1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. SECURITY 5.5 - FOR MICROSOFT EXCHANGE SERVER...
  6. Administrator's manual

KAPERSKY SECURITY 5.5 - FOR MICROSOFT EXCHANGE SERVER 2003 Administrator's Manual

For microsoft exchange server 2003
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
KASPERSKY LAB
®
Kaspersky Security
5.5
for Microsoft Exchange Server
2003
ADMINISTRATOR'S
GUIDE

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SECURITY 5.5 - FOR MICROSOFT EXCHANGE SERVER 2003 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KAPERSKY SECURITY 5.5 - FOR MICROSOFT EXCHANGE SERVER 2003

Summary of Contents for KAPERSKY SECURITY 5.5 - FOR MICROSOFT EXCHANGE SERVER 2003

  • Page 1 KASPERSKY LAB ® Kaspersky Security for Microsoft Exchange Server 2003 ADMINISTRATOR'S GUIDE...
  • Page 2 K A S P E R S K Y S E C U R I T Y 5 . 5 F O R M I C R O S O F T E X C H A N G E S E R V E R 2 0 0 3 Administrator's Guide ©...

  • Page 3: Table Of Contents

    Table of Contents CHAPTER 1. INTRODUCTION ..................7 1.1. Threats to the computer security ................7 1.2. The purpose and major functionality of the application........10 1.3. Hardware system requirements................12 1.4. Software system requirements ................12 1.5. Distribution kit ...................... 12 1.6.
  • Page 4 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 4.7.1. Testing the anti-virus protection system ............35 4.7.2. Testing the anti-spam protection system ............. 36 CHAPTER 5. UPDATING THE ANTI-VIRUS AND THE CONTENT FILTRATION DATABASES......................38 5.1. Manual updating....................39 5.2. Automatic updates....................40 5.3.
  • Page 5 Table of Contents CHAPTER 10. NOTIFICATIONS .................. 86 10.1. Creating a notification template................. 87 10.2. Viewing and editing notification parameters............. 91 10.3. Customizing general notification settings ............91 CHAPTER 11. PREVENTING VIRUS OUTBREAKS..........93 11.1. Creating a new virus outbreak counter............. 95 11.2.
  • Page 6 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 15.1.2.9. Notifications on detected objects............139 15.1.2.10. Virus outbreak notification ............... 140 15.1.2.11. General notification settings ............140 15.1.2.12. Additional settings................141 15.1.2.13. Registration of events on program operation on Administration Server....................142 15.1.2.14.

  • Page 7: Chapter 1. Introduction

    CHAPTER 1. INTRODUCTION The main source of viruses today is the global Internet. Most virus infections happen via e-mail. The facts that almost every computer has e-mail client applications installed and that malicious programs are able to take a full advantage of software address book in order to find new victims are favorable factors for the distribution of malware.
  • Page 8 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 crawl from computer to computer, using networks, e-mail, and other data channels. This feature gives many worms a rather high speed in spread- ing themselves. Worms penetrate a computer, calculate the network addresses of other computers, and send a burst of self-made copies to these addresses.
  • Page 9 Introduction Riskware Potentially dangerous software that does not have a malicious function but can be used by hackers as an auxiliary component for a malicious code, since it contains holes and errors. Under certain conditions, having such programs on your computer can put your data at risk. These programs in- clude, for instance, some remote administration utilities, keyboard layout togglers, IRC clients, FTP servers, and all-purpose utilities for stopping processes or hiding their operation.

  • Page 10: The Purpose And Major Functionality Of The Application

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 builders, vulnerability scanners, password cracking programs, and other types of programs for cracking network resources or penetrating a system. Although malicious programs are distributed mainly via email and the Internet, a floppy disk or a CD can also be a source of infection. Therefore, the task of comprehensive protection from potential threats now extends far beyond simple regular scans for viruses, and includes the more complex task of real-time anti- virus protection.
  • Page 11 Introduction • scanning e-mail messages received by the Exchange server via SMTP protocol for SPAM including the analysis of all attributes and attachments of the message. Depending on the settings, the application will deliver the message to the Inbox folder, move the message to the Junk E-mail folder, block the message or delete it.

  • Page 12: Hardware System Requirements

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • Security Server performs the scan of the mail traffic for viruses and spam, updates the anti-virus database and content filtration database, provides administrative services for remote management, configuring and ensuring the integrity of the application and of the data stored. •...

  • Page 13: Services Provided For Registered Users

    Introduction • License Agreement Before you open the envelope with the CD make sure that you have carefully read the license agreement. If you buy Kaspersky Security online, you will download the application from the Kaspersky Lab's website. In this case, the distribution kit will include this Guide along with the application.

  • Page 14: Conventions

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Support on issues related to the performance and the use of operating systems or other technologies is not provided. 1.7. Conventions Various formatting features and icons are used throughout this document depending on the purpose and the meaning of the text. The table below lists adopted conventions used in the text.

  • Page 15: Chapter 2. Operation Of The Application

    CHAPTER 2. OPERATION OF THE APPLICATION Kaspersky Security 5.5 for Microsoft Exchange Server 2003 scans and, if it is possible, disinfects all incoming and outgoing e-mail messages as well as messages stored at the server. The application analyzes the body of the message and attached files of any format.

  • Page 16: Security Server Architecture

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 The application sends notifications about events occurred to the administrator, the recipient and the sender of the infected message and also places a record about this event into the Kaspersky Security application log file and into the Microsoft Windows event log.

  • Page 17: Server Protection Deployment

    Operation of the application 2.2. Server protection deployment In order to create the system of mail servers protection against mali- cious programs and SPAM using Kaspersky Security 5.5 for Microsoft Exchange Server 2003: Install the Security Server component on all protected Exchange servers.

  • Page 18: Server Protection System Maintenance

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • Configure the settings for detecting virus outbreaks and notification about such events. (Chapter 11, page 93). 2.3. Server protection system maintenance Maintaining the server protection system in the up-to-date state involves: •...
  • Page 19 Operation of the application In order to create protection of Microsoft Exchange Server, installed on the cluster, against malware and SPAM: Install the Security Server component on each node of the cluster. The installation shall be performed from the distribution kit individually for each server.

  • Page 20: Chapter 3. Installing, Updating And Removing The Application

    CHAPTER 3. INSTALLING, UPDATING AND REMOVING THE APPLICATION Before starting installation of the application, make sure that the software and hardware of your computer meet the installation requirements (details see section 1.4, page 12). In order to install, update the version or remove Kaspersky Security 5.5 for Microsoft Exchange Server 2003 from your computer, you will need administrator privileges on the domain.

  • Page 21: First-Time Installation

    Installing, updating and removing the application is registered and saved in the Microsoft Windows event log on the computer on which the Security Server is installed. 3.1.1. First-time installation In order to install Kaspersky Security into your computer run the executable file on the installation CD included into the distribution package.
  • Page 22 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Kaspersky Security. Remove the existing program and then run the installer of Kaspersky Security again. • If the setup detects that Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (release version, MP1) is installed on the computer, it will suggest upgrading the application to Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP2 (see section 3.3, page 25).
  • Page 23 Installing, updating and removing the application If this computer is the administrator's workstation and you plan to manage the protection of the Exchange servers from this computer, select the Management Console. Note that the setup wizard will display reference information about the selected component and the disk space required for its installation.

  • Page 24: Reinstalling The Application

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 the number of storage areas created on the server, you must remove anti-virus protection from some of these areas before the protection is started (see section 14.5, page 122). If you wish to adjust the application settings first, disable automatic activation of anti-virus and anti-spam protection in the respective checkboxes.

  • Page 25: Removing The Application

    Installing, updating and removing the application In order to reinstall the application, run the executable file from its distribution package and select the Repair option in the wizard window. This will reinstall Kaspersky Security using the settings of the previous installation. For example, if the previous installation was a custom installation, then the reinstallation initiated by the Repair button will also be a custom type installation.

  • Page 26: Chapter 4. Starting Using The Application

    CHAPTER 4. STARTING USING THE APPLICATION 4.1. Starting the application The server component of the application is started automatically at the operating system startup. If the anti-virus protection of the server and the anti-spam protection features are enabled, they will start functioning immediately after the Microsoft Exchange Server is launched.
  • Page 27 Starting using the application The Kaspersky Security 5.5 for Microsoft Exchange Server 2003 namespace may contain several nodes with the names of the servers managed via the console. The namespace does not contain any elements immediately after the installation of the Management Console. Figure 2.

  • Page 28: Shortcut Menu

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • Notification templates – for configuring notifications about infected or suspicious objects and messages containing spam detected during the scan. • Backup storage – for working with the backup storage where backup copies of objects are stored;...
  • Page 29 Starting using the application Create and configure a new notification Notification template about infected and suspicious New notification templates objects revealed by a scan and about messages containing spam. Create and configure a new filter used New filter to search for objects located in the Backup backup storage.

  • Page 30: Creating The List Of Managed Servers

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 4.3. Creating the list of managed servers In order to be able to control the application via the console, the Exchange server, where the Security Server component is installed, must be added to the list of managed servers.

  • Page 31: Connecting The Management Console To The Server

    Starting using the application or select the computer from the list using the Browse button. Later on, the Management Console will use this name to es- tablish connection with the Security Server. The connection is established using DCOM protocol. In order to establish connection between the Management Console and Kaspersky Security when adding the server, check the Connect now box (details see section 4.4, page 31).

  • Page 32: Minimum Required Configuration

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 In order to be able to connect to the Security Server, the user must have the local administrator rights for the computer to which the con- nection is attempted. The rights verification is performed based on the standard Microsoft Windows network user authentication process.

  • Page 33: Mail Server Protection Without Additional Configuration

    Starting using the application 4.6. Mail server protection without additional configuration Exchange server protection against malware and SPAM starts operating immediately after the Security Server component is installed. The default operation mode of the application provides for the following: • The application will scan objects for the presence of currently known malicious software (with the standard anti-virus protection level applied);...
  • Page 34 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • when a protected or corrupted object is detected, the application will save its copy (file or the body of the message) in the backup storage. Objects detected in message body are replaced with a notification of the following format: The attached file %OBJECT_NAME% was deleted by Kaspersky Security 5.5 for Microsoft Exchange...

  • Page 35: Verifying The Application Performance

    Starting using the application 4.7. Verifying the application performance After Kaspersky Security is installed and configured, we recommend verifying the correctness of its settings and operation: • using a test "virus" and its modifications (see section 4.7.1, page 35); • using a test SPAM message (see section 4.7.2, page 36).

  • Page 36: Testing The Anti-Spam Protection System

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Prefix Object type Infected. An error occurs during an attempt to disinfect No prefix, standard the object; apply action set for objects that cannot be test "virus" disinfected. CORR- Corrupted. SUSP- Suspicious (unknown virus code). WARN- Warning (modified code of a known virus).
  • Page 37 Starting using the application When such message arrives at Exchange Server, Kaspersky Security will assign it SPAM status and will process it applying the action specified for this type of objects by the administrator (see section 7.2, page 67).

  • Page 38: Chapter 5. Updating The Anti-Virus And The Content Filtration Databases

    CHAPTER 5. UPDATING THE ANTI-VIRUS AND THE CONTENT FILTRATION DATABASES Users of Kaspersky Lab's products can update: • anti-virus database used to detect malicious programs and disinfect infected objects. Anti-virus database files contain description of all currently known malicious programs and disinfection methods for objects infected with such malware as well as the description of all potentially dangerous software (riskware);...

  • Page 39: Manual Updating

    Starting using the application In order to review the status of the databases and modify the updating settings, In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Servers 2003 node in the console tree, open it, se- lect the node corresponding to the server you need and follow the dates link in the results pane.

  • Page 40: Automatic Updates

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 4. Configuring update settings. The General tab In order to update the anti-virus database and content filtration database immediately, press the Update now button in the corresponding section. The application will launch the updating process using the selected settings. 5.2.

  • Page 41: Selecting The Updates Source

    Starting using the application Figure 5. Configuring update settings. Schedule tab In order to enable the automatic updates of the anti-virus and the content filtration databases, check the Update automatically box and set up the schedule for receiving updates. If the box is not checked, the databases must be updated manually (see section 5.1, page 39).
  • Page 42 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Additionally, you can configure the updates to be downloaded from a HTTP, FTP server or a network folder. If you have Kaspersky Administration Kit (the centralized Kaspersky Lab's applications management system) installed in your corporate network, then the databases updates received by the Administration Servers will be copied to a public folder (details see Kaspersky Administration Kit Guide).

  • Page 43: Configuring The Connection Settings

    Starting using the application Figure 6. Configuring update settings. The Source of updates tab 5.4. Configuring the connection settings In order to view/modify the network connection settings: In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open it, select the node corresponding to the server you need and follow the Updates...
  • Page 44 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • If you use a password in order to access the proxy server, specify the proxy user's authentication settings. In order to do this check the Proxy server authentication box and fill in the Name and the Password fields.

  • Page 45: Running Updates Under A Different User Account

    Starting using the application 5.5. Running updates under a different user account Kaspersky Security program updates can be run under a different user account. This feature is disabled by default, and tasks are run under the system profile. For example, you might want to run a task under a different user account if you are updating from a source that the computer does not have access to (such as a network update folder) or from a source where it does not have authorized user privileges to the proxy server.
  • Page 46 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 8. Configuring update settings. The Startup options tab...

  • Page 47: Chapter 6. Anti-Virus Protection

    CHAPTER 6. ANTI-VIRUS PROTECTION The main task of Kaspersky Security for Microsoft Exchange Server 2003 is to perform an anti-virus scan of mail traffic and to disinfect mail messages using the information contained in the current (latest) version of the anti-virus database. Depending on the anti-virus protection level selected by the administrator (see section 6.1, page 49), the application allows detection of: •...
  • Page 48 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 E-mail messages stored on the server and the content of public folders are also rescanned on a regular basis using the latest version of the anti-virus database (if the background storage scan is enabled). The scan is performed in the background mode and can be launched either automatically each time the anti- virus database is updated, or according to the schedule, or manually (details see section 6.6, page 62).

  • Page 49: Anti-Virus Protection Levels

    Anti-virus protection containers above the specified nesting level, file specified by mask or files specified by type (details see section 6.3, page 53). Kaspersky Security supports scanning several objects at the same time. The number of objects that can be processed at the same time depends on the number of started instances of the anti-virus kernel running simultaneously.
  • Page 50 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • programs that cause unexpected video or sound effects; • programs that cause problems in the system operation; • virus simulators. • Programs that do not contain malicious code and do not inflict any dam- age to the user, but can be a part of the environment used for develop- ment of malicious software.

  • Page 51: Enabling And Disabling The Anti-Virus Server Protection. Selecting Anti-Virus Protection Level

    Anti-virus protection 6.2. Enabling and disabling the anti- virus server protection. Selecting anti-virus protection level If the anti-virus server protection is enabled, then the anti-virus scan of the e-mail traffic will be started or stopped when the Microsoft Exchange Server is started or stopped.
  • Page 52 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 The use of extended or redundant anti-virus protection level may affect the speed of the program's operation. Besides, some programs may be referred to potentially dangerous programs when transferred by mail, and so they may be deleted or blocked, depending upon the application settings (see section 6.5, page 57).

  • Page 53: Scanning Attachments

    Anti-virus protection Disable the anti-virus mail protection using the Management Console (see above). Disable the anti-spam server protection using the Management Console (see section 7.1, page 66). Restart the Microsoft Exchange Information Store and IIS Admin services. Specify the Disabled startup type for the service of Kaspersky Security 5.5 for Microsoft Exchange Server 2003.
  • Page 54 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 10. Configuring restrictions for the attachment scan In the Exclude from the scan scope group, specify objects that you wish to exclude from the anti-virus scan scope: • Archives – exclude archives from the scan scope. •...
  • Page 55 Anti-virus protection cluding them from the scan scope. In order to do this, specify exclusions by the file type or using a mask: • Files defined by mask. Using the Append and Delete buttons, create the list of exclusion masks. When adding an exclusion in the Adding a mask window (see Figure 11), enter the exclusion mask into the corresponding field.

  • Page 56: Scanning Of Routed E-Mail Traffic

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 You can restore the default settings by pressing the Restore the default settings button. 6.4. Scanning of routed e-mail traffic In order to reduce the load on the server in the traffic protection mode, we recommend that mail traffic routed by the server, shall not be scanned.

  • Page 57: Selecting Actions To Be Performed With Objects

    Anti-virus protection Figure 13. Excluding transit traffic from the scan scope 6.5. Selecting actions to be performed with objects As a result of an anti-virus scan each object can be assigned a status as listed below: • Not infected – object does not contain viruses. •...
  • Page 58 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 The most important major function of the application is the disinfection of infected objects. Disinfection is performed based on the information contained in the anti-virus database. According to the results of the attempted disinfection, an object can be assigned a status as listed below: •...
  • Page 59 Anti-virus protection message will include the name of the virus detected and the name of the infected object. If an object attached to the message was processed (disinfected, de- leted, replaced) by Kaspersky Security, then before the message is closed, your e-mail client application (for example, Microsoft Outlook) will offer you to save changes although the user has made no changes.
  • Page 60 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Determine the rule for object processing for each status individually. In order to do this, press the Modify rule… button in the corresponding section. As a result the Master is started. Follow its instructions.
  • Page 61 Anti-virus protection Figure 16. Selecting an action to be performed with an object that could not be disinfected If you selected one of the actions that involve replacement of the object with text, you will be offered to create a replacement template (see Figure 17).

  • Page 62: Background Scan

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 In order to close the wizard, press the Finish button. In order to ensure that a copy of the object is saved to the backup storage before the object is processed, check the Save a copy of the original object in the backup storage box (see Figure 14).
  • Page 63 Anti-virus protection Figure 18. Configuring background scan settings and anti-virus protection performance Check the Enable background scan box (unchecked by default) and specify the desired scan launch option: • Every time the anti-virus database is updated – launch the scan every time the anti-virus database is updated. •...
  • Page 64 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 19. Creating the background scan schedule If you need to start the scan immediately, press the Start now button (Figure 18). You can restrict the scan time. In order to do this, check the Stop scan in [NN] hours box and specify the desired time period in hours.

  • Page 65: Chapter 7. Anti-Spam Protection

    CHAPTER 7. ANTI-SPAM PROTECTION One of the main tasks of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 is protection of mailboxes and public folders of the Exchange server against unsolicited e-mail messages (SPAM). The anti-spam scan module filters the incoming e-mail messages while they are being received via SMTP protocols that is, before the messages get into the users' mailboxes.

  • Page 66: Enabling/Disabling Anti-Spam Protection

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 SPAM, suspicious message, formal message, obscene message (details see section 1.1, page 7). Messages in which traces of SPAM have been detected, will be processed by applying actions described in section 7.2, page 67. 7.1.

  • Page 67: Selecting The Action To Be Performed With The Message

    Anti-Spam protection Figure 20. Configuring anti-spam protection settings. The General tab When you click the Restore the default settings button, Anti-Spam will be enabled. We do not recommend disabling Anti-Spam by disabling the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 start function manually through Manage computer / Services (see section 6.2, page 51).
  • Page 68 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Specify the rules for processing messages for each type of SPAM in the Actions tab (see Figure 22) of the window that will open: • Skip – deliver the message into the user's Inbox. By default this action is applied to messages that do not contain spam attributes and to formal e- mails.
  • Page 69 Anti-Spam protection Figure 21. Adding markers to the subject line of the message By default, if a message is declined or deleted, a copy of such message is saved to the backup storage (see Chapter 6, page 47). If necessary, you can restore the message from the backup storage or forward it to recipients unchanged.

  • Page 70: Configuring Tcp/Ip Settings

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 7.3. Configuring TCP/IP settings Anti-spam mail scan is performed by the service using the TCP/IP settings. These settings will be applied in automatically during the program's installation. In case of a conflict with other applications installed on your computer using the same port for TCP/IP, we recommend changing it.
  • Page 71 Anti-Spam protection Connection filtration allows the Exchange Server to access block lists and determine if the computer sending an e-mail is on those lists. Exchange Server can also be used to specify exclusions from block lists. In addition, Exchange Server can be used to create recipient filters that restrict delivery of e-mail to defined recipients in the organization or beyond.

  • Page 72: Chapter 8. Application'soperation Efficiency

    CHAPTER 8. APPLICATION'S OPERATION EFFICIENCY Kaspersky Security for Microsoft Exchange Server 2003 provides the possibility to fine-tune the application's operation efficiency depending on the amount and the characteristics of the mail traffic through the Exchange servers and on the system features of the computer: amount of RAM, operation speed, number of processors, etc.

  • Page 73: Anti-Spam Protection Efficiency

    Application's operation efficiency kilobytes. By default, the box is checked and the size of the object is 1024 KB. 8.2. Anti-spam protection efficiency In order to configure the anti-spam protection efficiency settings: In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open it, select the node corresponding to the server you need and follow the...

  • Page 74: Chapter 9. Backup Copying

    CHAPTER 9. BACKUP COPYING Kaspersky Security for Microsoft Exchange Server 2003 allows saving a backup copy of an initial object before processing. For example, before an attempt to disinfect or delete such object or before declining or deleting a message containing SPAM attributes, an initial copy can be saved to the backup storage.

  • Page 75: Viewing Backup Storage

    Backup copying • if the object storage period is limited, the application will delete objects with the expired storage period. The object can stay in the backup storage longer than the established storage period if no new objects are added to the storage.
  • Page 76 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 24. Viewing the backup storage In addition to the standard e-mail message attributes (Sender, Recipi- ents, Cc, Subject, Sent time), this table will contain the following infor- mation for each object: •...

  • Page 77: Backup Storage Filter

    Backup copying You can perform ascending and descending sorting of the data contained in the table by any column. 9.2. Backup storage filter The use of filters allows performing search and data structuring tasks on the data contained in the backup storage as after applying the filter only information complying with the filtering parameters becomes available.
  • Page 78 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 25. Creating a new filter. The Filter tab On the Additional tab (see Figure 26) specify the values for the filter settings that will be used to search for objects in the backup storage. To configure settings, use the following file attributes: file type.
  • Page 79 Backup copying Figure 26. Creating a new filter. The Additional tab After you are done with the filter settings, press the Apply or the OK buttons to create the filter. If you wish to cancel creation of the filter, press the Cancel button. As a result of this action, a subfolder with the filter's name will be created in the console tree inside the Backup Storage folder.

  • Page 80: Restoring Objects From The Backup Storage

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Modify the filter parameter values as required. In order to apply the changes, press the Apply or the OK buttons. To exit without saving the changes, press the Cancel button. As a result, the information displayed in the results pane will be updated according to the new values of the filter settings.

  • Page 81: Sending E-Mails To Addressees

    Backup copying As a result of these actions the object will be moved from the backup storage into the specified folder, decoded and saved with the specified name. The restored file will have the same format as it had when it was first processed by the application.

  • Page 82: Deleting Objects From The Backup Storage

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 In order to send a suspicious object to Kaspersky Lab's experts for analysis, Select the Backup Storage folder in the console tree. Select the object with the suspicious status you wish to send for analysis in the table displaying the content of the backup storage (see Figure 24).

  • Page 83: Configuring The Backup Storage Settings

    Backup copying Select the object you wish to delete in the table displaying the content of the backup storage (see Figure 24). You can use filter when searching for the object (see section 9.2, page 77). Open the shortcut menu and use the Delete command or the analogous command under the Action menu.
  • Page 84 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 27. Configuring the backup storage settings By default, the backup copy of the object is stored in qb folder. This is a service application folder, which is created in the application installation folder at the time when the Security Server is installed.
  • Page 85 Backup copying • Maximum objects storing time – if you wish to restrict the period objects are stored in the backup storage (unlimited by default), specify the number of days in the entry field (the default value is 30 days). If the size of the backup storage does not need to be restricted, deselect the Auto delete objects from storage box.

  • Page 86: Chapter 10. Notifications

    CHAPTER 10. NOTIFICATIONS Kaspersky Security allows notifying about revealed infected objects and about messages that contain SPAM. Notifications can be delivered using the following methods: • by sending e-mail messages; • by sending messages using Net Send tools; • by registering the event in the Microsoft Windows event log on the computer where the Security Server component is installed.

  • Page 87: Creating A Notification Template

    Notifications You can learn more about templates parameters in the settings window that opens by the Properties command available through the shortcut menu (details see section 10.2, page 91). Figure 28. The Notifications templates folder The administrator can create new templates, view and edit parameters of the existing templates and rename or delete templates using the shortcut menu commands.
  • Page 88 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Select the Notification templates folder in the console tree. Open the shortcut menu and use the New template command or an analogous command under the Action menu. As a result of these actions a <New notification> window used for configuring new notification template will open (Figure 29).
  • Page 89 Notifications • Enter a brief description of the notification in the Notification subject field. This line will be used as a header of the message. • Create the message text in the Full notification text field. The message may include information about a registered event. To include this information add corresponding substitution macros to the template selecting them from the dropdown list accessible via the Macros button (the list of macros will depend upon notification type).
  • Page 90 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 The validity of the addresses can be verified using the Test button. A message will be sent to the specified address. Entering several e-mail addresses is allowed, the addresses entered must be separated by semicolons. Figure 31.

  • Page 91: Viewing And Editing Notification Parameters

    Notifications results pane and, if the Notify about events box in the General tab is checked, notifications will be issued using this template. 10.2. Viewing and editing notification parameters In order to view or modify notification parameters, Select the Notification templates folder in the console tree. Select the required notification template in the table containing the list of created templates (see Figure 28).
  • Page 92 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 It will open the General settings window, where you should select the Advanced (see Figure 32) tab. Enter the information that will be displayed as the sender of messages generated by Kaspersky Security in the From field.

  • Page 93: Chapter 11. Preventing Virus Outbreaks

    CHAPTER 11. PREVENTING VIRUS OUTBREAKS Kaspersky Security 5.5 for Microsoft Exchange Server 2003 allows to detect increases in the virus activities on the protected Exchange server and to notify the administrator and other users about such events. This feature may be very useful in the periods of virus outbreaks as it helps the administrator to timely react to the emerging threats of virus attacks.
  • Page 94 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 The values of all virus outbreak counters will be reset if the Security Server component or the server operating system, where the compo- nent is installed, are restarted. Several counters with different settings values can be created for any event. During Security Server setup a virus outbreak counter is created.

  • Page 95: Creating A New Virus Outbreak Counter

    Preventing virus outbreaks In order to set up issuing notifications about increased virus activity level: Create a new virus outbreak counter (see section 11.1, page 95) or select an existing counter and configure its settings (see section 11.2, page 99). Check the Notify me about virus outbreaks box in the General tab of the virus outbreak counter settings (see Figure 34).
  • Page 96 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 34. Virus outbreak counter. The General tab Perform the following in the General tab (see Figure 34): • Enter the counter name in the Name field. • Specify the type of the event that will be traced by the counter. In order to do this, select the required value from the Type drop-down list.
  • Page 97 Preventing virus outbreaks specified type is exceeded. Uncheck this box if you do not want notifica- tions to be issued. Create the template of a message that will be sent as a notification in the Text tab (see Figure 35): Figure 35.
  • Page 98 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 36. Virus outbreak counter. The Notifications tab • In order to send messages via the e-mail server, check the E-mail notifications box and enter the e-mail addresses in the To and Copy fields.

  • Page 99: Viewing And Modifying Virus Outbreak Notification Settings

    Preventing virus outbreaks After you are done with the settings press the Apply or the OK button. As a result: • the virus outbreak counter will be added to the Virus outbreak counters folder and will be displayed in the table in the results pane; •...

  • Page 100: Chapter 12. Reports

    CHAPTER 12. REPORTS Kaspersky Security 5.5 for Microsoft Exchange Server 2003 allows receiving reports about the results of the anti-virus Exchange Server protection and about the anti-spam protection results. Reports are generated automatically according to the schedule or manually by request and can be saved in a specified folder and sent by e-mail.
  • Page 101 Reports Figure 37. The Report templates folder Apart from the reports' names, this table contains information on the status for each report created based on the template. Depending on the current stage of the report creation, its status may have one of the following values: •...

  • Page 102: Receiving Reports

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 12.1. Receiving reports In order to receive a report about an anti-virus server scan or an anti- spam scan: Create a report template of an appropriate type (see section 12.1.1, page 104) or select an existing template and configure its settings (see section 12.1.2, page 107).
  • Page 103 Reports In order to restrict the report storage period: In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open it, select the node corresponding to the server you need and select the Report templates folder in the console tree.

  • Page 104: Creating A Report Template

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • To delete contents of the statistical database on program operation used for creating reports, click Clear report statistics button. After you have made the changes, press the Apply or the OK button to apply the new settings.
  • Page 105 Reports Figure 39. Report template. The General tab Specify the reporting period and the report creation schedule settings in the Settings tab (see Figure 40). • The following options are available when specifying the reporting period: • specify the time period. In this case, the report will contain information for the specified period starting with the report creation date and time.
  • Page 106 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • Specify the time when reports will be created in the Generate report at field. Figure 40. Report template. The Settings tab Specify which format shall be used for reports creation and specify the reports storage folder and mailing list in the Actions tab (see Figure 41).

  • Page 107: Viewing And Fine-Tuning The Report Templates

    Reports Figure 41. Report template. The Actions tab After you are done with the settings press the Apply or the OK button. As a result: • The report template will be added to the Report templates folder and will be displayed in the table in the results pane; •...

  • Page 108: Viewing Reports

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Select the report template you need in the table displaying the list of created templates (see Figure 37). Open the shortcut menu and use the Properties command or the analogous command under the Action menu. As a result of these actions, a report template settings window <Template name>: Properties will open.
  • Page 109 Reports Figure 42. Viewing a report saved as a folder Reports have frame-based structure. The left frame contains the list of the report’s sections (table of contents); the heading and the content of the selected section are displayed in the right frame. In order to view a particular section, select its name in the table of contents and the content of the section will be loaded in the right frame.
  • Page 110 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 43. Viewing a report delivered by e-mail The upper part of the report contains the list of sections (table of contents). This part is followed by the sections including the information they contain. The sections are arranged in the same order as they are listed in the table of contents.

  • Page 111: Chapter 13. Application'sevent Logs

    CHAPTER 13. APPLICATION’S EVENT LOGS Kaspersky Security 5.5 for Microsoft Exchange Server 2003 allows the user to perform full diagnostics of its operation and register events in the Microsoft Windows event log and in the Kaspersky Security application's log file. The degree of the completeness of the information entered into the logs depends on the diagnostics levels selected in the application’s settings (details see section 13.1, page 112).

  • Page 112: Configuring The Diagnostics Level

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 format. If this maximum allowable number is exceeded at the time a new log is created, the oldest log of the same format will be deleted. The frequency for creating new logs and the maximum number of logs can be modified (details see section 13.2, page 114).
  • Page 113 Application’s event logs Go to the Diagnostics tab in the General settings window that will open (see Figure 44). Figure 44. The Diagnostics tab The Diagnostics level for the system modules section located in the tab contains a table. The left part of the table contains the list of all modules included into the structure of the program.

  • Page 114: Configuring Log Settings

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 13.2. Configuring log settings In order to configure log settings: In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open it, select the node corresponding to the server you need and follow the General settings link in the results pane.

  • Page 115: Chapter 14. License Keys

    CHAPTER 14. LICENSE KEYS When you purchase Kaspersky Security 5.5 for Microsoft Exchange Server 2003, you enter into a license agreement with Kaspersky Lab. Based on this agreement, you are granted the right to use the software you purchased during a certain period for the protection of the specified number of mailboxes.
  • Page 116 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 The number of objects not scanned during the period when the applica- tion functionality was restricted due to the violation of the license terms, can be viewed in the corresponding section of the General scan re- sults report (see section 12.2, page 108).

  • Page 117: License Information

    License keys Figure 46). If you have trial license key installed, click license. This will send you to the Kaspersky Lab website, where you will find complete information on buying or extending a license. Install the license key (see section 14.2, page 119). You can install two keys: one current key and one backup key.
  • Page 118 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 45. Viewing license information The tab contains the following information: • the name of Exchange server where the Security Server component is installed; • the version (number) of the application installed; •...

  • Page 119: Installing The License Key

    License keys outdated versions of its databases. Your license may be expired. Management services only. Only management services used to configure the application parameters (license key installation) are available. This may be caused by the expi- ration of the trial license key. Update only.
  • Page 120 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • if you are installing or replacing the current license key, press the Add/replace… button in the Current license key section. • if you are installing or replacing the backup license key, press the Add key…...

  • Page 121: Removing A License Key

    License keys 14.3. Removing a license key When you remove your license key using the Kaspersky Security interface, only the registration of the key with the application will be removed. Physically, the key will remain on the media from which it had been added to the application. In order to remove a license key, Select the node corresponding to the required server in the console tree and follow the...

  • Page 122: Unprotected Storage Areas

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • the number of mailboxes on the mail server has exceeded the quote specified in the license; a record will be entered into the application’s logs and, if the notification parameters are configured, a message will be sent by e-mail to the specified e- mail address.
  • Page 123 License keys In order to remove protection from a storage area, Select the node corresponding to the required server in the console tree and follow the Anti-virus protection link in the results pane. Go to the Protected mail (see Figure 13) tab in the Anti-virus protection window that will open.

  • Page 124: Chapter 15. Application Management Using Kaspersky Administration Kit

    CHAPTER 15. APPLICATION MANAGEMENT USING KASPERSKY ADMINISTRATION KIT Kaspersky Administration Kit is a centralized system performing the main administration tasks pertaining to the management of corporate network security system built on the basis of applications included into the bundles of Kaspersky Anti-Virus Business Optimal or Kaspersky Corporate Suite.
  • Page 125 Application management using Kaspersky Administration Kit • Deploy the Administration Server in the network; install Administration Console to the administrator's workplace (please refer to the administrator's guide for "Kaspersky Administration Kit" for details). You can manage the application using Kaspersky Administration Kit via its Administration Console (see Figure 47).

  • Page 126: Managing Policies

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Application settings – a set of parameters defined for the operation of the application that includes parameters of the backup storage, reports generation service, etc. A distinctive feature of the centralized administration is the arrangement of computers into groups and modification of their settings by creating and defining group policies.
  • Page 127 Application management using Kaspersky Administration Kit Step 1. General information about the policy The first wizard dialog boxes are introductory steps, where you should enter the policy name into the Name field and select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 product from the Application drop-down list. Enable the Activate policy checkbox to enforce it immediately after creation.
  • Page 128 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 49. Scanning of attachments Step 4. Enabling scanning of routed mail You can use the Protected e-mail dialog (see Figure 50) to disable scanning of mail routed by the server in order to decrease the load on the Exchange server (see section 6.4, page 56).
  • Page 129 Application management using Kaspersky Administration Kit Figure 50. Scanning of routed mail Step 5. Selecting the source of updates At this stage (see Figure 51), you are asked to configure the settings for anti- virus database and content filtration database updates: •...

  • Page 130: Viewing And Editing Policy Settings

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 51. Selecting the update source Step 6. Finalizing policy creation The final window of the wizard informs you that a new policy has been successfully created. After the wizard is closed, the policy for this application will be added to the Policies folder of the corresponding group and shown on the results panel.

  • Page 131: Viewing Information About The Application

    Application management using Kaspersky Administration Kit In the list of policies, point to a policy for Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (the application name is displayed in the Application field). Open the shortcut menu for the selected policy and click Properties.

  • Page 132: Enabling / Disabling Server Protection

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 52. The General tab • Policy name; • The application this policy is assigned to (Kaspersky Security 5.5 for Microsoft Exchange Server 2003); • Application version (number); • Date and time of policy creation; •...

  • Page 133: Scanning Of Attachments

    Application management using Kaspersky Administration Kit Upon enabling of the anti-virus protection you will have to select one of three available levels of anti-virus protection: Standard, Extended or Redundant (see section 6.1, page 49). To enable anti-virus scanning of e-mail and contents of public folders stored on the server, check Enable background scan and configure the scan settings (for more on background scanning, see section 6.6, page 62).

  • Page 134: Scanning Of Routed Mail

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 54. The Attachment scan tab 15.1.2.4. Scanning of routed mail You can use the Protected Mail tab (see Figure 55) to enable / disable scanning of mail traffic routed via an Exchange server. Configuration of these parameters is similar to the case of application management via its local interface (see details in section 6.4, page 56).

  • Page 135: The Choice Of Actions Over Objects

    Application management using Kaspersky Administration Kit Figure 55. The Protected Mail tab 15.1.2.5. The choice of actions over objects You can use the Actions on viruses tab (see Figure 56) to define the actions, which the Kaspersky Security application will perform whenever it reveals objects containing malicious code.

  • Page 136: The Choice Of Actions Over Spam Messages

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 56. The Actions on viruses tab 15.1.2.6. The choice of actions over spam messages You can use the Actions on spam tab (see Figure 57) to define the actions, which the Kaspersky Security application will perform whenever it detects messages bearing signs of spam, and also to configure special markers for flagging the subject line of the message.

  • Page 137: Configuring The Server Protection Productivity

    Application management using Kaspersky Administration Kit Figure 57. The Actions on spam tab 15.1.2.7. Configuring the server protection productivity Anti-Virus and Anti-Spam productivity settings are configured on the Performance tab (see Figure 58). These settings are configured in the same way as when configuring them through the application's own interface.

  • Page 138: Updating The Anti-Virus And Content Filtration Databases

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 58. The Performance tab 15.1.2.8. Updating the anti-virus and content filtration databases You can use the Update tab (see Figure 59) to define the policy parameters for updating of the anti-virus and content filtration databases. You will be offered to specify the source of updates and configure the local network parameters in the window, which opens after clicking the Connection parameters…...

  • Page 139: Notifications On Detected Objects

    Application management using Kaspersky Administration Kit Figure 59. The Update tab 15.1.2.9. Notifications on detected objects On the Templates and counters tab (see Figure 60), you can create notification templates for notifying the administrator or users when certain events occur in program operation.

  • Page 140: Virus Outbreak Notification

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 60. The Templates and counters tab 15.1.2.10. Virus outbreak notification On the Templates and counters tab (see Figure 60) you can configure notification settings for virus activity. In order to create a new counter, click the Append… button in the Virus outbreak counters section and use the resulting window to configure the counter.

  • Page 141: Additional Settings

    Application management using Kaspersky Administration Kit settings are configured in the same way as when configuring them through the application's own interface. For more, see section 14.4, page 121. In addition, you can define whose account will be used when sending notifications by e-mail.

  • Page 142: Registration Of Events On Program Operation On Administration Server

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 62. The Additional tab 15.1.2.13. Registration of events on program operation on Administration Server On the Event processing tab (see Figure 63) you can configure settings for recording events that occur in program operation, on Kaspersky Administration Kit Administration Server, and the event notification mode for the administrator or users.
  • Page 143 Application management using Kaspersky Administration Kit Figure 63. The Event processing tab While running, the application generates a specific set of events. Every event is characterized by the level of its importance. There are four such levels: • Critical event •...

  • Page 144: Reviewing The Results Of Policy Application

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Please refer to the administrator's guide for Kaspersky Administration Kit for a detailed description of the Event processing tab. 15.1.2.14. Reviewing the results of policy application The Enforcement tab (see Figure 64) displays the following information about the policy applied to the computers in the selected group: •...

  • Page 145: Management Of Application Settings

    Application management using Kaspersky Administration Kit Click Details to open a dialog box containing detailed information about the selected policy applied to each client computer (for details, see the administrator’s guide for Kaspersky Administration Kit). In addition, you can configure the procedure for modifying local application settings on client computers (for more, see the Kaspersky Administration Kit Administrator's Handbook).
  • Page 146 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 for Kaspersky Administration Kit for details on work with reports). • Review the current statistics on application activity. • Configure the application. Most tabs in the window are identical to similar ones in the policy configuration window (see details in section 15.1.2, page 130).

  • Page 147: Reviewing The Information About Application

    Application management using Kaspersky Administration Kit 15.2.1. Reviewing the information about application The General tab (see Figure 66) displays general information about Kaspersky Security 5.5 for Microsoft Exchange Server 2003. The upper window part contains the title of the installed application, its version number, installation date, status (running or stopped on the local computer) and the information about the anti-virus database status.

  • Page 148: Reviewing The License Key Information

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 15.2.2. Reviewing the license key information The Licenses tab (see Figure 67) is purely informational. It displays the information about the current and the backup license keys installed on the selected computer. Figure 67.

  • Page 149: Selection Of Protected Storage

    Application management using Kaspersky Administration Kit Figure 68. The Server protection tab 15.2.4. Selection of protected storage You can use the Protected Mail tab (see Figure 69) to enable/disable scanning of mail traffic routed via an Exchange server and also enable/disable protection of mailbox storages or public folders.

  • Page 150: Viewing Reports

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 69. The Protected Mail tab 15.2.5. Viewing reports On the Templates and counters tab (see Figure 70) you can create report templates, edit their settings, and view generated reports stored on a remote computer.
  • Page 151 Application management using Kaspersky Administration Kit Figure 70. The Templates and counters tab...

  • Page 152: Task Management

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Figure 71. Report viewing window 15.3. Task management During application setup a list of system tasks is generated for each server. The list (see Figure 72) includes the tasks for updating of the anti-virus and content filtration databases.
  • Page 153 Application management using Kaspersky Administration Kit <Computer name> Properties dialog (see Figure 65) in the main program window. To configure the application tasks on the local computer, se- lect the Local computer object (see Figure 47) in the console tree and use the Properties command from the right-click menu.

  • Page 154: Running And Stopping Tasks

    Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • Review general information about the task, launch or stop it (the General tab). • Customize specific parameters used to run the task (the Settings tab). • Create its schedule (the Schedule tab). •...

  • Page 155: Configuring Task Parameters

    Application management using Kaspersky Administration Kit Tasks are launched in accordance with their established schedule. You can temporarily remove certain tasks from the list of scheduled ones. Doing so will not delete the tasks; instead, they will just be skipped. In addition, you can control tasks manually in the task list window (see Figure 72) and in the dialog for reviewing task settings (see Figure 73).

  • Page 156: Chapter 16. Frequently Asked Questions

    CHAPTER 16. FREQUENTLY ASKED QUESTIONS This chapter is devoted to questions most frequently asked by users regarding the installation, setup, and operation of Kaspersky Security for Microsoft Exchange Server 2003. We will try to answer them here in detail. Question: Can the application be used with other vendors' anti-virus software? Kaspersky Security 5.5 for Microsoft Exchange Server 2003 is an anti- virus e-mail application designed to be used in corporate networks.
  • Page 157 Frequently asked questions scanning of various file types. However, do not forget that this leads to lowering the security level of your computer. Question: Why do I need a license key? Will my Kaspersky Security application work without it? Kaspersky Security 5.5 for Microsoft Exchange Server 2003 will not work without a license key.
  • Page 158 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 An additional feature available is the updating of the application modules to repair detected vulnerabilities or offer new functionality. Question: Can an intruder replace my anti-virus database? All anti-virus and content filtration databases are supplied with a unique signature verified by the application when it tries to use them.
  • Page 159 Frequently asked questions Kaspersky Security, files in that format can be damaged during their deliv- ery via an Exchange server. Question: After installation of Kaspersky Security on one of servers in our organization, the nearest relay server began generating a queue of messages, which cannot arrive at our server.

  • Page 160: Appendix A. Table Of Substitution Macros

    Appendix A. Table of substitution macros This section lists all the macros used in configuring alternate templates for anti- virus processing of files (see section 6.5, page 57) and settings for virus outbreak counters (see section 11.1, page 95) and notifications (see section 10.1, page 87).
  • Page 161 Appendix A Macros Macros meaning %CONTENT_TYPE% MIME object information %DATABASE_NAME% the name of the Microsoft Exchange Server database where the object was detected %FROM% displayed sender’s name %MAILBOX_NAME% name of the mailbox in which the object was detected %MESSAGE_URL_NAME% full name of the message where the object was detected %OBJECT_NAME% attachment name, not defined for OLE...
  • Page 162 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Macros Macros meaning %SUBMIT_TIME% time the message was sent %TO% list of message recipients %PRODUCT_NAME% application name – Kaspersky Security %PROCESSED_TIME% time the file was processed (local time of the server)

  • Page 163: Appendix B. Contacting The Technical Support Service

    Appendix B. Contacting the technical support service If you encounter problems while using Kaspersky Security, first check if the solution to your problem can be found in this documentation, specifically in the Frequently Asked Questions section (see Chapter 16, page 156), or in the Services/Knowledge base (FAQ) section of the Kaspersky Lab website (www.kaspersky.com).
  • Page 164 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 In the next window of the web form, specify your contact information. Enter the security code from automatic registration and click the Send request button. The Technical Support team will analyze your problem and will assist you as soon as possible.

  • Page 165: Appendix C. Glossary

    Appendix C. Glossary The product's documentation contains terms and concepts specific to the field of anti-virus protection. This glossary contains definitions of such concepts. For your convenience, the terms are arranged in the alphabetic order. А Administrator’s workstation – a computer on which the Management Console (a component of Kaspersky Security) is installed.
  • Page 166 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Container object – an object subject to anti-virus scan that consists of several objects, such as an archive, a message containing an attached message, etc. See also simple object. Content filtration database – database, created by Kaspersky Lab's specialists, containing samples of SPAM messages and words and phrases characteristic of SPAM and used for the linguistic analysis of the message content and attachments.
  • Page 167 Appendix C Kaspersky Administration Kit – an application included into Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite and designed to provide a centralized solution for most important administration tasks associated with managing the corporate network anti-virus security sys- tem based on Kaspersky Lab’s applications. Kaspersky Lab’s updates servers –...
  • Page 168 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Obscene messages – messages that contain obscene language. Replacement template – a template used to create a text notification about infected objects detected or about a threat of a virus outbreak. Report template – a template used to create reports on the results of the anti-virus and the anti-spam server scan.
  • Page 169 Appendix C Virus activity level threshold – a maximum allowable number of events of a certain type within a specified time interval; when this number is ex- ceeded, the situation is classified as increased virus activity and a threat of virus attack. This value is of great significance in the periods of virus outbreaks as it helps the administrator timely react on the emerging threats of virus attacks.

  • Page 170: Appendix D. Kaspersky Lab

    Appendix D. Kaspersky Lab Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.

  • Page 171: Other Kaspersky Lab Products

    Appendix D D.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Personal ® Kaspersky Anti-Virus Personal has been designed to provide anti-virus protection to personal computers running Microsoft Windows 98/ME or Microsoft Windows 2000/NT/XP against all known viruses, including potentially dangerous software.
  • Page 172 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 retrieval of daily updates for the anti-virus database and the program modules. A unique second-generation heuristic analyzer efficiently detects unknown viruses. A simple and convenient interface allows users to configure the program quickly making work with it easier than ever.
  • Page 173 Appendix D ® Kaspersky Personal Security Suite ® Kaspersky Personal Security Suite is a software suite designed for organizing comprehensive protection of personal computers running Microsoft Windows. The suite prevents malicious and potentially dangerous programs from penetrating through any possible data sources and protects you from unauthorized attempts to access your computer’s data, as well as blocking spam.
  • Page 174 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • Exclude archives and e-mail databases from scanning. • Select standard/extended anti-virus databases for scanning. • Save a report on the scanning results in txt or html formats. ® Kaspersky OnLine Scanner Pro The program is a subscription service offered to the visitors of Kaspersky Lab's corporate website.
  • Page 175 Appendix D • Monitoring of changes in OS registry due to internal system registry control. • Blocking of dangerous VBA macros in Microsoft Office documents. • System restoration after malicious spyware influence accomplished due to recording of all changes in the registry and computer file system and an opportunity to perform their roll-back at user's discretion.
  • Page 176 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 computer detection from outside. When you switch into that mode, the system will block all network activity except for a few transactions allowed in user- defined rules. The program employs complex approach to anti-spam filtering of incoming e-mail messages: •...
  • Page 177 Appendix D ® Kaspersky Anti-Virus Business Optimal This package provides a unique configurable security solution for small- and medium-sized corporate networks. ® Kaspersky Anti-Virus Business Optimal guarantees full-scale anti-virus protection for: • Workstations running Microsoft Windows 98/ME, Microsoft Windows NT/2000/XP Workstation and Linux. •...
  • Page 178 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 • E-mail systems, including Microsoft Exchange Server 2000/2003, Lotus Notes/Domino, sendmail, postfix , exim, and qmail mail systems • Internet gateways: CheckPoint Firewall –1; Microsoft ISA Server 2000 Enterprise Edition, Microsoft ISA Server 2004 Enterprise Edition •...

  • Page 179: Contact Us

    Appendix D ® Kaspersky Mail Gateway Kaspersky Mail Gateway is a comprehensive solution that provides complete protection for users of mail systems. This application installed between the corporate network and the Internet scans all components of e-mail messages for the presence of viruses and other malware (Spyware, Adware, etc.) and performs centralized anti-spam filtration of e-mail stream.

  • Page 180: Appendix E. License Agreement

    Appendix E. License agreement End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") LICENSE SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED KASPERSKY ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEM ENT.
  • Page 181 Appendix E All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software. 1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of this Agreement, Kaspersky Lab hereby grants you the non-exclusive, non-transferable right to use one copy of the specified version of the Software and the accompanying documentation (the...
  • Page 182 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 1.1.5 You shall not rent, lease or lend the Software to any other person, nor transfer or sub-license your license rights to any other person. 1.1.6 You shall not use this Software in automatic, semi-automatic or manual tools designed to create virus signatures, virus detection routines, any other data or code for detecting malicious code or data.
  • Page 183 Appendix E (i) Kaspersky Lab will provide you with the support services ("Support Services") as defined below for a period of one year following: (a) Payment of its then current support charge, and: (b) Successful completion of the Support Services Subscription Form as provided to you with this Agreement or as available on the Kaspersky Lab website, which will require you to produce the Key Identification File which will have been provided to you by Kaspersky Lab with this Agreement.
  • Page 184 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation.
  • Page 185 Appendix E (c) Loss of the use of money; (d) Loss of anticipated savings; (e) Loss of business; (f) Loss of opportunity; (g) Loss of goodwill; (h) Loss of reputation; (i) Loss of, damage to or corruption of data, or: (j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of doubt, where such loss or damage is of the type specified in paragraphs (ii), (a) to (ii), (i).

This manual is also suitable for:

Security 5.5

Table of Contents