Table of Contents
Advertisement
1. Introduction
ESET Mail Security 4 for Microsoft Exchange Server is an
integrated solution protecting user mailboxes from
various types of malware content (most often they are
email attachments infected by worms or trojans,
documents containing harmful scripts, phishing, spam
etc.). ESET Mail Security provides three types of
protection: Antivirus, Antispam and application of user-
defined rules. ESET Mail Security filters the malicious
content on the mailserver level, before it arrives in the
addressee's email client inbox.
ESET Mail Security supports Microsoft Exchange Server
versions 5.5 and later, in addition to Microsoft Exchange
Server in a cluster environment. In newer versions
(Microsoft Exchange Server 2007 and later), specific roles
(mailbox, hub, edge) are also supported. You can
remotely manage ESET Mail Security in larger networks
with the help of ESET Remote Administrator.
As far as functionality is concerned, ESET Mail Security is
very similar to ESET NOD32 Antivirus 4.0. It has all the
tools necessary to ensure protection of the server-as-
client (resident protection, web-access protection, email
client protection and antispam), while providing
Microsoft Exchange Server protection.
1.1 System requirements
Supported Operating Systems:
Microsoft Windows 2000 Server
Microsoft Windows 2003 Server (x86 and x64)
Microsoft Windows 2008 Server (x86 and x64)
Microsoft Windows 2008 Server R2
Supported Microsoft Exchange Server versions:
Microsoft Exchange Server 5.5 SP3, SP4
Microsoft Exchange Server 2000 SP1, SP2, SP3
Microsoft Exchange Server 2003 SP1, SP2
Microsoft Exchange Server 2007 SP1, SP2
Microsoft Exchange Server 2010
Hardware requirements depend on the operating system
version and the version of Microsoft Exchange Server in
use. We recommend reading the Microsoft Exchange
Server product documentation for more detailed
information on hardware requirements.
1.2 Methods used
Two independent methods are used to scan email
messages:
Mailbox scanning via VSAPI
Message filtering on the SMTP server level
4
4
4
1.2.1
Mailbox scanning via VSAPI
The mailbox scanning process is triggered and controlled
by the Microsoft Exchange Server. Emails in the Microsoft
Exchange Server store database are scanned
continuously. Depending on the version of Microsoft
Exchange Server, the VSAPI interface version and the
user-defined settings, the scanning process can be
triggered in any of the following situations:
When the user accesses email, e.g. in an email client
(email is always scanned with the latest virus signature
database)
In the background, when use of the Microsoft
Exchange Server is low
Proactively (based on the Microsoft Exchange Server's
inner algorithm)
The VSAPI interface is currently used for antivirus scan
and rule-based protection.
1.2.2
Message filtering on the SMTP server level
SMTP server-level filtering is secured by a specialized
plugin. In Microsoft Exchange Server 2000 and 2003, the
plugin in question (Event Sink) is registered on the SMTP
server as a part of Internet Information Services (IIS). In
Microsoft Exchange Server 2007/2010, the plugin is
registered as a transport agent on the Edge or the Hub
roles of the Microsoft Exchange Server.
SMTP server-level filtering by a transport agent provides
protection in the form of antivirus, antispam and user-
defined rules. As opposed to VSAPI filtering, the SMTP
server-level filtering is performed before the scanned
email arrives in the Microsoft Exchange Server mailbox.
1.3 Types of protection
There are three types of protection:
1.3.1
Antivirus protection
Antivirus protection is one of the basic functions of the
ESET Mail Security product. It guards against malicious
system attacks by controlling file, email and Internet
communication. If a threat with malicious code is
detected, the Antivirus module can eliminate it by first
blocking it and then cleaning, deleting or moving it to
quarantine.
1.3.2
Antispam protection
Antispam protection integrates several technologies
(RBL, DNSBL, Fingerprinting, Reputation checking,
Content analysis, Bayesian filtering, Rules, Manual
whitelisting/blacklisting, etc.) to achieve maximum
detection of email threats. The antispam scanning core's
output is the spam probability value of the given email
message expressed as a percentage (0 to 100). Values of
90 and above are considered sufficient for ESET Mail
Security to classify an email as spam.
Another component of the antispam protection module
Advertisement
Table of Contents
