F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00, Deployment Manual

Page 1: ...F Secure Anti Virus for Microsoft Exchange Deployment Guide...

Page 2: ...in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2010 F Secure Corporation All rights reserved Portion...

Page 3: ...13 1 4 Scanning Methods 15 1 5 F Secure Anti Virus Mail Server and Gateway Products 16 Chapter 2 Deployment 17 2 1 Installation Modes 18 2 2 Network Requirements 19 2 3 Deployment Scenarios 20 2 3 1 S...

Page 4: ...xchange 42 3 8 After the Installation 55 3 8 1 Importing Product MIB files to F Secure Policy Manager Console 55 3 8 2 Configuring the Product 56 3 9 Upgrading from Previous Product Versions 58 3 10 U...

Page 5: ...tine on a Dedicated Computer 97 A 4 Administering the Cluster Installation with F Secure Policy Manager 99 A 5 Using the Quarantine in the Cluster Installation 100 A 6 Using the Product with High Avai...

Page 6: ...4 ABOUT THIS GUIDE How This Guide Is Organized 5 Conventions Used in F Secure Guides 6...

Page 7: ...how to configure F Secure Spam Control Appendix A Deploying the Product on a Cluster Instructions how to deploy and use F Secure Anti Virus for Microsoft Exchange on a cluster Appendix B Services and...

Page 8: ...lder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen Courier New bold is used for information that you must type WARNING The w...

Page 9: ...nd printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F Secure at http www f secur...

Page 10: ...8 1 INTRODUCTION Overview 9 How F Secure Anti Virus for Microsoft Exchange Works 10 Key Features 13 Scanning Methods 15 F Secure Anti Virus Mail Server and Gateway Products 16...

Page 11: ...the company network from any malicious code that travels in HTTP or SMTP traffic In addition they protect your company network against spam The protection can be implemented on the gateway level to s...

Page 12: ...d Stripped attachments can also be placed in the Quarantine for further examination Flexible and Scalable Anti Virus Protection F Secure Anti Virus for Microsoft Exchange is installed on Microsoft Exc...

Page 13: ...or Microsoft Exchange can be installed either in stand alone or centrally administered mode Depending on how it has been installed F Secure Anti Virus for Microsoft Exchange is managed either with the...

Page 14: ...ication between F Secure Anti Virus for Microsoft Exchange and F Secure Policy Manager Console It exchanges security policies software updates status information statistics alerts and other informatio...

Page 15: ...cursive scanning of ARJ BZ2 CAB GZ JAR LZH MSI RAR TAR TGZ Z and ZIP archive files Automatic and consistent virus definition database updates Suspicious and unsafe attachments can be stripped away fro...

Page 16: ...Microsoft Exchange Web Console Possibility to configure and manage stand alone installations with the convenient F Secure Anti Virus for Microsoft Exchange Web Console You can manage and search quaran...

Page 17: ...rus patterns and security threats All possibly harmful messages are quarantined as unsafe The proactive virus threat detection can detect new viruses during the first minutes of the outbreak Grayware...

Page 18: ...per for Linux provides a high performance solution at the Internet gateway level stopping viruses and other malicious code before they spread to end users desktops or corporate servers The product sca...

Page 19: ...17 2 DEPLOYMENT Installation Modes 18 Network Requirements 19 Deployment Scenarios 20...

Page 20: ...cure Policy Manager components F Secure Policy Manager Server and F Secure Policy Manager Console To administer F Secure Anti Virus for Microsoft Exchange in the centrally administered mode you have t...

Page 21: ...UDP and TCP 1433 TCP only with the dedicated SQL server F Secure Automatic Update Agent ProgramFiles F Secure FSA UA program fsaua exe DNS 53 UDP and TCP HTTP 80 and or another port used to connect t...

Page 22: ...21 If you have multiple Microsoft Exchange Servers see Multiple Exchange 2003 Servers 22 If you have multiple Microsoft Exchange Servers with Exchange Edge and Mailbox Server roles see Multiple Excha...

Page 23: ...outbound messages over SMTP Usually the server is located behind the firewall or router Installing F Secure Anti Virus for Microsoft Exchange Install F Secure Anti Virus for Microsoft Exchange to the...

Page 24: ...servers may be clustered Installing F Secure Anti Virus for Microsoft Exchange Install F Secure Anti Virus for Microsoft Exchange to both front end and back end Exchange servers In addition the front...

Page 25: ...r is deployed either on a separate server or on the same server with the Mailbox Server The Edge Server handles incoming and outgoing messages using SMTP and Mailbox Server holds all mailboxes and pub...

Page 26: ...You can administer the product with F Secure Policy Manager Console When you install the product configure each installation to connect to the same F Secure Policy Manager Server The product installat...

Page 27: ...Install F Secure Anti Virus for Microsoft Exchange to the server where Exchange Edge Hub and Mailbox Server roles are deployed In addition the Edge server can be protected with F Secure Spam Control D...

Page 28: ...duct with F Secure Policy Manager Console When you install the product configure each installation to connect to the same F Secure Policy Manager Server The product installations receive anti virus an...

Page 29: ...ange Server installations For example you have front end and back end servers running Exchange Server 2003 or a network configuration with Edge and Mailbox roles running Exchange Server 2007 2010 Micr...

Page 30: ...ded in F Secure Anti Virus for Microsoft Exchange the Quarantine database size is limited to 4 GB You can use F Secure Anti Virus for Microsoft Exchange Web Console to manage and search quarantined co...

Page 31: ...pen the General page and change the password Confirm the new password that you entered 6 Open the Status page and select Enabled in the Login section 7 Click OK 8 In Object Explorer right click on the...

Page 32: ...Requirements 36 Improving Reliability and Performance 39 Installation Overview 41 Installing F Secure Anti Virus for Microsoft Exchange 42 After the Installation 55 Upgrading from Previous Product Ver...

Page 33: ...to system requirements and the installation procedure It is highly recommended to read the release notes before you proceed with the installation Operating system Microsoft Windows Server 2003 Standa...

Page 34: ...uct on a cluster see Deploying the Product on a Cluster 68 For performance and security reasons it is not possible to install the product on any other than an NTFS partition Disk space for processing...

Page 35: ...ting system Microsoft Windows Server 2003 Standard x64 Edition with the latest service pack Microsoft Windows Server 2003 Enterprise x64 Edition with the latest service pack Microsoft Windows Server 2...

Page 36: ...Continuous Replication CCR Single Copy Cluster SCC For detailed instructions how to deploy and install the product on a cluster see Deploying the Product on a Cluster 68 For performance and security r...

Page 37: ...icrosoft Windows Server 2008 R2 Enterprise Edition Processor Intel x64 processor with Extended Memory 64 Technology EM64T AMD processor that supports the AMD64 platform Memory 4 GB minimum Disk space...

Page 38: ...nagement Requirements F Secure Policy Manager 9 00 or later is required if you plan to install the product in the centralized administration mode and manage it with F Secure Policy Manager Console 3 3...

Page 39: ...SQL Server 2000 with Service Pack 4 and Microsoft SQL Server 2000 Desktop Engine MSDE with Service Pack 4 Which SQL Server to Use for the Quarantine Database As a minimum requirement the Quarantine d...

Page 40: ...r 2000 2005 or 2008 It is recommended to use Microsoft SQL Server if you are planning to use centralized quarantine management with multiple F Secure Anti Virus for Microsoft Exchange installations No...

Page 41: ...e Anti Virus for Microsoft Exchange Microsoft NET Framework can be downloaded from the Microsoft Download Center 3 3 3 Web Browser Software Requirements In order to administer the product with F Secur...

Page 42: ...might be enough to increase the size of the virtual memory In this case large messages will slow the system down Hard Drive Hard drive size is an important reliability factor Hard drive performance i...

Page 43: ...other anti virus file encryption and disk encryption software which employ low level device drivers before you install F Secure Anti Virus for Microsoft Exchange To administer F Secure Anti Virus for...

Page 44: ...t Exchange For more information see Installing F Secure Anti Virus for Microsoft Exchange 42 2 Check that F Secure Automatic Update Agent can retrieve the latest virus and spam definition databases Fo...

Page 45: ...tallation Step 2 Read the information in the Welcome screen Click Next to continue Step 3 Read the license agreement If you accept the agreement check the I accept this agreement checkbox and click Ne...

Page 46: ...the product keycode Click Next to continue Step 5 Choose the components to install For more information about F Secure Spam Control consult F Secure Anti Virus for Microsoft Exchange Administrator s G...

Page 47: ...ation Click Next to continue Step 7 Choose the administration method If you install F Secure Anti Virus for Microsoft Exchange in stand alone mode you cannot configure settings and receive alerts and...

Page 48: ...Policy Manager Console setup You can transfer the public key in various ways use a shared folder on the file server a USB device or send the key as an attachment in an e mail message Click Next to con...

Page 49: ...licy Manager Server you installed earlier Click Next to continue Step 10 Enter an SMTP address that will be used by F Secure Anti Virus for Microsoft Exchange to send warning and informational message...

Page 50: ...multiple servers Click Next to continue Step 12 Specify the location of the Quarantine database If you want to install Microsoft SQL Server 2005 Express Edition and the Quarantine database on the same...

Page 51: ...SQL Server 2005 Express Edition Enter the password for the database server administrator account that will be used to create the new database Click Next to continue b Specify the computer name of the...

Page 52: ...password that you want to use to connect to the quarantine database Use a different account than the server administrator account If the new account does not exist the product creates it during the in...

Page 53: ...ct whether you want to install the product with F Secure World Map Support The product can collect and send statistics about viruses and other malware to the F Secure World Map service If you agree to...

Page 54: ...Anti Virus for Microsoft Exchange MIB files If the installation program cannot connect to F Secure Policy Manager Server the following dialog opens Make sure that the computer where you are installin...

Page 55: ...ng the Setup again Step 17 The list of components that will be installed is displayed Click Start to install listed components If the product MIB files cannot be uploaded to F Secure Policy Manager du...

Page 56: ...54 Step 18 The installation status of the components is displayed Click Next to continue Step 19 The installation is complete Click Finish to close the Setup wizard...

Page 57: ...will have to import the MIB files if F Secure Anti Virus for Microsoft Exchange is located in a different network segment than F Secure Policy Manager and there is a firewall between them blocking acc...

Page 58: ...ify the IP addresses of hosts that belong to your organization For more information see Network Configuration 57 Verify that the product is able to retrieve the virus and spam definition database upda...

Page 59: ...hat come from hosts that are not defined as internal SMTP sender hosts are considered inbound 4 E mail messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SM...

Page 60: ...e policy migration report The link to the report is in the Getting Started page 3 Check the product configuration to finish the upgrade Centralized Administration Mode Before you install the latest ve...

Page 61: ...4 F Secure Policy Manager Console prompts you to migrate the previous policy settings to the new version 5 To migrate policy settings click Yes If you want to migrate policy settings later follow the...

Page 62: ...or register the new keycode from F Secure Settings and Statistics To register the new keycode 8 Log in to the F Secure Anti Virus for Microsoft Exchange Web Console The evaluation screen is opened 9...

Page 63: ...t Add Remove Programs from the Windows Control Panel To uninstall F Secure Anti Virus for Microsoft Exchange completely uninstall the components in the following order 1 F Secure Spam Control if it wa...

Page 64: ...62 4 CONFIGURING F SECURE SPAM CONTROL Overview 63 Realtime Blackhole List Configuration 64...

Page 65: ...e Agent Database updates are digitally signed for maximum security and you can use only these updates for updating the F Secure Spam Control spam definition databases In Microsoft Exchange 2007 and 20...

Page 66: ...r should be configured to allow recursive DNS queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the host where F Secure Spam...

Page 67: ...correctly you should see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DUL...

Page 68: ...creases when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default the product processes a m...

Page 69: ...6 1 4 1 2213 18 1 35 500 has been set to 5 To take the new setting into use restart F Secure Content Scanner Server IMPORTANT Each additional instance of the Spam Scanner takes approximately 25Mb of m...

Page 70: ...ng Quarantine Storage 71 Administering the Cluster Installation with F Secure Policy Manager 99 Using the Quarantine in the Cluster Installation 100 Using the Product with High Availability Architectu...

Page 71: ...he installation make sure that Named Pipes and TCP IP protocols are enabled in SQL Server network configuration 3 Create the quarantine storage where the product will place quarantined e mail messages...

Page 72: ...ce 94 In the environment with Quarantine on dedicated computer see more information on Installing on Clusters with Quarantine on a Dedicated Computer 97 5 Create a policy domain for the cluster in F S...

Page 73: ...ted computer see Quarantine Storage in Active Active Cluster 76 To install Quarantine as a cluster resource follow these instructions 1 Log on to the active node of the cluster with the domain adminis...

Page 74: ...72 Enter the following information Name F Secure Quarantine Storage Resource Type File Share Group make sure that your Exchange Virtual Server is selected Click Next 5 Possible Owners dialog opens...

Page 75: ...APPENDIX A 73 Deploying the Product on a Cluster 6 Verify that all nodes that are running Exchange Server are listed under Possible owners and click Next 7 Dependencies dialog opens...

Page 76: ...opens Type FSAVMSEQS as Share name Note the dollar character at the end of the share name makes the share hidden when you view network resources of the cluster with Windows Explorer Enter the director...

Page 77: ...nd Read permissions for Exchange Domain Servers and SYSTEM and Full Control Change and Read permissions for Administrator account Click OK 10 In File Share Parameters dialog click Advanced Make sure t...

Page 78: ...d computer This computer should be the member of the same domain as your Exchange Servers 1 Log on to the server where you plan to create the quarantine storage for example APPSERVER with a domain adm...

Page 79: ...ons 5 Permissions dialog opens Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names Remove Everyone account Grant Change and Read permissions for Exchange Domain Servers and...

Page 80: ...ermissions for Exchange Domain Servers and SYSTEM Grant all permissions for Administrator Click OK 7 To verify that the quarantine storage is accessible log on as the domain administrator to any node...

Page 81: ...er resource follow the instructions for either Windows 2003 Based Cluster 79 or Windows 2008 based cluster 84 Windows 2003 Based Cluster 1 Log on to the active node of the cluster with the domain admi...

Page 82: ...e b In the Resource Type list select File Share c In the Group list make sure that your Exchange Virtual Server is selected Click Next to continue 6 Make sure that all nodes that are running Exchange...

Page 83: ...ce dependencies list Click Next to continue 8 Use the following settings as the File Share parameters a Type FSAVMSEQS as the share name and F Secure Quarantine Storage as comment b Make sure that Use...

Page 84: ...s a Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names list b Remove the Everyone account c Grant Change and Read permissions for Exchange Domain Servers and SYSTEM d Gran...

Page 85: ...Product on a Cluster Click OK to continue 10 Click Advanced to open Advanced File Share Properties Make sure that Normal share is selected Click OK to continue 11 Click Finish to create the F Secure...

Page 86: ...irectory for the quarantine storage on the physical disk shared by the cluster nodes You can create it on the same disk where the Exchange Server storage and logs are located 3 After the quarantine di...

Page 87: ...ster Add Administrators Exchange Servers and SYSTEM with Contributor permission levels Press Share to close the window and enable the share 4 Check that everything is configured correctly The Failover...

Page 88: ...ication Environment For a Continuous Cluster Replication CCR cluster installation the quarantine storage must be set on a dedicated computer This computer has to be a member in the same domain with Ex...

Page 89: ...he share name and F Secure Quarantine Storage as comment b Make sure that User Limit is set to Maximum allowed Click Permissions to set permissions The dollar character at the end of the share name ma...

Page 90: ...users a Add Administrator Exchange Domain Servers and SYSTEM to the Group or user names list b Grant Change and Read permissions for Exchange Domain Servers and SYSTEM c Grant Full Control Change and...

Page 91: ...l Control permissions for Exchange Domain Servers and SYSTEM c Grant all permissions for the Administrator account Click OK to finish To make sure that the quarantine storage is accessible follow thes...

Page 92: ...in the same domain with Exchange Servers 1 Log on to the server where you will create the quarantine storage for example APPSERVER with the domain administrator account 2 Open Windows Explorer and cr...

Page 93: ...e share 8 Change permissions as follows a Remove all existing groups and users b Add Administrator Exchange Servers and SYSTEM to the Group or user names list c Grant Change and Read permissions for E...

Page 94: ...ick Edit a Remove all existing groups and users b Add Administrator Exchange Servers and SYSTEM to the Group or user names list c Grant all except Full Control permissions for Exchange Servers and SYS...

Page 95: ...configured the quarantine storage make sure that it is accessible Follow these instructions 1 Log on as the domain administrator to any node of the cluster 2 Open Server FSAVMSEQS with Windows Explore...

Page 96: ...onfigured as cluster resource in Exchange Virtual Server 1 Log on to the active node of the cluster using a domain administrator account 2 Run F Secure Anti Virus for Microsoft Exchange setup wizard I...

Page 97: ...s the Quarantine Directory For example EVSName FSAVMSEQS where EVSName is the network name of your Exchange Virtual Server 4 The setup program asks to specify the SQL Server to use for the quarantine...

Page 98: ...be used to access the database 6 Complete the installation on the active node 7 Log on to the passive node of the cluster using a domain administrator account Repeat steps 2 4 8 After you specify the...

Page 99: ...Anti Virus for Microsoft Exchange setup wizard Install the product in the centralized management mode Specify the IP address of F Secure Policy Manager Server and admin pub that you created during th...

Page 100: ...he quarantine database Select the server running Microsoft SQL Server 5 The setup program asks to specify the database name where quarantined items are stored Specify the name for the database and ent...

Page 101: ...rantine database Select Use the existing database 9 Complete the installation on the second node A 4 Administering the Cluster Installation with F Secure Policy Manager To administer the product insta...

Page 102: ...t one node of the cluster is currently online Configuring Mailbox Role Servers However as the clustered Exchange 2007 can have the mailbox role only and not all members of Exchange 2010 Database Avail...

Page 103: ...ate it 2 Under the Parameters subkey create PickupFolderPath string value that points to the Pickup Folder share of the hub server that has been created earlier HubServerName Pickup After these steps...

Page 104: ...olders on one node the scan goes through all Public Folders the account can access including those Public Folder Databases that are located on other nodes To avoid collisions where one item would be e...

Page 105: ...e product from passive nodes 3 After the product has been uninstalled from every node reboot computers one at the time A 8 Troubleshooting If the product fails to quarantine a file or reports that the...

Page 106: ...104 B APPENDIX Services and Processes List of Services and Processes 105...

Page 107: ...interfaces for reading and writing policy settings statistics and sending alerts F Secure Automatic Update Agent fsaua exe This service takes care of fetching updates from FSPM or FS Update server F S...

Page 108: ...A service responsible for starting other services and monitoring them F Secure Network Request Broker fnrb32 exe The service handles the communication with F Secure Policy Manager via HTTP interface f...

Page 109: ...cy Manager Console LogFile log Windows event log and SMTP server fsm32 exe The F Secure Settings and Statistics User Interface The process is not running unless the user is logged in to the system fih...

Page 110: ...108 Technical Support F Secure Online Support Resources 109 Web Club 111 Virus Descriptions on the Web 111...

Page 111: ...m If there is no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an online Web submit form accessible through F Secure su...

Page 112: ...the version number of the operating system on which F Secure products and protected systems are running For Windows include the build number and Service Pack number The version number and the configur...

Page 113: ...he banner Alternatively right click on the F Secure icon in the Window taskbar and choose the Web Club command To connect to the Web Club directly from within your Web browser go to http www f secure...

Page 114: ...er in the market of internet and computer security The solutions are also available as licensed products through thousands of resellers globally F Secure aspires to be the most reliable mobile and com...

Page 115: ......