F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE, Administrator'S Manual

Page 1: ...F Secure Anti Virus for Microsoft Exchange Administrator s Guide...

Page 2: ...ransmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of F Secure Corporation Copyright 1993 2008 F Secure Corporation All rights reser...

Page 3: ...Chapter 2 Requirements 19 2 1 Which SQL Server to Use for the Quarantine Database 20 2 2 Network Requirements 21 2 3 Web Browser Software Requirements 22 2 4 Improving Reliability and Performance 23...

Page 4: ...ts 90 4 2 4 Content Filtering 100 4 2 5 Manual Scanning 107 4 2 6 Quarantine 111 4 2 7 Advanced 121 4 2 8 Internal Domains 127 4 3 F Secure Content Scanner Server Settings 129 4 3 1 Summary 129 4 3 2...

Page 5: ...pam Control Settings in Web Console 180 6 3 Realtime Blackhole List Configuration 185 6 3 1 Enabling Realtime Blackhole Lists 185 6 3 2 Optimizing F Secure Spam Control Performance 187 Chapter 7 Updat...

Page 6: ...C 4 1 Installing Service Packs 207 C 4 2 Securing the Quarantine 207 C 5 Frequently Asked Questions 208 C 6 F Secure Automatic Update Agent Troubleshooting 213 Technical Support 218 F Secure Online S...

Page 7: ...7 ABOUT THIS GUIDE How This Guide Is Organized 8 Conventions Used in F Secure Guides 13...

Page 8: ...Web Console Instructions how to administer F Secure Anti Virus for Microsoft Exchange with the Web Console Chapter 6 Administering F Secure Spam Control General information about and instructions on...

Page 9: ...black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a situ...

Page 10: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Page 11: ...11 1 INTRODUCTION Overview 12 How F Secure Anti Virus for Microsoft Exchange Works 13 Key Features 15 F Secure Anti Virus Mail Server and Gateway Products 17...

Page 12: ...ny network from any malicious code that travels in HTTP or SMTP traffic In addition they protect your company network against spam The protection can be implemented on the gateway level to screen all...

Page 13: ...oft Exchange can be configured to disinfect or drop the content Any malicious code found during the scan process can be placed in the Quarantine where it can be further examined Stripped attachments c...

Page 14: ...to new and emerging threats In fact F Secure is one of the only companies to release tested virus definition updates on a daily basis to make sure our customers are receiving the highest quality serv...

Page 15: ...osoft Exchange provides the following features and capabilities Superior Protection Superior detection rate with multiple scanning engines Automatic malicious code detection and disinfection Heuristic...

Page 16: ...rus outbreaks Quarantined unsafe messages can be reprocessed automatically Transparency and Scalability Viruses are intercepted before they can enter the network and spread out on workstations and ser...

Page 17: ...level F Secure Internet Gatekeeper works independently of firewall and e mail server solutions and does not affect their performance F Secure Anti Virus for Microsoft Exchange protects your Microsoft...

Page 18: ...ans and blocks and filters out specified file types ActiveX and Java code can also be scanned or blocked The product receives updates automatically from F Secure keeping the virus protection always up...

Page 19: ...MENTS Which SQL Server to Use for the Quarantine Database 20 Network Requirements 21 Web Browser Software Requirements 22 Improving Reliability and Performance 23 Configuring the Product After the Ins...

Page 20: ...ktop Engine MSDE the Quarantine database size is limited to 2 GB MSDE includes a concurrent workload governor that limits the scalability of MSDE For more information see http msdn microsoft com libra...

Page 21: ...ll scenarios described in this chapter Make sure that the following network traffic can travel If you plan to use Microsoft SQL Server 2005 you must purchase it and obtain your own license before you...

Page 22: ...or 3 5 or later Any other web browser supporting HTTP 1 0 SSL Java scripts and cookies may be used as well Microsoft Internet Explorer 5 5 or earlier cannot be used to administer the product FSNRB Pro...

Page 23: ...ze of mail messages is big or Microsoft Exchange Server has to process large messages regularly increasing the amount of physical memory increases the overall performance If large messages are process...

Page 24: ...ition database updates Configure F Secure Anti Virus for Microsoft Exchange Use the F Secure Anti Virus for Microsoft Exchange Web Console to configure the settings of F Secure Anti Virus for Microsof...

Page 25: ...for Microsoft Exchange 26 Using the Web Console 66 Checking the Product Status 29 Configuring the Web Console 32 Using F Secure Policy Manager Console 73 Modifying Settings and Viewing Statistics 33 M...

Page 26: ...Console You can open F Secure Settings and Statistics by double clicking the F Secure icon in the Windows system tray 3 1 1 Logging in for the First Time Microsoft Internet Explorer 6 0 users The add...

Page 27: ...click it to run the utility 3 The utility creates a certificate that will be issued to all local IP addresses and restarts the F Secure Anti Virus for Microsoft Exchange Web Console service to take t...

Page 28: ...ficate Import Wizard 4 Follow the instructions in the Certificate Import Wizard When the wizard has completed you are prompted to add the new certificate in the Certificate Root Store Click Yes 5 If t...

Page 29: ...all product status on the Home page The Home page displays an overview of each component status and most important statistics of the installed F Secure Anti Virus for Microsoft Exchange components Fro...

Page 30: ...ntent Scanner Server statistics Status indicator Displays the status of F Secure Anti Virus for Microsoft Exchange Processed messages Displays the total number of messages that have been processed Inf...

Page 31: ...er of the update for that day Scanned files Displays the number of files the server has scanned for viruses Last time infection found Displays the last infection detected by the server Status indicato...

Page 32: ...tistics in a new Internet browser window Select File Save As to save or print the file for later use Click Configure Console to configure the F Secure Anti Virus for Microsoft Exchange Web Console For...

Page 33: ...tration with Web Console 70 To view statistics for real time scanning select Summary on the options tree To reset all counters to zero click Reset Statistics To view statistics for the latest manual s...

Page 34: ...s of mailboxes and Public Folders and the numbers of processed mailboxes and Public Folders In the bottom of the property page the results of the previous manual scan are shown the numbers of processe...

Page 35: ...Secure Content Scanner Server 3 Click Next to continue If F Secure Anti Virus for Microsoft Exchange is operating on a system that has multiple processors or you are using a high performance computer...

Page 36: ...xes Process only these mailboxes Process all specified mailboxes Process all except these mailboxes Process all except specified mailboxes Click Add to add a new mailbox to the list Click the checkbox...

Page 37: ...e checked for viruses Do not scan attachments for viruses Process messages without scanning any attachments for viruses Scan all attachments Scan all message attachments regardless of filename extensi...

Page 38: ...e Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to use Intelligent File Type Reco...

Page 39: ...not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quarantine infected att...

Page 40: ...not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments except these allowed Strip all except specified attachments Strip only these di...

Page 41: ...pe Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quaran...

Page 42: ...ified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the a...

Page 43: ...ed Public Folders Process all except excluded public folders Process all notes posted to all Public Folders except the listed ones Click Add to add a new Public Folder to the list Click Clear to remov...

Page 44: ...hments are checked for viruses Do not scan attachments for viruses Do not scan any attachments Scan all attachments Scan all message attachments Scan all attachments with these extensions Scan all att...

Page 45: ...usually considered safe to use Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to u...

Page 46: ...t or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quarantine infected attachments Spe...

Page 47: ...Strip attachments Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all mess...

Page 48: ...Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachments Specify whether stripped attachments should be quarantined or dropped Quarantine attachm...

Page 49: ...ld be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert...

Page 50: ...d displays the summary of created operation Click Finish accept the new manual scanning operation and to exit the wizard Creating Scheduled Operation Start the Scheduled Operation Wizard by clicking A...

Page 51: ...ry day at the specified time starting from the specified date Weekly Every week at the specified time on the same day when the first operation is scheduled to start Monthly Every month at the specifie...

Page 52: ...you want to process all messages or only those messages that have not been processed previously during the scheduled processing 2 Specify how many concurrent transactions the scanner can have with F...

Page 53: ...ilboxes Process all mailboxes Process only these mailboxes Process all specified mailboxes Process all except these mailboxes Process all except specified mailboxes Click Add to add a new mailbox to t...

Page 54: ...s to scan Specify which message attachments are checked for viruses Do not scan attachments for viruses Process messages without scanning any attachments for viruses Scan all attachments Scan all mess...

Page 55: ...ile Type Recognition Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use Intelligent File Type Recognition can recognize the real...

Page 56: ...pient Drop attachment Do not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachment...

Page 57: ...ed operation Strip attachments Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments...

Page 58: ...ed Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attach...

Page 59: ...e administrator should be notified when F Secure Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an...

Page 60: ...ers Process all except excluded public folders Process all notes posted to all Public Folders except the listed ones Click Add to add a new Public Folder to the list Click Clear to remove the selected...

Page 61: ...tachments to scan Specify which message attachments are checked for viruses Do not scan attachments for viruses Do not scan any attachments Scan all attachments Scan all message attachments Scan all a...

Page 62: ...e Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed Specify whether you want to use Intelligent File Type Reco...

Page 63: ...op attachment Do not disinfect or deliver infected attachments All infected attachments are dropped By default F Secure Anti Virus for Microsoft Exchange tries to disinfect infected attachments Quaran...

Page 64: ...nts Specify which attachments should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes...

Page 65: ...le the attachment is processed Specify whether you want to use Intelligent File Type Recognition or not Action Action on stripped attachment Specify whether stripped attachments should be quarantined...

Page 66: ...Anti Virus for Microsoft Exchange strips an attachment Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send wa...

Page 67: ...events such as starting stopping modules low disk space etc Alerts are also sent when a program or operation has encountered a problem You can configure alert forwarding by editing the Alert Forwardi...

Page 68: ...an send an alert to any of the following Windows Event Viewer E mail SNMP To forward alerts to an e mail specify the e mail address of the recipient Follow these instructions 1 Click Add to add a new...

Page 69: ...ed alert is displayed in the following format Ack Click Ack to acknowledge the alert If all alerts are acknowledged Ack is grayed out Severity The severity of the alert Each severity level has its own...

Page 70: ...ION WITH WEB CONSOLE Overview 71 F Secure Anti Virus for Microsoft Exchange Settings 71 F Secure Content Scanner Server Settings 129 F Secure Automatic Update Agent Settings 152 F Secure Management Ag...

Page 71: ...ouble click the F Secure Settings and Statistics icon in the Windows system tray and double click F Secure Anti Virus for Microsoft Exchange or select it from the Start menu Programs F Secure Anti Vir...

Page 72: ...72 4 2 1 Summary The Summary page displays the current status of the product and a summary of the most important product statistics Figure 4 1 Summary page...

Page 73: ...the build number of installed F Secure Anti Virus for Microsoft Exchange Protected mailboxes Displays the number of currently protected mailboxes Protected public folders Displays the number of curren...

Page 74: ...to be checked for malicious code Figure 4 2 Virus Scanning Statistics page Statistics Infections found Displays the total number of infections found Infections found within outbreak interval Displays...

Page 75: ...attachments Infected Displays the number of attachments that have been infected with malicious code Suspicious Displays the number of stripped messages and messages that have not been scanned reliably...

Page 76: ...dit the Virus Scanning Common settings to specify which messages should be scanned for malicious code Figure 4 3 Virus Scanning Common settings Note that you may have to scroll the page to view all th...

Page 77: ...ename extensions You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes Separate the extensions by spaces Scan mail message body Specify whe...

Page 78: ...safe content that has unsafe filename extension for example a text file using the doc filename extension Intelligent File Type Recognition can degrade the system performance Max level of nested messag...

Page 79: ...messages are quarantined if the Quarantine Problematic Mails setting on the General Quarantine page is set to Yes Pass Through Nested e mail messages will be scanned up to level specified in the Max...

Page 80: ...is found and to specify the trusted mailboxes and the warning messages for infected inbound mails These settings are specific to the mails that are destined to the internal domains defined under the G...

Page 81: ...g Message to Sender setting enabled When this setting is enabled all messages are scanned when they enter the system The clean messages will be delivered to the mailbox server where they will be scann...

Page 82: ...are sent to another store Notification message options Add warning message to the original message Specify whether a virus warning message should be added to the mail message which had infected conten...

Page 83: ...content By default F Secure Anti Virus for Microsoft Exchange does not send the virus warning message to the sender The virus warning message will be sent to the sender of the infected message only i...

Page 84: ...Virus Scanning Outbound Mail real time processing settings to define what should be done to infected outbound messages and set warning messages to infected outbound mails Figure 4 5 Virus Scanning Ou...

Page 85: ...icrosoft Exchange to disinfect infected files and stop the whole message if an infection is found messages are not stopped if they are send from a MAPI client if they can be disinfected Messages are s...

Page 86: ...de and to set warning messages to infected Public Folder notes Figure 4 6 Virus Scanning Public Folders settings Add disclaimer to all outgoing messages Specify whether you want to add a disclaimer to...

Page 87: ...Public Folders from the list Examine public folders Examine public folders Specify public folders that should be scanned for viruses Do not scan public folders Do not process any Public Folders Scan...

Page 88: ...eeds a specified value Notifications Send warning message to originator Specify whether a virus warning message should be sent to the original writer of the note which had infected content that could...

Page 89: ...of infected objects that should be found within a specified time period for it to be considered as a virus outbreak Use the value zero 0 to disable the outbreak notification By default the outbreak no...

Page 90: ...folders Send outbreak notification message Specify whether outbreak notification e mail should be sent to the notification addresses specified in the Notification Addresses setting when a virus outbr...

Page 91: ...it On Access stripping attachments settings to set which attachments should be stripped during the on access scanning Statistics Attachments stripped Displays the number of stripped attachments in inb...

Page 92: ...nts should be stripped from messages and public folder notes Do not strip Do not strip any attachments Strip all attachments Strip all attachments from all messages and notes Strip all attachments exc...

Page 93: ...attachment Action on stripped attachment Specify whether stripped attachments should be quarantined or dropped Quarantine attachment All stripped attachments are placed in the Quarantine For more inf...

Page 94: ...e Anti Virus for Microsoft Exchange does not send an informational message to the sender Notify administrator Specify whether the administrator should be notified when F Secure Anti Virus for Microsof...

Page 95: ...ping Attachments Inbound Mail settings to specify which attachments should be stripped from the inbound mail For settings descriptions see below Figure 4 10 Stripping Attachments Inbound Mail settings...

Page 96: ...ypes on the extensions lists by typing the file extensions in the file extensions text boxes Separate the extensions by spaces Enable File Type Recognition Trojans and other malicious code can disguis...

Page 97: ...be excluded from real time content filtering and attachment stripping Trusted mailbox feature works only for messages that are sent directly to an address defined as trusted mailbox If the message ha...

Page 98: ...o sender Specify whether an informational message should be sent to the sender of the mail message which had the stripped attachment Click Edit to edit the warning message that is sent to the sender o...

Page 99: ...s see Inbound Mail 95 Send security alert Send a security alert to the administrator By default F Secure Anti Virus for Microsoft Exchange sends an informational alert to the administrator For more in...

Page 100: ...Content Filtering settings specify how content should be filtered based on keywords found in message subject and content The Spam Control settings are also located under the Content Filtering branch...

Page 101: ...total number of spam messages that have been found Size of spam messages Displays the total size of spam messages that have been found Filtered inbound messages Displays the total number of inbound me...

Page 102: ...settings see Spam Control Settings in Web Console 180 Inbound Mail Edit Content Filtering Inbound Mail settings to define how content should be filtered in the inbound mail based on keywords in messa...

Page 103: ...messages is filtered based on the subjects and texts of the messages as defined on this tab List of disallowed keywords in message subject Lists the keywords that are not allowed in message subject a...

Page 104: ...dd new disallowed keywords or remove keywords from the list Select the checkbox in the column to mark the entries that you want to remove Click Clear to remove the selected entries from the list Trust...

Page 105: ...content Quarantine message The filtered message is placed in the Quarantine Drop message The filtered message will be deleted automatically Send informational message to recipient Specify whether a wa...

Page 106: ...For settings descriptions see Inbound Mail 102 Do not notify Do not send any notification to the administrator Send informational alert Send an informational alert to the administrator Send warning a...

Page 107: ...CHAPTER4 107 Administration with Web Console Figure 4 14 Content Filtering Outbound Mail settings 4 2 5 Manual Scanning You can process mailboxes and public folders manually as needed...

Page 108: ...108 Figure 4 15 Manual Processing page...

Page 109: ...g Elapsed time Displays the time that has elapsed since the manual processing was started Processed number mailboxes Displays the number of mailboxes that have been processed out of the total number o...

Page 110: ...uled Scan Tasks Figure 4 16 Scheduled Processing page Editing Scheduled Tasks The Scheduled tasks table displays all scheduled tasks and the date and time when the next scheduled task occurs for the n...

Page 111: ...arantine Quarantine in F Secure Anti Virus for Microsoft Exchange is handled through a SQL database The product is able to quarantine e mails and attachments which contain malicious or otherwise unwan...

Page 112: ...112 Quarantine Thresholds Figure 4 17 Quarantine thresholds settings...

Page 113: ...disallowed attachments are stored and counted as separate items in the Quarantine storage For example if a message has three attachments and only one of them has been found infected two items will be...

Page 114: ...the intended recipients For more information see Reprocessing the Quarantined Content 171 Notify when quarantine threshold is reached Specify how the administrator should be notified when the Quarant...

Page 115: ...t are retained in the Quarantine Set the value to Disabled to keep all unsafe to process unsafe messages manually Max attempts to process unsafe messages Specify how many times the product tries to re...

Page 116: ...ons table to change the retention period for a particular Quarantine category Delete old items every Specify how often the storage should be cleaned of old quarantined items Use the Quarantine Cleanup...

Page 117: ...fe Retention period Specify an exception to the default retention period for the selected Quarantine category Cleanup interval Specify an exception to the default cleanup interval for the selected Qua...

Page 118: ...ectory Specify the path for Quarantine log files Rotate quarantine logs Specify how often the product rotates Quarantine log files At the end of each rotation time a new log file is created Keep rotat...

Page 119: ...les infected with mass worms or mail viruses such as Sobig or Bagle Quarantine problematic messages Specify if messages that contain malformed or broken attachments should be quarantined for later ana...

Page 120: ...and from which it is retrieved Quarantine database SQL server name The name of the SQL server where the database is located Database name The name of the Quarantine database The default name is FSMSE...

Page 121: ...anges to the Quarantine storage settings make sure that the new directory has the same rights IMPORTANT This setting must be defined as Final with the Restriction Editor before the policies are distri...

Page 122: ...of times to try to send a message if sending it fails Mail sending timeout Specify the number of seconds to wait to try sending a message Scanning Interface Parameters Number of scanning threads Speci...

Page 123: ...ecure Anti Virus for Microsoft Exchange polls new mailboxes every 60 minutes New Public Folder polling interval Specify how often F Secure Anti Virus for Microsoft Exchange should check for newly esta...

Page 124: ...settings to configure the connection between F Secure Anti Virus for Microsoft Exchange and F Secure Content Scanner Server Figure 4 22 Advanced Scanning Servers settings Note that you may have to scr...

Page 125: ...load sharing between them Backup Content Scanner Servers Specify F Secure Content Scanner Servers that act as backup servers for primary servers If F Secure Anti Virus for Microsoft Exchange cannot c...

Page 126: ...interaction mode is disabled data is transferred via data stream sockets It is recommended to use the local interaction mode to obtain the optimum performance Maximum shared memory data size Specify t...

Page 127: ...can use wildcard for example example com Working directory Specify the name and location of the Working directory where temporary files are placed During the installation F Secure Anti Virus for Micro...

Page 128: ...and Content Filtering Inbound Mail settings Editing Internal Domain Addresses To add a new domain name to the list click Add You can use wildcard For example example com To import a list of domain ad...

Page 129: ...f F Secure Content Scanner Server on the computer where the product is installed and running 4 3 1 Summary You can see the current status of the F Secure Content Scanner Server and virus and spam scan...

Page 130: ...plays the current version number and build of F Secure Content Scanner Server Start time Displays the start date and time of F Secure Content Scanner Server Scanned files Displays how many files have...

Page 131: ...the Summary Virus Statistics page in F Secure Anti Virus for Microsoft Exchange Web Console Database Update Version Displays the version of the virus definition database update The version is shown i...

Page 132: ...ften found viruses during the specified time period It also displays the number of times each virus has been found and the percentage that each virus represents of the total number of viruses encounte...

Page 133: ...rld Map support is enabled the product sends encrypted e mail reports periodically to the service These reports list only the name and the amount of found malware and they do not contain any sensitive...

Page 134: ...and build number of the F Secure Spam Scanner Status Shows the status of the F Secure Spam Scanner The possible statuses are Unknown or not installed This status might be displayed right after install...

Page 135: ...ine should be disabled for troubleshooting purposes only Loaded and enabled This status is normally shown for the scan engine It means that the engine has been loaded and will be used for scanning Dat...

Page 136: ...strator if it detects that virus and or spam definition databases are outdated You can change the notification and other database updates settings on the Updates page For more information about virus...

Page 137: ...on databases are the original databases published by F Secure Corporation and that they have not been altered or corrupted in any way before taking them to use Notify when databases become old Specify...

Page 138: ...tes on the Scan Engines page Send warning alert Send a warning alert to the administrator Send security alert Send a security alert to the administrator Do not notify Do not send any notification to t...

Page 139: ...can engines Scan Engine Displays the name of the scan engine Version Displays the version number of the scan engine Database Date Displays the date of the currently used virus definition database Last...

Page 140: ...page Figure 4 29 Scan Engines Properties page Note that you have to scroll the page to view all the settings Scan engine Number of processed files Displays the number of files the selected scan engine...

Page 141: ...tabase date Displays the date of the currently used virus definition database for the selected scan engine Last database update Displays the last date when the virus definition database was updated La...

Page 142: ...0000 cached patterns Class cache size Specify the maximum number of patterns to cache for spam detection service By default the cache size is 10000 cached patterns Increasing cache sizes may increase...

Page 143: ...cannot classify the message Pass through The message is passed through without scanning it for spam Heuristic Scanning F Secure Content Scanner Server checks the message using spam heuristics Trusted...

Page 144: ...to the threat detection center Proxy server address Specify the address of the proxy server Proxy server port Specify the port number of the proxy server Authentication method Specify the authenticat...

Page 145: ...TLM The proxy uses NTLM authentication scheme User name Specify the user name for the proxy server authentication Password Specify the password for the proxy server authentication Domain Specify the d...

Page 146: ...anning F Secure Content Scanner Server can scan files inside archives You can change the archive scanning and other advanced settings in the Virus Scanning Archive Scanning page Figure 4 32 Archive Sc...

Page 147: ...t archives with more nested levels than you have set above as safe or unsafe Treat as safe Archives are scanned to the specified level and allowed through if no infections are found Treat as unsafe Ar...

Page 148: ...archive suspicious and corresponding action will be taken Scan these extensions in archive files Specify files that are scanned inside archives Click Modify to edit the list of extensions you want to...

Page 149: ...are stored Figure 4 33 Advanced settings Advanced Working directory Specify the working directory Enter the complete path to the field or click Browse to browse to the path you want to set as the new...

Page 150: ...the number of Spam Scanner instances to be created and used for spam analysis As one instance of the spam scanner is capable of processing one mail message at a time this setting defines how many mess...

Page 151: ...nge Figure 4 34 Interface settings Service connections IP address Specify the IP address that F Secure Content Scanner Server listens to If you do not assign any IP address 0 0 0 0 F Secure Content Sc...

Page 152: ...neous connections that F Secure Content Scanner Server accepts If you do not want to limit the number of connections set the value to 0 Limit max connections per host to Specify the maximum number of...

Page 153: ...rsion number of F Secure Automatic Update Agent Channel name Displays the channel from where the updates are downloaded Channel address Displays the address of the Automatic Updates Server Latest inst...

Page 154: ...update check Next check time Displays the date and time for the next update check Last successful check time Displays the date and time when the last successful update check was done Current HTTP prox...

Page 155: ...he title of the downloaded package Download time Displays the download date and time Size Displays the size of the downloaded package TItle Displays the title of the downloaded package Installation ti...

Page 156: ...156 4 4 2 Automatic Updates You can configure the Download options on the Downloads page Updates Enable automatic updates Select whether automatic updates are enabled or disabled...

Page 157: ...ng Use Detect connection unless you experience problems with that setting The options available are Assume always connected Assume that the computer is always connected to the Internet Detect connecti...

Page 158: ...gement Agent settings from F Secure Anti Virus for Microsoft Exchange Web Console Home page by clicking the Configure button in the F Secure Management Agent section Note that you may have to scroll t...

Page 159: ...n on the host for example the DNS and WINS names and the IP address In addition it displays the date and time when the policy file that is currently in use was issued and the date and time when the ho...

Page 160: ...Query Results Page 167 Viewing Details of a Quarantined Message 169 Reprocessing the Quarantined Content 171 Releasing the Quarantined Content 172 Removing the Quarantined Content 174 Deleting Old Qua...

Page 161: ...ion see Performance Critical Installation 24 and Microsoft Exchange Cluster Environment 28 The quarantine consists of Quarantine database Quarantine storage Quarantine Database The quarantine database...

Page 162: ...re Messages and attachments that are infected and cannot be automatically disinfected Infected Suspicious content for example password protected archives nested archives and malformed messages Suspici...

Page 163: ...rantine Management 5 3 Searching the Quarantined Content You can search the quarantined content on the F Secure Anti Virus for Microsoft Exchange Quarantine page in the Web Console Figure 5 1 Quaranti...

Page 164: ...age ID and the Sender host of the quarantined mail Mails and attachments Search for both quarantined mails and attachments Reason Select the quarantining reason from the drop down menu For more inform...

Page 165: ...how the operation is progressing The options available are Unprocessed e mails Displays only e mails that the administrator has not set to be released reprocessed or deleted E mails to be released Di...

Page 166: ...ute when the data has been quarantined Sort Results Specify how the search results are sorted by selecting one of the options in the Sort Results by drop down menu based on Date Sender Recipients Subj...

Page 167: ...QID column For more information see Viewing Details of a Quarantined Message 169 The Query Results page displays status icons of the content that was found in the search Icon E mail status Quarantined...

Page 168: ...d Content 172 Click Delete to delete the currently selected e mail from the quarantine or click Delete All to delete all e mail messages that were found For more information see Removing the Quarantin...

Page 169: ...lete to delete the currently selected e mail from the quarantine or click Delete All to delete all e mail messages that were found For more information see Removing the Quarantined Content 174 5 5 Vie...

Page 170: ...server The F Secure Anti Virus for Microsoft Exchange server that processed the message Sender The address of the message sender Recipients The addresses of all the message recipients Sender host The...

Page 171: ...nt name The name of the attachment Attachment size The size of the attachment file Quarantine reason The reason why the content was quarantined Click Download to download the quarantined attachment to...

Page 172: ...processed and found clean are delivered to the intended recipients They are also automatically deleted from the quarantine The progress of the reprocessing operation is displayed in the Web Console 5...

Page 173: ...antined content The Release Quarantined Content dialog opens 5 Specify whether you want to release the content to the original recipient or specify an address where the content is to be forwarded 6 Sp...

Page 174: ...ve been classified as spam Click the Delete All button to delete all the displayed quarantined content 5 You are prompted to confirm the deletion Click OK The content is now removed from the quarantin...

Page 175: ...le 1 day in the Retention Period column 5 Specify a cleanup interval that is shorter than the default value for example 30 minutes in the Cleanup Interval column 6 Enable the exception you just create...

Page 176: ...Quarantine Statistics page E mail messages and infected suspicious and disallowed attachments are stored and counted as separate items in the quarantine storage For example if a message has three att...

Page 177: ...Quarantine storage is moved from C Program Files F Secure Quarantine Manager quarantine to D Quarantine 1 Stop F Secure Quarantine Manager service to prevent any quarantine operations while you move...

Page 178: ...e name and F Secure Quarantine Storage as the description ii On the Permissions page select Administrators have full access other users have read only access Note that the Quarantine storage has file...

Page 179: ...179 6 ADMINISTERING F SECURE SPAM CONTROL Overview 180 Spam Control Settings in Centrally Managed Environments 236 Spam Control Settings in Web Console 180 Realtime Blackhole List Configuration 185...

Page 180: ...re Spam Control spam definition databases In Microsoft Exchange 2003 environment the Microsoft Exchange server can move messages to the Junk mail folder based on the spam confidence level value This f...

Page 181: ...is not enabled by default even if you enable spam filtering from the settings For information on configuring Realtime Blackhole Lists see Realtime Blackhole List Configuration 185 Enable heuristic sp...

Page 182: ...may be falsely identified as spam If the spam filtering level is set to 7 more spam will pass undetected but a smaller number of regular mails will be falsely identified as spam The allowed values ar...

Page 183: ...mail is considered spam NO the mail is not considered spam Example X Spam Flag YES Add X Header with summary Specify if the summary of triggered hits will be added to the mail as X Spam Status header...

Page 184: ...he text that will be added in the beginning of the subject of an e mail considered spam Maximum message size to process for spam Specify the maximum size of mail messages to be scanned for spam If the...

Page 185: ...g The primary DNS server should be configured to allow recursive DNS queries DNS protocol is used to make the DNSBL RBL queries 2 Make sure you do not have a firewall preventing DNS access from the ho...

Page 186: ...see this kind of headers in messages classified as spam X Spam Status YES database version 2005 04 06_1 hits 9 required 5 tests RCVD_IN_DSBL RCVD_IN_NJABL_PROXY RCVD_IN_SORBS_DUL Tests like RCVD_IN_D...

Page 187: ...g time for each mail increases when DNS queries are made If needed the performance can be improved by increasing the number of mails being processed concurrently by F Secure Spam Control By default th...

Page 188: ...500 has been set to 5 To take the new setting into use restart F Secure Content Scanner Server IMPORTANT Each additional instance of the Spam Scanner takes approximately 25Mb of memory process fsavsd...

Page 189: ...189 7 UPDATING VIRUS AND SPAM DEFINITION DATABASES Overview 190 Automatic Updates with F Secure Automatic Update Agent 190 Configuring Automatic Updates 190 Manual Updates 191...

Page 190: ...pdate F Secure Automatic Update Agent uses HTTP protocol to fetch this update Virus and spam definition updates are digitally signed for maximum security You may install and use F Secure Automatic Upd...

Page 191: ...it manually with a program called FSUPDATE or by downloading the LATEST ZIP file 7 4 1 Using FSUPDATE FSUPDATE is a program that automatically updates the virus definition database FSUPDATE can be dow...

Page 192: ...192 A APPENDIX Variables in Warning Messages List of Variables 193 Outbreak Management Alert Variables 195...

Page 193: ...e will be replaced with Unknown Variable Description ANTI VIRUS SERVER The DNS WINS name or IP address of F Secure Anti Virus for Microsoft Exchange CSS NAME The DNS WINS name or IP address of F Secur...

Page 194: ...E The name of the original file or attachment AFFECTED FILESIZE The size of the original file or attachment THREAT The name of the threat that was found in the content For example it can contain the...

Page 195: ...nt Alert Variables INTERVAL TIME Detection interval in minutes INTERVAL MINUTES Outbreak limit of infections within detection interval INFECTIONS LIMIT Actual number of infections found within the det...

Page 196: ...d Processes F Secure Anti Virus for Microsoft Exchange 197 F Secure Content Scanner Server 198 F Secure Anti Virus for Microsoft Exchange Web Console 198 F Secure Management Agent FSMA 199 F Secure Au...

Page 197: ...crosoft Exchange and it is used to get the whole system up and running fswbsthk exe The F Secure Web Storage Hook processes mail in mailboxes and public folders as well as composes and sends warning a...

Page 198: ...tocol SCIP compliant clients F Secure Management Agent starts and controls the service automatically fsdbuh exe The Database Update Handler process verifies and checks the integrity of virus definitio...

Page 199: ...nsible for starting other services and monitoring them fsmb32 exe F Secure Message Broker provides the inter process communication interface for integrated services and applications fch32 exe F Secure...

Page 200: ...ndows event log and SMTP server fih32 exe F Secure Installation Handler enables the remote installation and updating of integrated F Secure products fsm32 exe The F Secure Settings and Statistics User...

Page 201: ...cess that polls and automatically downloads virus and spam definition database updates from F Secure It also handles F Secure Automatic Updates Agent settings and provides the local user interface for...

Page 202: ...02 C TROUBLESHOOTING Overview 203 Starting and Stopping 203 Viewing the Log File 203 Common Problems and Solutions 204 Frequently Asked Questions 208 F Secure Automatic Update Agent Troubleshooting 21...

Page 203: ...Summary page and click Start to activate F Secure Anti Virus for Microsoft Exchange Click Stop to stop it From the command line enter NET STOP FSAVAG4MSE to the command line to stop the service and NE...

Page 204: ...nt Scanner Server are up and running Checking F Secure Anti Virus for Microsoft Exchange 1 Make sure that F Secure Anti Virus for Microsoft Exchange service and all its processes have started Open Ser...

Page 205: ...er running F Secure Anti Virus for Microsoft Exchange has two or more network interfaces including dial up modem connection make sure that all files forwarded to F Secure Content Scanner Server use th...

Page 206: ...anagement Agent F Secure Network Request Broker Check the Task Manager The following processes should be running If any of these processes are not started uninstall and reinstall the F Secure Anti Vir...

Page 207: ...nd I m worried about security of the local Quarantine storage where stripped attachments are quarantined What do you recommend me Solution F Secure Anti Virus for Microsoft Exchange creates and adjust...

Page 208: ...running If a mail cannot be scanned access to it is not allowed Q Why does e mail stay in the Outbox for a while after being sent A F Secure Anti Virus for Microsoft Exchange scans each message for vi...

Page 209: ...Content Scanner Server Settings Q Is it possible to strip attachments with size greater than or equal to a given value A No this is not possible at the moment Use the Exchange Manager to limit the siz...

Page 210: ...it passes the virus scanner but it is not disinfected or stopped The real time scanner scans messages in the message store only once so when the infected message is sent from the trusted mailbox to a...

Page 211: ...22 Recommendations for troubleshooting an Exchange computer with antivirus software installed describes what files and folders should never be scanned with file based antivirus software http support m...

Page 212: ...for the same reason Q During the installation I get a notification that an application is requesting access to a protected system What causes this A You are using Windows 2000 Certificate Service and...

Page 213: ...Automatic Update Agent tries to copy it there again in one minute intervals Click Package Properties to see the error message If the Last Result value is Installed check the date and time in the Firs...

Page 214: ...Check that the current user has appropriate access rights to the destination directory Note that if the destination is a communication directory the same rights are also required for its subdirectori...

Page 215: ...minutes Make sure F Secure Automatic Update Agent is installed in Stand alone mode Open the Settings page in F Secure Automatic Update Agent window The Change button should be disabled Q The Installe...

Page 216: ...cannot connect to the server make sure that your browser can access the Internet Open your browser and connect to http fsbwserver f secure com If you cannot connect to the web page check your network...

Page 217: ...server enable the Use HTTP proxy checkbox on the F Secure Automatic Update Agent window s Settings page and type in the field the proxy server address and port number that you retrieved from your brow...

Page 218: ...218 Technical Support F Secure Online Support Resources 219 Web Club 220 Virus Descriptions on the Web 221...

Page 219: ...no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is an online Web submit form accessible through F Secure support web pag...

Page 220: ...er The version number and the configuration of your Microsoft Exchange Server If possible describe your network configuration and topology A detailed description of the problem including any error mes...

Page 221: ...ect to the Web Club directly from within your Web browser go to http www f secure com anti virus webclub corporate Virus Descriptions on the Web F Secure Corporation maintains a comprehensive collecti...

Page 222: ...222...

Page 223: ...all with intrusion prevention antispam and antispyware solutions Founded in 1988 F Secure has been listed on the Helsinki Exchanges since 1999 and has been consistently growing faster than all its pub...

Page 224: ...224...