background image

F-Secure Anti-Virus for 

Microsoft Exchange

Administrator’s Guide

Содержание ANTI-VIRUS - FOR MICROSOFT EXCHANGE

Страница 1: ...F Secure Anti Virus for Microsoft Exchange Administrator s Guide...

Страница 2: ...ransmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2008 F Secure Corporation All rights reser...

Страница 3: ...Chapter 2 Requirements 19 2 1 Which SQL Server to Use for the Quarantine Database 20 2 2 Network Requirements 21 2 3 Web Browser Software Requirements 22 2 4 Improving Reliability and Performance 23...

Страница 4: ...ts 90 4 2 4 Content Filtering 100 4 2 5 Manual Scanning 107 4 2 6 Quarantine 111 4 2 7 Advanced 121 4 2 8 Internal Domains 127 4 3 F Secure Content Scanner Server Settings 129 4 3 1 Summary 129 4 3 2...

Страница 5: ...pam Control Settings in Web Console 180 6 3 Realtime Blackhole List Configuration 185 6 3 1 Enabling Realtime Blackhole Lists 185 6 3 2 Optimizing F Secure Spam Control Performance 187 Chapter 7 Updat...

Страница 6: ...C 4 1 Installing Service Packs 207 C 4 2 Securing the Quarantine 207 C 5 Frequently Asked Questions 208 C 6 F Secure Automatic Update Agent Troubleshooting 213 Technical Support 218 F Secure Online S...

Страница 7: ...7 ABOUT THIS GUIDE How This Guide Is Organized 8 Conventions Used in F Secure Guides 13...

Страница 8: ...Web Console Instructions how to administer F Secure Anti Virus for Microsoft Exchange with the Web Console Chapter 6 Administering F Secure Spam Control General information about and instructions on...

Страница 9: ...black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a situ...

Страница 10: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Страница 11: ...11 1 INTRODUCTION Overview 12 How F Secure Anti Virus for Microsoft Exchange Works 13 Key Features 15 F Secure Anti Virus Mail Server and Gateway Products 17...

Страница 12: ...ny network from any malicious code that travels in HTTP or SMTP traffic In addition they protect your company network against spam The protection can be implemented on the gateway level to screen all...

Страница 13: ...oft Exchange can be configured to disinfect or drop the content Any malicious code found during the scan process can be placed in the Quarantine where it can be further examined Stripped attachments c...

Страница 14: ...to new and emerging threats In fact F Secure is one of the only companies to release tested virus definition updates on a daily basis to make sure our customers are receiving the highest quality serv...

Страница 15: ...osoft Exchange provides the following features and capabilities Superior Protection Superior detection rate with multiple scanning engines Automatic malicious code detection and disinfection Heuristic...

Страница 16: ...rus outbreaks Quarantined unsafe messages can be reprocessed automatically Transparency and Scalability Viruses are intercepted before they can enter the network and spread out on workstations and ser...

Страница 17: ...level F Secure Internet Gatekeeper works independently of firewall and e mail server solutions and does not affect their performance F Secure Anti Virus for Microsoft Exchange protects your Microsoft...

Страница 18: ...ans and blocks and filters out specified file types ActiveX and Java code can also be scanned or blocked The product receives updates automatically from F Secure keeping the virus protection always up...

Страница 19: ...MENTS Which SQL Server to Use for the Quarantine Database 20 Network Requirements 21 Web Browser Software Requirements 22 Improving Reliability and Performance 23 Configuring the Product After the Ins...

Страница 20: ...ktop Engine MSDE the Quarantine database size is limited to 2 GB MSDE includes a concurrent workload governor that limits the scalability of MSDE For more information see http msdn microsoft com libra...

Страница 21: ...ll scenarios described in this chapter Make sure that the following network traffic can travel If you plan to use Microsoft SQL Server 2005 you must purchase it and obtain your own license before you...

Страница 22: ...or 3 5 or later Any other web browser supporting HTTP 1 0 SSL Java scripts and cookies may be used as well Microsoft Internet Explorer 5 5 or earlier cannot be used to administer the product FSNRB Pro...

Страница 23: ...ze of mail messages is big or Microsoft Exchange Server has to process large messages regularly increasing the amount of physical memory increases the overall performance If large messages are process...

Страница 24: ...ition database updates Configure F Secure Anti Virus for Microsoft Exchange Use the F Secure Anti Virus for Microsoft Exchange Web Console to configure the settings of F Secure Anti Virus for Microsof...

Страница 25: ...for Microsoft Exchange 26 Using the Web Console 66 Checking the Product Status 29 Configuring the Web Console 32 Using F Secure Policy Manager Console 73 Modifying Settings and Viewing Statistics 33 M...

Страница 26: ...Console You can open F Secure Settings and Statistics by double clicking the F Secure icon in the Windows system tray 3 1 1 Logging in for the First Time Microsoft Internet Explorer 6 0 users The add...

Страница 27: ...click it to run the utility 3 The utility creates a certificate that will be issued to all local IP addresses and restarts the F Secure Anti Virus for Microsoft Exchange Web Console service to take t...

Страница 28: ...ficate Import Wizard 4 Follow the instructions in the Certificate Import Wizard When the wizard has completed you are prompted to add the new certificate in the Certificate Root Store Click Yes 5 If t...

Страница 29: ...all product status on the Home page The Home page displays an overview of each component status and most important statistics of the installed F Secure Anti Virus for Microsoft Exchange components Fro...

Страница 30: ...ntent Scanner Server statistics Status indicator Displays the status of F Secure Anti Virus for Microsoft Exchange Processed messages Displays the total number of messages that have been processed Inf...

Страница 31: ...er of the update for that day Scanned files Displays the number of files the server has scanned for viruses Last time infection found Displays the last infection detected by the server Status indicato...

Страница 32: ...tistics in a new Internet browser window Select File Save As to save or print the file for later use Click Configure Console to configure the F Secure Anti Virus for Microsoft Exchange Web Console For...

Страница 33: ...tration with Web Console 70 To view statistics for real time scanning select Summary on the options tree To reset all counters to zero click Reset Statistics To view statistics for the latest manual s...

Страница 34: ...s of mailboxes and Public Folders and the numbers of processed mailboxes and Public Folders In the bottom of the property page the results of the previous manual scan are shown the numbers of processe...

Страница 35: ...Secure Content Scanner Server 3 Click Next to continue If F Secure Anti Virus for Microsoft Exchange is operating on a system that has multiple processors or you are using a high performance computer...

Страница 36: ...xes Process only these mailboxes Process all specified mailboxes Process all except these mailboxes Process all except specified mailboxes Click Add to add a new mailbox to the list Click the checkbox...

Страница 37: ...e checked for viruses Do not scan attachments for viruses Process messages without scanning any attachments for viruses Scan all attachments Scan all message attachments regardless of filename extensi...

Страница 38: ...e Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to use Intelligent File Type Reco...

Страница 39: ...not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quarantine infected att...

Страница 40: ...not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments except these allowed Strip all except specified attachments Strip only these di...

Страница 41: ...pe Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quaran...

Страница 42: ...ified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the a...

Страница 43: ...ed Public Folders Process all except excluded public folders Process all notes posted to all Public Folders except the listed ones Click Add to add a new Public Folder to the list Click Clear to remov...

Страница 44: ...hments are checked for viruses Do not scan attachments for viruses Do not scan any attachments Scan all attachments Scan all message attachments Scan all attachments with these extensions Scan all att...

Страница 45: ...usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to u...

Страница 46: ...t or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quarantine infected attachments Spe...

Страница 47: ...Strip attachments Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all mess...

Страница 48: ...Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachments Specify whether stripped attachments should be quarantined or dropped Quarantine attachm...

Страница 49: ...ld be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert...

Страница 50: ...d displays the summary of created operation Click Finish accept the new manual scanning operation and to exit the wizard Creating Scheduled Operation Start the Scheduled Operation Wizard by clicking A...

Страница 51: ...ry day at the specified time starting from the specified date Weekly Every week at the specified time on the same day when the first operation is scheduled to start Monthly Every month at the specifie...

Страница 52: ...you want to process all messages or only those messages that have not been processed previously during the scheduled processing 2 Specify how many concurrent transactions the scanner can have with F...

Страница 53: ...ilboxes Process all mailboxes Process only these mailboxes Process all specified mailboxes Process all except these mailboxes Process all except specified mailboxes Click Add to add a new mailbox to t...

Страница 54: ...s to scan Specify which message attachments are checked for viruses Do not scan attachments for viruses Process messages without scanning any attachments for viruses Scan all attachments Scan all mess...

Страница 55: ...ile Type Recognition Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real...

Страница 56: ...pient Drop attachment Do not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachment...

Страница 57: ...ed operation Strip attachments Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments...

Страница 58: ...ed Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attach...

Страница 59: ...e administrator should be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an...

Страница 60: ...ers Process all except excluded public folders Process all notes posted to all Public Folders except the listed ones Click Add to add a new Public Folder to the list Click Clear to remove the selected...

Страница 61: ...tachments to scan Specify which message attachments are checked for viruses Do not scan attachments for viruses Do not scan any attachments Scan all attachments Scan all message attachments Scan all a...

Страница 62: ...e Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to use Intelligent File Type Reco...

Страница 63: ...op attachment Do not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quaran...

Страница 64: ...nts Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes...

Страница 65: ...le the attachment is processed Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined...

Страница 66: ...Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send wa...

Страница 67: ...events such as starting stopping modules low disk space etc Alerts are also sent when a program or operation has encountered a problem You can configure alert forwarding by editing the Alert Forwardi...

Страница 68: ...an send an alert to any of the following Windows Event Viewer E mail SNMP To forward alerts to an e mail specify the e mail address of the recipient Follow these instructions 1 Click Add to add a new...

Страница 69: ...ed alert is displayed in the following format Ack Click Ack to acknowledge the alert If all alerts are acknowledged Ack is grayed out Severity The severity of the alert Each severity level has its own...

Страница 70: ...ION WITH WEB CONSOLE Overview 71 F Secure Anti Virus for Microsoft Exchange Settings 71 F Secure Content Scanner Server Settings 129 F Secure Automatic Update Agent Settings 152 F Secure Management Ag...

Страница 71: ...ouble click the F Secure Settings and Statistics icon in the Windows system tray and double click F Secure Anti Virus for Microsoft Exchange or select it from the Start menu Programs F Secure Anti Vir...

Страница 72: ...72 4 2 1 Summary The Summary page displays the current status of the product and a summary of the most important product statistics Figure 4 1 Summary page...

Страница 73: ...the build number of installed F Secure Anti Virus for Microsoft Exchange Protected mailboxes Displays the number of currently protected mailboxes Protected public folders Displays the number of curren...

Страница 74: ...to be checked for malicious code Figure 4 2 Virus Scanning Statistics page Statistics Infections found Displays the total number of infections found Infections found within outbreak interval Displays...

Страница 75: ...attachments Infected Displays the number of attachments that have been infected with malicious code Suspicious Displays the number of stripped messages and messages that have not been scanned reliably...

Страница 76: ...dit the Virus Scanning Common settings to specify which messages should be scanned for malicious code Figure 4 3 Virus Scanning Common settings Note that you may have to scroll the page to view all th...

Страница 77: ...ename extensions You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes Separate the extensions by spaces Scan mail message body Specify whe...

Страница 78: ...safe content that has unsafe filename extension for example a text file using the doc filename extension Intelligent File Type Recognition can degrade the system performance Max level of nested messag...

Страница 79: ...messages are quarantined if the Quarantine Problematic Mails setting on the General Quarantine page is set to Yes Pass Through Nested e mail messages will be scanned up to level specified in the Max...

Страница 80: ...is found and to specify the trusted mailboxes and the warning messages for infected inbound mails These settings are specific to the mails that are destined to the internal domains defined under the G...

Страница 81: ...g Message to Sender setting enabled When this setting is enabled all messages are scanned when they enter the system The clean messages will be delivered to the mailbox server where they will be scann...

Страница 82: ...are sent to another store Notification message options Add warning message to the original message Specify whether a virus warning message should be added to the mail message which had infected conten...

Страница 83: ...content By default F Secure Anti Virus for Microsoft Exchange does not send the virus warning message to the sender The virus warning message will be sent to the sender of the infected message only i...

Страница 84: ...Virus Scanning Outbound Mail real time processing settings to define what should be done to infected outbound messages and set warning messages to infected outbound mails Figure 4 5 Virus Scanning Ou...

Страница 85: ...icrosoft Exchange to disinfect infected files and stop the whole message if an infection is found messages are not stopped if they are send from a MAPI client if they can be disinfected Messages are s...

Страница 86: ...de and to set warning messages to infected Public Folder notes Figure 4 6 Virus Scanning Public Folders settings Add disclaimer to all outgoing messages Specify whether you want to add a disclaimer to...

Страница 87: ...Public Folders from the list Examine public folders Examine public folders Specify public folders that should be scanned for viruses Do not scan public folders Do not process any Public Folders Scan...

Страница 88: ...eeds a specified value Notifications Send warning message to originator Specify whether a virus warning message should be sent to the original writer of the note which had infected content that could...

Страница 89: ...of infected objects that should be found within a specified time period for it to be considered as a virus outbreak Use the value zero 0 to disable the outbreak notification By default the outbreak no...

Страница 90: ...folders Send outbreak notification message Specify whether outbreak notification e mail should be sent to the notification addresses specified in the Notification Addresses setting when a virus outbr...

Страница 91: ...it On Access stripping attachments settings to set which attachments should be stripped during the on access scanning Statistics Attachments stripped Displays the number of stripped attachments in inb...

Страница 92: ...nts should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments exc...

Страница 93: ...attachment Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quarantine For more inf...

Страница 94: ...e Anti Virus for Microsoft Exchange does not send an informational message to the sender Notify administrator Specify whether the administrator should be notified when F Secure Anti Virus for Microsof...

Страница 95: ...ping Attachments Inbound Mail settings to specify which attachments should be stripped from the inbound mail For settings descriptions see below Figure 4 10 Stripping Attachments Inbound Mail settings...

Страница 96: ...ypes on the extensions lists by typing the file extensions in the file extensions text boxes Separate the extensions by spaces Enable File Type Recognition Trojans and other malicious code can disguis...

Страница 97: ...be excluded from real time content filtering and attachment stripping Trusted mailbox feature works only for messages that are sent directly to an address defined as trusted mailbox If the message ha...

Страница 98: ...o sender Specify whether an informational message should be sent to the sender of the mail message which had the stripped attachment Click Edit to edit the warning message that is sent to the sender o...

Страница 99: ...s see Inbound Mail 95 Send security alert Send a security alert to the administrator By default F Secure Anti Virus for Microsoft Exchange sends an informational alert to the administrator For more in...

Страница 100: ...Content Filtering settings specify how content should be filtered based on keywords found in message subject and content The Spam Control settings are also located under the Content Filtering branch...

Страница 101: ...total number of spam messages that have been found Size of spam messages Displays the total size of spam messages that have been found Filtered inbound messages Displays the total number of inbound me...

Страница 102: ...settings see Spam Control Settings in Web Console 180 Inbound Mail Edit Content Filtering Inbound Mail settings to define how content should be filtered in the inbound mail based on keywords in messa...

Страница 103: ...messages is filtered based on the subjects and texts of the messages as defined on this tab List of disallowed keywords in message subject Lists the keywords that are not allowed in message subject a...

Страница 104: ...dd new disallowed keywords or remove keywords from the list Select the checkbox in the column to mark the entries that you want to remove Click Clear to remove the selected entries from the list Trust...

Страница 105: ...content Quarantine message The filtered message is placed in the Quarantine Drop message The filtered message will be deleted automatically Send informational message to recipient Specify whether a wa...

Страница 106: ...For settings descriptions see Inbound Mail 102 Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning a...

Страница 107: ...CHAPTER4 107 Administration with Web Console Figure 4 14 Content Filtering Outbound Mail settings 4 2 5 Manual Scanning You can process mailboxes and public folders manually as needed...

Страница 108: ...108 Figure 4 15 Manual Processing page...

Страница 109: ...g Elapsed time Displays the time that has elapsed since the manual processing was started Processed number mailboxes Displays the number of mailboxes that have been processed out of the total number o...

Страница 110: ...uled Scan Tasks Figure 4 16 Scheduled Processing page Editing Scheduled Tasks The Scheduled tasks table displays all scheduled tasks and the date and time when the next scheduled task occurs for the n...

Страница 111: ...arantine Quarantine in F Secure Anti Virus for Microsoft Exchange is handled through a SQL database The product is able to quarantine e mails and attachments which contain malicious or otherwise unwan...

Страница 112: ...112 Quarantine Thresholds Figure 4 17 Quarantine thresholds settings...

Страница 113: ...disallowed attachments are stored and counted as separate items in the Quarantine storage For example if a message has three attachments and only one of them has been found infected two items will be...

Страница 114: ...the intended recipients For more information see Reprocessing the Quarantined Content 171 Notify when quarantine threshold is reached Specify how the administrator should be notified when the Quarant...

Страница 115: ...t are retained in the Quarantine Set the value to Disabled to keep all unsafe to process unsafe messages manually Max attempts to process unsafe messages Specify how many times the product tries to re...

Страница 116: ...ons table to change the retention period for a particular Quarantine category Delete old items every Specify how often the storage should be cleaned of old quarantined items Use the Quarantine Cleanup...

Страница 117: ...fe Retention period Specify an exception to the default retention period for the selected Quarantine category Cleanup interval Specify an exception to the default cleanup interval for the selected Qua...

Страница 118: ...ectory Specify the path for Quarantine log files Rotate quarantine logs Specify how often the product rotates Quarantine log files At the end of each rotation time a new log file is created Keep rotat...

Страница 119: ...les infected with mass worms or mail viruses such as Sobig or Bagle Quarantine problematic messages Specify if messages that contain malformed or broken attachments should be quarantined for later ana...

Страница 120: ...and from which it is retrieved Quarantine database SQL server name The name of the SQL server where the database is located Database name The name of the Quarantine database The default name is FSMSE...

Страница 121: ...anges to the Quarantine storage settings make sure that the new directory has the same rights IMPORTANT This setting must be defined as Final with the Restriction Editor before the policies are distri...

Страница 122: ...of times to try to send a message if sending it fails Mail sending timeout Specify the number of seconds to wait to try sending a message Scanning Interface Parameters Number of scanning threads Speci...

Страница 123: ...ecure Anti Virus for Microsoft Exchange polls new mailboxes every 60 minutes New Public Folder polling interval Specify how often F Secure Anti Virus for Microsoft Exchange should check for newly esta...

Страница 124: ...settings to configure the connection between F Secure Anti Virus for Microsoft Exchange and F Secure Content Scanner Server Figure 4 22 Advanced Scanning Servers settings Note that you may have to scr...

Страница 125: ...load sharing between them Backup Content Scanner Servers Specify F Secure Content Scanner Servers that act as backup servers for primary servers If F Secure Anti Virus for Microsoft Exchange cannot c...

Страница 126: ...interaction mode is disabled data is transferred via data stream sockets It is recommended to use the local interaction mode to obtain the optimum performance Maximum shared memory data size Specify t...

Страница 127: ...can use wildcard for example example com Working directory Specify the name and location of the Working directory where temporary files are placed During the installation F Secure Anti Virus for Micro...

Страница 128: ...and Content Filtering Inbound Mail settings Editing Internal Domain Addresses To add a new domain name to the list click Add You can use wildcard For example example com To import a list of domain ad...

Страница 129: ...f F Secure Content Scanner Server on the computer where the product is installed and running 4 3 1 Summary You can see the current status of the F Secure Content Scanner Server and virus and spam scan...

Страница 130: ...plays the current version number and build of F Secure Content Scanner Server Start time Displays the start date and time of F Secure Content Scanner Server Scanned files Displays how many files have...

Страница 131: ...the Summary Virus Statistics page in F Secure Anti Virus for Microsoft Exchange Web Console Database Update Version Displays the version of the virus definition database update The version is shown i...

Страница 132: ...ften found viruses during the specified time period It also displays the number of times each virus has been found and the percentage that each virus represents of the total number of viruses encounte...

Страница 133: ...rld Map support is enabled the product sends encrypted e mail reports periodically to the service These reports list only the name and the amount of found malware and they do not contain any sensitive...

Страница 134: ...and build number of the F Secure Spam Scanner Status Shows the status of the F Secure Spam Scanner The possible statuses are Unknown or not installed This status might be displayed right after install...

Страница 135: ...ine should be disabled for troubleshooting purposes only Loaded and enabled This status is normally shown for the scan engine It means that the engine has been loaded and will be used for scanning Dat...

Страница 136: ...strator if it detects that virus and or spam definition databases are outdated You can change the notification and other database updates settings on the Updates page For more information about virus...

Страница 137: ...on databases are the original databases published by F Secure Corporation and that they have not been altered or corrupted in any way before taking them to use Notify when databases become old Specify...

Страница 138: ...tes on the Scan Engines page Send warning alert Send a warning alert to the administrator Send security alert Send a security alert to the administrator Do not notify Do not send any notification to t...

Страница 139: ...can engines Scan Engine Displays the name of the scan engine Version Displays the version number of the scan engine Database Date Displays the date of the currently used virus definition database Last...

Страница 140: ...page Figure 4 29 Scan Engines Properties page Note that you have to scroll the page to view all the settings Scan engine Number of processed files Displays the number of files the selected scan engine...

Страница 141: ...tabase date Displays the date of the currently used virus definition database for the selected scan engine Last database update Displays the last date when the virus definition database was updated La...

Страница 142: ...0000 cached patterns Class cache size Specify the maximum number of patterns to cache for spam detection service By default the cache size is 10000 cached patterns Increasing cache sizes may increase...

Страница 143: ...cannot classify the message Pass through The message is passed through without scanning it for spam Heuristic Scanning F Secure Content Scanner Server checks the message using spam heuristics Trusted...

Страница 144: ...to the threat detection center Proxy server address Specify the address of the proxy server Proxy server port Specify the port number of the proxy server Authentication method Specify the authenticat...

Страница 145: ...TLM The proxy uses NTLM authentication scheme User name Specify the user name for the proxy server authentication Password Specify the password for the proxy server authentication Domain Specify the d...

Страница 146: ...anning F Secure Content Scanner Server can scan files inside archives You can change the archive scanning and other advanced settings in the Virus Scanning Archive Scanning page Figure 4 32 Archive Sc...

Страница 147: ...t archives with more nested levels than you have set above as safe or unsafe Treat as safe Archives are scanned to the specified level and allowed through if no infections are found Treat as unsafe Ar...

Страница 148: ...archive suspicious and corresponding action will be taken Scan these extensions in archive files Specify files that are scanned inside archives Click Modify to edit the list of extensions you want to...

Страница 149: ...are stored Figure 4 33 Advanced settings Advanced Working directory Specify the working directory Enter the complete path to the field or click Browse to browse to the path you want to set as the new...

Страница 150: ...the number of Spam Scanner instances to be created and used for spam analysis As one instance of the spam scanner is capable of processing one mail message at a time this setting defines how many mess...

Страница 151: ...nge Figure 4 34 Interface settings Service connections IP address Specify the IP address that F Secure Content Scanner Server listens to If you do not assign any IP address 0 0 0 0 F Secure Content Sc...

Страница 152: ...neous connections that F Secure Content Scanner Server accepts If you do not want to limit the number of connections set the value to 0 Limit max connections per host to Specify the maximum number of...

Страница 153: ...rsion number of F Secure Automatic Update Agent Channel name Displays the channel from where the updates are downloaded Channel address Displays the address of the Automatic Updates Server Latest inst...

Страница 154: ...update check Next check time Displays the date and time for the next update check Last successful check time Displays the date and time when the last successful update check was done Current HTTP prox...

Страница 155: ...he title of the downloaded package Download time Displays the download date and time Size Displays the size of the downloaded package TItle Displays the title of the downloaded package Installation ti...

Страница 156: ...156 4 4 2 Automatic Updates You can configure the Download options on the Downloads page Updates Enable automatic updates Select whether automatic updates are enabled or disabled...

Страница 157: ...ng Use Detect connection unless you experience problems with that setting The options available are Assume always connected Assume that the computer is always connected to the Internet Detect connecti...

Страница 158: ...gement Agent settings from F Secure Anti Virus for Microsoft Exchange Web Console Home page by clicking the Configure button in the F Secure Management Agent section Note that you may have to scroll t...

Страница 159: ...n on the host for example the DNS and WINS names and the IP address In addition it displays the date and time when the policy file that is currently in use was issued and the date and time when the ho...

Страница 160: ...Query Results Page 167 Viewing Details of a Quarantined Message 169 Reprocessing the Quarantined Content 171 Releasing the Quarantined Content 172 Removing the Quarantined Content 174 Deleting Old Qua...

Страница 161: ...ion see Performance Critical Installation 24 and Microsoft Exchange Cluster Environment 28 The quarantine consists of Quarantine database Quarantine storage Quarantine Database The quarantine database...

Страница 162: ...re Messages and attachments that are infected and cannot be automatically disinfected Infected Suspicious content for example password protected archives nested archives and malformed messages Suspici...

Страница 163: ...rantine Management 5 3 Searching the Quarantined Content You can search the quarantined content on the F Secure Anti Virus for Microsoft Exchange Quarantine page in the Web Console Figure 5 1 Quaranti...

Страница 164: ...age ID and the Sender host of the quarantined mail Mails and attachments Search for both quarantined mails and attachments Reason Select the quarantining reason from the drop down menu For more inform...

Страница 165: ...how the operation is progressing The options available are Unprocessed e mails Displays only e mails that the administrator has not set to be released reprocessed or deleted E mails to be released Di...

Страница 166: ...ute when the data has been quarantined Sort Results Specify how the search results are sorted by selecting one of the options in the Sort Results by drop down menu based on Date Sender Recipients Subj...

Страница 167: ...QID column For more information see Viewing Details of a Quarantined Message 169 The Query Results page displays status icons of the content that was found in the search Icon E mail status Quarantined...

Страница 168: ...d Content 172 Click Delete to delete the currently selected e mail from the quarantine or click Delete All to delete all e mail messages that were found For more information see Removing the Quarantin...

Страница 169: ...lete to delete the currently selected e mail from the quarantine or click Delete All to delete all e mail messages that were found For more information see Removing the Quarantined Content 174 5 5 Vie...

Страница 170: ...server The F Secure Anti Virus for Microsoft Exchange server that processed the message Sender The address of the message sender Recipients The addresses of all the message recipients Sender host The...

Страница 171: ...nt name The name of the attachment Attachment size The size of the attachment file Quarantine reason The reason why the content was quarantined Click Download to download the quarantined attachment to...

Страница 172: ...processed and found clean are delivered to the intended recipients They are also automatically deleted from the quarantine The progress of the reprocessing operation is displayed in the Web Console 5...

Страница 173: ...antined content The Release Quarantined Content dialog opens 5 Specify whether you want to release the content to the original recipient or specify an address where the content is to be forwarded 6 Sp...

Страница 174: ...ve been classified as spam Click the Delete All button to delete all the displayed quarantined content 5 You are prompted to confirm the deletion Click OK The content is now removed from the quarantin...

Страница 175: ...le 1 day in the Retention Period column 5 Specify a cleanup interval that is shorter than the default value for example 30 minutes in the Cleanup Interval column 6 Enable the exception you just create...

Страница 176: ...Quarantine Statistics page E mail messages and infected suspicious and disallowed attachments are stored and counted as separate items in the quarantine storage For example if a message has three att...

Страница 177: ...Quarantine storage is moved from C Program Files F Secure Quarantine Manager quarantine to D Quarantine 1 Stop F Secure Quarantine Manager service to prevent any quarantine operations while you move...

Страница 178: ...e name and F Secure Quarantine Storage as the description ii On the Permissions page select Administrators have full access other users have read only access Note that the Quarantine storage has file...

Страница 179: ...179 6 ADMINISTERING F SECURE SPAM CONTROL Overview 180 Spam Control Settings in Centrally Managed Environments 236 Spam Control Settings in Web Console 180 Realtime Blackhole List Configuration 185...

Страница 180: ...re Spam Control spam definition databases In Microsoft Exchange 2003 environment the Microsoft Exchange server can move messages to the Junk mail folder based on the spam confidence level value This f...

Страница 181: ...is not enabled by default even if you enable spam filtering from the settings For information on configuring Realtime Blackhole Lists see Realtime Blackhole List Configuration 185 Enable heuristic sp...

Страница 182: ...may be falsely identified as spam If the spam filtering level is set to 7 more spam will pass undetected but a smaller number of regular mails will be falsely identified as spam The allowed values ar...

Страница 183: ...mail is considered spam NO the mail is not considered spam Example X Spam Flag YES Add X Header with summary Specify if the summary of triggered hits will be added to the mail as X Spam Status header...

Страница 184: ...he text that will be added in the beginning of the subject of an e mail considered spam Maximum message size to process for spam Specify the maximum size of mail messages to be scanned for spam If the...

Страница 185: ...g The primary DNS server should be configured to allow recursive DNS queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the ho...

Страница 186: ...see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DUL Tests like RCVD_IN_D...

Страница 187: ...g time for each mail increases when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default th...

Страница 188: ...500 has been set to 5 To take the new setting into use restart F Secure Content Scanner Server IMPORTANT Each additional instance of the Spam Scanner takes approximately 25Mb of memory process fsavsd...

Страница 189: ...189 7 UPDATING VIRUS AND SPAM DEFINITION DATABASES Overview 190 Automatic Updates with F Secure Automatic Update Agent 190 Configuring Automatic Updates 190 Manual Updates 191...

Страница 190: ...pdate F Secure Automatic Update Agent uses HTTP protocol to fetch this update Virus and spam definition updates are digitally signed for maximum security You may install and use F Secure Automatic Upd...

Страница 191: ...it manually with a program called FSUPDATE or by downloading the LATEST ZIP file 7 4 1 Using FSUPDATE FSUPDATE is a program that automatically updates the virus definition database FSUPDATE can be dow...

Страница 192: ...192 A APPENDIX Variables in Warning Messages List of Variables 193 Outbreak Management Alert Variables 195...

Страница 193: ...e will be replaced with Unknown Variable Description ANTI VIRUS SERVER The DNS WINS name or IP address of F Secure Anti Virus for Microsoft Exchange CSS NAME The DNS WINS name or IP address of F Secur...

Страница 194: ...E The name of the original file or attachment AFFECTED FILESIZE The size of the original file or attachment THREAT The name of the threat that was found in the content For example it can contain the...

Страница 195: ...nt Alert Variables INTERVAL TIME Detection interval in minutes INTERVAL MINUTES Outbreak limit of infections within detection interval INFECTIONS LIMIT Actual number of infections found within the det...

Страница 196: ...d Processes F Secure Anti Virus for Microsoft Exchange 197 F Secure Content Scanner Server 198 F Secure Anti Virus for Microsoft Exchange Web Console 198 F Secure Management Agent FSMA 199 F Secure Au...

Страница 197: ...crosoft Exchange and it is used to get the whole system up and running fswbsthk exe The F Secure Web Storage Hook processes mail in mailboxes and public folders as well as composes and sends warning a...

Страница 198: ...tocol SCIP compliant clients F Secure Management Agent starts and controls the service automatically fsdbuh exe The Database Update Handler process verifies and checks the integrity of virus definitio...

Страница 199: ...nsible for starting other services and monitoring them fsmb32 exe F Secure Message Broker provides the inter process communication interface for integrated services and applications fch32 exe F Secure...

Страница 200: ...ndows event log and SMTP server fih32 exe F Secure Installation Handler enables the remote installation and updating of integrated F Secure products fsm32 exe The F Secure Settings and Statistics User...

Страница 201: ...cess that polls and automatically downloads virus and spam definition database updates from F Secure It also handles F Secure Automatic Updates Agent settings and provides the local user interface for...

Страница 202: ...02 C TROUBLESHOOTING Overview 203 Starting and Stopping 203 Viewing the Log File 203 Common Problems and Solutions 204 Frequently Asked Questions 208 F Secure Automatic Update Agent Troubleshooting 21...

Страница 203: ...Summary page and click Start to activate F Secure Anti Virus for Microsoft Exchange Click Stop to stop it From the command line enter NET STOP FSAVAG4MSE to the command line to stop the service and NE...

Страница 204: ...nt Scanner Server are up and running Checking F Secure Anti Virus for Microsoft Exchange 1 Make sure that F Secure Anti Virus for Microsoft Exchange service and all its processes have started Open Ser...

Страница 205: ...er running F Secure Anti Virus for Microsoft Exchange has two or more network interfaces including dial up modem connection make sure that all files forwarded to F Secure Content Scanner Server use th...

Страница 206: ...anagement Agent F Secure Network Request Broker Check the Task Manager The following processes should be running If any of these processes are not started uninstall and reinstall the F Secure Anti Vir...

Страница 207: ...nd I m worried about security of the local Quarantine storage where stripped attachments are quarantined What do you recommend me Solution F Secure Anti Virus for Microsoft Exchange creates and adjust...

Страница 208: ...running If a mail cannot be scanned access to it is not allowed Q Why does e mail stay in the Outbox for a while after being sent A F Secure Anti Virus for Microsoft Exchange scans each message for vi...

Страница 209: ...Content Scanner Server Settings Q Is it possible to strip attachments with size greater than or equal to a given value A No this is not possible at the moment Use the Exchange Manager to limit the siz...

Страница 210: ...it passes the virus scanner but it is not disinfected or stopped The real time scanner scans messages in the message store only once so when the infected message is sent from the trusted mailbox to a...

Страница 211: ...22 Recommendations for troubleshooting an Exchange computer with antivirus software installed describes what files and folders should never be scanned with file based antivirus software http support m...

Страница 212: ...for the same reason Q During the installation I get a notification that an application is requesting access to a protected system What causes this A You are using Windows 2000 Certificate Service and...

Страница 213: ...Automatic Update Agent tries to copy it there again in one minute intervals Click Package Properties to see the error message If the Last Result value is Installed check the date and time in the Firs...

Страница 214: ...Check that the current user has appropriate access rights to the destination directory Note that if the destination is a communication directory the same rights are also required for its subdirectori...

Страница 215: ...minutes Make sure F Secure Automatic Update Agent is installed in Stand alone mode Open the Settings page in F Secure Automatic Update Agent window The Change button should be disabled Q The Installe...

Страница 216: ...cannot connect to the server make sure that your browser can access the Internet Open your browser and connect to http fsbwserver f secure com If you cannot connect to the web page check your network...

Страница 217: ...server enable the Use HTTP proxy checkbox on the F Secure Automatic Update Agent window s Settings page and type in the field the proxy server address and port number that you retrieved from your brow...

Страница 218: ...218 Technical Support F Secure Online Support Resources 219 Web Club 220 Virus Descriptions on the Web 221...

Страница 219: ...no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an online Web submit form accessible through F Secure support web pag...

Страница 220: ...er The version number and the configuration of your Microsoft Exchange Server If possible describe your network configuration and topology A detailed description of the problem including any error mes...

Страница 221: ...ect to the Web Club directly from within your Web browser go to http www f secure com anti virus webclub corporate Virus Descriptions on the Web F Secure Corporation maintains a comprehensive collecti...

Страница 222: ...222...

Страница 223: ...all with intrusion prevention antispam and antispyware solutions Founded in 1988 F Secure has been listed on the Helsinki Exchanges since 1999 and has been consistently growing faster than all its pub...

Страница 224: ...224...

Отзывы: