Page 1 F-Secure Anti-Virus for Microsoft Exchange Administrator’s Guide...
Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Page 3: Table Of Contents
Symbols ........................10 Chapter 1 Using F-Secure Anti-Virus for Microsoft Exchange Administering F-Secure Anti-Virus for Microsoft Exchange ........13 Using Web Console ....................14 1.2.1 Logging in for the First Time................14 1.2.2 Modifying Settings and Viewing Statistics with Web Console ......16 1.2.3 Checking the Product Status .................
Page 4 2.4.7 Proxy Configuration ..................98 2.4.8 Advanced......................99 F-Secure Content Scanner Server Statistics ............100 2.5.1 Server ......................100 2.5.2 Scan Engines ....................101 2.5.3 Common .......................102 2.5.4 Spam Control....................102 2.5.5 Virus Statistics ....................103 F-Secure Management Agent Settings ..............103 F-Secure Automatic Update Agent Settings ............105...
Page 5 Moving the Quarantine Storage ................235 Chapter 5 Updating Virus and Spam Definition Databases Overview ........................238 Automatic Updates with F-Secure Automatic Update Agent........239 Configuring Automatic Updates ................239 Appendix A Variables in Warning Messages List of Variables........................ 242 Appendix B Sending E-mail Alerts And Reports B.1 Overview .........................
Page 6 C.4 Common Problems and Solutions................250 Checking F-Secure Anti-Virus for Microsoft Exchange ........... 251 Checking F-Secure Content Scanner Server ............252 Checking F-Secure Anti-Virus for Microsoft Exchange Web Console ....253 C.4.1 Installing Service Packs................253 C.4.2 Securing the Quarantine................254 C.4.3 Administration Issues ...................254 C.5 Frequently Asked Questions ..................255...
Page 7: About This Guide
BOUT UIDE How This Guide Is Organized............8 Conventions Used in F-Secure Guides ........6...
Page 8: How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is divided into the following chapters: Chapter 1. Using F-Secure Anti-Virus for Microsoft Exchange. Instructions how to use and administer F-Secure Anti-Virus for Microsoft Exchange. Chapter 2. Centrally Managed Administration. Instructions how to...
Page 9 About This Guide See the F-Secure Policy Manager Administrator's Guide for detailed information about installing and using the F-Secure Policy Manager components: F-Secure Policy Manager Console, the tool for remote  administration of F-Secure Anti-Virus for Microsoft Exchange. F-Secure Policy Manager Server, which enables communication ...
Page 10: Conventions Used In F-Secure Guides
Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
Page 11: For More Information
In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.
Page 12: Using F-Secure Anti-Virus For Microsoft Exchange
SING ECURE IRUS FOR ICROSOFT XCHANGE Administering F-Secure Anti-Virus for Microsoft Exchange..13 Using Web Console..............14 Using F-Secure Policy Manager Console........17...
Page 13: Administering F-Secure Anti-Virus For Microsoft Exchange
Using F-Secure Anti-Virus for Microsoft Exchange Administering F-Secure Anti-Virus for Microsoft Exchange F-Secure Anti-Virus for Microsoft Exchange can be used either in the stand-alone mode or in the centrally administered mode, based on your selections during the installation and the initial setup.
Page 14: Using Web Console
Using Web Console You can open F-Secure Anti-Virus for Microsoft Exchange Web Console in any of the following ways: Go to Windows Start menu > Programs > F-Secure Anti-Virus for  Microsoft Exchange > F-Secure Anti-Virus for Microsoft Exchange Web Console Enter the address of F-Secure Anti-Virus for Microsoft Exchange ...
Page 15 Using F-Secure Anti-Virus for Microsoft Exchange When you log in for the first time, your browser displays a Security Alert dialog window about the security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console. You can create a security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console before logging in, and then install the certificate during the login process.
Page 16: Modifying Settings And Viewing Statistics With Web Console
If the Security Alert window is still displayed, click to proceed or log back in to the F-Secure Anti-Virus for Microsoft Exchange Web Console. When the login page opens, log in to Web Console with your user name and the password.
Page 17: Checking The Product Status
Using F-Secure Anti-Virus for Microsoft Exchange 1.2.3 Checking the Product Status You can check the overall product status on the Home page of F-Secure Anti-Virus for Microsoft Exchange Web Console. Summary and Services tabs in the Home page displays an overview of each component status and most important statistics of the installed F-Secure Anti-Virus for Microsoft Exchange components.
Page 18 After you have modified settings and created a new policy, it must be distributed to hosts. Choose Distribute from the File menu. After distributing the policy, you have to wait for F-Secure Anti-Virus for Microsoft Exchange to poll the new policy file. Alternatively, click...
Page 19: Changing Settings That Have Been Modified During Installation Or Upgrade
The settings descriptions in this manual indicate the settings for which you need to use the Final restriction. You can also check in F-Secure Policy Manager Console whether you need to use the Final restriction for a setting. Do the following: 1.
Page 20: Centrally Managed Administration
ENTRALLY ANAGED DMINISTRATION Overview..................21 F-Secure Anti-Virus for Microsoft Exchange Settings ....21 F-Secure Anti-Virus for Microsoft Exchange Statistics ....84 F-Secure Content Scanner Server Settings ....... 90 F-Secure Content Scanner Server Statistics......100 F-Secure Management Agent Settings ........103...
Page 21: Overview
You can use the F-Secure Anti-Virus for Microsoft Exchange Web Console to manage the quarantined content and to to configure settings that are not marked as Final in the F-Secure Policy Manager Console (settings marked as Final are greyed out in Web Console).
Page 22 Network Configuration The mail direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Page 23 CHAPTER 2 Centrally Managed Administration Internal Domains Specify internal domains. Messages coming to internal domains are considered to be inbound mail unless they come from internal SMTP sender hosts. Separate each domain name with a space. You can use an asterisk (*) as a wildcard. For example, *example.com internal.example.net Internal SMTP Specify the IP addresses of hosts that belong to...
Page 24: Lists And Templates
If end-users in the organization use other than Microsoft Outlook e-mail client to send and receive e-mail, it is recommended to specify all end-user workstations as Internal SMTP Senders. If the organization has Exchange Edge and Hub servers, the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed.
Page 25 If you change the Quarantine Storage setting, select the Final checkbox in the Restriction Editor to override initial settings. During the installation, F-Secure Anti-Virus for Microsoft Exchange adjusts the access rights to the Quarantine Storage so that only the product, operating system and the local administrator can access it.
Page 26 Retain Items in Specify how long quarantined e-mails are stored Quarantine in the Quarantine before they are deleted automatically. The setting defines the default retention period for all Quarantine categories. To change the retention period for different categories, configure Quarantine Cleanup Exceptions settings.
Page 27 CHAPTER 2 Centrally Managed Administration Notify When Specify the level of the alert that is sent to Quarantine Threshold administrator when threshold levels are is Reached reached. Released Quarantine Specify the template for the message that is sent Message Template to the intented recipients when e-mail content is released from the quarantine.
Page 28 Connection Timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server. Send Timeout Specify the time (in seconds) how long the product waits for the sample submission to complete.
Page 29 Connection Timeout Specify the time interval (in seconds) how long F-Secure Anti-Virus for Microsoft Exchange should wait for a response from F-Secure Content Scanner Server before it stops attempting to send or receive data. Working directory Specify the name and location of the working directory, where temporary files are placed.
Page 30 If F-Secure Content Scanner Server uses a proxy server when it connects to the threat detection center and the proxy server requires authentication, the proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only. For more information , see “Proxy...
Page 31: Transport Protection
CHAPTER 2 Centrally Managed Administration 2.2.2 Transport Protection You can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “Network Configuration”, 22. Attachment Filtering Specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension.
Page 32 Configure the Alert Forwarding table to specify where the alert is sent based on the severity level. The Alert Forwarding table can be found  F-Secure Management Agent/Settings/Alerting.
Page 33 CHAPTER 2 Centrally Managed Administration Virus Scanning Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Disabling virus scanning disables archive processing and grayware scanning as well. Scan Messages for Enable or disable the virus scan. The virus scan Viruses scans messages for viruses and other malicious code.
Page 34 Infected files inside archives are not disinfected even when the setting is enabled. Action on Infected Specify whether to drop the infected attachment Messages or the whole message when an infected message is found. Drop Attachment - Remove the infected attachment from the message and deliver the message to the recipient without the attachment.
Page 35 “Lists and Templates”, 24. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 36 Archive Processing Specify how the product processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to use up-to-date virus protection on their workstations. Archive processing is disabled when virus scanning is disabled.
Page 37 CHAPTER 2 Centrally Managed Administration Drop the whole message - Do not deliver the message to the recipient. Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content.
Page 38 “Quarantine Management”, 219. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange blocks a malformed, password protected, or overnested archive file. If the archive is blocked because it contains malware, grayware or disallowed files, the administrator receives a notification about that instead of this notification.
Page 39: Grayware Scanning
CHAPTER 2 Centrally Managed Administration Grayware Scanning Specify how the product processes grayware items in inbound, outbound and internal messages. Note that grayware scanning increases the scanning overhead. By default, grayware scanning is enabled for inbound messages only. Grayware scanning is disabled when virus scanning is disabled. Scan Messages for Enable or disable the grayware scan.
Page 40 Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a grayware item in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 41: Content Filtering
CHAPTER 2 Centrally Managed Administration Content Filtering Specify how F-Secure Anti-Virus filters disallowed content in inbound, outbound and internal messages. Filter Disallowed Specify whether e-mail messages are scanned Content for disallowed content. Disallowed Keywords Specify the list of disallowed keywords to check in Message Subject in e-mail message subjects.
Page 42 Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a message with disallowed content. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level. The Alert Forwarding table can be found in: F-Secure Management Agent/Settings/ Alerting.
Page 43 Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam or virus outbreak. These settings are used only if F-Secure Spam Control is installed with the product. Otherwise they will be ignored. Spam Filtering Specify whether inbound mails are scanned for spam.
Page 44 If you enable the heuristic spam analysis, all messages that the threat detection engine does not classify as spam are further analyzed for spam. When the heuristic spam analysis is disabled, only the threat detection engine filters messages for spam. Heuristic spam analysis slows down the performance but improves the spam detection rate.
Page 45 CHAPTER 2 Centrally Managed Administration Add X-Header with Specify if a spam flag is added to the mail as the Spam Flag X-Spam-Flag header in the following format: X-Spam-Flag:<flag> where <flag> is YES or NO,  Add X-Header with Specify if the summary of triggered hits is added Summary to the mail as X-Spam-Status header in the following format:...
Page 46: File Type Recognition
Blocked Senders Specify blocked senders. Messages originating from the specified addresses are always treated as spam. Safe Recipients Specify safe recipients. Messages sent to the specified addresses are never treated as spam. Blocked Recipients Specify blocked recipients. Messages sent to the specified addresses are always treated as spam.
Page 47: Security Options
CHAPTER 2 Centrally Managed Administration Mail Disclaimer When the disclaimer is enabled, a disclaimer text is added to all outbound messages. You can configure Mail Disclaimer settings for outbound messages only. IMPORTANT: Some malware add disclaimers to infected messages, so disclaimers should not be used for stating that the message is clean of malware.
Page 48 Max Levels of Nested Specify how many levels deep to scan in nested Messages e-mail messages. A nested e-mail message is a message that includes one or more e-mail messages as attachments. If zero (0) is specified, the maximum nesting level is not limited.
Page 49 Messages recovery. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange detects a malformed or a suspicious e-mail message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 50: Storage Protection
2.2.3 Storage Protection Edit general Storage Protection settings to configure how mailboxes and public folders are scanned in the Exchange Store with real-time, manual and scheduled scanning. Real-Time Scanning The real-time scanning can automatically scan messages that have been created or received. General Specify which messages you want to scan during the real-time scanning.
Page 51 CHAPTER 2 Centrally Managed Administration Process All Mailboxes - Filter attachments in all mailboxes. Process Only Included Mailboxes - Filter attachments in the Included Mailboxes list. Process All Except Excluded Mailboxes - Do not filter attachments in the Excluded Mailboxes list but process all other mailboxes.
Page 52 Excluded Folders Specify public folders that are not filtered for attachements when the Process Public Folders setting is set to Process All Except Excluded Folders. List of Attachments to Specify the list of attachments that are stripped Strip from messages. For more information, see “Lists Templates”, 24.
Page 53 CHAPTER 2 Centrally Managed Administration Scan Only Included Mailboxes - Scan mailboxes specified in the Included Mailboxes list. Scan All Except Excluded Mailboxes - Scan all mailboxes except those specified in the Excluded Mailboxes list. Included Mailboxes Specify mailboxes that are scanned for viruses when the Scan Mailboxes setting is set to Scan Only Included Mailboxes.
Page 54 Excluded Folders Specify public folders that are not scanned when the Scan Public Folders setting is set to Scan All Except Excluded Folders. List of Attachments to Specify attachments that are scanned for Scan viruses. For more information, see “Lists and Templates”, 24.
Page 55 CHAPTER 2 Centrally Managed Administration Archive Processing Specify how the product processes archive files in Microsoft Exchange Storage. Archive processing is disabled when virus scanning is disabled. Scan Archives Specify if files inside archives are scanned for viruses and other malicious code. List of Files to Scan Specify files that are scanned for viruses inside Inside Archives...
Page 56 Drop Archive - Archives with exceeding nesting levels are removed. Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content. Pass through - Leave the password protected archive in the message.
Page 57 CHAPTER 2 Centrally Managed Administration Grayware Exclusion Specify the list of keywords for grayware types List that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. Quarantine Dropped Specify whether grayware attachments are Grayware quarantined.
Page 58 To manually scan mailboxes and public folders you have specified in the settings, follow these instructions: 1. Browse to the F-Secure Anti-Virus for Microsoft Exchange / Operations / Manual Scanning branch in F-Secure Policy manager Console.
Page 59 CHAPTER 2 Centrally Managed Administration Disabled - Do not scan any public folders. Scan All Folders - Scan all public folders. Scan Only Included Folders - Scan public folders specified in the Included Folders list. Scan All Except Excluded Folders - Scan all public folders except those specified in the Excluded Folders list.
Page 60 Attachment Filtering Specify attachments that are removed from messages during the manual scan. Strip Attachments Enable or disable the attachment stripping. List of Attachments to Specify which attachments are stripped from Strip messages. For more information, see “Lists and Templates”, 24. Use Exclusions Specify attachments that are not filtered.
Page 61 CHAPTER 2 Centrally Managed Administration Use Exclusions Specify attachments that are not scanned. Leave the list empty if you do not want to exclude any attachments from the scan. Heuristic Scanning Enable or disable the heuristic scan. The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 62 Archive Processing Specify how the product processes archive files during the manual scan. Scan Archives Specify if files inside archives are scanned for viruses and other malicious code. List of Files to Scan Specify files that are scanned for viruses inside Inside Archives archives.
Page 63 CHAPTER 2 Centrally Managed Administration Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content. Pass through - Leave the password protected archive in the message.
Page 64 Grayware Scanning Specify how the product processes grayware items during the manual scan. Scan Messages for Enable or disable the grayware scan. Grayware Action on Grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 65 CHAPTER 2 Centrally Managed Administration File Type Recognition Select whether you want to use Intelligent File Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 66: Scheduled Scanning
Scheduled Scanning You can schedule scan tasks to scan mailboxes and public folders periodically. The scheduled scanning table displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. To deactivate scheduled tasks in the list, clear the Active ...
Page 67 CHAPTER 2 Centrally Managed Administration Step 1. General Properties Enter the name for the new task and select how frequently you want the operation to be performed. Task name Specify the name of the scheduled operation. Do not use any special characters in the task name.
Page 68 Monthly - Every month at the specified time on the same date when the first operation is scheduled to start. Start time Enter the start time of the task in hh:mm format. Start date Enter the start date of the task in mm/dd/yyyy format Step 2.
Page 69 CHAPTER 2 Centrally Managed Administration Scan only included mailboxes - Scan all specified mailboxes. Click Remove edit mailboxes that are scanned. Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Remove to edit mailboxes that are not scanned.
Page 70 Step 3. Public Folders Choose which public folders are processed during the scheduled operation. Public folders Specify public folders that are processed during the scheduled scan. Do not scan public folders - Disable the public folder scanning. Scan all public folders - Scan all public folders. Scan only included public folders - Scan all specified public folders.
Page 71 CHAPTER 2 Centrally Managed Administration Scan all except excluded public folders - Do not scan specified public folders but scan all other. Click Remove to edit public folders that are not scanned. The format to enter the included or excluded mailbox is the name of the public folder.
Page 72 Step 4. Attachment Filtering Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Lists and Templates”, 24.
Page 73 CHAPTER 2 Centrally Managed Administration Actions Quarantine stripped Specify whether stripped attachments are attachments quarantined. Do not quarantine Specify file names and file extensions which are these attachments not quarantined even when they are stripped. For more information, see “Lists and Templates”, Notifications Replacement text...
Page 74 Step 5. Virus Scanning Choose settings for virus scanning during the scheduled operation. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code. General Options Heuristic Scanning Enable or disable the heuristic scanning. The heuristic scanning analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 75 CHAPTER 2 Centrally Managed Administration Scan these Specify attachments that are scanned for attachments viruses. For more information, see “Lists and Templates”, 24. Exclude these Specify attachments that are not scanned. attachments from Leave the list empty if you do not want to scanning exclude any attachments from the scanning.
Page 76 Step 6. Grayware Scanning Choose settings for grayware scanning during the scheduled operation. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 77 CHAPTER 2 Centrally Managed Administration Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Lists and Templates”, 24.
Page 78 Step 7. Archive Processing Choose settings for stripping attachments during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 79 CHAPTER 2 Centrally Managed Administration Detect disallowed Specify whether files inside compressed archive files inside archives files are processed for disallowed content. Disallowed content is not processed when the archive scanning is disabled. Actions Action on archives Specify the action to take on archives which with disallowed files contain disallowed files.
Page 80 Pass through - Deliver the message with the password protected archive to the recipient. Drop archive - Remove the password protected archive from the message and deliver the message to the recipient without it. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine.
Page 81 CHAPTER 2 Centrally Managed Administration Step 8. Processing Options Choose advanced processing options for all the messages processed during the scheduled operation. Processing options Incremental scanning Specify whether you want to process all messages or only those messages that have not been processed previously during the manual or scheduled processing.
Page 82 It is not recommended to set the maximum nesting level to unlimited as this will make the product more vulnerable to DoS (Denial-of-Service) attacks. File type recognition Use intelligent file Select whether you want to use Intelligent File type recognition Type Recognition or not.
Page 83 CHAPTER 2 Centrally Managed Administration Step 9. Summary The Scheduled Task Wizard displays the summary of created operation. Click Finish to accept the new scheduled operation and to exit the wizard.
Page 84: F-Secure Anti-Virus For Microsoft Exchange Statistics
Statistics To view statistics, open the Status tab from the Properties pane and open the Statistics subtree. It displays statistics for the host for each F-Secure Anti-Virus for Microsoft Exchange installation. If a policy domain is selected, the Status view displays the number of hosts in the domain and which hosts are disconnected from F-Secure Policy Manager.
Page 85: Common
Displays the last date and time when the Statistics statistics were reset. MIB Version Displays the MIB version number. Installation Directory Displays the complete path where F-Secure Anti-Virus for Microsoft Exchange is installed. Build Displays the F-Secure Anti-Virus for Microsoft Exchange build number.
Page 86: Transport Protection
2.3.2 Transport Protection You can view the inbound, outbound and internal message statistics separately. Previous Reset of Displays the date and time of the last reset of Statistics statistics. Number of Processed Displays the total number of processed Messages messages since the last reset of statistics. Number of Infected Displays the number of messages with Messages...
Page 87: Storage Protection
CHAPTER 2 Centrally Managed Administration 2.3.3 Storage Protection Common Number of Mailboxes Displays the number of currently protected user mailboxes. Number of Public Displays the number of currently protected Folders public folders. Real-time and Background Scanning Previous Reset of Displays the date and time of the last reset of Statistics statistics.
Page 88 Manual Scanning Total Number of Displays the total number of mailboxes in Mailboxes Exchange Store that the product processes during the manual scan. Number of Processed Displays the number of mailboxes that have Mailboxes been processed. Total Number of Displays the total number of Public folders in the Public Folders Exchange Store that the product processes during the manual scan.
Page 89: Quarantine
CHAPTER 2 Centrally Managed Administration Last Infection Found Displays the name of the last infection found. Last Time Infection Displays the time when the last infection was Found found. Previous Scanning Displays the date and time of the previous manual scan. 2.3.4 Quarantine The quarantine statistics display the total number of quarantined items,...
Page 90: F-Secure Content Scanner Server Settings
F-Secure Content Scanner Server Settings Use the variables under the F-Secure Content Scanner Server / Settings branch to define the settings for content providers and to change the general content scanning options. 2.4.1 Interface Specify how the server will interact with clients.
Page 91: Virus Scanning
2.4.2 Virus Scanning Specify scanning engines to be used when F-Secure Content Scanner Server scans files for viruses, and the files that should be scanned. Scan Engines Scan engines can be enabled or disabled. If...
Page 92 Max Levels in Nested If Scan Inside Archives is enabled, F-Secure Archives Content Scanner Server can scan files inside archives that may exist inside of other archives.
Page 93 CHAPTER 2 Centrally Managed Administration Acceptable Unpacked Specify the acceptable unpacked size (in Size Threshold kilobytes) for archive files. If the unpacked size of an archive file exceeds this threshold, the server will consider the archive suspicious and corresponding action will be taken.
Page 94: Virus Statistics
F-Secure World Map about viruses and other malware to the F-Secure World Map service. When the F-Secure World Map support is enabled, the product sends encrypted e-mail reports periodically to the service. These reports list only the name and the amount of...
Page 95: Database Updates
Specify whether the product should verify Downloaded Databases that the downloaded virus definition databases are the original databases published by F-Secure Corporation and that they have not been altered or corrupted in any way before taking them to use. Notify When Databases...
Page 96: Spam Filtering
You might need to modify this setting if you enable Realtime Blackhole Lists (DNSBL/ RBL) for spam filtering. For more information, consult F-Secure Anti-Virus for Microsoft Exchange Deployment Guide. You have to restart the Content Scanner Server after you change this setting and distribute the policy to take the new setting into use.
Page 97: Threat Detection Engine
CHAPTER 2 Centrally Managed Administration 2.4.6 Threat Detection Engine Configure the virus outbreak and spam threat detection. VOD Cache Size Specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns.
Page 98: Proxy Configuration
Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted Networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers and do not have open relays or open proxies.
Page 99: Advanced
Working directory are deleted. The default clean interval is 30 minutes. Free Space Threshold Specify when F-Secure Content Scanner Server should send a low disk space alert to the administrator. The default setting is 100 megabytes.
Page 100: F-Secure Content Scanner Server Statistics
F-Secure Content Scanner Server Statistics The Statistics branch in the F-Secure Content Scanner Server tree displays the version of F-Secure Content Scanner Server that is currently installed on the selected host and the location of F-Secure Content Scanner Server installation directory.
Page 101: Scan Engines
CHAPTER 2 Centrally Managed Administration Last Time Infection The date and time when the last infection Found was found. 2.5.2 Scan Engines The Scan Engines table displays the scan engine statistics and information. Name Displays the name of the scan engine. Version Displays the version number of the scan engine.
Page 102: Common
Infected Files Displays the number of infected files found by the scan engine. Disinfected Files Displays the number of files successfully disinfected by the scan engine. Database Version Displays the current version of database updates used by the scan engine. 2.5.3 Common The Common statistics branch displays the list of installed product...
Page 103: Virus Statistics
Displays the list of most active viruses. F-Secure Management Agent Settings If the F-Secure Anti-Virus for Microsoft Exchange is working in centrally administered mode, you have to make sure F-Secure Anti-Virus for Microsoft Exchange sends and receives data from F-Secure Policy Manager Server.
Page 104 F-Secure Management Agent from downloading large remote installation packages over slow network connections. F-Secure Management Agent measures the speed of the network link to F-Secure Policy Manager Server and stops the download if the minimum speed specified by this setting is not met.
Page 105: F-Secure Automatic Update Agent Settings
CHAPTER 2 Centrally Managed Administration F-Secure Automatic Update Agent Settings Using F-Secure Automatic Update Agent is the most convenient way to keep the databases updated. It connects to F-Secure Policy Manager Server or the F-Secure Update Server automatically. In order to update the spam definition databases F-Secure Automatic Update Agent must be installed on the same computer as F-Secure Spam Control.
Page 106 PM Proxies Specify F-Secure Policy Manager Proxies that you want to use as sources for automatic updates. If no F-Secure Policy Manager Proxies are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically. Intermediate server...
Page 107: Chapter 3 Administration With Web Console
DMINISTRATION WITH ONSOLE Overview................... 108 Home..................109 Transport Protection ..............113 Storage Protection..............139 Spam Control................133 Quarantine................178 Automatic Updates ..............188 Engines..................207 General Server Properties............195...
Page 108: Overview
Call the Get-TransportAgent command from the command line in Shell. If F-Secure Transport Agent is not listed as a transport agent, you need to install it manually: a. Enter cmd in the Start menu > Run to open the command prompt.
Page 109: Home
CHAPTER 3 Administration with Web Console Home The Web Console displays Getting Started page when you log in for the first time. You can check and configure the following information in the Getting Started page to complete the installation: Internal domains and senders ...
Page 110 Error; the license has expired, the feature is not installed, all antivirus engines are disabled or a component is not loaded, F-Secure Content Scanner Server is not up and running or virus and spam definition databases are really old. Scan Tasks...
Page 111 CHAPTER 3 Administration with Web Console Services Under the Services tab, you can start, stop and restart F-Secure Anti-Virus for Microsoft Exchange, F-Secure Content Scanner Server and F-Secure Automatic Update Agent.
Page 112 The product can collect and send statistics about viruses and other malware to the F-Secure World Map service. If you enable F-Secure World Map support, make sure that the server can relay messages properly. For more information, see “Sending E-mail Alerts And Reports”, 244.
Page 113: Transport Protection
CHAPTER 3 Administration with Web Console Transport Protection You can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “Network Configuration”, 202. After you apply new transport protection settings, it can take up to 20 seconds for the new settings to take effect.
Page 114 The Status page displays a summary of the processed inbound, outbound and internal mail messages: Processed messages Displays the total number of processed messages since the last reset of statistics. Infected messages Displays the number of messages with attachments that are infected and cannot be automatically disinfected.
Page 115: Attachment Filtering
CHAPTER 3 Administration with Web Console 3.3.1 Attachment Filtering Specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension. Strip Attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments...
Page 116 Actions Action on disallowed Specify how disallowed attachments are attachments handled. Drop Attachment - Remove the attachment from the message and deliver the message to the recipient without the disallowed attachment. Drop the Whole Message - Do not deliver the message to the recipient at all.
Page 117: Virus Scanning
CHAPTER 3 Administration with Web Console Do not notify on these Specify attachments that do not generate attachments notifications. When the product finds specified file or file extension, no notification is sent. Send alert to Specify whether the administrator is notified administrator when the product strips an attachment.
Page 118 Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Disabling virus scanning disables grayware scanning and archive processing as well. Scan e-mail Enable or disable the virus scan. The virus scan messages for viruses scans messages for viruses and other malicious code.
Page 119 CHAPTER 3 Administration with Web Console Targets Scan these Specify attachments that are scanned for attachments viruses. For more information, see “Match Lists”, 217. Exclude these Specify attachments that are not scanned. attachments Leave the list empty if you do not want to exclude any attachments from the scanning.
Page 120 Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 121: Grayware Scanning
CHAPTER 3 Administration with Web Console 3.3.3 Grayware Scanning Specify how the product processes grayware items in inbound, outbound and internal messages. Note that grayware scanning increases the scanning overhead. By default, grayware scanning is enabled for inbound messages only. Grayware scanning is disabled when virus scanning is disabled.
Page 122 Pass through - Leave grayware items in the message. Drop attachment - Remove grayware items from the message. Drop the whole message - Do not deliver the message to the recipient. Grayware exclusion Specify the list of keywords for grayware types list that are not scanned.
Page 123 Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a grayware item in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 124: Archive Processing
3.3.4 Archive Processing Specify how F-Secure Anti-Virus processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to use up-to-date virus protection on their workstations.
Page 125 CHAPTER 3 Administration with Web Console Exclude these files Specify files that are not scanned inside archives. Leave the list empty if you do not want to exclude any files from the scanning. Limit max levels of Specify how many levels of archives inside other nested archives archives the product scans when Scan Viruses Inside Archives is enabled.
Page 126 Notifications Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange blocks a suspicious overnested or password protected archive file. If the archive is blocked because it contains malware, grayware or disallowed files, the administrator receives a notification about that instead of this notification.
Page 127: Content Filtering
CHAPTER 3 Administration with Web Console 3.3.5 Content Filtering Specify how F-Secure Anti-Virus filters disallowed content in inbound, outbound and internal messages. Filter out e-mail Specify whether e-mail messages are scanned messages with for disallowed content. disallowed/ undesirable content Targets...
Page 128 Templates”, 218. Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a message with disallowed content. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 129 CHAPTER 3 Administration with Web Console Using Keywords in Content Filtering When the content filtering is enabled, all messages are checked against every keyword sequence that is specified in the selected list of keywords. A keyword may contain any characters, including punctuation symbols, spaces, and other word separators.
Page 130: Other Options
3.3.6 Other Options Configure other options to limit actions on malformed and problematic messages. File Type Recognition Intelligent file type Select whether you want to use Intelligent File recognition Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use.
Page 131 CHAPTER 3 Administration with Web Console Using Intelligent File Type Recognition strengthens the security, but can degrade the system performance. Trusted senders and recipients List of trusted Specify senders who are excluded from the mail senders scanning and processing. List of trusted Specify recipients who are excluded from the recipients mail scanning and processing.
Page 132 Actions Action on mails with Specify the action to take on messages with exceeding nesting nesting levels exceeding the upper level levels specified in the Max Levels of Nested Messages setting. Drop the Whole Message - Messages with exceeding nesting levels are not delivered to the recipient.
Page 133: Spam Control
For more information, see “Alerting”, 198. Spam Control The threat detection engine of F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam of virus outbreak.
Page 134: Status
3.4.1 Status The Status page displays the statistics of the spam scanner: Spam scanner Displays the version number of the installed version spam scanner. Number of processed Displays the total number of processed messages messages since the last reset of statistics. Last updated Displays the date and time when the latest spam definition update was retrieved.
Page 135: Settings
Settings Specify how F-Secure Anti-Virus for Microsoft Exchange processes inbound spam messages. These settings are used only if F-Secure Spam Control is installed with the product, otherwise these settings are not available. Check inbound e-mail Specify whether inbound mails are scanned for messages for spam spam.
Page 136 Options Heuristic spam Specify whether heuristic spam analysis is used analysis to filter inbound mails for spam. If you enable the heuristic spam analysis, all messages that the threat detection engine does not classify as spam are further analyzed for spam.
Page 137 CHAPTER 3 Administration with Web Console Forward spam messages to e-mail address - Specify the e-mail address where messages considered as spam are forwarded when the Action on Spam Messages setting is set to Forward. Spam confidence Click Add new action to add a new action for level messages with the spam level above the...
Page 138 where <flag> is Yes or No,  <scr> is the spam confidence rating  returned by the spam scanner, <sfl> is the current spam filtering level,  <tests> is the comma-separated list of  tests run against the mail. Modify spam Specify if the product modifies the subject of message subject mail messages considered as spam.
Page 139: Storage Protection
CHAPTER 3 Administration with Web Console Storage Protection Configure Storage Protection settings to specify how e-mail messages and attachments in selected mailboxes and public folders should be scanned. Status The Status page displays a summary of the protected mailboxes and public folders and infections found.
Page 140: Real-Time Scanning
Stripped Attachments Displays the number of attachments filtered based of their file name or the file extension. Infected items Displays the number of items that are infected and cannot be automatically disinfected. Grayware items Displays the number of grayware items, including spyware, adware, dialers, joke programs, remote access tools and other unwanted applications.
Page 141 CHAPTER 3 Administration with Web Console General Real-time scanning scans messages in mailboxes and public folders for viruses. Scanning Scan only messages Specify which messages are scanned with the created within real-time scanning, for example; Last hour, Last day, Last week. Messages that have been created before the specified time are not scanned.
Page 142 File Type Recognition Intelligent file type Select whether you want to use Intelligent File recognition Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 143 CHAPTER 3 Administration with Web Console Attachment Filtering Attachment filtering can remove attachments from messages in the Microsoft Exchange Storage based on the file name or the file extension of the attachment. Targets Process Mailboxes Specify mailboxes that are filtered for attachments.
Page 144 Process only included mailboxes - Filter attachments in specified mailboxes only. Click Edit to add or remove mailboxes that are processed. Process all except excluded mailboxes - Do not filter attachments in specified mailboxes but process all other mailboxes. Click Edit to add or remove mailboxes that should not be processed.
Page 145 CHAPTER 3 Administration with Web Console Actions Quarantine stripped Specify whether stripped attachments are attachments quarantined. Do not quarantine Specify attachments which are not quarantined these attachments even when they are stripped. For more information, see “Match Lists”, 217. Notifications Replacement text Specify the template for the text that replaces template...
Page 146 Virus Scanning Specify messages and attachments in the Microsoft Exchange Storage that should be scanned for malicious code. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Disable the mailbox scanning. Scan all mailboxes - Scan all mailboxes. Scan only included mailboxes - Scan all specified mailboxes.
Page 147 CHAPTER 3 Administration with Web Console Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Edit to add or remove mailboxes that should not be scanned. Scan public folders Specify public folders that are scanned for viruses.
Page 148 Disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled. Quarantine infected Specify whether infected attachments are attachments quarantined. Do not quarantine Specify virus and malware infections that are these infections never placed in the quarantine.
Page 149 CHAPTER 3 Administration with Web Console Grayware Scanning Specify how the product processes grayware items during real-time scanning. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware.
Page 150 Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Match Lists”, 217. Quarantine dropped Specify whether grayware attachments are grayware quarantined when dropped.
Page 151 CHAPTER 3 Administration with Web Console Archive Processing Specify how F-Secure Anti-Virus processes archive files in Microsoft Exchange Storage. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan...
Page 152 A nested archive is an archive that contains another archive inside. If zero (0) is specified, the maximum nesting level is not limited. Specify the number of levels the product goes through before the action selected in Limit max Levels of Nested Archives takes place. The default setting is 3.
Page 153: Manual Scanning
CHAPTER 3 Administration with Web Console 3.5.2 Manual Scanning You can scan mailboxes and public folders for viruses and strip attachments manually at any time. Statistics The Statistics page displays a summary of the messages processed during the latest manual scan: Status Displays whether the manual scan is running or stopped.
Page 154 Estimated time left Displays the time left when the manual scan is running. Elapsed time Displays how long it has been since the manual scan started. Processed items Displays the number of items processed during the scan. Infected items Displays the number of infected items found. Grayware items Displays the number of grayware items found, including spyware, adware, dialers, joke...
Page 155 CHAPTER 3 Administration with Web Console General Specify which messages you want to scan during the manual scan. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Do not scan any mailboxes during the manual scan. Scan all mailboxes - Scan all mailboxes.
Page 156 Scan public folders Specify public folders that are scanned for viruses. Do not scan public folders - Do not scan any public folders during the manual scan. Scan all folders - Scan all public folders. Scan only included public folders - Scan all specified public folders.
Page 157 CHAPTER 3 Administration with Web Console Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 158 Attachment Filtering Specify attachments that are remove from messages during the manual scan. Strip attachments Enable or disable the attachment stripping. Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Match Lists”, 217. Exclude these Specify attachments that are not filtered.
Page 159 CHAPTER 3 Administration with Web Console Do not quarantine Specify files which are not quarantined even these attachments when they are stripped. For more information, “Match Lists”, 217. Notifications Replacement Text Specify the template for the text that replaces Template the infected attachment when the stripped attachment is removed from the message.
Page 160 Virus Scanning Specify messages and attachments that should be scanned for malicious code during the manual scan. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code. Disabling virus scanning disables grayware scanning and archive processing as well.
Page 161 CHAPTER 3 Administration with Web Console The heuristic scan may affect the product performance and increase the risk of false malware alarms. Targets Scan these Specify attachments that are scanned for attachments viruses. For more information, see “Match Lists”, 217. Exclude these Specify attachments that are not scanned.
Page 162 Grayware Scanning Specify how the product processes grayware items during the manual scan. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only - Leave grayware items in the message and notify the administrator.
Page 163 CHAPTER 3 Administration with Web Console Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Match Lists”, 217.
Page 164 Archive Processing Specify how the product processes archive files during the manual scan. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 165 CHAPTER 3 Administration with Web Console Detect disallowed Specify whether files inside compressed archive files inside archives files are processed for disallowed content. If you want to detect disallowed content, specify files that are not allowed. For more information, “Match Lists”, 217.
Page 166: Scheduled Scanning
Pass through - Deliver the message with the archive to the recipient. Drop archive - Remove the password protected archive from the message. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine. For more information, see “Match Lists”, 217.
Page 167 CHAPTER 3 Administration with Web Console Creating Scheduled Task Click Add new task in the Scheduled Scanning page to start the Scheduled Operation Wizard. Step 1. Specify Scanning Task Name and Schedule Enter the name for the new task and select how frequently you want the operation to be performed.
Page 168 Once - Only once at the specified time. Daily - Every day at the specified time, starting from the specified date. Weekly - Every week at the specified time on the same day when the first operation is scheduled to start. Monthly - Every month at the specified time on the same date when the first operation is scheduled to start.
Page 169 CHAPTER 3 Administration with Web Console Scan only included public folders - Scan all specified public folders. Click Edit to add or remove public folders that should be scanned. Scan all except excluded public folders - Do not scan specified public folders but scan all other. Click Edit to add or remove public folders that...
Page 170 Using Intelligent File Type Recognition strengthens the security, but can degrade the system performance. Limit max levels of Specify how many levels deep to scan in nested nested messages e-mail messages. A nested e-mail message is a message that includes one or more e-mail messages as attachments.
Page 171 CHAPTER 3 Administration with Web Console Step 2. Specify Attachment Filtering Options Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages.
Page 172 Do not quarantine Specify files which are not quarantined even these attachments when they are stripped. For more information, “Match Lists”, 217. Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the stripped attachment is removed from the message.
Page 173 CHAPTER 3 Administration with Web Console Choose how mailboxes and public folders are scanned for viruses during the scheduled operation. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code.
Page 174 Quarantine infected Specify whether infected or suspicious messages messages are quarantined. Do not quarantine Specify infections that are never placed in the these infections quarantine. For more information, see “Match Lists”, 217. Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the infected attachment is removed from the message.
Page 175 CHAPTER 3 Administration with Web Console Choose settings for grayware scanning during the scheduled operation. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 176 Step 5. Specify Archive Processing Options Choose settings for archive processing during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 177 CHAPTER 3 Administration with Web Console Actions Action on archives Specify the action to take on archives which with disallowed files contain disallowed files. Pass through - Deliver the message with the archive to the recipient. Drop archive - Remove the archive from the message and deliver the message to the recipient without it.
Page 178: Quarantine
Quarantine Quarantine in F-Secure Anti-Virus for Microsoft Exchange is handled through a SQL database. The product is able to quarantine e-mails and attachments which contain malicious or otherwise unwanted content, such as spam messages.
Page 179 CHAPTER 3 Administration with Web Console Status The Quarantine Status page displays a summary of the quarantined messages and attachments: Infected Displays the number of messages and attachments that are infected. Disallowed Displays the number of messages that attachments contained attachments with disallowed files. Grayware Displays the number of messages that have grayware items, including spyware, adware,...
Page 180: Query
3.6.1 Query You can use the Quarantine Query page to search for the quarantined content. For more information, see “Searching the Quarantined Content”, 222. 3.6.2 Options You can configure the quarantine storage location and threshold, how quarantined files are processed and quarantine logging options.
Page 181 CHAPTER 3 Administration with Web Console General Quarantine Options When F-Secure Anti-Virus places content to the Quarantine, it saves the content as separate files into the Quarantine Storage and inserts an entry to the Quarantine Database with information about the quarantined...
Page 182 Quarantine storage directory, see “Moving the Quarantine Storage”, 235. Make sure that F-Secure Anti-Virus for Microsoft Exchange service has write access to this directory. Adjust the access rights to the directory so that only the F-Secure Anti-Virus for Microsoft Exchange service and the local administrator can access files in the Quarantine.
Page 183 CHAPTER 3 Administration with Web Console Notify when quarantine Specify how the administrator should be threshold is reached notified when the Quarantine Size Threshold and/or Quarantined Items Threshold are reached. No alert is sent if both thresholds are set to zero (0). Message template Released quarantine Specify the template for the message that is...
Page 184 When removing quarantined messages from the quarantine, the product uses the currently configured quarantine retention and cleanup settings. Reprocess unsafe messages Automatically reprocess Specify how often the product tries to unsafe messages reprocess unsafe messages that are retained in the Quarantine. Set the value to Disabled to process unsafe messages manually.
Page 185 CHAPTER 3 Administration with Web Console Exceptions Specify separate quarantine retention period and cleanup interval for any Quarantine category. If retention period and cleanup interval for a category are not defined in this table, then the default ones (specified above) are used. Active -Enable or disable the selected entry in the table.
Page 186 Quarantine Database You can specify the database where information about quarantined e-mails is stored and from which it is retrieved. Quarantine database SQL server name The name of the SQL server where the database is located. Database name The name of the quarantine database. The default name is FSMSE_Quarantine.
Page 187 CHAPTER 3 Administration with Web Console Quarantine Logging Specify where F-Secure Anti-Virus stores Quarantine log files. Logging directory Quarantine log Specify the path for Quarantine log files. directory Logging options Rotate quarantine Specify how often the product rotates logs Quarantine log files. At the end of each rotation time a new log file is created.
Page 188: Automatic Updates
Automatic Updates With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published to F-Secure Update Server. Tasks Click Check for updates now to check that the product is using the latest database updates. If the virus and spam databases are not up-to-date, updates are downloaded automatically.
Page 189 CHAPTER 3 Administration with Web Console Status The Status page displays information on the latest update. Channel name Displays the channel from where the updates are downloaded. Channel address Displays the address of the Automatic Updates Server. Latest installed Displays the version and name of the latest update installed update.
Page 190: Communications
Last successful check Displays the date and time when the last time successful update check was done. Downloads The Downloads page displays information about downloaded and installed update packages. 3.7.1 Communications Specify how the product connects to F-Secure Update Server.
Page 191 CHAPTER 3 Administration with Web Console Automatic Updates General Settings Edit General settings to select whether you want to use automatic updates and how often the product checks for new updates.
Page 192 User defined proxy field. Update Server Allow fetching Specify whether the product should connect to updates from F-Secure Update Server when it cannot connect F-Secure Update to any user-specified update server. To edit the Server list of update sources, see “Policy Manager...
Page 193: Policy Manager Proxies
CHAPTER 3 Administration with Web Console Policy Manager Proxies Edit the list of virus definition database update sources and F-Secure Policy Manager proxies. If no update servers are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically.
Page 194 The product connects to the source with the smallest priority number first (1). If the connection to that source fails, it tries to connect to the source with the next smallest number (2) until the connection succeeds. Click to add the new update source to the list.
Page 195: General Server Properties
 DNS names  IP addresses  Unique ID  In the centralized management mode, the page displays the following details of the F-Secure Policy Manager: Management server  Last connection  Policy file counter  Policy file timestamp ...
Page 196: Administration
Click F-Secure support tool to run the F-Secure Support Tool utility to gather a report for F-Secure Technical Support. For more information, see “F-Secure Support Tool”, 109. 3.8.1 Administration Configure Administration settings to change the management mode, ...
Page 197: Management Mode
Administration with Web Console Management Mode Communication method If you use F-Secure Policy Manager Server, specify the URL of F-Secure Policy Manager Server. Do not add a slash at the end of the URL. For example: “http://fsms.example.com”. Select Stand-alone if you use F-Secure Anti-Virus for Exchange Web Console to administer the product.
Page 198 Alerting You can specify where an alert is sent according to its severity level. You can send the alert to any of the following: F-Secure Policy Manager  Windows Event Log  If you choose to forward alerts to e-mail, specify the SMTP server address, alert message subject line and the return address of the alert e-mail.
Page 199 Administration with Web Console Click Apply. Informational and warning-level alerts are not sent to F-Secure Policy Manager Console by default. If you want to use centralized administration mode, it is recommended to have all alerts sent to F-Secure Policy Manager Console.
Page 200: Web Console
Web Console Change Web Console settings to configure how you connect to F-Secure Anti-Virus for Microsoft Exchange Web Console. General Limit session timeout Specify the length of time a client can be connected to the server. When the session expires, the F-Secure Anti-Virus for Microsoft Exchange Web Console terminates the session and displays a warning.
Page 201 Specify the port where the server listens for connections. The default port is 25023. Allowed hosts Specify a list of hosts which are allowed to connect to F-Secure Anti-Virus for Microsoft Exchange Web Console. To add a new host in the list, click Add new hosts and enter the IP address of the host.
Page 202: Network Configuration
3.8.2 Network Configuration The mail direction is based on the Internal domains and Internal SMTP senders settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Page 203 CHAPTER 3 Administration with Web Console On Microsoft Exchange Server 2003, internal messages which are submitted via MAPI or Pickup Folder are not delivered via transport level. Therefore, those messages do not pass Transport Protection and they are checked on the storage level only. To scan or filter messages from internal hosts on Microsoft Exchange Server 2003, use corresponding real-time scanning settings in the storage protection section.
Page 204: Notifications
If end-users in the organization use other than Microsoft Outlook e-mail client to send and receive e-mail, it is recommended to specify all end-user workstations as Internal SMTP Senders. If the organization has Exchange Edge and Hub servers, the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed.
Page 205: Sample Submission
CHAPTER 3 Administration with Web Console Specify Notification Sender Address that is used by F-Secure Anti-Virus for Microsoft Exchange for sending warning and informational messages to the end-users (for example, recipients, senders and mailbox owners). Make sure that the notification sender address is a valid SMTP address.
Page 206 Connection timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server. Send timeout Specify the time (in seconds) how long the product waits for the sample submission to complete.
Page 207: Engines
CHAPTER 3 Administration with Web Console 3.8.5 Engines The Engines Status page displays server statistics and the current status of scanning engines. Server Statistics Number of scanned The number of files that have been scanned. files Last virus database The last date and time when the virus definition update database was updated.
Page 208 Scan Engines The Scan Engines list displays scan engines and the database update statistics. If you want to disable the scan for certain files with a specified scan engine, click Properties and enter the file extensions you want to exclude from the scan.
Page 209 Notify when Specify when virus definition databases are databases are older outdated. If databases are older than the than specified amount of days, F-Secure Content Scanner Server sends an alert to the administrator. Notify when Specify the alert F-Secure Content Scanner...
Page 210: Proxy Server
F-Secure Corporation and that they have not been altered or corrupted in any way before taking them to use. Proxy Server F-Secure Content Scanner Server can use a proxy server to connect to the threat detection center.
Page 211 Specify the user name for the proxy server authentication. Password Specify the password for the proxy server authentication. Domain Specify the domain name for the proxy server authentication. The proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only.
Page 212: Threat Detection
Threat Detection F-Secure Anti-Virus can identify spam and virus outbreak patterns from messages. Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns.
Page 213 Pass through - The message is passed through without scanning it for spam. Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted networks Specify networks and hosts in the mail relay...
Page 214 Advanced Configure Advanced options to set the working directory and optimize the product performance. Working directory Working directory Specify the working directory. Enter the complete path to the field or click Browse browse to the path you want to set as the new working directory.
Page 215 If the option is set to zero (0), all data transfers via shared memory are disabled. The setting is ignored if the local interaction mode is disabled. Maximum number of Specify how many files F-Secure Content concurrent Scanner Server should process simultaneously. transactions Maximum scan...
Page 216: Lists And Templates
Number of spam Specify the number of Spam Scanner instances scanner instances to be created and used for spam analysis. As one instance of the spam scanner is capable of processing one mail message at a time, this setting defines how many messages undergo the spam analysis simultaneously.
Page 217 CHAPTER 3 Administration with Web Console Match Lists Click the name of an existing match list to edit the list or Add new list create a new match list. List name Select the match list you want to edit. If you are creating a new match list, specify the name for the new match list.
Page 218 Message Templates Click the name of an existing template to edit it or Add new item to create a new template. Name Select the template you want to edit. If you are creating a new template, specify the name for the new template.
Page 219: Chapter 4 Quarantine Management
UARANTINE ANAGEMENT Introduction................220 Configuring Quarantine Options..........222 Quarantine Status..............222 Searching the Quarantined Content......... 222 Query Results Page ..............227 Quarantine Operations ............. 229 Moving the Quarantine Storage..........235...
Page 220: Introduction
Introduction You can manage and search quarantined mails with the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can search for quarantined content by using different search criteria, including the quarantine ID, recipient and sender address, the time period during which the message was quarantined, and so on.
Page 221: Quarantine Reasons
CHAPTER 4 Quarantine Management Microsoft SQL Server 2005 Express Edition is distributed with the product and can be installed during F-Secure Anti-Virus for Microsoft Exchange setup. We do not recommend using MSDE or Microsoft SQL Server 2005/ 2008 Express Edition if you plan to use centralized quarantine management or if your organization sends and receives a large amount of e-mails.
Page 222: Configuring Quarantine Options
Configuring Quarantine Options In stand-alone installations, all the quarantine settings can be configured on the Quarantine page in F-Secure Anti-Virus for Microsoft Exchange Web Console. For more information on the settings, see “Quarantine”, 178. Quarantine Status The Quarantine status page displays the number of quarantined items in each quarantine category, and the total size of the quarantine.
Page 223 CHAPTER 4 Quarantine Management You can use any of the following search criteria. Leave all fields empty to see all quarantined content. Quarantine ID Enter the quarantine ID of the quarantined message. The quarantine ID is displayed in the notification sent to the user about the quarantined message and in the alert message.
Page 224 Reason Select the quarantining reason from the drop-down menu. For more information, see “Quarantine Reasons”, 221. Reason details Specify details about the scanning or processing results that caused the message to be quarantined. For example: The message is infected - specify the name of the infection that was found in an infected message.
Page 225 CHAPTER 4 Quarantine Management Show only You can use this option to view the current status of messages that you have set to be reprocessed, released or deleted. Because processing a large number of e-mails may take time, you can use this option to monitor how the operation is progressing.
Page 226: Using Wildcards
Click Query to start the search. The Quarantine Query Results page is displayed once the query is completed. If you want to clear all the fields on the Query page, click Reset. Using Wildcards You can use the following SQL wildcards in the quarantine queries: Wildcard Explanation Any string of zero or more characters.
Page 227: Query Results Page
Quarantined e-mail that the administrator has set to be reprocessed. The reprocessing operation has not been completed yet. Quarantined e-mail that the administrator has set to be deleted. The deletion operation has not been completed yet. Quarantined e-mail that the administrator has submitted to F-Secure for analysis.
Page 228: Viewing Details Of The Quarantined Message
Icon E-mail status Quarantined e-mail set to be released, which failed. Quarantined e-mail set to be reprocessed, which failed. Quarantined e-mail set to be submitted to F-Secure, which failed. For information how to process quarantined content, see “Quarantine Operations”, 229.
Page 229: Quarantine Operations
CHAPTER 4 Quarantine Management Location The location of the mailbox or public folder where the quarantined attachment was found. Quarantined attachments only. Subject The message subject Message size The size of the quarantined message. Quarantined messages only. Attachment name The name of the attachment. Quarantined attachments only.
Page 230 Quarantined Content”, 233. Click Send to F-Secure to submit a sample of quarantined  content to F-Secure for analysis. Quarantined Attachment Operations You can select an operation to perform on the attachments that were found in the query: Click Send to deliver the currently selected attachment, or click ...
Page 231: Reprocessing The Quarantined Content
This is done as follows: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 232: Releasing The Quarantined Content
Quarantine. If you need to release a quarantined message, follow these instructions: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console. Enter the Quarantine ID of the message in the Quarantine ID field.
Page 233: Removing The Quarantined Content
If you want to remove a large amount of quarantined messages at once, for example all the messages that have been categorized as spam, do the following: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console. Select the quarantining reason, Spam, from the Reason drop-down listbox.
Page 234: Deleting Old Quarantined Content Automatically
4.6.4 Deleting Old Quarantined Content Automatically Quarantined content is deleted automatically based on the Quarantine Retention and Cleanup settings in the Maintenance tab on the Quarantine > Options page. By default all types of quarantined content are stored in quarantine for one month, and quarantine clean-up task is executed once an hour.
Page 235: Moving The Quarantine Storage
Moving the Quarantine Storage When you want to change the Quarantine storage location either using the F-Secure Policy Manager Console or F-Secure Anti-Virus for Microsoft Exchange Web Console, note that the product does not create the new directory automatically. Before you change the Quarantine storage directory, make sure that the directory exists and it has proper security permissions.
Page 236 Follow Share a Folder Wizard instructions to create FSMSEQS$ shared folder. Specify the new directory (in this example, D:\Quarantine) as the folder path, FSMSEQS$ as the share name and F-Secure Quarantine Storage as the description. On the Permissions page, select Administrators have full access;...
Page 237: Chapter 5 Updating Virus And Spam Definition Databases
PDATING IRUS AND EFINITION ATABASES Overview................... 238 Automatic Updates with F-Secure Automatic Update Agent ..239 Configuring Automatic Updates..........239...
Page 238: Overview
Overview It is of the utmost importance that virus definition databases are kept up-to-date. F-Secure Anti-Virus for Microsoft Exchange takes care of this task automatically. Information about the latest virus database update can be found at: http://www.f-secure.com/download-purchase/updates.shtml...
Page 239: Automatic Updates With F-Secure Automatic Update Agent
F-Secure's antivirus and security products. F-Secure Automatic Update Agent shall be used only for receiving updates and related information on F-Secure's antivirus and security products. F-Secure Automatic Update Agent may not be used for any other purpose or service. Configuring Automatic Updates F-Secure Automatic Update Agent user interface provides information about downloaded virus and spam definition updates.
Page 240 If necessary, reconfigure the firewall and other devices that may block the database downloads. In common deployment scenarios, make sure that the following ports are open: DNS (53, UDP and TCP)  HTTP (80)  Port used to connect to F-Secure Policy Manager Server ...
Page 241: Appendix A Variables In Warning Messages
APPENDIX: Variables in Warning Messages List of Variables ................ 242...
Page 242: List Of Variables
[Unknown]. Variable Description $ANTI-VIRUS-SERVER The DNS/WINS name or IP address of F-Secure Anti-Virus for Microsoft Exchange. $NAME-OF-SENDER The e-mail address where the original content comes from. $NAME-OF-RECIPIENT The e-mail addresses where the original content is sent.
Page 243 APPENDIX A Variables in Warning Messages The following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $REPORT-BEGIN and $REPORT-END. Variable Description $AFFECTED-FILENAME The name of the original file or attachment. $AFFECTED-FILESIZE The size of the original file or attachment.
Page 244: Appendix B Sending E-Mail Alerts And Reports
APPENDIX: Sending E-mail Alerts And Reports Overview................... 245 Solution..................245...
Page 245: Overview
SMTP protocol (without authentication and encryption) to send alerts to the specified e-mail address. The product can send e-mail based reports to F-Secure World Map system. These reports are sent using the simple SMTP protocol with an empty address ("<>") as the source.
Page 246: Creating A Scoped Receive Connector
For example, to create a new connector that listens on all configured local IP addresses and accepts connections from the local host only, run the following command in the Exchange management shell: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 0.0.0.0:25 -RemoteIPRanges 127.0.0.1 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain...
Page 247: Grant The Relay Permission On The New Scoped Connector
To create a new connector that is bound to a single IP addresses and accepts connections from the specified remote servers, run the following command: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 192.168.58.128:25 -RemoteIPRanges 192.168.58.129, 192.168.58.131 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain $false -RequireTLS $false B.2.2...
Page 248: Appendix C Troubleshooting
APPENDIX: Troubleshooting Overview................... 249 Starting and Stopping............249 Viewing the Log File ..............250 Common Problems and Solutions ..........250 Frequently Asked Questions ............ 255...
Page 249: Overview
“Technical Support”, 108. Starting and Stopping If you ever need to start or stop F-Secure Anti-Virus for Microsoft Exchange, you can do it in the following ways: Open the Services applet from the Administrative tools folder in  the Windows Control Panel and select F-Secure Anti-Virus for Microsoft Exchange.
Page 250: Viewing The Log File
F-Secure Management Agent and contains all alerts generated by F-Secure components installed on the host. Logfile.log can be found on all hosts running F-Secure Management Agent. You can view the Logfile.log with any text editor, for example Windows Notepad. Open the logfile.log from F-Secure Settings and Statistics / F-Secure...
Page 251: Checking F-Secure Anti-Virus For Microsoft Exchange
Troubleshooting Checking F-Secure Anti-Virus for Microsoft Exchange Make sure that F-Secure Anti-Virus for Microsoft Exchange service and all its processes have started. Open Services in the Windows Control Panel and check that the F-Secure Anti-Virus for Microsoft Exchange service has started.
Page 252: Checking F-Secure Content Scanner Server
The problem is that F-Secure Anti-Virus for Microsoft Exchange is unable to contact F-Secure Content Scanner Server. A service or process may not be running on F-Secure Content Scanner Server. Make sure that all processes and services of F-Secure Content Scanner Server have started.
Page 253: Checking F-Secure Anti-Virus For Microsoft Exchange Web Console
Troubleshooting Checking F-Secure Anti-Virus for Microsoft Exchange Web Console Problem: I cannot open or access F-Secure Anti-Virus for Microsoft Exchange Web Console. Solution: Make sure that F-Secure Web Console daemon has started and is running. Check the Services in Windows Control Panel. The following...
Page 254: C.4.2 Securing The Quarantine
C.4.2 Securing the Quarantine Problem: I have installed F-Secure Anti-Virus for Microsoft Exchange and I'm worried about security of the local Quarantine storage where stripped attachments are quarantined. What do you recommend me? Solution: F-Secure Anti-Virus for Microsoft Exchange creates and adjusts access rights to the local Quarantine storage during the installation.
Page 255: Frequently Asked Questions
APPENDIX C Troubleshooting Frequently Asked Questions All support issues, frequently asked questions and hotfixes can be found under the support pages at http://support.f-secure.com/. For more information, see “Technical Support”, 108.
Page 256: Technical Support
Technical Support F-Secure Online Support Resources........109 Web Club.................. 111 Virus Descriptions on the Web ..........111...
Page 257: F-Secure Online Support Resources
If you have questions about F-Secure Anti-Virus for Microsoft Exchange not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly.
Page 258 You can also find and run the FSDiag.exe utility under the F-Secure\Common folder, if you prefer not to do it through the F-Secure Anti-Virus for Microsoft Exchange Web Console. The tool generates a file called FSDiag.tar.gz.
Page 259: Web Club
Technical Support Web Club The F-Secure Web Club provides assistance and updated versions of the F-Secure products. To connect to the Web Club on our Web site, open the F-Secure Anti-Virus for Microsoft Exchange Web Console, and click the Web Club link in the banner.
Page 260 This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry.

F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE Administrator's Manual

About this Guide

Chapter 1 Using F-Secure Anti-Virus for Microsoft Exchange

Chapter 2 Centrally Managed Administration

Chapter 3 Administration with Web Console

Chapter 4 Quarantine Management

Chapter 5 Updating Virus and Spam Definition Databases

Appendix A Variables in Warning Messages

Appendix B Sending E-Mail Alerts and Reports

Appendix C Troubleshooting

Technical Support

Quick Links

Related Manuals for F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE

Summary of Contents for F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE

Table of Contents