- DL manuals
- F-SECURE
- Other
- ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10 -
- Administrator's Manual
F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10 - Administrator's Manual
Summary of ANTI-VIRUS FOR MICROSOFT EXCHANGE 7.10 -
Page 1
F-secure anti-virus for microsoft exchange administrator’s guide.
Page 2
"f-secure" and the triangle symbol are registered trademarks of f-secure corporation and f-secure product names and symbols/logos are either trademarks or registered trademarks of f-secure corporation. All product names referenced herein are trademarks or registered trademarks of their respective co...
Page 3
3 contents about this guide 9 how this guide is organized ............................................................................................ 10 conventions used in f-secure guides .............................................................................. 12 symbols .......................
Page 4
4 3.1.4 web browser software requirements ........................................................... 38 3.2 improving reliability and performance ...................................................................... 38 3.3 centrally administered or stand-alone installation? ..........................
Page 5
5 5.4.2 virus scanning ............................................................................................. 123 5.4.3 virus statistics .............................................................................................. 125 5.4.4 database updates......................................
Page 6
6 6.7.1 options .........................................................................................................214 6.8 general .................................................................................................................... 223 6.8.1 network configuration .................
Page 7
7 9.4.1 configuring realtime blackhole lists ........................................................... 266 9.4.2 optimizing f-secure spam control performance ........................................ 268 appendix a variables in warning messages 270 list of variables....................................
Page 8
8 e.5 frequently asked questions .................................................................................... 304 technical support 305 f-secure online support resources ............................................................................... 306 web club ................................
Page 9
9 a bout t his g uide how this guide is organized.................................................... 10 conventions used in f-secure guides ..................................... 13.
Page 10
10 how this guide is organized f-secure anti-virus for microsoft exchange administrator's guide is divided into the following chapters: chapter 1. Introduction . General information about f-secure anti-virus for microsoft exchange and other f-secure anti-virus mail server and gateway products. Chapt...
Page 11
About this guide 11 appendix b. Services and processes . Describes services, devices and processes of f-secure anti-virus for microsoft exchange. Appendix d. Sending e-mail alerts and reports . Instructions how to configure the product to send alerts to the administrator by e-mail. Chapter e. Troubl...
Page 12
12 conventions used in f-secure guides this section describes the symbols, fonts, and terminology used in this manual. Symbols ⇒ an arrow indicates a one-step procedure. Fonts arial bold (blue) is used to refer to menu names and commands, to buttons and other items in a dialog box. Arial italics (bl...
Page 13
13 courier new bold is used for information that you must type. Small caps ( black ) is used for a key or key combination on your keyboard. Arial underlined (blue) is used for user interface links. Arial italics is used for window and dialog box names. Pdf document this manual is provided in pdf (po...
Page 14
14 1 i ntroduction overview..................................................................................... 15 how f-secure anti-virus for microsoft exchange works ........... 16 key features .............................................................................. 19 f-secure anti-virus m...
Page 15
Chapter 1 15 introduction 1.1 overview malicious code, such as computer viruses, is one of the main threats for companies today. In the past, malicious code spread mainly via disks and the most common viruses were the ones that infected disk boot sectors. When users began to use office applications ...
Page 16
16 1.2 how f-secure anti-virus for microsoft exchange works f-secure anti-virus for microsoft exchange is designed to detect and disinfect viruses and other malicious code from e-mail transmissions through microsoft exchange 2007 server. Scanning is done in real time as the mail passes through micro...
Page 17
Chapter 1 17 introduction f-secure anti-virus scanner consistently ranks at the top when compared to competing products. Our team of dedicated virus researchers is on call 24-hours a day responding to new and emerging threats. In fact, f-secure is one of the only companies to release tested virus de...
Page 18
18 components and set up scheduled scans and run manual scanning operations. F-secure policy manager receives status information from f-secure anti-virus for microsoft exchange. F-secure policy manager server is the server side component that handles communication between f-secure anti-virus for mic...
Page 19
Chapter 1 19 introduction 1.3 key features f-secure anti-virus for microsoft exchange provides the following features and capabilities. Superior protection superior detection rate with multiple scanning engines. Automatic malicious code detection and disinfection. The grayware scan detects spyware, ...
Page 20
20 transparency and scalability viruses are intercepted before they can enter the network and spread out on workstations and servers. Real-time scanning of internal, inbound and outbound mail messages and public folder notes. Automatic protection of new mailboxes and public folders. Total transparen...
Page 21
Chapter 1 21 introduction 1.4 f-secure anti-virus mail server and gateway products the f-secure anti-virus product line consists of workstation, file server, mail server, gateway and mobile products. F-secure internet gatekeeper™ is a high performance, totally automated web (http and ftp-over-http) ...
Page 22
22 automatically from f-secure, keeping the virus protection always up to date. A powerful and easy-to-use management console simplifies the installation and configuration of the product. F-secure messaging security gateway™ delivers the industry’s most complete and effective security for e-mail. It...
Page 23
23 2 d eployment installation modes....................................................................... 24 network requirements............................................................... 25 deployment scenarios ............................................................... 26.
Page 24
24 2.1 installation modes f-secure anti-virus for microsoft exchange can be installed either in stand-alone or centrally administered mode. In stand-alone installation, f-secure anti-virus for microsoft exchange is managed with web console. In centrally administered mode, it is managed centrally wit...
Page 25
Chapter 2 25 deployment 2.2 network requirements this network configuration is valid for all scenarios described in this chapter. Make sure that the following network traffic can pass through: service process inbound ports outbound ports f-secure content scanner server %programfiles(x86)%\f-secure\ ...
Page 26
26 2.3 deployment scenarios depending on how the microsoft exchange 2007 server roles are deployed in your environment, you might consider various scenarios of deploying f-secure anti-virus for microsoft exchange. There are various ways to deploy f-secure anti-virus for microsoft exchange that are s...
Page 27
Chapter 2 27 deployment 2.3.1 environment with a single exchange server figure 2-1 deployment in an environment with a single exchange server if the exchange server roles have been deployed on a single server, you should deploy f-secure anti-virus for microsoft exchange as follows: installing f-secu...
Page 28
28 2.3.2 environments with exchange roles deployed on multiple servers figure 2-2 deployment in an environment with edge, hub and mailbox server roles deployed on multiple servers.
Page 29
Chapter 2 29 deployment figure 2-3 deployment in an environment with edge, hub, mailbox and client access server roles deployed on multiple servers if the exchange server roles have been deployed on multiple servers, you should deploy f-secure anti-virus for microsoft exchange as follows: installing...
Page 30
30 installing f-secure spam control if you have a license for f-secure spam control, you can install it on the edge server. If you do not have an edge server, you can install f-secure spam control on the hub server. Administration modes it is recommended to install the product in centralized adminis...
Page 31
Chapter 2 31 deployment 2.3.3 quarantine management considerations figure 2-4 deploying centralized quarantine management in an environment with multiple exchange servers if you want to use centralized quarantine management in a network where the exchange server roles have been deployed on multiple ...
Page 32
32 in environments with heavy e-mail traffic it is recommended to use a microsoft sql server installed on a separate server. When using the free microsoft sql server 2005 express edition included in f-secure anti-virus for microsoft exchange, the quarantine database size is limited to 4 gb. You can ...
Page 33
33 3 i nstallation system requirements ................................................................ 34 improving reliability and performance....................................... 38 installation overview .................................................................. 40 installing f-secure a...
Page 34
34 3.1 system requirements f-secure anti-virus for microsoft exchange is installed on the computer running microsoft exchange server and requires the following hardware and software. Processor: amd opteron/athlon x64 or intel xeon with extended memory 64 technology (em64t) memory: 1 gb disk space to...
Page 35
Chapter 3 35 installation 3.1.1 operating system requirements the product can be installed on a computer with a 64-bit processor running one of the following systems: microsoft® windows server 2003, standard x64 edition with the latest service pack microsoft® windows server 2003, enterprise x64 edit...
Page 36
36 3.1.3 sql server requirements the product requires microsoft® sql server for the quarantine management. The following versions of microsoft sql server are recommended to use: microsoft sql server 2000 (enterprise, standard or workgroup edition) with service pack 4 microsoft sql server 2000 deskto...
Page 37
Chapter 3 37 installation take the following sql server specific considerations into account when deciding which sql server to use: microsoft sql server 2005 express edition when using microsoft sql server 2005 express edition, the quarantine database size is limited to 4 gb. Microsoft sql server 20...
Page 38
38 3.1.4 web browser software requirements in order to administer the product with f-secure anti-virus for microsoft exchange web console, one of the following web browsers is required: microsoft internet explorer 6.0 or later mozilla firefox 2.0 or later opera 9.00 or later konqueror 3.5 or later a...
Page 39
Chapter 3 39 installation hard drive hard drive size is an important reliability factor. Hard drive performance is crucial for microsoft exchange server to perform well. For best performance, a raid system is recommended; for servers with only moderate load, scsi hard disks are adequate. If your ser...
Page 40
40 3.4 installation overview f-secure anti-virus for microsoft exchange can be installed to the same computer that runs f-secure anti-virus for servers 7.0. You should uninstall any potentially conflicting products, such as other anti-virus, file encryption, and disk encryption software, which emplo...
Page 41
Chapter 3 41 installation 3. Import the product mib files to f-secure policy manager, if they cannot be uploaded there during the installation. For more information, see “ importing product mib files to f-secure policy manager console ”, 54. 4. Check that f-secure automatic update agent can retrieve...
Page 42
42 step 2. Read the information in the welcome screen. Click next to continue. Step 3. Read the licence agreement. If you accept the agreement, check the i accept this agreement checkbox and click next to continue..
Page 43
Chapter 3 43 installation step 4. Enter the product keycode. Click next to continue. Step 5. Choose the components to install. For more information about f-secure spam control, see “ administering f-secure spam control ”, 257. Click next to continue..
Page 44
44 step 6. Choose the destination folder for the installation. Click next to continue. Step 7. Choose the administration method. If you install f-secure anti-virus for microsoft exchange in stand-alone mode, you cannot configure settings and receive alerts and status information in f-secure policy m...
Page 45
Chapter 3 45 installation if you selected the stand-alone installation, continue to step 10. , 47 . Step 8. Enter the path to the public management key file admin.Pub that was created during f-secure policy manager console setup. You can transfer the public key in various ways (use a shared folder o...
Page 46
46 step 9. Enter the ip address or url of the f-secure policy manager server you installed earlier. Click next to continue. If the product mib files cannot be uploaded to f-secure policy manager during installation, you can import them manually. For more information, see “ importing product mib file...
Page 47
Chapter 3 47 installation step 10. Enter an smtp address that will be used by f-secure anti-virus for microsoft exchange to send warning and informational messages to end-users. The smtp address should be a valid, existing address that is allowed to send messages. Click next to continue. Step 11. Sp...
Page 48
48 step 12. Specify the location of the quarantine database. If you want to install microsoft sql server 2005 express edition and the quarantine database on the same server as the product installation, select (a) install and use microsoft sql server desktop engine. If you are using microsoft sql ser...
Page 49
Chapter 3 49 installation enter the password for the database server administrator account that will be used to create the new database. Click next to continue. Specify the name for the sql database that stores information about the quarantined content. Enter the user name and the password that you ...
Page 50
50 enter the username and password to log on to the server. Click next to continue. If the server has a database with the same name, you can either use the existing database, remove the existing database and create a new one or keep the existing database and create a new one with a new name. Step 13...
Page 51
Chapter 3 51 installation you enable f-secure world map support, see “ sending e-mail alerts and reports ”, 293. Step 14. If you selected the centralized administration mode, specify the dns name or ip address of the f-secure policy manager server and the administration port. Click next to continue....
Page 52
52 connection is allowed from the proxy to the server. Check that any firewall does not block the connection. If you want to skip installing mib files, click cancel . You can install mib files later either manually or by running the setup again. Step 16. The list of components that will be installed...
Page 53
Chapter 3 53 installation click next to continue. Step 18. The installation is complete. Click finish to close the setup wizard. 3.6 after the installation this section describes what you have to do after the installation. These steps include: importing product mibs to f-secure policy manager (if th...
Page 54
54 3.6.1 importing product mib files to f-secure policy manager console if you are using the product in centrally managed mode, there are cases when the f-secure anti-virus for microsoft exchange mib jar file cannot be uploaded to f-secure policy manager server during the installation. In these case...
Page 55
Chapter 3 55 installation 3.6.2 configuring the product after the installation, f-secure anti-virus for microsoft exchange is functional, but it is using mostly default values. It is highly recommended to go through all the settings of all installed components. Configure f-secure anti-virus for micr...
Page 56
56 network configuration the mail direction is based on the internal domains and internal smtp hosts settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal smtp sender hosts and mail recipients belong to one of the specified internal domains (...
Page 57
Chapter 3 57 installation to register the new keycode from f-secure settings and statistics: 1. Open f-secure settings and statistics by double-clicking the f-secure icon in the windows system tray and select f-secure anti-virus for microsoft exchange to open the evaluation screen. 2. Eenter the new...
Page 58
58 4 u sing f-s ecure a nti -v irus for m icrosoft e xchange administering f-secure anti-virus for microsoft exchange........ 59 using web console.................................................................... 60 using f-secure policy manager console................................... 63.
Page 59
Chapter 4 59 using f-secure anti-virus for microsoft exchange 4.1 administering f-secure anti-virus for microsoft exchange f-secure anti-virus for microsoft exchange can be used either in the stand-alone mode or in the centrally administered mode, based on your selections during the installation and...
Page 60
60 4.2 using web console you can open f-secure anti-virus for microsoft exchange web console in any of the following ways: go to windows start menu > programs > f-secure anti-virus for microsoft exchange > f-secure anti-virus for microsoft exchange web console enter the address of f-secure anti-viru...
Page 61
Chapter 4 61 using f-secure anti-virus for microsoft exchange when you log in for the first time, your browser displays a security alert dialog window about the security certificate for f-secure anti-virus for microsoft exchange web console. You can create a security certificate for f-secure anti-vi...
Page 62
62 5. The certificate window opens. Click install certificate to proceed to the certificate import wizard. 6. Follow the instructions in the certificate import wizard. If you are using internet explorer 7, in the place all certificates in the following store selection, select the trusted root certif...
Page 63
Chapter 4 63 using f-secure anti-virus for microsoft exchange 4.2.3 checking the product status you can check the overall product status on the home page of f-secure anti-virus for microsoft exchange web console. Summary and services tabs in the home page displays an overview of each component statu...
Page 64
64 3. Modify settings by assigning new values to the basic leaf node variables (marked by the leaf icons) shown in the policy tab of the properties pane. For detailed explanations of all variables, see “ f-secure anti-virus for microsoft exchange settings ”, 68 initially, every variable has a defaul...
Page 65
Chapter 4 65 using f-secure anti-virus for microsoft exchange to manage the quarantined content, use f-secure anti-virus for microsoft exchange web console. For more information, see “ quarantine management ”, 237. Changing settings that have been modified during installation or upgrade if you want ...
Page 66
66 sandbox scanning the sandbox scan emulates and analyzes the code in a safe and isolated environment. Proactive virus threat detection the proactive virus threat detection analyzes e-mail messages for possible virus patterns and security threats. All possibly harmful messages are quarantined as un...
Page 67
67 5 c entrally m anaged a dministration overview..................................................................................... 68 f-secure anti-virus for microsoft exchange settings ................ 68 f-secure anti-virus for microsoft exchange statistics ............. 116 f-secure content s...
Page 68
68 5.1 overview if f-secure anti-virus for microsoft exchange is installed in the centrally administered mode, f-secure anti-virus for microsoft exchange is managed centrally with f-secure policy manager. In the centralized administration mode, you can use the f-secure anti-virus for microsoft excha...
Page 69
Chapter 5 69 centrally managed administration network configuration the mail direction is based on the internal domains and internal smtp hosts settings. For more information, see “ network configuration ”, 56. Internal domains specify internal domains. Messages coming to internal domains are consid...
Page 70
70 lists and templates match lists specify file and match lists that can be used by other settings. Message templates specify message templates for notifications. If end-users in the organization use other than microsoft outlook e-mail client to send and receive e-mail, it is recommended to specify ...
Page 71
Chapter 5 71 centrally managed administration quarantine when the product places content to the quarantine, it saves the content as separate files into the quarantine storage and inserts an entry to the quarantine database with information about the quarantined content. Subject line specify the subj...
Page 72
72 the setting defines the default retention period for all quarantine categories. To change the retention period for different categories, configure quarantine cleanup exceptions settings. Delete old items every specify how often old items are deleted from the quarantine. The setting defines the de...
Page 73
Chapter 5 73 centrally managed administration released quarantine message template specify the template for the message that is sent to the intented recipients when e-mail content is released from the quarantine. For more information, see “ lists and templates ”, 70. The product generates the messag...
Page 74
74 sample submission you can use the product to send samples of unsafe e-mails and new, yet undefined malware to f-secure for analysis. Quarantine log directory specify the path to the directory where quarantine logfiles are placed. Rotate quarantine logs every specify how often the product rotates ...
Page 75
Chapter 5 75 centrally managed administration content scanner server edit the content scanner server settings to change the general content scanning options. Max size of data processed in memory specify the maximum size (in kilobytes) of data to be transferred to the server via shared memory in the ...
Page 76
76 5.2.2 transport protection you can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “ network configuration ”, 69. Attachment filtering specify attachments to remove from inbound, outbound and inte...
Page 77
Chapter 5 77 centrally managed administration drop the whole message - do not deliver the message to the recipient at all. Quarantine stripped attachments specify whether stripped attachments are quarantined. The default option is enabled. Do not quarantine these attachments specify file names and f...
Page 78
78 virus scanning specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Do not notify on these attachments specify attachments that do not generate notifications. When the product finds specified file or file extension, no notification is sent. No...
Page 79
Chapter 5 79 centrally managed administration by default, the heuristic scan is enabled for inbound mails and disabled for outbound and internal mails. The heuristic scan may affect the product performance and increase the risk of false malware alarms. Sandbox scanning enable or disable the sandbox ...
Page 80
80 drop the whole message - do not deliver the message to the recipient at all. Quarantine infected messages specify whether infected or suspicious messages are quarantined. Do not quarantine these infections specify infections that are never placed in the quarantine. If a message is infected with a...
Page 81
Chapter 5 81 centrally managed administration archive processing specify how the product processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to us...
Page 82
82 max levels in nested archives specify how many levels of archives inside other archives the product scans when scan viruses inside archives is enabled. Action on max nested archives specify the action to take on archives with nesting levels exceeding the upper level specified in the max levels in...
Page 83
Chapter 5 83 centrally managed administration zero-day protection select whether proactive virus threat detection is enabled or disabled. Proactive virus threat detection can identify new and unknown e-mail malware, including viruses and worms. When proactive virus threat detection is enabled, the p...
Page 84
84 drop attachment - remove grayware items from the message. Drop the whole message - do not deliver the message to the recipient. Grayware exclusion list specify the list of keywords for grayware types that are not scanned. Leave the list empty if you do not want to exclude any grayware types from ...
Page 85
Chapter 5 85 centrally managed administration spam control to change settings used when inbound messages are scanned for spam, see “ administering f-secure spam control ”, 257. The threat detection engine of f-secure anti-virus for microsoft exchange can identify spam and virus patterns from the mes...
Page 86
86 file type recognition select whether you want to use intelligent file type recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent file type recognition can recognize the real file type of the mess...
Page 87
Chapter 5 87 centrally managed administration trusted senders and recipients you can use trusted senders and recipients lists to exclude some messages from the mail scanning and processing completely. It is not recommended to set the maximum nesting level to unlimited as this will make the product m...
Page 88
88 5.2.3 storage protection edit general storage protection settings to configure how mailboxes and public folders are scanned in the exchange store with real-time, background, manual and scheduled scanning. Real-time and background scanning the real-time and background scanning can automatically sc...
Page 89
Chapter 5 89 centrally managed administration general background scanning settings specify which messages you want to scan during the background scan. Virus scanning specify messages and attachments in the microsoft exchange storage that should be scanned for malicious code. Background scanning enab...
Page 90
90 scan only included mailboxes - scan mailboxes specified in the included mailboxes list. Scan all except excluded mailboxes - scan all mailboxes except those specified in the excluded mailboxes list. Included mailboxes specify mailboxes that are scanned for viruses when the scan mailboxes setting ...
Page 91
Chapter 5 91 centrally managed administration use exclusions specify attachments that are not scanned. Leave the list empty if you do not want to exclude any attachments from the scan. Heuristic scanning enable or disable the heuristic scan. The heuristic scan analyzes files for suspicious code beha...
Page 92
92 archive processing specify how the product processes archive files in microsoft exchange storage. Quarantine infected attachments specify whether infected and suspicious attachments are quarantined. Do not quarantine these infections specify infections that are never placed in the quarantine. For...
Page 93
Chapter 5 93 centrally managed administration grayware scanning specify how the product processes grayware items in microsoft exchange storage. Specify the number of levels the product goes through before the action selected in action on max nested archives takes place. The default setting is 3. Act...
Page 94
94 file type recognition select whether you want to use intelligent file type recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent file type recognition can recognize the real file type of the mess...
Page 95
Chapter 5 95 centrally managed administration manual scanning you can scan mailboxes and public folders for viruses and strip attachments manually at any time. You can start the manual scan with controls under the f-secure anti-virus for microsoft exchange / operations / manual scanning branch. To s...
Page 96
96 attachment filtering specify attachments that are remove from messages during the manual scan. Scan only included folders - scan public folders specified in the included folders list. Scan all except excluded folders - scan all public folders except those specified in the excluded folders list. I...
Page 97
Chapter 5 97 centrally managed administration virus scanning specify messages and attachments that should be scanned for malicious code during the manual scan. Do not quarantine these attachments specify file names and file extensions which are not quarantined even when they are stripped. If the mes...
Page 98
98 sandbox scanning enable or disable the sandbox scan. The sandbox scan emulates and analyzes the code in a safe and isolated environment known as the sandbox. Sandbox scanning may affect the product performance. We recommend that you disable the sandbox scan if you need the scan to be faster. Atte...
Page 99
Chapter 5 99 centrally managed administration archive processing specify how the product processes archive files during the manual scan. Scan archives specify if files inside archives are scanned for viruses and other malicious code. List of files to scan inside archives specify files that are scann...
Page 100
100 grayware scanning specify how the product processes grayware items during the manual scan. Action on password protected archives specify the action to take on archives which are protected with passwords. These archives can be opened only with a valid password, so the product cannot scan their co...
Page 101
Chapter 5 101 centrally managed administration file type recognition select whether you want to use intelligent file type recognition or not. Trojans and other malicious code can disguise themselves with filename extensions which are usually considered safe to use. Intelligent file type recognition ...
Page 102
102 scheduled scanning you can schedule scan tasks to scan mailboxes and public folders periodically. The scheduled scanning table displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. To deactivate scheduled tasks in the list, clear the active checkbo...
Page 103
Chapter 5 103 centrally managed administration step 1. General properties enter the name for the new task and select how frequently you want the operation to be performed. Task name specify the name of the scheduled operation. Do not use any special characters in the task name. Frequency of the oper...
Page 104
104 step 2. Mailboxes choose which mailboxes are processed during the scheduled operation. Monthly - every month at the specified time on the same date when the first operation is scheduled to start. Start time enter the start time of the task in hh:mm format. Start date enter the start date of the ...
Page 105
Chapter 5 105 centrally managed administration step 3. Public folders scan only included mailboxes - scan all specified mailboxes. Click edit to add or remove mailboxes that should be scanned. Scan all except excluded mailboxes - do not scan specified mailboxes but scan all other. Click edit to add ...
Page 106
106 choose which public folders are processed during the scheduled operation. Examine public folders specify public folders that are processed during the scheduled scan. Do not scan public folders - disable the public folder scanning. Scan all public folders - scan all public folders. Scan only incl...
Page 107
Chapter 5 107 centrally managed administration step 4. Attachment filtering choose settings for stripping attachments during the scheduled operation. Strip attachments from e-mail messages enable or disable the attachment stripping. Target attachments strip these attachments specify which attachment...
Page 108
108 step 5. Virus scanning do not quarantine these attachments specify file names and file extensions which are not quarantined even when they are stripped. For more information, see “ lists and templates ”, 70. If the message contains an attachment which is quarantined, all attachments linked to th...
Page 109
Chapter 5 109 centrally managed administration choose settings for virus scanning of public folders during the scheduled operation. Scan messages for viruses enable or disable the virus scan. The virus scan scans messages for viruses and other malicious code. General options heuristic scanning enabl...
Page 110
110 actions try to disinfect specify whether the product should try to disinfect an infected attachment before processing it. If the disinfection succeeds, the product does not process the attachment further. Disinfection may affect the product performance. Infected files inside archives are not dis...
Page 111
Chapter 5 111 centrally managed administration step 6. Grayware scanning choose settings for grayware scanning during the scheduled operation. Scan messages for grayware enable or disable the grayware scan. Actions action on grayware specify the action to take on items which contain grayware. Report...
Page 112
112 step 7. Archive processing quarantine grayware specify whether grayware attachments are quarantined. Do not quarantine this grayware specify grayware that are never placed in the quarantine. For more information, see “ lists and templates ”, 70. Notifications replacement text template specify th...
Page 113
Chapter 5 113 centrally managed administration choose settings for stripping attachments during the scheduled operation. Scan archives specify if files inside archives are scanned for viruses and other malicious code. Targets list of files to scan inside archives specify files inside archives that a...
Page 114
114 step 8. Processing options pass through - deliver the message with the password protected archive to the recipient. Drop archive - remove the password protected archive from the message and deliver the message to the recipient without it. Quarantine dropped archives specify whether archives that...
Page 115
Chapter 5 115 centrally managed administration choose advanced processing options for all the messages processed during the scheduled operation. Processing options incremental scanning specify whether you want to process all messages or only those messages that have not been processed previously dur...
Page 116
116 step 9. Summary the scheduled task wizard displays the summary of created operation. Click finish accept the new scheduled operation and to exit the wizard. 5.3 f-secure anti-virus for microsoft exchange statistics to view statistics, open the status tab from the properties pane and open the sta...
Page 117
Chapter 5 117 centrally managed administration to reset real-time scanning statistics, use the variables under f-secure anti-virus for microsoft exchange / operations / reset statistics. Select reset and click start in the editor pane. The status above the button displays "operation still in progres...
Page 118
118 5.3.2 transport protection you can view the inbound, outbound and internal message statistics separately. Previous reset of statistics displays the date and time of the last reset of statistics. Number of processed messages displays the total number of processed messages since the last reset of ...
Page 119
Chapter 5 119 centrally managed administration 5.3.3 storage protection real-time and background scanning number of protected mailboxes displays the number of currently protected user mailboxes. Number of protected public folders displays the number of currently protected public folders. Previous re...
Page 120
120 manual scanning total number of mailboxes displays the total number of mailboxes in the exchange store product processes during the manual scan. Number of processed mailboxes displays the number of mailboxes that have been processed. Total number of public folders displays the total number of pu...
Page 121
Chapter 5 121 centrally managed administration 5.3.4 quarantine the quarantine statistics display the total number of quarantined items and the current size of the quarantine storage (in megabytes). 5.4 f-secure content scanner server settings use the variables under the f-secure content scanner ser...
Page 122
122 5.4.1 interface specify how the server will interact with clients. Ip address specifies the service listen address in case of multiple network interface cards or multiple ip addresses. If you do not assign an ip address (0.0.0.0), the server responds to all ip addresses assigned to the host. Tcp...
Page 123
Chapter 5 123 centrally managed administration 5.4.2 virus scanning specify scanning engines to be used when f-secure content scanner server scans files for viruses, and the files that should be scanned. Scan engines scan engines can be enabled or disabled. If you want to disable the scan just for c...
Page 124
124 specify the number of levels f-secure content scanner server goes through before the action selected in suspect max nested archives takes place. The default setting is 3. Increasing the value increases the load on the system and thus decreases the overall system performance. This means that the ...
Page 125
Chapter 5 125 centrally managed administration 5.4.3 virus statistics select the number of most active viruses and the number of days to be displayed on the top 10 virus list. Scan extensions inside archives enter all the extensions you want to scan inside archives. Extensions allowed in password pr...
Page 126
126 5.4.4 database updates specify how you want to keep the virus definition databases up-to-date. Send statistics to f-secure world map the product can collect and send statistics about viruses and other malware to the f-secure world map service. When the f-secure world map support is enabled, the ...
Page 127
Chapter 5 127 centrally managed administration 5.4.5 spam filtering specify the number of spam scanner instances to be created and used for spam analysis. Number of spam scanner instances specify the number of spam scanner instances to be created and used for spam analysis. As one instance of the sp...
Page 128
128 5.4.6 threat detection engine configure the virus outbreak and spam threat detection. Vod cache size specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns. Class cache size specify the maximum number of patte...
Page 129
Chapter 5 129 centrally managed administration 5.4.7 proxy configuration specify proxy server parameters that content scanner server uses when it connects to the threat detection center. Heuristic scanning - f-secure content scanner server checks the message using spam heuristics. Trusted networks s...
Page 130
130 5.4.8 advanced specify the location and the minimum size of the working directory. Working directory specify where temporary files are stored. The working directory should be on a local hard disk for the best performance. Make sure that there is enough free disk space for temporary files. Import...
Page 131
Chapter 5 131 centrally managed administration 5.5 f-secure content scanner server statistics the statistics branch in the f-secure content scanner server tree displays the version of f-secure content scanner server that is currently installed on the selected host and the location of f-secure conten...
Page 132
132 5.5.2 scan engines the scan engines table displays the scan engine statistics and information. Last time infection found the date and time when the last infection was found. Name the name of the scan engine. Version the version number of the scan engine. Status the status of the scan engine, whe...
Page 133
Chapter 5 133 centrally managed administration 5.5.3 common the common statistics branch displays the list of installed product hotfixes. 5.5.4 spam control the spam control branch displays the following information: spam scanner version displays the version and build number of the spam scanner. Sta...
Page 134
134 5.5.5 virus statistics the virus statistics branch displays the following information: 5.6 f-secure management agent settings if the f-secure anti-virus for microsoft exchange is working in centrally administered mode, you have to make sure f-secure anti-virus for microsoft exchange sends and re...
Page 135
Chapter 5 135 centrally managed administration http 5.7 f-secure automatic update agent settings using f-secure automatic update agent is the most convenient way to keep the databases updated. It connects to f-secure policy manager server or the f-secure update server automatically. Slow connection ...
Page 136
136 communications automatic updates enable or disable automatic virus and spam definition updates. By default, automatic updates are enabled. Internet connection checking specify whether the product should check the connection to the internet before trying to retrieve updates. Assume always connect...
Page 137
Chapter 5 137 centrally managed administration intermediate server failover time specify (in hours) the failover time to connect to f-secure policy manager server or f-secure policy manager proxy. If the product cannot connect to any user-specified update server during the failover time, it retrieve...
Page 138
138 6 a dministration with w eb c onsole overview................................................................................... 139 home........................................................................................ 139 transport protection ................................................
Page 139
Chapter 6 139 administration with web console 6.1 overview if f-secure anti-virus for microsoft exchange is installed in the stand-alone mode, it can be administered with f-secure anti-virus for microsoft exchange web console. The web console is installed with f-secure anti-virus for microsoft excha...
Page 140
140 summary the summary tab displays the current status of the product components. Normal; the feature is enabled and everything is working as it should. Informational; the feature is disabled. Warning; the feature or an antivirus engine is disabled or virus and spam definition databases are not up-...
Page 141
Chapter 6 141 administration with web console tasks click configure console to configure the f-secure anti-virus for microsoft exchange web console. For instructions, see “ web console ”, 229. Click export settings to open a list of all f-secure anti-virus for microsoft exchange settings in a new in...
Page 142
142 6.3 transport protection you can configure inbound, outbound and internal message protection separately. For more information about the mail direction and configuration options, see “ network configuration ”, 224. Statistics after you apply new transport protection settings, it can take up to 20...
Page 143
Chapter 6 143 administration with web console the statistics page displays a summary of the processed inbound, outbound and internal mail messages: processed messages displays the total number of processed messages since the last reset of statistics. Infected messages displays the number of messages...
Page 144
144 6.3.1 attachment filtering specify attachments to remove from inbound, outbound and internal messages based on the file name or the file extension. Attachment filtering is disabled when virus scanning is disabled. Strip attachments from e-mail messages enable or disable the attachment stripping....
Page 145
Chapter 6 145 administration with web console exclude these attachments specify attachments that are not filtered. Leave the list empty if you do not want to exclude any attachments from the filtering. Actions action on disallowed attachments specify how disallowed attachments are handled. Drop atta...
Page 146
146 to enable the notification, select a template for the notification message. To disable the notification, leave the notification field empty. For more information, see “ lists and templates ”, 232. Do not notify on these attachments specify attachments that do not generate notifications. When the...
Page 147
Chapter 6 147 administration with web console 6.3.2 virus scanning specify inbound, outbound and internal messages and attachments that should be scanned for malicious code. Disabling virus scanning disables attachment filtering and grayware scanning as well..
Page 148
148 scan e-mail messages for viruses enable or disable the virus scan. The virus scan scans messages for viruses and other malicious code. Heuristic scanning enable or disable the heuristic scan. The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown ma...
Page 149
Chapter 6 149 administration with web console when proactive virus threat detection is enabled, the product analyzes inbound e-mail messages for possible security threats. All possibly harmful messages are quarantined as unsafe. Unsafe messages can be reprocessed periodically, as antivirus updates m...
Page 150
150 drop attachment - remove the infected attachment from the message and deliver the message to the recipient without the attachment. Stop the whole message - do not deliver the message to the recipient at all. Quarantine infected messages specify whether infected or suspicious messages are quarant...
Page 151
Chapter 6 151 administration with web console 6.3.3 grayware scanning specify how the product processes grayware items in inbound, outbound and internal messages. Do not notify on these infections specify infections that do not generate notifications. When the product finds the specified infection, ...
Page 152
152 note that grayware scanning increases the scanning overhead. By default, grayware scanning is enabled for inbound messages only. Grayware scanning is disabled when virus scanning is disabled. Scan e-mail messages for grayware enable or disable the grayware scan. Actions action on grayware specif...
Page 153
Chapter 6 153 administration with web console note that the notification message is not sent if the whole message is dropped. Send warning message to sender specify the template for the notification message that is sent to the original sender of the message when a grayware item is found in a message...
Page 154
154 6.3.4 archive processing specify how f-secure anti-virus for microsoft exchange processes inbound, outbound and internal archive files. Note that scanning inside archives takes time. Disabling scanning inside archives improves performance, but it also means that the network users need to use up-...
Page 155
Chapter 6 155 administration with web console exclude these files specify files that are not scanned inside archives. Leave the list empty if you do not want to exclude any files from the scanning. Limit max levels in nested archives specify how many levels of archives inside other archives the prod...
Page 156
156 6.3.5 spam control to change settings used when incoming messages are scanned for spam, see “ administering f-secure spam control ”, 257. The threat detection engine of f-secure anti-virus for microsoft exchange can identify spam and virus patterns from the message envelope, headers and body dur...
Page 157
Chapter 6 157 administration with web console 6.3.6 security options configure security options to limit actions of malformed and problematic messages. File type recognition intelligent file type recognition select whether you want to use intelligent file type recognition or not. Trojans and other m...
Page 158
158 using intelligent file type recognition strengthens the security but can degrade the system performance. Trusted senders and recipients list of trusted senders specify senders who are excluded from the mail scanning and processing. List of trusted recipients specify recipients who are excluded f...
Page 159
Chapter 6 159 administration with web console 6.4 storage protection configure storage protection settings to specify how e-mail messages and attachments in selected mailboxes and public folders should be scanned. 6.4.1 real-time and background scanning the real-time and background scanning can auto...
Page 160
160 statistics the statistics page displays a summary of the protected mailboxes and public folders and infections found. Number of protected mailboxes displays the number of currently protected user mailboxes. Number of protected public folders displays the number of currently protected public fold...
Page 161
Chapter 6 161 administration with web console general real time scanning settings grayware items displays the number of grayware items, including spyware, adware, dialers, joke programs, remote access tools and other unwanted applications. Suspicious items displays the number of suspicious content f...
Page 162
162 real-time scanning scans messages in mailboxes and public folders for viruses. Scanning scan only messages created within specify which messages are scanned with the real time scanning, for example; last hour, last day, last week. Messages that have been created before the specified time are not...
Page 163
Chapter 6 163 administration with web console general background scanning settings the background scanning can be used to systematically scan specified messages stored in the database..
Page 164
164 enable background scanning enable or disable background scanning. Scan only messages with attachments specify whether to scan all messages or only messages with attachments. When the setting is enabled, only messages that contain attachments are scanned on background scanning. Scan only unproces...
Page 165
Chapter 6 165 administration with web console virus scanning specify messages and attachments in the microsoft exchange storage that should be scanned for malicious code. Targets scan mailboxes specify mailboxes that are scanned for viruses. Do not scan mailboxes - disable the mailbox scanning. Scan...
Page 166
166 scan all except excluded mailboxes - do not scan specified mailboxes but scan all other. Click edit to add or remove mailboxes that should not be scanned. Scan public folders specify public folders that are scanned for viruses. Do not scan public folders - disable the public folder scanning. Sca...
Page 167
Chapter 6 167 administration with web console infected files inside archives are not disinfected even when the setting is enabled. Quarantine infected attachments specify whether infected and suspicious attachments are quarantined. Do not quarantine these infections specify virus and malware infecti...
Page 168
168 grayware scanning specify how the product processes grayware items during real-time scanning. Scan messages for grayware enable or disable the grayware scan. Actions action on grayware specify the action to take on items which contain grayware. Report only- leave grayware items in the message an...
Page 169
Chapter 6 169 administration with web console pass through this grayware specify the list of keywords for grayware types that are not scanned. Leave the list empty if you do not want to exclude any grayware types from the scan. For more information, see “ lists and templates ”, 232. Quarantine grayw...
Page 170
170 archive processing specify how f-secure anti-virus for microsoft exchange processes archive files in microsoft exchange storage. Scan archives specify if files inside archives are scanned for viruses and other malicious code. Targets list of files to scan inside archives specify files that are s...
Page 171
Chapter 6 171 administration with web console limit max levels in nested archives specify how many levels deep to scan in nested archives, if scan viruses inside archives is enabled. A nested archive is an archive that contains another archive inside. If zero (0) is specified, the maximum nesting le...
Page 172
172 6.4.2 manual scanning you can scan mailboxes and public folders for viruses and strip attachments manually at any time. Pass through - leave the password protected archive in the message. Drop archive - remove the password protected archive from the message. Quarantine dropped archives specify w...
Page 173
Chapter 6 173 administration with web console statistics the statistics page displays a summary of the messages processed during the latest manual scan: status displays whether the manual scan is running or stopped. Number of processed mailboxes displays the number of mailboxes that have been scanne...
Page 174
174 tasks click start scanning to start the manual scan. Click stop scanning to stop the manual scan. Click view scanning report to view the latest manual scan report. General if the manual scan scans an item that has not been previously scanned for viruses and the real-time scan is on, the scan res...
Page 175
Chapter 6 175 administration with web console specify which messages you want to scan during the manual scan. Targets scan mailboxes specify mailboxes that are scanned for viruses. Do not scan mailboxes - do not scan any mailboxes during the manual scan. Scan all mailboxes - scan all mailboxes. Scan...
Page 176
176 only recent messages - scan only messages that have not been scanned during the previous manual scanning. File type recognition intelligent file type recognition select whether you want to use intelligent file type recognition or not. Trojans and other malicious code can disguise themselves with...
Page 177
Chapter 6 177 administration with web console attachment filtering specify attachments that are remove from messages during the manual scan. Strip attachments enable or disable the attachment stripping. Targets strip these attachments specify which attachments are stripped from messages. For more in...
Page 178
178 quarantine stripped attachments specify whether stripped attachments are quarantined. Do not quarantine these attachments specify file names and file extensions which are not quarantined even when they are stripped. For more information, see “ lists and templates ”, 232. If the message contains ...
Page 179
Chapter 6 179 administration with web console virus scanning specify messages and attachments that should be scanned for malicious code during the manual scan. Scan messages for viruses enable or disable the virus scan. The virus scan scans messages for viruses and other malicious code. Heuristic sc...
Page 180
180 sandbox scanning enable or disable the sandbox scan. The sandbox scan emulates and analyzes the code in a safe and isolated environment known as the sandbox. The sandbox scan may affect the product performance. We recommend that you disable the sandbox scan if you need the scan to be faster. Tar...
Page 181
Chapter 6 181 administration with web console grayware scanning do not quarantine these infections specify virus and malware infections that are never placed in the quarantine. For more information, see “ lists and templates ”, 232. Notifications replacement text template specify the template for th...
Page 182
182 specify how the product processes grayware items during the manual scan. Scan messages for grayware enable or disable the grayware scan. Actions action on grayware specify the action to take on items which contain grayware. Report only - leave grayware items in the message and notify the adminis...
Page 183
Chapter 6 183 administration with web console archive processing specify how the product processes archive files during the manual scan. Scan archives specify if files inside archives are scanned for viruses and other malicious code. Targets list of files to scan inside archives specify files inside...
Page 184
184 limit max levels in nested archives specify how many levels of archives inside other archives the product scans when scan viruses inside archives is enabled. Actions action on max nested archives specify the action to take on archives with nesting levels exceeding the upper level specified in th...
Page 185
Chapter 6 185 administration with web console 6.4.3 scheduled scanning scheduled tasks the scheduled tasks list displays all scheduled tasks and date and time when the next scheduled task occurs for the next time. Creating scheduled operation start the scheduled operation wizard by clicking add new ...
Page 186
186 step 1. Specify scanning task name and schedule enter the name for the new task and select how frequently you want the operation to be performed. Active specify whether you want the scheduled scanning task to be active immediately after you have created it. General task name specify the name of ...
Page 187
Chapter 6 187 administration with web console weekly - every week at the specified time on the same day when the first operation is scheduled to start. Monthly - every month at the specified time on the same date when the first operation is scheduled to start. Start time enter the start time of the ...
Page 188
188 scan all except excluded public folders - do not scan specified public folders but scan all other. Click edit to add or remove public folders that should not be scanned. Incremental scanning specify whether you want to process all messages or only those messages that have not been processed prev...
Page 189
Chapter 6 189 administration with web console step 2. Specify attachment filtering options choose settings for stripping attachments during the scheduled operation. Strip attachments from e-mail messages enable or disable the attachment stripping. Targets strip these attachments specify which attach...
Page 190
190 step 3. Specify virus scanning options do not quarantine these attachments specify file names and file extensions which are not quarantined even when they are stripped. For more information, see “ lists and templates ”, 232. If the message contains an attachment which is quarantined, all attachm...
Page 191
Chapter 6 191 administration with web console choose settings for virus scanning of public folders during the scheduled operation. Scan messages for viruses enable or disable the virus scan. The virus scan scans messages for viruses and other malicious code. Heuristic scanning enable or disable the ...
Page 192
192 step 4. Specify grayware scanning options disinfection may affect the product performance. Infected files inside archives are not disinfected even when the setting is enabled. Quarantine infected messages specify whether infected or suspicious messages are quarantined. Do not quarantine these in...
Page 193
Chapter 6 193 administration with web console choose settings for grayware scanning during the scheduled operation. Scan messages for grayware enable or disable the grayware scan. Actions action on grayware specify the action to take on items which contain grayware. Report only- leave grayware items...
Page 194
194 step 5. Specify archive processing options choose settings for stripping attachments during the scheduled operation. Scan archives specify if files inside archives are scanned for viruses and other malicious code. Targets list of files to scan inside archives specify files inside archives that a...
Page 195
Chapter 6 195 administration with web console actions action on max nested archives specify the action to take on archives with nesting levels exceeding the upper level specified in the max levels in nested archives setting. Pass through - deliver the message with the archive to the recipient. Drop ...
Page 196
196 step 6. Finish the scheduled operation wizard displays the summary of created operation. Click finish accept the new scheduled operation and to exit the wizard. 6.5 quarantine quarantine in f-secure anti-virus for microsoft exchange is handled through a sql database. The product is able to quara...
Page 197
Chapter 6 197 administration with web console status the quarantine status page displays a summary of the quarantined messages and attachments: query you can use the quarantine query page to search for the quarantined content. For more information, see “ searching the quarantined content ”, 239. 6.5...
Page 198
198 quarantine storage when f-secure anti-virus for microsoft exchange places content to the quarantine, it saves the content as separate files into the quarantine storage and inserts an entry to the quarantine database with information.
Page 199
Chapter 6 199 administration with web console about the quarantined content. Quarantine storage quarantine storage specify the location of the quarantine storage directory. Before you change the quarantine storage directory, see “ moving the quarantine storage ”, 252. Warning: during the setup, acce...
Page 200
200 quarantined items threshold specify the critical number of items in the quarantine storage. If the specified value is reached or exceeded, the product sends an alert. If zero (0) is specified, the number of items in the quarantine storage is not checked. The default value is 100000 items. E-mail...
Page 201
Chapter 6 201 administration with web console quarantine maintenance when quarantined content is reprocessed, it is scanned again, and if it is found clean, it is sent to the intended recipients. For more information, see “ reprocessing the quarantined content ”, 248..
Page 202
202 quarantined messages are removed from the quarantine based on the currently configured quarantine retention and cleanup settings. Reprocess unsafe messages automatically reprocess unsafe messages specify how often the product tries to reprocess unsafe messages that are retained in the quarantine...
Page 203
Chapter 6 203 administration with web console use the quarantine cleanup exceptions table to change the cleanup interval for a particular quarantine category. Exceptions specify separate quarantine retention period and cleanup interval for each quarantine category. If retention period and cleanup in...
Page 204
204 quarantine database you can specify the database where information about quarantined e-mails is stored and from which it is retrieved. Quarantine database sql server name the name of the sql server where the database is located. Database name the name of the quarantine database. The default name...
Page 205
Chapter 6 205 administration with web console logging specify where f-secure anti-virus for microsoft exchange stores quarantine log files..
Page 206
206 6.6 automatic updates with f-secure automatic update agent, virus and spam definition database updates are retrieved automatically when they are published to f-secure update server. Tasks click check for updates now to check that the product is using the latest database updates. If the virus and...
Page 207
Chapter 6 207 administration with web console status the status page displays information on the latest update. Channel name the channel from where the updates are downloaded. Channel address the address of the automatic updates server. Latest installed update the version and name of the latest inst...
Page 208
208 downloads the downloads page displays downloaded and installed update packages. 6.6.1 communications specify the how the product connects to f-secure update server. Last check result the result of the last update check. Next check time the date and time for the next update check. Last successful...
Page 209
Chapter 6 209 administration with web console general edit general settings to select whether you want to use automatic updates and how often the product checks for new updates..
Page 210
210 automatic updates enable and disable the automatic virus definition updates. By default, automatic updates are enabled. Internet connection checking specify whether the product should check for a usable internet connection before trying to connect to the update server. Http proxy select whether ...
Page 211
Chapter 6 211 administration with web console policy manager proxies edit the list of virus definition database update sources and f-secure policy manager proxies. If no update servers are configured, the product retrieves the latest virus definition updates from f-secure update server automatically...
Page 212
212 connects to the source with the smallest priority number first (1). If the connection to that source fails, it tries to connect to the source with the next smallest number (2) until the connection succeeds. 4. Click ok to add the new update source to the list. 6.7 content scanner server edit the...
Page 213
Chapter 6 213 administration with web console server statistics number of scanned files the number of files that have been scanned. Last virus database update the last date and time when virus definition database was updated. Virus database update version the version number of the virus definition d...
Page 214
214 6.7.1 options database updates configure database update options to set notification alerts when virus.
Page 215
Chapter 6 215 administration with web console and spam definition databases are outdated. Database age checking notify when databases older than specify when virus definition databases are outdated. If databases are older than the specified amount of days, f-secure content scanner server sends an al...
Page 216
216 proxy server f-secure content scanner server can use a proxy server to connect to the threat detection center..
Page 217
Chapter 6 217 administration with web console use proxy server specify whether f-secure content scanner server uses a proxy server when it connects to the threat detection center. Proxy configuration proxy server address specify the address of the proxy server. Proxy server port specify the port num...
Page 218
218 threat detection f-secure anti-virus for microsoft exchange can identify spam and virus outbreak patterns from messages. Cache vod cache size specify the maximum number of patterns to cache for the virus outbreak detection service. By default, the cache size is 10000 cached patterns. Class cache...
Page 219
Chapter 6 219 administration with web console increasing cache sizes may increase the threat detection performance but it requires more disk space and may degrade the threat detection rate. Cache sizes can be disabled (set the size to 0) for troubleshooting purposes. Click clear cache to clear the d...
Page 220
220 advanced configure advanced options to set the working directory and optimize the product performance. Working directory working directory specify the working directory. Enter the complete path to the field or click browse to browse to the path you want to set as the new working directory. Worki...
Page 221
Chapter 6 221 administration with web console free space threshold set the free space threshold of the working directory. F-secure content scanner server sends an alert to the administrator when the drive has less than the specified amount of space left. Performance max size of data processed in mem...
Page 222
222 number of spam scanner instances specify the number of spam scanner instances to be created and used for spam analysis. As one instance of the spam scanner is capable of processing one mail message at a time, this setting defines how many messages undergo the spam analysis simultaneously. The se...
Page 223
Chapter 6 223 administration with web console 6.8 general the statistics section displays the following details of the host: wins name dns names ip addresses unique id.
Page 224
224 6.8.1 network configuration the mail direction is based on the internal domains and internal smtp hosts settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal smtp sender hosts and mail recipients belong to one of the specified internal do...
Page 225
Chapter 6 225 administration with web console if they are sent from the internal smtp sender host. If e-mail messages come from internal smtp sender hosts and contain both internal and external recipients, messages are split and processed as internal and outbound respectively. Internal domains speci...
Page 226
226 6.8.2 administration configure administration settings to change the management mode, specify where and how alerts are sent and to configure the f-secure anti-virus for microsoft exchange web console. If end-users in the organization use other than microsoft outlook e-mail client to send and rec...
Page 227
Chapter 6 227 administration with web console management mode communication method if you use f-secure policy manager server, specify the url of f-secure policy manager server. Do not add a slash at the end of the url. For example: “http://fsms.Example.Com”. Select stand-alone if you have use f-secu...
Page 228
228 alerting you can specify where an alert is sent according to its severity level. You can send the alert to any of the following: f-secure policy manager windows event log if you choose to forward alerts to e-mail, specify the smtp server address, alert message subject line and the return address...
Page 229
Chapter 6 229 administration with web console 4. Click apply . Web console informational and warning-level alerts are not sent to f-secure policy manager console by default. If you want to use centralized administration mode, it is recommended to have all alerts sent to f-secure policy manager conso...
Page 230
230 change web console settings to configure how you connect to f-secure anti-virus for microsoft exchange web console. General limit session timeout specify the length of time a client can be connected to the server. When the session expires, the f-secure anti-virus for microsoft exchange web conso...
Page 231
Chapter 6 231 administration with web console 6.8.3 notifications specify notification sender address that is used by f-secure anti-virus for microsoft exchange for sending warning and informational messages to the end-users (for example, recipients, senders and mailbox owners). Make sure that the n...
Page 232
232 6.8.4 lists and templates match lists are lists of file names or file name extensions that can be used with certain product settings. Message templates can be used with notification messages. Match lists.
Page 233
Chapter 6 233 administration with web console click the name of an existing match list to edit the list or add new list... To create a new match list. Message templates list name select the match list you want to edit. If you are creating a new match list, specify the name for the new match list. Ty...
Page 234
234 click the name of an existing template to edit it or add new template... To create a new template. Template select the template you want to edit. If you are creating a new template, specify the name for the new template. Subject line specify the subject line of the notification message. Message ...
Page 235
Chapter 6 235 administration with web console 6.8.5 sample submission you can use the product to send samples of unsafe e-mails and new, yet undefined malware to f-secure for analysis. Max submission attempts specify how many times the product attempts to send the sample if the submission fails. Res...
Page 236
236 send timeout specify the time (in seconds) how long the product waits for the sample submission to complete..
Page 237
237 7 q uarantine m anagement introduction............................................................................... 238 configuring quarantine options............................................... 239 searching the quarantined content......................................... 239 query results...
Page 238
238 7.1 introduction you can manage and search quarantined mails with the f-secure anti-virus for microsoft exchange web console. You can search for quarantined content by using different search criteria, including the quarantine id, recipient and sender address, the time period during which the mes...
Page 239
Chapter 7 239 quarantine management 7.1.1 quarantine reasons the quarantine storage can store: messages and attachmentts that are infected and cannot be automatically disinfected. (infected) suspicious content, for example password-protected archives, nested archives and malformed messages. (suspici...
Page 240
240 you can use any of the following search criteria. Leave all fields empty to see all quarantined content. Quarantine id enter the quarantine id of a quarantined message. The quarantine id is displayed in the notification sent to the user about the quarantined message and in the alert message. Obj...
Page 241
Chapter 7 241 quarantine management reason select the quarantining reason from the drop-down menu. For more information, see “ quarantine reasons ”, 239. Reason details specify details about the scanning or processing results that caused the message to be quarantined. For example: the message is cla...
Page 242
242 show only you can use this option to view the current status of messages that you have set to be reprocessed, released or deleted. Because processing a large number of e-mails may take time, you can use this option to monitor how the operation is progressing. The options available are: unprocess...
Page 243
Chapter 7 243 quarantine management click query to start the search. The quarantine query results page is displayed once the query is completed. If you want to clear all the fields on the query page, click reset . Using wildcards you can use the following sql wildcards in the quarantine queries: wil...
Page 244
244 7.4 query results page the quarantine query results page displays a list of mails and attachments that were found in the query. To view detailed information about a quarantined content, click the quarantine id (qid) number link in the qid column. For more information, see “ viewing details of a ...
Page 245
Chapter 7 245 quarantine management quarantined mail operations you can select an operation to perform on the messages that were found in the query: click reprocess to scan the currently selected e-mail again, or click reprocess all to scan all e-mail messages that were found. For more information, ...
Page 246
246 quarantined attachment operations you can select an operation to perform on the attachments that were found in the query: click send to deliver the currently selected attachment, or click send all to deliver all attachments that were found. Attachments sent from the quarantine go through the tra...
Page 247
Chapter 7 247 quarantine management click the show... Link to access the content of the quarantined message. Click download to download the quarantined message to your computer to check it. The quarantined content details page displays the following information about the quarantined attachments: qid...
Page 248
248 7.6 reprocessing the quarantined content when quarantined content is reprocessed, it is scanned again, and if it is found clean, it is sent to the intended recipients. For example, if some content was placed in the quarantine because of an error situation, you can use the time period when the er...
Page 249
Chapter 7 249 quarantine management 7.7 releasing the quarantined content when quarantined content is released, it is sent to the intended recipients without any further processing. You might need to do this, for example, to deliver a password-protected archive from the quarantine to the recipient. ...
Page 250
250 7.8 removing the quarantined content quarantined messages are removed from the quarantine based on the currently configured quarantine retention and cleanup settings. For an example on how to configure those settings, see “ deleting old quarantined content automatically ”, 250. If you want to re...
Page 251
Chapter 7 251 quarantine management 1. Go to the quarantine > options page. 2. Click the add button below the exceptions table. A new row is added in the table. 3. Select the category for which you want to specify the exception, for example infected, from the quarantine category drop-down menu. 4. S...
Page 252
252 7.12 moving the quarantine storage when you want to change the quarantine storage location either using the f-secure policy manager console or f-secure anti-virus for microsoft exchange web console, note that the product does not create the new directory automatically. Before you change the quar...
Page 253
Chapter 7 253 quarantine management to change the fsmseqs$ path, follow these steps: a. Open windows control panel > administrative tools > computer management. B. Open system tools > shared folders > shares. And find fsmseqs$ there. C. Right-click fsmseqs$ and select stop sharing. Confirm that you ...
Page 254
254 8 u pdating v irus and s pam d efinition d atabases overview................................................................................... 255 automatic updates with f-secure automatic update agent.... 255 configuring automatic updates................................................ 255.
Page 255
Chapter 8 255 updating virus and spam definition databases 8.1 overview it is of the utmost importance that virus definition databases are kept up-to-date. F-secure anti-virus for microsoft exchange takes care of this task automatically. Information about the latest virus database update can be foun...
Page 256
256 in centrally managed installations, you can use the f-secure anti-virus for microsoft exchange web console only for monitoring the f-secure automatic update agent settings. To change these settings, you need to use f-secure policy manager console. For more information, see “ f-secure automatic u...
Page 257
257 9 a dministering f-s ecure s pam c ontrol overview................................................................................... 258 spam control settings in centrally managed environments.... 259 spam control settings in web console ................................... 263 realtime blackhol...
Page 258
258 9.1 overview when f-secure spam control is enabled, incoming messages that are considered spam can be marked as spam automatically. The product can add an x-header with the spam flag or predefined text in the message header and end users can then create filtering rules that direct the messages m...
Page 259
Chapter 9 259 administering f-secure spam control 9.2 spam control settings in centrally managed environments change the settings in f-secure anti-virus for microsoft exchange/ settings / transport protection / inbound mail / spam control to configure howf-secure anti-virus for microsoft exchange sc...
Page 260
260 the allowed values are from 0 to 9, the default value is 5. Action on spam messages specify the action to take with a message considered spam based on the spam filtering level. Quarantine - place the message into the quarantine folder. Forward - forward the message to an e-mail address specified...
Page 261
Chapter 9 261 administering f-secure spam control modify spam message subject specify if the product modifies the subject of mail messages considered spam. The default value is enabled. Add this text to spam message subject specify the text that is added in the beginning of the subject of messages c...
Page 262
262 max message size specify the maximum size (in kilobytes) of messages to be scanned for spam. If the size of the message exceeds the maximum size, the message is not filtered for spam. The default value is 200. Since all spam messages are relatively small in size, it is recommended to use the def...
Page 263
Chapter 9 263 administering f-secure spam control 9.3 spam control settings in web console you can configure the spam control settings on the transport protection > inbound mail > spam control page of the f-secure anti-virus for microsoft exchange web console. These settings are used only if f-secur...
Page 264
264 spam filtering level specify the spam filtering level. Decreasing the level allows less spam to pass, but more regular mails may be falsely identified as spam. Increasing the level allows more spam to pass, but a smaller number of regular e-mail messages are falsely identified as spam. For examp...
Page 265
Chapter 9 265 administering f-secure spam control the default value is enabled. Add x-header with summary specify if the summary of triggered hits is added to the mail as x-spam-status header in the following format: x-spam-status: , hits= required= tests= where is yes or no, is the spam confidence ...
Page 266
266 9.4 realtime blackhole list configuration this section describes how to enable and disable realtime blackhole lists, how to optimize f-secure spam control performance, and how to specify blocked and safe recipients and senders by using black- and whitelisting. 9.4.1 configuring realtime blackhol...
Page 267
Chapter 9 267 administering f-secure spam control 5. Find the sample configuration file fssc_example.Cfg in f-secure spam control installation directory: \spam control\fssc_example.Cfg 6. Copy the file to the same directory with the name fssc.Cfg 7. Open fssc.Cfg in a text editor (like windows notep...
Page 268
268 to force f-secure spam control to use a specific dns server, do the following: 1. Right-click the my computer icon and select properties. 2. Select advanced and click the environment variables.. Button. 3. In the system variables panel click new.. . 4. In the new system variable dialog specify t...
Page 269
Chapter 9 269 administering f-secure spam control 'spam-scanner-instances' (oid=1.3.6.1.4.1.2213.18.1.35.500) has been set to 5. To take the new setting into use, restart f-secure content scanner server. Important: each additional instance of the spam scanner takes approximately 25mb of memory (proc...
Page 270
270 a appendix: variables in warning messages list of variables ........................................................................ 271.
Page 271
Appendix a 271 variables in warning messages list of variables the following table lists the variables that can be included in the warning and informational messages sent by the product if an infection is found or content is blocked. If both stripping and scanning are allowed and the agent found bot...
Page 272
272 the following table lists variables that can be included in the scan report, in other words the variables that can be used in the warning message between $report-begin and $report-end. Variable description $affected-filename the name of the original file or attachment. $affected-filesize the siz...
Page 273
273 b appendix: services and processes list of services and processes ................................................ 274.
Page 274
274 b.1 list of services and processes the following tables list the services and processes that are running on the system after the installation: service process description f-secure anti-virus for microsoft exchange daemon fsavmsed.Exe this is the main service that takes care of other product comp...
Page 275
Appendix b 275 services and processes f-secure webui daemon fswebuid.Exe http server that hosts f-secure anti-virus for microsoft exchange web console. Supports http/ 1.0, http/1.1 and https. F-secure world map reporting service fswmrsvc.Exe allows statistics reporting to f-secure world map system. ...
Page 276
276 fameh32.Exe alert and management extensions handler is used to send alerts and reports to f-secure policy manager console, logfile.Log, windows event log and smtp server. Fsm32.Exe the f-secure settings and statistics user interface. The process is not running unless the user is logged in to the...
Page 277
277 c appendix: deploying the product on a cluster installation overview ................................................................ 278 creating quarantine storage.................................................... 279 administering the cluster installation with f-secure policy manager .........
Page 278
278 c.1 installation overview follow these steps to deploy and use f-secure anti-virus for microsoft exchange on a cluster. 1. Install f-secure policy manager on a dedicated server. If you already have f-secure policy manager installed in the network, you can use it to administer f-secure anti-virus...
Page 279
Appendix c 279 deploying the product on a cluster c.2 creating quarantine storage follow instructions in this section to create the quarantine storage in the cluster environment. C.2.1 creating the quarantine storage for a single copy cluster environment follow the instructions for either “ windows ...
Page 280
280 a. Type f-secure quarantine storage as the name of the new resource. B. In the resource type list, select file share. C. In the group list, make sure that your exchange virtual server is selected. Click next to continue. 6. Make sure that all nodes that are running exchange server are listed in ...
Page 281
Appendix c 281 deploying the product on a cluster 7. Select the exchange server network name and the physical disk under available resources and click add to move them to the resource dependencies list. Click next to continue. 8. Use the following settings as the file share parameters. A. Type fsavm...
Page 282
282 click permissions... To change permissions. 9. Change permissions as follows: a. Add administrator, exchange domain servers and system to the group or user names list. B. Remove the everyone account. C. Grant change and read permissions for exchange domain servers and system. D. Grant full contr...
Page 283
Appendix c 283 deploying the product on a cluster click ok to continue. 10. Click advanced... To open advanced file share properties. Make sure that normal share is selected. Click ok to continue. 11. Click finish to create the f-secure quarantine storage resource..
Page 284
284 12. Right-click the f-secure quarantine storage resource and select bring online. Windows 2008 based cluster 1. Log on to the active node of the cluster with the domain administrator account. 2. Create a directory for the quarantine storage on the physical disk shared by the cluster nodes. You c...
Page 285
Appendix c 285 deploying the product on a cluster add administrators, exchange servers and system with contributor permission levels. Press share to close the window and enable the share. 4. Check that everything is configured correctly. The failover cluster manager view should look like this:.
Page 286
286 5. During the f-secure anti-virus for microsoft exchange installation, select the quarantine share you just created when the installation asks for the quarantine path. Use the unc path in form of \\clustername\quarantine. (in the example above, \\lhclumb\quarantine.) c.2.2 creating the quarantin...
Page 287
Appendix c 287 deploying the product on a cluster 4. Go to the sharing tab. A. Type fsavmseqs$ as the share name and f-secure quarantine storage as comment. B. Make sure that user limit is set to maximum allowed. Click permissions to set permissions. The dollar ($) character at the end of the share ...
Page 288
288 5. Change permissions as follows: a. Remove all existing groups and users. A. Add administrator, exchange domain servers and system to the group or user names list. B. Grant change and read permissions for exchange domain servers and system. C. Grant full control, change and read permissions for...
Page 289
Appendix c 289 deploying the product on a cluster 6. Go to the security tab. A. Remove all existing groups and users. A. Add administrator, exchange domain servers and system to the group or user names list. B. Grant all except full control permissions for exchange domain servers and system. C. Gran...
Page 290
290 c.3 administering the cluster installation with f-secure policy manager to administer the product installed on a cluster, create a new subdomain under your organization or network domain. Import all cluster nodes to this subdomain. > if you need to change product configuration on all cluster nod...
Page 291
Appendix c 291 deploying the product on a cluster you should be able to release, reprocess or download quarantined messages and attachments when at least one node of the cluster is currently online. However, as the clustered exchange 2007 can have the mailbox role only, you need to configure the hub...
Page 292
292 c.5 uninstallation follow these instructions to uninstall the product in the cluster environment. 1. Uninstall the product from the active node with add/remove programs in windows 2003 or programs and features in windows 2008. The uninstallation removes the cluster resource automatically. 2. Aft...
Page 293
293 d appendix: sending e-mail alerts and reports overview................................................................................... 294 solution..................................................................................... 294.
Page 294
294 d.1 overview you can configure the product to send alerts to the administrator by e-mail. F-secure management agent that handles the alerting uses a simple smtp protocol (without authentication and encryption) to send alerts to the specified e-mail address. The product can send e-mail based repo...
Page 295
Appendix d 295 sending e-mail alerts and reports d.2.1 creating a scoped receive connector the connector can be created from the exchange management shell. Run the following command to create a scoped receive connector on the local server: new-receiveconnector -name -bindings -remoteipranges -authme...
Page 296
296 to create a new connector that is bound to a single ip addresses and accepts connections from the specified remote servers, run the following command: new-receiveconnector -name "f-secure alerts and reports" -bindings 192.168.58.128:25 -remoteipranges 192.168.58.129, 192.168.58.131 -authmechanis...
Page 297
297 e t roubleshooting overview................................................................................... 298 starting and stopping........................................................... 298 viewing the log file ................................................................. 299 commo...
Page 298
298 e.1 overview if you have a problem that is not covered in here, see “ technical support ”, 305. E.2 starting and stopping if you ever need to start or stop f-secure anti-virus for microsoft exchange, you can do it in the following ways: open the services applet from the administrative tools fold...
Page 299
Chapter e 299 troubleshooting e.3 viewing the log file f-secure anti-virus for microsoft exchange uses the log file logfile.Log that is maintained by f-secure management agent and contains all alerts generated by f-secure components installed on the host. Logfile.Log can be found on all hosts runnin...
Page 300
300 checking f-secure anti-virus for microsoft exchange 1. Make sure that f-secure anti-virus for microsoft exchange service and all its processes have started. Open services in the windows control panel and check that the f-secure anti-virus for microsoft exchange service has started. Open the wind...
Page 301
Chapter e 301 troubleshooting checking f-secure content scanner server problem: when the f-secure anti-virus for microsoft exchange tries to send an attachment to f-secure content scanner server, the attachment is not scanned and the e-mail does not reach the recipient. Solution: the problem is that...
Page 302
302 solution: 1. Make sure that f-secure web console daemon has started and is running. Check the services in windows control panel. The following service should be started: f-secure web console daemon check the task manager. The following process should be running: fswebuid.Exe 2. If you try to con...
Page 303
Chapter e 303 troubleshooting e.4.2 securing the quarantine problem: i have installed f-secure anti-virus for microsoft exchange and i'm worried about security of the local quarantine storage where stripped attachments are quarantined. What do you recommend me? Solution: f-secure anti-virus for micr...
Page 304
304 e.5 frequently asked questions all support issues, frequently asked questions and hotfixes can be found under the support pages at http://support.F-secure.Com/ . For more information, see “ technical support ”, 305..
Page 305
305 technical support f-secure online support resources........................................ 306 web club.................................................................................. 308 virus descriptions on the web ................................................. 308.
Page 306
306 f-secure online support resources f-secure technical support is available through f-secure support web pages, e-mail and by phone. Support requests can be submitted through a form on f-secure support web pages directly to f-secure support. F-secure support web pages for any f-secure product can ...
Page 307
Technical support 307 3. The f-secure diagnostics tool starts and the dialog window displays the progress of the data collection. 4. When the tool has finished collecting the data, click get report to download and save the collected data. You can also find and run the fsdiag.Exe utility under the f-...
Page 308
308 web club the f-secure web club provides assistance and updated versions of the f-secure products. To connect to the web club on our web site, open the f-secure anti-virus for microsoft exchange web console, and click the web club link in the banner. Alternatively, right-click on the f-secure ico...
Page 309
About f-secure corporation f-secure corporation protects consumers and businesses against computer viruses and other threats from the internet and mobile networks. We want to be the most reliable provider of security services in the market. One way to demonstrate this is the speed of our response. A...