Page 1 F-Secure Anti-Virus for Microsoft Exchange Administrator’s Guide...
Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Page 3: Table Of Contents
Introduction Overview ........................15 How F-Secure Anti-Virus for Microsoft Exchange Works........... 16 Key Features......................19 Scanning Methods ..................... 21 F-Secure Anti-Virus Mail Server and Gateway Products ........... 22 Chapter 2 Deployment Installation Modes ...................... 24 Network Requirements....................25 Deployment Scenarios ....................26 2.3.1 Single Exchange Server (2000/2003/2007)............27...
Page 4 Installation Overview ....................45 Installing F-Secure Anti-Virus for Microsoft Exchange..........46 After the Installation ....................60 3.7.1 Importing Product MIB files to F-Secure Policy Manager Console....60 3.7.2 Configuring the Product.................. 61 Upgrading from the Version 6.62 ................63 Upgrading the Evaluation Version................65 3.10 Uninstalling F-Secure Anti-Virus for Microsoft Exchange ..........
Page 5 5.4.4 Database Updates..................138 5.4.5 Spam Filtering ....................138 5.4.6 Threat Detection Engine................139 5.4.7 Proxy Configuration ..................140 5.4.8 Advanced......................141 F-Secure Content Scanner Server Statistics ............142 5.5.1 Server ......................142 5.5.2 Scan Engines ....................143 5.5.3 Common .......................144 5.5.4 Spam Control....................144 5.5.5 Virus Statistics ....................145 F-Secure Management Agent Settings ..............145...
Page 6 7.6.3 Removing the Quarantined Content .............275 7.6.4 Deleting Old Quarantined Content Automatically .........275 Moving the Quarantine Storage ................276 Chapter 8 Administering F-Secure Spam Control Overview ........................279 Spam Control Settings in Centrally Managed Environments ........280 Spam Control Settings in Web Console ..............284...
Page 7 C.3 Installing the Product....................323 C.3.1 Installing on Active-Passive Cluster .............323 C.3.2 Installing on Active-Active Cluster ..............325 C.4 Administering the Cluster Installation with F-Secure Policy Manager......328 C.5 Using the Quarantine in the Cluster Installation............329 C.6 Uninstallation......................331 C.7 Troubleshooting .......................331 Appendix D Sending E-mail Alerts And Reports D.1 Overview .........................
Page 8 E.3 Viewing the Log File....................338 E.4 Common Problems and Solutions................338 E.4.1 Installing Service Packs................341 E.4.2 Securing the Quarantine................342 E.4.3 Administration Issues ...................342 E.5 Frequently Asked Questions ..................343 Technical Support F-Secure Online Support Resources ................345 Web Club .........................347 Virus Descriptions on the Web ..................347...
Page 9: About This Guide
BOUT UIDE How This Guide Is Organized............ 10 Conventions Used in F-Secure Guides ........13...
Page 10: How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is divided into the following chapters: Chapter 1. Introduction. General information about F-Secure Anti-Virus for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and Gateway products. Chapter 2. Deployment. Instructions and examples how to set up your network environment before you can install F-Secure Anti-Virus for Microsoft Exchange.
Page 11 Support. Contains the contact information for assistance. About F-Secure Corporation. Describes the company background and products. See the F-Secure Policy Manager Administrator's Guide for detailed information about installing and using the F-Secure Policy Manager components: F-Secure Policy Manager Console, the tool for remote administration of F-Secure Anti-Virus for Microsoft Exchange.
Page 12: Conventions Used In F-Secure Guides
Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
Page 13 In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.
Page 14: Introduction
NTRODUCTION Overview..................15 How F-Secure Anti-Virus for Microsoft Exchange Works ... 16 Key Features ................19 Scanning Methods..............21 F-Secure Anti-Virus Mail Server and Gateway Products.... 22...
Page 15: Overview
Sober, Netsky and Bagle, have caused a lot of damage around the world. F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to shield the company network from any malicious code that travels in HTTP or SMTP traffic.
Page 16: How F-Secure Anti-Virus For Microsoft Exchange Works
How F-Secure Anti-Virus for Microsoft Exchange Works F-Secure Anti-Virus for Microsoft Exchange is designed to detect and disinfect viruses and other malicious code from e-mail transmissions through Microsoft Exchange Server. Scanning is done in real time as the mail passes through Microsoft Exchange Server. On-demand scanning of user mailboxes and public folders is also available.
Page 17 Our team of dedicated virus researchers is on call 24-hours a day responding to new and emerging threats. In fact, F-Secure is one of the only companies to release tested virus definition updates continuously, to make sure our customers are receiving the highest quality service and protection.
Page 18 F-Secure Policy Manager Console and all managed systems. Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft Exchange, which (2) filters malicious content from mails and attachments, and (3) delivers cleaned files forward.
Page 19: Key Features
CHAPTER 1 Introduction Key Features F-Secure Anti-Virus for Microsoft Exchange provides the following features and capabilities. Superior Protection Superior detection rate with multiple scanning engines. Automatic malicious code detection and disinfection. The grayware scan detects spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs.
Page 20 Controlling and monitoring the behavior of the products remotely. Starting predefined operations remotely. Monitoring statistics provided by the products remotely with F-Secure Policy Manager or F-Secure Anti-Virus for Microsoft Exchange Web Console. Possibility to configure and manage stand-alone installations with the convenient F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 21: Scanning Methods
CHAPTER 1 Introduction Scanning Methods Virus Scanning The virus scan uses virus definition databases to detect and disinfect viruses. Virus definition databases are updated typically multiple times a day and they provide an always up-to-date protection capability. Heuristic Scanning The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 22: F-Secure Anti-Virus Mail Server And Gateway Products
F-Secure Anti-Virus Mail Server and Gateway Products The F-Secure Anti-Virus product line consists of workstation, file server, mail server, gateway and mobile products. F-Secure Anti-Virus for Microsoft Exchange™ protects your Microsoft Exchange users from malicious code contained within files they receive in mail messages and documents they open from shared databases.
Page 23: Chapter 2 Deployment
EPLOYMENT Installation Modes............... 24 Network Requirements............... 25 Deployment Scenarios ............... 26...
Page 24: Installation Modes
Installation Modes F-Secure Anti-Virus for Microsoft Exchange can be installed either in stand-alone or centrally administered mode. In stand-alone installation, F-Secure Anti-Virus for Microsoft Exchange is managed with Web Console. In centrally administered mode, it is managed centrally with F-Secure Policy Manager components: F-Secure Policy Manager Server and F-Secure Policy Manager Console.
Page 25: Network Requirements
This network configuration is valid for all scenarios described in this chapter. Make sure that the following network traffic can pass through: Service Process Inbound ports Outbound ports F-Secure Content Scanner %ProgramFiles%\F-Secure\Cont 18971 (TCP) (on DNS (53, UDP/TCP), Server ent Scanner Server\fsavsd.exe...
Page 26: Deployment Scenarios
Depending on how the Microsoft Exchange Server roles are deployed in your environment, you might consider various scenarios of deploying F-Secure Anti-Virus for Microsoft Exchange. There are various ways to deploy F-Secure Anti-Virus for Microsoft Exchange that are suitable to...
Page 27: Single Exchange Server (2000/2003/2007)
Install F-Secure Anti-Virus for Microsoft Exchange to the server running Microsoft Exchange Server or Microsoft Small Business Server. Installing F-Secure Spam Control If you have a license for F-Secure Spam Control, you can install it on the same server with F-Secure Anti-Virus for Microsoft Exchange. Administration Modes You can install the product in stand-alone mode and administer it with the Web Console.
Page 28: Multiple Exchange 2000/2003 Servers
Install F-Secure Anti-Virus for Microsoft Exchange to both front-end and back-end Exchange servers. Installing F-Secure Spam Control If you have a license for F-Secure Spam Control, you can install it on the front-end server with F-Secure Anti-Virus for Microsoft Exchange. Administration Modes Install F-Secure Policy Manager Server on a dedicated server or on the same server with one of Exchange servers.
Page 29: Multiple Exchange Server 2007 Roles
Exchange servers. Installing F-Secure Anti-Virus for Microsoft Exchange Install F-Secure Anti-Virus for Microsoft Exchange to all servers where Exchange Edge, Hub and Mailbox Server roles are deployed. If the Exchange role is changed later, the product has to be...
Page 30: Large Organization Using Exchange 2007
Installing F-Secure Spam Control If you have a license for F-Secure Spam Control, you can install it on the Edge server. Administration Modes Install F-Secure Policy Manager Server on a dedicated server or on the same server with one of Exchange servers. You can administer the product with F-Secure Policy Manager Console.
Page 31 Exchange Edge, Hub and Mailbox Server roles are deployed. Do not install the product to Client Access or Unified Messaging Server roles. Installing F-Secure Spam Control If you have a license for F-Secure Spam Control, you can install it on the Edge server. Administration Modes Install F-Secure Policy Manager Server on a dedicated server.
Page 32: Centralized Quarantine Management
For example, you have front-end and back-end servers running Exchange Server 2000/2003, or a network configuration with Edge and Mailbox roles running Exchange Server 2007. Microsoft SQL Server is installed on a dedicated server or on the server running F-Secure Policy Manager Server.
Page 33 Microsoft SQL Server 2005 Express Edition included in F-Secure Anti-Virus for Microsoft Exchange, the Quarantine database size is limited to 4 GB. You can use F-Secure Anti-Virus for Microsoft Exchange Web Console to manage and search quarantined content. For more information, see “Quarantine...
Page 34 1. Open Microsoft SQL Server Management Studio or Microsoft SQL Server Management Studio Express. If you do not have Microsoft SQL Server Management Studio installed, you can freely download Management Studio Express from Microsoft web site. Connect to the SQL server. In Object Explorer, go to Security >...
Page 35: Installation
System Requirements ..............36 Other System Component Requirements........40 Improving Reliability and Performance........43 Installation Overview ..............45 Installing F-Secure Anti-Virus for Microsoft Exchange ....46 After the Installation..............60 Upgrading from the Version 6.62..........63 Upgrading the Evaluation Version ..........65...
Page 36: System Requirements
System Requirements F-Secure Anti-Virus for Microsoft Exchange is installed on the computer running Microsoft Exchange Server. The release notes document contains the latest information about the product and might have changes to system requirements and the installation procedure. It is highly recommended to read the release notes before you proceed with the installation.
Page 37 100Mbps Fast Ethernet NIC, switched network connection F-Secure Policy F-Secure Policy Manager 8.11 or newer. Manager version: F-Secure Policy Manager is required only in centrally managed environments. Other: A CD-ROM drive is required if you are installing the product from CD-ROM.
Page 38: Installation On Microsoft Exchange Server 2007
3.1.2 Installation on Microsoft Exchange Server 2007 The product can be installed on a computer running one of the following Microsoft Exchange Server versions: Microsoft® Exchange Server 2007 (64-bit version) with the latest service pack Microsoft® Small Business Server 2008 The 32-bit evaluation version of Microsoft Exchange Server 2007 is not supported.
Page 39 100Mbps Fast Ethernet NIC, switched network connection F-Secure Policy F-Secure Policy Manager 8.11 or newer. Manager version: F-Secure Policy Manager is required only in centrally managed environments. Other: A CD-ROM drive is required if you are installing the product from CD-ROM.
Page 40: Other System Component Requirements
Microsoft SQL Server 2008 (Enterprize, Standard, Workgroup or Express edition) Microsoft SQL Server 2005 Express Edition Service Pack 3 is distributed with the product and can be installed during F-Secure Anti-Virus for Microsoft Exchange Setup. When centralized quarantine management is used, the SQL server must be reachable from the network and file sharing must be enabled.
Page 41 Express Edition if you are planning to use centralized quarantine management with multiple F-Secure Anti-Virus for Microsoft Exchange installations. Microsoft SQL Server 2005 Express Edition is delivered together with F-Secure Anti-Virus for Microsoft Exchange, and you can install it during the F-Secure Anti-Virus for Microsoft Exchange Setup.
Page 42: Additional Windows Components
If you plan to use Microsoft SQL Server 2000, 2005 or 2008, you must purchase it and obtain your own license before you start to deploy F-Secure Anti-Virus for Microsoft Exchange. To purchase Microsoft SQL Server 2005 or 2008, contact your Microsoft reseller.
Page 43: Web Browser Software Requirements
If the system load is high, a fast processor on the Microsoft Exchange Server speeds up the e-mail message processing. As Microsoft Exchange Server handles a large amount of data, a fast processor alone is not enough to guarantee a fast operation of F-Secure Anti-Virus for Microsoft Exchange. Memory...
Page 44: Centrally Administered Or Stand-Alone Installation
Policy Manager Console. You can select the management method when you install the product. If you already use F-Secure Policy Manager to administer other F-Secure products, it is recommended to install F-Secure Anti-Virus for Microsoft Exchange in centralized administration mode.
Page 45: Installation Overview
CHAPTER 3 Installation Installation Overview F-Secure Anti-Virus for Microsoft Exchange can be installed to the same computer that runs F-Secure Anti-Virus for Servers 8.0. You should uninstall any potentially conflicting products, such as other anti-virus, file encryption, and disk encryption software, which employ low-level device drivers, before you install F-Secure Anti-Virus for Microsoft Exchange.
Page 46: Installing F-Secure Anti-Virus For Microsoft Exchange
1. Install F-Secure Anti-Virus for Microsoft Exchange. For more information, see “Installing F-Secure Anti-Virus for Microsoft Exchange”, 46. Check that F-Secure Automatic Update Agent can retrieve the latest virus and spam definition databases. For more information, see “Updating Virus and Spam Definition Databases”, 293.
Page 47 CHAPTER 3 Installation Step 2. Read the information in the Welcome screen. Click Next to continue. Step 3. Read the license agreement. If you accept the agreement, check the I accept this agreement checkbox and click Next to continue.
Page 48 Step 4. Enter the product keycode. Click Next to continue. Step 5. Choose the components to install. For more information about F-Secure Spam Control, see “Administering F-Secure Spam Control”, 278. Click Next to continue.
Page 49 Click Next to continue. Step 7. Choose the administration method. If you install F-Secure Anti-Virus for Microsoft Exchange in stand-alone mode, you cannot configure settings and receive alerts and status information in F-Secure Policy Manager Console. Click Next to continue.
Page 50 If you selected the stand-alone installation, continue to Step 10., If you select the stand-alone mode, use the F-Secure Anti-Virus for Microsoft Exchange Web Console to change product settings and to view statistics. For more information, see “Administration with Console”, 149.
Page 51 URL of the F-Secure Policy Manager Server you installed earlier. Click Next to continue. If the product MIB files cannot be uploaded to F-Secure Policy Manager during installation, you can import them manually. For more information, see “Importing Product MIB files to F-Secure Policy Manager Console”, 60.
Page 52 Step 10. Enter an SMTP address that will be used by F-Secure Anti-Virus for Microsoft Exchange to send warning and informational messages to end-users. The SMTP address should be a valid, existing address that is allowed to send messages. Click Next to continue.
Page 53 CHAPTER 3 Installation Step 12. Specify the location of the Quarantine database. If you want to install Microsoft SQL Server 2005 Express Edition and the Quarantine database on the same server as the product installation, select (a) Install and use Microsoft SQL Server 2005 Express Edition. If you are using Microsoft SQL Server already, select (b) Use the existing installation of MIcrosoft SQL Server.
Page 54 Enter the password for the database server administrator account that will be used to create the new database. Click Next continue. Then, specify the name for the SQL database that stores information about the quarantined content. Enter the user name and the password that you want to use to connect to the quarantine database.
Page 55 CHAPTER 3 Installation Specify the computer name of the SQL Server where you want to create the Quarantine database. Enter the password for the sa account that you use to log on to the server. Click Next to continue. If the server has a database with the same name, you can either use the existing database, remove the existing database and create a new one or keep the existing database and create a new one with a new name.
Page 56 F-Secure World Map service. If you agree to send statistics to F-Secure World Map, select Yes and click Next to continue. If you enable F-Secure World Map support, make sure that the server can relay messages properly. For more information, see “Sending E-mail Alerts And...
Page 57 CHAPTER 3 Installation Step 14. If you selected the centralized administration mode, specify the DNS name or IP address of the F-Secure Policy Manager Server and the administration port. Click Next to continue. Step 15. If you selected the centralized administration mode, the installation...
Page 58 If you want to skip installing MIB files, click Cancel. You can install MIB files later either manually or by running the Setup again. Step 16. The list of components that will be installed is displayed. Click Start to install listed components. Step 17.
Page 59 CHAPTER 3 Installation Step 18. The installation is complete. Click Finish to close the Setup wizard.
Page 60: After The Installation
F-Secure Anti-Virus for Microsoft Exchange MIB JAR file cannot be uploaded to F-Secure Policy Manager Server during the installation. In these cases you will have to import the MIB files to F-Secure Policy Manager. You will have to import the MIB files if:...
Page 61: Configuring The Product
Installation 3.7.2 Configuring the Product After the installation, F-Secure Anti-Virus for Microsoft Exchange is functional, but it is using mostly default values. It is highly recommended to go through all the settings of all installed components. Configure F-Secure Anti-Virus for Microsoft Exchange.
Page 62 If F-Secure Anti-Virus for Microsoft Exchange has been installed in the centralized administration mode, configure the mail direction with F-Secure Policy Manager Console. For more information, see “Network...
Page 63: Upgrading From The Version 6.62
%Program Files%\F-Secure\Anti-Virus Agent for Microsoft Exchange\msemigrpt.htm. Check the product configuration to finish the upgrade. Centralized Before you install the latest version of the product, upgrade F-Secure Administration Policy Manager to version 8.11. Mode We recommend that you back up your policy data (select Save Policy As in the Policy Manager Console) before the upgrade.
Page 64 To migrate policy settings, click Yes. If you want to migrate policy settings later, follow these instructions: Open F-Secure Policy Manager Console. Go to F-Secure > F-Secure Anti-Virus for Microsoft Exchange > Operations > Policy Migration. Click Migrate. After the policy migration is complete, check the migration report and change the product settings if needed.
Page 65: Upgrading The Evaluation Version
Eenter the new keycode you have received and click Register Keycode. If you do not want to continue to use F-Secure Anti-Virus for Microsoft Exchange after your evaluation license expires, you should uninstall the software. When the license expires, F-Secure Anti-Virus for Microsoft Exchange stops processing e-mails and messages posted to public folders.
Page 66: Uninstalling F-Secure Anti-Virus For Microsoft Exchange
3.10 Uninstalling F-Secure Anti-Virus for Microsoft Exchange To uninstall F-Secure Anti-Virus for Microsoft Exchange, select Add/ Remove Programs from the Windows Control Panel. To uninstall F-Secure Anti-Virus for Microsoft Exchange completely, uninstall the components in the following order: 1. F-Secure Spam Control (if it was installed)
Page 67: Chapter 4 Using F-Secure Anti-Virus For Microsoft Exchange
SING ECURE IRUS FOR ICROSOFT XCHANGE Administering F-Secure Anti-Virus for Microsoft Exchange..68 Using Web Console..............69 Using F-Secure Policy Manager Console........72...
Page 68: Administering F-Secure Anti-Virus For Microsoft Exchange
You can use the F-Secure Anti-Virus for Microsoft Exchange Web Console to start and stop F-Secure Anti-Virus for Microsoft Exchange, check its current status and to connect to F-Secure Web Club for support. In centrally managed installations, F-Secure Anti-Virus for Microsoft Exchange Web Console cannot be used for configuring the system or scanning settings, but you can manage the quarantined content with it.
Page 69: Using Web Console
Using Web Console You can open F-Secure Anti-Virus for Microsoft Exchange Web Console in any of the following ways: Go to Windows Start menu > Programs > F-Secure Anti-Virus for Microsoft Exchange > F-Secure Anti-Virus for Microsoft Exchange Web Console Enter the address of F-Secure Anti-Virus for Microsoft Exchange and the port number in your web browser.
Page 70 When you log in for the first time, your browser displays a Security Alert dialog window about the security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console. You can create a security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console before logging in, and then install the certificate during the login process.
Page 71: Modifying Settings And Viewing Statistics With Web Console
If the Security Alert window is still displayed, click to proceed or log back in to the F-Secure Anti-Virus for Microsoft Exchange Web Console. When the login page opens, log in to Web Console with your user name and the password.
Page 72: Checking The Product Status
4.2.3 Checking the Product Status You can check the overall product status on the Home page of F-Secure Anti-Virus for Microsoft Exchange Web Console. Summary and Services tabs in the Home page displays an overview of each component status and most important statistics of the installed F-Secure Anti-Virus for Microsoft Exchange components.
Page 73 After you have modified settings and cretated a new policy, it must be distributed to hosts. Choose Distribute from the File menu. After distributing the policy, you have to wait for F-Secure Anti-Virus for Microsoft Exchange to poll the new policy file.
Page 74 The settings descriptions in this manual indicate the settings for which you need to use the Final restriction. You can also check in F-Secure Policy Manager Console whether you need to use the Final restriction for a setting. Do the following: 1.
Page 75: Chapter 5 Centrally Managed Administration
ENTRALLY ANAGED DMINISTRATION Overview..................76 F-Secure Anti-Virus for Microsoft Exchange Settings ....76 F-Secure Anti-Virus for Microsoft Exchange Statistics ..... 126 F-Secure Content Scanner Server Settings ......132 F-Secure Content Scanner Server Statistics......142 F-Secure Management Agent Settings ........145...
Page 76: Overview
Overview If F-Secure Anti-Virus for Microsoft Exchange is installed in the centrally administered mode, F-Secure Anti-Virus for Microsoft Exchange is managed centrally with F-Secure Policy Manager. In the centralized administration mode, you can use the F-Secure Anti-Virus for Microsoft Exchange Web Console for the quarantine management and to check the current status of F-Secure Anti-Virus for Microsoft Exchange, but you cannot change any settings with it.
Page 77 CHAPTER 5 Centrally Managed Administration Network Configuration The mail direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Page 78 Separate each IP address with a space. An IP address range can be defined as: a network/netmask pair (for example, 10.1.0.0/255.255.0.0), or a network/nnn CIDR specification (for example, 10.1.0.0/16). You can use an asterisk (*) to match any number or dash (-) to define a range of numbers. For example, 172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.*...
Page 79 CHAPTER 5 Centrally Managed Administration Lists and Templates Match Lists Specify file and match lists that can be used by other settings. List name Specify the name for the match list. Type Specify whether the list contains keywords, file patterns or e-mail addresses. Filter Specify file names, extensions, keywords or email addresses that the match list contains.
Page 80 If you change the Quarantine Storage setting, select the Final checkbox in the Restriction Editor to override initial settings. During the installation, F-Secure Anti-Virus for Microsoft Exchange adjusts the access rights to the Quarantine Storage so that only the product, operating system and the local administrator can access it.
Page 81 CHAPTER 5 Centrally Managed Administration The setting defines the default cleanup interval for all Quarantine categories. To change the cleanup interval for different categories, configure Quarantine Cleanup Exceptions settings. Quarantine Cleanup Specify separate Quarantine retention periods Exceptions and cleanup intervals for infected files, suspicious files, disallowed attachments, disallowed content, spam messages, scan failures and unsafe files.
Page 82 The product generates the message only when the item is removed from the Microsoft Exchange Server store and sends it automatically when you release the item to intended recipients. Automatically Specify how often the product tries to reprocess Process Unsafe unsafe messages that are retained in the Messages Quarantine.
Page 83 Connection Timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server. Send Timeout Specify the time (in seconds) how long the product waits for the sample submission to complete.
Page 84: Transport Protection
If F-Secure Content Scanner Server uses a proxy server when it connects to the threat detection center and the proxy server requires authentication, the proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only.
Page 85 CHAPTER 5 Centrally Managed Administration Attachment Filtering Specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension. Strip Attachments Enable or disable the attachment stripping. List of Attachments to Specify which attachments are stripped from Strip messages.
Page 86 Configure the Alert Forwarding table to specify where the alert is sent based on the severity level. The Alert Forwarding table can be found F-Secure Management Agent/Settings/Alerting. Virus Scanning Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code.
Page 87 CHAPTER 5 Centrally Managed Administration Scan Messages for Enable or disable the virus scan. The virus scan Viruses scans messages for viruses and other malicious code. List of Attachments to Specify attachments that are scanned for Scan viruses. For more information, see “Lists and Templates”, 79.
Page 88 Drop Attachment - Remove the infected attachment from the message and deliver the message to the recipient without the attachment. Drop the Whole Message - Do not deliver the message to the recipient at all. Quarantine Infected Specify whether infected or suspicious Messages messages are quarantined.
Page 89 “Lists and Templates”, 79. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 90 Max Levels in Nested Specify how many levels of archives inside other Archives archives the product scans when Scan Viruses Inside Archives is enabled. Action on Max Specify the action to take on archives with Nested Archives nesting levels exceeding the upper level specified in the Max Levels in Nested Archives setting.
Page 91 “Quarantine Management”, 261. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange blocks a malformed, password protected, or overnested archive file. If the archive is blocked because it contains malware, grayware or disallowed files, the administrator receives a notification about that instead of this notification.
Page 92 Zero-Day Protection Select whether Proactive Virus Threat Detection is enabled or disabled. Proactive virus threat detection can identify new and unknown e-mail malware, including viruses and worms. When proactive virus threat detection is enabled, the product analyzes e-mail messages for possible security threats. All possibly harmful messages are quarantined as unsafe.
Page 93 CHAPTER 5 Centrally Managed Administration Drop Attachment - Remove grayware items from the message. Drop the Whole Message - Do not deliver the message to the recipient. Grayware Exclusion Specify the list of keywords for grayware types List that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan.
Page 94 The Alert Forwarding table can be found in: F-Secure Management Agent/Settings/ Alerting. Content Filtering Specify how F-Secure Anti-Virus filters disallowed content in inbound, outbound and internal messages. Filter Disallowed Specify whether e-mail messages are scanned Content for disallowed content.
Page 95 For more information, see “Lists and Templates”, Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a message with disallowed content. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 96 “Administering F-Secure Spam Control”, 278. You can configure Spam Control settings for inbound messages, and only if you have F-Secure Spam Control installed. The threat detection engine of F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam or virus outbreak.
Page 97 CHAPTER 5 Centrally Managed Administration File Type Recognition Select whether you want to use Intelligent File Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 98 Messages recovery. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange detects a malformed or a suspicious e-mail message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 99: Storage Protection
CHAPTER 5 Centrally Managed Administration Trusted Senders and Recipients You can use trusted senders and recipients lists to exclude some messages from the mail scanning and processing completely. Specify senders who are excluded from the mail Trusted Senders scanning and processing. Specify recipients who are excluded from the Trusted Recipients mail scanning and processing.
Page 100 Virus Scanning Specify messages and attachments in the Microsoft Exchange Storage that should be scanned for malicious code. Disabling virus scanning disables archive processing and grayware scanning as well. Scan Mailboxes Specify mailboxes that are scanned for viruses. Disabled - Do not scan any mailboxes. Scan All Mailboxes - Scan all mailboxes.
Page 101 CHAPTER 5 Centrally Managed Administration Included Folders Specify public folders that are scanned for viruses when the Scan Public Folders setting is set to Scan Only Included Folders. Excluded Folders Specify public folders that are not scanned when the Scan Public Folders setting is set to Scan All Except Excluded Folders.
Page 102 Archive Processing Specify how the product processes archive files in Microsoft Exchange Storage. Archive processing is disabled when virus scanning is disabled. Scan Archives Specify if files inside archives are scanned for viruses and other malicious code. List of Files to Scan Specify files that are scanned for viruses inside Inside Archives archives.
Page 103 CHAPTER 5 Centrally Managed Administration Drop Archive - Archives with exceeding nesting levels are removed. Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content.
Page 104 To manually scan mailboxes and public folders you have specified in the settings, follow these instructions: 1. Browse to the F-Secure Anti-Virus for Microsoft Exchange / Operations / Manual Scanning branch in F-Secure Policy manager Console.
Page 105 CHAPTER 5 Centrally Managed Administration If you want to stop the manual scan in the middle of the scanning process, click Stop and distribute the policy. General Specify which messages you want to scan during the manual scan. Scan Mailboxes Specify mailboxes that are scanned for viruses.
Page 106 Included Folders Specify public folders that are scanned for viruses when the Scan Public Folders setting is set to Scan Only Included Folders. Excluded Folders Specify public folders that are not scanned when the Scan Public Folders setting is set to Scan All Except Excluded Folders.
Page 107 CHAPTER 5 Centrally Managed Administration Quarantine Stripped Specify whether stripped attachments are Attachments quarantined. Do Not Quarantine Specify which files are not quarantined even These Attachments when they are stripped. For more information, “Lists and Templates”, 79. Replacement Text Specify the template for the text that replaces Template the infected attachment when the stripped attachment is removed from the message.
Page 108 Attempt to Disinfect Specify whether the product should try to Infected Attachments disinfect an infected attachment before processing it. If the disinfection succeeds, the product does not process the attachment further. Disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled.
Page 109 CHAPTER 5 Centrally Managed Administration Max Levels in Nested Specify how many levels deep to scan in nested Archives archives, if Scan Viruses Inside Archives is enabled. A nested archive is an archive that contains another archive inside. If zero (0) is specified, the maximum nesting level is not limited.
Page 110 List of Disallowed Specify files which are not allowed inside Files to Detect inside archives. For more information, see “Lists and Archives Templates”, 79. Action on Archives Specify the action to take on archives which with Disallowed Files contain disallowed files. Pass through - Leave the archive to the message.
Page 111 CHAPTER 5 Centrally Managed Administration Quarantine Dropped Specify whether grayware attachments are Grayware quarantined. Do Not Quarantine Specify grayware that are never placed in the This Grayware quarantine. For more information, see “Lists and Templates”, 79. Replacement Text Specify the template for the text that replaces Template the grayware attachment when the grayware attachment is removed from the message.
Page 112 Scheduled Scanning You can schedule scan tasks to scan mailboxes and public folders periodically. The scheduled scanning table displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. To deactivate scheduled tasks in the list, clear the Active checkbox in front of the task.
Page 113 CHAPTER 5 Centrally Managed Administration Step 1. General Properties Enter the name for the new task and select how frequently you want the operation to be performed. Task name Specify the name of the scheduled operation. Do not use any special characters in the task name.
Page 114 Monthly - Every month at the specified time on the same date when the first operation is scheduled to start. Start time Enter the start time of the task in hh:mm format. Start date Enter the start date of the task in mm/dd/yyyy format Step 2.
Page 115 CHAPTER 5 Centrally Managed Administration Scan only included mailboxes - Scan all specified mailboxes. Click Remove edit mailboxes that are scanned. Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Remove to edit mailboxes that are not scanned.
Page 116 Choose which public folders are processed during the scheduled operation. Public folders Specify public folders that are processed during the scheduled scan. Do not scan public folders - Disable the public folder scanning. Scan all public folders - Scan all public folders. Scan only included public folders - Scan all specified public folders.
Page 117 CHAPTER 5 Centrally Managed Administration Step 4. Attachment Filtering Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Lists and Templates”, 79.
Page 118 Do not quarantine Specify file names and file extensions which are these attachments not quarantined even when they are stripped. For more information, see “Lists and Templates”, Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the stripped attachment is removed from the message.
Page 119 CHAPTER 5 Centrally Managed Administration Choose settings for virus scanning during the scheduled operation. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code. General Options Heuristic Scanning Enable or disable the heuristic scanning. The heuristic scanning analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 120 Do not quarantine Specify infections that are never placed in the these infections quarantine. For more information, see “Lists and Templates”, 79. Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the infected attachment is removed from the message.
Page 121 CHAPTER 5 Centrally Managed Administration Step 6. Grayware Scanning Choose settings for grayware scanning during the scheduled operation. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware.
Page 122 Quarantine grayware Specify whether grayware attachments are quarantined. Do not quarantine Specify grayware that are never placed in the this grayware quarantine. For more information, see “Lists and Templates”, 79. Notifications Replacement text Specify the template for the text that replaces template the grayware item when it is removed from the message.
Page 123 CHAPTER 5 Centrally Managed Administration Choose settings for stripping attachments during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 124 Action on password Specify the action to take on archives which are protected archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content. Pass through - Deliver the message with the password protected archive to the recipient.
Page 125 CHAPTER 5 Centrally Managed Administration Choose advanced processing options for all the messages processed during the scheduled operation. Processing options Incremental scanning Specify whether you want to process all messages or only those messages that have not been processed previously during the manual or scheduled processing.
Page 126: F-Secure Anti-Virus For Microsoft Exchange Statistics
Statistics To view statistics, open the Status tab from the Properties pane and open the Statistics subtree. It displays statistics for the host for each F-Secure Anti-Virus for Microsoft Exchange installation. If a policy domain is selected, the Status view displays the number of hosts in the domain and which hosts are disconnected from F-Secure Policy Manager.
Page 127: Common
Displays the last date and time when the Statistics statistics were reset. MIB Version Displays the MIB version number. Installation Directory Displays the complete path where F-Secure Anti-Virus for Microsoft Exchange is installed. Build Displays the F-Secure Anti-Virus for Microsoft Exchange build number.
Page 128: Transport Protection
Common Displays the product name and lists all installed hotfixes. Status Displays whether F-Secure Anti-Virus for Microsoft Exchange is running (started), stopped, or whether the current status of the agent is unknown. 5.3.2 Transport Protection You can view the inbound, outbound and internal message statistics separately.
Page 129: Storage Protection
CHAPTER 5 Centrally Managed Administration Number of Filtered Displays the number of messages that have Messages been found to contain disallowed keywords in the message subject or text. Number of Spam Displays the number of messages that are Messages classified as spam. Last Infection Found Displays the name of the last infection found.
Page 130 Number of Displays the number of suspicious content Suspicious Items found, for example password-protected archives and nested archives. Last Infection Found Displays the name of the last infection found. Last Time Infection Displays the time when the last infection was Found found.
Page 131 CHAPTER 5 Centrally Managed Administration Manual Scanning Total Number of Displays the total number of mailboxes in Mailboxes Exchange Store that the product processes during the manual scan. Number of Processed Displays the number of mailboxes that have Mailboxes been processed. Total Number of Displays the total number of Public folders in the Public Folders...
Page 132: Quarantine
(in megabytes). F-Secure Content Scanner Server Settings Use the variables under the F-Secure Content Scanner Server / Settings branch to define the settings for content providers and to change the general content scanning options.
Page 133: Interface
CHAPTER 5 Centrally Managed Administration 5.4.1 Interface Specify how the server will interact with clients. IP Address Specifies the service listen address in case of multiple network interface cards or multiple IP addresses. If you do not assign an IP address (0.0.0.0), the server responds to all IP addresses assigned to the host.
Page 134: Virus Scanning
5.4.2 Virus Scanning Specify scanning engines to be used when F-Secure Content Scanner Server scans files for viruses, and the files that should be scanned. Scan Engines Scan engines can be enabled or disabled. If you want to disable the scan just for certain...
Page 135 CHAPTER 5 Centrally Managed Administration Specify the number of levels F-Secure Content Scanner Server goes through before the action selected in Suspect Max Nested Archives takes place. The default setting is 3. Increasing the value increases the load on the system and thus decreases the overall system performance.
Page 136: Virus Statistics
'Time Period' setting. The possible values are Top 5, Top 10 and Top 30. Send Statistics to The product can collect and send statistics F-Secure World Map about viruses and other malware to the F-Secure World Map service.
Page 137 CHAPTER 5 Centrally Managed Administration When the F-Secure World Map support is enabled, the product sends encrypted e-mail reports periodically to the service. These reports list only the name and the amount of found malware and they do not contain any sensitive information such as IP or e-mail addresses or user names.
Page 138: Database Updates
Specify whether the product should verify Downloaded Databases that the downloaded virus definition databases are the original databases published by F-Secure Corporation and that they have not been altered or corrupted in any way before taking them to use. Notify When Databases...
Page 139: Threat Detection Engine
CHAPTER 5 Centrally Managed Administration You might need to modify this setting if you enable Realtime Blackhole Lists (DNSBL/ RBL) for spam filtering. For more information, see “Realtime Blackhole List Configuration”, 289. You have to restart the Content Scanner Server after you change this setting and distribute the policy to take the new setting into use.
Page 140: Proxy Configuration
Pass through - The message is passed through without scanning it for spam. Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted Networks Specify networks and hosts in the mail relay...
Page 141: Advanced
Working directory are deleted. The default clean interval is 30 minutes. Free Space Threshold Specify when F-Secure Content Scanner Server should send a low disk space alert to the administrator. The default setting is 100 megabytes.
Page 142: F-Secure Content Scanner Server Statistics
F-Secure Content Scanner Server Statistics The Statistics branch in the F-Secure Content Scanner Server tree displays the version of F-Secure Content Scanner Server that is currently installed on the selected host and the location of F-Secure Content Scanner Server installation directory.
Page 143: Scan Engines
CHAPTER 5 Centrally Managed Administration Last Time Infection The date and time when the last infection Found was found. 5.5.2 Scan Engines The Scan Engines table displays the scan engine statistics and information. Name Displays the name of the scan engine. Version Displays the version number of the scan engine.
Page 144: Common
Infected Files Displays the number of infected files found by the scan engine. Disinfected Files Displays the number of files successfully disinfected by the scan engine. Database Version Displays the current version of database updates used by the scan engine. 5.5.3 Common The Common statistics branch displays the list of installed product...
Page 145: Virus Statistics
Displays the list of most active viruses. F-Secure Management Agent Settings If the F-Secure Anti-Virus for Microsoft Exchange is working in centrally administered mode, you have to make sure F-Secure Anti-Virus for Microsoft Exchange sends and receives data from F-Secure Policy Manager Server.
Page 146 F-Secure Management Agent from downloading large remote installation packages over slow network connections. F-Secure Management Agent measures the speed of the network link to F-Secure Policy Manager Server and stops the download if the minimum speed specified by this setting is not met.
Page 147: F-Secure Automatic Update Agent Settings
CHAPTER 5 Centrally Managed Administration F-Secure Automatic Update Agent Settings Using F-Secure Automatic Update Agent is the most convenient way to keep the databases updated. It connects to F-Secure Policy Manager Server or the F-Secure Update Server automatically. In order to update the spam definition databases F-Secure Automatic Update Agent must be installed on the same computer as F-Secure Spam Control.
Page 148 PM Proxies Specify F-Secure Policy Manager Proxies that you want to use as sources for automatic updates. If no F-Secure Policy Manager Proxies are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically. Intermediate server...
Page 149: Chapter 6 Administration With Web Console
DMINISTRATION WITH ONSOLE Overview................... 150 Home..................150 Transport Protection ..............155 Storage Protection..............179 Spam Control................216 Quarantine................218 Automatic Updates ..............228 Content Scanner Server............235 Server Properties..............246...
Page 150: Overview
Overview If F-Secure Anti-Virus for Microsoft Exchange is installed in the stand-alone mode, it can be administered with F-Secure Anti-Virus for Microsoft Exchange Web Console. The Web Console is installed with F-Secure Anti-Virus for Microsoft Exchange. To open the Web Console, see “Using Web...
Page 151 CHAPTER 6 Administration with Web Console Summary The Summary tab displays the current status of the product components. Normal; the feature is enabled and everything is working as it should.
Page 152 Error; the license has expired, the feature is not installed, all antivirus engines are disabled or a component is not loaded, F-Secure Content Scanner Server is not up and running or virus and spam definition databases are really old. Tasks...
Page 153 CHAPTER 6 Administration with Web Console Services Under the Services tab, you can start, stop and restart F-Secure Anti-Virus for Microsoft Exchange, F-Secure Content Scanner Server and F-Secure Automatic Update Agent.
Page 154 The product can collect and send statistics about viruses and other malware to the F-Secure World Map service. If you enable F-Secure World Map support, make sure that the server can relay messages properly. For more information, see “Sending E-mail Alerts And Reports”, 332.
Page 155: Transport Protection
CHAPTER 6 Administration with Web Console Transport Protection You can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “Network Configuration”, 247. After you apply new transport protection settings, it can take up to 20 seconds for the new settings to take effect.
Page 156 Status The Status page displays a summary of the processed inbound, outbound and internal mail messages: Processed messages Displays the total number of processed messages since the last reset of statistics. Infected messages Displays the number of messages with attachments that are infected and cannot be automatically disinfected.
Page 157 CHAPTER 6 Administration with Web Console Grayware messages Displays the number of messages that have grayware items, including spyware, adware, dialers, joke programs, remote access tools and other unwanted applications. Suspicious messages Displays the number of suspicious content found, for example password-protected archives, nested archives and malformed messages.
Page 158: Attachment Filtering
6.3.1 Attachment Filtering Specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension. Strip Attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages.
Page 159 CHAPTER 6 Administration with Web Console Exclude these Specify attachments that are not filtered. Leave attachments the list empty if you do not want to exclude any attachments from the filtering. Actions Action on disallowed Specify how disallowed attachments are attachments handled.
Page 160 Do not notify on these Specify attachments that do not generate attachments notifications. When the product finds specified file or file extension, no notification is sent. Send alert to Specify whether the administrator is notified administrator when the product strips an attachment. If you enable the notification, specify the alert level of the notification.
Page 161: Virus Scanning
CHAPTER 6 Administration with Web Console 6.3.2 Virus Scanning Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Disabling virus scanning disables grayware scanning and archive processing as well.
Page 162 Scan e-mail Enable or disable the virus scan. The virus scan messages for viruses scans messages for viruses and other malicious code. Heuristic Scanning Enable or disable the heuristic scan. The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 163 CHAPTER 6 Administration with Web Console Exclude these Specify attachments that are not scanned. attachments Leave the list empty if you do not want to exclude any attachments from the scanning. Actions Try to disinfect Specify whether the product should try to disinfect an infected attachment before processing it.
Page 164 Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 165: Grayware Scanning
CHAPTER 6 Administration with Web Console 6.3.3 Grayware Scanning Specify how the product processes grayware items in inbound, outbound and internal messages. Note that grayware scanning increases the scanning overhead. By default, grayware scanning is enabled for inbound messages only. Grayware scanning is disabled when virus scanning is disabled.
Page 166 Scan e-mail Enable or disable the grayware scan. messages for grayware Actions Action on grayware Specify the action to take on items which contain grayware. Pass through - Leave grayware items in the message. Drop attachment - Remove grayware items from the message.
Page 167 Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a grayware item in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 168: Archive Processing
6.3.4 Archive Processing Specify how F-Secure Anti-Virus for Microsoft Exchange processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to use up-to-date virus protection on their workstations.
Page 169 CHAPTER 6 Administration with Web Console Scan archives Specify whether files inside compressed archive files are scanned for viruses. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses. For more information, see “Match Lists”, 255.
Page 170 Drop archive - Remove the archive from the message and deliver the message to the recipient without it. Drop the whole message - Do not deliver the message to the recipient. Action on password Specify the action to take on archives which are protected archives protected with passwords.
Page 171 Notifications Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange blocks a suspicious overnested or password protected archive file. If the archive is blocked because it contains malware, grayware or disallowed files, the administrator receives a notification about that instead of this notification.
Page 172: Content Filtering
6.3.5 Content Filtering Specify how F-Secure Anti-Virus for Microsoft Exchange filters disallowed content in inbound, outbound and internal messages. Filter out e-mail Specify whether e-mail messages are scanned messages with for disallowed content. disallowed/ undesirable content...
Page 173 CHAPTER 6 Administration with Web Console Targets Disallowed keywords Specify the list of disallowed keywords to check in message subject in e-mail message subjects. For more information, see “Using Keywords in Content Filtering”, 174. Disallowed keywords Specify the list of disallowed keywords to check in message text in e-mail message text.
Page 174 Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a message with disallowed content. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level. For more information, see “Alerts”, 251.
Page 175: Security Options
CHAPTER 6 Administration with Web Console For example, to match the '*** SPAM ***' string, enter '\*\*\* spam \*\*\*'. 6.3.6 Security Options Configure security options to limit actions on malformed and problematic messages.
Page 176 File Type Recognition Intelligent file type Select whether you want to use Intelligent File recognition Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 177 CHAPTER 6 Administration with Web Console Actions Action on mails with Specify the action to take on messages with exceeding nesting nesting levels exceeding the upper level levels specified in the Max Levels of Nested Messages setting. Drop the Whole Message - Messages with exceeding nesting levels are not delivered to the recipient.
Page 178 Notifications Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange detects a malformed or a suspicious e-mail message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 179: Storage Protection
CHAPTER 6 Administration with Web Console Storage Protection Configure Storage Protection settings to specify how e-mail messages and attachments in selected mailboxes and public folders should be scanned. Status...
Page 180 The Status page displays a summary of the protected mailboxes and public folders and infections found. Number of mailboxes Displays the number of currently protected user mailboxes. Number of public Displays the number of currently protected folders public folders. Processed items Displays the total number of processed items since the last reset of statistics.
Page 181: Real-Time Scanning
CHAPTER 6 Administration with Web Console 6.4.1 Real-Time Scanning The real-time scanning can automatically scan messages that have been created or received. General Real Time Scanning Settings...
Page 182 Real-time scanning scans messages in mailboxes and public folders for viruses. Scanning Scan only messages Specify which messages are scanned with the created within real-time scanning, for example; Last hour, Last day, Last week. Messages that have been created before the specified time are not scanned.
Page 183 CHAPTER 6 Administration with Web Console Virus Scanning Specify messages and attachments in the Microsoft Exchange Storage that should be scanned for malicious code. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Disable the mailbox scanning.
Page 184 Scan only included mailboxes - Scan all specified mailboxes. Click Edit to add or remove mailboxes that should be scanned. Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Edit to add or remove mailboxes that should not be scanned.
Page 185 CHAPTER 6 Administration with Web Console Disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled. Quarantine infected Specify whether infected attachments are attachments quarantined. Do not quarantine Specify virus and malware infections that are these infections never placed in the quarantine.
Page 186 Grayware Scanning Specify how the product processes grayware items during real-time scanning. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 187 CHAPTER 6 Administration with Web Console Drop attachment - Remove grayware items from the message. Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan.
Page 188 Archive Processing Specify how F-Secure Anti-Virus for Microsoft Exchange processes archive files in Microsoft Exchange Storage. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files that are scanned for viruses inside inside archives archives.
Page 189 CHAPTER 6 Administration with Web Console Limit max levels of Specify how many levels deep to scan in nested nested archives archives, if Scan Viruses Inside Archives is enabled. A nested archive is an archive that contains another archive inside. If zero (0) is specified, the maximum nesting level is not limited.
Page 190 Pass through - Leave the password protected archive in the message. Drop archive - Remove the password protected archive from the message. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine. For more information, see “Quarantine Management”, 261.
Page 191: Manual Scanning
CHAPTER 6 Administration with Web Console 6.4.2 Manual Scanning You can scan mailboxes and public folders for viruses and strip attachments manually at any time.
Page 192 Statistics The Statistics page displays a summary of the messages processed during the latest manual scan: Status Displays whether the manual scan is running or stopped. Number of processed Displays the number of mailboxes that have mailboxes been scanned and the total number that will be scanned when the manual scan is complete.
Page 193 CHAPTER 6 Administration with Web Console If the manual scan scans an item that has not been previously scanned for viruses and the real-time scan is on, the scan result may appear on the real-time scan statistics. Tasks Click Start Scanning to start the manual scan.
Page 194 Specify which messages you want to scan during the manual scan. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Do not scan any mailboxes during the manual scan. Scan all mailboxes - Scan all mailboxes. Scan only included mailboxes - Scan all specified mailboxes.
Page 195 CHAPTER 6 Administration with Web Console Only Recent Messages - Scan only messages that have not been scanned during the previous manual or scheduled scan. File Type Recognition Intelligent file type Select whether you want to use Intelligent File recognition Type Recognition or not.
Page 196 Attachment Filtering Specify attachments that are remove from messages during the manual scan. Strip attachments Enable or disable the attachment stripping. Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Match Lists”, 255. Exclude these Specify attachments that are not filtered.
Page 197 CHAPTER 6 Administration with Web Console Actions Quarantine stripped Specify whether stripped attachments are attachments quarantined. Do not quarantine Specify files which are not quarantined even these attachments when they are stripped. For more information, “Match Lists”, 255. Notifications Replacement Text Specify the template for the text that replaces Template the infected attachment when the stripped...
Page 198 Virus Scanning Specify messages and attachments that should be scanned for malicious code during the manual scan. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code. Disabling virus scanning disables grayware scanning and archive processing as well.
Page 199 CHAPTER 6 Administration with Web Console Heuristic Scanning Enable or disable the heuristic scanning. The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware. The heuristic scan may affect the product performance and increase the risk of false malware alarms.
Page 200 Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the infected attachment is removed from the message. For more information, see “Message Templates”, 257. Grayware Scanning...
Page 201 CHAPTER 6 Administration with Web Console Specify how the product processes grayware items during the manual scan. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware.
Page 202 Archive Processing Specify how the product processes archive files during the manual scan. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 203 CHAPTER 6 Administration with Web Console Limit max levels of Specify how many levels of archives inside other nested archives archives the product scans when Scan Viruses Inside Archives is enabled. Detect disallowed Specify whether files inside compressed archive files inside archives files are processed for disallowed content.
Page 204: Scheduled Scanning
Pass through - Deliver the message with the archive to the recipient. Drop archive - Remove the password protected archive from the message. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine. For more information, see “Match Lists”, 255.
Page 205 CHAPTER 6 Administration with Web Console Click Add new task to create a new scheduled operation. Click the scheduled task name to edit it or Remove to completely remove Creating Scheduled Task Click Add new task in the Scheduled Scanning page to start the Scheduled Operation Wizard.
Page 206 Do not use any special characters in the task name. Frequency of the Specify how frequently you want the operation to operation be performed. Once - Only once at the specified time. Daily - Every day at the specified time, starting from the specified date.
Page 207 CHAPTER 6 Administration with Web Console Scan public folders Specify public folders that are scanned for viruses. Do not scan public folders - Disable the public folder scanning. Scan all folders - Scan all public folders. Scan only included public folders - Scan all specified public folders.
Page 208 Using Intelligent File Type Recognition strengthens the security, but can degrade the system performance. Limit max levels of Specify how many levels deep to scan in nested nested messages e-mail messages. A nested e-mail message is a message that includes one or more e-mail messages as attachments.
Page 209 CHAPTER 6 Administration with Web Console Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Match Lists”, 255.
Page 210 Step 3. Specify Virus Scanning Options Choose how mailboxes and public folders are scanned for viruses during the scheduled operation. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code.
Page 211 CHAPTER 6 Administration with Web Console Targets Scan these Specify attachments that are scanned for attachments viruses. For more information, see “Match Lists”, 255. Exclude these Specify attachments that are not scanned. attachments Leave the list empty if you do not want to exclude any attachments from the scanning.
Page 212 Step 4. Specify Grayware Scanning Options Choose settings for grayware scanning during the scheduled operation. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 213 CHAPTER 6 Administration with Web Console Quarantine dropped Specify whether grayware attachments are grayware quarantined when dropped. Do not quarantine Specify grayware that are never placed in the this grayware quarantine. For more information, see “Match Lists”, 255. Notifications Replacement text Specify the template for the text that replaces template the grayware item when it is removed from the...
Page 214 Choose settings for archive processing during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 215 CHAPTER 6 Administration with Web Console Pass through - Deliver the message with the archive to the recipient. Drop archive - Remove the archive from the message and deliver the message to the recipient without it. Action on password Specify the action to take on archives which are protected archives protected with passwords.
Page 216: Spam Control
“Administering F-Secure Spam Control”, 278. You can configure Spam Control settings for inbound messages, and only if you have F-Secure Spam Control installed. The threat detection engine of F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam of virus outbreak.
Page 217 CHAPTER 6 Administration with Web Console Status The Status page displays the statistics of the spam scanner: Spam scanner Displays the version number of the installed version spam scanner. Number of processed Displays the total number of processed messages messages since the last reset of statistics.
Page 218: Quarantine
“Spam Control Settings in Web Console”, 284. Quarantine Quarantine in F-Secure Anti-Virus for Microsoft Exchange is handled through a SQL database. The product is able to quarantine e-mails and attachments which contain malicious or otherwise unwanted content, such as spam messages.
Page 219 CHAPTER 6 Administration with Web Console Status The Quarantine Status page displays a summary of the quarantined messages and attachments: Infected Displays the number of messages and attachments that are infected. Disallowed Displays the number of messages that attachments contained attachments with disallowed files. Grayware Displays the number of messages that have grayware items, including spyware, adware,...
Page 220: Query
6.6.1 Query You can use the Quarantine Query page to search for the quarantined content. For more information, see “Searching the Quarantined Content”, 264. 6.6.2 Options You can configure the quarantine storage location and threshold, how quarantined files are processed and quarantine logging options.
Page 221 CHAPTER 6 Administration with Web Console General Quarantine Options When F-Secure Anti-Virus for Microsoft Exchange places content to the Quarantine, it saves the content as separate files into the Quarantine Storage and inserts an entry to the Quarantine Database with information about the quarantined content.
Page 222 Make sure that F-Secure Anti-Virus for Microsoft Exchange service has write access to this directory. Adjust the access rights to the directory so that only the F-Secure Anti-Virus for Microsoft Exchange service and the local administrator can access files in the Quarantine.
Page 223 CHAPTER 6 Administration with Web Console Quarantine Maintenance When quarantined content is reprocessed, it is scanned again, and if it is found clean, it is sent to the intended recipients. For more information, “Reprocessing the Quarantined Content”, 273.
Page 224 When removing quarantined messages from the quarantine, the product uses the currently configured quarantine retention and cleanup settings. Reprocess unsafe messages Automatically reprocess Specify how often the product tries to unsafe messages reprocess unsafe messages that are retained in the Quarantine. Set the value to Disabled to process unsafe messages manually.
Page 225 CHAPTER 6 Administration with Web Console Exceptions Specify separate quarantine retention period and cleanup interval for any Quarantine category. If retention period and cleanup interval for a category are not defined in this table, then the default ones (specified above) are used. Active -Enable or disable the selected entry in the table.
Page 226 Quarantine Database You can specify the database where information about quarantined e-mails is stored and from which it is retrieved. Quarantine database SQL server name The name of the SQL server where the database is located.
Page 227 CHAPTER 6 Administration with Web Console Database name The name of the quarantine database. The default name is FSMSE_Quarantine. User name The user name the product uses when accessing the database. Password The password the product uses when accessing the database. Click Test database connection to make sure that you can access the...
Page 228: Automatic Updates
Specify how many rotated log flies should be quarantine logs stored in the Quarantine. Automatic Updates With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published to F-Secure Update Server. Tasks Click...
Page 229 CHAPTER 6 Administration with Web Console Status The Status page displays information on the latest update. Channel name Displays the channel from where the updates are downloaded. Channel address Displays the address of the Automatic Updates Server. Latest installed Displays the version and name of the latest update installed update.
Page 230 Last check result Displays the result of the last update check. Next check time Displays the date and time for the next update check. Last successful check Displays the date and time when the last time successful update check was done. Downloads The Downloads page displays information about downloaded and installed update packages.
Page 231: Communications
Administration with Web Console 6.7.1 Communications Specify how the product connects to F-Secure Update Server. Automatic Updates General Settings Edit General settings to select whether you want to use automatic updates and how often the product checks for new updates.
Page 232 User defined proxy field. Update Server Allow fetching Specify whether the product should connect to updates from F-Secure Update Server when it cannot connect F-Secure Update to any user-specified update server. To edit the Server list of update sources, see “Policy Manager...
Page 233 CHAPTER 6 Administration with Web Console Policy Manager Proxies Edit the list of virus definition database update sources and F-Secure Policy Manager proxies. If no update servers are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically.
Page 234 The priority numbers are used to define the order in which the host tries to connect servers. Virus definition updates are downloaded from the primary sources first, secondary update sources can be used as a backup. The product connects to the source with the smallest priority number first (1).
Page 235: Content Scanner Server
CHAPTER 6 Administration with Web Console Content Scanner Server The Content Scanner Server Status page displays server statistics and the current status of scanning engines. Server Statistics Number of scanned The number of files that have been scanned. files Last virus database The last date and time when the virus definition update database was updated.
Page 236: Options
Last time infection The date and time when the last infection was found found. Last infection found The name of the last infection that was found. Scan Engines The Scan Engines list displays scan engines and the database update statistics. If you want to disable the scan for certain files with a specified scan engine, click Properties...
Page 237 Notify when Specify when virus definition databases are databases are older outdated. If databases are older than the than specified amount of days, F-Secure Content Scanner Server sends an alert to the administrator. Notify when Specify the alert F-Secure Content Scanner...
Page 238 Verify integrity of Specify whether the product verifies that the downloaded downloaded virus definition databases are the databases original databases published by F-Secure Corporation and that they have not been altered or corrupted in any way before taking them to use.
Page 239 CHAPTER 6 Administration with Web Console Proxy Server F-Secure Content Scanner Server can use a proxy server to connect to the threat detection center.
Page 240 Specify the user name for the proxy server authentication. Password Specify the password for the proxy server authentication. Domain Specify the domain name for the proxy server authentication. The proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only.
Page 241 CHAPTER 6 Administration with Web Console Threat Detection F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus outbreak patterns from messages. Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service.
Page 242 Pass through - The message is passed through without scanning it for spam. Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted networks Specify networks and hosts in the mail relay...
Page 243 CHAPTER 6 Administration with Web Console Advanced Content Scanner Server Settings Configure Advanced options to set the working directory and optimize the product performance. Working directory Working directory Specify the working directory. Enter the complete path to the field or click Browse browse to the path you want to set as the new working directory.
Page 244 If the option is set to zero (0), all data transfers via shared memory are disabled. The setting is ignored if the local interaction mode is disabled. Maximum number of Specify how many files F-Secure Content concurrent Scanner Server should process simultaneously. transactions Maximum scan...
Page 245 CHAPTER 6 Administration with Web Console Number of spam Specify the number of Spam Scanner instances scanner instances to be created and used for spam analysis. As one instance of the spam scanner is capable of processing one mail message at a time, this setting defines how many messages undergo the spam analysis simultaneously.
Page 246: Server Properties
Server Properties The Host information displays the following details of the host: WINS name DNS names IP addresses Unique ID...
Page 247: Network Configuration
CHAPTER 6 Administration with Web Console 6.9.1 Network Configuration The mail direction is based on the Internal domains and Internal SMTP senders settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Page 248 if they are sent from the internal SMTP sender host. If e-mail messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outbound respectively. Internal Domains Specify internal domains. Separate each domain name with a space.
Page 249: Administration
IMPORTANT: Do not specify the server where the Edge role is installed as Internal SMTP Sender. 6.9.2 Administration Configure Administration settings to change the management mode, specify where and how alerts are sent and to configure the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 250 Management Mode Communication method If you use F-Secure Policy Manager Server, specify the URL of F-Secure Policy Manager Server. Do not add a slash at the end of the URL. For example: “http://fsms.example.com”. Select Stand-alone if you use F-Secure Anti-Virus for Exchange Web Console to administer the product.
Page 251 You can specify where an alert is sent according to its severity level. You can send the alert to any of the following: F-Secure Policy Manager Windows Event Log If you choose to forward alerts to e-mail, specify the SMTP server address, alert message subject line and the return address of the alert e-mail.
Page 252 Select the types of alerts that are to be sent to this address. Click Apply. Informational and warning-level alerts are not sent to F-Secure Policy Manager Console by default. If you want to use centralized administration mode, it is recommended to have all alerts sent to F-Secure Policy Manager Console. Web Console...
Page 253 CHAPTER 6 Administration with Web Console Change Web Console settings to configure how you connect to F-Secure Anti-Virus for Microsoft Exchange Web Console. General Limit session timeout Specify the length of time a client can be connected to the server. When the session...
Page 254: Notifications
6.9.3 Notifications Specify Notification Sender Address that is used by F-Secure Anti-Virus for Microsoft Exchange for sending warning and informational messages to the end-users (for example, recipients, senders and mailbox owners). Make sure that the notification sender address is a valid SMTP address.
Page 255: Lists And Templates
CHAPTER 6 Administration with Web Console 6.9.4 Lists and Templates Match Lists are lists of file name patterns, keywords, or e-mail addresses that can be used with certain product settings. Message Templates can be used for notification messages. Match Lists...
Page 256 Click the name of an existing match list to edit the list or Add new list create a new match list. List name Select the match list you want to edit. If you are creating a new match list, specify the name for the new match list.
Page 257 CHAPTER 6 Administration with Web Console Message Templates Click the name of an existing template to edit it or Add new item to create a new template. Name Select the template you want to edit. If you are creating a new template, specify the name for the new template.
Page 258 Message body Specify the notification message text. For more information about the variables you can use in notification messages, see “Variables in Warning Messages”, 296. Description Specify a short description for the template.
Page 259: Sample Submission
Administration with Web Console 6.9.5 Sample Submission You can use the product to send samples of unsafe e-mails and new, yet undefined malware to F-Secure for analysis. Max submission Specify how many times the product attempts to attempts send the sample if the submission fails.
Page 260 Connection timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server. Send timeout Specify the time (in seconds) how long the product waits for the sample submission to complete.
Page 261: Quarantine Management
UARANTINE ANAGEMENT Introduction................262 Configuring Quarantine Options..........264 Quarantine Status..............264 Searching the Quarantined Content......... 264 Query Results Page ..............269 Quarantine Operations ............. 271 Moving the Quarantine Storage..........276...
Page 262: Introduction
Introduction You can manage and search quarantined mails with the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can search for quarantined content by using different search criteria, including the quarantine ID, recipient and sender address, the time period during which the message was quarantined, and so on.
Page 263: Quarantine Reasons
Quarantine Management MSDE is delivered together with the product. If you want to use another database (Microsoft SQL Server 2000), you must buy it and get your own license before you start to deploy F-Secure Anti-Virus for Microsoft Exchange. Quarantine Storage...
Page 264: Configuring Quarantine Options
Configuring Quarantine Options In stand-alone installations, all the quarantine settings can be configured on the Quarantine page in F-Secure Anti-Virus for Microsoft Exchange Web Console. For more information on the settings, see “Quarantine”, 218. Quarantine Status The Quarantine status page displays the number of quarantined items in each quarantine category, and the total size of the quarantine.
Page 265 CHAPTER 7 Quarantine Management You can use any of the following search criteria. Leave all fields empty to see all quarantined content. Quarantine ID Enter the quarantine ID of the quarantined message. The quarantine ID is displayed in the notification sent to the user about the quarantined message and in the alert message.
Page 266 Reason Select the quarantining reason from the drop-down menu. For more information, see “Quarantine Reasons”, 263. Reason details Specify details about the scanning or processing results that caused the message to be quarantined. For example: The message is infected - specify the name of the infection that was found in an infected message.
Page 267 CHAPTER 7 Quarantine Management Show only You can use this option to view the current status of messages that you have set to be reprocessed, released or deleted. Because processing a large number of e-mails may take time, you can use this option to monitor how the operation is progressing.
Page 268 Click Query to start the search. The Quarantine Query Results page is displayed once the query is completed. If you want to clear all the fields on the Query page, click Reset. Using Wildcards You can use the following SQL wildcards in the quarantine queries: Wildcard Explanation Any string of zero or more characters.
Page 269: Query Results Page
Quarantined e-mail that the administrator has set to be reprocessed. The reprocessing operation has not been completed yet. Quarantined e-mail that the administrator has set to be deleted. The deletion operation has not been completed yet. Quarantined e-mail that the administrator has submitted to F-Secure for analysis.
Page 270: Viewing Details Of The Quarantined Message
Icon E-mail status Quarantined e-mail set to be released, which failed. Quarantined e-mail set to be reprocessed, which failed. Quarantined e-mail set to be submitted to F-Secure, which failed. For information how to process quarantined content, see “Quarantine Operations”, 271.
Page 271: Quarantine Operations
CHAPTER 7 Quarantine Management Location The location of the mailbox or public folder where the quarantined attachment was found. Quarantined attachments only. Subject The message subject Message size The size of the quarantined message. Quarantined messages only. Attachment name The name of the attachment. Quarantined attachments only.
Page 272 “Removing the Quarantined Content”, 275. Click Send to F-Secure to submit a sample of quarantined content to F-Secure for analysis. Quarantined Attachment Operations You can select an operation to perform on the attachments that were found in the query: Click Send...
Page 273: Reprocessing The Quarantined Content
This is done as follows: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 274: Releasing The Quarantined Content
If you need to release a quarantined message, follow these instructions: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console. Enter the Quarantine ID of the message in the Quarantine ID field.
Page 275: Removing The Quarantined Content
If you want to remove a large amount of quarantined messages at once, for example all the messages that have been categorized as spam, do the following: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console. Select the quarantining reason, Spam, from the Reason drop-down listbox.
Page 276: Moving The Quarantine Storage
Moving the Quarantine Storage When you want to change the Quarantine storage location either using the F-Secure Policy Manager Console or F-Secure Anti-Virus for Microsoft Exchange Web Console, note that the product does not create the new directory automatically. Before you change the Quarantine storage directory, make sure that the directory exists and it has proper security permissions.
Page 277 Follow Share a Folder Wizard instructions to create FSMSEQS$ shared folder. Specify the new directory (in this example, D:\Quarantine) as the folder path, FSMSEQS$ as the share name and F-Secure Quarantine Storage as the description. On the Permissions page, select Administrators have full access;...
Page 278: Chapter 8 Administering F-Secure Spam Control
DMINISTERING ECURE ONTROL Overview................... 279 Spam Control Settings in Centrally Managed Environments..280 Spam Control Settings in Web Console ........284 Realtime Blackhole List Configuration........289...
Page 279: Overview
CHAPTER 8 Administering F-Secure Spam Control Overview When F-Secure Spam Control is enabled, incoming messages that are considered as spam can be marked as spam automatically. The product can add an X-header with the spam flag or predefined text in the message header and end users can then create filtering rules that direct the messages marked with the spam flag header into a junk mail folder.
Page 280: Spam Control Settings In Centrally Managed Environments
Settings / Transport Protection / Inbound Mail / Spam Control to configure how F-Secure Anti-Virus for Microsoft Exchange scans incoming mail for spam. These settings are used only if F-Secure Spam Control is installed with the product. Otherwise they will be ignored. Spam Filtering Specify whether inbound mails are scanned for spam.
Page 281 CHAPTER 8 Administering F-Secure Spam Control Decreasing the level allows less spam to pass, but more regular mails may be falsely identified as spam. Increasing the level allows more spam to pass, but a smaller number of regular e-mail messages are falsely identified as spam.
Page 282 where <flag> is Yes or No, <scr> is the spam confidence rating returned by the spam scanner, <sfl> is the current spam filtering level, <tests> is the comma-separated list of tests run against the mail. Modify Spam Specify if the product modifies the subject of Message Subject mail messages considered as spam.
Page 283 CHAPTER 8 Administering F-Secure Spam Control The product checks the sender address from the SMTP message envelope, not from the message headers. Max Message Size Specify the maximum size (in kilobytes) of messages to be scanned for spam. If the size of the message exceeds the maximum size, the message is not filtered for spam.
Page 284: Spam Control Settings In Web Console
Spam Control Settings in Web Console You can configure the spam control settings under the Options page in Spam Control.
Page 285 CHAPTER 8 Administering F-Secure Spam Control These settings are used only if F-Secure Spam Control is installed with the product, otherwise these settings are not available. Check inbound e-mail Specify whether inbound mails are scanned for messages for spam spam.
Page 286 The allowed values are from 0 to 9. Click More options to configure advanced spam filtering options: Max message size - Specify the maximum size (in kilobytes) of messages to be scanned for spam. If the size of the message exceeds the maximum size, the message is not filtered for spam.
Page 287 CHAPTER 8 Administering F-Secure Spam Control Add X-header with Specify if the summary of triggered hits is added summary to the mail as X-Spam-Status header in the following format: X-Spam-Status: <flag>, hits=<scr> required=<sfl> tests=<tests> where <flag> is Yes or No, <scr>...
Page 288 List of blocked Specify blocked senders. Messages originating senders from the specified addresses are always treated as spam. List of blocked Specify blocked recipients. Messages sent to recipients the specified addresses are always treated as spam. The product checks the sender address from the SMTP message envelope, not from the message headers.
Page 289: Realtime Blackhole List Configuration
Administering F-Secure Spam Control Realtime Blackhole List Configuration This section describes how to enable and disable Realtime Blackhole Lists, how to optimize F-Secure Spam Control performance, and how to specify blocked and safe recipients and senders by using black- and whitelisting.
Page 290 F-Secure Content Scanner Server through F-Secure Anti-Virus for Microsoft Exchange Web Console. You can force F-Secure Spam Control to use a specific DNS server (not necessarily configured in Microsoft Windows networking) by adding a new system environment variable as described in the instructions below.
Page 291: Optimizing F-Secure Spam Control Performance
CHAPTER 8 Administering F-Secure Spam Control To force F-Secure Spam Control to use a specific DNS server, do the following: 1. Right-click the My Computer icon and select Properties. Select Advanced and click the Environment Variables.. button. In the System variables panel click New.
Page 292 'spam-scanner-instances' (oid=1.3.6.1.4.1.2213.18.1.35.500) has been set to 5. To take the new setting into use, restart F-Secure Content Scanner Server. IMPORTANT: Each additional instance of the Spam Scanner takes approximately 25Mb of memory (process fsavsd.exe). Typically you should not need more than 5 instances.
Page 293: Chapter 9 Updating Virus And Spam Definition Databases
PDATING IRUS AND EFINITION ATABASES Overview................... 294 Automatic Updates with F-Secure Automatic Update Agent ..294 Configuring Automatic Updates..........294...
Page 294: Overview
F-Secure's antivirus and security products. F-Secure Automatic Update Agent shall be used only for receiving updates and related information on F-Secure's antivirus and security products. F-Secure Automatic Update Agent may not be used for any other purpose or service. Configuring Automatic Updates F-Secure Automatic Update Agent user interface provides information about downloaded virus and spam definition updates.
Page 295 CHAPTER 9 Updating Virus and Spam Definition Databases In centrally managed installations, you can use the F-Secure Anti-Virus for Microsoft Exchange Web Console only for monitoring the F-Secure Automatic Update Agent settings. To change these settings, you need to use F-Secure Policy Manager Console. For more information, see “F-Secure Automatic Update Agent...
Page 296: Appendix A Variables In Warning Messages
APPENDIX: Variables in Warning Messages List of Variables ................ 297...
Page 297: List Of Variables
[Unknown]. Variable Description $ANTI-VIRUS-SERVER The DNS/WINS name or IP address of F-Secure Anti-Virus for Microsoft Exchange. $NAME-OF-SENDER The e-mail address where the original content comes from. $NAME-OF-RECIPIENT The e-mail addresses where the original content is sent.
Page 298 The following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $REPORT-BEGIN and $REPORT-END. Variable Description $AFFECTED-FILENAME The name of the original file or attachment. $AFFECTED-FILESIZE The size of the original file or attachment.
Page 299: Appendix B Services And Processes
APPENDIX: Services and Processes List of Services and Processes ..........300...
Page 300: List Of Services And Processes
List of Services and Processes The following tables list the services and processes that are running on the system after the installation: Service Process Description F-Secure Anti-Virus fshkmngr.exe This is the main service that for Microsoft (in Microsoft takes care of other product...
Page 301 F-Secure Network fnrb32.exe The service handles the Request Broker communication with F-Secure Policy Manager via HTTP interface. fsmb32.exe F-Secure Message Broker provides the inter-process communication interface for integrated services and applications. fch32.exe...
Page 302 F-Secure Policy Manager Console, LogFile.log, Windows event log and SMTP server. fsm32.exe The F-Secure Settings and Statistics User Interface. The process is not running unless the user is logged in to the system. fih32.exe...
Page 303: Appendix C Deploying The Product On A Cluster
APPENDIX: Deploying the Product on a Cluster Installation Overview ..............304 Creating Quarantine Storage............ 305 Administering the Cluster Installation with F-Secure Policy Manager ................... 328 Using the Quarantine in the Cluster Installation ....... 329 Uninstallation................331 Troubleshooting................ 331...
Page 304: Installation Overview
Follow these steps to deploy and use F-Secure Anti-Virus for Microsoft Exchange on a cluster. 1. Install F-Secure Policy Manager on a dedicated server. If you already have F-Secure Policy Manager installed in the network, you can use it to administer F-Secure Anti-Virus for Microsoft Exchange. For more information, see F-Secure Policy Manager Administrator’s Guide.
Page 305: Creating Quarantine Storage
Installing on Active-Active Cluster 5. In the Single Copy Cluster (SCC), active-passive or active-active cluster environment, create a policy domain for the cluster in F-Secure Policy Manager and import cluster nodes there. See “ ”, 328. Administering the Cluster Installation with F-Secure Policy Manager 6.
Page 306 Enter the following information: Name: F-Secure Quarantine Storage Resource Type: File Share Group: make sure that your Exchange Virtual Server is selected. Click Next. 5. Possible Owners dialog opens.
Page 307 APPENDIX C Deploying the Product on a Cluster 6. Verify that all nodes that are running Exchange Server are listed under Possible owners and click Next. 7. Dependencies dialog opens.
Page 308 Windows Explorer.) Enter the directory name you created on step 2 as Path (for example, D:\Quarantine). In the Comment box, type F-Secure Quarantine Storage. Make sure that User limit is set to Maximum allowed. Click Permissions...
Page 309 Full Control, Change and Read permissions for Administrator account. Click OK. 10. In File Share Parameters dialog, click Advanced. Make sure that Normal share is selected in Advanced File Share Properties. Click OK. 11. In File Share Parameters dialog, click Finish to create F-Secure Quarantine Storage resource.
Page 310: Quarantine Storage In Active-Active Cluster
12. Right-click the F-Secure Quarantine Storage resource and click Bring Online. C.2.2 Quarantine Storage in Active-Active Cluster For an active-active cluster installation, the quarantine storage must be set on a dedicated computer. This computer should be the member of the same domain as your Exchange Servers.
Page 311 APPENDIX C Deploying the Product on a Cluster Type FSAVMSEQS$ as Share name and make sure that User limit is set to Maximum Allowed. Click Permissions 5. Permissions dialog opens. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names. Remove Everyone account. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM, and Full Control, Change and Read permissions for Administrator account.
Page 312: Creating The Quarantine Storage For A Single Copy Cluster Environment
Remove all existing groups and users and add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names. Grant all except Full Control permissions for Exchange Domain Servers and SYSTEM. Grant all permissions for Administrator. Click OK. 7. To verify that the quarantine storage is accessible, log on as the domain administrator to any node in the cluster and try to open \\<Server>\FSAVMSEQS$\ with Windows Explorer, where <Server>...
Page 313 4. Right-click the Exchange Virtual Server under the Groups and select New > Resource. 5. The New Resource wizard opens. a. Type F-Secure Quarantine Storage as the name of the new resource. b. In the Resource Type list, select File Share.
Page 314 Click Next to continue. 7. Select the Exchange Server Network Name and the Physical Disk under Available resources and click to move them to the Resource dependencies list. Click Next to continue.
Page 315 Deploying the Product on a Cluster 8. Use the following settings as the File Share parameters. a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine Storage as comment. The dollar ($) character at the end of the share name makes the share hidden when you view the network resources of the cluster with Windows Explorer.
Page 316 Click to continue. 10. Click Advanced to open Advanced File Share Properties. Make sure that Normal share is selected. Click to continue. 11. Click Finish to create the F-Secure Quarantine Storage resource.
Page 317 APPENDIX C Deploying the Product on a Cluster 12. Right-click the F-Secure Quarantine Storage resource and select Bring Online. Windows 2008 based cluster 1. Log on to the active node of the cluster with the domain administrator account. 2. Create a directory for the quarantine storage on the physical disk shared by the cluster nodes.
Page 318 Add Administrators, Exchange Servers and SYSTEM with Contributor permission levels. Press Share to close the window and enable the share. 4. Check that everything is configured correctly. The Failover Cluster Manager view should look like this:...
Page 319: Creating The Quarantine Storage For A Continuous Cluster Replication Environment
APPENDIX C Deploying the Product on a Cluster 5. During the F-Secure Anti-Virus for Microsoft Exchange installation, select the quarantine share you just created when the installation asks for the quarantine path. Use the UNC path in form of \\CLUSTERNAME\QUARANTINE. (In the example above, \\LHCLUMB\Quarantine.)
Page 320 4. Go to the Sharing tab. a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine Storage as comment. The dollar ($) character at the end of the share name makes the share hidden when you view the network resources of the cluster with Windows Explorer.
Page 321 APPENDIX C Deploying the Product on a Cluster 5. Change permissions as follows: a. Remove all existing groups and users. a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM.
Page 322 6. Go to the Security tab. a. Remove all existing groups and users. a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Grant all except Full Control permissions for Exchange Domain Servers and SYSTEM. c.
Page 323: Installing The Product
1. Log on to the active node of the cluster using a domain administrator account. 2. Run F-Secure Anti-Virus for Microsoft Exchange setup wizard. Install the product in the centralized management mode. Specify the IP address of F-Secure Policy Manager Server and admin.pub that you created during the F-Secure Policy Manager installation.
Page 324 4. The setup program asks to specify the SQL Server to use for the quarantine database. Select the server running Microsoft SQL Server. 5. The setup program asks to specify the database name where quarantined items are stored. Specify the name for the database and enter user name and password that will be used to access the database.
Page 325: Installing On Active-Active Cluster
1. Log on to the first node of the cluster using a domain administrator account. 2. Run F-Secure Anti-Virus for Microsoft Exchange setup wizard. Install the product in the centralized management mode. Specify the IP address of F-Secure Policy Manager Server and admin.pub that you created during the F-Secure Policy Manager installation.
Page 326 Specify the UNC path to the Quarantine Storage share that you created before the installation as the Quarantine Directory. For example, \\<Server>\FSAVMSEQS$, where <Server> is the name of the server where you created the quarantine storage share. 4. The setup program asks to specify the SQL Server to use for the quarantine database.
Page 327 APPENDIX C Deploying the Product on a Cluster 5. The setup program asks to specify the database name where quarantined items are stored. Specify the name for the database and enter user name and password that will be used to access the database. 6.
Page 328: Administering The Cluster Installation With F-Secure Policy Manager
1. Select the cluster subdomain in the Policy Domains tree. 2. Change required settings. 3. Distribute the policy. 4. All nodes receive new settings next time they poll the F-Secure Policy Manager Server. If you need to change settings on a particular node, follow these...
Page 329: Using The Quarantine In The Cluster Installation
1. Select the corresponding host in the Policy Domains. 2. Change required settings. 3. Distribute the policy. 4. All nodes will receive new settings the next time they poll F-Secure Policy Manager Server. If you need to change settings on a particular node, follow these instructions: 1.
Page 330 Hub Transport Role Server: 1. Share the Pickup folder on the Exchange Hub Server. By default, the Pickup folder is located at %Program Files%\Microsoft\Exchange Server\TransportRoles\Pickup. Use the default name (Pickup) for the share so that it can be accessed at \\HubServerName\Pickup. 2.
Page 331: Uninstallation
SYSTEM and Exchange Domain Servers, and full control is allowed for Administrator. To change the location of the quarantine storage from F-Secure Policy Manager Console, use the Final flag to override the setting set during product installation on the host.
Page 332: Appendix D Sending E-Mail Alerts And Reports
APPENDIX: Sending E-mail Alerts And Reports Overview................... 333 Solution..................333...
Page 333: Overview
SMTP protocol (without authentication and encryption) to send alerts to the specified e-mail address. The product can send e-mail based reports to F-Secure World Map system. These reports are sent using the simple SMTP protocol with an empty address ("<>") as the source.
Page 334: Creating A Scoped Receive Connector
For example, to create a new connector that listens on all configured local IP addresses and accepts connections from the local host only, run the following command in the Exchange management shell: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 0.0.0.0:25 -RemoteIPRanges 127.0.0.1 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain...
Page 335: Grant The Relay Permission On The New Scoped Connector
To create a new connector that is bound to a single IP addresses and accepts connections from the specified remote servers, run the following command: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 192.168.58.128:25 -RemoteIPRanges 192.168.58.129, 192.168.58.131 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain $false -RequireTLS $false D.2.2...
Page 336 ROUBLESHOOTING Overview................... 337 Starting and Stopping............337 Viewing the Log File ..............338 Common Problems and Solutions ..........338 Frequently Asked Questions ............ 343...
Page 337: Chapter E Troubleshooting
Support”, 344. Starting and Stopping If you ever need to start or stop F-Secure Anti-Virus for Microsoft Exchange, you can do it in the following ways: Open the Services applet from the Administrative tools folder in the Windows Control Panel and select F-Secure Anti-Virus for Microsoft Exchange.
Page 338: Viewing The Log File
F-Secure Management Agent and contains all alerts generated by F-Secure components installed on the host. Logfile.log can be found on all hosts running F-Secure Management Agent. You can view the Logfile.log with any text editor, for example Windows Notepad. Open the logfile.log from F-Secure Settings and Statistics / F-Secure...
Page 339 CHAPTER E Troubleshooting Checking F-Secure Anti-Virus for Microsoft Exchange 1. Make sure that F-Secure Anti-Virus for Microsoft Exchange service and all its processes have started. Open Services in the Windows Control Panel and check that the F-Secure Anti-Virus for Microsoft Exchange service has started.
Page 340 The problem is that F-Secure Anti-Virus for Microsoft Exchange is unable to contact F-Secure Content Scanner Server. A service or process may not be running on F-Secure Content Scanner Server. Make sure that all processes and services of F-Secure Content Scanner Server have started.
Page 341: E.4.1 Installing Service Packs
I cannot open or access F-Secure Anti-Virus for Microsoft Exchange Web Console. Solution: 1. Make sure that F-Secure Web Console daemon has started and is running. Check the Services in Windows Control Panel. The following service should be started: F-Secure Web Console Daemon Check the Task Manager.
Page 342: E.4.2 Securing The Quarantine
E.4.2 Securing the Quarantine Problem: I have installed F-Secure Anti-Virus for Microsoft Exchange and I'm worried about security of the local Quarantine storage where stripped attachments are quarantined. What do you recommend me? Solution: F-Secure Anti-Virus for Microsoft Exchange creates and adjusts access rights to the local Quarantine storage during the installation.
Page 343: Frequently Asked Questions
CHAPTER E Troubleshooting Frequently Asked Questions All support issues, frequently asked questions and hotfixes can be found under the support pages at http://support.f-secure.com/. For more information, see “Technical Support”, 344.
Page 344: Technical Support
Technical Support F-Secure Online Support Resources........345 Web Club.................. 347 Virus Descriptions on the Web ..........347...
Page 345: F-Secure Online Support Resources
If you have questions about F-Secure Anti-Virus for Microsoft Exchange not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly.
Page 346 You can also find and run the FSDiag.exe utility under the F-Secure\Common folder, if you prefer not to do it through the F-Secure Anti-Virus for Microsoft Exchange Web Console. The tool generates a file called FSDiag.tar.gz.
Page 347: Web Club
Technical Support Web Club The F-Secure Web Club provides assistance and updated versions of the F-Secure products. To connect to the Web Club on our Web site, open the F-Secure Anti-Virus for Microsoft Exchange Web Console, and click the Web Club link in the banner.
Page 348 This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry.

This manual is also suitable for:

Anti-virus for microsoft exchange

F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 Administrator's Manual

About this Guide

Chapter 1 Introduction

Chapter 2 Deployment

Chapter 3 Installation

Chapter 4 Using F-Secure Anti-Virus for Microsoft Exchange

Chapter 5 Centrally Managed Administration

Chapter 6 Administration with Web Console

Chapter 7 Quarantine Management

Chapter 8 Administering F-Secure Spam Control

Chapter 9 Updating Virus and Spam Definition Databases

Appendix A Variables in Warning Messages

Appendix B Services and Processes

Appendix C Deploying the Product on a Cluster

Appendix D Sending E-Mail Alerts and Reports

Chapter E Troubleshooting

Technical Support

Quick Links

Troubleshooting

Related Manuals for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00

Summary of Contents for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00