2. Computers & electronics
  3. Software
  4. Antivirus security software
  5. F-SECURE
  6. ANTI-VIRUS - FOR MICROSOFT EXCHANGE

F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE Administrator's Manual

  • Hello! I am an AI chatbot trained to assist you with the F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE Administrator's Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
F-Secure Anti-Virus for
Microsoft Exchange
Administrators Guide
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure
product names and symbols/logos are either trademarks or registered trademarks of F-Secure
Corporation. All product names referenced herein are trademarks or registered trademarks of their
respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of
others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,
F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure
Corporation reserves the right to modify specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of
this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of F-Secure Corporation.
Copyright © 1993-2008 F-Secure Corporation. All rights reserved.
Portions Copyright © 1991-2006 Kaspersky Lab.
This product includes software developed by the Apache Software Foundation (http://
www.apache.org/). Copyright © 2000-2006 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2006 The PHP
Group. All rights reserved.
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution
are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file.
All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the
“Artistic License”.
This product may be covered by one or more F-Secure patents, including the following:
12000040-7B15
GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233
GB2374260
3
Contents
About This Guide 7
How This Guide Is Organized .............................................................................................. 8
Conventions Used in F-Secure Guides................................................................................ 9
Symbols ...................................................................................................................... 9
Chapter 1 Introduction 11
1.1 Overview....................................................................................................................12
1.2 How F-Secure Anti-Virus for Microsoft Exchange Works...........................................13
1.3 Key Features..............................................................................................................15
1.4 F-Secure Anti-Virus Mail Server and Gateway Products...........................................17
Chapter 2 Requirements 19
2.1 Which SQL Server to Use for the Quarantine Database?..........................................20
2.2 Network Requirements...............................................................................................21
2.3 Web Browser Software Requirements.......................................................................22
2.4 Improving Reliability and Performance ......................................................................23
2.5 Configuring the Product After the Installation.............................................................24
Chapter 3 Using F-Secure Anti-Virus for Microsoft Exchange 25
3.1 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................26
3.1.1 Logging in for the First Time...........................................................................26
3.2 Checking the Product Status......................................................................................29
3.3 Configuring the Web Console....................................................................................32
4
3.4 Modifying Settings and Viewing Statistics..................................................................33
3.5 Manually Processing Mailboxes and Public Folders..................................................34
3.5.1 Stand-alone Mode..........................................................................................34
3.5.2 Creating Scanning Operations .......................................................................34
3.6 Configuring Alert Forwarding .....................................................................................67
3.7 Viewing Alerts ............................................................................................................69
Chapter 4 Administration with Web Console 70
4.1 Overview....................................................................................................................71
4.2 F-Secure Anti-Virus for Microsoft Exchange Settings................................................71
4.2.1 Summary........................................................................................................72
4.2.2 Virus Scanning ...............................................................................................74
4.2.3 Stripping Attachments ....................................................................................90
4.2.4 Content Filtering...........................................................................................100
4.2.5 Manual Scanning..........................................................................................107
4.2.6 Quarantine....................................................................................................111
4.2.7 Advanced......................................................................................................121
4.2.8 Internal Domains ..........................................................................................127
4.3 F-Secure Content Scanner Server Settings.............................................................129
4.3.1 Summary......................................................................................................129
4.3.2 Database Updates........................................................................................136
4.3.3 Scan Engines ...............................................................................................138
4.3.4 Proxy Configuration......................................................................................143
4.3.5 Archive Scanning..........................................................................................146
4.3.6 Advanced......................................................................................................149
4.3.7 Interface........................................................................................................151
4.4 F-Secure Automatic Update Agent Settings ............................................................152
4.4.1 Summary......................................................................................................153
4.4.2 Automatic Updates.......................................................................................156
4.5 F-Secure Management Agent Settings....................................................................157
Chapter 5 Quarantine Management 160
5.1 Introduction ..............................................................................................................161
5.2 Configuring Quarantine Options...............................................................................162
5.3 Searching the Quarantined Content.........................................................................163
5
5.4 Query Results Page.................................................................................................167
5.5 Viewing Details of a Quarantined Message.............................................................169
5.6 Reprocessing the Quarantined Content...................................................................171
5.7 Releasing the Quarantined Content.........................................................................172
5.8 Removing the Quarantined Content.........................................................................174
5.9 Deleting Old Quarantined Content Automatically.....................................................174
5.10 Quarantine Logging..................................................................................................175
5.11 Quarantine Statistics................................................................................................176
5.12 Moving the Quarantine Storage ...............................................................................177
Chapter 6 Administering F-Secure Spam Control 179
6.1 Overview..................................................................................................................180
6.2 Spam Control Settings in Web Console...................................................................180
6.3 Realtime Blackhole List Configuration .....................................................................185
6.3.1 Enabling Realtime Blackhole Lists ...............................................................185
6.3.2 Optimizing F-Secure Spam Control Performance........................................187
Chapter 7 Updating Virus and Spam Definition Databases 189
7.1 Overview..................................................................................................................190
7.2 Automatic Updates with F-Secure Automatic Update Agent....................................190
7.3 Configuring Automatic Updates ...............................................................................190
7.4 Manual Updates.......................................................................................................191
7.4.1 Using FSUPDATE........................................................................................191
AppendixA Variables in Warning Messages 192
List of Variables................................................................................................................ 193
Outbreak Management Alert Variables............................................................................ 195
AppendixB Services and Processes 196
Chapter C Troubleshooting 202
C.1 Overview..................................................................................................................203
C.2 Starting and Stopping...............................................................................................203
6
C.3 Viewing the Log File.................................................................................................203
C.4 Common Problems and Solutions............................................................................204
C.4.1 Installing Service Packs................................................................................207
C.4.2 Securing the Quarantine...............................................................................207
C.5 Frequently Asked Questions....................................................................................208
C.6 F-Secure Automatic Update Agent Troubleshooting................................................213
Technical Support 218
F-Secure Online Support Resources ............................................................................... 219
Web Club .........................................................................................................................220
Virus Descriptions on the Web .........................................................................................221
7
ABOUT THIS GUIDE
How This Guide Is Organized...................................................... 8
Conventions Used in F-Secure Guides..................................... 13
8
How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is
divided into the following chapters:
Chapter 1. Introduction. General information about F-Secure Anti-Virus
for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and
Gateway products.
Chapter 2. Requirements. System requirements and instructions how to
set up F-Secure Anti-Virus for Microsoft Exchange.
Chapter 3. Using F-Secure Anti-Virus for Microsoft Exchange.
Instructions how to use and administer F-Secure Anti-Virus for Microsoft
Exchange.
Chapter 4. Administration with Web Console. Instructions how to
administer F-Secure Anti-Virus for Microsoft Exchange with the Web
Console.
Chapter 6. Administering F-Secure Spam Control. General information
about and instructions on how to configure F-Secure Spam Control.
Chapter 7. Updating Virus and Spam Definition Databases. Instructions
how to update your virus definition database.
Appendix A. Variables in Warning Messages. Lists variables that can
be included in virus warning messages.
Appendix B. Services and Processes. Describes services, devices and
processes of F-Secure Anti-Virus for Microsoft Exchange.
Chapter C. Troubleshooting. Solutions to some common problems.
Technical Support. Contains the contact information for assistance.
About F-Secure Corporation. Describes the company background and
products.
9
Conventions Used in F-Secure Guides
This section describes the symbols, fonts, and terminology used in this
manual.
Symbols
An arrow indicates a one-step procedure.
Fonts
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals.
Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names.
Courier New is used for messages on your computer screen.
WARNING: The warning symbol indicates a situation with a
risk of irreversible destruction to data.
IMPORTANT: An exclamation mark provides important information
that you need to consider.
REFERENCE - A book refers you to related information on the
topic available in another document.
l
NOTE - A note provides additional information that you should
consider.
TIP - A tip provides information that can help you perform a task
more quickly or easily.
10
Courier New bold is used for information that you must type.
SMALL CAPS (BLACK) is used for a key or key combination on your
keyboard.
Arial underlined (blue)
is used for user interface links.
Arial italics is used for window and dialog box names.
PDF Document
This manual is provided in PDF (Portable Document Format). The PDF
document can be used for online viewing and printing using Adobe®
Acrobat® Reader. When printing the manual, please print the entire
manual, including the copyright and disclaimer statements.
For More Information
Visit F-Secure at http://www.f-secure.com for documentation, training
courses, downloads, and service and support contacts.
In our constant attempts to improve our documentation, we would
welcome your feedback. If you have any questions, comments, or
suggestions about this or any other F-Secure document, please contact
us at documentation@f-secure.com
.
11
1
INTRODUCTION
Overview..................................................................................... 12
How F-Secure Anti-Virus for Microsoft Exchange Works........... 13
Key Features.............................................................................. 15
F-Secure Anti-Virus Mail Server and Gateway Products............ 17
12
1.1 Overview
Malicious code, such as computer viruses, is one of the main threats for
companies today. In the past, malicious code spread mainly via disks and
the most common viruses were the ones that infected disk boot sectors.
When users began to use office applications with macro capabilities -
such as Microsoft Office - to write documents and distribute them via mail
and groupware servers, macro viruses started spreading rapidly.
After the millennium, the most common spreading mechanism has been
the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide
a very fast and efficient way for viruses to spread themselves without any
user intervention and that is why e-mail worm outbreaks, like Sober,
Netsky and Bagle, have caused a lot of damage around the world.
F-Secure Anti-Virus Mail Server and Gateway products are designed to
protect your company's mail and groupware servers and to shield the
company network from any malicious code that travels in HTTP or SMTP
traffic. In addition, they protect your company network against spam. The
protection can be implemented on the gateway level to screen all
incoming and outgoing e-mail (SMTP), web surfing (HTTP and
FTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can be
implemented on the mail server level so that it does not only protect
inbound and outbound traffic but also internal mail traffic and public
sources, such as Public Folders on Microsoft Exchange servers.
Providing the protection already on the gateway level has plenty of
advantages. The protection is easy and fast to set up and install,
compared to rolling out antivirus protection on hundreds or thousands of
workstations. The protection is also invisible to the end users which
ensures that the system cannot be by-passed and makes it easy to
maintain. Of course, protecting the gateway level alone is not enough to
provide a complete antivirus solution; file server and workstation level
protection is needed, also.
Why clean 1000 workstations when you can clean one attachment at the
gateway level?
CHAPTER 1 13
Introduction
1.2 How F-Secure Anti-Virus for Microsoft Exchange
Works
F-Secure Anti-Virus for Microsoft Exchange is designed to detect and
disinfect viruses and other malicious code from e-mail transmissions
through Microsoft Exchange 2000/2003 Server. Scanning is done in real
time as the mail passes through Microsoft Exchange Server. On-demand
scanning of user mailboxes and Public Folders is also available.
Scanning
Attachments and
Message Bodies
F-Secure Anti-Virus for Microsoft Exchange scans attachments and
message bodies for malicious code. It can also be instructed to remove
particular attachments according to the file name or the file extension. In
addition, it can filter out messages containing keywords that have been
defined as disallowed.
If the intercepted mail contains malicious code, F-Secure Anti-Virus for
Microsoft Exchange can be configured to disinfect or drop the content.
Any malicious code found during the scan process can be placed in the
Quarantine, where it can be further examined. Stripped attachments can
also be placed in the Quarantine for further examination.
Flexible and Scalable
Anti-Virus Protection
F-Secure Anti-Virus for Microsoft Exchange is installed on Microsoft
Exchange 2000/2003 Server and it intercepts mail traveling through
mailboxes and Public folders. Intercepted attachments and documents
are sent to F-Secure Content Scanner Server, which returns disinfected
files back to F-Secure Anti-Virus for Microsoft Exchange.
The two-component product architecture ensures that the anti-virus
protection does not increase the load on the protected system and that
the infected data is never stored on the production network. It also
enables you to implement a server pool, so you can share the traffic load
between multiple F-Secure Content Scanner Servers and have backup
servers if the traffic to primary servers stops for some reason.
14
Alerting F-Secure Anti-Virus for Microsoft Exchange has extensive alerting
functions, which means that the system administrator can specify a
recipient inside the company network to be notified about the infection
found in the data content. Of course, the network administrator can be
notified about the infection also.
Powerful and Always
Up-to-date
F-Secure Anti-Virus for Microsoft Exchange uses the award-winning
F-Secure Anti-Virus scanner to ensure the highest possible detection rate
and disinfection capability. The daily F-Secure Anti-Virus signature
database updates provide F-Secure Anti-Virus for Microsoft Exchange an
always up-to-date protection capability.
F-Secure Anti-Virus scanner consistently ranks at the top when compared
to competing products. Our team of dedicated virus researchers is on call
24-hours a day responding to new and emerging threats. In fact,
F-Secure is one of the only companies to release tested virus definition
updates on a daily basis, to make sure our customers are receiving the
highest quality service and protection.
Virus and Spam
Outbreak Detection
Massive spam and virus outbreaks consist of millions of messages which
share at least one identifiable pattern that can be used to distinguish the
outbreak. Any message that contains one or more of these patterns can
be assumed to be a part of the same spam or virus outbreak.
F-Secure Anti-Virus for Microsoft Exchange can identify these patterns
from the message envelope, headers and body, in any language,
message format and encoding type. It can detect spam messages and
new viruses during the first minutes of the outbreak.
Easy to Administer F-Secure Anti-Virus for Microsoft Exchange can be managed with the
web-based user interface. With Web Console, you can configure
F-Secure Anti-Virus for Microsoft Exchange settings, set up scheduled
scans or run manual processes any time you want.
CHAPTER 1 15
Introduction
Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft
Exchange, which (2) filters malicious content from mails and attachments, and (3)
delivers cleaned files forward.
1.3 Key Features
F-Secure Anti-Virus for Microsoft Exchange provides the following
features and capabilities.
Superior Protection Superior detection rate with multiple scanning engines.
Automatic malicious code detection and disinfection.
Heuristic scanning detects also unknown Windows and macro
viruses.
Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,
RAR, TAR, TGZ, Z and ZIP archive files.
Automatic daily virus definition database updates.
Suspicious and unsafe attachments can be stripped away from
e-mails.
16
Password protected archives can be treated as unsafe.
Intelligent file type recognition.
Message filtering based on keywords in message subjects and
text.
Utilizes the low-level Anti-Virus API (AV API 2.0) for Microsoft
Exchange 2000 Server, and AV AP 2.5 for Microsoft Exchange
2003 Server.
Virus Outbreak
Detection
The virus outbreak detection is an additional active layer of
protection that automatically detects virus outbreaks and
quarantines suspicious messages.
Virus outbreaks are transparently detected and infected
messages are quarantined before the outbreak becomes
widespread.
The product can notify the administrator about virus outbreaks.
Quarantined unsafe messages can be reprocessed
automatically.
Transparency and
Scalability
Viruses are intercepted before they can enter the network and
spread out on workstations and servers.
Real-time scanning of internal, inbound and outbound mail
messages and Public Folder notes.
Automatic protection of new mailboxes and Public Folders.
Total transparency to end-users. Users cannot bypass the
system, which means that messages and documents cannot be
exchanged without scanning.
Management Controlling and monitoring the behavior of the products remotely.
Starting predefined operations remotely.
Monitoring statistics provided by the products remotely with
F-Secure Anti-Virus for Microsoft Exchange Web Console.
You can manage and search quarantined content with the
F-Secure Anti-Virus for Microsoft Exchange Web Console.
CHAPTER 1 17
Introduction
Protection against
Spam
Possible spam messages are transparently detected before they
become widespread.
Efficient spam detection based on different analyses on the
e-mail content.
Multiple filtering mechanisms guarantee the high accuracy of
spam detection.
Spam detection works in every language and message format.
1.4 F-Secure Anti-Virus Mail Server and Gateway
Products
The F-Secure Anti-Virus product line consists of workstation, file server,
mail server, gateway and mobile products.
F-Secure Internet Gatekeeper is a high performance, totally
automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP)
virus scanning solution for the gateway level. F-Secure Internet
Gatekeeper works independently of firewall and e-mail server
solutions, and does not affect their performance.
F-Secure Anti-Virus for Microsoft Exchange™ protects your
Microsoft Exchange users from malicious code contained within
files they receive in mail messages and documents they open
from shared databases. Malicious code is also stopped in
outbound messages and in notes being posted on Public Folders.
The product operates transparently and scans files in the
Exchange Server Information Store in real-time. Manual and
scheduled scanning of user mailboxes and Public Folders is also
supported.
F-Secure Anti-Virus for MIMEsweeper™ provides a powerful
anti-virus scanning solution that tightly integrates with Clearswift
MIMEsweeper for SMTP and MIMEsweeper for Web products.
F-Secure provides top-class anti-virus software with fast and
18
simple integration to Clearswift MAILsweeper and WEBsweeper,
giving the corporation the powerful combination of complete
content security.
F-Secure Internet Gatekeeper for Linux™ provides a
high-performance solution at the Internet gateway level, stopping
viruses and other malicious code before the spread to end users
desktops or corporate servers. The product scans SMTP, HTTP,
FTP and POP3 traffic for viruses, worms and trojans, and blocks
and filters out specified file types. ActiveX and Java code can
also be scanned or blocked. The product receives updates
automatically from F-Secure, keeping the virus protection always
up to date. A powerful and easy-to-use management console
simplifies the installation and configuration of the product.
F-Secure Messaging Security Gateway™ delivers the
industry’s most complete and effective security for e-mail. It
combines a robust enterprise-class messaging platform with
perimeter security, antispam, antivirus, secure messaging and
outbound content security capabilities in an easy-to-deploy,
hardened appliance.
19
2
REQUIREMENTS
Which SQL Server to Use for the Quarantine Database?.......... 20
Network Requirements............................................................... 21
Web Browser Software Requirements....................................... 22
Improving Reliability and Performance....................................... 23
Configuring the Product After the Installation............................. 24
20
2.1 Which SQL Server to Use for the Quarantine
Database?
As a minimum requirement, the Quarantine database should have the
capacity to store information about all inbound and outbound mail to and
from your organization that would normally be sent during 2-3 days.
Take into account the following SQL server specific considerations when
deciding which SQL server to use:
Microsoft SQL Server
Desktop Engine and
SQL Server 2005
Express Edition
When using Microsoft SQL Server Desktop Engine (MSDE), the
Quarantine database size is limited to 2 GB.
MSDE includes a concurrent workload governor that limits the
scalability of MSDE. For more information, see
http://msdn.microsoft.com/library/?url=/library/en-us/architec/
8_ar_sa2_0ciq.asp?frame=true.
It is not recommended to use MSDE or SQL Server 2005
Express Edition if you are planning to use centralized quarantine
management with multiple F-Secure Anti-Virus for Microsoft
Exchange installations.
MSDE is delivered together with F-Secure Anti-Virus for
Microsoft Exchange, and you can install it during the F-Secure
Internet Anti-Virus for Microsoft Exchange Setup. For more
information, see “Installation Overview”, 28.
/