F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10 -, Administrator'S Manual

Page 1: ...F Secure Anti Virus for Microsoft Exchange Administrator s Guide...

Page 2: ...ransmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2007 F Secure Corporation All rights reser...

Page 3: ...nd Gateway Products 21 Chapter 2 Deployment 23 2 1 Installation Modes 24 2 2 Network Requirements 25 2 3 Deployment Scenarios 26 2 3 1 Environment with a Single Exchange Server 27 2 3 2 Environments w...

Page 4: ...oft Exchange 59 4 2 Using Web Console 60 4 2 1 Logging in for the First Time 60 4 2 2 Modifying Settings and Viewing Statistics with Web Console 62 4 2 3 Checking the Product Status 63 4 3 Using F Sec...

Page 5: ...Settings 134 5 7 F Secure Automatic Update Agent Settings 135 Chapter 6 Administration with Web Console 138 6 1 Overview 139 6 2 Home 139 6 3 Transport Protection 142 6 3 1 Attachment Filtering 144 6...

Page 6: ...d Content 248 7 7 Releasing the Quarantined Content 249 7 8 Removing the Quarantined Content 250 7 9 Deleting Old Quarantined Content Automatically 250 7 10 Quarantine Logging 251 7 11 Quarantine Stat...

Page 7: ...er Replication Environ ment 286 C 3 Administering the Cluster Installation with F Secure Policy Manager 290 C 4 Using the Quarantine in the Cluster Installation 290 C 5 Uninstallation 292 C 6 Troubles...

Page 8: ...8 E 5 Frequently Asked Questions 304 Technical Support 305 F Secure Online Support Resources 306 Web Club 308 Virus Descriptions on the Web 308...

Page 9: ...9 ABOUT THIS GUIDE How This Guide Is Organized 10 Conventions Used in F Secure Guides 13...

Page 10: ...Exchange Chapter 5 Centrally Managed Administration Instructions how to remotely administer F Secure Anti Virus for Microsoft Exchange and F Secure Content Scanner Server when they have been installe...

Page 11: ...oblems Technical Support Contains the contact information for assistance About F Secure Corporation Describes the company background and products See the F Secure Policy Manager Administrator s Guide...

Page 12: ...s black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a sit...

Page 13: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Page 14: ...14 1 INTRODUCTION Overview 15 How F Secure Anti Virus for Microsoft Exchange Works 16 Key Features 19 F Secure Anti Virus Mail Server and Gateway Products 21...

Page 15: ...d the company network from any malicious code that travels in HTTP or SMTP traffic In addition they protect your company network against spam The protection can be implemented on the gateway level to...

Page 16: ...d Stripped attachments can also be placed in the Quarantine for further examination Flexible and Scalable Anti Virus Protection F Secure Anti Virus for Microsoft Exchange is installed on Microsoft Exc...

Page 17: ...or Microsoft Exchange can be installed either in stand alone or centrally administered mode Depending on how it has been installed F Secure Anti Virus for Microsoft Exchange is managed either with the...

Page 18: ...ication between F Secure Anti Virus for Microsoft Exchange and F Secure Policy Manager Console It exchanges security policies software updates status information statistics alerts and other informatio...

Page 19: ...amaging the system by running code in a safe and isolated environment Recursive scanning of ARJ BZ2 CAB GZ JAR LZH MSI RAR TAR TGZ Z and ZIP archive files Automatic and consistent virus definition dat...

Page 20: ...he products remotely with F Secure Policy Manager or F Secure Anti Virus for Microsoft Exchange Web Console Possibility to configure and manage stand alone installations with the convenient F Secure A...

Page 21: ...product operates transparently and scans files in the Exchange Server Information Store in real time Manual and scheduled scans of user mailboxes and public polders are also supported F Secure Anti Vi...

Page 22: ...ation and configuration of the product F Secure Messaging Security Gateway delivers the industry s most complete and effective security for e mail It combines a robust enterprise class messaging platf...

Page 23: ...23 2 DEPLOYMENT Installation Modes 24 Network Requirements 25 Deployment Scenarios 26...

Page 24: ...cure Policy Manager components F Secure Policy Manager Server and F Secure Policy Manager Console To administer F Secure Anti Virus for Microsoft Exchange in the centrally administered mode you have t...

Page 25: ...and TCP 1433 TCP only with the dedicated SQL server F Secure Automatic Update Agent ProgramFiles x86 F Secure FSAUA program fsaua exe DNS 53 UDP and TCP HTTP 80 and or another port used to connect to...

Page 26: ...There are various ways to deploy F Secure Anti Virus for Microsoft Exchange that are suitable to different environments Environment with a Single Exchange Server 27 Environments with Exchange Roles D...

Page 27: ...Exchange Install F Secure Anti Virus for Microsoft Exchange on the same server where Exchange Hub and Mailbox Server roles are deployed Installing F Secure Spam Control If you have a license for F Sec...

Page 28: ...28 2 3 2 Environments with Exchange Roles Deployed on Multiple Servers Figure 2 2 Deployment in an environment with Edge Hub and Mailbox Server roles deployed on multiple servers...

Page 29: ...ure Anti Virus for Microsoft Exchange as follows Installing F Secure Anti Virus for Microsoft Exchange Install F Secure Anti Virus for Microsoft Exchange on all the servers where Exchange Edge Hub and...

Page 30: ...product in centralized administration mode Install F Secure Policy Manager Server on a dedicated server You can manage the product with F Secure Policy Manager Console When installing the product conf...

Page 31: ...ge and the SQL server needed for quarantine database as follows Install Microsoft SQL Server on a dedicated server or on the server running F Secure Policy Manager Server When installing the product c...

Page 32: ...When using the free Microsoft SQL Server 2005 Express Edition included in F Secure Anti Virus for Microsoft Exchange the Quarantine database size is limited to 4 GB You can use F Secure Anti Virus for...

Page 33: ...mproving Reliability and Performance 38 Installation Overview 40 Installing F Secure Anti Virus for Microsoft Exchange 41 After the Installation 53 Upgrading the Evaluation Version 56 Uninstalling F S...

Page 34: ...d disk space depends on the number of mailboxes amount of data traffic and the size of the Information Store Network 100Mbps Fast Ethernet NIC switched network connection F Secure Policy Manager versi...

Page 35: ...indows Server 2003 R2 Standard x64 Edition Microsoft Windows Server 2003 R2 Enterprise x64 Edition Microsoft Windows Server 2008 Release Candidate 0 3 1 2 Microsoft Exchange Server Requirements The pr...

Page 36: ...stalled during F Secure Anti Virus for Microsoft Exchange Setup Which SQL Server to Use for the Quarantine Database As a minimum requirement the Quarantine database should have the capacity to store i...

Page 37: ...QL Server 2000 2005 It is recommended to use Microsoft SQL Server 2000 2005 if you are planning to use centralized quarantine management with multiple F Secure Anti Virus for Microsoft Exchange instal...

Page 38: ...If the system load is high a fast processor on the Microsoft Exchange Server speeds up the e mail message processing As Microsoft Exchange Server handles a large amount of data a fast processor alone...

Page 39: ...of the system 3 3 Centrally Administered or Stand alone Installation F Secure Anti Virus for Microsoft Exchange can be managed either with F Secure Anti Virus for Microsoft Exchange Web Console or F...

Page 40: ...r level privileges to install F Secure Anti Virus for Microsoft Exchange Follow these steps to set up F Secure Anti Virus for Microsoft Exchange Centralized Administration mode 1 Run F Secure Policy M...

Page 41: ...or Microsoft Exchange For more information see Installing F Secure Anti Virus for Microsoft Exchange 41 2 Check that F Secure Automatic Update Agent can retrieve the latest virus and spam definition d...

Page 42: ...tep 2 Read the information in the Welcome screen Click Next to continue Step 3 Read the licence agreement If you accept the agreement check the I accept this agreement checkbox and click Next to conti...

Page 43: ...lation Step 4 Enter the product keycode Click Next to continue Step 5 Choose the components to install For more information about F Secure Spam Control see Administering F Secure Spam Control 257 Clic...

Page 44: ...Next to continue Step 7 Choose the administration method If you install F Secure Anti Virus for Microsoft Exchange in stand alone mode you cannot configure settings and receive alerts and status info...

Page 45: ...ger Console setup You can transfer the public key in various ways use a shared folder on the file server a USB device or send the key as an attachment in an e mail message Click Next to continue If yo...

Page 46: ...er Server you installed earlier Click Next to continue If the product MIB files cannot be uploaded to F Secure Policy Manager during installation you can import them manually For more information see...

Page 47: ...nd users The SMTP address should be a valid existing address that is allowed to send messages Click Next to continue Step 11 Specify the Quarantine management method If you want to manage the Quaranti...

Page 48: ...as the product installation select a Install and use Microsoft SQL Server Desktop Engine If you are using Microsoft SQL Server already select b Use the existing installation of MIcrosoft SQL Server o...

Page 49: ...ase that stores information about the quarantined content Enter the user name and the password that you want to use to connect to the quarantine database Use a different account than the server admini...

Page 50: ...database and create a new one or keep the existing database and create a new one with a new name Step 13 Select whether you want to install the product with F Secure World Map Support The product can...

Page 51: ...the centralized administration mode the installation program connects to specified F Secure Policy Manager Server automatically to install F Secure Anti Virus for Microsoft Exchange MIB files If the i...

Page 52: ...on If you want to skip installing MIB files click Cancel You can install MIB files later either manually or by running the Setup again Step 16 The list of components that will be installed is displaye...

Page 53: ...s complete Click Finish to close the Setup wizard 3 6 After the Installation This section describes what you have to do after the installation These steps include Importing product MIBs to F Secure Po...

Page 54: ...Secure Policy Manager and there is a firewall between them blocking access to Policy Manager s administrative port 8080 F Secure Policy Manager Server has been configured so that administrative conne...

Page 55: ...ecure Anti Virus for Microsoft Exchange and distribute the policy For more information see Centrally Managed Administration 67 If F Secure Anti Virus for Microsoft Exchange has been installed in stand...

Page 56: ...nsidered inbound 4 E mail messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host 3 7 Upgrading the Evaluation Version If you want to use F Secu...

Page 57: ...ninstall the software When the license expires F Secure Anti Virus for Microsoft Exchange stops processing e mails and messages posted to public folders However the messages are still delivered to the...

Page 58: ...58 4 USING F SECURE ANTI VIRUS FOR MICROSOFT EXCHANGE Administering F Secure Anti Virus for Microsoft Exchange 59 Using Web Console 60 Using F Secure Policy Manager Console 63...

Page 59: ...ith F Secure Policy Manager You can use the F Secure Anti Virus for Microsoft Exchange Web Console to start and stop F Secure Anti Virus for Microsoft Exchange check its current status and to connect...

Page 60: ...pens enter your user name and the password and click Log In Note that you must have administrator rights to the host where F Secure Anti Virus for Microsoft Exchange Web Console is installed 4 2 1 Log...

Page 61: ...sses and restarts the F Secure Anti Virus for Microsoft Exchange Web Console service to take the certificate into use 4 Wait until the utility completes and the window closes Now you can proceed to lo...

Page 62: ...re Anti Virus for Microsoft Exchange Web Console 8 When the login page opens log in to Web Console with your user name and the password 9 The Web Console displays Getting Started page when you log in...

Page 63: ...cure Policy Manager Console select Windows Start menu Programs F Secure Policy Manager Console When the Policy Manager Console opens go to the Advanced Mode user interface by selecting View Advanced M...

Page 64: ...tics select the Status tab of the Properties pane Statistics are updated periodically and can be reset by choosing Reset Statistics on the Policy tab of the Properties pane For more information see F...

Page 65: ...Do the following 1 Select the Policy tab and then select the setting you want to check 2 Select the Status tab to see if the setting has been modified locally If the setting is not shown in grayed fo...

Page 66: ...s during the first minutes of the outbreak Grayware Scanning The grayware scan detects applications that have annoying or undesirable behavior that can reduce the performance of computers on the netwo...

Page 67: ...for Microsoft Exchange Settings 68 F Secure Anti Virus for Microsoft Exchange Statistics 116 F Secure Content Scanner Server Settings 121 F Secure Content Scanner Server Statistics 131 F Secure Manag...

Page 68: ...y settings with it 5 2 F Secure Anti Virus for Microsoft Exchange Settings In the centralized administration mode you can change settings and start operations using F Secure Policy Manager Console For...

Page 69: ...asterisk as a wildcard For example example com internal example net Internal SMTP Senders Specify the IP addresses of hosts that belong to your organization Specify all hosts within the organization t...

Page 70: ...ge Edge and Hub servers the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed IMPORTANT Do not specify the server where the...

Page 71: ...ecify the path to the Quarantine storage where all quarantined mails and attachments are placed If you change the Quarantine Storage setting select the Final checkbox in the Restriction Editor to over...

Page 72: ...s suspicious files disallowed attachments disallowed content spam messages scan failures and unsafe files Quarantine Size Threshold Specify the critical size in megabytes of the Quarantine If the Quar...

Page 73: ...ges that are retained in the Quarantine Set the value to Disabled to keep all unsafe to process unsafe messages manually Max Attempts to Process Unsafe Messages Specify how many times the product trie...

Page 74: ...d Quarantine Logs Specify how many rotated log flies are kept Max Submission Attempts Specify how many times the product attempts to send the sample if the submission fails Resend Interval Specify the...

Page 75: ...fy the time interval in seconds how long F Secure Anti Virus for Microsoft Exchange should wait for a response from F Secure Content Scanner Server before it stops attempting to send or receive data W...

Page 76: ...ormation see Proxy Server 216 You cannot add automatic disclaimers to messages with the product you can configure Microsoft Exchange Server to do that Some malware add disclaimers to infected messages...

Page 77: ...this setting Send Notification Message to Recipient Specify the template for the notification message that is sent to the intented recipient when disallowed or suspicious attachment is found Note that...

Page 78: ...level The Alert Forwarding table can be found in F Secure Management Agent Settings Alerting Disabling virus scanning disables archive processing and grayware scanning as well Scan Messages for Virus...

Page 79: ...dbox scan may affect the product performance Disable the sandbox scan if you need the scan to be faster Attempt to Disinfect Infected Attachments Specify whether the product should try to disinfect an...

Page 80: ...lates 70 Send Virus Notification Message to Recipient Specify the template for the notification message that is sent to the intented recipient when a virus or other malicious code is found Note that t...

Page 81: ...rator Specify whether the administrator is notified when F Secure Anti Virus for Microsoft Exchange finds a virus in a message Configure the Alert Forwarding table to specify where the alert is sent b...

Page 82: ...e message Do not deliver the message to the recipient Action on Password Protected Archives Specify the action to take on archives which are protected with passwords These archives can be opened only...

Page 83: ...essage as safe or infected When proactive virus threat detection is disabled inbound mails are only scanned by antivirus engines Grayware Scanning Specify how the product processes grayware items in i...

Page 84: ...end Warning Message to Recipient Specify the template for the notification message that is sent to the intented recipient when a grayware item is found in a message Note that the notification message...

Page 85: ...item with a name that matches the keyword the recipient and the sender are not notified about the grayware item found Leave the list empty if you do not want to exclude any grayware types from notific...

Page 86: ...ens the security but can degrade the system performance Action on Malformed Mails Specify the action for non RFC compliant e mails If the message has an incorrect structure the product cannot parse th...

Page 87: ...er level specified in the Max Levels of Nested Messages setting Drop the Whole Message Messages with exceeding nesting levels are not delivered to the recipient Pass Through Nested messages are scanne...

Page 88: ...ated or received General Real Time Scanning Settings Specify which messages you want to scan during the real time scanning Scan Only Messages Created Within Specify which messages are scanned with the...

Page 89: ...setting is Enabled only messages that contain attachments are scanned on background scanning Scan Only Unprocessed Messages Specify whether to scan all messages or only messages that have not been pr...

Page 90: ...hat are scanned for viruses Disabled Do not scan any public folders Scan All Folders Scan all public folders Scan Only Included Folders Scan public folders specified in the Included Folders list Scan...

Page 91: ...rms Sandbox Scanning Enable or disable the sandbox scan The sandbox scan emulates and analyzes the code in a safe and isolated environment known as the Sandbox Sandbox scanning may affect the product...

Page 92: ...ormation see Lists and Templates 70 Archive processing is disabled when virus scanning is disabled Scan Viruses Inside Archives Specify if files inside archives are scanned for viruses and other malic...

Page 93: ...Max Levels in Nested Archives setting Exceeding nesting levels are not scanned but the archive is not removed Drop Archives with exceeding nesting levels are removed Action on Password Protected Archi...

Page 94: ...administrator Drop attachment Remove grayware items from the message Grayware Exclusion List Specify the list of keywords for grayware types that are not scanned Leave the list empty if you do not wan...

Page 95: ...t are scanned for viruses Disabled Do not scan any mailboxes Scan All Mailboxes Scan all mailboxes Scan Only Included Mailboxes Scan mailboxes specified in the Included Mailboxes list Scan All Except...

Page 96: ...n Public Folders setting is set to Scan All Except Excluded Folders Incremental Scanning Specify which messages are scanned for viruses during the manual scan All Messages Scan all messages Only Recen...

Page 97: ...d attachment is removed from the message For more information see Lists and Templates 70 Scan Messages for Viruses Enable or disable the virus scan The virus scan scans messages for viruses and other...

Page 98: ...sinfection may affect the product performance Infected files inside archives are not disinfected even when the setting is enabled Quarantine Infected Attachments Specify whether infected or suspicious...

Page 99: ...rchives if Scan Viruses Inside Archives is enabled A nested archive is an archive that contains another archive inside If zero 0 is specified the maximum nesting level is not limited Specify the numbe...

Page 100: ...message Quarantine Dropped Archives Specify whether archives that are not delivered to recipients are placed in the quarantine For more information see Quarantine Management 237 Scan Messages for Gray...

Page 101: ...ages as attachments If zero 0 is specified the maximum nesting level is not limited Quarantine Grayware Specify whether grayware attachments are quarantined Do Not Quarantine These Grayware Specify gr...

Page 102: ...ox to make it active again Click Add add a new scheduled task to the list To duplicate a task select it from the list and click Copy To edit a previously created task click Edit To remove the selected...

Page 103: ...the name of the scheduled operation Do not use any special characters in the task name Frequency of the operation Specify how frequently you want the operation to be performed Once Only once at the sp...

Page 104: ...te when the first operation is scheduled to start Start time Enter the start time of the task in hh mm format Start date Enter the start date of the task in mm dd yyyy format Examine mailboxes Specify...

Page 105: ...ied mailboxes Click Edit to add or remove mailboxes that should be scanned Scan all except excluded mailboxes Do not scan specified mailboxes but scan all other Click Edit to add or remove mailboxes t...

Page 106: ...an all public folders Scan all public folders Scan only included public folders Scan all specified public folders Click Edit to add or remove public folders that should be scanned Scan all except excl...

Page 107: ...stripping Target attachments Strip these attachments Specify which attachments are stripped from messages For more information see Lists and Templates 70 Exclude these attachments Specify attachments...

Page 108: ...sts and Templates 70 If the message contains an attachment which is quarantined all attachments linked to that message are quarantined regardless of this setting User notification Replacement text tem...

Page 109: ...y affect the product performance and increase the risk of false malware alarms Sandbox Scanning Enable or disable the sandbox scan The sandbox scanning emulates and analyzes the code in a safe and iso...

Page 110: ...sinfected even when the setting is enabled Quarantine infected messages Specify whether infected or suspicious messages are quarantined Do not quarantine these infections Specify infections that are n...

Page 111: ...yware Specify the action to take on items which contain grayware Report only Leave grayware items in the message and notify the administrator Drop attachment Remove grayware items from the message Pas...

Page 112: ...ntine this grayware Specify grayware that are never placed in the quarantine For more information see Lists and Templates 70 Notifications Replacement text template Specify the template for the text t...

Page 113: ...ng Limit max levels in nested archives Specify how many levels of archives inside other archives the product scans when Scan Viruses Inside Archives is enabled Actions Action on max nested archives Sp...

Page 114: ...he recipient Drop archive Remove the password protected archive from the message and deliver the message to the recipient without it Quarantine dropped archives Specify whether archives that are not d...

Page 115: ...h filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is process...

Page 116: ...tab from the Properties pane and open the Statistics subtree It displays statistics for the host for each F Secure Anti Virus for Microsoft Exchange installation If a policy domain is selected the St...

Page 117: ...ure Anti Virus for Microsoft Exchange version number Previous Reset of Statistics Displays the last date and time when the statistics were reset MIB Version Displays the MIB version number Installatio...

Page 118: ...mber of messages that have been identified as unsafe messages that contain patterns that can be assumed to be a part of a virus outbreak Number of Grayware Messages Displays the number of messages tha...

Page 119: ...Items Displays the total number of processed items since the last reset of statistics Number of Infected Items Displays the number of items that are infected and cannot be automatically disinfected N...

Page 120: ...the current manual scan Elapsed Time Displays the time that has elapsed since the manual scan was started Number of Processed Items Displays the total number of processed items during the previous man...

Page 121: ...eral content scanning options Last Infection Found Displays the name of the last infection found Last Time Infection Found Displays the time when the last infection was found Previous Scanning Display...

Page 122: ...sses the server accepts incoming requests from If the list is empty the server accepts connections from any host Max Connections Specifies the maximum number of simultaneous connections the server can...

Page 123: ...f it cannot scan a file Return Scan Error Drop the file being scanned and send a scan error Scan with Other Engines Scan the file with other available scan engines Scan Inside Archives Specify whether...

Page 124: ...at as Unsafe is selected If Treat as Safe is selected the archive file is sent to the user Suspect Password Protected Archives Compressed archive files can be protected with passwords These archives c...

Page 125: ...assword protected archives Wildcards can be used Example DO ML Max Scan Timeout Specify the maximum time that one scanning task can last The Max Scan Timeout is 10 minutes by default Time Period Speci...

Page 126: ...unencrypted reports to a configurable e mail address and use the same statistics for your own internal purposes Verify Integrity of Downloaded Databases Specify whether the product should verify that...

Page 127: ...ow many messages will undergo spam analysis simultaneously You might need to modify this setting if you enable Realtime Blackhole Lists DNSBL RBL for spam filtering For more information see Enabling R...

Page 128: ...atterns Increasing cache sizes may increase the threat detection performance but it requires more disk space and may degrade the threat detection rate Cache sizes can be disabled set the size to 0 for...

Page 129: ...n be trusted not to be operated by spammers and do not have open relays or open proxies Define the network as a network netmask pair 10 1 0 0 255 255 0 0 with the network nnn CIDR specification 10 1 0...

Page 130: ...cess rights are adjusted so that only the operating system and the local administrator can access files in the Working directory If you make changes to Working Directory settings make sure that the ne...

Page 131: ...s of F Secure Content Scanner Server whether it has been started and it is running or it is stopped Start Time The date and time when the server was started Previous Reset of Statistics The date and t...

Page 132: ...ase Update The last date and time when virus definition database was taken into use for this scan engine Database Date The date the virus signature database for this scan engine was created Last Infec...

Page 133: ...e Spam Scanner Previous Reset of Statistics Displays when the Spam Scanner statistics were reset last time Database Version Displays the version of the database currently used by the Spam Scanner Last...

Page 134: ...Agent see the F Secure Policy Manager Administrator s Guide Communications Last Updated Displays the date and time when the virus statistics were updated last time Most Active Viruses Displays the lis...

Page 135: ...anager Server and stops the download if the minimum speed specified by this setting is not met Management Server Address URL of the F Secure Policy Manager Server The URL should not have a slash at th...

Page 136: ...that the computer is connected to the Internet onle when other applications use the network Detect connection is the default setting HTTP settings Select whether to use an HTTP proxy when retrieving...

Page 137: ...ieves the latest virus definition updates from F Secure Update Server if Allow fetching updates from F Secure Update Server is enabled Intermediate server polling interval Specify in minutes how often...

Page 138: ...138 6 ADMINISTRATION WITH WEB CONSOLE Overview 139 Home 139 Transport Protection 142 Storage Protection 159 Quarantine 196 Automatic Updates 206 Content Scanner Server 212 General 223...

Page 139: ...sole double click the F Secure Settings and Statistics icon in the Windows system tray and double click F Secure Anti Virus for Microsoft Exchange or select it from the Start menu Programs F Secure An...

Page 140: ...he feature is disabled Warning the feature or an antivirus engine is disabled or virus and spam definition databases are not up to date Error the license has expired the feature is not installed all a...

Page 141: ...file for later use Quarantine Tasks Click Find Quarantined Content to search for the quarantined content For more information see Searching the Quarantined Content 239 Log Files Click View F Secure Lo...

Page 142: ...figuration 224 Statistics After you apply new transport protection settings it can take up to 20 seconds for the new settings to take effect You cannot add automatic disclaimers to messages with the p...

Page 143: ...t have been identified as unsafe messages that contain patterns that can be assumed to be a part of a virus outbreak Grayware messages Displays the number of messages that have grayware items includin...

Page 144: ...he file name or the file extension Attachment filtering is disabled when virus scanning is disabled Strip Attachments from e mail messages Enable or disable the attachment stripping Targets Strip thes...

Page 145: ...cify whether stripped attachments are quarantined Do not quarantine these attachments Specify file names and file extensions which are not quarantined even when they are stripped For more information...

Page 146: ...ts that do not generate notifications When the product finds specified file or file extension no notification is sent Send alert to administrator Specify whether the administrator is notified when the...

Page 147: ...with Web Console 6 3 2 Virus Scanning Specify inbound outbound and internal messages and attachments that should be scanned for malicious code Disabling virus scanning disables attachment filtering an...

Page 148: ...ormance and increase the risk of false malware alarms Sandbox Scanning Enable or disable the sandbox scan The sandbox scan emulates and analyzes the code in a safe and isolated environment known as th...

Page 149: ...ts Specify attachments that are scanned for viruses For more information see Lists and Templates 232 Exclude these attachments Specify attachments that are not scanned Leave the list empty if you do n...

Page 150: ...ine For more information see Lists and Templates 232 Notifications Send notification message to recipient s Specify whether recipients are notified when a virus or other malicious code is found Note t...

Page 151: ...nfections that do not generate notifications When the product finds the specified infection no notification is sent Send alert to administrator Specify whether the administrator is notified when F Sec...

Page 152: ...sage Do not deliver the message to the recipient Pass through this grayware Specify the list of keywords for grayware types that are not scanned Leave the list empty if you do not want to exclude any...

Page 153: ...ts and Templates 232 Do not notify on this grayware Specify a list of keywords for grayware types of which no notifications are sent If the product finds a grayware item with a name that matches the k...

Page 154: ...scanning inside archives improves performance but it also means that the network users need to use up to date virus protection on their workstations Scan archives Specify whether files inside compress...

Page 155: ...e Max Levels in Nested Archives setting Pass through Deliver the message with the archive to the recipient Drop archive Remove the archive from the message and deliver the message to the recipient wit...

Page 156: ...When the heuristic spam analysis is disabled only the threat detection engine filters messages for spam Drop the whole message Do not deliver the message to the recipient The default value is Drop arc...

Page 157: ...n Intelligent file type recognition Select whether you want to use Intelligent File Type Recognition or not Trojans and other malicious code can disguise themselves with filename extensions which are...

Page 158: ...vels deep to scan in nested e mail messages A nested e mail message is a message that includes one or more e mail messages as attachments If zero 0 is specified the maximum nesting level is not limite...

Page 159: ...Messages setting Exceeding nesting levels are not scanned but the message is delivered to the recipient Action on malformed mails Specify the action for non RFC compliant e mails If the message has a...

Page 160: ...Displays the number of currently protected user mailboxes Number of protected public folders Displays the number of currently protected public folders Processed items Displays the total number of pro...

Page 161: ...are adware dialers joke programs remote access tools and other unwanted applications Suspicious items Displays the number of suspicious content found for example password protected archives nested arc...

Page 162: ...the client that tries to access the scanned message gets the virus scanning in progress notificaion File Type Recognition Intelligent file type recognition Select whether you want to use Intelligent...

Page 163: ...CHAPTER6 163 Administration with Web Console General Background Scanning Settings The background scanning can be used to systematically scan specified messages stored in the database...

Page 164: ...essages created within Specify which messages are scanned on the background scanning for example Last hour Last day Last week Messages that have been received before the specified time are not scanned...

Page 165: ...age that should be scanned for malicious code Targets Scan mailboxes Specify mailboxes that are scanned for viruses Do not scan mailboxes Disable the mailbox scanning Scan all mailboxes Scan all mailb...

Page 166: ...ept excluded public folders Do not scan specified public folders but scan all other Click Edit to add or remove public folders that should not be scanned Scan these attachments Specify attachments tha...

Page 167: ...achments are quarantined Do not quarantine these infections Specify virus and malware infections that are never placed in the quarantine For more information see Lists and Templates 232 Notifications...

Page 168: ...canning Scan messages for grayware Enable or disable the grayware scan Actions Action on grayware Specify the action to take on items which contain grayware Report only Leave grayware items in the mes...

Page 169: ...rmation see Lists and Templates 232 Quarantine grayware Specify whether grayware attachments are quarantined Do not quarantine this grayware Specify grayware that are never placed in the quarantine Fo...

Page 170: ...ives Specify if files inside archives are scanned for viruses and other malicious code Targets List of files to scan inside archives Specify files that are scanned for viruses inside archives Exclude...

Page 171: ...ult setting is 3 Actions Action on max nested archives Specify the action to take on nested archives with nesting levels exceeding the upper level specified in the Max Levels in Nested Archives settin...

Page 172: ...any time Pass through Leave the password protected archive in the message Drop archive Remove the password protected archive from the message Quarantine dropped archives Specify whether archives that...

Page 173: ...splays the time left when the manual scan is running Elapsed time Displays how long it has been since the manual scan started Processed items Displays the number of items processed during the scan Inf...

Page 174: ...ing to stop the manual scan Click View Scanning Report to view the latest manual scan report General If the manual scan scans an item that has not been previously scanned for viruses and the real time...

Page 175: ...other Click Edit to add or remove mailboxes that should not be scanned Scan public folders Specify public folders that are scanned for viruses Do not scan public folders Do not scan any public folders...

Page 176: ...y considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Using Intelligent File Type Recogni...

Page 177: ...tachments Enable or disable the attachment stripping Targets Strip these attachments Specify which attachments are stripped from messages For more information see Lists and Templates 232 Exclude these...

Page 178: ...pped For more information see Lists and Templates 232 If the message contains an attachment which is quarantined all attachments linked to that message are quarantined regardless of this setting Notif...

Page 179: ...iruses Enable or disable the virus scan The virus scan scans messages for viruses and other malicious code Heuristic Scanning Enable or disable the heuristic scanning The heuristic scan analyzes files...

Page 180: ...and Templates 232 Exclude these attachments Specify attachments that are not scanned Leave the list empty if you do not want to exclude any attachments from the scanning Actions Try to disinfect Spec...

Page 181: ...re infections that are never placed in the quarantine For more information see Lists and Templates 232 Notifications Replacement text template Specify the template for the text that replaces the infec...

Page 182: ...e list of keywords for grayware types that are not scanned Leave the list empty if you do not want to exclude any grayware types from the scan For more information see Lists and Templates 232 Quaranti...

Page 183: ...nside archives are scanned for viruses and other malicious code Targets List of files to scan inside archives Specify files inside archives that are scanned for viruses For more information see Lists...

Page 184: ...message and deliver the message to the recipient without it Action on password protected archives Specify the action to take on archives which are protected with passwords These archives can be opene...

Page 185: ...ng Scheduled Tasks The Scheduled Tasks list displays all scheduled tasks and date and time when the next scheduled task occurs for the next time Creating Scheduled Operation Start the Scheduled Operat...

Page 186: ...scheduled scanning task to be active immediately after you have created it General Task name Specify the name of the scheduled operation Do not use any special characters in the task name Frequency of...

Page 187: ...an mailboxes Disable the mailbox scanning Scan all mailboxes Scan all mailboxes Scan only included mailboxes Scan all specified mailboxes Click Edit to add or remove mailboxes that should be scanned S...

Page 188: ...filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processe...

Page 189: ...isable the attachment stripping Targets Strip these attachments Specify which attachments are stripped from messages For more information see Lists and Templates 232 Exclude these attachments Specify...

Page 190: ...on see Lists and Templates 232 If the message contains an attachment which is quarantined all attachments linked to that message are quarantined regardless of this setting Notifications Replacement te...

Page 191: ...r disable the sandbox scan The sandbox scanning emulates and analyzes the code in a safe and isolated environment known as the Sandbox Sandbox scanning may affect the product performance We recommend...

Page 192: ...hether infected or suspicious messages are quarantined Do not quarantine these infections Specify infections that are never placed in the quarantine For more information see Lists and Templates 232 No...

Page 193: ...grayware Specify the list of keywords for grayware types that are not scanned Leave the list empty if you do not want to exclude any grayware types from the scan For more information see Lists and Tem...

Page 194: ...o scan inside archives Specify files inside archives that are scanned for viruses For more information see Lists and Templates 232 Exclude these files Specify files that are not scanned inside archive...

Page 195: ...it Action on password protected archives Specify the action to take on archives which are protected with passwords These archives can be opened only with a valid password so the product cannot scan th...

Page 196: ...h a SQL database The product is able to quarantine e mails and attachments which contain malicious or otherwise unwanted content such as spam messages The Quarantine management is divided into two dif...

Page 197: ...and attachments that are infected Grayware Displays the number of messages that have grayware items including spyware adware dialers joke programs remote access tools and other unwanted applications S...

Page 198: ...rage When F Secure Anti Virus for Microsoft Exchange places content to the Quarantine it saves the content as separate files into the Quarantine Storage and inserts an entry to the Quarantine Database...

Page 199: ...rantine storage settings make sure that the new directory has the same rights Make sure that F Secure Anti Virus for Microsoft Exchange service has write access to this directory Adjust the access rig...

Page 200: ...allowed attachments are stored and counted as separate items in the Quarantine storage For example if a message has three attachments and only one of them has been found infected two items will be cre...

Page 201: ...with Web Console Quarantine Maintenance When quarantined content is reprocessed it is scanned again and if it is found clean it is sent to the intended recipients For more information see Reprocessing...

Page 202: ...the action that takes place if the message is retained in the Quarantine after the maximum attempts Final action on unsafe messages Specify the action to unsafe messages after the maximum number of r...

Page 203: ...ones specified above are used Active Enable or disable the selected entry in the table Quarantine category Select a category the retention period or cleanup interval of which you want to modify The c...

Page 204: ...retrieved Quarantine database SQL server name The name of the SQL server where the database is located Database name The name of the quarantine database The default name is FSMSE_Quarantine User name...

Page 205: ...CHAPTER6 205 Administration with Web Console Logging Specify where F Secure Anti Virus for Microsoft Exchange stores Quarantine log files...

Page 206: ...o F Secure Update Server For more information see Communications 208 Log Files Click View F Secure Log to view the F Secure log file LogFile log in a new Internet browser window Click Download to down...

Page 207: ...on the latest update Channel name The channel from where the updates are downloaded Channel address The address of the Automatic Updates Server Latest installed update The version and name of the late...

Page 208: ...1 Communications Specify the how the product connects to F Secure Update Server Last check result The result of the last update check Next check time The date and time for the next update check Last...

Page 209: ...CHAPTER6 209 Administration with Web Console General Edit General settings to select whether you want to use automatic updates and how often the product checks for new updates...

Page 210: ...llow fetching updates from F Secure Update Server Specify whether the product should connect to F Secure Update Server when it cannot connect to any user specified update server To edit the list of up...

Page 211: ...ecure Update Server automatically To add a new update source address to the list follow these instructions 1 Click Add new proxy to add the new entry to the list 2 Enter the URL of the update source 3...

Page 212: ...n to that source fails it tries to connect to the source with the next smallest number 2 until the connection succeeds 4 Click OK to add the new update source to the list 6 7 Content Scanner Server Ed...

Page 213: ...nfection that was found Scan Engines The Scan Engines list displays scan engines and the database update statistics If you want to disable the scan for certain files with a specified scan engine click...

Page 214: ...214 6 7 1 Options Database Updates Configure Database Update options to set notification alerts when virus...

Page 215: ...to the administrator when virus definition databases are not up to date Send informational alert Send an informational alert to the administrator Send warning alert Send a warning alert to the adminis...

Page 216: ...216 Proxy Server F Secure Content Scanner Server can use a proxy server to connect to the threat detection center...

Page 217: ...ify the authentication method to use to authenticate to the proxy server NoAuth The proxy server does not require authentication Basic The proxy uses the basic authentication scheme NTLM The proxy use...

Page 218: ...messages Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service By default the cache size is 10000 cached patterns Class cache size Specify the...

Page 219: ...action for messages when the threat detection center cannot be contacted and the threat detection engine cannot classify the message Pass through The message is passed through without scanning it for...

Page 220: ...ng directory Specify the working directory Enter the complete path to the field or click Browse to browse to the path you want to set as the new working directory Working directory clean interval Spec...

Page 221: ...transferred to the server via shared memory in the local interaction mode When the amount of data exceeds the specified limit a local temporary file will be used for data transfer If the option is se...

Page 222: ...sage at a time this setting defines how many messages undergo the spam analysis simultaneously The server must be restarted after this setting has been changed IMPORTANT Spam analysis is a processor i...

Page 223: ...CHAPTER6 223 Administration with Web Console 6 8 General The Statistics section displays the following details of the host WINS name DNS names IP addresses Unique ID...

Page 224: ...mail recipients belong to one of the specified internal domains internal recipients 2 E mail messages are considered outbound if they come from internal SMTP sender hosts and mail recipients do not be...

Page 225: ...u can use an asterisk as a wildcard For example example com internal example net Internal SMTP senders Specify the IP addresses of hosts that belong to your organization Specify all hosts within the o...

Page 226: ...on use other than Microsoft Outlook e mail client to send and receive e mail it is recommended to specify all end user workstations as Internal SMTP Senders If the organization has Exchange Edge and H...

Page 227: ...Manager Server specify the URL of F Secure Policy Manager Server Do not add a slash at the end of the URL For example http fsms example com Select Stand alone if you have use F Secure Anti Virus for E...

Page 228: ...choose to forward alerts to e mail specify the SMTP server address alert message subject line and the return address of the alert e mail To forward alerts to an e mail follow these instructions 1 Clic...

Page 229: ...lick Apply Web Console Informational and warning level alerts are not sent to F Secure Policy Manager Console by default If you want to use centralized administration mode it is recommended to have al...

Page 230: ...session and displays a warning The default value is 60 minutes Connections Listen on address Specify the IP address of the F Secure Anti Virus for Microsoft Exchange Web Console Server Port Specify th...

Page 231: ...is used by F Secure Anti Virus for Microsoft Exchange for sending warning and informational messages to the end users for example recipients senders and mailbox owners Make sure that the notification...

Page 232: ...6 8 4 Lists and Templates Match lists are lists of file names or file name extensions that can be used with certain product settings Message templates can be used with notification messages Match Lis...

Page 233: ...e match list you want to edit If you are creating a new match list specify the name for the new match list Type Specify whether the list contains keywords file patterns or email addresses Filter Speci...

Page 234: ...te you want to edit If you are creating a new template specify the name for the new template Subject line Specify the subject line of the notification message Message body Specify the notification mes...

Page 235: ...ttempts Specify how many times the product attempts to send the sample if the submission fails Resend interval Specify the time interval in minutes how long F Secure Anti Virus for Microsoft Exchange...

Page 236: ...236 Send timeout Specify the time in seconds how long the product waits for the sample submission to complete...

Page 237: ...Query Results Page 244 Viewing Details of a Quarantined Message 246 Reprocessing the Quarantined Content 248 Releasing the Quarantined Content 249 Removing the Quarantined Content 250 Deleting Old Qua...

Page 238: ...uarantine Database The quarantine database contains information about the quarantined messages and attachments If there are several F Secure Anti Virus for Microsoft Exchange installations in the netw...

Page 239: ...ayware Grayware Files that could not be scanned for example severely corrupted files Scan failure Messages that have been identified as unsafe messages that contain patterns that can be assumed to be...

Page 240: ...quarantined message The quarantine ID is displayed in the notification sent to the user about the quarantined message and in the alert message Object type Select the type of the quarantined content Ma...

Page 241: ...er Enter the e mail sender address You can only search for one address at a time but you can widen the search by using the wildcards Recipients Enter the e mail recipient address Subject Enter the mes...

Page 242: ...yet E mails to be reprocessed Displays only e mails that are currently set to be reprocessed but have not been reprocessed yet E mails to be reprocessed and released Displays e mails that are current...

Page 243: ...cards You can use the following SQL wildcards in the quarantine queries Wildcard Explanation Any string of zero or more characters _ underscore Any single character Any single character within the spe...

Page 244: ...tined e mail The administrator has not specified any actions to be taken on this e mail Quarantined e mail with attachments The administrator has not specified any actions to be taken on this e mail Q...

Page 245: ...found For more information see Releasing the Quarantined Content 249 Click Delete to delete the currently selected e mail from the quarantine or click Delete All to delete all e mail messages that we...

Page 246: ...ing Details of a Quarantined Message To view the details of a quarantined message do the following 1 On the Query Search Results page click the Quarantine ID QID number link in the QID column 2 The Qu...

Page 247: ...ddress of the attachment sender Recipients The addresses of all the attachment recipients Location The location of the mailbox or public folder where the quarantined attachment was found Subject The m...

Page 248: ...ng criteria and order from the Sort results by and order drop down menus 4 Select the number of items to be displayed on a results page from the Display drop down menu 5 Click the Query button 6 When...

Page 249: ...e Quarantine ID of the message in the Quarantine ID field 3 Click Query 4 When the query is finished the query results page is displayed Click the Release button to release the displayed quarantined c...

Page 250: ...y is finished the query results page is displays all quarantined messages that have been classified as spam Click the Delete All button to delete all the displayed quarantined content 5 You are prompt...

Page 251: ...nabled check box 7 Click Apply 7 10 Quarantine Logging To view the Quarantine Log open the F Secure Anti Virus for Microsoft Exchange tab in the F Secure Anti Virus for Microsoft Exchange Web Console...

Page 252: ...formation In the following example the Quarantine storage is moved from C Program Files F Secure Quarantine Manager quarantine to D Quarantine 1 Stop F Secure Quarantine Manager service to prevent any...

Page 253: ...rmissions page select Administrators have full access other users have read only access Note that the Quarantine storage has file directory security permissions set only for the SYSTEM and Administrat...

Page 254: ...254 8 UPDATING VIRUS AND SPAM DEFINITION DATABASES Overview 255 Automatic Updates with F Secure Automatic Update Agent 255 Configuring Automatic Updates 255...

Page 255: ...l technology and network traffic detection to make sure that it works without disturbing other Internet traffic even over a slow line You may install and use F Secure Automatic Update Agent in conjunc...

Page 256: ...these settings you need to use F Secure Policy Manager Console For more information see F Secure Automatic Update Agent Settings 135 If necessary reconfigure the firewall and other devices that may b...

Page 257: ...257 9 ADMINISTERING F SECURE SPAM CONTROL Overview 258 Spam Control Settings in Centrally Managed Environments 259 Spam Control Settings in Web Console 263 Realtime Blackhole List Configuration 266...

Page 258: ...pdates are digitally signed for maximum security and you can use only these updates for updating the F Secure Spam Control spam definition databases In Microsoft Exchange 2007 environment the Microsof...

Page 259: ...ecify whether heuristic spam analysis is used to filter inbound mails for spam The default value is Enabled Heuristic spam analysis slows down the performance but improves the spam detection rate Spam...

Page 260: ...with Spam Flag Specify if a spam flag is added to the mail as the X Spam Flag header in the following format X Spam Flag flag where flag is YES or NO The default value is Enabled Add X Header with Sum...

Page 261: ...never treated as spam Blocked Senders Specify blocked senders Messages originating from the specified addresses are always treated as spam Safe Recipients Specify safe recipients Messages sent to the...

Page 262: ...obytes of messages to be scanned for spam If the size of the message exceeds the maximum size the message is not filtered for spam The default value is 200 Since all spam messages are relatively small...

Page 263: ...b Console These settings are used only if F Secure Spam Control is installed with the product otherwise they are ignored Spam Filtering Specify whether inbound mails are scanned for spam The default v...

Page 264: ...ails will be falsely identified as spam The allowed values are from 0 to 9 the default value is 5 Spam Confidence Level SCL Click Add new action to add a new action for messages with the spam level ab...

Page 265: ...led Modify spam message subject Specify if the product modifies the subject of mail messages considered spam The default value is Enabled Add this text to spam message subject Specify the text that is...

Page 266: ...er should be configured to allow recursive DNS queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the host where F Secure Spam...

Page 267: ...g correctly you should see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DU...

Page 268: ...creases when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default the product processes a m...

Page 269: ...3 6 1 4 1 2213 18 1 35 500 has been set to 5 To take the new setting into use restart F Secure Content Scanner Server IMPORTANT Each additional instance of the Spam Scanner takes approximately 25Mb of...

Page 270: ...270 A APPENDIX Variables in Warning Messages List of Variables 271...

Page 271: ...rresponding variable will be replaced with Unknown Variable Description ANTI VIRUS SERVER The DNS WINS name or IP address of F Secure Anti Virus for Microsoft Exchange NAME OF SENDER The e mail addres...

Page 272: ...ME The name of the original file or attachment AFFECTED FILESIZE The size of the original file or attachment THREAT The name of the threat that was found in the content For example it can contain the...

Page 273: ...273 B APPENDIX Services and Processes List of Services and Processes 274...

Page 274: ...atistics and sending alerts F Secure Automatic Update Agent fsaua exe This service takes care of fetching updates from FSPM or FS Update server F Secure Content Scanner Server Daemon fsavsd exe Provid...

Page 275: ...t Agent is an FSMA service responsible for starting other services and monitoring them F Secure Network Request Broker fsnrb32 exe The service handles the communication with F Secure Policy Manager vi...

Page 276: ...e LogFile log Windows event log and SMTP server fsm32 exe The F Secure Settings and Statistics User Interface The process is not running unless the user is logged in to the system fih32 exe F Secure I...

Page 277: ...on a Cluster Installation Overview 278 Creating Quarantine Storage 279 Administering the Cluster Installation with F Secure Policy Manager 290 Using the Quarantine in the Cluster Installation 290 Uni...

Page 278: ...k configuration 3 Create the quarantine storage where the product will place quarantined e mail messages and attachments In the Single Copy Cluster SCC environment continue to Creating the Quarantine...

Page 279: ...uster 284 Windows 2003 Based Cluster 1 Log on to the active node of the cluster with the domain administrator account 2 Create a directory for the quarantine storage on the physical disk shared by the...

Page 280: ...e b In the Resource Type list select File Share c In the Group list make sure that your Exchange Virtual Server is selected Click Next to continue 6 Make sure that all nodes that are running Exchange...

Page 281: ...ce dependencies list Click Next to continue 8 Use the following settings as the File Share parameters a Type FSAVMSEQS as the share name and F Secure Quarantine Storage as comment b Make sure that Use...

Page 282: ...ws a Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names list b Remove the Everyone account c Grant Change and Read permissions for Exchange Domain Servers and SYSTEM d Gra...

Page 283: ...Product on a Cluster Click OK to continue 10 Click Advanced to open Advanced File Share Properties Make sure that Normal share is selected Click OK to continue 11 Click Finish to create the F Secure...

Page 284: ...irectory for the quarantine storage on the physical disk shared by the cluster nodes You can create it on the same disk where the Exchange Server storage and logs are located 3 After the quarantine di...

Page 285: ...uster Add Administrators Exchange Servers and SYSTEM with Contributor permission levels Press Share to close the window and enable the share 4 Check that everything is configured correctly The Failove...

Page 286: ...lication Environment For a Continuous Cluster Replication CCR cluster installation the quarantine storage must be set on a dedicated computer This computer has to be a member in the same domain with E...

Page 287: ...the share name and F Secure Quarantine Storage as comment b Make sure that User Limit is set to Maximum allowed Click Permissions to set permissions The dollar character at the end of the share name m...

Page 288: ...users a Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names list b Grant Change and Read permissions for Exchange Domain Servers and SYSTEM c Grant Full Control Change and...

Page 289: ...l Control permissions for Exchange Domain Servers and SYSTEM c Grant all permissions for the Administrator account Click OK to finish To make sure that the quarantine storage is accessible follow thes...

Page 290: ...gs the next time they poll F Secure Policy Manager Server If you need to change settings on a particular node follow these instructions 1 Select the corresponding host in the Policy Domains 2 Change t...

Page 291: ...s Sharing and click Permissions Assign Read and Change permissions to the Pickup folder for the Exchange Servers group or for the Mailbox Role Servers directly 3 Go to the Security tab and assign all...

Page 292: ...3 After the product has been uninstalled from every node reboot computers one at the time C 6 Troubleshooting If the product fails to quarantine a file or reports that the quarantine storage is not ac...

Page 293: ...293 D APPENDIX Sending E mail Alerts And Reports Overview 294 Solution 294...

Page 294: ...t are not connected to the Internet By default only e mail messages that come from authenticated or allowed sources can be relayed This means that the product cannot send SMTP alerts and reports unles...

Page 295: ...r inbound messages and accepted_hosts is the IP address or IP address range from which inbound connections are accepted The IP address or IP address range can be entered in one of the following format...

Page 296: ...TP Accept Any Recipient the permission to the anonymous account To do this run the following command Get ReceiveConnector connector_name Add ADPermission User NT AUTHORITY ANONYMOUS LOGON ExtendedRigh...

Page 297: ...297 E TROUBLESHOOTING Overview 298 Starting and Stopping 298 Viewing the Log File 299 Common Problems and Solutions 299 Frequently Asked Questions 304...

Page 298: ...ft Exchange click Stop To start the service click Start Open the F Secure Anti Virus for Microsoft Exchange Web Console and select the F Secure Anti Virus for Microsoft Exchange Home Services Click St...

Page 299: ...contains all the alerts generated by the host regardless of the severity Logfile log file size can be configured in F Secure Management Agent Settings Alerting Alert Agents Logfile Maximum File Size...

Page 300: ...the Microsoft Exchange Server telnet 127 0 0 1 18971 If you get the cursor blinking in the upper left corner it means that the connection has been established and F Secure Content Scanner Server can...

Page 301: ...sure that all processes and services of F Secure Content Scanner Server have started Check the Services in Windows Control Panel The following services should be started F Secure Content Scanner Serve...

Page 302: ...If you try to connect to the F Secure Anti Virus for Microsoft Exchange Web Console from a remote host make sure that the connection is not blocked by a firewall or proxy server E 4 1 Installing Servi...

Page 303: ...you place the Quarantine storage on a FAT drive everyone who has access to that drive will be able to get access to the quarantined content Create and adjust access rights to the Quarantine storage m...

Page 304: ...E 5 Frequently Asked Questions All support issues frequently asked questions and hotfixes can be found under the support pages at http support f secure com For more information see Technical Support...

Page 305: ...305 Technical Support F Secure Online Support Resources 306 Web Club 308 Virus Descriptions on the Web 308...

Page 306: ...orway f secure com If there is no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an online Web submit form accessible th...

Page 307: ...The name and the version number of the operating system on which F Secure products and protected systems are running For Windows include the build number and Service Pack number The version number and...

Page 308: ...ely right click on the F Secure icon in the Window taskbar and choose the Web Club command To connect to the Web Club directly from within your Web browser go to http www f secure com small_businesses...

Page 309: ...all with intrusion prevention antispam and antispyware solutions Founded in 1988 F Secure has been listed on the Helsinki Exchanges since 1999 and has been consistently growing faster than all its pub...