F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10 Administrator's Manual

Table of Contents

Quick Links

Download this manual

F-Secure Anti-Virus for

Microsoft Exchange

Administrator's Guide

Table of Contents

Troubleshooting

Summary of Contents for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10

Page 1 F-Secure Anti-Virus for Microsoft Exchange Administrator’s Guide...
Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Page 3: Table Of Contents
Symbols ........................12 Chapter 1 Introduction Overview ........................15 How F-Secure Anti-Virus for Microsoft Exchange Works........... 16 Key Features......................19 F-Secure Anti-Virus Mail Server and Gateway Products ........... 21 Chapter 2 Deployment Installation Modes ...................... 24 Network Requirements....................25 Deployment Scenarios ....................26 2.3.1 Environment with a Single Exchange Server ..........
Page 4 Installation Overview ....................40 Installing F-Secure Anti-Virus for Microsoft Exchange..........41 After the Installation ....................53 3.6.1 Importing Product MIB files to F-Secure Policy Manager Console....54 3.6.2 Configuring the Product.................. 55 Upgrading the Evaluation Version................56 Uninstalling F-Secure Anti-Virus for Microsoft Exchange .......... 57...
Page 5 5.4.4 Database Updates..................126 5.4.5 Spam Filtering ....................127 5.4.6 Threat Detection Engine................128 5.4.7 Proxy Configuration ..................129 5.4.8 Advanced......................130 F-Secure Content Scanner Server Statistics ............131 5.5.1 Server ......................131 5.5.2 Scan Engines ....................132 5.5.3 Common .......................133 5.5.4 Spam Control....................133 5.5.5 Virus Statistics ....................134 F-Secure Management Agent Settings ..............134...
Page 6 7.11 Quarantine Statistics ....................251 7.12 Moving the Quarantine Storage ................252 Chapter 8 Updating Virus and Spam Definition Databases Overview ........................255 Automatic Updates with F-Secure Automatic Update Agent........255 Configuring Automatic Updates ................255 Chapter 9 Administering F-Secure Spam Control Overview ........................258 Spam Control Settings in Centrally Managed Environments ........259 Spam Control Settings in Web Console..............263...
Page 7 C.2.1 Creating the Quarantine Storage for a Single Copy Cluster Environment ...279 C.2.2 Creating the Quarantine Storage for a Continuous Cluster Replication Environ- ment......................286 C.3 Administering the Cluster Installation with F-Secure Policy Manager......290 C.4 Using the Quarantine in the Cluster Installation............290 C.5 Uninstallation......................292 C.6 Troubleshooting .......................292...
Page 8 E.5 Frequently Asked Questions ..................304 Technical Support F-Secure Online Support Resources ................306 Web Club .........................308 Virus Descriptions on the Web ..................308...
Page 9: About This Guide
BOUT UIDE How This Guide Is Organized............ 10 Conventions Used in F-Secure Guides ........13...
Page 10: How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is divided into the following chapters: Chapter 1. Introduction. General information about F-Secure Anti-Virus for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and Gateway products. Chapter 2. Deployment. Instructions and examples how to set up your network environment before you can install F-Secure Anti-Virus for Microsoft Exchange.
Page 11 Support. Contains the contact information for assistance. About F-Secure Corporation. Describes the company background and products. See the F-Secure Policy Manager Administrator's Guide for detailed information about installing and using the F-Secure Policy Manager components: F-Secure Policy Manager Console, the tool for remote administration of F-Secure Anti-Virus for Microsoft Exchange.
Page 12: Conventions Used In F-Secure Guides
Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
Page 13 In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.
Page 14: Introduction
NTRODUCTION Overview..................15 How F-Secure Anti-Virus for Microsoft Exchange Works ... 16 Key Features ................19 F-Secure Anti-Virus Mail Server and Gateway Products.... 21...
Page 15: Overview
Sober, Netsky and Bagle, have caused a lot of damage around the world. F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to shield the company network from any malicious code that travels in HTTP or SMTP traffic.
Page 16: How F-Secure Anti-Virus For Microsoft Exchange Works
How F-Secure Anti-Virus for Microsoft Exchange Works F-Secure Anti-Virus for Microsoft Exchange is designed to detect and disinfect viruses and other malicious code from e-mail transmissions through Microsoft Exchange 2007 Server. Scanning is done in real time as the mail passes through Microsoft Exchange Server. On-demand scanning of user mailboxes and public folders is also available.
Page 17 Our team of dedicated virus researchers is on call 24-hours a day responding to new and emerging threats. In fact, F-Secure is one of the only companies to release tested virus definition updates continuously, to make sure our customers are receiving the highest quality service and protection.
Page 18 F-Secure Policy Manager Console and all managed systems. Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft Exchange, which (2) filters malicious content from mails and attachments, and (3) delivers cleaned files forward.
Page 19: Key Features
CHAPTER 1 Introduction Key Features F-Secure Anti-Virus for Microsoft Exchange provides the following features and capabilities. Superior Protection Superior detection rate with multiple scanning engines. Automatic malicious code detection and disinfection. The grayware scan detects spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs.
Page 20 Controlling and monitoring the behavior of the products remotely. Starting predefined operations remotely. Monitoring statistics provided by the products remotely with F-Secure Policy Manager or F-Secure Anti-Virus for Microsoft Exchange Web Console. Possibility to configure and manage stand-alone installations with the convenient F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 21: F-Secure Anti-Virus Mail Server And Gateway Products
Introduction F-Secure Anti-Virus Mail Server and Gateway Products The F-Secure Anti-Virus product line consists of workstation, file server, mail server, gateway and mobile products. F-Secure Internet Gatekeeper™ is a high performance, totally automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP) virus scanning solution for the gateway level.
Page 22 F-Secure, keeping the virus protection always up to date. A powerful and easy-to-use management console simplifies the installation and configuration of the product. F-Secure Messaging Security Gateway™ delivers the industry’s most complete and effective security for e-mail. It...
Page 23: Chapter 2 Deployment
EPLOYMENT Installation Modes............... 24 Network Requirements............... 25 Deployment Scenarios ............... 26...
Page 24: Installation Modes
Installation Modes F-Secure Anti-Virus for Microsoft Exchange can be installed either in stand-alone or centrally administered mode. In stand-alone installation, F-Secure Anti-Virus for Microsoft Exchange is managed with Web Console. In centrally administered mode, it is managed centrally with F-Secure Policy Manager components: F-Secure Policy Manager Server and F-Secure Policy Manager Console.
Page 25: Network Requirements
This network configuration is valid for all scenarios described in this chapter. Make sure that the following network traffic can pass through: Service Process Inbound ports Outbound ports F-Secure Content Scanner %ProgramFiles(x86)%\F-Secure\ 18971 (TCP) (on DNS (53, UDP/TCP), Server Content Scanner...
Page 26: Deployment Scenarios
Depending on how the Microsoft Exchange 2007 server roles are deployed in your environment, you might consider various scenarios of deploying F-Secure Anti-Virus for Microsoft Exchange. There are various ways to deploy F-Secure Anti-Virus for Microsoft Exchange that are suitable to different environments: “Environment with a Single Exchange Server”, 27.
Page 27: Environment With A Single Exchange Server
Install F-Secure Anti-Virus for Microsoft Exchange on the same server where Exchange Hub and Mailbox Server roles are deployed. Installing F-Secure Spam Control If you have a license for F-Secure Spam Control, you should install it on the same server with F-Secure Anti-Virus for Microsoft Exchange. Administration Modes...
Page 28: Environments With Exchange Roles Deployed On Multiple Servers
2.3.2 Environments with Exchange Roles Deployed on Multiple Servers Figure 2-2 Deployment in an environment with Edge, Hub and Mailbox Server roles deployed on multiple servers...
Page 29 F-Secure Anti-Virus for Microsoft Exchange as follows: Installing F-Secure Anti-Virus for Microsoft Exchange Install F-Secure Anti-Virus for Microsoft Exchange on all the servers where Exchange Edge, Hub and Mailbox Server roles are deployed. If the Exchange role is changed later, the product has to be reinstalled.
Page 30 Installing F-Secure Spam Control If you have a license for F-Secure Spam Control, you can install it on the Edge server. If you do not have an Edge server, you can install F-Secure Spam Control on the Hub server. Administration Modes...
Page 31: Quarantine Management Considerations
If you want to use centralized quarantine management in a network where the Exchange server roles have been deployed on multiple servers, you should deploy F-Secure Anti-Virus for Microsoft Exchange and the SQL server needed for quarantine database as follows: Install Microsoft SQL Server on a dedicated server or on the server running F-Secure Policy Manager Server.
Page 32 Microsoft SQL Server 2005 Express Edition included in F-Secure Anti-Virus for Microsoft Exchange, the Quarantine database size is limited to 4 GB. You can use F-Secure Anti-Virus for Microsoft Exchange Web Console to manage and search quarantined content. For more information, see “Quarantine...
Page 33: Installation
NSTALLATION System Requirements ..............34 Improving Reliability and Performance........38 Installation Overview ..............40 Installing F-Secure Anti-Virus for Microsoft Exchange ....41 After the Installation..............53 Upgrading the Evaluation Version ..........56 Uninstalling F-Secure Anti-Virus for Microsoft Exchange... 57...
Page 34: System Requirements
System Requirements F-Secure Anti-Virus for Microsoft Exchange is installed on the computer running Microsoft Exchange Server and requires the following hardware and software. Processor: AMD Opteron/Athlon x64 or Intel Xeon with Extended Memory 64 Technology (EM64T) Memory: 1 GB Disk space to install:...
Page 35: Operating System Requirements
CHAPTER 3 Installation 3.1.1 Operating System Requirements The product can be installed on a computer with a 64-bit processor running one of the following systems: Microsoft® Windows Server 2003, Standard x64 Edition with the latest service pack Microsoft® Windows Server 2003, Enterprise x64 Edition with the latest service pack Microsoft®...
Page 36: Sql Server Requirements
Express edition) with the latest service pack Microsoft SQL Server 2005 Express Edition Service Pack 2 is distributed with the product and can be installed during F-Secure Anti-Virus for Microsoft Exchange Setup. When centralized quarantine management is used, the SQL server must be reachable from the network and file sharing must be enabled.
Page 37 Exchange installations. Microsoft SQL Server 2005 Express Edition is delivered together with F-Secure Anti-Virus for Microsoft Exchange, and you can install it during the F-Secure Anti-Virus for Microsoft Exchange Setup. Microsoft SQL If your organization sends a large amount of e-mails, it is Server 2000/2005 recommended to use Microsoft SQL Server 2000/2005.
Page 38: Web Browser Software Requirements
If the system load is high, a fast processor on the Microsoft Exchange Server speeds up the e-mail message processing. As Microsoft Exchange Server handles a large amount of data, a fast processor alone is not enough to guarantee a fast operation of F-Secure Anti-Virus for Microsoft Exchange. Memory...
Page 39: Centrally Administered Or Stand-Alone Installation
Policy Manager Console. You can select the management method when you install the product. If you already use F-Secure Policy Manager to administer other F-Secure products, it is recommended to install F-Secure Anti-Virus for Microsoft Exchange in centralized administration mode.
Page 40: Installation Overview
Installation Overview F-Secure Anti-Virus for Microsoft Exchange can be installed to the same computer that runs F-Secure Anti-Virus for Servers 7.0. You should uninstall any potentially conflicting products, such as other anti-virus, file encryption, and disk encryption software, which employ low-level device drivers, before you install F-Secure Anti-Virus for Microsoft Exchange.
Page 41: Installing F-Secure Anti-Virus For Microsoft Exchange
CHAPTER 3 Installation Import the product MIB files to F-Secure Policy Manager, if they cannot be uploaded there during the installation. For more information, see “Importing Product MIB files to F-Secure Policy Manager Console”, 54. Check that F-Secure Automatic Update Agent can retrieve the latest virus and spam definition databases.
Page 42 Step 2. Read the information in the Welcome screen. Click Next to continue. Step 3. Read the licence agreement. If you accept the agreement, check the I accept this agreement checkbox and click Next to continue.
Page 43 CHAPTER 3 Installation Step 4. Enter the product keycode. Click Next to continue. Step 5. Choose the components to install. For more information about F-Secure Spam Control, see “Administering F-Secure Spam Control”, 257. Click Next to continue.
Page 44 Click Next to continue. Step 7. Choose the administration method. If you install F-Secure Anti-Virus for Microsoft Exchange in stand-alone mode, you cannot configure settings and receive alerts and status information in F-Secure Policy Manager Console. Click Next to continue.
Page 45 Installation If you selected the stand-alone installation, continue to Step 10., If you select the stand-alone mode, use the F-Secure Anti-Virus for Microsoft Exchange Web Console to change product settings and to view statistics. For more information, see “Administration with Console”, 138.
Page 46 Step 9. Enter the IP address or URL of the F-Secure Policy Manager Server you installed earlier. Click Next to continue. If the product MIB files cannot be uploaded to F-Secure Policy Manager during installation, you can import them manually.
Page 47 CHAPTER 3 Installation Step 10. Enter an SMTP address that will be used by F-Secure Anti-Virus for Microsoft Exchange to send warning and informational messages to end-users. The SMTP address should be a valid, existing address that is allowed to send messages.
Page 48 Step 12. Specify the location of the Quarantine database. If you want to install Microsoft SQL Server 2005 Express Edition and the Quarantine database on the same server as the product installation, select (a) Install and use Microsoft SQL Server Desktop Engine. If you are using Microsoft SQL Server already, select (b) Use the existing installation of MIcrosoft SQL Server or MSDE.
Page 49 CHAPTER 3 Installation Enter the password for the database server administrator account that will be used to create the new database. Click Next continue. Specify the name for the SQL database that stores information about the quarantined content. Enter the user name and the password that you want to use to connect to the quarantine database.
Page 50 Step 13. Select whether you want to install the product with F-Secure World Map Support. The product can collect and send statistics about viruses and other malware to the F-Secure World Map service.
Page 51 Manager Server, the following dialog opens. Make sure that the computer where you are installing F-Secure Anti-Virus for Microsoft Exchange is allowed to connect to the administration port on F-Secure Policy Manager Server, or if you use proxy, make sure that the...
Page 52 connection is allowed from the proxy to the server. Check that any firewall does not block the connection. If you want to skip installing MIB files, click Cancel. You can install MIB files later either manually or by running the Setup again. Step 16.
Page 53: After The Installation
Finish to close the Setup wizard. After the Installation This section describes what you have to do after the installation. These steps include: Importing product MIBs to F-Secure Policy Manager (if that is required), and Initial configuration of the product.
Page 54: Importing Product Mib Files To F-Secure Policy Manager Console
F-Secure Anti-Virus for Microsoft Exchange MIB JAR file cannot be uploaded to F-Secure Policy Manager Server during the installation. In these cases you will have to import the MIB files to F-Secure Policy Manager. You will have to import the MIB files if:...
Page 55: Configuring The Product
Installation 3.6.2 Configuring the Product After the installation, F-Secure Anti-Virus for Microsoft Exchange is functional, but it is using mostly default values. It is highly recommended to go through all the settings of all installed components. Configure F-Secure Anti-Virus for Microsoft Exchange.
Page 56: Upgrading The Evaluation Version
Upgrading the Evaluation Version If you want to use F-Secure Anti-Virus for Microsoft Exchange after your evaluation period expires, you need a new keycode. Contact your software vendor or renew your license online.
Page 57: Uninstalling F-Secure Anti-Virus For Microsoft Exchange
Eenter the new keycode you have received and click Register Keycode..If you do not want to continue to use F-Secure Anti-Virus for Microsoft Exchange after your evaluation license expires, you should uninstall the software. When the license expires, F-Secure Anti-Virus for Microsoft Exchange stops processing e-mails and messages posted to public folders.
Page 58: Chapter 4 Using F-Secure Anti-Virus For Microsoft Exchange
SING ECURE IRUS FOR ICROSOFT XCHANGE Administering F-Secure Anti-Virus for Microsoft Exchange..59 Using Web Console..............60 Using F-Secure Policy Manager Console........63...
Page 59: Administering F-Secure Anti-Virus For Microsoft Exchange
You can use the F-Secure Anti-Virus for Microsoft Exchange Web Console to start and stop F-Secure Anti-Virus for Microsoft Exchange, check its current status and to connect to F-Secure Web Club for support. In centrally managed installations, F-Secure Anti-Virus for Microsoft Exchange Web Console cannot be used for configuring the system or scanning settings, but you can manage the quarantined content with it.
Page 60: Using Web Console
Using Web Console You can open F-Secure Anti-Virus for Microsoft Exchange Web Console in any of the following ways: Go to Windows Start menu > Programs > F-Secure Anti-Virus for Microsoft Exchange > F-Secure Anti-Virus for Microsoft Exchange Web Console Enter the address of F-Secure Anti-Virus for Microsoft Exchange and the port number in your web browser.
Page 61 Using F-Secure Anti-Virus for Microsoft Exchange When you log in for the first time, your browser displays a Security Alert dialog window about the security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console. You can create a security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console before logging in, and then install the certificate during the login process.
Page 62: Modifying Settings And Viewing Statistics With Web Console
If the Security Alert window is still displayed, click to proceed or log back in to the F-Secure Anti-Virus for Microsoft Exchange Web Console. When the login page opens, log in to Web Console with your user name and the password.
Page 63: Checking The Product Status
Using F-Secure Anti-Virus for Microsoft Exchange 4.2.3 Checking the Product Status You can check the overall product status on the Home page of F-Secure Anti-Virus for Microsoft Exchange Web Console. Summary and Services tabs in the Home page displays an overview of each component status and most important statistics of the installed F-Secure Anti-Virus for Microsoft Exchange components.
Page 64 After you have modified settings and cretated a new policy, it must be distributed to hosts. Choose Distribute from the File menu. After distributing the policy, you have to wait for F-Secure Anti-Virus for Microsoft Exchange to poll the new policy file.
Page 65: Selecting Scanning Methods To Use
The settings descriptions in this manual indicate the settings for which you need to use the Final restriction. You can also check in F-Secure Policy Manager Console whether you need to use the Final restriction for a setting. Do the following: 1.
Page 66 Sandbox Scanning The sandbox scan emulates and analyzes the code in a safe and isolated environment. Proactive Virus Threat Detection The proactive virus threat detection analyzes e-mail messages for possible virus patterns and security threats. All possibly harmful messages are quarantined as unsafe. The proactive virus threat detection can detect new viruses during the first minutes of the outbreak.
Page 67: Chapter 5 Centrally Managed Administration
ENTRALLY ANAGED DMINISTRATION Overview..................68 F-Secure Anti-Virus for Microsoft Exchange Settings ....68 F-Secure Anti-Virus for Microsoft Exchange Statistics ..... 116 F-Secure Content Scanner Server Settings ......121 F-Secure Content Scanner Server Statistics......131 F-Secure Management Agent Settings ........134...
Page 68: Overview
Overview If F-Secure Anti-Virus for Microsoft Exchange is installed in the centrally administered mode, F-Secure Anti-Virus for Microsoft Exchange is managed centrally with F-Secure Policy Manager. In the centralized administration mode, you can use the F-Secure Anti-Virus for Microsoft Exchange Web Console for the quarantine management and to check the current status of F-Secure Anti-Virus for Microsoft Exchange, but you cannot change any settings with it.
Page 69 CHAPTER 5 Centrally Managed Administration Network Configuration The mail direction is based on the Internal Domains and Internal SMTP hosts settings. For more information, see “Network Configuration”, 56. Internal Domains Specify internal domains. Messages coming to internal domains are considered to be inbound mail unless they come from internal SMTP sender hosts.
Page 70 If end-users in the organization use other than Microsoft Outlook e-mail client to send and receive e-mail, it is recommended to specify all end-user workstations as Internal SMTP Senders. If the organization has Exchange Edge and Hub servers, the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed.
Page 71 If you change the Quarantine Storage setting, select the Final checkbox in the Restriction Editor to override initial settings. During the installation, F-Secure Anti-Virus for Microsoft Exchange adjusts the access rights to the Quarantine Storage so that only the product, operating system and the local administrator can access it.
Page 72 The setting defines the default retention period for all Quarantine categories. To change the retention period for different categories, configure Quarantine Cleanup Exceptions settings. Delete Old Items Specify how often old items are deleted from the Every Quarantine. The setting defines the default cleanup interval for all Quarantine categories.
Page 73 CHAPTER 5 Centrally Managed Administration Released Quarantine Specify the template for the message that is sent Message Template to the intented recipients when e-mail content is released from the quarantine. For more information, see “Lists and Templates”, 70. The product generates the message only when the item is removed from the Microsoft Exchange Server store and sends it automatically when you release the item to...
Page 74 Connection Timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server. Send Timeout Specify the time (in seconds) how long the product waits for the sample submission to complete.
Page 75 Connection Timeout Specify the time interval (in seconds) how long F-Secure Anti-Virus for Microsoft Exchange should wait for a response from F-Secure Content Scanner Server before it stops attempting to send or receive data. Working directory Specify the name and location of the working directory, where temporary files are placed.
Page 76: Transport Protection
If F-Secure Content Scanner Server uses a proxy server when it connects to the threat detection center and the proxy server requires authentication, the proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only. For more information , see “Proxy...
Page 77 CHAPTER 5 Centrally Managed Administration Drop the Whole Message - Do not deliver the message to the recipient at all. Quarantine Stripped Specify whether stripped attachments are Attachments quarantined. The default option is Enabled. Do Not Quarantine Specify file names and file extensions which are These Attachments not quarantined even when they are stripped.
Page 78 Configure the Alert Forwarding table to specify where the alert is sent based on the severity level. The Alert Forwarding table can be found F-Secure Management Agent/Settings/Alerting. Virus Scanning Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code.
Page 79 CHAPTER 5 Centrally Managed Administration By default, the heuristic scan is enabled for inbound mails and disabled for outbound and internal mails. The heuristic scan may affect the product performance and increase the risk of false malware alarms. Sandbox Scanning Enable or disable the sandbox scan.
Page 80 Drop the Whole Message - Do not deliver the message to the recipient at all. Quarantine Infected Specify whether infected or suspicious Messages messages are quarantined. Do Not Quarantine Specify infections that are never placed in the These Infections quarantine. If a message is infected with a virus or worm which has a name that matches a keyword specified in this list, the message is not quarantined.
Page 81 “Lists and Templates”, 70. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 82 Max Levels in Nested Specify how many levels of archives inside other Archives archives the product scans when Scan Viruses Inside Archives is enabled. Action on Max Specify the action to take on archives with Nested Archives nesting levels exceeding the upper level specified in the Max Levels in Nested Archives setting.
Page 83 CHAPTER 5 Centrally Managed Administration Zero-Day Protection Select whether Proactive Virus Threat Detection is enabled or disabled. Proactive virus threat detection can identify new and unknown e-mail malware, including viruses and worms. When proactive virus threat detection is enabled, the product analyzes inbound e-mail messages for possible security threats.
Page 84 Drop Attachment - Remove grayware items from the message. Drop the Whole Message - Do not deliver the message to the recipient. Grayware Exclusion Specify the list of keywords for grayware types List that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan.
Page 85 “Administering F-Secure Spam Control”, 257. You can configure Spam Control settings for inbound messages, and only if you have F-Secure Spam Control installed. The threat detection engine of F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam or virus outbreak.
Page 86 File Type Recognition Select whether you want to use Intelligent File Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 87 CHAPTER 5 Centrally Managed Administration It is not recommended to set the maximum nesting level to unlimited as this will make the product more vulnerable to DoS (Denial-of-Service) attacks. Action on Mails with Specify the action to take on inbound messages Exceeding Nesting with nesting levels exceeding the upper level Levels...
Page 88: Storage Protection
5.2.3 Storage Protection Edit general Storage Protection settings to configure how mailboxes and public folders are scanned in the Exchange Store with real-time, background, manual and scheduled scanning. Real-Time and Background Scanning The real-time and background scanning can automatically scan messages that have been created or received.
Page 89 CHAPTER 5 Centrally Managed Administration General Background Scanning Settings Specify which messages you want to scan during the background scan. Background Enable or disable background scanning. Scanning Background scanning methodically scans specified messages stored in the database. Scan Only Messages Specify whether to scan all messages or only with Attachments messages with attachments.
Page 90 Scan Only Included Mailboxes - Scan mailboxes specified in the Included Mailboxes list. Scan All Except Excluded Mailboxes - Scan all mailboxes except those specified in the Excluded Mailboxes list. Included Mailboxes Specify mailboxes that are scanned for viruses when the Scan Mailboxes setting is set to Scan Only Included Mailboxes.
Page 91 CHAPTER 5 Centrally Managed Administration Use Exclusions Specify attachments that are not scanned. Leave the list empty if you do not want to exclude any attachments from the scan. Heuristic Scanning Enable or disable the heuristic scan. The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 92 Quarantine Infected Specify whether infected and suspicious Attachments attachments are quarantined. Do Not Quarantine Specify infections that are never placed in the These Infections quarantine. For more information, see “Lists and Templates”, 70. Replacement Text Specify the template for the text that replaces Template the infected attachment when the infected attachment is removed from the message.
Page 93 CHAPTER 5 Centrally Managed Administration Specify the number of levels the product goes through before the action selected in Action on Max Nested Archives takes place. The default setting is 3. Action on Max Specify the action to take on nested archives Nested Archives with nesting levels exceeding the upper level specified in the Max Levels in Nested Archives...
Page 94 Scan Messages for Enable or disable the grayware scan. Grayware Action on Grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator. Drop attachment - Remove grayware items from the message.
Page 95 You can scan mailboxes and Public Folders for viruses and strip attachments manually at any time. You can start the manual scan with controls under the F-Secure Anti-Virus for Microsoft Exchange / Operations / Manual Scanning branch. To start the manual scan, click Start and distribute the policy.
Page 96 Scan Only Included Folders - Scan public folders specified in the Included Folders list. Scan All Except Excluded Folders - Scan all public folders except those specified in the Excluded Folders list. Included Folders Specify public folders that are scanned for viruses when the Scan Public Folders setting is set to Scan Only Included Folders.
Page 97 CHAPTER 5 Centrally Managed Administration Do Not Quarantine Specify file names and file extensions which are These Attachments not quarantined even when they are stripped. If the message contains an attachment which is quarantined, all attachments linked to that message are quarantined, regardless of this setting.
Page 98 Sandbox Scanning Enable or disable the sandbox scan. The sandbox scan emulates and analyzes the code in a safe and isolated environment known as the Sandbox. Sandbox scanning may affect the product performance. We recommend that you disable the Sandbox scan if you need the scan to be faster.
Page 99 CHAPTER 5 Centrally Managed Administration Archive Processing Specify how the product processes archive files during the manual scan. Scan Archives Specify if files inside archives are scanned for viruses and other malicious code. List of Files to Scan Specify files that are scanned for viruses inside Inside Archives archives.
Page 100 Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content. Pass through - Leave the password protected archive in the message.
Page 101 CHAPTER 5 Centrally Managed Administration Quarantine Grayware Specify whether grayware attachments are quarantined. Do Not Quarantine Specify grayware that are never placed in the These Grayware quarantine. For more information, see “Lists and Templates”, 70. Replacement Text Specify the template for the text that replaces Template the grayware attachment when the grayware attachment is removed from the message.
Page 102 Scheduled Scanning You can schedule scan tasks to scan mailboxes and Public Folders periodically. The scheduled scanning table displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. To deactivate scheduled tasks in the list, clear the Active checkbox in front of the task.
Page 103 CHAPTER 5 Centrally Managed Administration Step 1. General Properties Enter the name for the new task and select how frequently you want the operation to be performed. Task name Specify the name of the scheduled operation. Do not use any special characters in the task name.
Page 104 Monthly - Every month at the specified time on the same date when the first operation is scheduled to start. Start time Enter the start time of the task in hh:mm format. Start date Enter the start date of the task in mm/dd/yyyy format Step 2.
Page 105 CHAPTER 5 Centrally Managed Administration Scan only included mailboxes - Scan all specified mailboxes. Click Edit to add or remove mailboxes that should be scanned. Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Edit to add or remove mailboxes that...
Page 106 Choose which public folders are processed during the scheduled operation. Examine public Specify public folders that are processed during folders the scheduled scan. Do not scan public folders - Disable the public folder scanning. Scan all public folders - Scan all public folders. Scan only included public folders - Scan all specified public folders.
Page 107 CHAPTER 5 Centrally Managed Administration Step 4. Attachment Filtering Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Target attachments Strip these Specify which attachments are stripped from attachments messages.
Page 108 Do not quarantine Specify file names and file extensions which are these attachments not quarantined even when they are stripped. For more information, see “Lists and Templates”, If the message contains an attachment which is quarantined, all attachments linked to that message are quarantined, regardless of this setting.
Page 109 CHAPTER 5 Centrally Managed Administration Choose settings for virus scanning of public folders during the scheduled operation. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code. General Options Heuristic Scanning Enable or disable the heuristic scanning.
Page 110 Actions Try to disinfect Specify whether the product should try to disinfect an infected attachment before processing it. If the disinfection succeeds, the product does not process the attachment further. Disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled.
Page 111 CHAPTER 5 Centrally Managed Administration Step 6. Grayware Scanning Choose settings for grayware scanning during the scheduled operation. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware.
Page 112 Quarantine grayware Specify whether grayware attachments are quarantined. Do not quarantine Specify grayware that are never placed in the this grayware quarantine. For more information, see “Lists and Templates”, 70. Notifications Replacement text Specify the template for the text that replaces template the grayware item when it is removed from the message.
Page 113 CHAPTER 5 Centrally Managed Administration Choose settings for stripping attachments during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 114 Pass through - Deliver the message with the password protected archive to the recipient. Drop archive - Remove the password protected archive from the message and deliver the message to the recipient without it. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine.
Page 115 CHAPTER 5 Centrally Managed Administration Choose advanced processing options for all the messages processed during the scheduled operation. Processing options Incremental scanning Specify whether you want to process all messages or only those messages that have not been processed previously during the scheduled processing.
Page 116: F-Secure Anti-Virus For Microsoft Exchange Statistics
Statistics To view statistics, open the Status tab from the Properties pane and open the Statistics subtree. It displays statistics for the host for each F-Secure Anti-Virus for Microsoft Exchange installation. If a policy domain is selected, the Status view displays the number of hosts in the domain and which hosts are disconnected from F-Secure Policy Manager.
Page 117: Common
CHAPTER 5 Centrally Managed Administration To reset real-time scanning statistics, use the variables under F-Secure Anti-Virus for Microsoft Exchange / Operations / Reset Statistics. Select Reset and click Start in the Editor pane. The Status above the button displays "Operation still in progress" until the program reports that statistics have been reset.
Page 118: Transport Protection
5.3.2 Transport Protection You can view the inbound, outbound and internal message statistics separately. Previous Reset of Displays the date and time of the last reset of Statistics statistics. Number of Processed Displays the total number of processed Messages messages since the last reset of statistics. Number of Infected Displays the number of messages and Messages...
Page 119: Storage Protection
CHAPTER 5 Centrally Managed Administration 5.3.3 Storage Protection Real-time and Background Scanning Number of Protected Displays the number of currently protected user Mailboxes mailboxes. Number of Protected Displays the number of currently protected Public Folders public folders. Previous Reset of Displays the date and time of the last reset of Statistics statistics.
Page 120 Manual Scanning Total Number of Displays the total number of mailboxes in the Mailboxes Exchange Store product processes during the manual scan. Number of Processed Displays the number of mailboxes that have Mailboxes been processed. Total Number of Displays the total number of Public folders in the Public Folders Exchange Store that the product processes during the manual scan.
Page 121: Quarantine
These items have the same quarantine ID in the quarantine database. F-Secure Content Scanner Server Settings Use the variables under the F-Secure Content Scanner Server / Settings branch to define the settings for content providers and to change the general content scanning options.
Page 122: Interface
5.4.1 Interface Specify how the server will interact with clients. IP Address Specifies the service listen address in case of multiple network interface cards or multiple IP addresses. If you do not assign an IP address (0.0.0.0), the server responds to all IP addresses assigned to the host.
Page 123: Virus Scanning
CHAPTER 5 Centrally Managed Administration 5.4.2 Virus Scanning Specify scanning engines to be used when F-Secure Content Scanner Server scans files for viruses, and the files that should be scanned. Scan Engines Scan engines can be enabled or disabled. If...
Page 124 Specify the number of levels F-Secure Content Scanner Server goes through before the action selected in Suspect Max Nested Archives takes place. The default setting is 3. Increasing the value increases the load on the system and thus decreases the overall system performance.
Page 125: Virus Statistics
CHAPTER 5 Centrally Managed Administration Scan Extensions Inside Enter all the extensions you want to scan Archives inside archives. Extensions Allowed in Define a space-separated list of the file Password Protected extensions allowed in password protected Archives archives. Wildcards (*, ?) can be used. Example: "DO? *ML".
Page 126: Database Updates
F-Secure World Map about viruses and other malware to the F-Secure World Map service. When the F-Secure World Map support is enabled, the product sends encrypted e-mail reports periodically to the service. These reports list only the name and the amount of...
Page 127: Spam Filtering
RBL) for spam filtering. For more information, see “Enabling Realtime Blackhole Lists”, 238 and “Optimizing F-Secure Spam Control Performance”, 240. The server must be restarted after this setting has been changed. IMPORTANT: Spam analysis is a processor-intensive operation and each spam scanner instance takes approximately 25MB of memory (process fsavsd.exe).
Page 128: Threat Detection Engine
5.4.6 Threat Detection Engine Configure the virus outbreak and spam threat detection. VOD Cache Size Specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns. Class Cache Size Specify the maximum number of patterns to cache for spam detection service.
Page 129: Proxy Configuration
CHAPTER 5 Centrally Managed Administration Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted Networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers and do not have open relays or open proxies.
Page 130: Advanced
Working directory are deleted. The default clean interval is 15 minutes. Free Space Threshold Specify when F-Secure Content Scanner Server should send a low disk space alert to the administrator. The default setting is 100 megabytes.
Page 131: F-Secure Content Scanner Server Statistics
F-Secure Content Scanner Server Statistics The Statistics branch in the F-Secure Content Scanner Server tree displays the version of F-Secure Content Scanner Server that is currently installed on the selected host and the location of F-Secure Content Scanner Server installation directory.
Page 132: Scan Engines
Last Time Infection The date and time when the last infection Found was found. 5.5.2 Scan Engines The Scan Engines table displays the scan engine statistics and information. Name The name of the scan engine. Version The version number of the scan engine. Status The status of the scan engine, whether it has been loaded and enabled, is loaded but...
Page 133: Common
CHAPTER 5 Centrally Managed Administration 5.5.3 Common The Common statistics branch displays the list of installed product hotfixes. 5.5.4 Spam Control The Spam Control branch displays the following information: Spam Scanner Version Displays the version and build number of the Spam Scanner.
Page 134: Virus Statistics
Displays the list of most active viruses. F-Secure Management Agent Settings If the F-Secure Anti-Virus for Microsoft Exchange is working in centrally administered mode, you have to make sure F-Secure Anti-Virus for Microsoft Exchange sends and receives data from F-Secure Policy Manager Server.
Page 135: F-Secure Automatic Update Agent Settings
(such as statistics). F-Secure Automatic Update Agent Settings Using F-Secure Automatic Update Agent is the most convenient way to keep the databases updated. It connects to F-Secure Policy Manager Server or the F-Secure Update Server automatically.
Page 136 Detect connection is the default setting. HTTP settings Select whether to use an HTTP proxy when retrieving automatic updates. If F-Secure Automatic Update Agent connects to the Internet through a proxy server, specify the HTTP proxy addess in the User-defined proxy settings > Address field.
Page 137 Policy Manager Proxy. If the product cannot connect to any user-specified update server during the failover time, it retrieves the latest virus definition updates from F-Secure Update Server if Allow fetching updates from F-Secure Update Server is enabled. Intermediate server...
Page 138: Chapter 6 Administration With Web Console
DMINISTRATION WITH ONSOLE Overview................... 139 Home..................139 Transport Protection ..............142 Storage Protection..............159 Quarantine................196 Automatic Updates ..............206 Content Scanner Server............212 General..................223...
Page 139: Overview
CHAPTER 6 Administration with Web Console Overview If F-Secure Anti-Virus for Microsoft Exchange is installed in the stand-alone mode, it can be administered with F-Secure Anti-Virus for Microsoft Exchange Web Console. The Web Console is installed with F-Secure Anti-Virus for Microsoft Exchange.
Page 140 Error; the license has expired, the feature is not installed, all antivirus engines are disabled or a component is not loaded, F-Secure Content Scanner Server is not up and running or virus and spam definition databases are really old.
Page 141 View Automatic Update Log to view the update log file. Services Under the Services tab, you can start, stop and restart F-Secure Anti-Virus for Microsoft Exchange, F-Secure Content Scanner Server and F-Secure Automatic Update Agent in the Services tab. Statistics Virus Statistics and Spam Statistics tabs display information on the most active viruses and the number of spam messages detected.
Page 142: Transport Protection
Transport Protection You can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “Network Configuration”, 224. After you apply new transport protection settings, it can take up to 20 seconds for the new settings to take effect. You cannot add automatic disclaimers to messages with the product, you can configure Microsoft Exchange Server to do that.
Page 143 CHAPTER 6 Administration with Web Console The Statistics page displays a summary of the processed inbound, outbound and internal mail messages: Processed messages Displays the total number of processed messages since the last reset of statistics. Infected messages Displays the number of messages and attachments that are infected and cannot be automatically disinfected.
Page 144: Attachment Filtering
6.3.1 Attachment Filtering Specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension. Attachment filtering is disabled when virus scanning is disabled. Strip Attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these...
Page 145 CHAPTER 6 Administration with Web Console Exclude these Specify attachments that are not filtered. Leave attachments the list empty if you do not want to exclude any attachments from the filtering. Actions Action on disallowed Specify how disallowed attachments are attachments handled.
Page 146 To enable the notification, select a template for the notification message. To disable the notification, leave the notification field empty. For more information, see “Lists and Templates”, 232. Do not notify on these Specify attachments that do not generate attachments notifications.
Page 147: Virus Scanning
CHAPTER 6 Administration with Web Console 6.3.2 Virus Scanning Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Disabling virus scanning disables attachment filtering and grayware scanning as well.
Page 148 Scan e-mail Enable or disable the virus scan. The virus scan messages for viruses scans messages for viruses and other malicious code. Heuristic Scanning Enable or disable the heuristic scan. The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 149 CHAPTER 6 Administration with Web Console When proactive virus threat detection is enabled, the product analyzes inbound e-mail messages for possible security threats. All possibly harmful messages are quarantined as unsafe. Unsafe messages can be reprocessed periodically, as antivirus updates may confirm the unsafe message as safe or infected.
Page 150 Drop Attachment - Remove the infected attachment from the message and deliver the message to the recipient without the attachment. Stop the Whole Message - Do not deliver the message to the recipient at all. Quarantine infected Specify whether infected or suspicious messages messages are quarantined.
Page 151: Grayware Scanning
Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 152 Note that grayware scanning increases the scanning overhead. By default, grayware scanning is enabled for inbound messages only. Grayware scanning is disabled when virus scanning is disabled. Scan e-mail Enable or disable the grayware scan. messages for grayware Actions Action on grayware Specify the action to take on items which contain grayware.
Page 153 Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a grayware item in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 154: Archive Processing
6.3.4 Archive Processing Specify how F-Secure Anti-Virus for Microsoft Exchange processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to use up-to-date virus protection on their workstations.
Page 155 CHAPTER 6 Administration with Web Console Exclude these files Specify files that are not scanned inside archives. Leave the list empty if you do not want to exclude any files from the scanning. Limit max levels in Specify how many levels of archives inside other nested archives archives the product scans when Scan Viruses Inside Archives is enabled.
Page 156: Spam Control
“Administering F-Secure Spam Control”, 257. You can configure Spam Control settings for inbound messages, and only if you have F-Secure Spam Control installd. The threat detection engine of F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam of virus outbreak.
Page 157: Security Options
CHAPTER 6 Administration with Web Console 6.3.6 Security Options Configure security options to limit actions of malformed and problematic messages. File Type Recognition Intelligent file type Select whether you want to use Intelligent File recognition Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use.
Page 158 Using Intelligent File Type Recognition strengthens the security but can degrade the system performance. Trusted senders and recipients Specify senders who are excluded from the mail List of trusted scanning and processing. senders Specify recipients who are excluded from the List of trusted mail scanning and processing.
Page 159: Storage Protection
CHAPTER 6 Administration with Web Console Pass Through - Nested messages are scanned up to level specified in the Max Levels of Nested Messages setting. Exceeding nesting levels are not scanned, but the message is delivered to the recipient. Action on malformed Specify the action for non-RFC compliant mails e-mails.
Page 160 Statistics The Statistics page displays a summary of the protected mailboxes and public folders and infections found. Number of protected Displays the number of currently protected user mailboxes mailboxes. Number of protected Displays the number of currently protected public folders public folders.
Page 161 CHAPTER 6 Administration with Web Console Grayware items Displays the number of grayware items, including spyware, adware, dialers, joke programs, remote access tools and other unwanted applications. Suspicious items Displays the number of suspicious content found, for example password-protected archives, nested archives and malformed messages.
Page 162 Real-time scanning scans messages in mailboxes and public folders for viruses. Scanning Scan Only Messages Specify which messages are scanned with the Created Within real time scanning, for example; Last hour, Last day, Last week. Messages that have been created before the specified time are not scanned.
Page 163 CHAPTER 6 Administration with Web Console General Background Scanning Settings The background scanning can be used to systematically scan specified messages stored in the database.
Page 164 Enable background Enable or disable background scanning. scanning Scan only messages Specify whether to scan all messages or only with attachments messages with attachments. When the setting is Enabled, only messages that contain attachments are scanned on background scanning. Scan only Specify whether to scan all messages or only unprocessed messages that have not been processed yet.
Page 165 CHAPTER 6 Administration with Web Console Virus Scanning Specify messages and attachments in the Microsoft Exchange Storage that should be scanned for malicious code. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Disable the mailbox scanning.
Page 166 Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Edit to add or remove mailboxes that should not be scanned. Scan public folders Specify public folders that are scanned for viruses. Do not scan public folders - Disable the public folder scanning.
Page 167 CHAPTER 6 Administration with Web Console Infected files inside archives are not disinfected even when the setting is enabled. Quarantine infected Specify whether infected and suspicious attachments attachments are quarantined. Do not quarantine Specify virus and malware infections that are these infections never placed in the quarantine.
Page 168 Grayware Scanning Specify how the product processes grayware items during real-time scanning. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 169 CHAPTER 6 Administration with Web Console Pass through this Specify the list of keywords for grayware types grayware that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Lists and Templates”, 232.
Page 170 Archive Processing Specify how F-Secure Anti-Virus for Microsoft Exchange processes archive files in Microsoft Exchange Storage. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files that are scanned for viruses inside inside archives archives.
Page 171 CHAPTER 6 Administration with Web Console Limit max levels in Specify how many levels deep to scan in nested nested archives archives, if Scan Viruses Inside Archives is enabled. A nested archive is an archive that contains another archive inside. If zero (0) is specified, the maximum nesting level is not limited.
Page 172: Manual Scanning
Pass through - Leave the password protected archive in the message. Drop archive - Remove the password protected archive from the message. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine. For more information, see “Quarantine Management”, 237.
Page 173 CHAPTER 6 Administration with Web Console Statistics The Statistics page displays a summary of the messages processed during the latest manual scan: Status Displays whether the manual scan is running or stopped. Number of processed Displays the number of mailboxes that have mailboxes been scanned and the total number that will be scanned when the manual scan is complete.
Page 174 If the manual scan scans an item that has not been previously scanned for viruses and the real-time scan is on, the scan result may appear on the real-time scan statistics. Tasks Click Start Scanning to start the manual scan. Click Stop Scanning to stop the manual scan.
Page 175 CHAPTER 6 Administration with Web Console Specify which messages you want to scan during the manual scan. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Do not scan any mailboxes during the manual scan. Scan all mailboxes - Scan all mailboxes.
Page 176 Only recent messages - Scan only messages that have not been scanned during the previous manual scanning. File Type Recognition Intelligent file type Select whether you want to use Intelligent File recognition Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use.
Page 177 CHAPTER 6 Administration with Web Console Attachment Filtering Specify attachments that are remove from messages during the manual scan. Strip attachments Enable or disable the attachment stripping. Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Lists and Templates”, 232.
Page 178 Quarantine stripped Specify whether stripped attachments are attachments quarantined. Do not quarantine Specify file names and file extensions which are these attachments not quarantined even when they are stripped. For more information, see “Lists and Templates”, 232. If the message contains an attachment which is quarantined, all attachments linked to that message are quarantined, regardless of this setting.
Page 179 CHAPTER 6 Administration with Web Console Virus Scanning Specify messages and attachments that should be scanned for malicious code during the manual scan. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code.
Page 180 Sandbox Scanning Enable or disable the sandbox scan. The sandbox scan emulates and analyzes the code in a safe and isolated environment known as the Sandbox. The sandbox scan may affect the product performance. We recommend that you disable the sandbox scan if you need the scan to be faster.
Page 181 CHAPTER 6 Administration with Web Console Do not quarantine Specify virus and malware infections that are these infections never placed in the quarantine. For more information, see “Lists and Templates”, 232. Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the infected attachment is removed from the message.
Page 182 Specify how the product processes grayware items during the manual scan. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only - Leave grayware items in the message and notify the administrator.
Page 183 CHAPTER 6 Administration with Web Console Archive Processing Specify how the product processes archive files during the manual scan. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 184 Limit max levels in Specify how many levels of archives inside other nested archives archives the product scans when Scan Viruses Inside Archives is enabled. Actions Action on max nested Specify the action to take on archives with archives nesting levels exceeding the upper level specified in the Max Levels in Nested Archives setting.
Page 185: Scheduled Scanning
CHAPTER 6 Administration with Web Console 6.4.3 Scheduled Scanning Scheduled Tasks The Scheduled Tasks list displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. Creating Scheduled Operation Start the Scheduled Operation Wizard by clicking Add new task...
Page 186 Step 1. Specify Scanning Task Name and Schedule Enter the name for the new task and select how frequently you want the operation to be performed. Active Specify whether you want the scheduled scanning task to be active immediately after you have created it.
Page 187 CHAPTER 6 Administration with Web Console Weekly - Every week at the specified time on the same day when the first operation is scheduled to start. Monthly - Every month at the specified time on the same date when the first operation is scheduled to start.
Page 188 Scan all except excluded public folders - Do not scan specified public folders but scan all other. Click Edit to add or remove public folders that should not be scanned. Incremental scanning Specify whether you want to process all messages or only those messages that have not been processed previously during the scheduled processing.
Page 189 CHAPTER 6 Administration with Web Console Step 2. Specify Attachment Filtering Options Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages.
Page 190 Do not quarantine Specify file names and file extensions which are these attachments not quarantined even when they are stripped. For more information, see “Lists and Templates”, 232. If the message contains an attachment which is quarantined, all attachments linked to that message are quarantined, regardless of this setting.
Page 191 CHAPTER 6 Administration with Web Console Choose settings for virus scanning of public folders during the scheduled operation. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code. Heuristic Scanning Enable or disable the heuristic scanning.
Page 192 Disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled. Quarantine infected Specify whether infected or suspicious messages messages are quarantined. Do not quarantine Specify infections that are never placed in the these infections quarantine.
Page 193 CHAPTER 6 Administration with Web Console Choose settings for grayware scanning during the scheduled operation. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 194 Step 5. Specify Archive Processing Options Choose settings for stripping attachments during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 195 CHAPTER 6 Administration with Web Console Actions Action on max nested Specify the action to take on archives with archives nesting levels exceeding the upper level specified in the Max Levels in Nested Archives setting. Pass through - Deliver the message with the archive to the recipient.
Page 196: Quarantine
Quarantine Quarantine in F-Secure Anti-Virus for Microsoft Exchange is handled through a SQL database. The product is able to quarantine e-mails and attachments which contain malicious or otherwise unwanted content, such as spam messages.
Page 197: Options
CHAPTER 6 Administration with Web Console Status The Quarantine Status page displays a summary of the quarantined messages and attachments: Infected Displays the number of messages and attachments that are infected. Grayware Displays the number of messages that have grayware items, including spyware, adware, dialers, joke programs, remote access tools and other unwanted applications.
Page 198 Quarantine Storage When F-Secure Anti-Virus for Microsoft Exchange places content to the Quarantine, it saves the content as separate files into the Quarantine Storage and inserts an entry to the Quarantine Database with information...
Page 199 Quarantine storage settings, make sure that the new directory has the same rights. Make sure that F-Secure Anti-Virus for Microsoft Exchange service has write access to this directory. Adjust the access rights to the directory so that only the...
Page 200 Quarantined items Specify the critical number of items in the threshold Quarantine storage. If the specified value is reached or exceeded, the product sends an alert. If zero (0) is specified, the number of items in the Quarantine storage is not checked.
Page 201 CHAPTER 6 Administration with Web Console Quarantine Maintenance When quarantined content is reprocessed, it is scanned again, and if it is found clean, it is sent to the intended recipients. For more information, “Reprocessing the Quarantined Content”, 248.
Page 202 Quarantined messages are removed from the quarantine based on the currently configured quarantine retention and cleanup settings. Reprocess unsafe messages Automatically reprocess Specify how often the product tries to unsafe messages reprocess unsafe messages that are retained in the Quarantine. Set the value to Disabled to keep all unsafe to process unsafe messages manually.
Page 203 CHAPTER 6 Administration with Web Console Use the Quarantine Cleanup Exceptions table to change the cleanup interval for a particular Quarantine category. Exceptions Specify separate quarantine retention period and cleanup interval for each Quarantine category. If retention period and cleanup interval for a category are not defined in this table, then the default ones (specified above) are used.
Page 204 Quarantine Database You can specify the database where information about quarantined e-mails is stored and from which it is retrieved. Quarantine database SQL server name The name of the SQL server where the database is located. Database name The name of the quarantine database. The default name is FSMSE_Quarantine.
Page 205 CHAPTER 6 Administration with Web Console Logging Specify where F-Secure Anti-Virus for Microsoft Exchange stores Quarantine log files.
Page 206: Automatic Updates
Specify how many rotated log flies should be quarantine logs stored in the Quarantine. Automatic Updates With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published to F-Secure Update Server. Tasks Click...
Page 207 CHAPTER 6 Administration with Web Console Status The Status page displays information on the latest update. Channel name The channel from where the updates are downloaded. Channel address The address of the Automatic Updates Server. Latest installed The version and name of the latest installed update update.
Page 208: Communications
The date and time for the next update check. Last successful check The date and time when the last successful time update check was done. Downloads The Downloads page displays downloaded and installed update packages. 6.6.1 Communications Specify the how the product connects to F-Secure Update Server.
Page 209 CHAPTER 6 Administration with Web Console General Edit General settings to select whether you want to use automatic updates and how often the product checks for new updates.
Page 210 User defined proxy field. Update Server Allow fetching Specify whether the product should connect to updates from F-Secure Update Server when it cannot connect F-Secure Update to any user-specified update server. To edit the Server list of update sources, see “Policy Manager...
Page 211 CHAPTER 6 Administration with Web Console Policy Manager Proxies Edit the list of virus definition database update sources and F-Secure Policy Manager proxies. If no update servers are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically.
Page 212: Content Scanner Server
connects to the source with the smallest priority number first (1). If the connection to that source fails, it tries to connect to the source with the next smallest number (2) until the connection succeeds. Click to add the new update source to the list. Content Scanner Server Edit the Content Scanner Server settings to change the general content scanning options.
Page 213 CHAPTER 6 Administration with Web Console Server Statistics Number of scanned The number of files that have been scanned. files Last virus database The last date and time when virus definition update database was updated. Virus database The version number of the virus definition update version database.
Page 214: Options
6.7.1 Options Database Updates Configure Database Update options to set notification alerts when virus...
Page 215 F-Secure Content Scanner Server sends an alert to the administrator. Notify when Specify what kind of an alert F-Secure Content databases become Scanner Server should send to the administrator when virus definition databases are not up-to-date.
Page 216 Proxy Server F-Secure Content Scanner Server can use a proxy server to connect to the threat detection center.
Page 217 Specify the user name for the proxy server authentication. Password Specify the password for the proxy server authentication. Domain Specify the domain name for the proxy server authentication. The proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only.
Page 218 Threat Detection F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus outbreak patterns from messages. Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns.
Page 219 Pass through - The message is passed through without scanning it for spam. Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted networks Specify networks and hosts in the mail relay...
Page 220 Advanced Configure Advanced options to set the working directory and optimize the product performance. Working Directory Working directory Specify the working directory. Enter the complete path to the field or click Browse browse to the path you want to set as the new working directory.
Page 221 If the option is set to zero (0), all data transfers via shared memory are disabled. The setting is ignored if the local interaction mode is disabled. Max number of Specify how many files F-Secure Content concurrent Scanner Server should process simultaneously. transactions Max scan timeout Specify how long a scan task can be carried out before it is automatically cancelled.
Page 222 Number of spam Specify the number of Spam Scanner instances scanner instances to be created and used for spam analysis. As one instance of the spam scanner is capable of processing one mail message at a time, this setting defines how many messages undergo the spam analysis simultaneously.
Page 223: General
CHAPTER 6 Administration with Web Console General The Statistics section displays the following details of the host: WINS name DNS names IP addresses Unique ID...
Page 224: Network Configuration
6.8.1 Network Configuration The mail direction is based on the Internal Domains and Internal SMTP hosts settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Page 225 CHAPTER 6 Administration with Web Console if they are sent from the internal SMTP sender host. If e-mail messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outbound respectively. Internal Domains Specify internal domains.
Page 226: Administration
IMPORTANT: Do not specify the server where the Edge role is installed as Internal SMTP Sender. 6.8.2 Administration Configure Administration settings to change the management mode, specify where and how alerts are sent and to configure the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 227 Administration with Web Console Management Mode Communication method If you use F-Secure Policy Manager Server, specify the URL of F-Secure Policy Manager Server. Do not add a slash at the end of the URL. For example: “http://fsms.example.com”. Select Stand-alone if you have use F-Secure Anti-Virus for Exchange Web Console to administer the product.
Page 228 You can specify where an alert is sent according to its severity level. You can send the alert to any of the following: F-Secure Policy Manager Windows Event Log If you choose to forward alerts to e-mail, specify the SMTP server address, alert message subject line and the return address of the alert e-mail.
Page 229 Administration with Web Console Click Apply. Informational and warning-level alerts are not sent to F-Secure Policy Manager Console by default. If you want to use centralized administration mode, it is recommended to have all alerts sent to F-Secure Policy Manager Console. Web Console...
Page 230 Change Web Console settings to configure how you connect to F-Secure Anti-Virus for Microsoft Exchange Web Console. General Limit session timeout Specify the length of time a client can be connected to the server. When the session expires, the F-Secure Anti-Virus for Microsoft Exchange Web Console terminates the session and displays a warning.
Page 231: Notifications
Administration with Web Console 6.8.3 Notifications Specify Notification Sender Address that is used by F-Secure Anti-Virus for Microsoft Exchange for sending warning and informational messages to the end-users (for example, recipients, senders and mailbox owners). Make sure that the notification sender address is a valid SMTP address.
Page 232: Lists And Templates
6.8.4 Lists and Templates Match lists are lists of file names or file name extensions that can be used with certain product settings. Message templates can be used with notification messages. Match Lists...
Page 233 CHAPTER 6 Administration with Web Console Click the name of an existing match list to edit the list or Add new list... create a new match list. List name Select the match list you want to edit. If you are creating a new match list, specify the name for the new match list.
Page 234 Click the name of an existing template to edit it or Add new template... create a new template. Template Select the template you want to edit. If you are creating a new template, specify the name for the new template. Subject line Specify the subject line of the notification message.
Page 235: Sample Submission
Specify the time interval (in minutes) how long F-Secure Anti-Virus for Microsoft Exchange should wait before trying to send the sample again if the previous submission failed. Connection timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server.
Page 236 Send timeout Specify the time (in seconds) how long the product waits for the sample submission to complete.
Page 237: Chapter 7 Quarantine Management
UARANTINE ANAGEMENT Introduction................238 Configuring Quarantine Options..........239 Searching the Quarantined Content......... 239 Query Results Page ..............244 Viewing Details of a Quarantined Message......246 Reprocessing the Quarantined Content ........248 Releasing the Quarantined Content ......... 249 Removing the Quarantined Content......... 250 Deleting Old Quarantined Content Automatically.....
Page 238: Introduction
Introduction You can manage and search quarantined mails with the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can search for quarantined content by using different search criteria, including the quarantine ID, recipient and sender address, the time period during which the message was quarantined, and so on.
Page 239: Quarantine Reasons
(Unsafe) Configuring Quarantine Options In stand-alone installations, all the quarantine settings can be configured on the Quarantine page in F-Secure Anti-Virus for Microsoft Exchange Web Console. For more information on the settings, see “Quarantine”, 196. Searching the Quarantined Content You can search the quarantined content on the Quarantine Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 240 You can use any of the following search criteria. Leave all fields empty to see all quarantined content. Quarantine ID Enter the quarantine ID of a quarantined message. The quarantine ID is displayed in the notification sent to the user about the quarantined message and in the alert message.
Page 241 CHAPTER 7 Quarantine Management Reason Select the quarantining reason from the drop-down menu. For more information, see “Quarantine Reasons”, 239. Reason details Specify details about the scanning or processing results that caused the message to be quarantined. For Example: The message is classified as spam - the field displays the spam confidence level rating and a list of spam tests that triggered the spam level.
Page 242 Show only You can use this option to view the current status of messages that you have set to be reprocessed, released or deleted. Because processing a large number of e-mails may take time, you can use this option to monitor how the operation is progressing.
Page 243 CHAPTER 7 Quarantine Management Click Query to start the search. The Quarantine Query Results page is displayed once the query is completed. If you want to clear all the fields on the Query page, click Reset. Using Wildcards You can use the following SQL wildcards in the quarantine queries: Wildcard Explanation Any string of zero or more characters.
Page 244: Query Results Page
Quarantined e-mail that the administrator has set to be reprocessed. The reprocessing operation has not been completed yet. Quarantined e-mail that the administrator has set to be deleted. The deletion operation has not been completed yet. Quarantined e-mail that the administrator has submitted to F-Secure for analysis.
Page 245 E-mail status Quarantined e-mail set to be released, which failed. Quarantined e-mail set to be reprocessed, which failed. Quarantined e-mail set to be submitted to F-Secure, which failed. Quarantined Mail Operations You can select an operation to perform on the messages that were found...
Page 246: Viewing Details Of A Quarantined Message
QID - Quarantine ID. Submit date - The date and time when the item was placed in the quarantine. Processing server - The F-Secure Anti-Virus for Microsoft Exchange server that processed the message. Sender - The address of the message sender.
Page 247 CHAPTER 7 Quarantine Management Click the Show... link to access the content of the quarantined message. Click Download to download the quarantined message to your computer to check it. WARNING: In many countries, it is illegal to read other people’s messages. The Quarantined Content Details page displays the following information about the quarantined attachments: QID - Quarantine ID.
Page 248: Reprocessing The Quarantined Content
This is done as follows: 1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page. Select the start and end dates and times of the quarantining period from the Start time: and End Time: drop-down menus.
Page 249: Releasing The Quarantined Content
If you need to release a quarantined message, it is done as follows: 1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page. Enter the Quarantine ID of the message in the Quarantine ID field.
Page 250: Removing The Quarantined Content
If you want to remove a large amount of quarantined messages at once, for example all the messages that have been categorized as spam, do the following: 1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page in the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 251: Quarantine Logging
Click Apply. 7.10 Quarantine Logging To view the Quarantine Log, open the F-Secure Anti-Virus for Microsoft Exchange tab in the F-Secure Anti-Virus for Microsoft Exchange Web Console, and go to the Quarantine page. Then click the Show Log File button.
Page 252: Moving The Quarantine Storage
Moving the Quarantine Storage When you want to change the Quarantine storage location either using the F-Secure Policy Manager Console or F-Secure Anti-Virus for Microsoft Exchange Web Console, note that the product does not create the new directory automatically. Before you change the Quarantine storage directory, make sure that the directory exists and it has proper security permissions.
Page 253 Follow Share a Folder Wizard instructions to create FSMSEQS$ shared folder. Specify the new directory (in this example, D:\Quarantine) as the folder path, FSMSEQS$ as the share name and F-Secure Quarantine Storage as the description. On the Permissions page, select Administrators have full access;...
Page 254: Chapter 8 Updating Virus And Spam Definition Databases
PDATING IRUS AND EFINITION ATABASES Overview................... 255 Automatic Updates with F-Secure Automatic Update Agent ..255 Configuring Automatic Updates..........255...
Page 255: Overview
F-Secure's antivirus and security products. F-Secure Automatic Update Agent shall be used only for receiving updates and related information on F-Secure's antivirus and security products. F-Secure Automatic Update Agent may not be used for any other purpose or service. Configuring Automatic Updates F-Secure Automatic Update Agent user interface provides information about downloaded virus and spam definition updates.
Page 256 In centrally managed installations, you can use the F-Secure Anti-Virus for Microsoft Exchange Web Console only for monitoring the F-Secure Automatic Update Agent settings. To change these settings, you need to use F-Secure Policy Manager Console. For more information, see “F-Secure Automatic Update Agent...
Page 257: Administering F-Secure Spam Control
DMINISTERING ECURE ONTROL Overview................... 258 Spam Control Settings in Centrally Managed Environments..259 Spam Control Settings in Web Console ........263 Realtime Blackhole List Configuration........266...
Page 258: Overview
Overview When F-Secure Spam Control is enabled, incoming messages that are considered spam can be marked as spam automatically. The product can add an X-header with the spam flag or predefined text in the message header and end users can then create filtering rules that direct the messages marked with the spam flag header into a junk mail folder.
Page 259: Spam Control Settings In Centrally Managed Environments
Settings / Transport Protection / Inbound Mail / Spam Control to configure how F-Secure Anti-Virus for Microsoft Exchange scans incoming mail for spam. These settings are used only if F-Secure Spam Control is installed with the product. Otherwise they will be ignored. Spam Filtering Specify whether inbound mails are scanned for spam.
Page 260 The allowed values are from 0 to 9, the default value is 5. Action on Spam Specify the action to take with a message Messages considered spam based on the spam filtering level. Quarantine - Place the message into the quarantine folder.
Page 261 CHAPTER 9 Administering F-Secure Spam Control Modify Spam Specify if the product modifies the subject of Message Subject mail messages considered spam. The default value is Enabled. Add This Text to Specify the text that is added in the beginning of Spam Message the subject of messages considered as spam.
Page 262 Max Message Size Specify the maximum size (in kilobytes) of messages to be scanned for spam. If the size of the message exceeds the maximum size, the message is not filtered for spam. The default value is 200. Since all spam messages are relatively small in size, it is recommended to use the default value.
Page 263: Spam Control Settings In Web Console
Spam Control Settings in Web Console You can configure the spam control settings on the Transport Protection > Inbound Mail > Spam Control page of the F-Secure Anti-Virus for Microsoft Exchange Web Console. These settings are used only if F-Secure Spam Control is installed with the product, otherwise they are ignored.
Page 264 Spam filtering level Specify the spam filtering level. Decreasing the level allows less spam to pass, but more regular mails may be falsely identified as spam. Increasing the level allows more spam to pass, but a smaller number of regular e-mail messages are falsely identified as spam.
Page 265 CHAPTER 9 Administering F-Secure Spam Control The default value is Enabled. Add X-Header with Specify if the summary of triggered hits is added summary to the mail as X-Spam-Status header in the following format: X-Spam-Status: <flag>, hits=<scr> required=<sfl> tests=<tests> where <flag>...
Page 266: Realtime Blackhole List Configuration
Realtime Blackhole List Configuration This section describes how to enable and disable Realtime Blackhole Lists, how to optimize F-Secure Spam Control performance, and how to specify blocked and safe recipients and senders by using black- and whitelisting. 9.4.1 Configuring Realtime Blackhole Lists The product supports DNS Blackhole List (DNSBL), also known as Realtime Blackhole List (RBL), functionality in spam filtering.
Page 267 F-Secure Content Scanner Server through F-Secure Anti-Virus for Microsoft Exchange Web Console. You can force F-Secure Spam Control to use a specific DNS server (not necessarily configured in Microsoft Windows networking) by adding a new system environment variable as described in the instructions below.
Page 268: Optimizing F-Secure Spam Control Performance
To force F-Secure Spam Control to use a specific DNS server, do the following: 1. Right-click the My Computer icon and select Properties. Select Advanced and click the Environment Variables.. button. In the System variables panel click New... In the New System Variable dialog specify the new variable as...
Page 269 CHAPTER 9 Administering F-Secure Spam Control 'spam-scanner-instances' (oid=1.3.6.1.4.1.2213.18.1.35.500) has been set to 5. To take the new setting into use, restart F-Secure Content Scanner Server. IMPORTANT: Each additional instance of the Spam Scanner takes approximately 25Mb of memory (process fsavsd.exe). Typically...
Page 270: Appendix A Variables In Warning Messages
APPENDIX: Variables in Warning Messages List of Variables ................ 271...
Page 271: List Of Variables
[Unknown]. Variable Description $ANTI-VIRUS-SERVER The DNS/WINS name or IP address of F-Secure Anti-Virus for Microsoft Exchange. $NAME-OF-SENDER The e-mail address where the original content comes from. $NAME-OF-RECIPIENT The e-mail addresses where the original content is sent.
Page 272 The following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $REPORT-BEGIN and $REPORT-END. Variable Description $AFFECTED-FILENAME The name of the original file or attachment. $AFFECTED-FILESIZE The size of the original file or attachment.
Page 273: Appendix B Services And Processes
APPENDIX: Services and Processes List of Services and Processes ..........274...
Page 274: List Of Services And Processes
List of Services and Processes The following tables list the services and processes that are running on the system after the installation: Service Process Description F-Secure Anti-Virus fsavmsed.exe This is the main service that for Microsoft takes care of other product Exchange Daemon...
Page 275 F-Secure Network fsnrb32.exe The service handles the Request Broker communication with F-Secure Policy Manager via HTTP interface. fsmb32.exe F-Secure Message Broker provides the inter-process communication interface for integrated services and applications. fch32.exe...
Page 276 F-Secure Policy Manager Console, LogFile.log, Windows event log and SMTP server. fsm32.exe The F-Secure Settings and Statistics User Interface. The process is not running unless the user is logged in to the system. fih32.exe...
Page 277: Appendix C Deploying The Product On A Cluster
APPENDIX: Deploying the Product on a Cluster Installation Overview ..............278 Creating Quarantine Storage............ 279 Administering the Cluster Installation with F-Secure Policy Manager ................... 290 Using the Quarantine in the Cluster Installation ....... 290 Uninstallation................292 Troubleshooting................ 292...
Page 278: Installation Overview
Follow these steps to deploy and use F-Secure Anti-Virus for Microsoft Exchange on a cluster. 1. Install F-Secure Policy Manager on a dedicated server. If you already have F-Secure Policy Manager installed in the network, you can use it to administer F-Secure Anti-Virus for Microsoft Exchange. For more information, see F-Secure Policy Manager Administrator’s Guide.
Page 279: Creating Quarantine Storage
APPENDIX C Deploying the Product on a Cluster Creating Quarantine Storage Follow instructions in this section to create the Quarantine Storage in the cluster environment. C.2.1 Creating the Quarantine Storage for a Single Copy Cluster Environment Follow the instructions for either “ ”, 279, or Windows 2003 Based Cluster “...
Page 280 Type F-Secure Quarantine Storage as the name of the new resource. b. In the Resource Type list, select File Share. c. In the Group list, make sure that your Exchange Virtual Server is selected. Click Next to continue. 6. Make sure that all nodes that are running Exchange Server are listed in the Possible owners list.
Page 281 Next to continue. 8. Use the following settings as the File Share parameters. a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine Storage as comment. The dollar ($) character at the end of the share name makes the share hidden when you view the network resources of the cluster with Windows Explorer.
Page 282 Click Permissions... to change permissions. 9. Change permissions as follows: a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Remove the Everyone account. c. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM. d.
Page 283 APPENDIX C Deploying the Product on a Cluster Click to continue. 10. Click Advanced... to open Advanced File Share Properties. Make sure that Normal share is selected. Click to continue. 11. Click Finish to create the F-Secure Quarantine Storage resource.
Page 284 12. Right-click the F-Secure Quarantine Storage resource and select Bring Online. Windows 2008 based cluster 1. Log on to the active node of the cluster with the domain administrator account. 2. Create a directory for the quarantine storage on the physical disk shared by the cluster nodes.
Page 285 APPENDIX C Deploying the Product on a Cluster Add Administrators, Exchange Servers and SYSTEM with Contributor permission levels. Press Share to close the window and enable the share. 4. Check that everything is configured correctly. The Failover Cluster Manager view should look like this:...
Page 286: Creating The Quarantine Storage For A Continuous Cluster Replication Environ
5. During the F-Secure Anti-Virus for Microsoft Exchange installation, select the quarantine share you just created when the installation asks for the quarantine path. Use the UNC path in form of \\CLUSTERNAME\QUARANTINE. (In the example above, \\LHCLUMB\Quarantine.) C.2.2 Creating the Quarantine Storage for a Continuous...
Page 287 APPENDIX C Deploying the Product on a Cluster 4. Go to the Sharing tab. a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine Storage as comment. The dollar ($) character at the end of the share name makes the share hidden when you view the network resources of the cluster with Windows Explorer.
Page 288 5. Change permissions as follows: a. Remove all existing groups and users. a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM. c. Grant Full Control, Change and Read permissions for the Administrator account.
Page 289 APPENDIX C Deploying the Product on a Cluster 6. Go to the Security tab. a. Remove all existing groups and users. a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Grant all except Full Control permissions for Exchange Domain Servers and SYSTEM.
Page 290: Administering The Cluster Installation With F-Secure Policy Manager
1. Select the cluster subdomain in the Policy Domains tree. 2. Change the required settings. 3. Distribute the policy. 4. All nodes will receive new settings the next time they poll F-Secure Policy Manager Server. If you need to change settings on a particular node, follow these instructions: 1.
Page 291 APPENDIX C Deploying the Product on a Cluster You should be able to release, reprocess or download quarantined messages and attachments when at least one node of the cluster is currently online. However, as the clustered Exchange 2007 can have the mailbox role only, you need to configure the hub transport role and mailbox role servers so that quarantined messages can be delivered.
Page 292: Uninstallation
SYSTEM and Exchange Domain Servers, and full control is allowed for Administrator. To change the location of the quarantine storage from F-Secure Policy Manager Console, use the Final flag to override the setting set during product installation on the host.
Page 293: Appendix D Sending E-Mail Alerts And Reports
APPENDIX: Sending E-mail Alerts And Reports Overview................... 294 Solution..................294...
Page 294: Overview
SMTP protocol (without authentication and encryption) to send alerts to the specified e-mail address. The product can send e-mail based reports to F-Secure World Map system. These reports are sent using the simple SMTP protocol with an empty address ("<>") as the source.
Page 295: Creating A Scoped Receive Connector
For example, to create a new connector that listens on all configured local IP addresses and accepts connections from the local host only, run the following command in the Exchange management shell: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 0.0.0.0:25 -RemoteIPRanges 127.0.0.1 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain...
Page 296: Grant The Relay Permission On The New Scoped Connector
To create a new connector that is bound to a single IP addresses and accepts connections from the specified remote servers, run the following command: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 192.168.58.128:25 -RemoteIPRanges 192.168.58.129, 192.168.58.131 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain $false -RequireTLS $false D.2.2...
Page 297: Chapter E Troubleshooting
ROUBLESHOOTING Overview................... 298 Starting and Stopping............298 Viewing the Log File ..............299 Common Problems and Solutions ..........299 Frequently Asked Questions ............ 304...
Page 298: Overview
Support”, 305. Starting and Stopping If you ever need to start or stop F-Secure Anti-Virus for Microsoft Exchange, you can do it in the following ways: Open the Services applet from the Administrative tools folder in the Windows Control Panel and select F-Secure Anti-Virus for Microsoft Exchange.
Page 299: Viewing The Log File
F-Secure Management Agent and contains all alerts generated by F-Secure components installed on the host. Logfile.log can be found on all hosts running F-Secure Management Agent. You can view the Logfile.log with any text editor, for example Windows Notepad. Open the logfile.log from F-Secure Settings and Statistics / F-Secure...
Page 300 Checking F-Secure Anti-Virus for Microsoft Exchange 1. Make sure that F-Secure Anti-Virus for Microsoft Exchange service and all its processes have started. Open Services in the Windows Control Panel and check that the F-Secure Anti-Virus for Microsoft Exchange service has started.
Page 301 The problem is that F-Secure Anti-Virus for Microsoft Exchange is unable to contact F-Secure Content Scanner Server. A service or process may not be running on F-Secure Content Scanner Server. Make sure that all processes and services of F-Secure Content Scanner Server have started.
Page 302: E.4.1 Installing Service Packs
Solution: 1. Make sure that F-Secure Web Console daemon has started and is running. Check the Services in Windows Control Panel. The following service should be started: F-Secure Web Console Daemon Check the Task Manager. The following process should be running: fswebuid.exe...
Page 303: E.4.2 Securing The Quarantine
CHAPTER E Troubleshooting E.4.2 Securing the Quarantine Problem: I have installed F-Secure Anti-Virus for Microsoft Exchange and I'm worried about security of the local Quarantine storage where stripped attachments are quarantined. What do you recommend me? Solution: F-Secure Anti-Virus for Microsoft Exchange creates and adjusts access rights to the local Quarantine storage during the installation.
Page 304: Frequently Asked Questions
Frequently Asked Questions All support issues, frequently asked questions and hotfixes can be found under the support pages at http://support.f-secure.com/. For more information, see “Technical Support”, 305.
Page 305: Technical Support
Technical Support F-Secure Online Support Resources........306 Web Club.................. 308 Virus Descriptions on the Web ..........308...
Page 306: F-Secure Online Support Resources
If you have questions about F-Secure Anti-Virus for Microsoft Exchange not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly.
Page 307 You can also find and run the FSDiag.exe utility under the F-Secure\Common folder, if you prefer not to do it through the F-Secure Anti-Virus for Microsoft Exchange Web Console. The tool generates a file called FSDiag.tar.gz.
Page 308: Web Club
Web Club The F-Secure Web Club provides assistance and updated versions of the F-Secure products. To connect to the Web Club on our Web site, open the F-Secure Anti-Virus for Microsoft Exchange Web Console, and click the Web Club link in the banner.
Page 309 They include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999, and has been consistently growing faster than all its publicly listed competitors.

This manual is also suitable for:

F-secure anti-virus for microsoft exchange

F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10 Administrator's Manual

About this Guide

Chapter 1 Introduction

Chapter 2 Deployment

Chapter 3 Installation

Chapter 4 Using F-Secure Anti-Virus for Microsoft Exchange

Chapter 5 Centrally Managed Administration

Chapter 6 Administration with Web Console

Chapter 7 Quarantine Management

Chapter 8 Updating Virus and Spam Definition Databases

Chapter 9 Administering F-Secure Spam Control

Appendix A Variables in Warning Messages

Appendix B Services and Processes

Appendix C Deploying the Product on a Cluster

Appendix D Sending E-Mail Alerts and Reports

Chapter E Troubleshooting

Technical Support

Quick Links

Troubleshooting

Related Manuals for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10

Summary of Contents for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10

This manual is also suitable for:

Table of Contents