Page 1 F-Secure Anti-Virus for Microsoft Exchange Administrator’s Guide...
Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.
Page 3: Table Of Contents
Symbols ........................9 Chapter 1 Using F-Secure Anti-Virus for Microsoft Exchange Administering F-Secure Anti-Virus for Microsoft Exchange ........12 Using Web Console ....................13 1.2.1 Logging in for the First Time................13 1.2.2 Modifying Settings and Viewing Statistics with Web Console ......15 1.2.3 Checking the Product Status .................
Page 4 2.4.5 Spam Filtering ....................92 2.4.6 Threat Detection Engine................. 93 2.4.7 Proxy Configuration ..................94 2.4.8 Advanced......................95 F-Secure Content Scanner Server Statistics ............. 96 2.5.1 Server ......................96 2.5.2 Scan Engines ....................97 2.5.3 Common ......................98 2.5.4 Spam Control....................98 2.5.5 Virus Statistics ....................
Page 5 Quarantine .......................172 3.6.1 Query......................173 3.6.2 Options ......................173 Automatic Updates....................181 3.7.1 Communications...................183 General Server Properties ..................187 3.8.1 Administration....................188 3.8.2 Network Configuration .................194 3.8.3 Notifications ....................196 3.8.4 Sample Submission..................197 3.8.5 Engines......................198 3.8.6 Lists and Templates ..................208 Chapter 4 Quarantine Management Introduction ......................212 4.1.1 Quarantine Reasons..................213 Configuring Quarantine Options................214 Quarantine Status ....................214...
Page 6 C.3 Viewing the Log File....................240 Quarantine Logs...................... 240 C.4 Common Problems and Solutions................240 Checking F-Secure Anti-Virus for Microsoft Exchange ........... 241 Checking F-Secure Content Scanner Server ............242 Checking F-Secure Anti-Virus for Microsoft Exchange Web Console ....243 C.4.1 Installing Service Packs................243...
Page 7 C.4.2 Securing the Quarantine................244 C.4.3 Administration Issues ...................244 C.5 Frequently Asked Questions ..................245 Technical Support F-Secure Online Support Resources ................247 Web Club .........................249 Virus Descriptions on the Web ..................249...
Page 8: About This Guide
BOUT UIDE How This Guide Is Organized............7 Conventions Used in F-Secure Guides ........9...
Page 9: How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is divided into the following chapters: Chapter 1. Using F-Secure Anti-Virus for Microsoft Exchange. Instructions how to use and administer F-Secure Anti-Virus for Microsoft Exchange. Chapter 2. Centrally Managed Administration. Instructions how to...
Page 10 See the F-Secure Policy Manager Administrator's Guide for detailed information about installing and using the F-Secure Policy Manager components: F-Secure Policy Manager Console, the tool for remote  administration of F-Secure Anti-Virus for Microsoft Exchange. F-Secure Policy Manager Server, which enables communication ...
Page 11: Conventions Used In F-Secure Guides
CHAPTER 2 Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
Page 12 In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.
Page 13: Chapter 1 Using F-Secure Anti-Virus For Microsoft Exchange
SING ECURE IRUS FOR ICROSOFT XCHANGE Administering F-Secure Anti-Virus for Microsoft Exchange..12 Using Web Console..............13 Using F-Secure Policy Manager Console........16...
Page 14: Administering F-Secure Anti-Virus For Microsoft Exchange
You can use the F-Secure Anti-Virus for Microsoft Exchange Web Console to start and stop F-Secure Anti-Virus for Microsoft Exchange, check its current status and to connect to F-Secure Web Club for support. In centrally managed installations, F-Secure Anti-Virus for Microsoft Exchange Web Console cannot be used for configuring the system or scanning settings, but you can manage the quarantined content with it.
Page 15: Using Web Console
Using Web Console You can open F-Secure Anti-Virus for Microsoft Exchange Web Console in any of the following ways: Go to Windows Start menu > Programs > F-Secure Anti-Virus for  Microsoft Exchange > F-Secure Anti-Virus for Microsoft Exchange Web Console Enter the address of F-Secure Anti-Virus for Microsoft Exchange ...
Page 16 When you log in for the first time, your browser displays a Security Alert dialog window about the security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console. You can create a security certificate for F-Secure Anti-Virus for Microsoft Exchange Web Console before logging in, and then install the certificate during the login process.
Page 17: Modifying Settings And Viewing Statistics With Web Console
If the Security Alert window is still displayed, click to proceed or log back in to the F-Secure Anti-Virus for Microsoft Exchange Web Console. When the login page opens, log in to Web Console with your user name and the password.
Page 18: Checking The Product Status
1.2.3 Checking the Product Status You can check the overall product status on the Home page of F-Secure Anti-Virus for Microsoft Exchange Web Console. Summary and Services tabs in the Home page displays an overview of each component status and most important statistics of the installed F-Secure Anti-Virus for Microsoft Exchange components.
Page 19 After you have modified settings and cretated a new policy, it must be distributed to hosts. Choose Distribute from the File menu. After distributing the policy, you have to wait for F-Secure Anti-Virus for Microsoft Exchange to poll the new policy file. Alternatively, click...
Page 20 The settings descriptions in this manual indicate the settings for which you need to use the Final restriction. You can also check in F-Secure Policy Manager Console whether you need to use the Final restriction for a setting. Do the following: 1.
Page 21: Centrally Managed Administration
ENTRALLY ANAGED DMINISTRATION Overview..................20 F-Secure Anti-Virus for Microsoft Exchange Settings ....20 F-Secure Anti-Virus for Microsoft Exchange Statistics ....80 F-Secure Content Scanner Server Settings ....... 86 F-Secure Content Scanner Server Statistics......96 F-Secure Management Agent Settings ........99...
Page 22: Overview
Overview If F-Secure Anti-Virus for Microsoft Exchange is installed in the centrally administered mode, F-Secure Anti-Virus for Microsoft Exchange is managed centrally with F-Secure Policy Manager. In the centralized administration mode, you can use the F-Secure Anti-Virus for Microsoft Exchange Web Console for the quarantine management and to check the current status of F-Secure Anti-Virus for Microsoft Exchange, but you cannot change any settings with it.
Page 23 CHAPTER 2 Centrally Managed Administration Network Configuration The mail direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Page 24 Separate each IP address with a space. An IP address range can be defined as: a network/netmask pair (for example,  10.1.0.0/255.255.0.0), or a network/nnn CIDR specification (for  example, 10.1.0.0/16). You can use an asterisk (*) to match any number or dash (-) to define a range of numbers.
Page 25 CHAPTER 2 Centrally Managed Administration Lists and Templates Match Lists Specify file and match lists that can be used by other settings. List name Specify the name for the match list. Type Specify whether the list contains keywords, file patterns or e-mail addresses. Filter Specify file names, extensions, keywords or email addresses that the match list contains.
Page 26 If you change the Quarantine Storage setting, select the Final checkbox in the Restriction Editor to override initial settings. During the installation, F-Secure Anti-Virus for Microsoft Exchange adjusts the access rights to the Quarantine Storage so that only the product, operating system and the local administrator can access it.
Page 27 CHAPTER 2 Centrally Managed Administration The setting defines the default cleanup interval for all Quarantine categories. To change the cleanup interval for different categories, configure Quarantine Cleanup Exceptions settings. Quarantine Cleanup Specify separate Quarantine retention periods Exceptions and cleanup intervals for infected files, suspicious files, disallowed attachments, disallowed content, spam messages, scan failures and unsafe files.
Page 28 The product generates the message only when the item is removed from the Microsoft Exchange Server store and sends it automatically when you release the item to intended recipients. Automatically Specify how often the product tries to reprocess Process Unsafe unsafe messages that are retained in the Messages Quarantine.
Page 29 Connection Timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server. Send Timeout Specify the time (in seconds) how long the product waits for the sample submission to complete.
Page 30 If F-Secure Content Scanner Server uses a proxy server when it connects to the threat detection center and the proxy server requires authentication, the proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only.
Page 31: Transport Protection
CHAPTER 2 Centrally Managed Administration 2.2.2 Transport Protection You can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “Network Configuration”, 21. Attachment Filtering Specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension.
Page 32 Configure the Alert Forwarding table to specify where the alert is sent based on the severity level. The Alert Forwarding table can be found  F-Secure Management Agent/Settings/Alerting.
Page 33 CHAPTER 2 Centrally Managed Administration Virus Scanning Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Disabling virus scanning disables archive processing and grayware scanning as well. Scan Messages for Enable or disable the virus scan. The virus scan Viruses scans messages for viruses and other malicious code.
Page 34 Infected files inside archives are not disinfected even when the setting is enabled. Action on Infected Specify whether to drop the infected attachment Messages or the whole message when an infected message is found. Drop Attachment - Remove the infected attachment from the message and deliver the message to the recipient without the attachment.
Page 35 “Lists and Templates”, 23. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 36 Archive Processing Specify how the product processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to use up-to-date virus protection on their workstations. Archive processing is disabled when virus scanning is disabled.
Page 37 CHAPTER 2 Centrally Managed Administration Drop the whole message - Do not deliver the message to the recipient. Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content.
Page 38 “Quarantine Management”, 211. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange blocks a malformed, password protected, or overnested archive file. If the archive is blocked because it contains malware, grayware or disallowed files, the administrator receives a notification about that instead of this notification.
Page 39 CHAPTER 2 Centrally Managed Administration Grayware Scanning Specify how the product processes grayware items in inbound, outbound and internal messages. Note that grayware scanning increases the scanning overhead. By default, grayware scanning is enabled for inbound messages only. Grayware scanning is disabled when virus scanning is disabled. Scan Messages for Enable or disable the grayware scan.
Page 40 Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a grayware item in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 41 CHAPTER 2 Centrally Managed Administration Content Filtering Specify how F-Secure Anti-Virus filters disallowed content in inbound, outbound and internal messages. Filter Disallowed Specify whether e-mail messages are scanned Content for disallowed content. Disallowed Keywords Specify the list of disallowed keywords to check in Message Subject in e-mail message subjects.
Page 42 Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange finds a message with disallowed content. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level. The Alert Forwarding table can be found in: F-Secure Management Agent/Settings/ Alerting.
Page 43 Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam or virus outbreak. These settings are used only if F-Secure Spam Control is installed with the product. Otherwise they will be ignored. Spam Filtering Specify whether inbound mails are scanned for spam.
Page 44 If you enable the heuristic spam analysis, all messages that the threat detection engine does not classify as spam are further analyzed for spam. When the heuristic spam analysis is disabled, only the threat detection engine filters messages for spam. Heuristic spam analysis slows down the performance but improves the spam detection rate.
Page 45 CHAPTER 2 Centrally Managed Administration Add X-Header with Specify if a spam flag is added to the mail as the Spam Flag X-Spam-Flag header in the following format: X-Spam-Flag:<flag> where <flag> is YES or NO,  Add X-Header with Specify if the summary of triggered hits is added Summary to the mail as X-Spam-Status header in the following format:...
Page 46 Blocked Senders Specify blocked senders. Messages originating from the specified addresses are always treated as spam. Safe Recipients Specify safe recipients. Messages sent to the specified addresses are never treated as spam. Blocked Recipients Specify blocked recipients. Messages sent to the specified addresses are always treated as spam.
Page 47 CHAPTER 2 Centrally Managed Administration Mail Disclaimer When the disclaimer is enabled, a disclaimer text is added to all outbound messages. You can configure Mail Disclaimer settings for outbound messages only. IMPORTANT: Some malware add disclaimers to infected messages, so disclaimers should not be used for stating that the message is clean of malware.
Page 48 Max Levels of Nested Specify how many levels deep to scan in nested Messages e-mail messages. A nested e-mail message is a message that includes one or more e-mail messages as attachments. If zero (0) is specified, the maximum nesting level is not limited.
Page 49 Messages recovery. Notify Administrator Specify whether the administrator is notified when F-Secure Anti-Virus for Microsoft Exchange detects a malformed or a suspicious e-mail message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 50: Storage Protection
2.2.3 Storage Protection Edit general Storage Protection settings to configure how mailboxes and public folders are scanned in the Exchange Store with real-time, manual and scheduled scanning. Real-Time Scanning The real-time scanning can automatically scan messages that have been created or received. General Specify which messages you want to scan during the real-time scanning.
Page 51 CHAPTER 2 Centrally Managed Administration Scan Mailboxes Specify mailboxes that are scanned for viruses. Disabled - Do not scan any mailboxes. Scan All Mailboxes - Scan all mailboxes. Scan Only Included Mailboxes - Scan mailboxes specified in the Included Mailboxes list. Scan All Except Excluded Mailboxes - Scan all mailboxes except those specified in the Excluded Mailboxes list.
Page 52 Included Folders Specify public folders that are scanned for viruses when the Scan Public Folders setting is set to Scan Only Included Folders. Excluded Folders Specify public folders that are not scanned when the Scan Public Folders setting is set to Scan All Except Excluded Folders.
Page 53 CHAPTER 2 Centrally Managed Administration Archive Processing Specify how the product processes archive files in Microsoft Exchange Storage. Archive processing is disabled when virus scanning is disabled. Scan Archives Specify if files inside archives are scanned for viruses and other malicious code. List of Files to Scan Specify files that are scanned for viruses inside Inside Archives...
Page 54 Drop Archive - Archives with exceeding nesting levels are removed. Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content. Pass through - Leave the password protected archive in the message.
Page 55 CHAPTER 2 Centrally Managed Administration Grayware Exclusion Specify the list of keywords for grayware types List that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. Quarantine Dropped Specify whether grayware attachments are Grayware quarantined.
Page 56 To manually scan mailboxes and public folders you have specified in the settings, follow these instructions: 1. Browse to the F-Secure Anti-Virus for Microsoft Exchange / Operations / Manual Scanning branch in F-Secure Policy manager Console.
Page 57 CHAPTER 2 Centrally Managed Administration Disabled - Do not scan any public folders. Scan All Folders - Scan all public folders. Scan Only Included Folders - Scan public folders specified in the Included Folders list. Scan All Except Excluded Folders - Scan all public folders except those specified in the Excluded Folders list.
Page 58 Attachment Filtering Specify attachments that are removed from messages during the manual scan. Strip Attachments Enable or disable the attachment stripping. List of Attachments to Specify which attachments are stripped from Strip messages. For more information, see “Lists and Templates”, 23. Use Exclusions Specify attachments that are not filtered.
Page 59 CHAPTER 2 Centrally Managed Administration Use Exclusions Specify attachments that are not scanned. Leave the list empty if you do not want to exclude any attachments from the scan. Heuristic Scanning Enable or disable the heuristic scan. The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 60 Archive Processing Specify how the product processes archive files during the manual scan. Scan Archives Specify if files inside archives are scanned for viruses and other malicious code. List of Files to Scan Specify files that are scanned for viruses inside Inside Archives archives.
Page 61 CHAPTER 2 Centrally Managed Administration Action on Password Specify the action to take on archives which are Protected Archives protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their content. Pass through - Leave the password protected archive in the message.
Page 62 Grayware Scanning Specify how the product processes grayware items during the manual scan. Scan Messages for Enable or disable the grayware scan. Grayware Action on Grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 63 CHAPTER 2 Centrally Managed Administration File Type Recognition Select whether you want to use Intelligent File Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed.
Page 64 Scheduled Scanning You can schedule scan tasks to scan mailboxes and public folders periodically. The scheduled scanning table displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. To deactivate scheduled tasks in the list, clear the Active ...
Page 65 CHAPTER 2 Centrally Managed Administration Step 1. General Properties Enter the name for the new task and select how frequently you want the operation to be performed. Task name Specify the name of the scheduled operation. Do not use any special characters in the task name.
Page 66 Monthly - Every month at the specified time on the same date when the first operation is scheduled to start. Start time Enter the start time of the task in hh:mm format. Start date Enter the start date of the task in mm/dd/yyyy format Step 2.
Page 67 CHAPTER 2 Centrally Managed Administration Scan only included mailboxes - Scan all specified mailboxes. Click Remove edit mailboxes that are scanned. Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Remove to edit mailboxes that are not scanned.
Page 68 Step 3. Public Folders Choose which public folders are processed during the scheduled operation. Public folders Specify public folders that are processed during the scheduled scan. Do not scan public folders - Disable the public folder scanning. Scan all public folders - Scan all public folders. Scan only included public folders - Scan all specified public folders.
Page 69 CHAPTER 2 Centrally Managed Administration Scan all except excluded public folders - Do not scan specified public folders but scan all other. Click Remove to edit public folders that are not scanned. The format to enter the included or excluded mailbox is the name of the public folder.
Page 70 Step 4. Attachment Filtering Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Lists and Templates”, 23.
Page 71 CHAPTER 2 Centrally Managed Administration Actions Quarantine stripped Specify whether stripped attachments are attachments quarantined. Do not quarantine Specify file names and file extensions which are these attachments not quarantined even when they are stripped. For more information, see “Lists and Templates”, Notifications Replacement text...
Page 72 Step 5. Virus Scanning Choose settings for virus scanning during the scheduled operation. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code. General Options Heuristic Scanning Enable or disable the heuristic scanning. The heuristic scanning analyzes files for suspicious code behavior so that the product can detect unknown malware.
Page 73 CHAPTER 2 Centrally Managed Administration Scan these Specify attachments that are scanned for attachments viruses. For more information, see “Lists and Templates”, 23. Exclude these Specify attachments that are not scanned. attachments from Leave the list empty if you do not want to scanning exclude any attachments from the scanning.
Page 74 Step 6. Grayware Scanning Choose settings for grayware scanning during the scheduled operation. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 75 CHAPTER 2 Centrally Managed Administration Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Lists and Templates”, 23.
Page 76 Step 7. Archive Processing Choose settings for stripping attachments during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 77 CHAPTER 2 Centrally Managed Administration Detect disallowed Specify whether files inside compressed archive files inside archives files are processed for disallowed content. Disallowed content is not processed when the archive scanning is disabled. Actions Action on archives Specify the action to take on archives which with disallowed files contain disallowed files.
Page 78 Pass through - Deliver the message with the password protected archive to the recipient. Drop archive - Remove the password protected archive from the message and deliver the message to the recipient without it. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine.
Page 79 CHAPTER 2 Centrally Managed Administration Step 8. Processing Options Choose advanced processing options for all the messages processed during the scheduled operation. Processing options Incremental scanning Specify whether you want to process all messages or only those messages that have not been processed previously during the manual or scheduled processing.
Page 80 It is not recommended to set the maximum nesting level to unlimited as this will make the product more vulnerable to DoS (Denial-of-Service) attacks. File type recognition Use intelligent file Select whether you want to use Intelligent File type recognition Type Recognition or not.
Page 81 CHAPTER 2 Centrally Managed Administration Step 9. Summary The Scheduled Task Wizard displays the summary of created operation. Click Finish to accept the new scheduled operation and to exit the wizard.
Page 82: F-Secure Anti-Virus For Microsoft Exchange Statistics
Statistics To view statistics, open the Status tab from the Properties pane and open the Statistics subtree. It displays statistics for the host for each F-Secure Anti-Virus for Microsoft Exchange installation. If a policy domain is selected, the Status view displays the number of hosts in the domain and which hosts are disconnected from F-Secure Policy Manager.
Page 83: Common
Displays the last date and time when the Statistics statistics were reset. MIB Version Displays the MIB version number. Installation Directory Displays the complete path where F-Secure Anti-Virus for Microsoft Exchange is installed. Build Displays the F-Secure Anti-Virus for Microsoft Exchange build number.
Page 84: Transport Protection
2.3.2 Transport Protection You can view the inbound, outbound and internal message statistics separately. Previous Reset of Displays the date and time of the last reset of Statistics statistics. Number of Processed Displays the total number of processed Messages messages since the last reset of statistics. Number of Infected Displays the number of messages with Messages...
Page 85: Storage Protection
CHAPTER 2 Centrally Managed Administration 2.3.3 Storage Protection Common Number of Mailboxes Displays the number of currently protected user mailboxes. Number of Public Displays the number of currently protected Folders public folders. Real-time and Background Scanning Previous Reset of Displays the date and time of the last reset of Statistics statistics.
Page 86 Manual Scanning Total Number of Displays the total number of mailboxes in Mailboxes Exchange Store that the product processes during the manual scan. Number of Processed Displays the number of mailboxes that have Mailboxes been processed. Total Number of Displays the total number of Public folders in the Public Folders Exchange Store that the product processes during the manual scan.
Page 87: Quarantine
CHAPTER 2 Centrally Managed Administration Last Infection Found Displays the name of the last infection found. Last Time Infection Displays the time when the last infection was Found found. Previous Scanning Displays the date and time of the previous manual scan. 2.3.4 Quarantine The quarantine statistics display the total number of quarantined items,...
Page 88: F-Secure Content Scanner Server Settings
F-Secure Content Scanner Server Settings Use the variables under the F-Secure Content Scanner Server / Settings branch to define the settings for content providers and to change the general content scanning options. 2.4.1 Interface Specify how the server will interact with clients.
Page 89: Virus Scanning
2.4.2 Virus Scanning Specify scanning engines to be used when F-Secure Content Scanner Server scans files for viruses, and the files that should be scanned. Scan Engines Scan engines can be enabled or disabled. If...
Page 90 Max Levels in Nested If Scan Inside Archives is enabled, F-Secure Archives Content Scanner Server can scan files inside archives that may exist inside of other archives.
Page 91 CHAPTER 2 Centrally Managed Administration Acceptable Unpacked Specify the acceptable unpacked size (in Size Threshold kilobytes) for archive files. If the unpacked size of an archive file exceeds this threshold, the server will consider the archive suspicious and corresponding action will be taken.
Page 92: Virus Statistics
F-Secure World Map about viruses and other malware to the F-Secure World Map service. When the F-Secure World Map support is enabled, the product sends encrypted e-mail reports periodically to the service. These reports list only the name and the amount of...
Page 93: Database Updates
Specify whether the product should verify Downloaded Databases that the downloaded virus definition databases are the original databases published by F-Secure Corporation and that they have not been altered or corrupted in any way before taking them to use. Notify When Databases...
Page 94: Spam Filtering
You might need to modify this setting if you enable Realtime Blackhole Lists (DNSBL/ RBL) for spam filtering. For more information, consult F-Secure Anti-Virus for Microsoft Exchange Deployment Guide. You have to restart the Content Scanner Server after you change this setting and distribute the policy to take the new setting into use.
Page 95: Threat Detection Engine
CHAPTER 2 Centrally Managed Administration 2.4.6 Threat Detection Engine Configure the virus outbreak and spam threat detection. VOD Cache Size Specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns.
Page 96: Proxy Configuration
Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted Networks Specify networks and hosts in the mail relay network which can be trusted not to be operated by spammers and do not have open relays or open proxies.
Page 97: Advanced
Working directory are deleted. The default clean interval is 30 minutes. Free Space Threshold Specify when F-Secure Content Scanner Server should send a low disk space alert to the administrator. The default setting is 100 megabytes.
Page 98: F-Secure Content Scanner Server Statistics
F-Secure Content Scanner Server Statistics The Statistics branch in the F-Secure Content Scanner Server tree displays the version of F-Secure Content Scanner Server that is currently installed on the selected host and the location of F-Secure Content Scanner Server installation directory.
Page 99: Scan Engines
CHAPTER 2 Centrally Managed Administration Last Time Infection The date and time when the last infection Found was found. 2.5.2 Scan Engines The Scan Engines table displays the scan engine statistics and information. Name Displays the name of the scan engine. Version Displays the version number of the scan engine.
Page 100: Common
Infected Files Displays the number of infected files found by the scan engine. Disinfected Files Displays the number of files successfully disinfected by the scan engine. Database Version Displays the current version of database updates used by the scan engine. 2.5.3 Common The Common statistics branch displays the list of installed product...
Page 101: Virus Statistics
Displays the list of most active viruses. F-Secure Management Agent Settings If the F-Secure Anti-Virus for Microsoft Exchange is working in centrally administered mode, you have to make sure F-Secure Anti-Virus for Microsoft Exchange sends and receives data from F-Secure Policy Manager Server.
Page 102 F-Secure Management Agent from downloading large remote installation packages over slow network connections. F-Secure Management Agent measures the speed of the network link to F-Secure Policy Manager Server and stops the download if the minimum speed specified by this setting is not met.
Page 103: F-Secure Automatic Update Agent Settings
CHAPTER 2 Centrally Managed Administration F-Secure Automatic Update Agent Settings Using F-Secure Automatic Update Agent is the most convenient way to keep the databases updated. It connects to F-Secure Policy Manager Server or the F-Secure Update Server automatically. In order to update the spam definition databases F-Secure Automatic Update Agent must be installed on the same computer as F-Secure Spam Control.
Page 104 PM Proxies Specify F-Secure Policy Manager Proxies that you want to use as sources for automatic updates. If no F-Secure Policy Manager Proxies are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically. Intermediate server...
Page 105: Chapter 3 Administration With Web Console
DMINISTRATION WITH ONSOLE Overview................... 104 Home..................104 Transport Protection ..............109 Storage Protection..............135 Spam Control................129 Quarantine................172 Automatic Updates ..............181 Engines..................198 General Server Properties............187...
Page 106: Overview
Overview This section describes how to use Web Console to administer F-Secure Anti-Virus for Microsoft Exchange. If F-Secure Anti-Virus for Microsoft Exchange is installed in the stand-alone mode, it can be administered with F-Secure Anti-Virus for Microsoft Exchange Web Console. The Web Console is installed with F-Secure Anti-Virus for Microsoft Exchange.
Page 107 Error; the license has expired, the feature is not installed, all antivirus engines are disabled or a component is not loaded, F-Secure Content Scanner Server is not up and running or virus and spam definition databases are really old.
Page 108 For more information, see “Searching the Quarantined Content”, 214. Log Files Click View F-Secure Log to view the F-Secure log file (LogFile.log) in a new Internet browser window. Click Download to download and save the LogFile.log for later use. Click View Automatic Update Log to view the update log file.
Page 109 CHAPTER 3 Administration with Web Console Services Under the Services tab, you can start, stop and restart F-Secure Anti-Virus for Microsoft Exchange, F-Secure Content Scanner Server and F-Secure Automatic Update Agent.
Page 110 The product can collect and send statistics about viruses and other malware to the F-Secure World Map service. If you enable F-Secure World Map support, make sure that the server can relay messages properly. For more information, see “Sending E-mail Alerts And Reports”, 234.
Page 111: Transport Protection
CHAPTER 3 Administration with Web Console Transport Protection You can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “Network Configuration”, 194. After you apply new transport protection settings, it can take up to 20 seconds for the new settings to take effect.
Page 112 Infected messages Displays the number of messages with attachments that are infected and cannot be automatically disinfected. High & Medium virus Displays the number of messages that have risk messages been identified as unsafe; messages that contain patterns that can be assumed to be a part of a virus outbreak.
Page 113: Attachment Filtering
CHAPTER 3 Administration with Web Console 3.3.1 Attachment Filtering Specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension. Strip Attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments...
Page 114 Actions Action on disallowed Specify how disallowed attachments are attachments handled. Drop Attachment - Remove the attachment from the message and deliver the message to the recipient without the disallowed attachment. Drop the Whole Message - Do not deliver the message to the recipient at all.
Page 115 CHAPTER 3 Administration with Web Console Send alert to Specify whether the administrator is notified administrator when the product strips an attachment. If you enable the notification, specify the alert level of the notification. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 116: Virus Scanning
3.3.2 Virus Scanning Specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Disabling virus scanning disables grayware scanning and archive processing as well. Scan e-mail Enable or disable the virus scan. The virus scan messages for viruses scans messages for viruses and other malicious code.
Page 117 CHAPTER 3 Administration with Web Console By default, the heuristic scan is enabled for inbound mails and disabled for outbound and internal mails. The heuristic scan may affect the product performance and increase the risk of false malware alarms. Proactive virus threat Select whether Proactive Virus Threat Detection detection is enabled or disabled.
Page 118 Disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled. Action on infected Specify whether infected messages are messages disinfected or dropped. Drop Attachment - Remove the infected attachment from the message and deliver the message to the recipient without the attachment.
Page 119: Grayware Scanning
Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a virus in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity level.
Page 120 Note that grayware scanning increases the scanning overhead. By default, grayware scanning is enabled for inbound messages only. Grayware scanning is disabled when virus scanning is disabled. Scan e-mail Enable or disable the grayware scan. messages for grayware Actions Action on grayware Specify the action to take on items which contain grayware.
Page 121 Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a grayware item in a message. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 122: Archive Processing
3.3.4 Archive Processing Specify how F-Secure Anti-Virus for Microsoft Exchange processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to use up-to-date virus protection on their workstations.
Page 123 CHAPTER 3 Administration with Web Console Exclude these files Specify files that are not scanned inside archives. Leave the list empty if you do not want to exclude any files from the scanning. Limit max levels of Specify how many levels of archives inside other nested archives archives the product scans when Scan Viruses Inside Archives is enabled.
Page 124 Notifications Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange blocks a suspicious overnested or password protected archive file. If the archive is blocked because it contains malware, grayware or disallowed files, the administrator receives a notification about that instead of this notification.
Page 125: Content Filtering
CHAPTER 3 Administration with Web Console 3.3.5 Content Filtering Specify how F-Secure Anti-Virus for Microsoft Exchange filters disallowed content in inbound, outbound and internal messages. Filter out e-mail Specify whether e-mail messages are scanned messages with for disallowed content. disallowed/...
Page 126 Templates”, 209. Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange finds a message with disallowed content. Configure the Alert Forwarding table to specify where the alert is sent based on the severity...
Page 127 CHAPTER 3 Administration with Web Console Using Keywords in Content Filtering When the content filtering is enabled, all messages are checked against every keyword sequence that is specified in the selected list of keywords. A keyword may contain any characters, including punctuation symbols, spaces, and other word separators.
Page 128: Other Options
3.3.6 Other Options Configure other options to limit actions on malformed and problematic messages. File Type Recognition Intelligent file type Select whether you want to use Intelligent File recognition Type Recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use.
Page 129 CHAPTER 3 Administration with Web Console Using Intelligent File Type Recognition strengthens the security, but can degrade the system performance. Trusted senders and recipients List of trusted Specify senders who are excluded from the mail senders scanning and processing. List of trusted Specify recipients who are excluded from the recipients mail scanning and processing.
Page 130 Specify if mails that contain malformed or broken problematic attachments are quarantined for later analysis or messages recovery. Notifications Send alert to Specify whether the administrator is notified administrator when F-Secure Anti-Virus for Microsoft Exchange detects a malformed or a suspicious e-mail message.
Page 131: Spam Control
For more information, see “Alerting”, 190. Spam Control The threat detection engine of F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam of virus outbreak.
Page 132: Status
3.4.1 Status The Status page displays the statistics of the spam scanner: Spam scanner Displays the version number of the installed version spam scanner. Number of processed Displays the total number of processed messages messages since the last reset of statistics. Last updated Displays the date and time when the latest spam definition update was retrieved.
Page 133: Settings
Settings Specify how F-Secure Anti-Virus for Microsoft Exchange processes inbound spam messages. These settings are used only if F-Secure Spam Control is installed with the product, otherwise these settings are not available. Check inbound e-mail Specify whether inbound mails are scanned for messages for spam spam.
Page 134 Options Heuristic spam Specify whether heuristic spam analysis is used analysis to filter inbound mails for spam. If you enable the heuristic spam analysis, all messages that the threat detection engine does not classify as spam are further analyzed for spam.
Page 135 CHAPTER 3 Administration with Web Console Forward spam messages to e-mail address - Specify the e-mail address where messages considered as spam are forwarded when the Action on Spam Messages setting is set to Forward. Spam confidence Click Add new action to add a new action for level messages with the spam level above the...
Page 136 where <flag> is Yes or No,  <scr> is the spam confidence rating  returned by the spam scanner, <sfl> is the current spam filtering level,  <tests> is the comma-separated list of  tests run against the mail. Modify spam Specify if the product modifies the subject of message subject mail messages considered as spam.
Page 137: Storage Protection
CHAPTER 3 Administration with Web Console Storage Protection Configure Storage Protection settings to specify how e-mail messages and attachments in selected mailboxes and public folders should be scanned. Status The Status page displays a summary of the protected mailboxes and public folders and infections found.
Page 138 Infected items Displays the number of items that are infected and cannot be automatically disinfected. Grayware items Displays the number of grayware items, including spyware, adware, dialers, joke programs, remote access tools and other unwanted applications. Suspicious items Displays the number of suspicious content found, for example password-protected archives and nested archives.
Page 139: Real-Time Scanning
CHAPTER 3 Administration with Web Console 3.5.1 Real-Time Scanning The real-time scanning can automatically scan messages that have been created or received. General Real-time scanning scans messages in mailboxes and public folders for viruses. Scanning Scan only messages Specify which messages are scanned with the created within real-time scanning, for example;...
Page 140 This setting works only with Microsoft Exchange Server 2007 and 2010. Scan timeout Specify how long to wait for the real-time scan result. After the specified time, the client that tries to access the scanned message gets the "virus scanning in progress" notificaion. File Type Recognition Intelligent file type Select whether you want to use Intelligent File...
Page 141 CHAPTER 3 Administration with Web Console Virus Scanning Specify messages and attachments in the Microsoft Exchange Storage that should be scanned for malicious code. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Disable the mailbox scanning.
Page 142 Scan all except excluded mailboxes - Do not scan specified mailboxes but scan all other. Click Edit to add or remove mailboxes that should not be scanned. Scan public folders Specify public folders that are scanned for viruses. Do not scan public folders - Disable the public folder scanning.
Page 143 CHAPTER 3 Administration with Web Console Disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled. Quarantine infected Specify whether infected attachments are attachments quarantined. Do not quarantine Specify virus and malware infections that are these infections never placed in the quarantine.
Page 144 Grayware Scanning Specify how the product processes grayware items during real-time scanning. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware. Report only- Leave grayware items in the message and notify the administrator.
Page 145 CHAPTER 3 Administration with Web Console Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Match Lists”, 208.
Page 146 Archive Processing Specify how F-Secure Anti-Virus for Microsoft Exchange processes archive files in Microsoft Exchange Storage. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files that are scanned for viruses inside inside archives archives.
Page 147 CHAPTER 3 Administration with Web Console A nested archive is an archive that contains another archive inside. If zero (0) is specified, the maximum nesting level is not limited. Specify the number of levels the product goes through before the action selected in Limit max Levels of Nested Archives takes place.
Page 148: Manual Scanning
3.5.2 Manual Scanning You can scan mailboxes and public folders for viruses and strip attachments manually at any time. Statistics The Statistics page displays a summary of the messages processed during the latest manual scan: Status Displays whether the manual scan is running or stopped.
Page 149 CHAPTER 3 Administration with Web Console Estimated time left Displays the time left when the manual scan is running. Elapsed time Displays how long it has been since the manual scan started. Processed items Displays the number of items processed during the scan.
Page 150 General Specify which messages you want to scan during the manual scan. Targets Scan mailboxes Specify mailboxes that are scanned for viruses. Do not scan mailboxes - Do not scan any mailboxes during the manual scan. Scan all mailboxes - Scan all mailboxes. Scan only included mailboxes - Scan all specified mailboxes.
Page 151 CHAPTER 3 Administration with Web Console Scan public folders Specify public folders that are scanned for viruses. Do not scan public folders - Do not scan any public folders during the manual scan. Scan all folders - Scan all public folders. Scan only included public folders - Scan all specified public folders.
Page 152 Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent File Type Recognition can recognize the real file type of the message attachment and use that while the attachment is processed. Using Intelligent File Type Recognition strengthens the security, but can degrade the system performance.
Page 153 CHAPTER 3 Administration with Web Console Attachment Filtering Specify attachments that are remove from messages during the manual scan. Strip attachments Enable or disable the attachment stripping. Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Match Lists”, 208.
Page 154 Do not quarantine Specify files which are not quarantined even these attachments when they are stripped. For more information, “Match Lists”, 208. Notifications Replacement Text Specify the template for the text that replaces Template the infected attachment when the stripped attachment is removed from the message.
Page 155 CHAPTER 3 Administration with Web Console Virus Scanning Specify messages and attachments that should be scanned for malicious code during the manual scan. Scan messages for Enable or disable the virus scan. The virus scan viruses scans messages for viruses and other malicious code.
Page 156 The heuristic scan may affect the product performance and increase the risk of false malware alarms. Targets Scan these Specify attachments that are scanned for attachments viruses. For more information, see “Match Lists”, 208. Exclude these Specify attachments that are not scanned. attachments Leave the list empty if you do not want to exclude any attachments from the scanning.
Page 157 CHAPTER 3 Administration with Web Console Grayware Scanning Specify how the product processes grayware items during the manual scan. Scan messages for Enable or disable the grayware scan. grayware Actions Action on grayware Specify the action to take on items which contain grayware.
Page 158 Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Match Lists”, 208. Quarantine dropped Specify whether grayware attachments are grayware quarantined when dropped.
Page 159 CHAPTER 3 Administration with Web Console Archive Processing Specify how the product processes archive files during the manual scan. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 160 Detect disallowed Specify whether files inside compressed archive files inside archives files are processed for disallowed content. If you want to detect disallowed content, specify files that are not allowed. For more information, “Match Lists”, 208. Actions Action on archives Specify the action to take on archives that with disallowed files contain disallowed content.
Page 161: Scheduled Scanning
CHAPTER 3 Administration with Web Console Drop archive - Remove the password protected archive from the message. Quarantine dropped Specify whether archives that are not delivered archives to recipients are placed in the quarantine. For more information, see “Match Lists”, 208. 3.5.3 Scheduled Scanning The Scheduled Tasks list displays all scheduled tasks and date and time...
Page 162 Creating Scheduled Task Click Add new task in the Scheduled Scanning page to start the Scheduled Operation Wizard. Step 1. Specify Scanning Task Name and Schedule Enter the name for the new task and select how frequently you want the operation to be performed.
Page 163 CHAPTER 3 Administration with Web Console Once - Only once at the specified time. Daily - Every day at the specified time, starting from the specified date. Weekly - Every week at the specified time on the same day when the first operation is scheduled to start.
Page 164 Scan only included public folders - Scan all specified public folders. Click Edit to add or remove public folders that should be scanned. Scan all except excluded public folders - Do not scan specified public folders but scan all other. Click Edit to add or remove public folders that...
Page 165 CHAPTER 3 Administration with Web Console Limit max levels of Specify how many levels deep to scan in nested nested messages e-mail messages. A nested e-mail message is a message that includes one or more e-mail messages as attachments. If zero (0) is specified, the maximum nesting level is not limited.
Page 166 Step 2. Specify Attachment Filtering Options Choose settings for stripping attachments during the scheduled operation. Strip attachments Enable or disable the attachment stripping. from e-mail messages Targets Strip these Specify which attachments are stripped from attachments messages. For more information, see “Match Lists”, 208.
Page 167 CHAPTER 3 Administration with Web Console Do not quarantine Specify files which are not quarantined even these attachments when they are stripped. For more information, “Match Lists”, 208. Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the stripped attachment is removed from the message.
Page 168 If you disable the virus scan, grayware scanning and archive processing are disabled as well. Heuristic Scanning Enable or disable the heuristic scanning. The heuristic scanning analyzes files for suspicious code behavior so that the product can detect unknown malware. Heuristic scanning may affect the product performance and increase the risk of false malware alarms.
Page 169 CHAPTER 3 Administration with Web Console Notifications Replacement text Specify the template for the text that replaces template the infected attachment when the infected attachment is removed from the message. For more information, see “Message Templates”, 209. Step 4. Specify Grayware Scanning Options Choose settings for grayware scanning during the scheduled operation.
Page 170 Drop attachment - Remove grayware items from the message. Grayware exclusion Specify the list of keywords for grayware types list that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “Match Lists”, 208.
Page 171 CHAPTER 3 Administration with Web Console Step 5. Specify Archive Processing Options Choose settings for archive processing during the scheduled operation. Scan archives Specify if files inside archives are scanned for viruses and other malicious code. Targets List of files to scan Specify files inside archives that are scanned for inside archives viruses.
Page 172 Actions Action on archives Specify the action to take on archives which with disallowed files contain disallowed files. Pass through - Deliver the message with the archive to the recipient. Drop archive - Remove the archive from the message and deliver the message to the recipient without it.
Page 173 CHAPTER 3 Administration with Web Console Step 6. Finish The Scheduled Operation Wizard displays the summary of created operation. Click Finish to accept the new scheduled operation and to exit the wizard.
Page 174: Quarantine
Quarantine Quarantine in F-Secure Anti-Virus for Microsoft Exchange is handled through a SQL database. The product is able to quarantine e-mails and attachments which contain malicious or otherwise unwanted content, such as spam messages. The Quarantine management is divided into two different parts: Quarantine-related configuration, and ...
Page 175: Query
CHAPTER 3 Administration with Web Console Spam Displays the number of messages that are classified as spam. Unsafe Displays the number of messages that have been identified as unsafe; messages that contain patterns that can be assumed to be a part of a spam or virus outbreak Scan failure Displays the number of files that could not be...
Page 176 General Quarantine Options When F-Secure Anti-Virus for Microsoft Exchange places content to the Quarantine, it saves the content as separate files into the Quarantine Storage and inserts an entry to the Quarantine Database with information about the quarantined content. Quarantine storage...
Page 177 CHAPTER 3 Administration with Web Console Make sure that F-Secure Anti-Virus for Microsoft Exchange service has write access to this directory. Adjust the access rights to the directory so that only the F-Secure Anti-Virus for Microsoft Exchange service and the local administrator can access files in the Quarantine.
Page 178 Quarantine Maintenance When quarantined content is reprocessed, it is scanned again, and if it is found clean, it is sent to the intended recipients. For more information, “Reprocessing the Quarantined Content”, 223. When removing quarantined messages from the quarantine, the product uses the currently configured quarantine retention and cleanup settings.
Page 179 CHAPTER 3 Administration with Web Console Final action on unsafe Specify the action on unsafe messages after messages the maximum number of reprocesses have been attempted. Leave in Quarantine - Leave messages in the Quarantine and process them manually. Release to Intended Recipients - Release messages from the Quarantine and send them to original recipients.
Page 180 Infected  Suspicious  Disallowed attachment  Disallowed content  Spam  Scan failure  Unsafe  Grayware  Retention period - Specify an exception to the default retention period for the selected Quarantine category. Cleanup interval - Specify an exception to the default cleanup interval for the selected Quarantine category.
Page 181 CHAPTER 3 Administration with Web Console Quarantine Database You can specify the database where information about quarantined e-mails is stored and from which it is retrieved. Quarantine database SQL server name The name of the SQL server where the database is located. Database name The name of the quarantine database.
Page 182 Quarantine Logging Specify where F-Secure Anti-Virus for Microsoft Exchange stores Quarantine log files. Logging directory Quarantine log Specify the path for Quarantine log files. directory Logging options Rotate quarantine Specify how often the product rotates logs Quarantine log files. At the end of each rotation time a new log file is created.
Page 183: Automatic Updates
CHAPTER 3 Administration with Web Console Automatic Updates With F-Secure Automatic Update Agent, virus and spam definition database updates are retrieved automatically when they are published to F-Secure Update Server. Tasks Click Check for updates now to check that the product is using the latest database updates.
Page 184 Status The Status page displays information on the latest update. Channel name Displays the channel from where the updates are downloaded. Channel address Displays the address of the Automatic Updates Server. Latest installed Displays the version and name of the latest update installed update.
Page 185: Communications
Last successful check Displays the date and time when the last time successful update check was done. Downloads The Downloads page displays information about downloaded and installed update packages. 3.7.1 Communications Specify how the product connects to F-Secure Update Server.
Page 186 Automatic Updates General Settings Edit General settings to select whether you want to use automatic updates and how often the product checks for new updates.
Page 187 User defined proxy field. Update Server Allow fetching Specify whether the product should connect to updates from F-Secure Update Server when it cannot connect F-Secure Update to any user-specified update server. To edit the Server list of update sources, see “Policy Manager...
Page 188 Policy Manager Proxies Edit the list of virus definition database update sources and F-Secure Policy Manager proxies. If no update servers are configured, the product retrieves the latest virus definition updates from F-Secure Update Server automatically. To add a new update source address to the list, follow these instructions: 1.
Page 189: General Server Properties
CHAPTER 3 Administration with Web Console The product connects to the source with the smallest priority number first (1). If the connection to that source fails, it tries to connect to the source with the next smallest number (2) until the connection succeeds.
Page 190: Administration
Click F-Secure support tool to run the F-Secure Support Tool utility to gather a report for F-Secure Technical Support. For more information, see “F-Secure Support Tool”, 247. 3.8.1 Administration Configure Administration settings to change the management mode, ...
Page 191 Administration with Web Console Management Mode Communication method If you use F-Secure Policy Manager Server, specify the URL of F-Secure Policy Manager Server. Do not add a slash at the end of the URL. For example: “http://fsms.example.com”. Select Stand-alone if you use F-Secure Anti-Virus for Exchange Web Console to administer the product.
Page 192 Alerting You can specify where an alert is sent according to its severity level. You can send the alert to any of the following: F-Secure Policy Manager  Windows Event Log  If you choose to forward alerts to e-mail, specify the SMTP server address, alert message subject line and the return address of the alert e-mail.
Page 193 Administration with Web Console Click Apply. Informational and warning-level alerts are not sent to F-Secure Policy Manager Console by default. If you want to use centralized administration mode, it is recommended to have all alerts sent to F-Secure Policy Manager Console.
Page 194 Web Console Change Web Console settings to configure how you connect to F-Secure Anti-Virus for Microsoft Exchange Web Console. General Limit session timeout Specify the length of time a client can be connected to the server. When the session expires, the F-Secure Anti-Virus for Microsoft Exchange Web Console terminates the session and displays a warning.
Page 195 Specify the port where the server listens for connections. The default port is 25023. Allowed hosts Specify a list of hosts which are allowed to connect to F-Secure Anti-Virus for Microsoft Exchange Web Console. To add a new host in the list, click Add new hosts and enter the IP address of the host.
Page 196: Network Configuration
3.8.2 Network Configuration The mail direction is based on the Internal domains and Internal SMTP senders settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Page 197 CHAPTER 3 Administration with Web Console On Microsoft Exchange Server 2003, internal messages which are submitted via MAPI or Pickup Folder are not delivered via transport level. Therefore, those messages do not pass Transport Protection and they are checked on the storage level only. Internal Domains Specify internal domains.
Page 198: Notifications
Sender. 3.8.3 Notifications Specify Notification Sender Address that is used by F-Secure Anti-Virus for Microsoft Exchange for sending warning and informational messages to the end-users (for example, recipients, senders and mailbox owners). Make sure that the notification sender address is a valid SMTP address.
Page 199: Sample Submission
Specify the time interval (in minutes) how long F-Secure Anti-Virus for Microsoft Exchange should wait before trying to send the sample again if the previous submission failed. Connection timeout Specify the time (in seconds) how long the product tries to contact the F-Secure Hospital server.
Page 200: Engines
Send timeout Specify the time (in seconds) how long the product waits for the sample submission to complete. 3.8.5 Engines The Engines Status page displays server statistics and the current status of scanning engines. Server Statistics Number of scanned The number of files that have been scanned. files Last virus database The last date and time when the virus definition...
Page 201 CHAPTER 3 Administration with Web Console Virus database The version number of the virus definition update version database. Last time infection The date and time when the last infection was found found. Last infection found The name of the last infection that was found. Scan Engines The Scan Engines list displays scan engines and the database update statistics.
Page 202 Notify when Specify when virus definition databases are databases are older outdated. If databases are older than the than specified amount of days, F-Secure Content Scanner Server sends an alert to the administrator. Notify when Specify the alert F-Secure Content Scanner...
Page 203 F-Secure Corporation and that they have not been altered or corrupted in any way before taking them to use. Proxy Server F-Secure Content Scanner Server can use a proxy server to connect to the threat detection center.
Page 204 Specify the user name for the proxy server authentication. Password Specify the password for the proxy server authentication. Domain Specify the domain name for the proxy server authentication. The proxy authentication settings can be configured with F-Secure Anti-Virus for Microsoft Exchange Web Console only.
Page 205 CHAPTER 3 Administration with Web Console Threat Detection F-Secure Anti-Virus for Microsoft Exchange can identify spam and virus outbreak patterns from messages. Cache VOD cache size Specify the maximum number of patterns to cache for the virus outbreak detection service.
Page 206 Pass through - The message is passed through without scanning it for spam. Heuristic Scanning - F-Secure Content Scanner Server checks the message using spam heuristics. Trusted networks Specify networks and hosts in the mail relay...
Page 207 CHAPTER 3 Administration with Web Console Advanced Configure Advanced options to set the working directory and optimize the product performance. Working directory Working directory Specify the working directory. Enter the complete path to the field or click Browse browse to the path you want to set as the new working directory.
Page 208 If the option is set to zero (0), all data transfers via shared memory are disabled. The setting is ignored if the local interaction mode is disabled. Maximum number of Specify how many files F-Secure Content concurrent Scanner Server should process simultaneously. transactions Maximum scan...
Page 209 CHAPTER 3 Administration with Web Console IMPORTANT: Spam analysis is a processor-intensive operation and each spam scanner instance takes approximately 25MB of memory (process fsavsd.exe). Do not increase the number of instances unless the product is running on a powerful computer.
Page 210: Lists And Templates
3.8.6 Lists and Templates Match Lists are lists of file name patterns, keywords, or e-mail addresses that can be used with certain product settings. Message Templates can be used for notification messages. Match Lists Click the name of an existing match list to edit the list or Add new list create a new match list.
Page 211 CHAPTER 3 Administration with Web Console Filter Specify file names, extensions, keywords or email addresses that the match list contains. To create a filter based on file name extensions, enter only the exension to the list (for example, EXE). Message Templates Click the name of an existing template to edit it or Add new item to create...
Page 212 Message body Specify the notification message text. For more information about the variables you can use in notification messages, see “Variables in Warning Messages”, 231. Description Specify a short description for the template.
Page 213 UARANTINE ANAGEMENT Introduction................212 Configuring Quarantine Options..........214 Quarantine Status..............214 Searching the Quarantined Content......... 214 Query Results Page ..............219 Quarantine Operations ............. 221 Moving the Quarantine Storage..........226...
Page 214: Introduction
Introduction You can manage and search quarantined mails with the F-Secure Anti-Virus for Microsoft Exchange Web Console. You can search for quarantined content by using different search criteria, including the quarantine ID, recipient and sender address, the time period during which the message was quarantined, and so on.
Page 215: Quarantine Reasons
Quarantine Management MSDE is delivered together with the product. If you want to use another database (Microsoft SQL Server 2000), you must buy it and get your own license before you start to deploy F-Secure Anti-Virus for Microsoft Exchange. Quarantine Storage...
Page 216: Configuring Quarantine Options
Configuring Quarantine Options In stand-alone installations, all the quarantine settings can be configured on the Quarantine page in F-Secure Anti-Virus for Microsoft Exchange Web Console. For more information on the settings, see “Quarantine”, 172. Quarantine Status The Quarantine status page displays the number of quarantined items in each quarantine category, and the total size of the quarantine.
Page 217 CHAPTER 4 Quarantine Management You can use any of the following search criteria. Leave all fields empty to see all quarantined content. Quarantine ID Enter the quarantine ID of the quarantined message. The quarantine ID is displayed in the notification sent to the user about the quarantined message and in the alert message.
Page 218 Reason Select the quarantining reason from the drop-down menu. For more information, see “Quarantine Reasons”, 213. Reason details Specify details about the scanning or processing results that caused the message to be quarantined. For example: The message is infected - specify the name of the infection that was found in an infected message.
Page 219 CHAPTER 4 Quarantine Management Show only You can use this option to view the current status of messages that you have set to be reprocessed, released or deleted. Because processing a large number of e-mails may take time, you can use this option to monitor how the operation is progressing.
Page 220 Click Query to start the search. The Quarantine Query Results page is displayed once the query is completed. If you want to clear all the fields on the Query page, click Reset. Using Wildcards You can use the following SQL wildcards in the quarantine queries: Wildcard Explanation Any string of zero or more characters.
Page 221: Query Results Page
Quarantined e-mail that the administrator has set to be reprocessed. The reprocessing operation has not been completed yet. Quarantined e-mail that the administrator has set to be deleted. The deletion operation has not been completed yet. Quarantined e-mail that the administrator has submitted to F-Secure for analysis.
Page 222: Viewing Details Of The Quarantined Message
Icon E-mail status Quarantined e-mail set to be released, which failed. Quarantined e-mail set to be reprocessed, which failed. Quarantined e-mail set to be submitted to F-Secure, which failed. For information how to process quarantined content, see “Quarantine Operations”, 221.
Page 223: Quarantine Operations
CHAPTER 4 Quarantine Management Location The location of the mailbox or public folder where the quarantined attachment was found. Quarantined attachments only. Subject The message subject Message size The size of the quarantined message. Quarantined messages only. Attachment name The name of the attachment. Quarantined attachments only.
Page 224 Quarantined Content”, 225. Click Send to F-Secure to submit a sample of quarantined  content to F-Secure for analysis. Quarantined Attachment Operations You can select an operation to perform on the attachments that were found in the query: Click Send to deliver the currently selected attachment, or click ...
Page 225: Reprocessing The Quarantined Content
This is done as follows: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console.
Page 226: Releasing The Quarantined Content
If you need to release a quarantined message, follow these instructions: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console. Enter the Quarantine ID of the message in the Quarantine ID field.
Page 227: Removing The Quarantined Content
If you want to remove a large amount of quarantined messages at once, for example all the messages that have been categorized as spam, do the following: 1. Open the Quarantine > Query page in the F-Secure Anti-Virus for Microsoft Exchange Web Console. Select the quarantining reason, Spam, from the Reason drop-down listbox.
Page 228: Moving The Quarantine Storage
Moving the Quarantine Storage When you want to change the Quarantine storage location either using the F-Secure Policy Manager Console or F-Secure Anti-Virus for Microsoft Exchange Web Console, note that the product does not create the new directory automatically. Before you change the Quarantine storage directory, make sure that the directory exists and it has proper security permissions.
Page 229 Follow Share a Folder Wizard instructions to create FSMSEQS$ shared folder. Specify the new directory (in this example, D:\Quarantine) as the folder path, FSMSEQS$ as the share name and F-Secure Quarantine Storage as the description. On the Permissions page, select Administrators have full access;...
Page 230 PDATING IRUS AND EFINITION ATABASES Overview................... 229 Automatic Updates with F-Secure Automatic Update Agent ..229 Configuring Automatic Updates..........229...
Page 231: Automatic Updates With F-Secure Automatic Update Agent
F-Secure's antivirus and security products. F-Secure Automatic Update Agent shall be used only for receiving updates and related information on F-Secure's antivirus and security products. F-Secure Automatic Update Agent may not be used for any other purpose or service. Configuring Automatic Updates F-Secure Automatic Update Agent user interface provides information about downloaded virus and spam definition updates.
Page 232 In centrally managed installations, you can use the F-Secure Anti-Virus for Microsoft Exchange Web Console only for monitoring the F-Secure Automatic Update Agent settings. To change these settings, you need to use F-Secure Policy Manager Console. For more information, see “F-Secure Automatic Update Agent...
Page 233 APPENDIX: Variables in Warning Messages List of Variables ................ 232...
Page 234: List Of Variables
[Unknown]. Variable Description $ANTI-VIRUS-SERVER The DNS/WINS name or IP address of F-Secure Anti-Virus for Microsoft Exchange. $NAME-OF-SENDER The e-mail address where the original content comes from. $NAME-OF-RECIPIENT The e-mail addresses where the original content is sent.
Page 235 APPENDIX A Variables in Warning Messages The following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $REPORT-BEGIN and $REPORT-END. Variable Description $AFFECTED-FILENAME The name of the original file or attachment. $AFFECTED-FILESIZE The size of the original file or attachment.
Page 236 APPENDIX: Sending E-mail Alerts And Reports Overview................... 235 Solution..................235...
Page 237: B.1 Overview
SMTP protocol (without authentication and encryption) to send alerts to the specified e-mail address. The product can send e-mail based reports to F-Secure World Map system. These reports are sent using the simple SMTP protocol with an empty address ("<>") as the source.
Page 238: B.2.1 Creating A Scoped Receive Connector
For example, to create a new connector that listens on all configured local IP addresses and accepts connections from the local host only, run the following command in the Exchange management shell: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 0.0.0.0:25 -RemoteIPRanges 127.0.0.1 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain...
Page 239: B.2.2 Grant The Relay Permission On The New Scoped Connector
To create a new connector that is bound to a single IP addresses and accepts connections from the specified remote servers, run the following command: New-ReceiveConnector -Name "F-Secure alerts and reports" -Bindings 192.168.58.128:25 -RemoteIPRanges 192.168.58.129, 192.168.58.131 -AuthMechanism Tls -PermissionGroups "AnonymousUsers" -RequireEHLODomain $false -RequireTLS $false B.2.2...
Page 240 APPENDIX: Troubleshooting Overview................... 239 Starting and Stopping............239 Viewing the Log File ..............240 Common Problems and Solutions ..........240 Frequently Asked Questions ............ 245...
Page 241: Overview
“Technical Support”, 246. Starting and Stopping If you ever need to start or stop F-Secure Anti-Virus for Microsoft Exchange, you can do it in the following ways: Open the Services applet from the Administrative tools folder in  the Windows Control Panel and select F-Secure Anti-Virus for Microsoft Exchange.
Page 242: Viewing The Log File
F-Secure Management Agent and contains all alerts generated by F-Secure components installed on the host. Logfile.log can be found on all hosts running F-Secure Management Agent. You can view the Logfile.log with any text editor, for example Windows Notepad. Open the logfile.log from F-Secure Settings and Statistics / F-Secure...
Page 243: Checking F-Secure Anti-Virus For Microsoft Exchange
Troubleshooting Checking F-Secure Anti-Virus for Microsoft Exchange Make sure that F-Secure Anti-Virus for Microsoft Exchange service and all its processes have started. Open Services in the Windows Control Panel and check that the F-Secure Anti-Virus for Microsoft Exchange service has started.
Page 244: Checking F-Secure Content Scanner Server
The problem is that F-Secure Anti-Virus for Microsoft Exchange is unable to contact F-Secure Content Scanner Server. A service or process may not be running on F-Secure Content Scanner Server. Make sure that all processes and services of F-Secure Content Scanner Server have started.
Page 245: Checking F-Secure Anti-Virus For Microsoft Exchange Web Console
Troubleshooting Checking F-Secure Anti-Virus for Microsoft Exchange Web Console Problem: I cannot open or access F-Secure Anti-Virus for Microsoft Exchange Web Console. Solution: Make sure that F-Secure Web Console daemon has started and is running. Check the Services in Windows Control Panel. The following...
Page 246: C.4.2 Securing The Quarantine
C.4.2 Securing the Quarantine Problem: I have installed F-Secure Anti-Virus for Microsoft Exchange and I'm worried about security of the local Quarantine storage where stripped attachments are quarantined. What do you recommend me? Solution: F-Secure Anti-Virus for Microsoft Exchange creates and adjusts access rights to the local Quarantine storage during the installation.
Page 247: Frequently Asked Questions
APPENDIX C Troubleshooting Frequently Asked Questions All support issues, frequently asked questions and hotfixes can be found under the support pages at http://support.f-secure.com/. For more information, see “Technical Support”, 246.
Page 248: Technical Support
Technical Support F-Secure Online Support Resources........247 Web Club.................. 249 Virus Descriptions on the Web ..........249...
Page 249: F-Secure Online Support Resources
If you have questions about F-Secure Anti-Virus for Microsoft Exchange not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly.
Page 250 You can also find and run the FSDiag.exe utility under the F-Secure\Common folder, if you prefer not to do it through the F-Secure Anti-Virus for Microsoft Exchange Web Console. The tool generates a file called FSDiag.tar.gz.
Page 251: Web Club
Technical Support Web Club The F-Secure Web Club provides assistance and updated versions of the F-Secure products. To connect to the Web Club on our Web site, open the F-Secure Anti-Virus for Microsoft Exchange Web Console, and click the Web Club link in the banner.
Page 252 This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry.

This manual is also suitable for:

Anti-virus for microsoft exchange

F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00 Administrator's Manual

Table of Contents

Chapter 1 Using F-Secure Anti-Virus for Microsoft Exchange

2 C M Entrally Anaged a Dministration

Chapter 2 Centrally Managed Administration

3 A Dministration with W C Eb Onsole

Chapter 3 Administration with Web Console

4 Q Uarantine M Anagement

Chapter 4 Quarantine Management

Chapter 5 Updating Virus and Spam Definition Databases

Appendix A Variables in Warning Messages

Appendix B Sending E-Mail Alerts and Reports

Appendix C Troubleshooting

Quick Links

Chapters

Need help?

Questions and answers

Related Manuals for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00

Summary of Contents for F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00

This manual is also suitable for:

Table of Contents