 Wait until the utility completes and the window closes Now you can proceed to logging in Step 2 Log in and in...

Page 71: ...ed or log back in to the F Secure Anti Virus for Microsoft Exchange Web Console 8 When the login page opens log in to Web Console with your user name and the password 9 The Web Console displays Gettin...

Page 72: ...elect Windows Start menu Programs F Secure Policy Manager Console When the Policy Manager Console opens go to the Advanced Mode user interface by selecting View Advanced Mode F Secure Policy Manager C...

Page 73: ...ew policy file To view statistics select the Status tab of the Properties pane Statistics are updated periodically and can be reset by choosing Reset Statistics on the Policy tab of the Properties pan...

Page 74: ...tings for which you need to use the Final restriction You can also check in F Secure Policy Manager Console whether you need to use the Final restriction for a setting Do the following 1 Select the Po...

Page 75: ...for Microsoft Exchange Settings 76 F Secure Anti Virus for Microsoft Exchange Statistics 126 F Secure Content Scanner Server Settings 132 F Secure Content Scanner Server Statistics 142 F Secure Manag...

Page 76: ...y settings with it 5 2 F Secure Anti Virus for Microsoft Exchange Settings In the centralized administration mode you can change settings and start operations using F Secure Policy Manager Console For...

Page 77: ...ts are considered inbound 4 E mail messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host If e mail messages come from internal SMTP sender hos...

Page 78: ...72 16 1 172 16 4 0 16 172 16 250 255 If end users in the organization use other than Microsoft Outlook e mail client to send and receive e mail it is recommended to specify all end user workstations a...

Page 79: ...ains keywords file patterns or e mail addresses Filter Specify file names extensions keywords or email addresses that the match list contains Description Specify a short description for the list Templ...

Page 80: ...icrosoft Exchange adjusts the access rights to the Quarantine Storage so that only the product operating system and the local administrator can access it If you change the Quarantine Storage setting m...

Page 81: ...the specified value the product sends an alert to the administrator If the threshold is specified as zero 0 the size of the Quarantine is not checked Quarantined Items Threshold Specify the critical...

Page 82: ...safe Messages setting to specify the action that takes place if the message is retained in the Quarantine after the maximum attempts Final Action on Unsafe Messages Specify the action on unsafe messag...

Page 83: ...ait before trying to send the sample again if the previous submission failed Connection Timeout Specify the time in seconds how long the product tries to contact the F Secure Hospital server Send Time...

Page 84: ...the product During the installation F Secure Anti Virus for Microsoft Exchange automatically adjusts the access rights so that only the operating system and the local administrator can access files i...

Page 85: ...disallowed attachments are handled Drop Attachment Remove the attachment from the message and deliver the message to the recipient without the disallowed attachment Drop the Whole Message Do not deliv...

Page 86: ...messages By default notification messages are not sent Do Not Notify on These Attachments Specify attachments that do not generate notifications When the product finds specified file or file extensio...

Page 87: ...behavior so that the product can detect unknown malware By default the heuristic scan is enabled for inbound mails and disabled for outbound and internal mails The heuristic scan may affect the produ...

Page 88: ...ssage is not quarantined For more information see Lists and Templates 79 Send Virus Notification Message to Recipient Specify the template for the notification message that is sent to the intented rec...

Page 89: ...Specify whether the administrator is notified when F Secure Anti Virus for Microsoft Exchange finds a virus in a message Configure the Alert Forwarding table to specify where the alert is sent based...

Page 90: ...eliver the message to the recipient Action on Password Protected Archives Specify the action to take on archives which are protected with passwords These archives can be opened only with a valid passw...

Page 91: ...ge to the recipient Quarantine Dropped Archives Specify whether archives that are not delivered to recipients are placed in the quarantine For more information see Quarantine Management 261 Notify Adm...

Page 92: ...ected When proactive virus threat detection is disabled mails are only scanned by antivirus engines Grayware Scanning Specify how the product processes grayware items in inbound outbound and internal...

Page 93: ...Lists and Templates 79 Send Warning Message to Recipient Specify the template for the notification message that is sent to the intented recipient when a grayware item is found in a message Note that...

Page 94: ...Alert Forwarding table to specify where the alert is sent based on the severity level The Alert Forwarding table can be found in F Secure Management Agent Settings Alerting Filter Disallowed Content S...

Page 95: ...sage with disallowed content Send Notification Message to Recipient Specify whether recipients are notified when disallowed content is found Send Notification Message to Sender Specify whether the ori...

Page 96: ...the message envelope headers and body during the first minutes of the new spam or virus outbreak example Matches any message text or subject that contains the word example another example Matches any...

Page 97: ...Recognition strengthens the security but can degrade the system performance Action on Malformed Mails Specify the action for non RFC compliant e mails If the message has an incorrect structure the pro...

Page 98: ...are scanned up to level specified in the Max Levels of Nested Messages setting Exceeding nesting levels are not scanned but the message is delivered to the recipient Quarantine Problematic Messages S...

Page 99: ...anning Settings Specify which messages you want to scan during the real time scanning Trusted Senders Specify senders who are excluded from the mail scanning and processing Trusted Recipients Specify...

Page 100: ...boxes except those specified in the Excluded Mailboxes list Included Mailboxes Specify mailboxes that are scanned for viruses when the Scan Mailboxes setting is set to Scan Only Included Mailboxes Exc...

Page 101: ...ttempt to Disinfect Infected Attachments Specify whether the product should try to disinfect an infected attachment before processing it If the disinfection succeeds the product does not process the a...

Page 102: ...fy how many levels deep to scan in nested archives if Scan Viruses Inside Archives is enabled A nested archive is an archive that contains another archive inside If zero 0 is specified the maximum nes...

Page 103: ...h Leave the password protected archive in the message Drop archive Remove the password protected archive from the message Quarantine Dropped Archives Specify whether archives that are not delivered to...

Page 104: ...osoft Exchange Operations Manual Scanning branch in F Secure Policy manager Console 2 Click Start 3 Distribute the policy Grayware Exclusion List Specify the list of keywords for grayware types that a...

Page 105: ...all mailboxes except those specified in the Excluded Mailboxes list Included Mailboxes Specify mailboxes that are scanned for viruses when the Scan Mailboxes setting is set to Scan Only Included Mailb...

Page 106: ...Folders Incremental Scanning Specify which messages are scanned for viruses during the manual scan All Messages Scan all messages Only Recent Messages Scan only messages that have not been scanned dur...

Page 107: ...removed from the message For more information see Lists and Templates 79 Scan Messages for Viruses Enable or disable the virus scan The virus scan scans messages for viruses and other malicious code L...

Page 108: ...ecify infections that are never placed in the quarantine If a message is infected with a virus or worm which has a name that matches a keyword specified in this list the message is not quarantined For...

Page 109: ...vel specified in the Max Levels in Nested Archives setting Pass Through Nested archives are scanned up to level specified in the Max Levels in Nested Archives setting Exceeding nesting levels are not...

Page 110: ...rom the message Quarantine Dropped Archives Specify whether archives that are not delivered to recipients are placed in the quarantine For more information see Quarantine Management 261 Scan Messages...

Page 111: ...s as attachments If zero 0 is specified the maximum nesting level is not limited Quarantine Dropped Grayware Specify whether grayware attachments are quarantined Do Not Quarantine This Grayware Specif...

Page 112: ...to make it active again Click Add to add a new scheduled task to the list To duplicate a task select it from the list and click Copy To edit a previously created task click Edit To remove the selecte...

Page 113: ...cify the name of the scheduled operation Do not use any special characters in the task name Perform this task Specify how frequently you want the operation to be performed Once Only once at the specif...

Page 114: ...e date when the first operation is scheduled to start Start time Enter the start time of the task in hh mm format Start date Enter the start date of the task in mm dd yyyy format Mailboxes Specify mai...

Page 115: ...specified mailboxes Click Add or Remove to edit mailboxes that are scanned Scan all except excluded mailboxes Do not scan specified mailboxes but scan all other Click Add or Remove to edit mailboxes t...

Page 116: ...Scan all public folders Scan all public folders Scan only included public folders Scan all specified public folders Click Add or Remove to edit public folders that are scanned Scan all except excluded...

Page 117: ...chment stripping Targets Strip these attachments Specify which attachments are stripped from messages For more information see Lists and Templates 79 Exclude these attachments from stripping Specify a...

Page 118: ...not quarantined even when they are stripped For more information see Lists and Templates 79 Notifications Replacement text template Specify the template for the text that replaces the infected attach...

Page 119: ...Scan these attachments Specify attachments that are scanned for viruses For more information see Lists and Templates 79 Exclude these attachments from scanning Specify attachments that are not scanned...

Page 120: ...n the quarantine For more information see Lists and Templates 79 Notifications Replacement text template Specify the template for the text that replaces the infected attachment when the infected attac...

Page 121: ...ayware Specify the action to take on items which contain grayware Report only Leave grayware items in the message and notify the administrator Drop attachment Remove grayware items from the message Gr...

Page 122: ...ntine this grayware Specify grayware that are never placed in the quarantine For more information see Lists and Templates 79 Notifications Replacement text template Specify the template for the text t...

Page 123: ...canning Max levels in nesting archives Specify how many levels of archives inside other archives the product scans when Scan Viruses Inside Archives is enabled Detect disallowed files inside archives...

Page 124: ...oduct cannot scan their content Pass through Deliver the message with the password protected archive to the recipient Drop archive Remove the password protected archive from the message and deliver th...

Page 125: ...hments If zero 0 is specified the maximum nesting level is not limited It is not recommended to set the maximum nesting level to unlimited as this will make the product more vulnerable to DoS Denial o...

Page 126: ...nd open the Statistics subtree It displays statistics for the host for each F Secure Anti Virus for Microsoft Exchange installation If a policy domain is selected the Status view displays the number o...

Page 127: ...h 2 Set Real Time Scanning to Yes 3 Go to the Anti Virus for Microsoft Exchange Operations Reset Storage Statistics Reset branch 4 Click Start in the Editor pane The Status above the button displays O...

Page 128: ...the last reset of statistics Number of Infected Messages Displays the number of messages with attachments that are infected and cannot be automatically disinfected Number of High Medium Virus Risk Me...

Page 129: ...d Displays the time when the last infection was found Number of Mailboxes Displays the number of currently protected user mailboxes Number of Public Folders Displays the number of currently protected...

Page 130: ...e number of suspicious content found for example password protected archives and nested archives Last Infection Found Displays the name of the last infection found Last Time Infection Found Displays t...

Page 131: ...he estimated time left to finish the current manual scan Elapsed Time Displays the time that has elapsed since the manual scan was started Number of Processed Items Displays the total number of proces...

Page 132: ...ngs Use the variables under the F Secure Content Scanner Server Settings branch to define the settings for content providers and to change the general content scanning options Last Infection Found Dis...

Page 133: ...ated list of IP addresses the server accepts incoming requests from If the list is empty the server accepts connections from any host Max Connections Specifies the maximum number of simultaneous conne...

Page 134: ...le Return Scan Error Drop the file being scanned and send a scan error Scan with Other Engines Scan the file with other available scan engines Scan Inside Archives Specify whether files inside compres...

Page 135: ...file is stopped if Treat as Unsafe is selected If Treat as Safe is selected the archive file is sent to the user Suspect Password Protected Archives Compressed archive files can be protected with pas...

Page 136: ...imum time that one scanning task can last The Max Scan Timeout is 10 minutes by default Time Period Specify the time period for the most active viruses list The product shows statistics about most act...

Page 137: ...dresses or user names You can also forward unencrypted reports to a configurable e mail address and use the same statistics for your own internal purposes Mail Server Address Specify the IP address of...

Page 138: ...taking them to use Notify When Databases Become Old Specify whether F Secure Content Scanner Server should notify the administrator if virus definition databases have not been updated recently Notify...

Page 139: ...on and each spam scanner instance takes approximately 25MB of memory process fsavsd exe Do not increase the number of instances unless the product is running on a powerful computer VOD Cache Size Spec...

Page 140: ...ning F Secure Content Scanner Server checks the message using spam heuristics Trusted Networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers...

Page 141: ...t During the setup access rights are adjusted so that only the operating system and the local administrator can access files in the Working directory If you make changes to Working Directory settings...

Page 142: ...Scanner Server whether it has been started and it is running or it is stopped Start Time The date and time when the server was started Previous Reset of Statistics The date and time of the last reset...

Page 143: ...The scan engine can be loaded and enabled or disabled by the administrator or not loaded at all Last Database Update Displays the last date and time when virus definition database was taken into use...

Page 144: ...cted by the scan engine Database Version Displays the current version of database updates used by the scan engine Spam Scanner Version Displays the version and build number of the Spam Scanner Status...

Page 145: ...gement Agent For detailed information on F Secure Management Agent see the F Secure Policy Manager Administrator s Guide Communications Number of Processed Messages Displays the total number of e mail...

Page 146: ...ections F Secure Management Agent measures the speed of the network link to F Secure Policy Manager Server and stops the download if the minimum speed specified by this setting is not met Management S...

Page 147: ...c updates are enabled Internet connection checking Specify whether the product should check the connection to the Internet before trying to retrieve updates Assume always connected The computer is con...

Page 148: ...Secure Policy Manager Proxy If the product cannot connect to any user specified update server during the failover time it retrieves the latest virus definition updates from F Secure Update Server if A...

Page 149: ...ADMINISTRATION WITH WEB CONSOLE Overview 150 Home 150 Transport Protection 155 Storage Protection 179 Spam Control 216 Quarantine 218 Automatic Updates 228 Content Scanner Server 235 Server Propertie...

Page 150: ...is installed with F Secure Anti Virus for Microsoft Exchange To open the Web Console see Using Web Console 69 6 2 Home The Web Console displays Getting Started page when you log in for the first time...

Page 151: ...CHAPTER6 151 Administration with Web Console Summary The Summary tab displays the current status of the product components Normal the feature is enabled and everything is working as it should...

Page 152: ...ned Content 264 Log Files Click View F Secure Log to view the F Secure log file LogFile log in a new Internet browser window Click Download to download and save the LogFile log for later use Click Vie...

Page 153: ...153 Administration with Web Console Services Under the Services tab you can start stop and restart F Secure Anti Virus for Microsoft Exchange F Secure Content Scanner Server and F Secure Automatic Upd...

Page 154: ...scan F Secure World Map Support The product can collect and send statistics about viruses and other malware to the F Secure World Map service If you enable F Secure World Map support make sure that t...

Page 155: ...on options see Network Configuration 247 After you apply new transport protection settings it can take up to 20 seconds for the new settings to take effect You cannot add automatic disclaimers to mess...

Page 156: ...essed messages since the last reset of statistics Infected messages Displays the number of messages with attachments that are infected and cannot be automatically disinfected High Medium virus risk me...

Page 157: ...s content found for example password protected archives nested archives and malformed messages Stripped attachments Displays the number of filtered attachments Filtered messages Displays the number of...

Page 158: ...und and internal messages based on the file name or the file extension Strip Attachments from e mail messages Enable or disable the attachment stripping Targets Strip these attachments Specify which a...

Page 159: ...whether stripped attachments are quarantined Do not quarantine these attachments Specify files which are not quarantined even when they are stripped For more information see Match Lists 255 Notificati...

Page 160: ...n no notification is sent Send alert to administrator Specify whether the administrator is notified when the product strips an attachment If you enable the notification specify the alert level of the...

Page 161: ...with Web Console 6 3 2 Virus Scanning Specify inbound outbound and internal messages and attachments that should be scanned for malicious code Disabling virus scanning disables grayware scanning and...

Page 162: ...ctive virus threat detection Select whether Proactive Virus Threat Detection is enabled or disabled Proactive virus threat detection can identify new and unknown e mail malware including viruses and w...

Page 163: ...ed even when the setting is enabled Action on infected messages Specify whether infected messages are disinfected or dropped Drop Attachment Remove the infected attachment from the message and deliver...

Page 164: ...the notification field empty For more information see Message Templates 257 Do not notify on these infections Specify infections that do not generate notifications When the product finds the specifie...

Page 165: ...fy how the product processes grayware items in inbound outbound and internal messages Note that grayware scanning increases the scanning overhead By default grayware scanning is enabled for inbound me...

Page 166: ...canned Leave the list empty if you do not want to exclude any grayware types from the scan For more information see Match Lists 255 Quarantine dropped grayware Specify whether grayware attachments are...

Page 167: ...is grayware Specify a list of keywords for grayware types on which no notifications are sent If the product finds a grayware item with a name that matches the keyword the recipient and the sender are...

Page 168: ...bound and internal archive files Note that scanning inside archives takes time Disabling scanning inside archives improves performance but it also means that the network users need to use up to date v...

Page 169: ...ruses Inside Archives is enabled Detect disallowed files inside archives Specify files which are not allowed inside archives For more information see Match Lists 255 Actions Action on archives with di...

Page 170: ...scan their content Pass through Deliver the message with the password protected archive to the recipient Drop archive Remove the password protected archive from the message and deliver the message to...

Page 171: ...change blocks a suspicious overnested or password protected archive file If the archive is blocked because it contains malware grayware or disallowed files the administrator receives a notification ab...

Page 172: ...Secure Anti Virus for Microsoft Exchange filters disallowed content in inbound outbound and internal messages Filter out e mail messages with disallowed undesirable content Specify whether e mail mes...

Page 173: ...lowed keywords Report only Deliver the message to the recipient and notify the administrator that the scanned message contained disallowed content Drop the whole message Do not deliver the message to...

Page 174: ...ecify whether the administrator is notified when F Secure Anti Virus for Microsoft Exchange finds a message with disallowed content Configure the Alert Forwarding table to specify where the alert is s...

Page 175: ...CHAPTER6 175 Administration with Web Console For example to match the SPAM string enter spam 6 3 6 Security Options Configure security options to limit actions on malformed and problematic messages...

Page 176: ...rformance Trusted senders and recipients List of trusted senders Specify senders who are excluded from the mail scanning and processing List of trusted recipients Specify recipients who are excluded f...

Page 177: ...setting Exceeding nesting levels are not scanned but the message is delivered to the recipient Action on malformed mails Specify the action for non RFC compliant e mails If the message has an incorrec...

Page 178: ...he administrator is notified when F Secure Anti Virus for Microsoft Exchange detects a malformed or a suspicious e mail message Configure the Alert Forwarding table to specify where the alert is sent...

Page 179: ...179 Administration with Web Console 6 4 Storage Protection Configure Storage Protection settings to specify how e mail messages and attachments in selected mailboxes and public folders should be scann...

Page 180: ...reset of statistics Infected items Displays the number of items that are infected and cannot be automatically disinfected Grayware items Displays the number of grayware items including spyware adware...

Page 181: ...CHAPTER6 181 Administration with Web Console 6 4 1 Real Time Scanning The real time scanning can automatically scan messages that have been created or received General Real Time Scanning Settings...

Page 182: ...esult After the specified time the client that tries to access the scanned message gets the virus scanning in progress notificaion File Type Recognition Intelligent file type recognition Select whethe...

Page 183: ...ify messages and attachments in the Microsoft Exchange Storage that should be scanned for malicious code Targets Scan mailboxes Specify mailboxes that are scanned for viruses Do not scan mailboxes Dis...

Page 184: ...folders Click Edit to add or remove public folders that should be scanned Scan all except excluded public folders Do not scan specified public folders but scan all other Click Edit to add or remove p...

Page 185: ...y whether infected attachments are quarantined Do not quarantine these infections Specify virus and malware infections that are never placed in the quarantine For more information see Match Lists 255...

Page 186: ...are items during real time scanning Scan messages for grayware Enable or disable the grayware scan Actions Action on grayware Specify the action to take on items which contain grayware Report only Lea...

Page 187: ...om the scan For more information see Match Lists 255 Quarantine dropped grayware Specify whether grayware attachments are quarantined when dropped Do not quarantine this grayware Specify grayware that...

Page 188: ...ives Specify if files inside archives are scanned for viruses and other malicious code Targets List of files to scan inside archives Specify files that are scanned for viruses inside archives Exclude...

Page 189: ...lt setting is 3 Actions Action on max nested archives Specify the action to take on nested archives with nesting levels exceeding the upper level specified in the Max Levels in Nested Archives setting...

Page 190: ...in the message Drop archive Remove the password protected archive from the message Quarantine dropped archives Specify whether archives that are not delivered to recipients are placed in the quaranti...

Page 191: ...CHAPTER6 191 Administration with Web Console 6 4 2 Manual Scanning You can scan mailboxes and public folders for viruses and strip attachments manually at any time...

Page 192: ...time left when the manual scan is running Elapsed time Displays how long it has been since the manual scan started Processed items Displays the number of items processed during the scan Infected items...

Page 193: ...scan Click Stop Scanning to stop the manual scan Click View Scanning Report to view the latest manual scan report General If the manual scan scans an item that has not been previously scanned for viru...

Page 194: ...dd or remove mailboxes that should not be scanned Scan public folders Specify public folders that are scanned for viruses Do not scan public folders Do not scan any public folders during the manual sc...

Page 195: ...tensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Using Inte...

Page 196: ...ble or disable the attachment stripping Targets Strip these attachments Specify which attachments are stripped from messages For more information see Match Lists 255 Exclude these attachments Specify...

Page 197: ...antine these attachments Specify files which are not quarantined even when they are stripped For more information see Match Lists 255 Notifications Replacement Text Template Specify the template for t...

Page 198: ...be scanned for malicious code during the manual scan Scan messages for viruses Enable or disable the virus scan The virus scan scans messages for viruses and other malicious code Disabling virus scan...

Page 199: ...are not scanned Leave the list empty if you do not want to exclude any attachments from the scanning Actions Try to disinfect Specify whether the product should try to disinfect an infected attachment...

Page 200: ...ng Notifications Replacement text template Specify the template for the text that replaces the infected attachment when the infected attachment is removed from the message For more information see Mes...

Page 201: ...on list Specify the list of keywords for grayware types that are not scanned Leave the list empty if you do not want to exclude any grayware types from the scan For more information see Match Lists 25...

Page 202: ...e scanned for viruses and other malicious code Targets List of files to scan inside archives Specify files inside archives that are scanned for viruses For more information see Match Lists 255 Exclude...

Page 203: ...sallowed content Pass through Deliver the message with the archive to the recipient Drop archive Remove the archive from the message and deliver the message to the recipient without it Drop the whole...

Page 204: ...r for the next time Pass through Deliver the message with the archive to the recipient Drop archive Remove the password protected archive from the message Quarantine dropped archives Specify whether a...

Page 205: ...k Add new task in the Scheduled Scanning page to start the Scheduled Operation Wizard Step 1 Specify Scanning Task Name and Schedule Enter the name for the new task and select how frequently you want...

Page 206: ...e date when the first operation is scheduled to start Start time Enter the start time of the task in hh mm format Start date Enter the start date of the task in mm dd yyyy format Targets Scan mailboxe...

Page 207: ...can all other Click Edit to add or remove public folders that should not be scanned Incremental scanning Specify whether you want to process all messages or only those messages that have not been proc...

Page 208: ...messages Specify how many levels deep to scan in nested e mail messages A nested e mail message is a message that includes one or more e mail messages as attachments If zero 0 is specified the maximu...

Page 209: ...ments that are not filtered Leave the list empty if you do not want to exclude any attachments from the filtering Action Quarantine stripped attachments Specify whether stripped attachments are quaran...

Page 210: ...ns messages for viruses and other malicious code If you disable the virus scan grayware scanning and archive processing are disabled as well Heuristic Scanning Enable or disable the heuristic scanning...

Page 211: ...sinfection succeeds the product does not process the attachment further Disinfection may affect the product performance Infected files inside archives are not disinfected even when the setting is enab...

Page 212: ...ecify the action to take on items which contain grayware Report only Leave grayware items in the message and notify the administrator Drop attachment Remove grayware items from the message Grayware ex...

Page 213: ...s are quarantined when dropped Do not quarantine this grayware Specify grayware that are never placed in the quarantine For more information see Match Lists 255 Notifications Replacement text template...

Page 214: ...side other archives the product scans when Scan Viruses Inside Archives is enabled Detect disallowed files inside archives Specify files which are not allowed inside archives For more information see...

Page 215: ...protected with passwords These archives can be opened only with a valid password so the product cannot scan their content Pass through Deliver the message with the password protected archive to the r...

Page 216: ...incoming messages are scanned for spam see Administering F Secure Spam Control 278 The threat detection engine of F Secure Anti Virus for Microsoft Exchange can identify spam and virus patterns from...

Page 217: ...The Status page displays the statistics of the spam scanner Spam scanner version Displays the version number of the installed spam scanner Number of processed messages Displays the total number of pr...

Page 218: ...f the quarantined content for example searching for and deleting quarantined content For more information about searching and deleting quarantined content see Quarantine Management 261 Last updated Di...

Page 219: ...tools and other unwanted applications Disallowed content Displays the number of messages that have been found to contain disallowed keywords in the message subject or text Suspicious Displays the num...

Page 220: ...age to search for the quarantined content For more information see Searching the Quarantined Content 264 6 6 2 Options You can configure the quarantine storage location and threshold how quarantined f...

Page 221: ...ine it saves the content as separate files into the Quarantine Storage and inserts an entry to the Quarantine Database with information about the quarantined content Quarantine storage Quarantine stor...

Page 222: ...ge is from 0 to 10240 Quarantined items threshold Specify the critical number of items in the Quarantine storage If the specified value is reached or exceeded the product sends an alert If zero 0 is s...

Page 223: ...with Web Console Quarantine Maintenance When quarantined content is reprocessed it is scanned again and if it is found clean it is sent to the intended recipients For more information see Reprocessing...

Page 224: ...the action on unsafe messages after the maximum number of reprocesses have been attempted Leave in Quarantine Leave messages in the Quarantine and process them manually Release to Intended Recipients...

Page 225: ...ve Enable or disable the selected entry in the table Quarantine category Select a category the retention period or cleanup interval of which you want to modify The categories are Infected Suspicious D...

Page 226: ...Database You can specify the database where information about quarantined e mails is stored and from which it is retrieved Quarantine database SQL server name The name of the SQL server where the data...

Page 227: ...the quarantine database with the configured user name and password Quarantine Logging Database name The name of the quarantine database The default name is FSMSE_Quarantine User name The user name the...

Page 228: ...and spam databases are not up to date updates are downloaded automatically Click Change communication settings to configure how the product connects to F Secure Update Server For more information see...

Page 229: ...te Channel name Displays the channel from where the updates are downloaded Channel address Displays the address of the Automatic Updates Server Latest installed update Displays the version and name of...

Page 230: ...ded and installed update packages Last check result Displays the result of the last update check Next check time Displays the date and time for the next update check Last successful check time Display...

Page 231: ...ole 6 7 1 Communications Specify how the product connects to F Secure Update Server Automatic Updates General Settings Edit General settings to select whether you want to use automatic updates and how...

Page 232: ...Allow fetching updates from F Secure Update Server Specify whether the product should connect to F Secure Update Server when it cannot connect to any user specified update server To edit the list of...

Page 233: ...r proxies If no update servers are configured the product retrieves the latest virus definition updates from F Secure Update Server automatically To add a new update source address to the list follow...

Page 234: ...m the primary sources first secondary update sources can be used as a backup The product connects to the source with the smallest priority number first 1 If the connection to that source fails it trie...

Page 235: ...rver statistics and the current status of scanning engines Server Statistics Number of scanned files The number of files that have been scanned Last virus database update The last date and time when t...

Page 236: ...Working directory and performance under the advanced settings Last time infection found The date and time when the last infection was found Last infection found The name of the last infection that was...

Page 237: ...checking Notify when databases are older than Specify when virus definition databases are outdated If databases are older than the specified amount of days F Secure Content Scanner Server sends an ale...

Page 238: ...rmation see Alerts 251 Database verification Verify integrity of downloaded databases Specify whether the product verifies that the downloaded virus definition databases are the original databases pub...

Page 239: ...CHAPTER6 239 Administration with Web Console Proxy Server F Secure Content Scanner Server can use a proxy server to connect to the threat detection center...

Page 240: ...on method to use to authenticate to the proxy server NoAuth The proxy server does not require authentication Basic The proxy uses the basic authentication scheme NTLM The proxy uses NTLM authenticatio...

Page 241: ...utbreak patterns from messages Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service By default the cache size is 10000 cached patterns Class ca...

Page 242: ...when the threat detection center cannot be contacted and the threat detection engine cannot classify the message Pass through The message is passed through without scanning it for spam Heuristic Scann...

Page 243: ...t performance Working directory Working directory Specify the working directory Enter the complete path to the field or click Browse to browse to the path you want to set as the new working directory...

Page 244: ...rver via shared memory in the local interaction mode When the amount of data exceeds the specified limit a local temporary file will be used for data transfer If the option is set to zero 0 all data t...

Page 245: ...ge at a time this setting defines how many messages undergo the spam analysis simultaneously You have to restart the Content Scanner Server after you change this setting to take the new setting into u...

Page 246: ...246 6 9 Server Properties The Host information displays the following details of the host WINS name DNS names IP addresses Unique ID...

Page 247: ...MTP sender hosts and mail recipients belong to one of the specified internal domains internal recipients 2 E mail messages are considered outbound if they come from internal SMTP sender hosts and mail...

Page 248: ...om internal example net Internal SMTP senders Specify the IP addresses of hosts that belong to your organization Specify all hosts within the organization that send messages to Exchange Edge or Hub se...

Page 249: ...rs in the organization use other than Microsoft Outlook e mail client to send and receive e mail it is recommended to specify all end user workstations as Internal SMTP Senders If the organization has...

Page 250: ...cify the URL of F Secure Policy Manager Server Do not add a slash at the end of the URL For example http fsms example com Select Stand alone if you use F Secure Anti Virus for Exchange Web Console to...

Page 251: ...s severity level You can send the alert to any of the following F Secure Policy Manager Windows Event Log If you choose to forward alerts to e mail specify the SMTP server address alert message subjec...

Page 252: ...ient 3 Select the types of alerts that are to be sent to this address 4 Click Apply Web Console Informational and warning level alerts are not sent to F Secure Policy Manager Console by default If you...

Page 253: ...a warning The default value is 60 minutes Connections Listen on address Specify the IP address of the F Secure Anti Virus for Microsoft Exchange Web Console Server Port Specify the port where the ser...

Page 254: ...Anti Virus for Microsoft Exchange for sending warning and informational messages to the end users for example recipients senders and mailbox owners Make sure that the notification sender address is a...

Page 255: ...ith Web Console 6 9 4 Lists and Templates Match Lists are lists of file name patterns keywords or e mail addresses that can be used with certain product settings Message Templates can be used for noti...

Page 256: ...If you are creating a new match list specify the name for the new match list Type Specify whether the list contains keywords file patterns or email addresses Filter Specify file names extensions keyw...

Page 257: ...the name of an existing template to edit it or Add new item to create a new template Name Select the template you want to edit If you are creating a new template specify the name for the new template...

Page 258: ...dy Specify the notification message text For more information about the variables you can use in notification messages see Variables in Warning Messages 296 Description Specify a short description for...

Page 259: ...defined malware to F Secure for analysis Max submission attempts Specify how many times the product attempts to send the sample if the submission fails Resend interval Specify the time interval in min...

Page 260: ...on timeout Specify the time in seconds how long the product tries to contact the F Secure Hospital server Send timeout Specify the time in seconds how long the product waits for the sample submission...

Page 261: ...NTINE MANAGEMENT Introduction 262 Configuring Quarantine Options 264 Quarantine Status 264 Searching the Quarantined Content 264 Query Results Page 269 Quarantine Operations 271 Moving the Quarantine...

Page 262: ...us for Microsoft Exchange Web Console The quarantine consists of Quarantine Database and Quarantine Storage Quarantine Database The quarantine database contains information about the quarantined messa...

Page 263: ...rom a single F Secure Anti Virus for Microsoft Exchange Web Console 7 1 1 Quarantine Reasons The quarantine storage can store Messages and attachmentts that are infected and cannot be automatically di...

Page 264: ...3 1 Quarantine Logging To view the Quarantine Log open the Quarantine page Then click the View Quarantine Log link In centrally managed installations the quarantine settings are configured with F sec...

Page 265: ...antine ID of the quarantined message The quarantine ID is displayed in the notification sent to the user about the quarantined message and in the alert message Object type Select the type of the quara...

Page 266: ...time but you can widen the search by using the wildcards Recipients Enter the e mail address of the message recipient Subject Enter the message subject to be used as search criteria Message ID Enter t...

Page 267: ...ot been released yet E mails to be reprocessed Displays only e mails that are currently set to be reprocessed but have not been reprocessed yet E mails to be released or reprocessed Displays e mails t...

Page 268: ...se the following SQL wildcards in the quarantine queries Wildcard Explanation Any string of zero or more characters _ underscore Any single character Any single character within the specified range a...

Page 269: ...ail status Quarantined e mail The administrator has not specified any actions to be taken on this e mail Quarantined e mail with attachments The administrator has not specified any actions to be taken...

Page 270: ...arantined mails and attachments Quarantined e mail set to be released which failed Quarantined e mail set to be reprocessed which failed Quarantined e mail set to be submitted to F Secure which failed...

Page 271: ...ntine storage after you have searched the quarantined content you want to process Location The location of the mailbox or public folder where the quarantined attachment was found Quarantined attachmen...

Page 272: ...ion see Removing the Quarantined Content 275 Click Send to F Secure to submit a sample of quarantined content to F Secure for analysis Quarantined Attachment Operations You can select an operation to...

Page 273: ...sorted select the sorting criteria and order from the Sort results and order drop down menus 4 Select the number of items to be displayed on a results page from the Display drop down menu 5 Click the...

Page 274: ...ined a When the quarantined content is an e mail message click the Release to release the displayed quarantined content The Release Quarantined Content dialog opens b When the quarantine contains an a...

Page 275: ...quarantined messages that have been classified as spam Click the Delete All button to delete all the displayed quarantined content 5 You are prompted to confirm the deletion Click OK The content is n...

Page 276: ...ntine storage directory make sure that the directory exists and it has proper security permissions You can use the xcopy command to create and change the Quarantine storage directory by copying the ex...

Page 277: ...ame and F Secure Quarantine Storage as the description ii On the Permissions page select Administrators have full access other users have read only access Note that the Quarantine storage has file dir...

Page 278: ...278 8 ADMINISTERING F SECURE SPAM CONTROL Overview 279 Spam Control Settings in Centrally Managed Environments 280 Spam Control Settings in Web Console 284 Realtime Blackhole List Configuration 289...

Page 279: ...Update Agent Database updates are digitally signed for maximum security and you can use only these updates for updating the F Secure Spam Control spam definition databases In Microsoft Exchange 2007...

Page 280: ...t even if you enable spam filtering For information on configuring Realtime Blackhole Lists see Realtime Blackhole List Configuration 289 Heuristic Spam Analysis Specify whether heuristic spam analysi...

Page 281: ...ular mails will be falsely identified as spam Action on Spam Messages Specify actions to take with messages considered as spam based on the spam filtering level Quarantine Place the message into the q...

Page 282: ...as spam The default value is SPAM Forward Spam Messages To E mail Address Specify the e mail address where messages considered as spam are forwarded when the Action on Spam Messages setting is set to...

Page 283: ...velope not from the message headers Max Message Size Specify the maximum size in kilobytes of messages to be scanned for spam If the size of the message exceeds the maximum size the message is not fil...

Page 284: ...284 8 3 Spam Control Settings in Web Console You can configure the spam control settings under the Options page in Spam Control...

Page 285: ...hat the threat detection engine does not classify as spam are further analyzed for spam When the heuristic spam analysis is disabled only the threat detection engine filters messages for spam Heuristi...

Page 286: ...arded when the Action on Spam Messages setting is set to Forward Spam confidence level Click Add new action to add a new action for messages with the spam level above the specified Spam Filtering Leve...

Page 287: ...separated list of tests run against the mail Modify spam message subject Specify if the product modifies the subject of mail messages considered as spam Add this text to spam message subject Specify...

Page 288: ...rom the specified addresses are always treated as spam List of blocked recipients Specify blocked recipients Messages sent to the specified addresses are always treated as spam The product checks the...

Page 289: ...g The primary DNS server should be configured to allow recursive DNS queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the ho...

Page 290: ...see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DUL Tests like RCVD_IN_DS...

Page 291: ...g time for each mail increases when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default th...

Page 292: ...500 has been set to 5 To take the new setting into use restart F Secure Content Scanner Server IMPORTANT Each additional instance of the Spam Scanner takes approximately 25Mb of memory process fsavsd...

Page 293: ...293 9 UPDATING VIRUS AND SPAM DEFINITION DATABASES Overview 294 Automatic Updates with F Secure Automatic Update Agent 294 Configuring Automatic Updates 294...

Page 294: ...affic detection to make sure that it works without disturbing other Internet traffic even over a slow line You may install and use F Secure Automatic Update Agent in conjunction with licensed F Secure...

Page 295: ...te Agent settings To change these settings you need to use F Secure Policy Manager Console For more information see F Secure Automatic Update Agent Settings 147 If necessary reconfigure the firewall a...

Page 296: ...296 A APPENDIX Variables in Warning Messages List of Variables 297...

Page 297: ...t the corresponding variable will be replaced with Unknown Variable Description ANTI VIRUS SERVER The DNS WINS name or IP address of F Secure Anti Virus for Microsoft Exchange NAME OF SENDER The e mai...

Page 298: ...ME The name of the original file or attachment AFFECTED FILESIZE The size of the original file or attachment THREAT The name of the threat that was found in the content For example it can contain the...

Page 299: ...299 B APPENDIX Services and Processes List of Services and Processes 300...

Page 300: ...ading and writing policy settings statistics and sending alerts F Secure Automatic Update Agent fsaua exe This service takes care of fetching updates from FSPM or FS Update server F Secure Content Sca...

Page 301: ...t Agent is an FSMA service responsible for starting other services and monitoring them F Secure Network Request Broker fnrb32 exe The service handles the communication with F Secure Policy Manager via...

Page 302: ...e LogFile log Windows event log and SMTP server fsm32 exe The F Secure Settings and Statistics User Interface The process is not running unless the user is logged in to the system fih32 exe F Secure I...

Page 303: ...on a Cluster Installation Overview 304 Creating Quarantine Storage 305 Administering the Cluster Installation with F Secure Policy Manager 328 Using the Quarantine in the Cluster Installation 329 Uni...

Page 304: ...entication and SQL Server Authentication After the installation make sure that Named Pipes and TCP IP protocols are enabled in SQL Server network configuration 3 Create the quarantine storage where th...

Page 305: ...ure Policy Manager 328 6 Log on each node and configure the Web Console to accept connections from authorized hosts C 2 Creating Quarantine Storage Follow instructions in this section to create the Qu...

Page 306: ...306 Enter the following information Name F Secure Quarantine Storage Resource Type File Share Group make sure that your Exchange Virtual Server is selected Click Next 5 Possible Owners dialog opens...

Page 307: ...APPENDIX C 307 Deploying the Product on a Cluster 6 Verify that all nodes that are running Exchange Server are listed under Possible owners and click Next 7 Dependencies dialog opens...

Page 308: ...opens Type FSAVMSEQS as Share name Note the dollar character at the end of the share name makes the share hidden when you view network resources of the cluster with Windows Explorer Enter the director...

Page 309: ...and Read permissions for Exchange Domain Servers and SYSTEM and Full Control Change and Read permissions for Administrator account Click OK 10 In File Share Parameters dialog click Advanced Make sure...

Page 310: ...d computer This computer should be the member of the same domain as your Exchange Servers 1 Log on to the server where you plan to create the quarantine storage for example APPSERVER with a domain adm...

Page 311: ...ions 5 Permissions dialog opens Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names Remove Everyone account Grant Change and Read permissions for Exchange Domain Servers an...

Page 312: ...r Click OK 7 To verify that the quarantine storage is accessible log on as the domain administrator to any node in the cluster and try to open Server FSAVMSEQS with Windows Explorer where Server is th...

Page 313: ...example create Quarantine directory on disk D 3 Go to Start menu All Programs Administrative Tools Cluster Administrator 4 Right click the Exchange Virtual Server under the Groups and select New Reso...

Page 314: ...314 Click Next to continue 7 Select the Exchange Server Network Name and the Physical Disk under Available resources and click Add to move them to the Resource dependencies list Click Next to continue...

Page 315: ...nge permissions 9 Change permissions as follows a Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names list b Remove the Everyone account c Grant Change and Read permissions...

Page 316: ...lick OK to continue 10 Click Advanced to open Advanced File Share Properties Make sure that Normal share is selected Click OK to continue 11 Click Finish to create the F Secure Quarantine Storage reso...

Page 317: ...or account 2 Create a directory for the quarantine storage on the physical disk shared by the cluster nodes You can create it on the same disk where the Exchange Server storage and logs are located 3...

Page 318: ...s Exchange Servers and SYSTEM with Contributor permission levels Press Share to close the window and enable the share 4 Check that everything is configured correctly The Failover Cluster Manager view...

Page 319: ...Continuous Cluster Replication Environment For a Continuous Cluster Replication CCR cluster installation the quarantine storage must be set on a dedicated computer This computer has to be a member in...

Page 320: ...cure Quarantine Storage as comment b Make sure that User Limit is set to Maximum allowed Click Permissions to set permissions The dollar character at the end of the share name makes the share hidden w...

Page 321: ...all existing groups and users a Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names list b Grant Change and Read permissions for Exchange Domain Servers and SYSTEM c Grant...

Page 322: ...or Exchange Domain Servers and SYSTEM c Grant all permissions for the Administrator account Click OK to finish To make sure that the quarantine storage is accessible follow these instructions 1 Log on...

Page 323: ...tor account 2 Run F Secure Anti Virus for Microsoft Exchange setup wizard Install the product in the centralized management mode Specify the IP address of F Secure Policy Manager Server and admin pub...

Page 324: ...he quarantine database Select the server running Microsoft SQL Server 5 The setup program asks to specify the database name where quarantined items are stored Specify the name for the database and ent...

Page 325: ...ive node C 3 2 Installing on Active Active Cluster This section describes how to install the product on an active active cluster 1 Log on to the first node of the cluster using a domain administrator...

Page 326: ...stallation as the Quarantine Directory For example Server FSAVMSEQS where Server is the name of the server where you created the quarantine storage share 4 The setup program asks to specify the SQL Se...

Page 327: ...ame for the database and enter user name and password that will be used to access the database 6 Complete the installation on the first active node 7 Log on to the second node of the cluster using a d...

Page 328: ...your organization or network domain Import all cluster nodes to this subdomain To change product configuration on all cluster nodes follow these instructions 1 Select the cluster subdomain in the Pol...

Page 329: ...Manager Server C 5 Using the Quarantine in the Cluster Installation You can manage quarantined items with the Web Console by connecting to any node of the cluster You can release reprocess and downlo...

Page 330: ...lControl and Special for the Pickup Folder for the Exchange Servers group or directly for the Mailbox Role Servers Mailbox Role Server 1 Open the Windows Registry Editor and go to HKEY_LOCAL_MACHINE S...

Page 331: ...uct from passive nodes 3 After the product has been uninstalled from every node reboot computers one at the time C 7 Troubleshooting If the product fails to quarantine a file or reports that the quara...

Page 332: ...332 D APPENDIX Sending E mail Alerts And Reports Overview 333 Solution 333...

Page 333: ...ed even on servers that are not connected to the Internet By default only e mail messages that come from authenticated or allowed sources can be relayed This means that the product cannot send SMTP al...

Page 334: ...accepted_hosts is the IP address or IP address range from which inbound connections are accepted The IP address or IP address range can be entered in one of the following formats IP address 192 168 1...

Page 335: ...sages grant ms Exch SMTP Accept Any Recipient the permission to the anonymous account To do this run the following command Get ReceiveConnector connector_name Add ADPermission User NT AUTHORITY ANONYM...

Page 336: ...336 E TROUBLESHOOTING Overview 337 Starting and Stopping 337 Viewing the Log File 338 Common Problems and Solutions 338 Frequently Asked Questions 343...

Page 337: ...or Microsoft Exchange Web Console and select Home Services Click Start to activate F Secure Anti Virus for Microsoft Exchange and Stop to stop it From the command line when the product is installed on...

Page 338: ...alerts generated by the host regardless of the severity Logfile log file size can be configured in F Secure Management Agent Settings Alerting Alert Agents Logfile Maximum File Size Quarantine Logs Q...

Page 339: ...m the command line on the Microsoft Exchange Server telnet 127 0 0 1 18971 If you get the cursor blinking in the upper left corner it means that the connection has been established and F Secure Conten...

Page 340: ...e is unable to contact F Secure Content Scanner Server A service or process may not be running on F Secure Content Scanner Server Make sure that all processes and services of F Secure Content Scanner...

Page 341: ...le Daemon Check the Task Manager The following process should be running fswebuid exe 2 If you try to connect to the F Secure Anti Virus for Microsoft Exchange Web Console from a remote host make sure...

Page 342: ...he Quarantine storage on a FAT drive everyone who has access to that drive will be able to get access to the quarantined content Create and adjust access rights to the Quarantine storage manually if y...

Page 343: ...ubleshooting E 5 Frequently Asked Questions All support issues frequently asked questions and hotfixes can be found under the support pages at http support f secure com For more information see Techni...

Page 344: ...344 Technical Support F Secure Online Support Resources 345 Web Club 347 Virus Descriptions on the Web 347...

Page 345: ...mple Anti Virus Norway f secure com If there is no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an online Web submit f...

Page 346: ...the version number of the operating system on which F Secure products and protected systems are running For Windows include the build number and Service Pack number The version number and the configur...

Page 347: ...he banner Alternatively right click on the F Secure icon in the Window taskbar and choose the Web Club command To connect to the Web Club directly from within your Web browser go to http www f secure...

Page 348: ...er in the market of internet and computer security The solutions are also available as licensed products through thousands of resellers globally F Secure aspires to be the most reliable mobile and com...

Page 349: ......

Reviews:

No comments

Related manuals for ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 -

PowerShot SX1 IS

Brand: Canon Pages: 48

Brand: Canon Pages: 2

Brand: Native Instruments Pages: 49

Brand: HP Pages: 4

Brand: FARONICS Pages: 42

CLUSTER FOR ENTERPRISE LINUX 5.0

Brand: Red Hat Pages: 114

BRIGHTMAIL GATEWAY SMALL BUSINESS EDITION

Brand: Symantec Pages: 4

Brand: Symantec Pages: 30

TWIG CONFIGURATOR

Brand: Benefon Pages: 28

Brand: FujiFilm Pages: 55

MOBILE SECURITY FOR S60 -

Brand: F-SECURE Pages: 33

Brand: Labelmaster Pages: 81

HISCDE-AB-IA - Host Intrusion Prevention

Brand: McAfee Pages: 154

Brand: FARONICS Pages: 99

C8 - DocuPrint Color Inkjet Printer

Brand: Xerox Pages: 26

Brand: Canon Pages: 170

Brand: Asus Pages: 77

ThinkCentre M50

Brand: Lenovo Pages: 440

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands