Page 1 F-Secure Anti-Virus for Microsoft Exchange Administrator’s Guide...
Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Page 3: Table Of Contents
Chapter 1 Introduction Overview ........................12 How F-Secure Anti-Virus for Microsoft Exchange Works........... 13 Key Features......................15 F-Secure Anti-Virus Mail Server and Gateway Products ........... 17 Chapter 2 Requirements Which SQL Server to Use for the Quarantine Database?.......... 20 Network Requirements....................21 Web Browser Software Requirements ...............
Page 4 Configuring Alert Forwarding ..................67 Viewing Alerts ......................69 Chapter 4 Administration with Web Console Overview ........................71 F-Secure Anti-Virus for Microsoft Exchange Settings ..........71 4.2.1 Summary ......................72 4.2.2 Virus Scanning ....................74 4.2.3 Stripping Attachments ..................90 4.2.4 Content Filtering ...................100 4.2.5 Manual Scanning..................107...
Page 5 Overview ........................180 Spam Control Settings in Web Console..............180 Realtime Blackhole List Configuration ..............185 6.3.1 Enabling Realtime Blackhole Lists ...............185 6.3.2 Optimizing F-Secure Spam Control Performance ........187 Chapter 7 Updating Virus and Spam Definition Databases Overview ........................190 Automatic Updates with F-Secure Automatic Update Agent........190 Configuring Automatic Updates ................190...
Page 6 C.4 Common Problems and Solutions................204 C.4.1 Installing Service Packs................207 C.4.2 Securing the Quarantine................207 C.5 Frequently Asked Questions ..................208 C.6 F-Secure Automatic Update Agent Troubleshooting..........213 Technical Support F-Secure Online Support Resources ................219 Web Club .........................220 Virus Descriptions on the Web ..................221...
Page 7: About This Guide
BOUT UIDE How This Guide Is Organized............8 Conventions Used in F-Secure Guides ........13...
Page 8: How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is divided into the following chapters: Chapter 1. Introduction. General information about F-Secure Anti-Virus for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and Gateway products. Chapter 2. Requirements. System requirements and instructions how to set up F-Secure Anti-Virus for Microsoft Exchange.
Page 9: Conventions Used In F-Secure Guides
Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
Page 10: For More Information
In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.
Page 11: Introduction
NTRODUCTION Overview..................12 How F-Secure Anti-Virus for Microsoft Exchange Works ... 13 Key Features ................15 F-Secure Anti-Virus Mail Server and Gateway Products.... 17...
Page 12: Overview
Sober, Netsky and Bagle, have caused a lot of damage around the world. F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to shield the company network from any malicious code that travels in HTTP or SMTP traffic.
Page 13: How F-Secure Anti-Virus For Microsoft Exchange Works
Introduction How F-Secure Anti-Virus for Microsoft Exchange Works F-Secure Anti-Virus for Microsoft Exchange is designed to detect and disinfect viruses and other malicious code from e-mail transmissions through Microsoft Exchange 2000/2003 Server. Scanning is done in real time as the mail passes through Microsoft Exchange Server. On-demand scanning of user mailboxes and Public Folders is also available.
Page 14 Our team of dedicated virus researchers is on call 24-hours a day responding to new and emerging threats. In fact, F-Secure is one of the only companies to release tested virus definition updates on a daily basis, to make sure our customers are receiving the highest quality service and protection.
Page 15: Key Features
CHAPTER 1 Introduction Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft Exchange, which (2) filters malicious content from mails and attachments, and (3) delivers cleaned files forward. Key Features F-Secure Anti-Virus for Microsoft Exchange provides the following features and capabilities.
Page 16 Controlling and monitoring the behavior of the products remotely. Starting predefined operations remotely. Monitoring statistics provided by the products remotely with F-Secure Anti-Virus for Microsoft Exchange Web Console. You can manage and search quarantined content with the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 17: F-Secure Anti-Virus Mail Server And Gateway Products
Spam detection works in every language and message format. F-Secure Anti-Virus Mail Server and Gateway Products The F-Secure Anti-Virus product line consists of workstation, file server, mail server, gateway and mobile products. F-Secure Internet Gatekeeper is a high performance, totally automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP) virus scanning solution for the gateway level.
Page 18 ActiveX and Java code can also be scanned or blocked. The product receives updates automatically from F-Secure, keeping the virus protection always up to date. A powerful and easy-to-use management console simplifies the installation and configuration of the product.
Page 19: Requirements
EQUIREMENTS Which SQL Server to Use for the Quarantine Database?..20 Network Requirements............... 21 Web Browser Software Requirements ........22 Improving Reliability and Performance........23 Configuring the Product After the Installation......24...
Page 20: Which Sql Server To Use For The Quarantine Database
Express Edition if you are planning to use centralized quarantine management with multiple F-Secure Anti-Virus for Microsoft Exchange installations. MSDE is delivered together with F-Secure Anti-Virus for Microsoft Exchange, and you can install it during the F-Secure Internet Anti-Virus for Microsoft Exchange Setup. For more information, see “Installation...
Page 21: Chapter 2 Requirements
Microsoft SQL Server 2000/2005. Server 2000/2005 It is recommended to use Microsoft SQL Server 2000/2005 if you are planning to use centralized quarantine management with multiple F-Secure Anti-Virus for Microsoft Exchange installations. For more information, see “Performance-Critical Installation”, 24.
Page 22: Web Browser Software Requirements
1433 (TCP), only with the dedicated SQL server Web Browser Software Requirements In order to administer the product with F-Secure Anti-Virus for Microsoft Exchange Web Console, one of the following web browsers is required: Microsoft Internet Explorer 6.0 or later Netscape Communicator 8.1 or later...
Page 23: Improving Reliability And Performance
If the system load is high, a fast processor on the Microsoft Exchange Server speeds up the e-mail message processing. As Microsoft Exchange Server handles a large amount of data, a fast processor alone is not enough to guarantee a fast operation of F-Secure Anti-Virus for Microsoft Exchange. Memory...
Page 24: Configuring The Product After The Installation
Configuring the Product After the Installation After the installation, F-Secure Anti-Virus for Microsoft Exchange is functional, but it is using mostly default values. It is highly recommended to go through all the settings of all installed components. You should also retrieve the latest virus definition database updates.
Page 25: Using F-Secure Anti-Virus For Microsoft Exchange
ECURE IRUS FOR ICROSOFT XCHANGE Overview..................65 Administering F-Secure Anti-Virus for Microsoft Exchange..26 Using the Web Console.............. 66 Checking the Product Status............29 Configuring the Web Console............. 32 Using F-Secure Policy Manager Console........73 Modifying Settings and Viewing Statistics ........33 Manually Processing Mailboxes and Public Folders ....
Page 26: Administering F-Secure Anti-Virus For Microsoft Exchange
To open the F-Secure Anti-Virus for Microsoft Exchange Web Console, start it from F-Secure Settings and Statistics or select F-Secure Anti-Virus for Microsoft Exchange from the Windows Start menu > Programs >...
Page 27 Using F-Secure Anti-Virus for Microsoft Exchange When you log in for the first time, your browser will display a Security Alert dialog window about the security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console. You can create a security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console before logging in, and then install the certificate during the login process.
Page 28 The Security Alert about the F-Secure Anti-Virus for Microsoft Exchange Web Console certificate is displayed. If you install the certificate now, you will not see the Security Alert window again. Click View Certificate to view the certificate information and to install the certificate.
Page 29: Checking The Product Status
CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Figure 3-2 F-Secure Anti-Virus for Microsoft Exchange Home page Checking the Product Status You can check the overall product status on the Home page. The Home page displays an overview of each component status and most important statistics of the installed F-Secure Anti-Virus for Microsoft Exchange components.
Page 30 F-Secure Anti-Virus for Microsoft Exchange The Home page displays the status the F-Secure Anti-Virus for Microsoft Exchange as well as a summary of the F-Secure Anti-Virus for Microsoft Exchange statistics. Status indicator Displays the status of F-Secure Anti-Virus for Microsoft Exchange.
Page 31 Last time infection found Displays the last infection detected by the server. Click Configure to configure F-Secure Content Scanner Server. For more information, see “F-Secure Content Scanner Server Settings”, 129. F-Secure Automatic Update Agent Status indicator Displays the status of F-Secure Automatic Update Agent.
Page 32: Configuring The Web Console
On the F-Secure Anti-Virus for Microsoft Exchange Web Console Configuration page you can specify settings for connections to the server. You can also open the F-Secure Anti-Virus for Microsoft Exchange Web Console access log from this page. Limit session timeout Specify the length of time a client can be connected to the server.
Page 33: Modifying Settings And Viewing Statistics
IP address of the host. Modifying Settings and Viewing Statistics To change F-Secure Anti-Virus for Microsoft Exchange settings in stand-alone mode, open the F-Secure Anti-Virus for Microsoft Exchange Web Console and select the variables you want to change from the options tree.
Page 34: Manually Processing Mailboxes And Public Folders
Manually Processing Mailboxes and Public Folders You can scan mailboxes and Public Folders for viruses and strip attachments manually at any time. You can also create scheduled scan tasks to scan mailboxes and Public Folders periodically. 3.5.1 Stand-alone Mode Specify the manual scanning settings on the Manual Scanning property pages.
Page 35 F-Secure Content Scanner Server. Click Next to continue. If F-Secure Anti-Virus for Microsoft Exchange is operating on a system that has multiple processors or you are using a high-performance computer, you can increase performance by increasing the number of concurrent transactions.
Page 36 Click the checkbox in column to mark a mailbox to be removed. Click Clear to remove all currently marked entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange examines all mailboxes. Click Next...
Page 37 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Step 3. Specify Virus Scanning Settings for Mailboxes 1. Choose settings for virus scanning of mailboxes. Attachments to scan Specify which message attachments are checked for viruses. Do not scan attachments for viruses - Process messages without scanning any attachments for viruses.
Page 38 Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code. By default, F-Secure Anti-Virus for Microsoft Exchange scans message bodies. Although scanning message bodies can slow down the performance, it is recommended as a virus can be carried inside a message body.
Page 39 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Disinfect attachment - Try to disinfect the infected attachment. If the disinfection succeeds, the recipient receives the disinfected file instead of the original one. If the disinfection fails, the infected attachment is dropped, and it is not delivered to the recipient.
Page 40 Step 4. Specify Attachment Stripping Settings for Mailboxes 1. Choose settings for stripping attachments. Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes.
Page 41 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Enable File Type Trojans and other malicious code can disguise Recognition themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 42 Notify administrator Specify whether the administrator should be notified when F-Secure Anti-Virus for Microsoft Exchange strips an attachment. Do not notify - Do not send any notification to the administrator. Send informational alert - Send an informational alert to the administrator.
Page 43 Public Folder to the list. Click Clear remove the selected folder or Clear All to remove all entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Click Next to continue.
Page 44 Step 6. Specify Virus Scanning Settings for Public Folders 1. Choose settings for virus scanning of Public Folders. Attachments to scan Specify which message attachments are checked for viruses. Do not scan attachments for viruses - Do not scan any attachments. Scan all attachments - Scan all message attachments.
Page 45 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes. Separate the extensions by spaces. Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code.
Page 46 Drop attachment - Do not disinfect or deliver infected attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange tries to disinfect infected attachments. Quarantine infected Specify whether infected attachments should be attachments placed in the Quarantine or not.
Page 47 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Step 7. Specify Attachment Stripping Settings for Public Folders 1. Choose settings for stripping attachments. Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments.
Page 48 “Quarantine Management”, 160. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Send the Specify whether an informational message informational should be sent to the originator of the message message to the when an attachment is stripped.
Page 49 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Notify administrator Specify whether the administrator should be notified when F-Secure Anti-Virus for Microsoft Exchange strips an attachment. Do not notify - Do not send any notification to the administrator. Send informational alert - Send an informational alert to the administrator.
Page 50 Step 8. Finish The Manual Scanning Wizard displays the summary of created operation. Click Finish accept the new manual scanning operation and to exit the wizard. Creating Scheduled Operation Start the Scheduled Operation Wizard by clicking Task...in the Scheduled Processing window.
Page 51 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Step 1. Specify Scanning Task Name and Schedule 1. Enter the name for the new task and select how frequently you want the operation to be performed. Once - Only once at the specified time...
Page 52 1. Specify whether you want to process all messages or only those messages that have not been processed previously during the scheduled processing. Specify how many concurrent transactions the scanner can have with F-Secure Content Scanner Server. Click Next to continue.
Page 53 Click the checkbox in column to mark a mailbox to be removed. Click Clear to remove all currently marked entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange examines all mailboxes. Click Next...
Page 54 Step 4. Specify Virus Scanning Settings for Mailboxes 1. Choose settings for virus scanning of mailboxes during the scheduled operation. Attachments to scan Specify which message attachments are checked for viruses. Do not scan attachments for viruses - Process messages without scanning any attachments for viruses.
Page 55 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Scan all attachments except with these extensions - Scan all attachments except those with specified filename extensions. You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes.
Page 56 Drop attachment - Do not disinfect or deliver infected attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange tries to disinfect infected attachments. Quarantine infected Specify whether infected attachments should be attachments placed in the Quarantine or not.
Page 57 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Step 5. Specify Attachment Stripping Settings for Mailboxes 1. Choose settings for stripping attachments during the scheduled operation. Strip attachments Specify which attachments should be stripped from messages and public folder notes.
Page 58 “Quarantine Management”, 160. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Send the Specify whether an informational message informational should be sent to the owner of the mailbox when message to the an attachment is stripped.
Page 59 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Notify administrator Specify whether the administrator should be notified when F-Secure Anti-Virus for Microsoft Exchange strips an attachment. Do not notify - Do not send any notification to the administrator. Send informational alert - Send an informational alert to the administrator.
Page 60 Public Folder to the list. Click Clear remove the selected folder or Clear All to remove all entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Click Next to continue.
Page 61 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Step 7. Specify Virus Scanning Settings for Public Folders 1. Choose settings for virus scanning of Public Folders during the scheduled operation. Attachments to scan Specify which message attachments are checked for viruses.
Page 62 Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code. By default, F-Secure Anti-Virus for Microsoft Exchange scans message bodies. Although scanning message bodies can slow down the performance, it is recommended as a virus can be carried inside a message body.
Page 63 CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange Disinfect attachment - Try to disinfect the infected attachment. If the disinfection succeeds, the recipient receives the disinfected file instead of the original one. If the disinfection fails, the infected attachment is dropped, and it is not delivered to the recipient.
Page 64 Step 8. Specify Attachment Stripping Settings for Public Folders 1. Choose settings for stripping attachments during the scheduled operation. Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes.
Page 65: Overview
CHAPTER 3 Using F-Secure Anti-Virus for Microsoft Exchange You can add new file types on the attachments lists by typing the file extensions in the allowed and disallowed attachments text boxes. Separate the extensions by spaces. Enable File Type Trojans and other malicious code can disguise...
Page 66: Using The Web Console
Notify administrator Specify whether the administrator should be notified when F-Secure Anti-Virus for Microsoft Exchange strips an attachment. Do not notify - Do not send any notification to the administrator. Send informational alert - Send an informational alert to the administrator.
Page 67: Configuring Alert Forwarding
Alerts are also sent when a program or operation has encountered a problem. You can configure alert forwarding by editing the Alert Forwarding table in the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can access it from the Home page by clicking the Configure...
Page 68 Figure 3-3 F-Secure Management Agent Configuration > Alert Forwarding page You can specify where an alert is sent according to its severity level. You can send an alert to any of the following: Windows Event Viewer E-mail SNMP. To forward alerts to an e-mail, specify the e-mail address of the recipient.
Page 69: Viewing Alerts
Using F-Secure Anti-Virus for Microsoft Exchange Viewing Alerts When F-Secure Anti-Virus for Microsoft Exchange has encountered a problem, it sends an alert to the administrator. Alerts are also sent if security has been compromised or a program wants to notify about some specific events - the product has found a virus, there is not enough disk space to do some operation, and so on.
Page 70: Chapter 4 Administration With Web Console
DMINISTRATION WITH ONSOLE Overview..................71 F-Secure Anti-Virus for Microsoft Exchange Settings ....71 F-Secure Content Scanner Server Settings ......129 F-Secure Automatic Update Agent Settings......152 F-Secure Management Agent Settings ........157...
Page 71: Overview
F-Secure Anti-Virus for Microsoft Exchange Web Console. The Web Console is installed with F-Secure Anti-Virus for Microsoft Exchange. To open the Web Console, double-click the F-Secure Settings and Statistics icon in the Windows system tray and double-click F-Secure Anti-Virus for Microsoft Exchange, or select it from the Start menu >...
Page 72: Summary
4.2.1 Summary The Summary page displays the current status of the product and a summary of the most important product statistics. Figure 4-1 Summary page...
Page 73: Using F-Secure Policy Manager Console
CHAPTER 4 Administration with Web Console Status Status The current status of F-Secure Anti-Virus for Microsoft Exchange. F-Secure Anti-Virus for Microsoft Exchange is Started when it is Running and Stopped when it has been stopped or disabled. Version The version and the build number of installed F-Secure Anti-Virus for Microsoft Exchange.
Page 74: Virus Scanning
Virus Scanning Virus Scanning settings are used to specify how inbound and outbound messages and Public Folder notes that are sent to F-Secure Content Scanner Server are to be checked for malicious code. Figure 4-2 Virus Scanning / Statistics page...
Page 75 CHAPTER 4 Administration with Web Console Last infection found Displays the name of the last infection that was found. Processed Displays the number of processed message bodies and attachments. Infected Displays the number of attachments that have been infected with malicious code. Suspicious Displays the number of stripped messages and messages that have not been scanned reliably.
Page 76 Common Edit the Virus Scanning / Common settings to specify which messages should be scanned for malicious code. Note that you may have to scroll the page to view all the settings. Figure 4-3 Virus Scanning / Common settings...
Page 77 Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code. By default, F-Secure Anti-Virus for Microsoft Exchange scans message bodies. Although scanning message bodies can slow down the performance, it is recommended as a virus can be carried inside a message body.
Page 78 Max level of nested Set the maximum number of levels of messages messages inside messages that F-Secure Anti-Virus for Microsoft Exchange should scan. If the number of levels exceeds the specified limit, F-Secure Anti-Virus for Microsoft Exchange performs the action specified in the Action on messages with exceeding nesting levels setting.
Page 79 Administration with Web Console Drop attachment - Do not disinfect or deliver infected attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange tries to disinfect infected attachments. Action on messages Specify the action to take on e-mail messages...
Page 80 Inbound Mail Edit Virus Scanning / Inbound Mail settings to define whether the whole message should be stopped if an infection is found and to specify the trusted mailboxes and the warning messages for infected, inbound mails. These settings are specific to the mails that are destined to the internal domains defined under the General / Internal Domains branch.
Page 81 CHAPTER 4 Administration with Web Console Processing options Stop the whole Specify whether F-Secure Anti-Virus for message if infection Microsoft Exchange should stop inbound found messages that contain malicious code. When this setting is enabled, inbound messages with infected attachment(s) will be stopped completely.
Page 82 Click Edit to edit the warning message that is added to the mail message. By default, F-Secure Anti-Virus for Microsoft Exchange does not add the virus warning message. Send warning Specify whether a virus warning message message to sender should be sent to the sender of the mail message which had infected content.
Page 83 The virus warning message will be sent to the sender of the infected message only if the sender belongs to the internal domain. F-Secure Anti-Virus for Microsoft Exchange does not send the warning message outside the company...
Page 84 Outbound Mail Edit Virus Scanning / Outbound Mail real-time processing settings to define what should be done to infected outbound messages and set warning messages to infected, outbound mails. Figure 4-5 Virus Scanning / Outbound Mail settings...
Page 85 By default, F-Secure Anti-Virus for Microsoft Exchange stops the whole message. If you set F-Secure Anti-Virus for Microsoft Exchange to disinfect infected files and stop the whole message if an infection is found, messages are not stopped if they are send from a MAPI client if they can be disinfected.
Page 86 Click Edit to edit the disclaimer text. By default, F-Secure Anti-Virus for Microsoft Exchange adds a disclaimer. Public Folders Edit Public Folders real-time processing settings to define which Public Folders should be scanned for malicious code and to set warning messages to infected Public Folder notes.
Page 87 Public Folders. Scan all except excluded public folders - Process all notes posted to all Public Folders, except to the ones in the list. By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Editing Public Folders Click...
Page 88 By default, F-Secure Anti-Virus for Microsoft Exchange sends the virus warning message to the originator. Outbreak Detection F-Secure Anti-Virus for Microsoft Exchange can alert administrators when the number of infections detected within a specified time frame exceeds a specified value.
Page 89 CHAPTER 4 Administration with Web Console Figure 4-7 Virus Scanning / Outbreak Detection settings Condition Notify when number of Specify the number of infected objects that infections detected should be found within a specified time period, exceed for it to be considered as a virus outbreak. Use the value zero (0) to disable the outbreak notification.
Page 90: Stripping Attachments
4.2.3 Stripping Attachments F-Secure Anti-Virus for Microsoft Exchange can be configured to remove attachments in real-time from inbound and outbound messages by their file name or the file extension even without scanning them for malicious code. The Statistics page displays the number of attachments stripped...
Page 91 CHAPTER 4 Administration with Web Console Figure 4-8 Stripping Attachments / Statistics page Statistics Attachments stripped Displays the number of stripped attachments in inbound mail, outbound mail and public folders. On-Access Edit On-Access stripping attachments settings to set which attachments should be stripped during the on-access scanning.
Page 92 Figure 4-9 Content Blocking / On-Access / Stripping Attachments settings Strip attachments Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes.
Page 93 Quarantine attachment - All stripped attachments are placed in the Quarantine. For more information, see “Quarantine”, 111. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Add informational Specify whether an informational message message should be added to the mail message which originally had the stripped attachment.
Page 94 By default, F-Secure Anti-Virus for Microsoft Exchange does not add the informational message. Send the informational Specify whether an informational message message to sender should be sent to the sender of the mail message which had the stripped attachment. Click...
Page 95 CHAPTER 4 Administration with Web Console Inbound Mail Edit Stripping Attachments / Inbound Mail settings to specify which attachments should be stripped from the inbound mail. For settings descriptions, see below. Note that you may have to scroll the page to view all the settings. Figure 4-10 Stripping Attachments / Inbound Mail settings...
Page 96 Strip attachments Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes. Strip all attachments with these extensions - Strip all except specified attachments.
Page 97 Quarantine attachment - All stripped attachments are placed in the Quarantine. For more information, see “Quarantine”, 111. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments.
Page 98 Public Folder note. Click Edit to edit the warning message that is added to the mail message. By default, F-Secure Anti-Virus for Microsoft Exchange does not add the informational message. Send informational Specify whether an informational message message to sender should be sent to the sender of the mail message which had the stripped attachment.
Page 99 CHAPTER 4 Administration with Web Console Send security alert - Send a security alert to the administrator. By default, F-Secure Anti-Virus for Microsoft Exchange sends an informational alert to the administrator. For more information, see “Configuring Alert Forwarding”, 67. F-Secure Management Agent alert forwarding table controls where alerts with certain severity level will be sent.
Page 100: Content Filtering
The Content Filtering settings specify how content should be filtered based on keywords found in message subject and content. The Spam Control settings are also located under the Content Filtering branch, but they are displayed only if you have installed F-Secure Spam Control with the product.
Page 101 CHAPTER 4 Administration with Web Console Figure 4-12 Content Filtering / Statistics page Statistics Spam messages Displays the total number of spam messages that have been found. Size of spam Displays the total size of spam messages that messages have been found. Filtered inbound Displays the total number of inbound messages messages...
Page 102: Spam Control
Spam Control For information on F-secure Spam Control settings, see “Spam Control Settings in Web Console”, 180. Inbound Mail Edit Content Filtering / Inbound Mail settings to define how content should be filtered in the inbound mail based on keywords in message subjects...
Page 103 CHAPTER 4 Administration with Web Console Figure 4-13 Content Filtering / Inbound Mail settings Processing options Enable content filtering Specify whether the content of inbound messages is filtered based on the subjects and texts of the messages as defined on this tab. List of disallowed Lists the keywords that are not allowed in keywords in message...
Page 104 Click Edit to open a dialog box where you can add new disallowed keywords, or remove keywords from the list. Select the checkbox in the column to mark the entries that you want to remove. Click Clear to remove the selected entries from the list.
Page 105 CHAPTER 4 Administration with Web Console Editing Trusted Mailboxes List Click Specify to open a dialog box where you can add new trusted mailboxes, or remove trusted mailboxes from the list. To add new mailbox to the list, click Add. Select mailboxes from the list and click OK.
Page 106 Send warning alert - Send a warning alert to the administrator. Send security alert - Send a security alert to the administrator. F-Secure Management Agent alert forwarding table controls where alerts with certain severity level will be sent. Outbound Mail...
Page 107: Manual Scanning
CHAPTER 4 Administration with Web Console Figure 4-14 Content Filtering / Outbound Mail settings 4.2.5 Manual Scanning You can process mailboxes and public folders manually as needed.
Page 108 Figure 4-15 Manual Processing page...
Page 109 CHAPTER 4 Administration with Web Console Processing Mailboxes Manually The Status field displays the current status of the manual process. To start processing mailboxes manually, click Start. Click Stop terminate the currently running manual scan Click Configure... to set up a new manual processing task. For more information, see “Creating Manual Scanning Operation”,...
Page 110 Scheduled Scan Tasks Figure 4-16 Scheduled Processing page Editing Scheduled Tasks The Scheduled tasks table displays all scheduled tasks and the date and time when the next scheduled task occurs for the next time.
Page 111: Quarantine
4.2.6 Quarantine Quarantine in F-Secure Anti-Virus for Microsoft Exchange is handled through a SQL database. The product is able to quarantine e-mails and attachments which contain malicious or otherwise unwanted content, such as spam messages.
Page 112 Quarantine Thresholds Figure 4-17 Quarantine thresholds settings...
Page 113 CHAPTER 4 Administration with Web Console Quarantine thresholds Quarantined items Specify the critical number of items in the threshold Quarantine storage. If the specified value is reached or exceeded, the product sends an alert. If zero (0) is specified, the number of items in the Quarantine storage is not checked.
Page 114 Notify when quarantine Specify how the administrator should be threshold is reached notified when the Quarantine Size Threshold and/or Quarantined Items Threshold are reached. No alert is sent if both thresholds are set to zero (0). The options available are: Quarantine Reprocess, Retention and Cleanup When quarantined content is reprocessed, it is scanned again, and if it is found clean, it is sent to the intended recipients.
Page 115 CHAPTER 4 Administration with Web Console Figure 4-18 Quarantine cleanup settings Reprocess unsafe messages Automatically reprocess Specify how often the product tries to unsafe messages reprocess unsafe messages that are retained in the Quarantine. Set the value to Disabled to keep all unsafe to process unsafe messages manually.
Page 116 Final action on unsafe Specify the action to unsafe messages after messages the maximum number of reprocesses have been attempted. Leave in Quarantine - Leave messages in the Quarantine and process them manually. Release to Intended Recipients - Release messages from the Quarantine and send them to original recipients.
Page 117 CHAPTER 4 Administration with Web Console Infected Disallowed Suspicious Spam Scan failure Unsafe Retention period - Specify an exception to the default retention period for the selected Quarantine category. Cleanup interval - Specify an exception to the default cleanup interval for the selected Quarantine category.
Page 118: Quarantine Logging
Quarantine Logging Figure 4-19 Quarantine logging settings Logging Quarantine log Specify the path for Quarantine log files. directory Rotate quarantine Specify how often the product rotates logs Quarantine log files. At the end of each rotation time a new log file is created. Keep rotated Specify how many rotated log flies should be quarantine logs...
Page 119 CHAPTER 4 Administration with Web Console Quarantine Options Quarantine Options Quarantine worms Specify whether the product should Quarantine files infected with mass worms or mail viruses such as Sobig or Bagle. Quarantine problematic Specify if messages that contain malformed messages or broken attachments should be quarantined for later analysis or recovery.
Page 120 Quarantine Database Figure 4-20 Quarantine database settings You can specify the database where information about quarantined e-mails is stored and from which it is retrieved. Quarantine database SQL server name The name of the SQL server where the database is located. Database name The name of the Quarantine database.
Page 121: Advanced
Otherwise the setting will not be changed in the product. Make sure that F-Secure Anti-Virus for Microsoft Exchange service has write access to this directory. Adjust the access rights to the directory so that only the F-Secure Anti-Virus for Microsoft Exchange service and the local administrator can access files in the Quarantine.
Page 122 Figure 4-21 Advanced settings Mail Delivery Settings Mail opening timeout Specify the number of seconds to try to open a message. Max mail sending Specify the number of times to try to send a retries message if sending it fails. Mail sending timeout Specify the number of seconds to wait to try sending a message.
Page 123 CHAPTER 4 Administration with Web Console New mailbox polling Specify how often F-Secure Anti-Virus for interval Microsoft Exchange should check for newly established mailboxes. You can disable the new mailbox polling by using the value 0 (zero). By default, F-Secure Anti-Virus for Microsoft Exchange polls new mailboxes every 60 minutes.
Page 124 Scanning Servers Edit the Servers settings to configure the connection between F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server. Note that you may have to scroll the page to view all the settings. Figure 4-22 Advanced / Scanning Servers settings...
Page 125 Scanner Servers, it interacts with backup servers. Editing F-Secure Content Scanner Server Addresses To add new F-Secure Content Scanner Server IP addresses or host names to the list, click Add. To delete a address from the list, click on column to select addresses that you want to delete.
Page 126 Use local interaction Specify whether the product should interact with mode F-Secure Content Scanner Server in the local interaction mode. When F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server are installed on the same host and the local interaction mode is enabled, data are transferred via local temporary files and/or shared memory.
Page 127: Internal Domains
Working directory Specify the name and location of the Working directory, where temporary files are placed. During the installation, F-Secure Anti-Virus for Microsoft Exchange automatically adjusts the access rights so that only the operating system and the local administrator can access files in the Working directory.
Page 128 Figure 4-23 Internal Domains settings You can define how the mails destined for the internal domains are processed by configuring the Virus Scanning / Inbound Mail, Stripping Attachments / Inbound Mail and Content Filtering / Inbound Mail settings. Editing Internal Domain Addresses To add a new domain name to the list, click Add.
Page 129: F-Secure Content Scanner Server Settings
4.3.1 Summary You can see the current status of the F-Secure Content Scanner Server, and virus and spam scanner statistics under the Summary branch. Status You can see the statistics of all virus scans on the Status page of F-Secure Content Scanner Server.
Page 130 Server is currently running or not. Version Displays the current version number and build of F-Secure Content Scanner Server. Start time Displays the start date and time of F-Secure Content Scanner Server. Scanned files Displays how many files have been scanned since the last reset.
Page 131: Virus Statistics
F-Secure Content Scanner Server. Click Reset Statistics to reset the statistics in this window. Virus Statistics You can see the list of most active viruses on the Summary > Virus Statistics page in F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 132 Figure 4-25 Summary / Virus Statistics settings Most active viruses Most active viruses This table displays a list of the 5, 10 or 30 most table often found viruses during the specified time period. It also displays the number of times each virus has been found and the percentage that each virus represents of the total number of viruses encountered.
Page 133 Spam Scanner Statistics This page is displayed only if you have installed F-Secure Spam Control. On the Spam Control page you can see the status of F-Secure Spam Control, spam definition databases and the spam scanning statistics.
Page 134 Version Shows the version and build number of the F-Secure Spam Scanner. Status Shows the status of the F-Secure Spam Scanner. The possible statuses are: Unknown or not installed - This status might be displayed right after installation when the product statistics are not yet updated, or if the F-Secure Spam Scanner is not installed.
Page 135 Shows the version of the database currently used by the F-Secure Spam Scanner. Last database update Shows the date and time when the F-Secure Spam Scanner database was last updated. Number of processed Shows the total number of files that have been files analyzed for spam.
Page 136: Database Updates
4.3.2 Database Updates F-Secure Content Scanner Server can notify the administrator if it detects that virus and/or spam definition databases are outdated. You can change the notification and other database updates settings on the Updates page. For more information about virus definition database updates, see “Updating Virus and Spam Definition...
Page 137 Corporation and that they have not been altered or corrupted in any way before taking them to use. Notify when databases Specify what kind of an alert F-Secure Content become old Scanner Server should send to the administrator when virus definition databases are not up-to-date.
Page 138: Scan Engines
4.3.3 Scan Engines F-Secure Content Scanner Server uses multiple top quality scanning engines to ensure the highest possible detection rate and disinfection capability. You can view an overview of the engine statuses and updates on the Scan Engines page.
Page 139 CHAPTER 4 Administration with Web Console Figure 4-28 Virus Scanning page Scan engines Scan Engine Displays the name of the scan engine. Version Displays the version number of the scan engine. Database Date Displays the date of the currently used virus definition database.
Page 140 Properties You can view the detailed statistics and statuses of the scan engines on the Scan Engines > Properties page. Note that you have to scroll the page to view all the settings. Figure 4-29 Scan Engines > Properties page Scan engine Number of processed Displays the number of files the selected scan...
Page 141: Threat Detection
CHAPTER 4 Administration with Web Console Number of disinfected Displays the number of infected files the files selected scan engine has successfully disinfected. Database date Displays the date of the currently used virus definition database for the selected scan engine. Last database update Displays the last date when the virus definition database was updated.
Page 142 Figure 4-30 Scan Engines > Threat Detection page Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns. Class cache size Specify the maximum number of patterns to cache for spam detection service.
Page 143: Proxy Configuration
Pass through - The message is passed through without scanning it for spam. Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted networks Specify networks and hosts in the mail relay...
Page 144 Figure 4-31 Proxy Configuration page Proxy Configuration Use proxy server Specify whether F-Secure Content Scanner Server uses a proxy server when it connects to the threat detection center. Proxy server address Specify the address of the proxy server. Proxy server port Specify the port number of the proxy server.
Page 145 CHAPTER 4 Administration with Web Console NTLM - The proxy uses NTLM authentication scheme. User name Specify the user name for the proxy server authentication. Password Specify the password for the proxy server authentication. Domain Specify the domain name for the proxy server authentication.
Page 146: Archive Scanning
4.3.5 Archive Scanning F-Secure Content Scanner Server can scan files inside archives. You can change the archive scanning and other advanced settings in the Virus Scanning / Archive Scanning page. Figure 4-32 Archive Scanning settings page...
Page 147 Max levels in nested Set the number of levels of archives inside archives archives that F-Secure Content Scanner Server should scan. Note that nested archives can be used in denial-of-service attacks, so it is not recommended to set the maximum value very high.
Page 148 Acceptable unpacked Specify the acceptable unpacked size (in size threshold kilobytes) for archive files. If the unpacked size of an archive file exceeds this threshold, the server will consider the archive suspicious and corresponding action will be taken. Scan these extensions Specify files that are scanned inside archives.
Page 149: Advanced
CHAPTER 4 Administration with Web Console 4.3.6 Advanced You can change the Working Directory settings from the Advanced page. The Working directory specifies where temporary files are stored. Figure 4-33 Advanced settings Advanced Working directory Specify the working directory. Enter the complete path to the field or click Browse browse to the path you want to set as the new...
Page 150 F-Secure Content Scanner Server sends an alert to the administrator when the drive has less than the specified amount of space left. Max number of Specify how many files F-Secure Content concurrent Scanner Server should process simultaneously. transactions Max scan timeout Specify how long a scan task can be carried out before it is automatically cancelled.
Page 151: Interface
CHAPTER 4 Administration with Web Console 4.3.7 Interface You can specify how F-Secure Content Scanner Server should interact with F-Secure Anti-Virus Agent for Microsoft Exchange. Figure 4-34 Interface settings Service connections IP address Specify the IP address that F-Secure Content Scanner Server listens to.
Page 152: F-Secure Automatic Update Agent Settings
Server keeps an inactive connection open. F-Secure Automatic Update Agent Settings With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published. When a new virus is found, F-Secure provides a new virus definition database update.
Page 153: Summary
CHAPTER 4 Administration with Web Console 4.4.1 Summary Status Displays the current status of F-Secure Automatic Update Agent. Version Displays the version number of F-Secure Automatic Update Agent. Channel name Displays the channel from where the updates are downloaded. Channel address Displays the address of the Automatic Updates Server.
Page 154 Last check result Displays the result of the last update check. Next check time Displays the date and time for the next update check. Last successful check Displays the date and time when the last time successful update check was done. Current HTTP proxy Displays the address of the HTTP proxy that is currently used.
Page 155 CHAPTER 4 Administration with Web Console Available Packages Title Displays the title of the downloaded package. Download time Displays the download date and time. Size Displays the size of the downloaded package. Installed Packages TItle Displays the title of the downloaded package. Installation time Displays the date and time when the update was installed.
Page 156: Automatic Updates
4.4.2 Automatic Updates You can configure the Download options on the Downloads page. Updates Enable automatic Select whether automatic updates are updates enabled or disabled.
Page 157: F-Secure Management Agent Settings
User defined proxy Define the HTTP proxy address. F-Secure Management Agent Settings F-Secure Management Agent enforces the security policies set by the administrator. It handles all management functions on the local workstations and provides a common interface for all F-Secure applications.
Page 158 You can access F-Secure Management Agent settings from F-Secure Anti-Virus for Microsoft Exchange Web Console Home page by clicking Configure... button in the F-Secure Management Agent section. Note that you may have to scroll the page to view all the settings.
Page 159 CHAPTER 4 Administration with Web Console Figure 4-35 F-Secure Management Agent Configuration page Status The Status section displays detailed information on the host, for example the DNS and WINS names and the IP address. In addition, it displays the date and time when the policy file that is currently in use was issued and the date and time when the host connected to the server last time.
Page 160: Quarantine Management
UARANTINE ANAGEMENT Introduction................161 Configuring Quarantine Options..........162 Searching the Quarantined Content......... 163 Query Results Page ..............167 Viewing Details of a Quarantined Message......169 Reprocessing the Quarantined Content ........171 Releasing the Quarantined Content ......... 172 Removing the Quarantined Content......... 174 Deleting Old Quarantined Content Automatically.....
Page 161: Introduction
CHAPTER 5 Quarantine Management Introduction You can manage and search quarantined mails with the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can search for quarantined content by using different search criteria, including the quarantine ID, recipient and sender address, the time period during which the message was quarantined, and so on.
Page 162: Configuring Quarantine Options
Quarantine Storage The quarantine storage where the quarantined messages are stored is located on the server where F-Secure Anti-Virus for Microsoft Exchange is installed. If there are several F-Secure Anti-Virus for Microsoft Exchange installations in the network, they all have their own storages.
Page 163: Searching The Quarantined Content
CHAPTER 5 Quarantine Management Searching the Quarantined Content You can search the quarantined content on the F-Secure Anti-Virus for Microsoft Exchange > Quarantine page in the Web Console. Figure 5-1 Quarantine query options...
Page 164 You can use the following search criteria: Quarantine ID Enter the quarantine ID of a quarantined message. The quarantine ID is displayed in the notification sent to the user about the quarantined message. Object type Select the type of the quarantined content. Attachment - Search for quarantined attachments.
Page 165 CHAPTER 5 Quarantine Management Recipients Enter the e-mail recipient address. Subject Enter the message subject to be used as search criteria. Show only You can use this option to view the current status of messages that you have set to be reprocessed, released or deleted.
Page 166 Search period Select the time period when the data has been quarantined. Select Exact start and end dates to specify the date and time (year, month, day, hour, minute) when the data has been quarantined. Sort Results Specify how the search results are sorted by selecting one of the options in the Sort Results by: drop-down menu: based on Date, Sender, Recipients, Subject or Reason.
Page 167: Query Results Page
CHAPTER 5 Quarantine Management Query Results Page Figure 5-2 Quarantine Query Results Page The Quarantine Query Results page displays a list of mails and attachments that were found in the query. To view detailed information about a quarantined content, click the Quarantine ID (QID) number link in the QID column.
Page 168 Icon E-mail status Quarantined e-mail that the administrator has set to be reprocessed. The reprocessing operation has not been completed yet. Quarantined e-mail that the administrator has set to be deleted. The deletion operation has not been completed yet. Quarantined e-mail set to be released, which failed. Quarantined e-mail set to be reprocessed, which failed.
Page 169: Viewing Details Of A Quarantined Message
CHAPTER 5 Quarantine Management Quarantined Attachment Operations You can select an operation to perform on the attachments that were found in the query: Click Send to deliver the currently selected attachment without further processing, or click Send All to deliver all attachments that were found.
Page 170 QID - Quarantine ID. Submit date - The date and time when the item was placed in the quarantine. Processing server - The F-Secure Anti-Virus for Microsoft Exchange server that processed the message. Sender - The address of the message sender.
Page 171: Reprocessing The Quarantined Content
CHAPTER 5 Quarantine Management Click Download to download the quarantined message to your computer to check it. WARNING: In many countries, it is illegal to read other people’s messages. The Quarantined Content Details page displays the following information about the quarantined attachments: QID - Quarantine ID.
Page 172: Releasing The Quarantined Content
1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page. Select the start and end dates and times of the quarantining period from the Start time: and End Time: drop-down menus. If you want to specify how the search results are sorted, select the sorting criteria and order from the Sort results by: and order: drop-down menus.
Page 173 CHAPTER 5 Quarantine Management 1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page. Enter the Quarantine ID of the message in the Quarantine ID field. Click Query. When the query is finished, the query results page is displayed. Click Release button to release the displayed quarantined content.
Page 174: Removing The Quarantined Content
1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page in the Web Console. Select the quarantining reason, Spam, from the Reason: drop-down menu.
Page 175: Quarantine Logging
Enable the exception you just created by selecting the Enabled check box. Click Apply. 5.10 Quarantine Logging To view the Quarantine Log, open the F-Secure Anti-Virus for Microsoft Exchange tab in the Web Console, and go to the Quarantine page. Then click the Show Log File button.
Page 176: Quarantine Statistics
5.11 Quarantine Statistics The Quarantine statistics page displays the number of quarantined items in each quarantine category, and the total size of the quarantine. Figure 5-4 Quarantine > Statistics page E-mail messages and infected, suspicious and disallowed attachments are stored and counted as separate items in the quarantine storage.
Page 177: Moving The Quarantine Storage
ACL information. In the following example, the Quarantine storage is moved from C:\Program Files\F-Secure\Quarantine Manager\quarantine to D:\Quarantine: 1. Stop F-Secure Quarantine Manager service to prevent any quarantine operations while you move the location of the Quarantine storage. Run the following command from the command prompt: net stop "F-Secure Quarantine Manager"...
Page 178 Follow Share a Folder Wizard instructions to create FSMSEQS$ shared folder. Specify the new directory (in this example, D:\Quarantine) as the folder path, FSMSEQS$ as the share name and F-Secure Quarantine Storage as the description. On the Permissions page, select Administrators have full access;...
Page 179: Chapter 6 Administering F-Secure Spam Control
DMINISTERING ECURE ONTROL Overview................... 180 Spam Control Settings in Centrally Managed Environments..236 Spam Control Settings in Web Console ........180 Realtime Blackhole List Configuration........185...
Page 180: Overview
Overview When F-Secure Spam Control is enabled, incoming messages that are considered spam are marked automatically by adding an X-header with the spam flag or predefined text in the message header. The end users can then create filtering rules that direct the messages marked with the spam flag header into a junk mail folder.
Page 181 CHAPTER 6 Administering F-Secure Spam Control Figure 6-1 Spam Control settings in a locally managed environment Check messages for Specify whether inbound mails should be spam scanned for spam. Realtime Blackhole List (RBL) spam filtering is not enabled by default even if you enable spam filtering from the settings.
Page 182 When the heuristic spam analysis is disabled, only the threat detection engine scans inbound mails for spam. Heuristic spam analysis slows down the performance but improves the spam detection rate. Spam filtering level Specify the spam filtering level. Decreasing the level allows less spam to pass, but more regular mails may be falsely identified as spam.
Page 183 CHAPTER 6 Administering F-Secure Spam Control Drop message - The message is deleted. Add X-Header with Specifies if the spam flag will be added to the Spam flag mail as a X-Spam-Flag header in the following format: X-Spam-Flag: <flag> where <flag> is either "YES" or "NO".
Page 184 Example: X-Spam-Status: Yes, hits=8 required=5 tests=DATE_IN_FUTURE_03_06, DATE_SPAMWARE_Y2K,FORGED_MUA_THEBAT_BOUN, MISSING_MIMEOLE,MISSING_OUTLOOK_NAME Add this text to spam Specify the text that will be added in the message subject beginning of the subject of an e-mail considered spam. Maximum message Specify the maximum size of mail messages to size to process for be scanned for spam.
Page 185: Realtime Blackhole List Configuration
Administering F-Secure Spam Control Realtime Blackhole List Configuration This section describes how to enable and disable Realtime Blackhole Lists, how to optimize F-Secure Spam Control performance, and how to specify blocked and safe recipients and senders by using black- and whitelisting.
Page 186 F-Secure Content Scanner Server through F-Secure Anti-Virus for Microsoft Exchange Web Console. You can force F-Secure Spam Control to use a specific DNS server (not necessarily configured in Microsoft Windows networking) by adding a new system environment variable as described in the instructions below.
Page 187: Optimizing F-Secure Spam Control Performance
CHAPTER 6 Administering F-Secure Spam Control To force F-Secure Spam Control to use a specific DNS server, do the following: 1. Right-click the My Computer icon and select Properties. Select Advanced and click the Environment Variables.. button. In the System variables panel click New...
Page 188 'spam-scanner-instances' (oid=1.3.6.1.4.1.2213.18.1.35.500) has been set to 5. To take the new setting into use, restart F-Secure Content Scanner Server. IMPORTANT: Each additional instance of the Spam Scanner takes approximately 25Mb of memory (process fsavsd.exe). Typically you should not need more than 5 instances.
Page 189: Chapter 7 Updating Virus And Spam Definition Databases
PDATING IRUS AND EFINITION ATABASES Overview................... 190 Automatic Updates with F-Secure Automatic Update Agent ..190 Configuring Automatic Updates..........190 Manual Updates ............... 191...
Page 190: Overview
With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published. When a new virus is found, F-Secure provides a new virus definition database update. F-Secure Automatic Update Agent uses HTTP protocol to fetch this update. Virus and spam definition updates are digitally signed for maximum security.
Page 191: Manual Updates
Updating Virus and Spam Definition Databases Manual Updates If you do not want to use F-Secure Automatic Update Agent to automatically update your virus definition database, you can do it manually with a program called FSUPDATE or by downloading the LATEST.ZIP file.
Page 192: Appendix A Variables In Warning Messages
APPENDIX: Variables in Warning Messages List of Variables ................ 193 Outbreak Management Alert Variables........195...
Page 193: List Of Variables
[Unknown]. Variable Description $ANTI-VIRUS-SERVER The DNS/WINS name or IP address of F-Secure Anti-Virus for Microsoft Exchange. $CSS-NAME The DNS/WINS name or IP address of F-Secure Content Scanner Server. $NAME-OF-SENDER The e-mail address where the original content comes from.
Page 194 The following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $REPORT-BEGIN and $REPORT-END. Variable Description $AFFECTED-FILENAM The name of the original file or attachment. $AFFECTED-FILESIZE The size of the original file or attachment.
Page 195: Outbreak Management Alert Variables
APPENDIX A Variables in Warning Messages Outbreak Management Alert Variables $INTERVAL-TIME Detection interval in minutes. $INTERVAL-MINUTES Outbreak limit of infections within detection interval. $INFECTIONS-LIMIT Actual number of infections found within the detection interval. $INFECTIONS-FOUND Detection interval in minutes.
Page 196: Appendix B Services And Processes
APPENDIX: Services and Processes F-Secure Anti-Virus for Microsoft Exchange ......197 F-Secure Content Scanner Server ........... 198 F-Secure Anti-Virus for Microsoft Exchange Web Console..198 F-Secure Management Agent (FSMA) ........199 F-Secure Automatic Updates Agent......... 201...
Page 197: F-Secure Anti-Virus For Microsoft Exchange
APPENDIX B Services and Processes The following tables list the services and processes that are running on the system after the installation. F-Secure Anti-Virus for Microsoft Exchange Service Process Description F-Secure fshkmngr.exe The F-Secure Hook Manager Anti-Virus for is a central component of...
Page 198: F-Secure Content Scanner Server
The Database Update Handler process verifies and checks the integrity of virus definition and spam control database updates. F-Secure Anti-Virus for Microsoft Exchange Web Console Service Process Descriptions HTTP server that hosts F-Secure Web UI fswebuid.exe...
Page 199: F-Secure Management Agent (Fsma)
APPENDIX B Services and Processes F-Secure Management Agent (FSMA) Service Process Description F-Secure fsma32.exe F-Secure Management Agent Management is an FSMA service Agent responsible for starting other services and monitoring them. fsmb32.exe F-Secure Message Broker provides the inter-process communication interface for integrated services and applications.
Page 200 SMTP server. fih32.exe F-Secure Installation Handler enables the remote installation and updating of integrated F-Secure products. fsm32.exe The F-Secure Settings and Statistics User Interface. The process is not running unless the user is logged in to the system.
Page 201: F-Secure Automatic Updates Agent
F-Secure Automatic Update.exe. This is the client process that polls and automatically downloads virus and spam definition database updates from F-Secure. It also handles F-Secure Automatic Updates Agent settings and provides the local user interface for a logged-on user. FSBWSYS.exe...
Page 202 ROUBLESHOOTING Overview................... 203 Starting and Stopping............203 Viewing the Log File ..............203 Common Problems and Solutions ..........204 Frequently Asked Questions ............ 208 F-Secure Automatic Update Agent Troubleshooting ....213...
Page 203: Chapter C Troubleshooting
Support”, 218. Starting and Stopping If you ever need to start or stop F-Secure Anti-Virus for Microsoft Exchange, you can do it in the following ways: Open the Services applet from the Administrative tools folder in the Windows Control Panel and select F-Secure Anti-Virus for Microsoft Exchange.
Page 204: Common Problems And Solutions
Agent / Settings / Alerting / Alert Agents / Logfile / Maximum File Size. Common Problems and Solutions If you think that you have some problem with F-Secure Anti-Virus for Microsoft Exchange, check that both F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server are up and running.
Page 205 If your connection attempt was unsuccessful, (1) make sure that F-Secure Content Scanner Server is up and running, and (2) check the physical connection between F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server.
Page 206 I cannot open or access F-Secure Anti-Virus for Microsoft Exchange Web Console. Solution: 1. Make sure that F-Secure Web Console daemon has started and is running. Check the Services in Windows Control Panel. The following service should be started: F-Secure Web Console Daemon...
Page 207: C.4.1 Installing Service Packs
Check the Task Manager. The following process should be running: fswebuid.exe If you try to connect to the F-Secure Anti-Virus for Microsoft Exchange Web Console from a remote host, make sure that the connection is not blocked by a firewall or proxy server.
Page 208: Frequently Asked Questions
“Cannot open message” or “Cannot open message in preview pane”. What should be done? A. Check that F-Secure Content Scanner Server is up and running. If a mail cannot be scanned, access to it is not allowed. Q. Why does e-mail stay in the Outbox for a while after being sent? A.
Page 209 Server and F-Secure Anti-Virus for Microsoft Exchange components, F-Secure Content Scanner Server may shut down before F-Secure Anti-Virus for Microsoft Exchange components, which may cause them to report that they have lost the connection to F-Secure Content Scanner Server. Settings Q.
Page 210 Q. I have a Public Folder that is excluded from the virus scan, but some messages are scanned and disinfected before they arrive to the excluded Public Folder. Why? A. If you send a message from a MAPI client, the message goes to the Outbox folder before it is sent to the Public Folder.
Page 211 Q. Can all files on a Microsoft Exchange computer be scanned for viruses, or are some files and folders excluded from scanning automatically? A. The working and quarantine directories of F-Secure Anti-Virus for Microsoft Exchange are added to the OAS excluded list during the installation.
Page 212 OLE object. What is this file and why do I get a warning message when I try to open the file? A. The original message had an infection which F-Secure Anti-Virus for Microsoft Exchange removed and replaced with the Attachment_Information.txt file.
Page 213: F-Secure Automatic Update Agent Troubleshooting
Troubleshooting F-Secure Automatic Update Agent Troubleshooting The F-Secure Automatic Update Agent log file may be useful when solving problems when virus and/or spam definition databases do not update properly. Open the F-Secure Automatic Update Agent from F-Secure Settings and Statistics and click...
Page 214 Standard mode and the update directory is in a network drive. Open the Settings page in the F-Secure Automatic Update Agent window and click Change select the destination directory again.
Page 215 F-Secure Content Scanner Server does not immediately retrieve the files from there. The delay depends on the polling interval of F-Secure Management Agent, with a default interval of 10 minutes the delay can be up to 20-30 minutes. Make sure F-Secure Automatic Update Agent is installed in Stand-alone mode.
Page 216 Q. I installed the F-Secure Automatic Update Agent, but it has not downloaded any virus definition updates. What’s wrong? A. Select the Received Packages tab in the F-Secure Automatic Update Agent window and check that no virus definitions update packages are listed in there.
Page 217 If you have determined that you are connecting through an HTTP proxy server, enable the “Use HTTP proxy” checkbox on the F-Secure Automatic Update Agent window’s Settings page and type in the field the proxy server address and port number that you retrieved from your browser (i.e.
Page 218: Technical Support
Technical Support F-Secure Online Support Resources........219 Web Club.................. 220 Virus Descriptions on the Web ..........221...
Page 219: F-Secure Online Support Resources
If you have questions about F-Secure Anti-Virus for Microsoft Exchange not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly.
Page 220: Web Club
Windows Application Log. Web Club The F-Secure Web Club provides assistance and updated versions of the F-Secure products. To connect to the Web Club on our Web site, open the F-Secure Anti-Virus for Microsoft Exchange Web Console, and click the Web Club...
Page 221: Virus Descriptions On The Web
Technical Support Alternatively, right-click on the F-Secure icon in the Window taskbar, and choose the Web Club command. To connect to the Web Club directly from within your Web browser, go to: http://www.f-secure.com/anti-virus/webclub/corporate/ Virus Descriptions on the Web F-Secure Corporation maintains a comprehensive collection of virus-related information on its Web site.
Page 223 They include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999, and has been consistently growing faster than all its publicly listed competitors.

F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE Administrator's Manual

About this Guide

Chapter 1 Introduction

Requirements

Chapter 2 Requirements

Chapter 3 Using F-Secure Anti-Virus for Microsoft Exchange

Chapter 4 Administration with Web Console

Chapter 5 Quarantine Management

Chapter 6 Administering F-Secure Spam Control

Chapter 7 Updating Virus and Spam Definition Databases

Appendix A Variables in Warning Messages

Appendix B Services and Processes

Chapter C Troubleshooting

Technical Support

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE

Summary of Contents for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE

Table of Contents