F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 Administrator's Manual

Table of Contents

Quick Links

Download this manual

F-Secure Anti-Virus for

Microsoft Exchange

Administrator's Guide

Table of Contents

Chapters

Table of Contents

Troubleshooting

Need help?

Do you have a question about the ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 and is the answer not in the manual?

Questions and answers

Summary of Contents for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62

Page 1 F-Secure Anti-Virus for Microsoft Exchange Administrator’s Guide...
Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Page 3: Table Of Contents
Symbols ........................12 Chapter 1 Introduction Overview ........................15 How F-Secure Anti-Virus for Microsoft Exchange Works........... 16 Key Features......................19 F-Secure Anti-Virus Mail Server and Gateway Products ........... 21 Chapter 2 Deployment Installation Modes ...................... 24 Network Requirements....................24 Deployment Scenarios ....................25 2.3.1 Minimum Installation..................
Page 4 Installation Overview ....................38 Installing F-Secure Anti-Virus for Microsoft Exchange..........40 After the Installation ....................59 3.6.1 Importing Product MIB files to F-Secure Policy Manager Console....59 3.6.2 Configuring the Product.................. 60 Upgrading the Previous Version ................60 Upgrading the Evaluation Version................63 Uninstalling F-Secure Anti-Virus for Microsoft Exchange ..........
Page 5 Chapter 5 Centrally Managed Administration Overview ........................126 F-Secure Anti-Virus for Microsoft Exchange Settings ..........126 5.2.1 Real-Time Processing ..................128 5.2.2 Manual Processing ..................159 5.2.3 Scheduled Processing..................174 5.2.4 Content Scanner Servers ................175 5.2.5 Quarantine....................178 5.2.6 Reporting ......................182 5.2.7 Advanced......................182 F-Secure Anti-Virus for Microsoft Exchange Statistics..........184 5.3.1 Common .......................185...
Page 6 F-Secure Anti-Virus for Microsoft Exchange Settings ..........218 6.2.1 Summary ......................218 6.2.2 Virus Scanning .....................220 6.2.3 Stripping Attachments ..................236 6.2.4 Content Filtering ...................246 6.2.5 Manual Scanning..................253 6.2.6 Quarantine....................257 6.2.7 Advanced......................267 6.2.8 Internal Domains ..................273 F-Secure Content Scanner Server Settings.............275 6.3.1 Summary ......................275 6.3.2 Database Updates..................282...
Page 7 A.4 Installing the Product....................356 A.4.1 Installing on Active-Passive Cluster .............356 A.4.2 Installing on Active-Active Cluster ..............358 A.5 Administering the Cluster Installation with F-Secure Policy Manager......360 A.6 Using the Quarantine in the Cluster Installation............363 A.7 Troubleshooting .......................363 Appendix B Variables in Warning Messages List of Variables........................
Page 8 D.4.1 Installing Service Packs................379 D.4.2 Securing the Quarantine................379 D.4.3 Administration Issues ...................380 D.5 Frequently Asked Questions ..................381 D.6 F-Secure Automatic Update Agent Troubleshooting..........386 Technical Support F-Secure Online Support Resources ................393 Web Club .........................395 Virus Descriptions on the Web ..................395...
Page 9: About This Guide
BOUT UIDE How This Guide Is Organized............ 10 Conventions Used in F-Secure Guides ........13...
Page 10: How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is divided into the following chapters: Chapter 1. Introduction. General information about F-Secure Anti-Virus for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and Gateway products. Chapter 2. Deployment. Instructions and examples how to set up your network environment before you can install F-Secure Anti-Virus for Microsoft Exchange.
Page 11 Support. Contains the contact information for assistance. About F-Secure Corporation. Describes the company background and products. See the F-Secure Policy Manager Administrator's Guide for detailed information about installing and using the F-Secure Policy Manager components: F-Secure Policy Manager Console, the tool for remote administration of F-Secure Anti-Virus for Microsoft Exchange.
Page 12: Conventions Used In F-Secure Guides
Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
Page 13 In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.
Page 14: Introduction
NTRODUCTION Overview..................15 How F-Secure Anti-Virus for Microsoft Exchange Works ... 16 Key Features ................19 F-Secure Anti-Virus Mail Server and Gateway Products.... 21...
Page 15: Overview
Sober, Netsky and Bagle, have caused a lot of damage around the world. F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to shield the company network from any malicious code that travels in HTTP or SMTP traffic.
Page 16: How F-Secure Anti-Virus For Microsoft Exchange Works
How F-Secure Anti-Virus for Microsoft Exchange Works F-Secure Anti-Virus for Microsoft Exchange is designed to detect and disinfect viruses and other malicious code from e-mail transmissions through Microsoft Exchange 2000/2003 Server. Scanning is done in real time as the mail passes through Microsoft Exchange Server. On-demand scanning of user mailboxes and Public Folders is also available.
Page 17 Our team of dedicated virus researchers is on call 24-hours a day responding to new and emerging threats. In fact, F-Secure is one of the only companies to release tested virus definition updates on a daily basis, to make sure our customers are receiving the highest quality service and protection.
Page 18 F-Secure Policy Manager Console and all managed systems. Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft Exchange, which (2) filters malicious content from mails and attachments, and (3) delivers cleaned files forward.
Page 19: Key Features
CHAPTER 1 Introduction Key Features F-Secure Anti-Virus for Microsoft Exchange provides the following features and capabilities. Superior Protection Superior detection rate with multiple scanning engines. Automatic malicious code detection and disinfection. Heuristic scanning detects also unknown Windows and macro viruses.
Page 20 F-Secure Anti-Virus for Microsoft Exchange Web Console. Contains new quarantine management features: you can manage and search quarantined content with the F-Secure Anti-Virus for Microsoft Exchange Web Console. Protection against Possible spam messages are transparently detected before they Spam become widespread.
Page 21: F-Secure Anti-Virus Mail Server And Gateway Products
Introduction F-Secure Anti-Virus Mail Server and Gateway Products The F-Secure Anti-Virus product line consists of workstation, file server, mail server, gateway and mobile products. F-Secure Internet Gatekeeper is a high performance, totally automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP) virus scanning solution for the gateway level.
Page 22 F-Secure, keeping the virus protection always up to date. A powerful and easy-to-use management console simplifies the installation and configuration of the product. F-Secure Messaging Security Gateway™ delivers the industry’s most complete and effective security for e-mail. It...
Page 23: Chapter 2 Deployment
EPLOYMENT Installation Modes............... 24 Network Requirements............... 24 Deployment Scenarios ............... 25...
Page 24: Installation Modes
Installation Modes F-Secure Anti-Virus for Microsoft Exchange can be installed either in stand-alone or centrally administered mode. In stand-alone installation, F-Secure Anti-Virus for Microsoft Exchange is managed with Web Console. In centrally administered mode, it is managed centrally with F-Secure Policy Manager components: F-Secure Policy Manager Server and F-Secure Policy Manager Console.
Page 25: Deployment Scenarios
Environment”, 30. 2.3.1 Minimum Installation If the mail traffic is not very heavy, you can install F-Secure Content Scanner Server on the same machine that runs Microsoft Exchange Server. In this case, both F-Secure Content Scanner Server and F-Secure Anti-Virus for Microsoft Exchange will reside on the Microsoft...
Page 26 You can administer F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server by using the F-Secure Anti-Virus for Microsoft Exchange Web Console. Figure 2-1 F-Secure Anti-Virus for Microsoft Exchange minimum installation Alternatively, you can choose to install F-Secure Policy Manager to enable centralized administration of F-Secure Content Scanner Server and F-Secure Anti-Virus for Microsoft Exchange.
Page 27: Medium To Large Installation
Deployment 2.3.2 Medium to Large Installation If the mail traffic is rather heavy, F-Secure Content Scanner Server should be installed on a dedicated machine. This minimizes the extra load on the Microsoft Exchange Server. You should install F-Secure Anti-Virus for Microsoft Exchange in centralized administration mode on each Microsoft Exchange Server.
Page 28: Performance-Critical Installation
In very large, performance-critical installations you should use multiple F-Secure Content Scanner Server installations. Each F-Secure Content Scanner Server should be installed on a dedicated machine. F-Secure Anti-Virus for Microsoft Exchange can share the virus scanning load between multiple F-Secure Content Scanner Servers.
Page 29 CHAPTER 2 Deployment F-Secure Anti-Virus for Microsoft Exchange should be installed in centralized administration mode on each Microsoft Exchange Server. Figure 2-4 F-Secure Anti-Virus for Microsoft Exchange installed on each Microsoft Exchange Server...
Page 30: Microsoft Exchange Cluster Environment
When installing in Microsoft Exchange cluster environment, the product must be installed in centrally managed mode, so that you can configure and manage the product with F-Secure Policy Manager. Changing the product settings with F-Secure Anti-Virus...
Page 31 CHAPTER 2 Deployment A Note about Installing on Active-Passive Cluster The product can be installed either on an active or a passive cluster node. When installing on a passive node (which does not have active Microsoft Exchange services), the setup program may display a notification about missing Microsoft Exchange components, but the installation can be continued.
Page 32: Installation
NSTALLATION System Requirements ..............33 Improving Reliability and Performance........37 Installation Overview ..............38 Installing F-Secure Anti-Virus for Microsoft Exchange ....40 After the Installation..............59 Upgrading the Previous Version..........60 Upgrading the Evaluation Version ..........63 Uninstalling F-Secure Anti-Virus for Microsoft Exchange... 64...
Page 33: System Requirements
Microsoft Exchange Server and requires the following hardware and software. 3.1.1 Minimum System Requirements F-Secure Anti-Virus for Microsoft Exchange has to be installed to the same machine that runs Microsoft Exchange Server. You need to log in with administrator-level privileges to install F-Secure Anti-Virus for Microsoft Exchange.
Page 34 F-Secure Policy F-Secure Policy Manager 6.0 or newer. Manager version: F-Secure Policy Manager is required only in centrally managed environments. For Microsoft Windows Server 2003 Service Pack 1 related support information, see http://support.f-secure.com/enu/corporate/w2003sp1/...
Page 35: Which Sql Server To Use For The Quarantine Database
Express Edition if you are planning to use centralized quarantine management with multiple F-Secure Anti-Virus for Microsoft Exchange installations. MSDE is delivered together with F-Secure Anti-Virus for Microsoft Exchange, and you can install it during the F-Secure Internet Anti-Virus for Microsoft Exchange Setup. For more information, see “Installation...
Page 36: Web Browser Software Requirements
Microsoft SQL Server 2005, contact your Microsoft reseller. 3.1.3 Web Browser Software Requirements In order to administer the product with F-Secure Anti-Virus for Microsoft Exchange Web Console, one of the following web browsers is required: Microsoft Internet Explorer 6.0 or later Netscape Communicator 8.1 or later Mozilla Firefox 1.5 or later...
Page 37: Improving Reliability And Performance
If the system load is high, a fast processor on the Microsoft Exchange Server speeds up the e-mail message processing. As Microsoft Exchange Server handles a large amount of data, a fast processor alone is not enough to guarantee a fast operation of F-Secure Anti-Virus for Microsoft Exchange. Memory...
Page 38: Centrally Administered Or Stand-Alone Installation
Policy Manager Console. You can select the management method when you install the product. If you already use F-Secure Policy Manager to administer other F-Secure products, it is recommended to install F-Secure Anti-Virus for Microsoft Exchange in centralized administration mode.
Page 39 F-Secure Anti-Virus for Microsoft Exchange. If you want to run F-Secure Anti-Virus for Servers 5.50 on the same computer where you install F-Secure Anti-Virus for Microsoft Exchange, make sure that F-Secure Anti-Virus for Servers 5.50 is installed before you install F-Secure Anti-Virus for Microsoft Exchange.
Page 40: Installing F-Secure Anti-Virus For Microsoft Exchange
1. Install F-Secure Anti-Virus for Microsoft Exchange. For more information, see “Installing F-Secure Anti-Virus for Microsoft Exchange”, 40. Check that F-Secure Automatic Update Agent can retrieve the latest virus definition databases. For more information, see “Updating Virus and Spam Definition Databases”, 340.
Page 41 CHAPTER 3 Installation Click Next to continue. Step 3. Read the licence agreement.
Page 42 If you accept the agreement, check the I accept the agreement checkbox and click Next to continue. Step 4. Enter the product keycode. Click Next to continue.
Page 43 CHAPTER 3 Installation Step 5. Choose the components to install. If you want to install F-Secure Content Scanner Server and F-Secure Anti-Virus for Microsoft Exchange on the Microsoft Exchange Server computer, select all components. Click Next to continue. When you install F-Secure Spam Control, or F-Secure Content...
Page 44 Step 6. Choose the destination folder for the installation. Click Next to continue.
Page 45 If you selected the stand-alone installation, continue to Step 10. If you select the stand-alone mode, use the F-Secure Anti-Virus for Microsoft Exchange Web Console to change product settings and statistics. For more information, see “Administration with Web...
Page 46 Step 8. Enter the path to the public management key file admin.pub that was created during F-Secure Policy Manager Console setup. You can transfer the public key in various ways (use a shared folder on the file server, a floppy disk, or send the key as an attachment in an e-mail message).
Page 47 CHAPTER 3 Installation Step 9. Enter the IP address or URL of the F-Secure Policy Manager Server you installed earlier. Click Next to continue. If the product MIB files cannot be uploaded to F-Secure Policy Manager during installation, you can import them manually.
Page 48 Step 10. Enter an SMTP address that will be used by F-Secure Anti-Virus for Microsoft Exchange to send warning and informational messages to end-users. The SMTP address should be a valid, existing address that is allowed to send messages. Click Next to continue.
Page 49 Select the user account that F-Secure Outbreak Manager should use. Select either the local system account or enter the name and password for the user account that F-Secure Outbreak Manager should use. The account is used to run the outbreak handler scripts or programs.
Page 50 Step 12. Specify the Quarantine management method. If you want to manage quarantines locally, select Local quarantine management. Select Centralized quarantine management if you install the product on multiple instances. For more information, see “Microsoft Exchange Cluster Environment”, 30. Click Next to continue.
Page 51 CHAPTER 3 Installation Step 13. Specify the location of the Quarantine database. If you want to install the Quarantine database on the same server as the product installation, select (a) Install and use Microsoft SQL Server Desktop Engine. If you are using Microsoft SQL Server or Microsoft SQL Server Desktop Engine already, select (b) Use the existing installation of MIcrosoft SQL Server or MSDE.
Page 52 Specify the installation directory for Microsoft SQL Server Desktop Engine and data files. Enter the username and password for the server administrator account. Click Next to continue. Specify the computer name of the SQL Server where you want to create the Quarantine database. Enter the username and password to log on to the server.
Page 53 CHAPTER 3 Installation If the server has a database with the same name, you can either use the existing database, remove the existing database and create a new one or keep the existing database and create a new one with a new name.
Page 54 Step 14. Select whether you want to install the product with F-Secure World Map Support. The product can collect and send statistics about viruses and other malware to the F-Secure World Map service. if you agree to send statistics to F-Secure World Map, select Yes and click Next to continue.
Page 55 Make sure that the computer where you are installing F-Secure Anti-Virus for Microsoft Exchange is allowed to connect to the administration port on F-Secure Policy Manager Server, or if you use proxy, make sure that the connection is allowed from the proxy to the server. Check that any firewall does not block the connection.
Page 56 Step 16. The list of components that will be installed is displayed. Click Start to install listed components.
Page 57 CHAPTER 3 Installation Step 17. The installation status of the components is displayed. Click Next to continue.
Page 58 Click Finish to close the Setup wizard. Step 19. If you are installing F-Secure Spam Control, the setup prompts you to select whether to restart the Microsoft Exchange Information Store service automatically to complete the installation. Click to restart the...
Page 59: After The Installation
F-Secure Anti-Virus for Microsoft Exchange MIB JAR file cannot be uploaded to F-Secure Policy Manager Server during the installation. In these cases you will have to import the MIB files to F-Secure Policy Manager. You will have to import the MIB files if:...
Page 60: Configuring The Product
Databases”, 340. Upgrading the Previous Version If you have a previous version of F-Secure Anti-Virus for Microsoft Exchange installed on your computer, you can upgrade it easily. You do not need to remove your previous version, F-Secure Setup uninstalls it...
Page 61 CHAPTER 3 Installation During upgrade the setup will stop and restart Microsoft Exchange Information Store, IIS Admin Service and all services that depend on them: Microsoft Exchange Information Store World Wide Web Publishing Service Simple Mail Transport Protocol (SMTP) Microsoft Exchange Routing Engine Microsoft Exchange POP3 Network News Transport Protocol (NNTP) Microsoft Exchange MTA Stacks...
Page 62 1. Run the Setup program. For more information, see “Installing F-Secure Anti-Virus for Microsoft Exchange”, 40. Depending on the installed F-Secure products, F-Secure Setup will suggest upgrading one or more components. Select the components you want to upgrade. The setup needs to stop and restart Microsoft Exchange Server related services during the upgrade.
Page 63: Upgrading The Evaluation Version
Spam Definition Databases”, 340. Upgrading the Evaluation Version If you want to use F-Secure Anti-Virus for Microsoft Exchange after your evaluation period expires, you need a new keycode. Contact your software vendor or renew your license online. After you have received the new keycode, you can either reinstall F-Secure Anti-Virus for Microsoft Exchange with your new keycode (see “Installing F-Secure Anti-Virus for Microsoft...
Page 64: Uninstalling F-Secure Anti-Virus For Microsoft Exchange
If you do not want to continue to use F-Secure Anti-Virus for Microsoft Exchange after your evaluation license expires, you should uninstall the software. Uninstalling F-Secure Anti-Virus for Microsoft Exchange To uninstall F-Secure Anti-Virus for Microsoft Exchange, select Add/ Remove Programs from the Windows Control Panel. To uninstall...
Page 65: Using F-Secure Anti-Virus For Microsoft Exchange
ECURE IRUS FOR ICROSOFT XCHANGE Overview..................66 Administering F-Secure Anti-Virus for Microsoft Exchange..66 Using the Web Console.............. 67 Checking the Product Status............70 Configuring the Web Console............. 73 Using F-Secure Policy Manager Console........74 Modifying Settings and Viewing Statistics ........75 Manually Processing Mailboxes and Public Folders ....
Page 66: Overview
Anti-Virus for Microsoft Exchange Web Console to start and stop F-Secure Anti-Virus for Microsoft Exchange, check its current status and to connect to F-Secure Web Club for support, but you cannot change any settings with it. In the stand-alone mode, you use the F-Secure Anti-Virus for Microsoft...
Page 67: Using The Web Console
Anti-Virus for Microsoft Exchange Web Console works properly in all environments. Before you log in the F-Secure Anti-Virus for Microsoft Exchange Web Console for the first time, check that Java script and cookies are enabled in the browser you use.
Page 68 Step 1. Create the security certificate 1. Browse to the F-Secure Anti-Virus for Microsoft Exchange Web Console installation directory, for example: C:\Program Files\F-Secure\Web User Interface\bin\ Locate the certificate creation utility, makecert.bat, and double click it to run the utility. The utility creates a certificate that will be issued to all local IP addresses, and restarts the F-Secure Anti-Virus for Microsoft Exchange Web Console service to take the certificate into use.
Page 69 Using F-Secure Anti-Virus for Microsoft Exchange Figure 4-1 F-Secure Anti-Virus for Microsoft Exchange Web Console Login page You will be forwarded to the home page, which displays a summary of the system status. Figure 4-2 F-Secure Anti-Virus for Microsoft Exchange Home page...
Page 70: Checking The Product Status
Home page. F-Secure Anti-Virus for Microsoft Exchange The Home page displays the status the F-Secure Anti-Virus for Microsoft Exchange as well as a summary of the F-Secure Anti-Virus for Microsoft Exchange statistics. Status indicator Displays the status of F-Secure Anti-Virus for Microsoft Exchange.
Page 71 Using F-Secure Anti-Virus for Microsoft Exchange F-Secure Content Scanner Server The Home page displays the status the F-Secure Content Scanner Server as well as a summary of the F-Secure Content Scanner Server statistics. Status indicator Displays the status of F-Secure Content Scanner Server.
Page 72 “F-Secure Management Agent Settings”, 304. Toolbar Buttons Click Show F-Secure Log to view the F-Secure log file (LogFile.log) in a new Internet browser window. Click Download to download and save the LogFile.log for later use. Click Export Settings to open a list of all F-Secure Anti-Virus for Microsoft Exchange settings in a new Internet browser window.
Page 73: Configuring The Web Console
On the F-Secure Anti-Virus for Microsoft Exchange Web Console Configuration page you can specify settings for connections to the server. You can also open the F-Secure Anti-Virus for Microsoft Exchange Web Console access log from this page. Limit session timeout Specify the length of time a client can be connected to the server.
Page 74: Using F-Secure Policy Manager Console
Programs > F-Secure Policy Manager Console. When the Policy Manager Console opens, go to the Advanced Mode user interface by selecting View > Advanced Mode (this step is required in F-Secure Policy Manager version 5.50 and later). Then select the Policy tab to view the F-Secure Anti-Virus for Microsoft Exchange components.
Page 75: Modifying Settings And Viewing Statistics
4.7.1 Centrally Administered Mode To change F-Secure Anti-Virus for Microsoft Exchange settings in the centrally administered mode, select F-Secure Anti-Virus for Microsoft Exchange from the Properties pane. Make sure the Policy tab is selected and assign values to variables under the Settings branch.
Page 76: Stand-Alone Mode
The settings descriptions in this manual indicate the settings for which you need to use the Final restriction. You can also check in F-Secure Policy Manager Console whether you need to use the Final restriction for a setting. Do the following: 1.
Page 77: Manually Processing Mailboxes And Public Folders
You can perform virus scans and strip attachments manually by using controls under the F-Secure Anti-Virus for Microsoft Exchange / Operations branch. To start a manual scan, select Start under F-Secure Anti-Virus for Microsoft Exchange / Operations / Manual Scanning. Click Start in the Editor pane.
Page 78 Step 1. Enter the name for the new task and select how frequently you want the operation to be performed. Once - Only once at the specified time. Daily - Every day at the specified time, starting from the specified date.
Page 79 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Specify how many concurrent transactions the scanner can have with F-Secure Content Scanner Server. Click Next to continue.
Page 80 Click Edit to edit a previously created entry. Click Remove to remove the selected folder or Remove All to remove all entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange examines all mailboxes. Click Next to continue.
Page 81 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Step 4. Choose settings for virus scanning of mailboxes during the scheduled operation, and Click Next to continue. For settings descriptions, see “Virus Scanning”, 130.
Page 82 Step 5. Choose settings for stripping attachments during the scheduled operation, and click Next to continue. For settings descriptions, see “Stripping Attachments”, 147.
Page 83 Public Folder to the list. Click Edit to edit a previously created entry. Click Remove to remove the selected folder or Remove All to remove all entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Click Next to continue.
Page 84 Step 7. Choose settings for virus scanning of Public Folders during the scheduled operation, and click Next to continue. For settings descriptions, see “Virus Scanning”, 130.
Page 85 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Step 8. Choose settings for stripping attachments during the scheduled operation, and click Next to continue.
Page 86: Stand-Alone Mode
Step 9. The Scheduled Operation Wizard displays the summary of created operation. Click Finish accept the new scheduled operation and to exit the wizard. 4.8.2 Stand-alone Mode Specify the manual scanning settings on the Manual Scanning property pages. After you have specified the manual scanning settings, select the Manual Processing and click Start.
Page 87: Creating Scanning Operations
CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange 4.8.3 Creating Scanning Operations To process mailboxes manually, you need to set up a manual processing task. For more information, see “Creating Manual Scanning Operation”, If you want to run scanning tasks frequently, you can set up scheduled operations.
Page 88 Click Next to continue. If F-Secure Anti-Virus for Microsoft Exchange is operating on a system that has multiple processors or you are using a high-performance computer, you can increase performance by increasing the number of concurrent transactions. If you want to use the default settings for most of the scanning...
Page 89 Click the checkbox in column to mark a mailbox to be removed. Click Clear to remove all currently marked entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange examines all mailboxes. Click Next to continue.
Page 90 Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code. By default, F-Secure Anti-Virus for Microsoft Exchange scans message bodies. Although scanning message bodies can slow down the performance, it is recommended as a...
Page 91 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Enable File Type Trojans and other malicious code can disguise Recognition themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 92 By default, F-Secure Anti-Virus for Microsoft Exchange tries to disinfect infected attachments. Quarantine infected Specify whether infected attachments should be attachments placed in the Quarantine or not. For more information, see “Quarantine Management”, 307. Send warning Specify whether to send a message to the...
Page 93 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange 1. Choose settings for stripping attachments. Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes.
Page 94 By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Send informational Specify whether an informational message message to the should be sent to the owner of the mailbox when mailbox owner an attachment is stripped. Click Edit to edit the message.
Page 95 Public Folder to the list. Click Clear remove the selected folder or Clear All to remove all entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Click Next to continue.
Page 96 Step 6. Specify Virus Scanning Settings for Public Folders 1. Choose settings for virus scanning of Public Folders. Attachments to scan Specify which message attachments are checked for viruses. Do not scan attachments for viruses - Do not scan any attachments. Scan all attachments - Scan all message attachments.
Page 97 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes. Separate the extensions by spaces. Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code.
Page 98 Drop attachment - Do not disinfect or deliver infected attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange tries to disinfect infected attachments. Quarantine infected Specify whether infected attachments should be attachments placed in the Quarantine or not.
Page 99 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Step 7. Specify Attachment Stripping Settings for Public Folders 1. Choose settings for stripping attachments. Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments.
Page 100 “Quarantine Management”, 307. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Send the Specify whether an informational message informational should be sent to the originator of the message message to the when an attachment is stripped.
Page 101 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Notify administrator Specify whether the administrator should be notified when F-Secure Anti-Virus for Microsoft Exchange strips an attachment. Do not notify - Do not send any notification to the administrator. Send informational alert - Send an informational alert to the administrator.
Page 102 Step 8. Finish The Manual Scanning Wizard displays the summary of created operation. Click Finish accept the new manual scanning operation and to exit the wizard. Creating Scheduled Operation Start the Scheduled Operation Wizard by clicking Task...in the Scheduled Processing window.
Page 103 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Step 1. Specify Scanning Task Name and Schedule 1. Enter the name for the new task and select how frequently you want the operation to be performed. Once - Only once at the specified time...
Page 104 1. Specify whether you want to process all messages or only those messages that have not been processed previously during the scheduled processing. Specify how many concurrent transactions the scanner can have with F-Secure Content Scanner Server. Click Next to continue.
Page 105 Click the checkbox in column to mark a mailbox to be removed. Click Clear to remove all currently marked entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange examines all mailboxes. Click Next...
Page 106 Step 4. Specify Virus Scanning Settings for Mailboxes 1. Choose settings for virus scanning of mailboxes during the scheduled operation. Attachments to scan Specify which message attachments are checked for viruses. Do not scan attachments for viruses - Process messages without scanning any attachments for viruses.
Page 107 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Scan all attachments except with these extensions - Scan all attachments except those with specified filename extensions. You can add new file types on the extensions lists by typing the file extensions in the file extensions text boxes.
Page 108 Drop attachment - Do not disinfect or deliver infected attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange tries to disinfect infected attachments. Quarantine infected Specify whether infected attachments should be attachments placed in the Quarantine or not.
Page 109 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Step 5. Specify Attachment Stripping Settings for Mailboxes 1. Choose settings for stripping attachments during the scheduled operation. Strip attachments Specify which attachments should be stripped from messages and public folder notes.
Page 110 “Quarantine Management”, 307. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Send the Specify whether an informational message informational should be sent to the owner of the mailbox when message to the an attachment is stripped.
Page 111 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Notify administrator Specify whether the administrator should be notified when F-Secure Anti-Virus for Microsoft Exchange strips an attachment. Do not notify - Do not send any notification to the administrator. Send informational alert - Send an informational alert to the administrator.
Page 112 Public Folder to the list. Click Clear remove the selected folder or Clear All to remove all entries from the list. By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Click Next to continue.
Page 113 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Step 7. Specify Virus Scanning Settings for Public Folders 1. Choose settings for virus scanning of Public Folders during the scheduled operation. Attachments to scan Specify which message attachments are checked for viruses.
Page 114 Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code. By default, F-Secure Anti-Virus for Microsoft Exchange scans message bodies. Although scanning message bodies can slow down the performance, it is recommended as a virus can be carried inside a message body.
Page 115 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange Disinfect attachment - Try to disinfect the infected attachment. If the disinfection succeeds, the recipient receives the disinfected file instead of the original one. If the disinfection fails, the infected attachment is dropped, and it is not delivered to the recipient.
Page 116 Step 8. Specify Attachment Stripping Settings for Public Folders 1. Choose settings for stripping attachments during the scheduled operation. Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes.
Page 117 CHAPTER 4 Using F-Secure Anti-Virus for Microsoft Exchange You can add new file types on the attachments lists by typing the file extensions in the allowed and disallowed attachments text boxes. Separate the extensions by spaces. Enable File Type Trojans and other malicious code can disguise...
Page 118 Notify administrator Specify whether the administrator should be notified when F-Secure Anti-Virus for Microsoft Exchange strips an attachment. Do not notify - Do not send any notification to the administrator. Send informational alert - Send an informational alert to the administrator.
Page 119: Configuring Alert Forwarding
Alerts are also sent when a program or operation has encountered a problem. 4.9.1 Centrally Administered Mode You can configure where F-Secure Anti-Virus for Microsoft Exchange sends alerts by editing the Alert Forwarding table, which is located under F-Secure Management Agent / Settings / Alerting / Alert Forwarding.
Page 120 All events are sent to the log file in addition to other locations you choose. Figure 4-3 The Alert Forwarding table in F-Secure Policy Manager You should configure settings in the F-Secure Management Agent / Settings / Alerting / Alerting Agents branch accordingly.
Page 121 F-Secure Policy Manager console if previous attempts have failed. Since F-Secure Anti-Virus for Microsoft Exchange is a fundamental part of the network, more alerts will probably be forwarded from it to F-Secure Policy Manager than from other hosts.
Page 122: Stand-Alone Mode
4.9.2 Stand-Alone Mode You can configure alert forwarding by editing the Alert Forwarding table in the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can access it from the Home page by clicking the Configure... button in the F-Secure Management Agent section. When the F-Secure Management Agent Configuration page opens, click the Alert Forwarding...
Page 123: Viewing Alerts
Click Apply. Informational and warning-level alerts are not sent to F-Secure Policy Manager Console by default. If you want to use centralized administration mode, it is recommended to have all alerts sent to F-Secure Policy Manager Console. 4.10 Viewing Alerts When F-Secure Anti-Virus for Microsoft Exchange has encountered a problem, it sends an alert to the administrator.
Page 124 When an alert is selected from the list, the Editor pane displays more specific information about the alert. F-Secure Anti-Virus for Microsoft Exchange reports fatal errors, virus alerts, and other events as configured in the Alert Forwarding table under F-Secure Management Agent / Settings / Alerting branch.
Page 125: Chapter 5 Centrally Managed Administration
ENTRALLY ANAGED DMINISTRATION Overview................... 126 F-Secure Anti-Virus for Microsoft Exchange Settings ....126 F-Secure Anti-Virus for Microsoft Exchange Statistics ..... 184 F-Secure Content Scanner Server Settings ......193 F-Secure Content Scanner Server Statistics......208 F-Secure Automatic Update Agent Settings......212...
Page 126: Overview
Overview If F-Secure Anti-Virus for Microsoft Exchange is installed in the centrally administered mode, F-Secure Anti-Virus for Microsoft Exchange is managed centrally with F-Secure Policy Manager. In the centralized administration mode, you can use the F-Secure Anti-Virus for Microsoft Exchange Web Console to check the current status of F-Secure Anti-Virus for Microsoft Exchange and to connect to F-Secure Web Club for support, but you cannot change any settings with it.
Page 127 Public Folders at scheduled times. For more information, see “Scheduled Processing”, 174. Content Scanner Servers Change settings F-Secure Anti-Virus for Microsoft Exchange uses to connect to F-Secure Content Scanner Servers. For more information, see “Content Scanner Servers”, 175.
Page 128: Real-Time Processing
You can change real-time virus scanning and content blocking settings and make changes to the outbreak management settings from the F-Secure Anti-Virus for Microsoft Exchange / Settings / Real-Time Processing branch. You can also define domains that belong to the internal network of the company.
Page 129 For more information, see “Spam Control Settings in Centrally Managed Environments”, 328. The Spam Control settings branch is displayed only if you have F-Secure Spam Control installed. Outbreak Management Change virus outbreak notification settings. For more information, see “Outbreak Management”, 156.
Page 130 Virus Scanning F-Secure Anti-Virus can examine message bodies and attachments, intercept them and send them to F-Secure Content Scanner Server, which scans them for malicious code. Figure 5-3 Real-Time Processing / Virus Scanning settings Examine Attachments Specify which message attachments are checked for viruses.
Page 131 Excluded Extensions setting. Do not Scan - Do not scan any attachments in e-mail messages and public folder notes. By default, F-Secure Anti-Virus for Microsoft Exchange examines all files with included extensions. Included Extensions Specify extensions of attachments to be scanned if the Examine Attachments setting is set to All Files with Included Extensions.
Page 132 By default, F-Secure Anti-Virus for Microsoft Exchange places all infected attachments to the Quarantine. Virus Informational If the infected attachment is dropped, F-Secure File Text Anti-Virus for Microsoft Exchange replaces it with the Virus Informational File. Specify the text of the replacement file. For more information about the variables you can use in the text, see “Variables in Warning...
Page 133 CHAPTER 5 Centrally Managed Administration Intelligent File Type Trojans and other malicious code can disguise Recognition themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 134 Inbound Mail Figure 5-4 Real-Time Processing / Virus Scanning / Inbound Mail settings...
Page 135 Define users’ mailboxes that should be excluded from real-time virus scanning. To add mailboxes to the table, click the Editor pane of F-Secure Policy Manager Console. A new table row appears. Double-click the Mailbox cell and enter the name of the trusted mailbox.
Page 136 If you want to add the warning message, the original message is embedded in the virus warning message without the infected attachment. By default, F-Secure Anti-Virus for Microsoft Exchange adds the virus warning message. Warning Subject Specify the subject of the virus warning message.
Page 137 Internal Domains settings. F-Secure Anti-Virus for Microsoft Exchange does not send the warning message outside the company domain. For more information, see “Internal...
Page 138 Outbound Figure 5-5 Real-Time Processing / Virus Scanning / Outbound Mail settings...
Page 139 Exchange stops the whole message. A note about MAPI clients: If you set F-Secure Anti-Virus for Microsoft Exchange to disinfect infected files and to stop the whole message if an infection is found, messages that are sent from MAPI clients are not stopped if they can be disinfected.
Page 140 Add Disclaimer Specify whether you want to add a disclaimer to all outgoing messages. By default, F-Secure Anti-Virus for Microsoft Exchange adds a disclaimer. Disclaimer Specify the disclaimer text. Proactive Virus Threat...
Page 141 CHAPTER 5 Centrally Managed Administration Proactive virus threat detection can identify new and unknown e-mail malware, including viruses and worms. When proactive virus threat detection is enabled, the product analyzes inbound e-mail messages for possible security threats. All possibly harmful messages are quarantined as unsafe.
Page 142 Figure 5-6 Real-Time Processing / Virus Scanning / Public Folders settings...
Page 143 To add Public Folders to Included Folders and Excluded Folders table, click in the Editor pane of F-Secure Policy Manager Console. Double-click the Folder Name cell in the new table row and enter the name and path of the Public Folder. Double-click the Include Subfolders cell and select Yes if you want to include or exclude all subfolders of the folder you entered.
Page 144 By default, F-Secure Anti-Virus for Microsoft Exchange sends the virus warning message to the originator. The warning will be sent only if the originator of the note with the infected attachment belongs to an internal domain.
Page 145 CHAPTER 5 Centrally Managed Administration Content Blocking F-Secure Anti-Virus for Microsoft Exchange can strip unwanted attachments and filter content from inbound and outbound messages during the on-access scanning of mailboxes. Figure 5-7 Content Blocking settings categories On-Access Specify the settings used during the on-access scanning of messages.
Page 146 If you are using F-Secure Anti-Virus for Microsoft Exchange in centrally managed mode and have multiple Microsoft Exchange servers running under the same domain, only those trusted mailboxes that belong to the current server are trusted.
Page 147 CHAPTER 5 Centrally Managed Administration Stripping Attachments F-Secure Anti-Virus for Microsoft Exchange can be configured to remove attachments in real-time from inbound and outbound messages and during the on-access scanning by their file name or the file extension even without scanning them for malicious code.
Page 148 Attachments setting. All Attachments Except Allowed - Strip all attachments except those specified in the Allowed Attachments setting. By default, F-Secure Anti-Virus for Microsoft Exchange strips all disallowed attachments. Allowed Attachments Specify attachments that should not be stripped if the Strip Attachments setting is set to All Attachments Except Allowed.
Page 149 Quarantine - All stripped attachments are placed in the Quarantine. For more information, see “Quarantine”, 178. Drop - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Add Informational Specify whether an informational message Message should be added to the mail message which originally had the stripped attachment.
Page 150 Warning - Send a warning alert to the administrator. Security - Send a security alert to the administrator. By default, F-Secure Anti-Virus for Microsoft Exchange sends an informational alert to the administrator. For more information, see “Configuring Alert Forwarding”, 119.
Page 151 Content Filtering F-Secure Anti-Virus for Microsoft Exchange can be configured to filter messages in real-time from inbound and outbound mail traffic based on a list of keywords that have been defined as denied. You can specify a...
Page 152 Figure 5-9 Real-Time Processing / Content Blocking / Inbound Mail / Content Filtering settings...
Page 153 CHAPTER 5 Centrally Managed Administration Filter content Specify whether keyword-based content filtering should be enabled or disabled. By default keyword-based content filtering is disabled. Disallowed Keywords in Specify disallowed keywords in message Message Subject subject. When Content Filtering is enabled, messages that have these keywords in their subjects are filtered out.
Page 154 (This setting exists in the Inbound Mail branch only.) By default, F-Secure Anti-Virus for Microsoft Exchange does not send the informational message. The informational message will be sent only if the recipient of the message with the disallowed content is an internal user.
Page 155 Warning - Send a warning alert to the administrator. Security - Send a security alert to the administrator. By default, F-Secure Anti-Virus for Microsoft Exchange sends an informational alert to the administrator. For more information, see “Configuring Alert Forwarding”, 119.
Page 156 For more information, see “Internal Domains”, 159. Outbreak Management F-Secure Anti-Virus for Microsoft Exchange can alert administrators when the number of infections detected within a specified time frame exceeds a specified value.
Page 157 CHAPTER 5 Centrally Managed Administration Figure 5-10 Real-Time Processing / Outbreak Management settings Notify When Number Of Specify the number of infected objects that Infections Detected should be found within the time period Exceeds specified in the Notify When Number Of Infections Detected Within setting, which should be considered as a virus outbreak.
Page 158 Specify whether a security alert should be sent to the administrator when a virus outbreak is detected. For more information, “Configuring Alert Forwarding”, 119.- By default, F-Secure Anti-Virus for Microsoft Exchange sends the security alert. Send Outbreak Specify whether outbreak notification e-mail Notification...
Page 159: Manual Processing
* wildcard, for example, *example.com. 5.2.2 Manual Processing Variables located under F-Secure Anti-Virus for Microsoft Exchange / Settings / Manual Processing / Common configure the options that are common for manual scans of mailboxes and Public Folders. For information how to manually process mailboxes and Public Folders, see “Manually Processing Mailboxes and Public...
Page 160 Figure 5-11 Manual Processing settings categories Common Specify whether you want to process all messages every time you manually process mailboxes and Public Folders, or just the messages that have not been processed yet. For more information, see “Common”, 161. Mailboxes Specify manual mailbox processing settings.
Page 161 Only Recent Messages - Process only recent messages, which have not been processed previously. By default, F-Secure Anti-Virus for Microsoft Exchange processes only recent messages. You can process all messages for example after the F-Secure Anti-Virus for Microsoft Exchange virus definition database has been updated.
Page 162 Number of Concurrent Specify how many concurrent transactions Transactions the scanner can have with F-Secure Content Scanner Server. By default, F-Secure Anti-Virus for Microsoft Exchange uses two concurrent transactions with F-Secure Content Scanner Server. You can increase the performance on a multiprocessor system by increasing the number of concurrent transactions.
Page 163 CHAPTER 5 Centrally Managed Administration Mailboxes Figure 5-13 Manual Processing / Mailboxes settings Examine Mailboxes Specify which mailboxes should be processed during the manual scanning. Process Only Included Mailboxes - Process all mailboxes specified in the Included Mailboxes setting. Process All Except Excluded Mailboxes - Process all mailboxes, except those specified in the Excluded Mailboxes setting.
Page 164 Process All Except Excluded Mailboxes. To add a new mailbox to Included and Excluded Mailboxes lists, click Add in the Editor pane of F-Secure Policy Manager Console. Then, double-click the Mailbox cell and enter the name of the mailbox to be included.
Page 165 CHAPTER 5 Centrally Managed Administration By default, F-Secure Anti-Virus for Microsoft Exchange scans all files. Included Extensions Specify extensions of attachments to be scanned if the Examine Mailboxes setting is set to All Attachments with Included Extensions. Excluded Extensions Specify extensions of files that are not...
Page 166 Drop - Do not disinfect or deliver infected attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange disinfects infected attachments. Send Warning Message Specify whether a virus warning message To Mailbox Owner should be sent to the mailbox owner of the mail message which had infected content.
Page 167 Quarantine. For more information, “Quarantine”, 178. No - All infected and dropped files are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange places infected attachments in the Quarantine. Scan Message Body Specify whether the body of the e-mail message should be scanned for malicious code.
Page 168 Stripping Attachments F-Secure Anti-Virus for Microsoft Exchange can be configured to remove attachments according to the file name or the file extension, without even scanning them for malicious code. Using the variables under the Manual Scanning / Mailboxes / Stripping Attachments branch you can configure the options for stripping attachments during manual processing of the mailboxes.
Page 169 CHAPTER 5 Centrally Managed Administration Public Folders Use the variables under Manual Scanning / Public Folders to configure options for manual processing of Public Folders. Figure 5-15 Manual Processing / Public Folders settings Examine Public Folders Specify Public Folders that should be scanned for viruses.
Page 170 Attachments to Scan and Scan Message Body settings. Examine Public Folders By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Included Folders Specify Public Folders to be scanned for viruses if the Examine Public Folders setting is set to Scan Only Included Folders.
Page 171 Excluded Extensions setting. None - Attachments will not be checked for malicious code. By default, F-Secure Anti-Virus for Microsoft Exchange scans all attachments. Included Extensions Specify attachments that should be scanned if the Attachments To Scan setting is set to All Attachments with Included Extensions.
Page 172 Action On Infected Drop - Do not disinfect or deliver infected Attachments attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange disinfects infected files. Send Warning Message Specify whether a virus warning message To Originator should be sent to the original writer of the note which had infected content.
Page 173 Quarantine. For more information, see “Quarantine”, 178. No - All infected and dropped files are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange places infected attachments in the Quarantine. Scan Message Body Specify whether the body of the message should be scanned for malicious code.
Page 174: Scheduled Processing
5.2.3 Scheduled Processing Displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. Deactivate scheduled tasks in the list by clearing the checkbox in front of the task. Activate it again by checking the checkbox. Click to start the Scheduled Operation Wizard.
Page 175: Content Scanner Servers
5.2.4 Content Scanner Servers Figure 5-16 Content Scanner Server settings Primary Servers Specify all F-Secure Content Scanner Servers where F-Secure Anti-Virus for Microsoft Exchange should send files to be processed. If you list more than one F-Secure Content Scanner Server, F-Secure Anti-Virus for Microsoft Exchange uses load sharing between them.
Page 176 Backup Servers Specify F-Secure Content Scanner Servers that act as backup servers from primary servers. If F-Secure Anti-Virus for Microsoft Exchange cannot contact primary F-Secure Content Scanner Servers, it interacts with backup servers. IMPORTANT: This setting must be defined as Final with the Restriction Editor before the policies are distributed.
Page 177 Specify the time interval (in seconds) how long F-Secure Anti-Virus for Microsoft Exchange should wait for a response from F-Secure Content Scanner Server before it stops attempting to send or receive data. By default, the connection timeout is 900 seconds (15 minutes).
Page 178: Quarantine
5.2.5 Quarantine Figure 5-17 Quarantine settings...
Page 179 If you change the Quarantine Storage setting, select the Final checkbox in the Restriction Editor to override initial settings. During the installation, F-Secure Anti-Virus for Microsoft Exchange adjusts the access rights to the Quarantine Storage so that only the product, operating system and the local administrator can access it.
Page 180 Quarantine Size Specify the minimum amount of free disk Threshold space (in megabytes) required on the disk where the Quarantine storage resides. If the specified value is reached, the product sends a warning alert. If the threshold is specified as zero (0), the amount of free disk space is not checked.
Page 181 CHAPTER 5 Centrally Managed Administration Automatically Process Specify how often the product tries to Unsafe Messages reprocess unsafe messages that are retained in the Quarantine. Set the value to Disabled to keep all unsafe to process unsafe messages manually. Max Attempts to Process Specify how many times the product tries to Unsafe Messages reprocess unsafe messages that are...
Page 182: Reporting
5.2.6 Reporting Figure 5-18 Reporting settings Notification sender Specify the address used by F-Secure address Anti-Virus Agent for Microsoft Exchange for sending warning and informational messages to the end-users (for example, recipients, senders and mailbox owners). 5.2.7 Advanced Figure 5-19 Advanced settings...
Page 183 CHAPTER 5 Centrally Managed Administration New Mailbox Polling Specify how often (in seconds) F-Secure Interval Anti-Virus for Microsoft Exchange should check for newly established mailboxes. You can disable the new mailbox polling by using the value 0 (zero). By default, F-Secure Anti-Virus for Microsoft Exchange polls new mailboxes every 1 hour.
Page 184: F-Secure Anti-Virus For Microsoft Exchange Statistics
Statistics To view statistics, open the Status tab from the Properties pane and open the Statistics subtree. It displays statistics for the host for each F-Secure Anti-Virus for Microsoft Exchange installation. If a policy domain is selected, the Status view displays the number of hosts in the domain and which hosts are disconnected from F-Secure Policy Manager.
Page 185: Common
CHAPTER 5 Centrally Managed Administration To reset real-time scanning statistics, use the variables under F-Secure Anti-Virus for Microsoft Exchange / Operations / Reset Statistics. Select Reset and click Start in the Editor pane. The Status above the button will display "Operation still in progress" until the program reports that statistics have been reset.
Page 186: Real-Time Processing
Status Displays whether F-Secure Anti-Virus for Microsoft Exchange is running (started), stopped, or whether the current status of the agent is unknown. Real-Time Processing Displays the number of mailboxes and Public Folders that are protected in real-time. For more information, see “Real-Time...
Page 187 Displays the number of currently protected mailboxes. Protected Public Folders Displays the number of currently protected Public Folders. Total Number of Displays the number of viruses F-Secure Infections Found Anti-Virus for Microsoft Exchange has detected. Number of Infections Displays the number of viruses F-Secure...
Page 188 Inbound, Outbound Mail and Public Folders Inbound, Outbound Mail and Public Folders Statistics display the statistics of processed, infected, and suspicious mail messages. Inbound Mail includes e-mail messages coming into Microsoft Exchange Information Store from external sources such as SMTP connector, and internal mail flowing inside organization.
Page 189: Manual Processing
CHAPTER 5 Centrally Managed Administration Filtered Messages Displays the total number of inbound messages that contained disallowed keywords. Last Infection Found Displays the name of the last virus found. Last Time Infection Displays the date and time when the last Found infection was found.
Page 190 Total Amount of Displays the total number of mailboxes in the Mailboxes Exchange Store that F-Secure Anti-Virus for Microsoft Exchange processes during the manual processing. Scanned Mailboxes Displays the number of mailboxes that have been scanned. Total Amount of Public...
Page 191 CHAPTER 5 Centrally Managed Administration Manual Processing of Mailboxes and Public Folders Figure 5-24 Manual Processing / Mailboxes and Manual Processing / Public Folders statistics Previous Scanning Displays the date and time of the previous processing. Processed Messages Displays the total number of processed messages.
Page 192: Quarantine
Currently Processed Displays the name of the mailbox that was Mailbox the last one to be processed during manual scan. (This setting exists under the Mailboxes branch only.) Currently Processed Displays the name of the public folder that Public Folder was the last one to be processed during manual scan.
Page 193: F-Secure Content Scanner Server Settings
CHAPTER 5 Centrally Managed Administration F-Secure Content Scanner Server Settings Use the variables under the F-Secure Content Scanner Server / Settings branch to define the settings for content providers and to change the general content scanning options. Figure 5-25 F-Secure Content Scanner Server Settings categories...
Page 194 Threat Detection Engine Configure the virus outbreak and spam threat detection. For more information, see “Threat Detection Engine”, 204. Proxy Configuration Specify proxy server parameters that Content Scanner Server uses when it connects to the threat detection center. For more information, see “Proxy Configuration”, 205.
Page 195: Interface
CHAPTER 5 Centrally Managed Administration 5.4.1 Interface Specify how the server will interact with clients. Figure 5-26 Interface settings IP Address Specifies the service listen address in case of multiple network interface cards or multiple IP addresses. If you do not assign an IP address (0.0.0.0), the server responds to all IP addresses assigned to the host.
Page 196: Virus Scanning
Max Connections Specifies the maximum number of simultaneous connections the server can accept. Value zero (0) means no limit. Max Connections Per Specifies the maximum number of Host simultaneous connections the server can accept from a particular host. Value zero (0) means no limit.
Page 197 CHAPTER 5 Centrally Managed Administration Figure 5-27 Virus Scanning settings Scan Engines Scan engines can be enabled or disabled. If you want to disable the scanning just for certain files, enter the appropriate file extensions to Excluded extensions field and separate each extension with a space.
Page 198 Max Levels in Nested If Scan Inside Archives is enabled, F-Secure Archives Content Scanner Server can scan files inside archives that may exist inside of other archives. Furthermore, these nested archives can contain other archives. Specify the number of levels F-Secure...
Page 199: Virus Statistics
CHAPTER 5 Centrally Managed Administration Scan Extensions Inside Enter all the extensions you want to scan Archives inside archives. Extensions Allowed in Define a space-separated list of the file Password Protected extensions allowed in password protected Archives archives. Wildcards (*, ?) can be used. Example: "DO? *ML".
Page 200 F-Secure World Map about viruses and other malware to the F-Secure World Map service. When the F-Secure World Map support is enabled, the product sends encrypted e-mail reports periodically to the service. These reports list only the name and the amount of...
Page 201: Database Updates
Verify Integrity of Specify whether the product should verify Downloaded Databases that the downloaded virus definition databases are the original databases published by F-Secure Corporation and that they have not been altered or corrupted in any way before taking them to use.
Page 202: Spam Filtering
Notify When Databases Specify the time (in days) how old virus Older Than definition databases can be before F-Secure Content Scanner Server sends the notification to the administrator. 5.4.5 Spam Filtering Figure 5-30 Spam Filtering settings...
Page 203 CHAPTER 5 Centrally Managed Administration The number of spam scanner instances can be configured in F-Secure Content Scanner Server / Settings / Spam Filtering. Number of spam scanner Specify the number of Spam Scanner instances instances to be created and used for spam analysis.
Page 204: Threat Detection Engine
Threat Detection Engine Figure 5-31 Threat Detection Engine settings The virus outbreak and spam threat detection can be configured in F-Secure Content Scanner Server / Settings / Threat Detection Engine. VOD Cache Size Specify the maximum number of patterns to cache for the virus outbreak detection service.
Page 205: Proxy Configuration
CHAPTER 5 Centrally Managed Administration Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted Networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers and do not have open relays or open proxies.
Page 206: Advanced
Specify proxy server parameters that Content Scanner Server uses when it connects to the threat detection center. Use Proxy Server Specify whether F-Secure Content Scanner Server uses a proxy server when it connects to the threat detection center. Proxy Server Address Specify the address of the proxy server.
Page 207 Working directory are deleted. The default clean interval is 15 minutes. Free Space Threshold Specify when F-Secure Content Scanner Server should send a low disk space alert to the administrator. The default setting is 100 megabytes.
Page 208: F-Secure Content Scanner Server Statistics
Figure 5-34 F-Secure Content Scanner Server Statistics The Statistics branch in the F-Secure Content Scanner Server tree displays the version of F-Secure Content Scanner Server that is currently installed on the selected host, the MIB version and the location of F-Secure Content Scanner Server installation directory.
Page 209: Scan Engines
CHAPTER 5 Centrally Managed Administration Number of Scanned Files The number of files that have been scanned. Last Database Update The last date and time when virus definition database was updated. Last Infection Found The name of the last infection that was encountered.
Page 210: Common
Processed Files Displays the number of files processed by this scan engine. Infected Files Displays the number of infected files found by this scan engine. Disinfected Files Displays the number of files successfully disinfected by this scan engine. 5.5.3 Common The Common statistics branch displays the list of installed product hotfixes.
Page 211: Virus Statistics
5.5.5 Virus Statistics The Virus Statistics branch displays the following information: Figure 5-35 F-Secure Content Scanner Server Statistics / Virus Statistics Last Updated Displays the date and time when the virus statistics were updated last time.
Page 212: F-Secure Automatic Update Agent Settings
F-Secure Automatic Update Agent Settings Figure 5-36 F-Secure Automatic Update Agent Communications settings To edit F-Secure Automatic Update Agent Settings, go to F-Secure Automatic Update Agent > Settings > Communications. Automatic updates Enable and disable the automatic virus definition updates. By default, automatic updates are enabled.
Page 213 If the product cannot connect to update servers during the specified time, it retrieves the latest virus definition updates from F-Secure Update Server if Allow fetching updates from F-Secure Update Server is enabled. Intermediate Server Define how often the product checks the virus...
Page 214: F-Secure Management Agent Settings
F-Secure Management Agent Settings If the F-Secure Anti-Virus for Microsoft Exchange is working in centrally administered mode, you have to make sure F-Secure Anti-Virus for Microsoft Exchange sends and receives data from F-Secure Policy Manager Server. To do this, change communications settings from F-Secure Management Agent.
Page 215 CHAPTER 5 Centrally Managed Administration HTTP Management Server URL of the F-Secure Policy Manager Server. Address The URL should not have a slash at the end. For example: “http://fsms.example.com”. Incoming Packages Defines how often the host tries to fetch Polling Interval...
Page 216: Chapter 6 Administration With Web Console
DMINISTRATION WITH ONSOLE Overview................... 217 F-Secure Anti-Virus for Microsoft Exchange Settings ....218 F-Secure Content Scanner Server Settings ......275 F-Secure Automatic Update Agent Settings......298 F-Secure Management Agent Settings ........304...
Page 217: Overview
CHAPTER 6 Administration with Web Console Overview This section describes how to use Web Console to administer F-Secure Anti-Virus for Microsoft Exchange. If F-Secure Anti-Virus for Microsoft Exchange is installed in the stand-alone mode, it can be administered with F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 218: Summary
F-Secure Anti-Virus for Microsoft Exchange Settings You can use the F-Secure Anti-Virus for Microsoft Exchange Web Console to start and stop F-Secure Anti-Virus for Microsoft Exchange, modify its settings, edit scheduled tasks and start manual processing. 6.2.1 Summary The Summary page displays the current status of the product and a summary of the most important product statistics.
Page 219 CHAPTER 6 Administration with Web Console Status Status The current status of F-Secure Anti-Virus for Microsoft Exchange. F-Secure Anti-Virus for Microsoft Exchange is Started when it is Running and Stopped when it has been stopped or disabled. Version The version and the build number of installed F-Secure Anti-Virus for Microsoft Exchange.
Page 220: Virus Scanning
Virus Scanning Virus Scanning settings are used to specify how inbound and outbound messages and Public Folder notes that are sent to F-Secure Content Scanner Server are to be checked for malicious code. Figure 6-2 Virus Scanning / Statistics page...
Page 221 CHAPTER 6 Administration with Web Console Last infection found Displays the name of the last infection that was found. Processed Displays the number of processed message bodies and attachments. Infected Displays the number of attachments that have been infected with malicious code. Suspicious Displays the number of stripped messages and messages that have not been scanned reliably.
Page 222 Common Edit the Virus Scanning / Common settings to specify which messages should be scanned for malicious code. Note that you may have to scroll the page to view all the settings. Figure 6-3 Virus Scanning / Common settings...
Page 223 Scan mail message Specify whether the body of the e-mail message body should be scanned for malicious code. By default, F-Secure Anti-Virus for Microsoft Exchange scans message bodies. Although scanning message bodies can slow down the performance, it is recommended as a virus can be carried inside a message body.
Page 224 Max level of nested Set the maximum number of levels of messages messages inside messages that F-Secure Anti-Virus for Microsoft Exchange should scan. If the number of levels exceeds the specified limit, F-Secure Anti-Virus for Microsoft Exchange performs the action specified in the Action on messages with exceeding nesting levels setting.
Page 225 Administration with Web Console Drop attachment - Do not disinfect or deliver infected attachments. All infected attachments are dropped. By default, F-Secure Anti-Virus for Microsoft Exchange tries to disinfect infected attachments. Action on messages Specify the action to take on e-mail messages...
Page 226 Inbound Mail Edit Virus Scanning / Inbound Mail settings to define whether the whole message should be stopped if an infection is found and to specify the trusted mailboxes and the warning messages for infected, inbound mails. These settings are specific to the mails that are destined to the internal domains defined under the General / Internal Domains branch.
Page 227 CHAPTER 6 Administration with Web Console Processing options Stop the whole Specify whether F-Secure Anti-Virus for message if infection Microsoft Exchange should stop inbound found messages that contain malicious code. When this setting is enabled, inbound messages with infected attachment(s) will be stopped completely.
Page 228 Click Edit to edit the warning message that is added to the mail message. By default, F-Secure Anti-Virus for Microsoft Exchange does not add the virus warning message. Send warning Specify whether a virus warning message message to sender should be sent to the sender of the mail message which had infected content.
Page 229 The virus warning message will be sent to the sender of the infected message only if the sender belongs to the internal domain. F-Secure Anti-Virus for Microsoft Exchange does not send the warning message outside the company...
Page 230 Outbound Mail Edit Virus Scanning / Outbound Mail real-time processing settings to define what should be done to infected outbound messages and set warning messages to infected, outbound mails. Figure 6-5 Virus Scanning / Outbound Mail settings...
Page 231 By default, F-Secure Anti-Virus for Microsoft Exchange stops the whole message. If you set F-Secure Anti-Virus for Microsoft Exchange to disinfect infected files and stop the whole message if an infection is found, messages are not stopped if they are send from a MAPI client if they can be disinfected.
Page 232 Click Edit to edit the disclaimer text. By default, F-Secure Anti-Virus for Microsoft Exchange adds a disclaimer. Public Folders Edit Public Folders real-time processing settings to define which Public Folders should be scanned for malicious code and to set warning messages to infected Public Folder notes.
Page 233 Public Folders. Scan all except excluded public folders - Process all notes posted to all Public Folders, except to the ones in the list. By default, F-Secure Anti-Virus for Microsoft Exchange processes all Public Folders. Editing Public Folders Click...
Page 234 By default, F-Secure Anti-Virus for Microsoft Exchange sends the virus warning message to the originator. Outbreak Detection F-Secure Anti-Virus for Microsoft Exchange can alert administrators when the number of infections detected within a specified time frame exceeds a specified value.
Page 235 CHAPTER 6 Administration with Web Console Figure 6-7 Virus Scanning / Outbreak Detection settings Condition Notify when number of Specify the number of infected objects that infections detected should be found within a specified time period, exceed for it to be considered as a virus outbreak. Use the value zero (0) to disable the outbreak notification.
Page 236: Stripping Attachments
6.2.3 Stripping Attachments F-Secure Anti-Virus for Microsoft Exchange can be configured to remove attachments in real-time from inbound and outbound messages by their file name or the file extension even without scanning them for malicious code. The Statistics page displays the number of attachments stripped...
Page 237 CHAPTER 6 Administration with Web Console Figure 6-8 Stripping Attachments / Statistics page Statistics Attachments stripped Displays the number of stripped attachments in inbound mail, outbound mail and public folders. On-Access Edit On-Access stripping attachments settings to set which attachments should be stripped during the on-access scanning.
Page 238 Figure 6-9 Content Blocking / On-Access / Stripping Attachments settings Strip attachments Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes.
Page 239 Quarantine attachment - All stripped attachments are placed in the Quarantine. For more information, see “Quarantine”, 257. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments. Add informational Specify whether an informational message message should be added to the mail message which originally had the stripped attachment.
Page 240 By default, F-Secure Anti-Virus for Microsoft Exchange does not add the informational message. Send the informational Specify whether an informational message message to sender should be sent to the sender of the mail message which had the stripped attachment. Click...
Page 241 CHAPTER 6 Administration with Web Console Inbound Mail Edit Stripping Attachments / Inbound Mail settings to specify which attachments should be stripped from the inbound mail. For settings descriptions, see below. Note that you may have to scroll the page to view all the settings. Figure 6-10 Stripping Attachments / Inbound Mail settings...
Page 242 Strip attachments Strip attachments Specify which attachments should be stripped from messages and public folder notes. Do not strip - Do not strip any attachments. Strip all attachments - Strip all attachments from all messages and notes. Strip all attachments with these extensions - Strip all except specified attachments.
Page 243 Quarantine attachment - All stripped attachments are placed in the Quarantine. For more information, see “Quarantine”, 257. Drop attachment - All stripped attachments are deleted automatically. By default, F-Secure Anti-Virus for Microsoft Exchange quarantines stripped attachments.
Page 244 Public Folder note. Click Edit to edit the warning message that is added to the mail message. By default, F-Secure Anti-Virus for Microsoft Exchange does not add the informational message. Send informational Specify whether an informational message message to sender should be sent to the sender of the mail message which had the stripped attachment.
Page 245 CHAPTER 6 Administration with Web Console Send security alert - Send a security alert to the administrator. By default, F-Secure Anti-Virus for Microsoft Exchange sends an informational alert to the administrator. For more information, see “Configuring Alert Forwarding”, 119. F-Secure Management Agent alert forwarding table controls where alerts with certain severity level will be sent.
Page 246: Content Filtering
The Content Filtering settings specify how content should be filtered based on keywords found in message subject and content. The Spam Control settings are also located under the Content Filtering branch, but they are displayed only if you have installed F-Secure Spam Control with the product.
Page 247 CHAPTER 6 Administration with Web Console Figure 6-12 Content Filtering / Statistics page Statistics Spam messages Displays the total number of spam messages that have been found. Size of spam Displays the total size of spam messages that messages have been found. Filtered inbound Displays the total number of inbound messages messages...
Page 248 Spam Control For information on F-secure Spam Control settings, see “Spam Control Settings in Web Console”, 331. Inbound Mail Edit Content Filtering / Inbound Mail settings to define how content should be filtered in the inbound mail based on keywords in message subjects...
Page 249 CHAPTER 6 Administration with Web Console Figure 6-13 Content Filtering / Inbound Mail settings Processing options Enable content filtering Specify whether the content of inbound messages is filtered based on the subjects and texts of the messages as defined on this tab. List of disallowed Lists the keywords that are not allowed in keywords in message...
Page 250 Click Edit to open a dialog box where you can add new disallowed keywords, or remove keywords from the list. Select the checkbox in the column to mark the entries that you want to remove. Click Clear to remove the selected entries from the list.
Page 251 CHAPTER 6 Administration with Web Console Editing Trusted Mailboxes List Click Specify to open a dialog box where you can add new trusted mailboxes, or remove trusted mailboxes from the list. To add new mailbox to the list, click Add. Select mailboxes from the list and click OK.
Page 252 Send warning alert - Send a warning alert to the administrator. Send security alert - Send a security alert to the administrator. F-Secure Management Agent alert forwarding table controls where alerts with certain severity level will be sent. Outbound Mail...
Page 253: Manual Scanning
CHAPTER 6 Administration with Web Console Figure 6-14 Content Filtering / Outbound Mail settings 6.2.5 Manual Scanning You can process mailboxes and public folders manually as needed.
Page 254 Figure 6-15 Manual Processing page...
Page 255 CHAPTER 6 Administration with Web Console Processing Mailboxes Manually The Status field displays the current status of the manual process. To start processing mailboxes manually, click Start. Click Stop terminate the currently running manual scan Click Configure... to set up a new manual processing task. For more information, see “Creating Manual Scanning Operation”,...
Page 256 Scheduled Scan Tasks Figure 6-16 Scheduled Processing page Editing Scheduled Tasks The Scheduled tasks table displays all scheduled tasks and the date and time when the next scheduled task occurs for the next time.
Page 257: Quarantine
6.2.6 Quarantine Quarantine in F-Secure Anti-Virus for Microsoft Exchange is handled through a SQL database. The product is able to quarantine e-mails and attachments which contain malicious or otherwise unwanted content, such as spam messages.
Page 258 Quarantine Thresholds Figure 6-17 Quarantine thresholds settings...
Page 259 CHAPTER 6 Administration with Web Console Quarantine thresholds Quarantined items Specify the critical number of items in the threshold Quarantine storage. If the specified value is reached or exceeded, the product sends an alert. If zero (0) is specified, the number of items in the Quarantine storage is not checked.
Page 260 Notify when quarantine Specify how the administrator should be threshold is reached notified when the Quarantine Size Threshold and/or Quarantined Items Threshold are reached. No alert is sent if both thresholds are set to zero (0). The options available are: Quarantine Reprocess, Retention and Cleanup When quarantined content is reprocessed, it is scanned again, and if it is found clean, it is sent to the intended recipients.
Page 261 CHAPTER 6 Administration with Web Console Figure 6-18 Quarantine cleanup settings Reprocess unsafe messages Automatically reprocess Specify how often the product tries to unsafe messages reprocess unsafe messages that are retained in the Quarantine. Set the value to Disabled to keep all unsafe to process unsafe messages manually.
Page 262 Final action on unsafe Specify the action to unsafe messages after messages the maximum number of reprocesses have been attempted. Leave in Quarantine - Leave messages in the Quarantine and process them manually. Release to Intended Recipients - Release messages from the Quarantine and send them to original recipients.
Page 263 CHAPTER 6 Administration with Web Console Infected Disallowed Suspicious Spam Scan failure Unsafe Retention period - Specify an exception to the default retention period for the selected Quarantine category. Cleanup interval - Specify an exception to the default cleanup interval for the selected Quarantine category.
Page 264 Quarantine Logging Figure 6-19 Quarantine logging settings Logging Quarantine log Specify the path for Quarantine log files. directory Rotate quarantine Specify how often the product rotates logs Quarantine log files. At the end of each rotation time a new log file is created. Keep rotated Specify how many rotated log flies should be quarantine logs...
Page 265 CHAPTER 6 Administration with Web Console Quarantine Options Quarantine Options Quarantine worms Specify whether the product should Quarantine files infected with mass worms or mail viruses such as Sobig or Bagle. Quarantine problematic Specify if messages that contain malformed messages or broken attachments should be quarantined for later analysis or recovery.
Page 266 Quarantine Database Figure 6-20 Quarantine database settings You can specify the database where information about quarantined e-mails is stored and from which it is retrieved. Quarantine database SQL server name The name of the SQL server where the database is located. Database name The name of the Quarantine database.
Page 267: Advanced
Otherwise the setting will not be changed in the product. Make sure that F-Secure Anti-Virus for Microsoft Exchange service has write access to this directory. Adjust the access rights to the directory so that only the F-Secure Anti-Virus for Microsoft Exchange service and the local administrator can access files in the Quarantine.
Page 268 Figure 6-21 Advanced settings Mail Delivery Settings Mail opening timeout Specify the number of seconds to try to open a message. Max mail sending Specify the number of times to try to send a retries message if sending it fails. Mail sending timeout Specify the number of seconds to wait to try sending a message.
Page 269 CHAPTER 6 Administration with Web Console Advanced New mailbox polling Specify how often F-Secure Anti-Virus for interval Microsoft Exchange should check for newly established mailboxes. You can disable the new mailbox polling by using the value 0 (zero). By default, F-Secure Anti-Virus for Microsoft Exchange polls new mailboxes every 60 minutes.
Page 270 Scanning Servers Edit the Servers settings to configure the connection between F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server. Note that you may have to scroll the page to view all the settings. Figure 6-22 Advanced / Scanning Servers settings...
Page 271 Scanner Servers, it interacts with backup servers. Editing F-Secure Content Scanner Server Addresses To add new F-Secure Content Scanner Server IP addresses or host names to the list, click Add. To delete a address from the list, click on column to select addresses that you want to delete.
Page 272 Use local interaction Specify whether the product should interact with mode F-Secure Content Scanner Server in the local interaction mode. When F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server are installed on the same host and the local interaction mode is enabled, data are transferred via local temporary files and/or shared memory.
Page 273: Internal Domains
Working directory Specify the name and location of the Working directory, where temporary files are placed. During the installation, F-Secure Anti-Virus for Microsoft Exchange automatically adjusts the access rights so that only the operating system and the local administrator can access files in the Working directory.
Page 274 Figure 6-23 Internal Domains settings You can define how the mails destined for the internal domains are processed by configuring the Virus Scanning / Inbound Mail, Stripping Attachments / Inbound Mail and Content Filtering / Inbound Mail settings. Editing Internal Domain Addresses To add a new domain name to the list, click Add.
Page 275: F-Secure Content Scanner Server Settings
Policy Manager Console instead. 6.3.1 Summary You can see the current status of the F-Secure Content Scanner Server, and virus and spam scanner statistics under the Summary branch. Status You can see the statistics of all virus scans on the Status page of F-Secure Content Scanner Server.
Page 276 Server is currently running or not. Version Displays the current version number and build of F-Secure Content Scanner Server. Start time Displays the start date and time of F-Secure Content Scanner Server. Scanned files Displays how many files have been scanned since the last reset.
Page 277 F-Secure Content Scanner Server. Click Reset Statistics to reset the statistics in this window. Virus Statistics You can see the list of most active viruses on the Summary > Virus Statistics page in F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 278 Figure 6-25 Summary / Virus Statistics settings Most active viruses Most active viruses This table displays a list of the 5, 10 or 30 most table often found viruses during the specified time period. It also displays the number of times each virus has been found and the percentage that each virus represents of the total number of viruses encountered.
Page 279 Spam Scanner Statistics This page is displayed only if you have installed F-Secure Spam Control. On the Spam Control page you can see the status of F-Secure Spam Control, spam definition databases and the spam scanning statistics.
Page 280 Version Shows the version and build number of the F-Secure Spam Scanner. Status Shows the status of the F-Secure Spam Scanner. The possible statuses are: Unknown or not installed - This status might be displayed right after installation when the product statistics are not yet updated, or if the F-Secure Spam Scanner is not installed.
Page 281 Shows the version of the database currently used by the F-Secure Spam Scanner. Last database update Shows the date and time when the F-Secure Spam Scanner database was last updated. Number of processed Shows the total number of files that have been files analyzed for spam.
Page 282: Database Updates
6.3.2 Database Updates F-Secure Content Scanner Server can notify the administrator if it detects that virus and/or spam definition databases are outdated. You can change the notification and other database updates settings on the Updates page. For more information about virus definition database updates, see “Updating Virus and Spam Definition...
Page 283 Corporation and that they have not been altered or corrupted in any way before taking them to use. Notify when databases Specify what kind of an alert F-Secure Content become old Scanner Server should send to the administrator when virus definition databases are not up-to-date.
Page 284: Scan Engines
6.3.3 Scan Engines F-Secure Content Scanner Server uses multiple top quality scanning engines to ensure the highest possible detection rate and disinfection capability. You can view an overview of the engine statuses and updates on the Scan Engines page.
Page 285 CHAPTER 6 Administration with Web Console Figure 6-28 Virus Scanning page Scan engines Scan Engine Displays the name of the scan engine. Version Displays the version number of the scan engine. Database Date Displays the date of the currently used virus definition database.
Page 286 Properties You can view the detailed statistics and statuses of the scan engines on the Scan Engines > Properties page. Note that you have to scroll the page to view all the settings. Figure 6-29 Scan Engines > Properties page Scan engine Number of processed Displays the number of files the selected scan...
Page 287 CHAPTER 6 Administration with Web Console Number of disinfected Displays the number of infected files the files selected scan engine has successfully disinfected. Database date Displays the date of the currently used virus definition database for the selected scan engine. Last database update Displays the last date when the virus definition database was updated.
Page 288 Figure 6-30 Scan Engines > Threat Detection page Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns. Class cache size Specify the maximum number of patterns to cache for spam detection service.
Page 289: Proxy Configuration
CHAPTER 6 Administration with Web Console Pass through - The message is passed through without scanning it for spam. Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted networks Specify networks and hosts in the mail relay...
Page 290 Figure 6-31 Proxy Configuration page Proxy Configuration Use proxy server Specify whether F-Secure Content Scanner Server uses a proxy server when it connects to the threat detection center. Proxy server address Specify the address of the proxy server. Proxy server port Specify the port number of the proxy server.
Page 291 CHAPTER 6 Administration with Web Console User name Specify the user name for the proxy server authentication. Password Specify the password for the proxy server authentication. Domain Specify the domain name for the proxy server authentication.
Page 292: Archive Scanning
6.3.5 Archive Scanning F-Secure Content Scanner Server can scan files inside archives. You can change the archive scanning and other advanced settings in the Virus Scanning / Archive Scanning page. Figure 6-32 Archive Scanning settings page...
Page 293 Max levels in nested Set the number of levels of archives inside archives archives that F-Secure Content Scanner Server should scan. Note that nested archives can be used in denial-of-service attacks, so it is not recommended to set the maximum value very high.
Page 294 Acceptable unpacked Specify the acceptable unpacked size (in size threshold kilobytes) for archive files. If the unpacked size of an archive file exceeds this threshold, the server will consider the archive suspicious and corresponding action will be taken. Scan these extensions Specify files that are scanned inside archives.
Page 295: Advanced
CHAPTER 6 Administration with Web Console 6.3.6 Advanced You can change the Working Directory settings from the Advanced page. The Working directory specifies where temporary files are stored. Figure 6-33 Advanced settings Advanced Working directory Specify the working directory. Enter the complete path to the field or click Browse browse to the path you want to set as the new...
Page 296 F-Secure Content Scanner Server sends an alert to the administrator when the drive has less than the specified amount of space left. Max number of Specify how many files F-Secure Content concurrent Scanner Server should process simultaneously. transactions Max scan timeout Specify how long a scan task can be carried out before it is automatically cancelled.
Page 297: Interface
CHAPTER 6 Administration with Web Console 6.3.7 Interface You can specify how F-Secure Content Scanner Server should interact with F-Secure Anti-Virus Agent for Microsoft Exchange. Figure 6-34 Interface settings Service connections IP address Specify the IP address that F-Secure Content Scanner Server listens to.
Page 298: F-Secure Automatic Update Agent Settings
Server keeps an inactive connection open. F-Secure Automatic Update Agent Settings With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published. When a new virus is found, F-Secure provides a new virus definition database update.
Page 299: Summary
CHAPTER 6 Administration with Web Console 6.4.1 Summary Status Displays the current status of F-Secure Automatic Update Agent. Version Displays the version number of F-Secure Automatic Update Agent. Channel name Displays the channel from where the updates are downloaded. Channel address Displays the address of the Automatic Updates Server.
Page 300 Current HTTP proxy Displays the address of the HTTP proxy that is currently used. Current Policy Manager Displays the address of the F-Secure Policy proxy Manager proxy that is currently used. Downloads Available Packages Title Displays the title of the downloaded package.
Page 301: Automatic Updates
CHAPTER 6 Administration with Web Console Installed Packages TItle Displays the title of the downloaded package. Installation time Displays the date and time when the update was installed. Result Displays the installation status. 6.4.2 Automatic Updates You can configure the Download options on the Downloads page. Updates Enable automatic Select whether automatic updates are...
Page 302 HTTP Settings Internet connection Use ‘Detect connection’, unless you checking experience problems with that setting. The options available are: Assume always connected - Assume that the computer is always connected to the Internet. Detect connections - Detect when the computer is connected to the Internet. Detect traffic - Assume that there is an Internet connection when the product detects any traffic.
Page 303: Pm Proxies
CHAPTER 6 Administration with Web Console 6.4.3 PM Proxies Active Enable or disable the F-Secure Policy Manager Proxy. Address Specify the address of F-Secure Policy Manager Proxy. Server failover time Define (in hours) the failover time to connect to specified update servers.
Page 304: F-Secure Management Agent Settings
F-Secure Management Agent Settings F-Secure Management Agent enforces the security policies set by the administrator. It handles all management functions on the local workstations and provides a common interface for all F-Secure applications. and operates within the policy-based management infrastructure.
Page 305 CHAPTER 6 Administration with Web Console Figure 6-35 F-Secure Management Agent Configuration page Status The Status section displays detailed information on the host, for example the DNS and WINS names and the IP address. In addition, it displays the date and time when the policy file that is currently in use was issued and the date and time when the host connected to the server last time.
Page 306 Communication method F-Secure Policy Manager If you use F-Secure Policy Manager Server, Server specify the URL of F-Secure Policy Manager Server. Do not add a slash at the end of the URL. For example: “http://fsms.example.com”. Network communication If you use the network communication...
Page 307 UARANTINE ANAGEMENT Introduction................308 Configuring Quarantine Options..........309 Searching the Quarantined Content......... 310 Query Results Page ..............314 Viewing Details of a Quarantined Message......316 Reprocessing the Quarantined Content ........318 Releasing the Quarantined Content ......... 319 Removing the Quarantined Content......... 321 Deleting Old Quarantined Content Automatically.....
Page 308: Introduction
Introduction You can manage and search quarantined mails with the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can search for quarantined content by using different search criteria, including the quarantine ID, recipient and sender address, the time period during which the message was quarantined, and so on.
Page 309: Configuring Quarantine Options
Quarantine Storage The quarantine storage where the quarantined messages are stored is located on the server where F-Secure Anti-Virus for Microsoft Exchange is installed. If there are several F-Secure Anti-Virus for Microsoft Exchange installations in the network, they all have their own storages.
Page 310: Searching The Quarantined Content
The actual quarantine management is done through F-Secure Anti-Virus for Microsoft Exchange Web Console. Searching the Quarantined Content You can search the quarantined content on the F-Secure Anti-Virus for Microsoft Exchange > Quarantine page in the Web Console. Figure 7-1 Quarantine query options...
Page 311 CHAPTER 7 Quarantine Management You can use the following search criteria: Quarantine ID Enter the quarantine ID of a quarantined message. The quarantine ID is displayed in the notification sent to the user about the quarantined message. Object type Select the type of the quarantined content. Attachment - Search for quarantined attachments.
Page 312 Recipients Enter the e-mail recipient address. Subject Enter the message subject to be used as search criteria. Show only You can use this option to view the current status of messages that you have set to be reprocessed, released or deleted. Because processing a large number of e-mails may take time, you can use this option to monitor how the operation is progressing.
Page 313 CHAPTER 7 Quarantine Management Search period Select the time period when the data has been quarantined. Select Exact start and end dates to specify the date and time (year, month, day, hour, minute) when the data has been quarantined. Sort Results Specify how the search results are sorted by selecting one of the options in the Sort Results by: drop-down menu: based on Date, Sender,...
Page 314: Query Results Page
Query Results Page Figure 7-2 Quarantine Query Results Page The Quarantine Query Results page displays a list of mails and attachments that were found in the query. To view detailed information about a quarantined content, click the Quarantine ID (QID) number link in the QID column.
Page 315 CHAPTER 7 Quarantine Management Icon E-mail status Quarantined e-mail that the administrator has set to be reprocessed. The reprocessing operation has not been completed yet. Quarantined e-mail that the administrator has set to be deleted. The deletion operation has not been completed yet. Quarantined e-mail set to be released, which failed.
Page 316: Viewing Details Of A Quarantined Message
Quarantined Attachment Operations You can select an operation to perform on the attachments that were found in the query: Click Send to deliver the currently selected attachment without further processing, or click Send All to deliver all attachments that were found. For more information, see “Releasing the Quarantined Content”, 319.
Page 317 QID - Quarantine ID. Submit date - The date and time when the item was placed in the quarantine. Processing server - The F-Secure Anti-Virus for Microsoft Exchange server that processed the message. Sender - The address of the message sender.
Page 318: Reprocessing The Quarantined Content
Click Download to download the quarantined message to your computer to check it. WARNING: In many countries, it is illegal to read other people’s messages. The Quarantined Content Details page displays the following information about the quarantined attachments: QID - Quarantine ID. Submit date - The date and time when the item was placed in the quarantine.
Page 319: Releasing The Quarantined Content
CHAPTER 7 Quarantine Management 1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page. Select the start and end dates and times of the quarantining period from the Start time: and End Time: drop-down menus. If you want to specify how the search results are sorted, select the sorting criteria and order from the Sort results by: and order: drop-down menus.
Page 320 1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page. Enter the Quarantine ID of the message in the Quarantine ID field. Click Query. When the query is finished, the query results page is displayed. Click Release button to release the displayed quarantined content.
Page 321: Removing The Quarantined Content
1. Select the F-Secure Anti-Virus for Microsoft Exchange tab and the Quarantine page in the Web Console. Select the quarantining reason, Spam, from the Reason: drop-down menu.
Page 322: Quarantine Logging
Enable the exception you just created by selecting the Enabled check box. Click Apply. 7.10 Quarantine Logging To view the Quarantine Log, open the F-Secure Anti-Virus for Microsoft Exchange tab in the Web Console, and go to the Quarantine page. Then click the Show Log File button.
Page 323: Quarantine Statistics
CHAPTER 7 Quarantine Management 7.11 Quarantine Statistics The Quarantine statistics page displays the number of quarantined items in each quarantine category, and the total size of the quarantine. Figure 7-4 Quarantine > Statistics page E-mail messages and infected, suspicious and disallowed attachments are stored and counted as separate items in the quarantine storage.
Page 324: Moving The Quarantine Storage
Moving the Quarantine Storage When you want to change the Quarantine storage location either using the F-Secure Policy Manager Console or F-Secure Anti-Virus for Microsoft Exchange Web Console, note that the product does not create the new directory automatically. Before you change the Quarantine storage directory, make sure that the directory exists and it has proper security permissions.
Page 325 Follow Share a Folder Wizard instructions to create FSMSEQS$ shared folder. Specify the new directory (in this example, D:\Quarantine) as the folder path, FSMSEQS$ as the share name and F-Secure Quarantine Storage as the description. On the Permissions page, select Administrators have full access;...
Page 326 DMINISTERING ECURE ONTROL Overview................... 327 Spam Control Settings in Centrally Managed Environments..328 Spam Control Settings in Web Console ........331 Realtime Blackhole List Configuration........336...
Page 327: Overview
CHAPTER 8 Administering F-Secure Spam Control Overview When F-Secure Spam Control is enabled, incoming messages that are considered spam are marked automatically by adding an X-header with the spam flag or predefined text in the message header. The end users can then create filtering rules that direct the messages marked with the spam flag header into a junk mail folder.
Page 328: Spam Control Settings In Centrally Managed Environments
Settings / Real-time Processing / Spam Control to configure how F-Secure Anti-Virus for Microsoft Exchange scans incoming mail for spam. These settings are used only if F-Secure Spam Control is installed with the product. Otherwise they will be ignored. Figure 8-1 Spam Control settings in a centrally managed environment...
Page 329 CHAPTER 8 Administering F-Secure Spam Control When the heuristic spam analysis is enabled, all messages that the threat detection engine does not classify as spam are further analyzed for spam. When the heuristic spam analysis is disabled, only the threat detection engine scans inbound mails for spam.
Page 330 Add X-Header with Specifies if the spam flag will be added to the Spam flag mail as a X-Spam-Flag header in the following format: X-Spam-Flag: <flag> where <flag> is either "YES" or "NO". YES - the mail is considered spam. NO - the mail is not considered spam.
Page 331: Spam Control Settings In Web Console
You can configure the spam control settings on the Spam Control page of the F-Secure Anti-Virus for Microsoft Exchange Web Console. These settings are used only if F-Secure Spam Control is installed with the product, otherwise they are be ignored.
Page 332 Figure 8-2 Spam Control settings in a locally managed environment Check messages for Specify whether inbound mails should be spam scanned for spam. Realtime Blackhole List (RBL) spam filtering is not enabled by default even if you enable spam filtering from the settings. For information on configuring Realtime Blackhole Lists, see Realtime Blackhole List Configuration “...
Page 333 CHAPTER 8 Administering F-Secure Spam Control When the heuristic spam analysis is disabled, only the threat detection engine scans inbound mails for spam. Heuristic spam analysis slows down the performance but improves the spam detection rate. Spam filtering level Specify the spam filtering level. Decreasing the level allows less spam to pass, but more regular mails may be falsely identified as spam.
Page 334 Drop message - The message is deleted. Add X-Header with Specifies if the spam flag will be added to the Spam flag mail as a X-Spam-Flag header in the following format: X-Spam-Flag: <flag> where <flag> is either "YES" or "NO". YES - the mail is considered spam.
Page 335 CHAPTER 8 Administering F-Secure Spam Control Example: X-Spam-Status: Yes, hits=8 required=5 tests=DATE_IN_FUTURE_03_06, DATE_SPAMWARE_Y2K,FORGED_MUA_THEBAT_BOUN, MISSING_MIMEOLE,MISSING_OUTLOOK_NAME Add this text to spam Specify the text that will be added in the message subject beginning of the subject of an e-mail considered spam. Maximum message...
Page 336: Realtime Blackhole List Configuration
Realtime Blackhole List Configuration This section describes how to enable and disable Realtime Blackhole Lists, how to optimize F-Secure Spam Control performance, and how to specify blocked and safe recipients and senders by using black- and whitelisting. 8.4.1 Enabling Realtime Blackhole Lists The product supports DNS Blackhole List (DNSBL), also known as Realtime Blackhole List (RBL), functionality in spam filtering.
Page 337 F-Secure Content Scanner Server through F-Secure Anti-Virus for Microsoft Exchange Web Console. You can force F-Secure Spam Control to use a specific DNS server (not necessarily configured in Microsoft Windows networking) by adding a new system environment variable as described in the instructions below.
Page 338: Optimizing F-Secure Spam Control Performance
To force F-Secure Spam Control to use a specific DNS server, do the following: 1. Right-click the My Computer icon and select Properties. Select Advanced and click the Environment Variables.. button. In the System variables panel click New... In the New System Variable dialog specify the new variable as...
Page 339 CHAPTER 8 Administering F-Secure Spam Control 'spam-scanner-instances' (oid=1.3.6.1.4.1.2213.18.1.35.500) has been set to 5. To take the new setting into use, restart F-Secure Content Scanner Server. IMPORTANT: Each additional instance of the Spam Scanner takes approximately 25Mb of memory (process fsavsd.exe). Typically...
Page 340 PDATING IRUS AND EFINITION ATABASES Overview................... 341 Automatic Updates with F-Secure Automatic Update Agent ..341 Configuring Automatic Updates..........342 Manual Updates ............... 342...
Page 341: Overview
With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published. When a new virus is found, F-Secure provides a new virus definition database update. F-Secure Automatic Update Agent uses HTTP protocol to fetch this update. Virus and spam definition updates are digitally signed for maximum security.
Page 342: Configuring Automatic Updates
Automatic Update Agent Settings”, 212. Manual Updates If you do not want to use F-Secure Automatic Update Agent to automatically update your virus definition database, you can do it manually with a program called FSUPDATE or by downloading the LATEST.ZIP file.
Page 343: Updating The Virus Definition Database Remotely Using Latest.zip
Updating Virus and Spam Definition Databases 9.4.2 Updating the Virus Definition Database Remotely Using LATEST.ZIP You can update the virus definition database remotely by using F-Secure Policy Manager and downloading the LATEST.ZIP archive as follows: 1. Download the LATEST.ZIP archive from: http://www.f-secure.com/download-purchase/updates.shtml Run F-Secure Policy Manager console.
Page 344 Cluster System and Network Recommendations ......... 345 Installation Overview ..............347 Creating Quarantine Storage............ 348 Installing the Product..............356 Administering the Cluster Installation with F-Secure Policy Manager ................... 360 Using the Quarantine in the Cluster Installation ....... 363 Troubleshooting................ 363...
Page 345: System And Network Recommendations
F-Secure Policy Manager When F-Secure Anti-Virus for Microsoft Exchange is installed on a cluster, you have to use F-Secure Policy Manager to administer it. F-Secure Policy Manager must be installed on a separate server, it cannot be installed on the cluster. It is recommended to use F-Secure Policy Manager version 6.01 or later.
Page 346 Sample Active-Active Cluster Deployment The following diagram displays how the product can be deployed and used on the active-active cluster environment.
Page 347: Installation Overview
Follow these steps to deploy and use F-Secure Anti-Virus for Microsoft Exchange on a cluster. 1. Install F-Secure Policy Manager on a dedicated server. If you already have F-Secure Policy Manager installed in the network, you can use it to administer F-Secure Anti-Virus for Microsoft Exchange. For more information, see F-Secure Policy Manager Administrator’s Guide.
Page 348: Creating Quarantine Storage
Creating Quarantine Storage Follow instructions in this section to create the Quarantine Storage. A.3.1 Quarantine Storage in Active-Passive Cluster 1. Log on to the active node of the cluster with thedomain administrator account. 2. Create a directory for the quarantine storage on the physical disk shared by the cluster nodes.
Page 349 APPENDIX A Deploying the Product on a Cluster Enter the following information: Name: F-Secure Quarantine Storage Resource Type: File Share Group: make sure that your Exchange Virtual Server is selected. Click Next. 5. Possible Owners dialog opens. 6. Verify that all nodes that are running Exchange Server are listed under Possible owners and click Next.
Page 350 In Available resources, select the Exchange Server Network Name and the disk with the quarantine storage directory and click add them to Resource dependencies. Click Next. 8. File Share Parameters dialog opens.
Page 351 Windows Explorer.) E Enter the directory name you created on step 2 as Path (for example, D:\Quarantine). In the Comment box, type F-Secure Quarantine Storage. Make sure that User limit is set to Maximum allowed. Click Permissions...
Page 352 Full Control, Change and Read permissions for Administrator account. Click OK. 10. In File Share Parameters dialog, click Advanced. Make sure that Normal share is selected in Advanced File Share Properties. Click OK. 11. In File Share Parameters dialog, click Finish to create F-Secure Quarantine Storage resource.
Page 353: A.3.2 Quarantine Storage In Active-Active Cluster
APPENDIX A Deploying the Product on a Cluster 12. Right-click the F-Secure Quarantine Storage resource and click Bring Online. A.3.2 Quarantine Storage in Active-Active Cluster For an active-active cluster installation, the quarantine storage must be set on a dedicated computer. This computer should be the member of the same domain as your Exchange Servers.
Page 354 Type FSAVMSEQS$ as Share name and make sure that User limit is set to Maximum Allowed. Click Permissions 5. Permissions dialog opens. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names. Remove Everyone account. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM, and Full Control, Change and Read permissions for Administrator account.
Page 355 APPENDIX A Deploying the Product on a Cluster Remove all existing groups and users and add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names. Grant all except Full Control permissions for Exchange Domain Servers and SYSTEM. Grant all permissions for Administrator.
Page 356: Installing The Product
1. Log on to the active node of the cluster using a domain administrator account. 2. Run F-Secure Anti-Virus for Microsoft Exchange setup wizard. Install the product in the centralized management mode. Specify the IP address of F-Secure Policy Manager Server and admin.pub that you created during the F-Secure Policy Manager installation.
Page 357 APPENDIX A Deploying the Product on a Cluster 4. The setup program asks to specify the SQL Server to use for the quarantine database. Select the server running Microsoft SQL Server. 5. Complete the installation on the active node. 6. Log on to the passive node of the cluster using a domain administrator account.
Page 358: A.4.2 Installing On Active-Active Cluster
1. Log on to the first node of the cluster using a domain administrator account. 2. Run F-Secure Anti-Virus for Microsoft Exchange setup wizard. Install the product in the centralized management mode. Specify the IP address of F-Secure Policy Manager Server and admin.pub that you created during the F-Secure Policy Manager installation.
Page 359 APPENDIX A Deploying the Product on a Cluster Specify the UNC path to the Quarantine Storage share that you created before the installation as the Quarantine Directory. For example, \\<Server>\FSAVMSEQS$, where <Server> is the name of the server where you created the quarantine storage share. 4.
Page 360: Administering The Cluster Installation With F-Secure Policy
Select Use the existing database. 8. Complete the installation on the second node. Administering the Cluster Installation with F-Secure Policy Manager To administer the product installed on a cluster, create a new subdomain under your organization or network domain. Import all cluster nodes to...
Page 361 To change product configuration on all cluster nodes, follow these instructions: 1. Select the cluster subdomain in the Policy Domains tree. 2. Change required settings. 3. Distribute the policy. 4. All nodes receive new settings next time they poll the F-Secure Policy Manager Server.
Page 362 If you need to change settings on a particular node, follow these instructions: 1. Select the corresponding host in the Policy Domains. 2. Change required settings. 3. Distribute the policy. 4. The host receives new settings next time it polls the F-Secure Policy Manager Server.
Page 363: Using The Quarantine In The Cluster Installation
SYSTEM and Exchange Domain Servers, and full control is allowed for Administrator. To change the location of the quarantine storage from F-Secure Policy Manager Console, use the Final flag to override the setting set during product installation on the host.
Page 364 APPENDIX: Variables in Warning Messages List of Variables ................ 365 Outbreak Management Alert Variables........367...
Page 365: List Of Variables
[Unknown]. Variable Description $ANTI-VIRUS-SERVER The DNS/WINS name or IP address of F-Secure Anti-Virus for Microsoft Exchange. $CSS-NAME The DNS/WINS name or IP address of F-Secure Content Scanner Server. $NAME-OF-SENDER The e-mail address where the original content comes from.
Page 366 The following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $REPORT-BEGIN and $REPORT-END. Variable Description $AFFECTED-FILENAM The name of the original file or attachment. $AFFECTED-FILESIZE The size of the original file or attachment.
Page 367: Outbreak Management Alert Variables
APPENDIX B Variables in Warning Messages Outbreak Management Alert Variables $INTERVAL-TIME Detection interval in minutes. $INTERVAL-MINUTES Outbreak limit of infections within detection interval. $INFECTIONS-LIMIT Actual number of infections found within the detection interval. $INFECTIONS-FOUND Detection interval in minutes.
Page 368 APPENDIX: Services and Processes F-Secure Anti-Virus for Microsoft Exchange ......369 F-Secure Content Scanner Server ........... 370 F-Secure Anti-Virus for Microsoft Exchange Web Console..370 F-Secure Management Agent (FSMA) ........371 F-Secure Automatic Updates Agent......... 373...
Page 369: F-Secure Anti-Virus For Microsoft Exchange
APPENDIX C Services and Processes The following tables list the services and processes that are running on the system after the installation. F-Secure Anti-Virus for Microsoft Exchange Service Process Description F-Secure fshkmngr.exe The F-Secure Hook Manager Anti-Virus for is a central component of...
Page 370: F-Secure Content Scanner Server
The Database Update Handler process verifies and checks the integrity of virus definition and spam control database updates. F-Secure Anti-Virus for Microsoft Exchange Web Console Service Process Descriptions HTTP server that hosts F-Secure Web UI fswebuid.exe...
Page 371: F-Secure Management Agent (Fsma)
APPENDIX C Services and Processes F-Secure Management Agent (FSMA) Service Process Description F-Secure fsma32.exe F-Secure Management Agent Management is an FSMA service Agent responsible for starting other services and monitoring them. F-Secure Network fnrb32.exe The service handles the Request Broker...
Page 372 Windows event log and SMTP server. fih32.exe F-Secure Installation Handler enables the remote installation and updating of integrated F-Secure products. fsm32.exe The F-Secure Settings and Statistics User Interface. The process is not running unless the user is logged in to the system.
Page 373: F-Secure Automatic Updates Agent
F-Secure Automatic Update.exe. This is the client process that polls and automatically downloads virus and spam definition database updates from F-Secure. It also handles F-Secure Automatic Updates Agent settings and provides the local user interface for a logged-on user. FSBWSYS.exe...
Page 374 ROUBLESHOOTING Overview................... 375 Starting and Stopping............375 Viewing the Log File ..............375 Common Problems and Solutions ..........376 Frequently Asked Questions ............ 381 F-Secure Automatic Update Agent Troubleshooting ....386...
Page 375: Overview
Support”, 392. Starting and Stopping If you ever need to start or stop F-Secure Anti-Virus for Microsoft Exchange, you can do it in the following ways: Open the Services applet from the Administrative tools folder in the Windows Control Panel and select F-Secure Anti-Virus for Microsoft Exchange.
Page 376: Common Problems And Solutions
Agent / Settings / Alerting / Alert Agents / Logfile / Maximum File Size. Common Problems and Solutions If you think that you have some problem with F-Secure Anti-Virus for Microsoft Exchange, check that both F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server are up and running.
Page 377 If your connection attempt was unsuccessful, (1) make sure that F-Secure Content Scanner Server is up and running, and (2) check the physical connection between F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server.
Page 378 I cannot open or access F-Secure Anti-Virus for Microsoft Exchange Web Console. Solution: 1. Make sure that F-Secure Web Console daemon has started and is running. Check the Services in Windows Control Panel. The following service should be started: F-Secure Web Console Daemon...
Page 379: D.4.1 Installing Service Packs
Check the Task Manager. The following process should be running: fswebuid.exe If you try to connect to the F-Secure Anti-Virus for Microsoft Exchange Web Console from a remote host, make sure that the connection is not blocked by a firewall or proxy server.
Page 380: D.4.3 Administration Issues
Final check box. This applies to the Primary and Backup Content Scanner Servers, Port, and Quarantine storage settings of F-Secure Anti-Virus for Microsoft Exchange and to the Working directory and Quarantine storage settings of F-Secure Content Scanner Server.
Page 381: Frequently Asked Questions
“Cannot open message” or “Cannot open message in preview pane”. What should be done? A. Check that F-Secure Content Scanner Server is up and running. If a mail cannot be scanned, access to it is not allowed. Q. Why does e-mail stay in the Outbox for a while after being sent? A.
Page 382 Server and F-Secure Anti-Virus for Microsoft Exchange components, F-Secure Content Scanner Server may shut down before F-Secure Anti-Virus for Microsoft Exchange components, which may cause them to report that they have lost the connection to F-Secure Content Scanner Server. Settings Q.
Page 383 A. Primary and Backup Content Scanner Servers settings are initially configured during the installation of F-Secure Anti-Virus for Microsoft Exchange and can thus be viewed on the Status tab of F-Secure Policy Manager Console. To override the settings made by the setup program, select the Final check box when changing this setting in F-Secure Policy Manager Console for the first time.
Page 384 Q. Can all files on a Microsoft Exchange computer be scanned for viruses, or are some files and folders excluded from scanning automatically? A. The working and quarantine directories of F-Secure Anti-Virus for Microsoft Exchange are added to the OAS excluded list during the installation.
Page 385 OLE object. What is this file and why do I get a warning message when I try to open the file? A. The original message had an infection which F-Secure Anti-Virus for Microsoft Exchange removed and replaced with the Attachment_Information.txt file.
Page 386: F-Secure Automatic Update Agent Troubleshooting
F-Secure Automatic Update Agent Troubleshooting The F-Secure Automatic Update Agent log file may be useful when solving problems when virus and/or spam definition databases do not update properly. Open the F-Secure Automatic Update Agent...
Page 387 Q. How can I verify that updating the virus and spam definition databases really works? A. First, open the F-Secure Automatic Update Agent window from F-Secure Settings and Statistics and select the Received Packages tab. If a virus definitions database update has been downloaded, you should see something like “F-Secure Anti-Virus Update 2004-06-09”...
Page 388 Standard mode and the update directory is in a network drive. Open the Settings page in the F-Secure Automatic Update Agent window and click Change select the destination directory again.
Page 389 F-Secure Content Scanner Server does not immediately retrieve the files from there. The delay depends on the polling interval of F-Secure Management Agent, with a default interval of 10 minutes the delay can be up to 20-30 minutes. In a stand-alone installation, make sure F-Secure Automatic Update Agent is installed in Stand-alone mode.
Page 390 Q. I installed the F-Secure Automatic Update Agent, but it has not downloaded any virus definition updates. What’s wrong? A. Select the Received Packages tab in the F-Secure Automatic Update Agent window and check that no virus definitions update packages are listed in there.
Page 391 If you have determined that you are connecting through an HTTP proxy server, enable the “Use HTTP proxy” checkbox on the F-Secure Automatic Update Agent window’s Settings page and type in the field the proxy server address and port number that you retrieved from your browser (i.e.
Page 392: Technical Support
Technical Support F-Secure Online Support Resources........393 Web Club.................. 395 Virus Descriptions on the Web ..........395...
Page 393: F-Secure Online Support Resources
If you have questions about F-Secure Anti-Virus for Microsoft Exchange not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly.
Page 394 You can also find and run the FSDiag.exe utility under the F-Secure\Common folder, if you prefer not to do it through the F-Secure Anti-Virus for Microsoft Exchange Web Console. The tool generates a file called FSDiag.tar.gz.
Page 395: Web Club
Technical Support Web Club The F-Secure Web Club provides assistance and updated versions of the F-Secure products. To connect to the Web Club on our Web site, open the F-Secure Anti-Virus for Microsoft Exchange Web Console, and click the Web Club link in the banner.
Page 396 F-Secure Corporation is the fastest growing publicly listed company in the antivirus and intrusion prevention industry with more than 50% revenue growth in 2004. Founded in 1988, F-Secure has been listed on the Helsinki Stock Exchange since 1999. We have our headquarters in Helsinki, Finland, and offices in USA, France, Germany, Italy, Sweden, the United Kingdom and Japan.

This manual is also suitable for:

Anti-virus for microsoft exchange

F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 Administrator's Manual

Table of Contents

Chapter 1 Introduction

Chapter 2 Deployment

Chapter 3 Installation

Chapter 4 Using F-Secure Anti-Virus for Microsoft Exchange

Chapter 5 Centrally Managed Administration

Chapter 6 Administration with Web Console

Chapter 7 Quarantine

Chapter 9 Updating Virus and Spam Definition Databases

7 Q Uarantine M Anagement

8 A Dministering F-S S Ecure Pam C Ontrol

Chapter 8 Administering F-Secure Spam Control

9 U V Pdating Irus and S D Pam Efinition D Atabases

Appendix: Deploying the Product on a Cluster

Appendix A Deploying the Product on a Cluster

Appendix B Variables in Warning Messages

Appendix C Services and Processes

Quick Links

Chapters

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62

Summary of Contents for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62