1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. ANTI-VIRUS 5.5 - FOR MICROSOFT EXCHANGE SERVER...
  6. Administrator's manual

KAPERSKY ANTI-VIRUS 5.5 - FOR MICROSOFT EXCHANGE SERVER 2000-2003 Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
K A S P E R S K Y L A B
Kaspersky Anti-Virus
5.5
®
for Microsoft Exchange Server 2000/2003
Administrator's Guide

Advertisement

Table of Contents
loading

Related Manuals for KAPERSKY ANTI-VIRUS 5.5 - FOR MICROSOFT EXCHANGE SERVER 2000-2003

Summary of Contents for KAPERSKY ANTI-VIRUS 5.5 - FOR MICROSOFT EXCHANGE SERVER 2000-2003

  • Page 1 K A S P E R S K Y L A B Kaspersky Anti-Virus ® for Microsoft Exchange Server 2000/2003 Administrator's Guide...
  • Page 2 ® K A S P E R S K Y A N T I - V I R U S 5 . 5 F O R M I C R O S O F T E X C H A N G E S E R V E R 2 0 0 0 / 2 0 0 3 Administrator's Guide ©...

  • Page 3: Table Of Contents

    Table of Contents CHAPTER 1. INTRODUCTION ..................6 1.1. Computer viruses and malicious software............6 1.2. The purpose and major functionality of Kaspersky Anti-Virus ......8 1.3. What's new in version 5.5? ................. 10 1.4. Software system requirements ................11 1.5.
  • Page 4 Kaspersky Anti-Virus for Microsoft Exchange Server 4.7.1. Test “virus” EICAR and its modifications ............. 38 4.7.2. Testing the correct operation of the application........... 39 CHAPTER 5. ANTI-VIRUS PROTECTION ..............41 5.1. Anti-virus protection levels................... 43 5.2. Enabling and disabling the anti-virus server protection. Selecting anti-virus protection level.
  • Page 5 Table of Contents CHAPTER 11. APPLICATION’S EVENTS LOGS ............. 108 11.1. Configuring the diagnostics level ..............109 11.2. Configuring logs settings................. 111 CHAPTER 12. LICENSE KEYS.................. 112 12.1. License information ..................114 12.2. License key details ..................116 12.3. License-related notifications................118 12.4.

  • Page 6: Chapter 1. Introduction

    CHAPTER 1. INTRODUCTION The main source of viruses today is the global Internet. Most cases of the virus infection happen through the use of e-mail. The facts that almost every computer has e-mail client applications installed and that malicious programs are able to take a full advantage of software address book in order to find new victims are favorable factors for the distribution of malware.
  • Page 7 Introduction In order to be aware of potential threats to your computer, it is helpful to know what the types of malicious software (“malware”) are and how they work. In general, malicious programs fall into one of the following three categories: •...

  • Page 8: The Purpose And Major Functionality Of Kaspersky Anti-Virus

    Kaspersky Anti-Virus for Microsoft Exchange Server Riskware – programs that are not supposed to perform any malicious functions, but contain security breaches and errors and therefore can be used by intruders as an auxiliary component of a malicious program. This type of software includes, for example remote administration programs, IRC client programs, FTP programs and various utilities used for ending or hiding running processes.
  • Page 9 Introduction The major functionality of Kaspersky Anti-Virus includes: • scanning and analyzing incoming and outgoing e-mail messages for the presence of malicious objects. This analysis covers all attributes and at- tachments of the e-mail message being scanned. • processing attributes and attachments of the e-mail message. Depending on the settings selected, the application will disinfect or delete a malicious object or will add a warning message to such objects.

  • Page 10: What's New In Version 5.5

    Kaspersky Anti-Virus for Microsoft Exchange Server schedule. This task is performed as a background scan and does not have any considerable effect on the performance of the mail server. • creating the list of protected storage areas, which offers additional flexibil- ity in regards with license restrictions on the number of protected mail boxes.

  • Page 11: Software System Requirements

    Introduction • The facility used for detecting virus outbreaks and for issuing notifications about such events allows to react to emergency situations in a timely fash- ion and to take timely measures aimed at the enhancement of the anti- virus protection of your mail server. •...

  • Page 12: Hardware System Requirements

    Kaspersky Anti-Virus for Microsoft Exchange Server Requirements to protected Microsoft Exchange 2000 Server Standard Edition: • Microsoft Windows Server 2000 with Service Pack 4 installed or higher or Microsoft Windows 2000 Advanced Server Service Pack 4 installed or higher; • Microsoft Exchange 2000 Server Standard Edition.

  • Page 13: Distribution Kit

    Introduction 1.6. Distribution kit You can purchase Kaspersky Anti-Virus from our dealers (retail box) or online (for example, you may visit www.kaspersky.com and follow the E-Store link). The retail box package includes: • a sealed envelope with the installation CD containing the application files; •...
  • Page 14 Kaspersky Anti-Virus for Microsoft Exchange Server • support on issues related to the installation, configuration and use of the purchased software product. Services will be provided by phone or via email; • information about new Kaspersky Lab products and about new viruses appearing worldwide (this service is provided to users who subscribe to the Kaspersky Lab's newsletter).

  • Page 15: Chapter 2. Operation Of Kaspersky Anti-Virus

    CHAPTER 2. OPERATION OF KASPERSKY ANTI-VIRUS Kaspersky Anti-Virus scans and, if it is possible, disinfects all incoming, outgoing e-mail messages as well as messages stored at the server. The application analyzes the body of the message and attached files of any format. The scan for the viruses and the disinfection of infected objects are performed based on the records in the anti-virus database that is updated by Kaspersky Lab on a regular basis and contains description and the methods of disinfection of all...

  • Page 16: Security Server Architecture

    Kaspersky Anti-Virus for Microsoft Exchange Server corresponding records into the Windows application log and into the application's internal logs. 2.1. Security Server architecture The server component of the application, Security Server, consists of the following subsystems: • E-mail Interceptor – this component intercepts objects arriving to Micro- soft Exchange Server and forwards them to the anti-virus scan subsys- tem.

  • Page 17: Anti-Virus Protection System Maintenance

    Operation of Kaspersky Anti-Virus workstation; therefore, it can be installed on one computer only. However, if several administrators are working jointly, the Management Console can be installed to each administrator's computer. If the Management Console is not installed, the application will function within the default limitations and using the default settings(see para 4.6, page 36).

  • Page 18: Application's Operation On A Cluster Of Servers

    Kaspersky Anti-Virus for Microsoft Exchange Server 2.4. Application’s operation on a cluster of servers Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003 does not fully support the cluster technology; however, it will function correctly on a cluster of servers treating each node as a separate physical Exchange server. A message arriving at a virtual Exchange server will be forwarded to one of the cluster’s nodes.
  • Page 19 Operation of Kaspersky Anti-Virus When adding managed servers and configuring connection of Management Console to the Server, use the names of physical servers on which the Security Server is installed. The use of a virtual Exchange server name may cause an addressing error when the Microsoft Exchange Server is moved to a different node of the cluster.

  • Page 20: Chapter 3. Installing, Updating And Removing The Application

    CHAPTER 3. INSTALLING, UPDATING AND REMOVING THE APPLICATION Before the installation of Kaspersky Anti-Virus, make sure that the software and hardware of the computers used meet the installation requirements. The minimum requirements to the computers' configuration are provided in para 1.4, page 11.

  • Page 21: First-Time Installation

    Installing, updating and removing the application 3.1.1. First-time installation In order to install Kaspersky Anti-Virus into your computer run the setup.exe file on the installation CD included into the distribution package. The installation process will be facilitated by the setup wizard. Setup wizard will offer you to configure the installation parameters and start the installation.
  • Page 22 Kaspersky Anti-Virus for Microsoft Exchange Server requiring a removal of this program as it cannot be used with Kaspersky Anti- Virus 5.5 for Microsoft Exchange Server 2000/2003. We recommend that you save the current license key that you used with the previous version of the application (Kaspersky Anti-Virus for Microsoft Exchange Server 4.5) before you remove this version.
  • Page 23 Installing, updating and removing the application Figure 1. Selecting the type of the installation Step 5. Selecting application components to be installed If you use the custom installation, then during the next step (see Figure 2) you have to specify which application components must be installed on your computer.
  • Page 24 Kaspersky Anti-Virus for Microsoft Exchange Server Figure 2. Selecting components for the installation Step 6. Launching the installation process After the settings are configured, launch the installation process. In order to do this, press the Install button. This will start the process of copying the application files to your computer.
  • Page 25 Installing, updating and removing the application Figure 3. Prompt for enabling anti-virus protection Step 7. Completing the setup After the installation is complete, press the Finish button in the final window of the setup wizard. If you are installing the Security Server component, you will be offered to install the license key (see Figure 4) for Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003.

  • Page 26: Reinstalling The Application

    Kaspersky Anti-Virus for Microsoft Exchange Server Figure 4. Installing the license key If a copy of Kaspersky Anti-Virus 4.5 was installed on your computer and if the license key that was used with this version has not expired yet, you can use this key as the license key for Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003.

  • Page 27: Upgrading To A New Version

    Installing, updating and removing the application Figure 5. Selecting the application reinstallation mode 3.2. Upgrading to a new version In order to upgrade version 4.x of Kaspersky Anti-Virus for Microsoft Exchange Server to version 5.5, remove the previous version and install a new one following the steps described in this Guide (details see para 3.1, page 20 and para 3.3, page 28).

  • Page 28: Removing The Application

    Kaspersky Anti-Virus for Microsoft Exchange Server • Version 5.5 by default does not append notifications to event logs. You can configure addition of notifications to event logs in the Actions tab of the Properties: Notification name window that serves for setup of notifica- tion parameters (see para 8.1, page 79).
  • Page 29 Installing, updating and removing the application Figure 6. Selecting the application removal option When removing the application using standard Windows Add/Remove Programs tool, a prompt asking whether you wish to stop the Microsoft Exchange Information Store service will also be displayed (see Figure 7). Accept stopping this service.

  • Page 30: Chapter 4. Starting Using The Application

    CHAPTER 4. STARTING USING THE APPLICATION 4.1. Starting the application The server component of the application is started automatically at the operating system startup. If the anti-virus protection of the server is enabled (see para 5.1, page 43) it will be enabled immediately after the Microsoft Exchange Server is started.
  • Page 31 Starting using the application contain any elements immediately after the installation of the Management Console. Figure 8. Main application window After a new server is added, it is displayed in the console tree as a node <Server Name>. The settings configuration and controlling Kaspersky Anti-Virus application is performed using hyperlinks in the results pane.

  • Page 32: Shortcut Menu

    Kaspersky Anti-Virus for Microsoft Exchange Server 4.2.2. Shortcut menu Each category of objects in the console tree has its own shortcut menu. In addition to standard MMC commands, this shortcut menu contains commands used for handling a particular object. The list of objects and the corresponding set of commands accessible via the context menu are provided in the table below.

  • Page 33: Creating The List Of Managed Servers

    Starting using the application processed by the anti-virus. Send for analysis – send an object from the Backup storage to Kaspersky Lab for analysis. 4.3. Creating the list of managed servers In order to be able to control Kaspersky Anti-Virus via the console, the Exchange server, on which the Security Server component is installed, must be added to the list of managed servers.

  • Page 34: Connecting The Management Console To The Server

    Kaspersky Anti-Virus for Microsoft Exchange Server Figure 9. The Add a server dialog box As a result, the server that you selected will be displayed as a <Server name> node in the console tree. The local computer will be displayed as the <Server name>(localhost).

  • Page 35: Minimum Required Configuration

    Starting using the application In order to connect to the Security Server: select the node that corresponds to the server you wish to remove in the console tree, open the shortcut menu and select the Remove server command or use the corresponding item in the Action menu. If the connection with the server was successfully established, the settings of this server will be displayed in the main application window: the node will be flagged with the...

  • Page 36: Mail Server Protection Without Additional Configuration

    Kaspersky Anti-Virus for Microsoft Exchange Server If you connect to the internet using a proxy server, you will have to con- figure your connection settings to receive updates. In order to ensure full functionality of the mail server protection, it is necessary to configure settings used to notify the administrator and other users about the detection of infected and suspicious objects and about virus outbreaks threats.
  • Page 37 Starting using the application If an object that cannot be disinfected is detected in the body of the message, the body of the message will be replaced with a similar text notification. • when a suspicious object is detected, the application will save a copy of this object (attachment or the body of the message) in the backup storage.

  • Page 38: Verifying The Application Performance

    Kaspersky Anti-Virus for Microsoft Exchange Server 4.7. Verifying the application performance After Kaspersky Anti-Virus is installed and configured, we recommend verifying the correctness of its settings and operation using a test "virus" and its modifications. 4.7.1. Test “virus” EICAR and its modifications This test "virus"...

  • Page 39: Testing The Correct Operation Of The Application

    Starting using the application Prefix Object type Infected – An error occurs during an attempt to disinfect No prefix, standard the object; apply action set for objects that cannot be test "virus" disinfected. CORR- Corrupted SUSP- Suspicious (unknown virus code) WARN- Warning (modified code of a known virus) ERRO-...
  • Page 40 Kaspersky Anti-Virus for Microsoft Exchange Server Create a message in the Plain text format using the mail client installed on your computer. If the message that contains a test “virus” was created in the RTF or HTML format, it will not be scanned. Copy the text of the standard or the modified test "virus"...

  • Page 41: Chapter 5. Anti-Virus Protection

    CHAPTER 5. ANTI-VIRUS PROTECTION The main task of Kaspersky Anti-Virus is scanning mail traffic and disinfection of mail messages using the information contained in the current (latest) version of the anti-virus database. Depending on the anti-virus protection level selected by the administrator (see section 5.1, page 43), the application allows detection of: •...
  • Page 42 Kaspersky Anti-Virus for Microsoft Exchange Server Kaspersky Anti-Virus does not scan messages created by protected users in the Public folders of unprotected Exchange servers. E-mail messages stored on the server and the content of public folders are also rescanned on a regular basis using the latest version of the anti-virus database. The scan is performed in the background mode and can be launched either automatically each time the anti-virus database is updated, or according to the schedule, or manually (details see para 5.6, page 58).

  • Page 43: Anti-Virus Protection Levels

    Anti-virus protection number of started instances of the anti-virus kernel running simultaneously. The mode of scanning objects in RAM allows scanning objects without saving them to a temporary folder on the hard drive. Depending on the scan settings, the program can simultaneously analyze up to 8 objects up to 1 MB each in the computer's RAM without using the disk subsystem (details see para 5.5, page 56).
  • Page 44 Kaspersky Anti-Virus for Microsoft Exchange Server • virus simulators. d. Programs that do not contain malicious code and doe not inflict any dam- age to the user, but can be a part of the environment used for develop- ment of malicious software. This software category includes: •...

  • Page 45: Enabling And Disabling The Anti-Virus Server Protection. Selecting Anti-Virus Protection Level

    Anti-virus protection 5.2. Enabling and disabling the anti- virus server protection. Selecting anti-virus protection level. If the anti-virus server protection is enabled, then the anti-virus scan of the e-mail traffic will be started when the Microsoft Exchange Server is started or stopped. If the anti-virus protection settings provide for the background scanning of storage areas, then it will be started either when the anti-virus database is updated or according to the schedule (details see para 5.6, page 58).
  • Page 46 Kaspersky Anti-Virus for Microsoft Exchange Server In order to apply the changes, press the Apply or the OK button. The anti-virus protection will then be enabled (or disabled) in several minutes. Figure 11. Enabling the anti-virus protection We do not recommend disabling the anti-virus protection by disabling the Kaspersky Anti-Virus 5.5 for MS Exchange Server 2000/2003 ser- vice manually using the Computer Management / Services utility.

  • Page 47: Scanning Attachments

    Anti-virus protection Enable the anti-virus mail protection using the Management Console. 5.3. Scanning attachments In order to decrease the load on the server when the anti-virus scan is performed, you can limit the list of the objects to be scanned and put a restriction on the time for scanning one object.
  • Page 48 Kaspersky Anti-Virus for Microsoft Exchange Server Figure 12. Configuring restrictions for the attachment scan Since the scanning of archives and containers requires considerable time and server resources, you can decide yourself whether it is necessary to analyze these object. In order to exclude archives from the scan scope: in the Exclude from the scan scope group of boxes, check the Archives box.
  • Page 49 Anti-virus protection Some objects cannot be infected. In order to decrease the load on the server when performing anti-virus processing of e-mail messages, we recommend to determine the types and/or the names of such files and filter them out when scanning the mail.
  • Page 50 Kaspersky Anti-Virus for Microsoft Exchange Server Figure 14. Selecting a type of files to be excluded from the scan scope In order to apply the changes, press the Apply or the OK button. In order to exclude mail sent to other servers from the scan scope, Select the node corresponding to the server you need in the console tree and follow the Anti-virus protection...

  • Page 51: Actions To Be Performed On Infected Objects

    Anti-virus protection 5.4. Actions to be performed on infected objects As a result of an anti-virus scan each object can be assigned a status as listed below: • Not infected – object does not contain viruses. • Infected – object contains at least one of the known viruses. •...
  • Page 52 Kaspersky Anti-Virus for Microsoft Exchange Server • Delete the entire message – delete the infected message along with all at- tachments (Microsoft Exchange Server 2003). If the infected attachments are disinfected, replaced with text or re- named, a separate copy of a message for each recipient is saved in the Exchange server database.
  • Page 53 Anti-virus protection Figure 16. Configuring actions to be applied to infected objects The tab displays the order used for processing objects with the followings statuses (each status individually): infected, suspicious and protected/corrupted. Determine the order of the object processing of for each status individually.
  • Page 54 Kaspersky Anti-Virus for Microsoft Exchange Server Figure 17. Creating the replacement template Depending on the status of the object for which configuration is performed, the list may contain different values. A detailed description of the option selected in the table is provided in the bottom part of the window.
  • Page 55 Anti-virus protection Figure 18. Selecting an action to be performed with an object that could not be disinfected. If you selected one of the actions that involves replacement the object with text, you will be offered to create a replacement template Figure 19).

  • Page 56: Anti-Virus Protection Efficiency

    Kaspersky Anti-Virus for Microsoft Exchange Server In order to close wizard, press the Finish button. In order to ensure that a copy of the object is saved to the backup storage before the object is processed, check the Save a copy of the original object in the backup storage box.
  • Page 57 Anti-virus protection Figure 20. Configuring the efficiency of the anti-virus protection If you selected manual configuration you will have to specify the settings determining the level of the application's efficiency. In order to do this press the Configure button and specify the following information in the Efficiency window that will open (see Figure 21): •...

  • Page 58: Background Scan

    Kaspersky Anti-Virus for Microsoft Exchange Server Figure 21. Configuring the anti-virus protection efficiency in the manual mode 5.6. Background scan Kaspersky Anti-Virus scans mail stored on the server and the content of the public folders (including all public folders and protected mailbox storages). Only those messages that had not been scanned with the current (latest) version of the anti-virus database will be scanned.
  • Page 59 Anti-virus protection Figure 22. Configuring background scan settings Check the Enable background scan box (unchecked by default) and specify the desired scan launch option: • Each time anti-virus database is updated – every time the anti-virus database is updated. • Scheduled scan –...
  • Page 60 Kaspersky Anti-Virus for Microsoft Exchange Server Figure 23. Creating the background scan schedule...

  • Page 61: Chapter 6. Updating The Anti-Virus Database

    CHAPTER 6. UPDATING THE ANTI-VIRUS DATABASE Users of Kaspersky Lab's products can update the anti-virus database used by their Kaspersky Anti-Virus to detect malware and to disinfect infected objects. As new viruses are created daily, it is extremely important that you maintain your anti-virus database up-to-date.

  • Page 62: Downloading Updates From The Internet

    Kaspersky Anti-Virus for Microsoft Exchange Server For automatic updates, create an updates downloading schedule (details see para 6.3, page 66). If updates are required immediately, press the Update now button (details see para 6.4, page 67) to download the updates manually. Before performing manual updating, make sure that all settings are configured correctly.
  • Page 63 Updating the anti-virus database Go to the General tab in the Anti-virus updates window that will open and select Kaspersky Lab update servers (default option) as the source of updates. Figure 25. Configuring internet updates downloading After this, configure the network connection settings in the Connection settings tab (see Figure 26).

  • Page 64: Downloading Updates From A Shared Network Folder

    Kaspersky Anti-Virus for Microsoft Exchange Server • If you connect to the internet using a proxy server, check the Use proxy server box and specify the connection settings: connection port address and number. If you have to use a password to access the proxy server, specify the proxy server authorization parameters by checking the Use proxy server authentication box and filling the Username and the Password fields.
  • Page 65 Updating the anti-virus database corresponding to the server you need and follow the Anti-virus updates link in the results pane. Go to the General tab in the Anti-virus protection window that will open (see Figure 27), select the Updates folder as the updates source and specify the path to the required network or local folder.

  • Page 66: Automatic Updates

    Kaspersky Anti-Virus for Microsoft Exchange Server Figure 28. Selecting the updates folder 6.3. Automatic updates In order to update the anti-virus database in the automatic mode, In the main application window select the Microsoft Exchange Servers node in the console tree, open it, select the node corresponding to the server you need and follow the Anti-virus updates...

  • Page 67: Manual Updating

    Updating the anti-virus database Figure 29. Automatic updates settings As a result, the application will be automatically updating the anti-virus database at the specified interval and in accordance with the specified settings. 6.4. Manual updating In order to update the anti-virus database in the manual mode In the main application window select the Microsoft Exchange Servers node in the console tree, open it, select the node corresponding to the server you need and follow the...

  • Page 68: Chapter 7. Backup Copying

    CHAPTER 7. BACKUP COPYING Kaspersky Anti-Virus allows saving a backup copy of an infected object before processing. A copy of such object is created in the backup storage. Later objects located in the backup storage may be: • restored This feature may prove very useful, for example, if during the disinfection process some data were lost or if the object was deleted by mistake or if another disinfection attempt is required using updated anti- virus database.

  • Page 69: Viewing Backup Storage

    Backup copying • if the backup storage size is limited and there is no enough space to save the new object, the application will free the required space by removing the "oldest" objects; • if the object storage period is limited, the application will delete objects with the expired storage period.

  • Page 70: Backup Storage Filter

    Kaspersky Anti-Virus for Microsoft Exchange Server In addition to the standard e-mail message attributes (From, To, Cc, Subject, Time sent), this table will contain the following information for each object: • Name. Attachments will retain their original names, while the message body will be saved as <message body>.
  • Page 71 Backup copying Specify the parameter values that will be used to perform the search for (filtering of) objects stored in the backup storage. The following object attributes are used to configure the parameters: • object status (multiple values can be selected); •...

  • Page 72: Restoring Objects From The Backup Storage

    Kaspersky Anti-Virus for Microsoft Exchange Server Figure 31. Creating a filter In order to delete a filter: Select the Backup Storage folder in the console tree and use the Filter command in the shortcut menu or the analogous item under the Action menu.
  • Page 73 Backup copying Select the object you wish to restore in the table displaying the content of the backup storage (see Figure 30). You can use filter for searching for the object (see para 7.2, page 70). Open the shortcut menu and use the Get file or the analogous command under the Action menu.

  • Page 74: Sending Objects For Analysis

    Kaspersky Anti-Virus for Microsoft Exchange Server Figure 33. Confirming object restoring 7.4. Sending objects for analysis In order to send an object from the backup storage to Kaspersky Lab's experts for analysis, Select the Backup Storage folder in the console tree. Select the object you wish to send for analysis in the table displaying the content of the backup storage (see Figure 30).

  • Page 75: Deleting Objects From The Backup Storage

    Backup copying 7.5. Deleting objects from the backup storage The following objects are automatically deleted from the backup storage: • "older" objects if there is a restriction imposed on the backup storage size and for there is not enough space for storing a new object. The application will delete the number of older objects required to free the space needed.
  • Page 76 Kaspersky Anti-Virus for Microsoft Exchange Server In the Backup Storage properties window that will open (see Figure 35) select the required settings values. In order to change the folder where the backup storage is located, type the path to the new folder and the folder name in the Backup Storage folder field or specify the corresponding folder using the Browse button (see Figure 36) By default, the backup copy of the object is stored in qb folder.
  • Page 77 Backup copying Figure 36. Changing the backup storage folder In order to impose a restriction, select one of the options and enter the required value for the selected setting as follows: • Maximum storage size – if you wish to restrict the total size of objects located in the backup storage (default option), specify the value in the entry text field (the default value is 50 MB).

  • Page 78: Chapter 8. Notifications

    CHAPTER 8. NOTIFICATIONS Kaspersky Anti-Virus allows to notify about infected objects detected during the anti-virus scan. The following types of notifications are provided: • infected object detected; • suspicious object detected; • corrupted object detected. A notification of the corresponding type is created for each type of event •...

  • Page 79: Viewing And Editing Notification Parameters

    Notifications By default, no notifications are issued about infected objects detected. However, during the installation of the Security Server a built-in notification template is created. Based on this template notifications can be configured. Notification templates are stored in the Notification templates service folder. This folder is included into each node that reflect the managed Exchange server.
  • Page 80 Kaspersky Anti-Virus for Microsoft Exchange Server Select the required notification template in the table containing the list of created templates (see Figure 30). Open the shortcut menu and use the Properties command or the analogous command under the Action menu. As a result of these actions a notification template settings windows will open Properties: <Template name>...
  • Page 81 Notifications Figure 39. Modifying notification template. The Text tab The Actions tab (see Figure 40) contains notification methods, recipients and computers that receive notification messages (if the corresponding notification options have been selected). You can select other methods of notification and modify the parameter values.

  • Page 82: Creating A Notification Template

    Kaspersky Anti-Virus for Microsoft Exchange Server After you have made the changes, press the OK or the Apply button to apply changes. For exit without savings the changes made press the Cancel button. 8.2. Creating a notification template In order to create a new notification template: Select the Notification templates folder in the console tree Open the shortcut menu and use the New template command or an analogous command under the Action menu.
  • Page 83 Notifications Infected object notification. Suspicious object notification Corrupted object notification • If necessary, enter a more detailed description of the notification in the Description field. • Determine whether notifications will be created based on this template. In order to do this check (or uncheck) the Notify about event box.
  • Page 84 Kaspersky Anti-Virus for Microsoft Exchange Server Select the notification method and specify the corresponding parameter values in the Actions tab (see Figure 43) The application provides for several methods to be used. Figure 43. Notification template The Actions tab • In order to send messages via the mail server, check the Notify by e-mail box and specify the recipients' addresses the mailing.
  • Page 85 Notifications The validity of the addresses can be verified using the Test button. A message will be sent to the specified address. Entering several e-mail addresses is allowed, the addresses entered must be separated by semicolons. • In order to register events in the Windows system log, check the Register in the Windows event log box.

  • Page 86: Chapter 9. Preventing Virus Outbreaks

    CHAPTER 9. PREVENTING VIRUS OUTBREAKS Kaspersky Ant-Virus allows to detect increases in the virus activities on the protected Exchange server and to notify the administrator and other users about such events. This feature is of great significance in the periods of virus outbreaks as it helps the administrator timely react on the emerging threats of virus attacks.
  • Page 87 Preventing virus outbreaks Several counters with different settings values can be created for each type of events. By default, notifications about increased virus activity level are not issued. However a built-in virus outbreaks counter is created during the installation of the Security Server.

  • Page 88: Viewing And Modifying Virus Outbreak Notification Settings

    Kaspersky Anti-Virus for Microsoft Exchange Server 9.1. Viewing and modifying virus outbreak notification settings In order to view or modify the virus outbreak notification settings, Select the Virus outbreak counters folder in the console tree. Select the counter you need in the table displaying the list of created counters (see Figure 44).
  • Page 89 Preventing virus outbreaks Figure 45. Configuring the virus outbreak counter. The General tab You can view the template of a message sent as a notification or modify its settings in the Text tab (see Figure 46). Figure 46. Configuring the virus outbreak counter. The Text tab The Notification tab (see Figure 47) contains the methods of delivery, the list of recipients and computers-recipients (if the corresponding notification options are enabled).

  • Page 90: Creating A New Virus Outbreak Counter

    Kaspersky Anti-Virus for Microsoft Exchange Server Figure 47. Configuring the virus outbreak counter. The Notifications tab. After you have made the changes, press the Apply or the OK button to apply the new settings. For exit without saving the changes made, press the Cancel button. 9.2.
  • Page 91 Preventing virus outbreaks Figure 48. Virus outbreak counter. The General tab Perform the following in the General tab (see Figure 48): • Enter the counter name in the Name field. • Specify the type of the event that will be traced by the counter. In order to do this, select the required value from the Type drop- down list.
  • Page 92 Kaspersky Anti-Virus for Microsoft Exchange Server • Specify whether notifications will be issued based on this counter's settings. Check the Notify me about virus outbreaks box if you want a notification to be issued when the virus activity level threshold on the events of the specified type is exceeded.
  • Page 93 Preventing virus outbreaks Figure 50. Virus outbreak counter. The Notifications tab. • In order to send messages via the e-mail server, check the Notify by e-mail box and enter the e-mail addresses in the To and Copy fields. The validity of the addresses can be verified using the Test button.
  • Page 94 Kaspersky Anti-Virus for Microsoft Exchange Server After you are done with the settings press the Apply or the OK button. As a result: • the virus outbreak counter will be added to the Virus outbreak counters folder and will be displayed as a table in the results pane; •...

  • Page 95: Chapter 10. Reports

    CHAPTER 10. REPORTS Kaspersky Anti-Virus allows receiving reports about the results of the anti-virus server scan. Reports contain information registered during a certain period and provide information about: • infected objected detected; • viruses found; • senders of infected messages; •...
  • Page 96 Kaspersky Anti-Virus for Microsoft Exchange Server Reports are created based on the report templates created by the administrator. The following is specified in the template: the reporting period, report creation schedule and report format. By default, the anti-virus server scan reports are not created. However a built-in report template is created during the installation of the Security Server.

  • Page 97: Receiving Reports

    Reports 10.1. Receiving reports In order to receive an anti-virus server scan report, Create a new report template (see para see para 10.1.2, page 101) or select an existing template and configure its settings (see para 10.1.1, page 98). Check the Create reports box in the General tab of the report template settings window (see Figure 53).

  • Page 98: Viewing And Modifying The Report Templates

    Kaspersky Anti-Virus for Microsoft Exchange Server Open the shortcut menu and use the Properties or the analogous command under the Action menu. In the Report templates: Properties window that will open (see Figure 52): • Check the Store the statistical reports data box. •...
  • Page 99 Reports Open the shortcut menu and use the Properties or the analogous command under the Action menu. As a result of these actions, a report template settings window <Template name>: Properties will open (see Figure 53). This window includes the following tabs: General, Parameters, Actions and is completely analogous to the New report window (see Figure 41).
  • Page 100 Kaspersky Anti-Virus for Microsoft Exchange Server Figure 54. Modifying the report template. The Parameters tab. The Actions tab (see Figure 55) contains the reporting methods, the address of the folder where the report is stored and e-mail addresses of the report recipients (if the corresponding reporting method is selected).

  • Page 101: Creating A Report Template

    Reports 10.1.2. Creating a report template In order to create a new report template, Select the Report templates folder in the console tree. Open the shortcut menu and use the New template or the analogous command under the Action menu. As a result, a report template settings window New report will open (see Figure 56) ;...
  • Page 102 Kaspersky Anti-Virus for Microsoft Exchange Server • The following options are available when specifying the reporting period: specify the time period. In this case, the report will contain information for the specified period starting with the report creation date and time. In order to set up the reporting pe- riod, select For the last option in the Reporting period group and specify the interval and the time unit (hours, days, weeks, months).
  • Page 103 Reports Specify which format shall be used for reports creation and specify the reports storage folder and mailing list in the Actions tab. (see Figure 58). • In order to create reports and saving them in the server disk file system, check the Save report box.

  • Page 104: Viewing Reports

    Kaspersky Anti-Virus for Microsoft Exchange Server • If the Create reports box in the General tab is checked, the application will create reports according to the time specified in the schedule and with the specified frequency. Reports can also be created by the administra- tor’s request.
  • Page 105 Reports Section name Section content Senders E-mail addresses of senders of messages in which infected infected objects were found and the total number of viruses received objects from each address. Number The total number of objects scanned by Kaspersky Anti- processed Virus during the reporting period.
  • Page 106 Kaspersky Anti-Virus for Microsoft Exchange Server In order to view report delivered by e-mail, open index.htm file attached to the message.. As a result the system default browser will be loaded.. The required report about the anti-virus server scan results will be displayed in the main window of the browser (see Figure 60).
  • Page 107 Reports Figure 60. Viewing a report delivered by e-mail...

  • Page 108: Chapter 11. Application'sevents Logs

    CHAPTER 11. APPLICATION’S EVENTS LOGS Kaspersky Anti-Virus allows the user to perform full diagnostic of its operation and to register events in the Windows application log and in the Kaspersky Anti- Virus application's log. The degree of the completeness of the information entered into the logs depends on the diagnostics levels selected in the application’s settings (details see para 11.1, page 109).

  • Page 109: Configuring The Diagnostics Level

    Application’s events logs Kaspersky Anti-Virus logs can be viewed by using the file system. By default, logs are stored in the Log folder. This folder is created in the application's installation folder during the installation of the Security Server component. Any other folder selected by the administrator can be used as the log storage (details see para 11.2, page 111).
  • Page 110 Kaspersky Anti-Virus for Microsoft Exchange Server Figure 61. The Diagnostics tab The Diagnostics level for system modules section located in the tab contains a table. The left part of the table contains the list of all modules included into the structure of the program. The right part of the table contains the list of components included into the selected module and the diagnostics level for each module.

  • Page 111: Configuring Logs Settings

    Application’s events logs 11.2. Configuring logs settings In order to configure logs settings, Select the node corresponding to the required server in the console tree and follow the General parameters link in the results pane. Go to the Diagnostics tab in the General parameters window that will open (see Figure 61).

  • Page 112: Chapter 12. License Keys

    CHAPTER 12. LICENSE KEYS When you purchase Kaspersky Anti-Virus, you enter a license agreement with Kaspersky Lab Ltd. Based on this agreement, you are granted the right to use the software you purchased during a certain period for the protection of the specified number of mail boxes.
  • Page 113 License keys If the number of protected mail boxes defined in the license is exceeded, the anti- virus functionality of the application will be disabled. In this case, only management services used to configure the application parameters (license key installation and selection of protected storage areas) will be available. You can change the number of protected mailboxes by excluding some of them from the storage scan scope;...

  • Page 114: License Information

    Kaspersky Anti-Virus for Microsoft Exchange Server will send a new license key to the e-mail address specified in your order. Install the license key (see para 12.4, page 119). You can install two keys: one current key and one backup key. The current key is the active key that you are using.
  • Page 115 License keys Figure 62. Viewing license information The tab contains the following information: • the name of Exchange servers on which the Kaspersky Anti- Virus Security Server component is installed; • the number of the application version installed; • License owner information; •...

  • Page 116: License Key Details

    Kaspersky Anti-Virus for Microsoft Exchange Server available. This may be caused by exceeding the license re- striction on the number of protected mailboxes or by the ex- piration of the trial license key. Update only. Only anti-virus database updating feature is available.
  • Page 117 License keys Figure 63. Viewing license key details The following license key details are displayed in the Current license key section. • Status • The type of the license key installed, for example: commercial, trial. • License owner information • License expiration date.

  • Page 118: License-Related Notifications

    Kaspersky Anti-Virus for Microsoft Exchange Server 12.3. License-related notifications The application verifies the compliance with the terms and conditions of the license agreement on a regular basis and each time the anti-virus database is updated. If the following is the case based on the verification results: •...

  • Page 119: Installing The License Key

    License keys 12.4. Installing the license key Two license keys, the current and the backup key, can be installed for one application. The backup license key automatically becomes the current license key upon the expiry of the current key. If the current license key is found in the “black list”, the backup key will not be activated.

  • Page 120: Removing A License Key

    Kaspersky Anti-Virus for Microsoft Exchange Server 12.5. Removing a license key When you remove the current license key, the backup key will be auto- matically removed as well. In order to remove a license key, Select the node corresponding to the required server in the console tree and follow the General parameters link in the results pane.
  • Page 121 License keys Figure 64. Selecting unprotected storage areas • Uncheck boxes next to the names of storage areas in the Protected mailboxes storage areas section for those storage areas whose mailboxes will not be scanned for viruses. The list includes all storage areas created on the protected Exchange server.
  • Page 122 Kaspersky Anti-Virus for Microsoft Exchange Server As a result, the mailboxes located in the unprotected storage areas will not be counted when the verification of the compliance with the license restrictions is performed.

  • Page 123: Chapter 13. Frequently Asked Questions

    CHAPTER 13. FREQUENTLY ASKED QUESTIONS This chapter is devoted to questions most frequently asked by users regarding the installation, setup, and operation of Kaspersky Anti-Virus. We will try to answer them here in detail. Question: Can Kaspersky Anti-Virus be used with other vendors' anti- virus software? In order to avoid conflicts we recommend that you remove any third- party anti-virus software before you install Kaspersky Anti-Virus.
  • Page 124 Kaspersky Anti-Virus for Microsoft Exchange Server In the subject of your message, indicate your operating system, the name of the Kaspersky Lab's product you are using and the problem have encountered. example, Microsoft Windows 2000, Kaspersky Anti-Virus Microsoft Exchange Server 2000/2003, cannot update anti-virus database.
  • Page 125 Frequently asked questions Kaspersky Lab shortens the update interval for the anti-virus database located at the server each year. Now the anti-virus database is updated at the server every hour. An additional feature available is the updating of the Anti-Virus application modules to repair detected vulnerabilities or offer new functionality.

  • Page 126: Appendix A. Table Of Substitution Macros

    APPENDIX A. TABLE OF SUBSTITUTION MACROS Macros Macros meaning %OCURRENCE_NUMBER% The total number of registered events %PERIOD_LENGTH% period length %PERIOD_TYPE% unit used to specify the time period (seconds, minutes, hours, days) %VIRUS_NAME% the name of the detected virus (in virus outbreaks notifications used only for the One and the same virus detected several times event) %ACTION%...
  • Page 127 Appendix A Macros Macros meaning %OBJECT_NAME% attachment name, not defined for OLE objects and for messages %OBJECT_TYPE% object type: message, file, OLE object %RECV_TIME% time the message was received %SCANNER_VERSION% application version number %SCANNER_VENDOR% application vendor name - Kaspersky Lab %SENT_REPRESENTING_N displayed name of the message exchange AME%...

  • Page 128: Appendix B. Glossary

    APPENDIX B. GLOSSARY The product's documentation contains terms and concepts specific to the field of anti-virus protection. This glossary contains definitions of such concepts. For your convenience, the terms are arranged in the alphabetic order. А Administrator’s workstation – a computer on which the Management Con- sole (a component of Kaspersky Anti-Virus) is installed.
  • Page 129 Appendix B Container object – an object subject to anti-virus scan that consists of sev- eral objects, such as an archive, a message containing an attached message, etc. See also simple object. Deleting the object – a method of object processing that involves physical removal of object from the computer.
  • Page 130 Kaspersky Anti-Virus for Microsoft Exchange Server license key is installed. After the license expires, the application func- tionality will be restricted. Management console – a component of Kaspersky Anti-Virus. Manage- ment Console provides the user interface for managing the administra- tion services of the application and for configuring settings and manag- ing the server component.
  • Page 131 Appendix B Unknown virus – a new virus the anti-virus database contain no information about. As a rule, Kaspersky Anti-Virus detects unknown viruses con- tained in objects using heuristic code analyzer and such objects are as- signed the suspicious status. Updating of anti-virus database –...

  • Page 132: Appendix C. Kaspersky Lab

    APPENDIX C. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks.

  • Page 133: Other Kaspersky Lab Products

    Appendix C C.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Personal Kaspersky Anti-Virus Personal protects home computers running Windows 98/ME/2000/NT/XP from all types of known viruses, including Riskware. The application constantly monitors all possible sources of virus penetration, including email, Internet, floppy disks, and CDs. Unknown viruses are efficiently detected and processed by a unique heuristic data analysis system.
  • Page 134 Kaspersky Anti-Virus for Microsoft Exchange Server ® Kaspersky Anti-Virus Personal Pro has the following features: • On-demand scan of local disks; • Real-time automatic protection of all accessed files from viruses; • Mail filter automatically scans and disinfects all incoming and outgoing mail traffic (POP3 and SMTP) and effectively detects viruses in mail data- bases;...
  • Page 135 Appendix C • anti-virus scanner to scan the data stored on both the PDA and exten- sion card on demand; • anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using HotSync™ technology. handheld (PDA) from unauthorized Kaspersky Security for PDA protects your intrusion by...
  • Page 136 Kaspersky Anti-Virus for Microsoft Exchange Server • File and application servers running Windows NT 4.0 Server, Windows 2000, 2003 Server/Advanced Server, Novell Netware, FreeBSD, OpenBSD and Linux; • Email clients, including Microsoft Exchange Server 5.5/2000/2003, Lotus Notes/Domino, Sendmail, Postfix, Exim and Qmail; •...

  • Page 137: Contact Us

    Appendix C C.2. Contact Us If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab. We will be glad to assist you in any matters related to our product by phone or via email. All of your recommendations and suggestions will be thoroughly reviewed and considered.

  • Page 138: Appendix D. License Agreement

    APPENDIX D. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT.
  • Page 139 Appendix D THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software. 1.
  • Page 140 Kaspersky Anti-Virus for Microsoft Exchange Server 1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein). 1.1.5 You shall not rent, lease or lend the Software to any other person, nor transfer or sub-license your license rights to any other person.
  • Page 141 Appendix D may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3. Support. (i) Kaspersky Lab will provide you with the support services ("Support Services") as defined below for a period of one year following: (a) Payment of its then current support charge, and: (b) Successful completion of the Support Services Subscription Form as provided to you with this Agreement or as available on the Kaspersky Lab...
  • Page 142 Kaspersky Anti-Virus for Microsoft Exchange Server 6. Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation.
  • Page 143 Appendix D (d) Loss of anticipated savings; (e) Loss of business; (f) Loss of opportunity; (g) Loss of goodwill; (h) Loss of reputation; (i) Loss of, damage to or corruption of data, or: (j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of doubt, where such loss or damage is of the type specified in paragraphs (ii), (a) to (ii), (i).

Table of Contents