F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE Administrator's Manual

F-Secure Anti-Virus for

Microsoft Exchange

Administrator’s Guide

"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure

product names and symbols/logos are either trademarks or registered trademarks of F-Secure

Corporation. All product names referenced herein are trademarks or registered trademarks of their

respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of

others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,

F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure

Corporation reserves the right to modify specifications cited in this document without prior notice.

Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of

this document may be reproduced or transmitted in any form or by any means, electronic or

mechanical, for any purpose, without the express written permission of F-Secure Corporation.

This product includes software developed by the Apache Software Foundation (http://

This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution

All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the

“Artistic License”.

This product may be covered by one or more F-Secure patents, including the following:

12000040-7B15

GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233

GB2374260

3

Contents

About This Guide 7

How This Guide Is Organized .............................................................................................. 8

Conventions Used in F-Secure Guides................................................................................ 9

Symbols ...................................................................................................................... 9

Chapter 1 Introduction 11

1.1 Overview....................................................................................................................12

1.2 How F-Secure Anti-Virus for Microsoft Exchange Works...........................................13

1.3 Key Features..............................................................................................................15

1.4 F-Secure Anti-Virus Mail Server and Gateway Products...........................................17

Chapter 2 Requirements 19

2.1 Which SQL Server to Use for the Quarantine Database?..........................................20

2.2 Network Requirements...............................................................................................21

2.3 Web Browser Software Requirements.......................................................................22

2.4 Improving Reliability and Performance ......................................................................23

2.5 Configuring the Product After the Installation.............................................................24

Chapter 3 Using F-Secure Anti-Virus for Microsoft Exchange 25

3.1 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................26

3.1.1 Logging in for the First Time...........................................................................26

3.2 Checking the Product Status......................................................................................29

3.3 Configuring the Web Console....................................................................................32

4

3.4 Modifying Settings and Viewing Statistics..................................................................33

3.5 Manually Processing Mailboxes and Public Folders..................................................34

3.5.1 Stand-alone Mode..........................................................................................34

3.5.2 Creating Scanning Operations .......................................................................34

3.6 Configuring Alert Forwarding .....................................................................................67

3.7 Viewing Alerts ............................................................................................................69

Chapter 4 Administration with Web Console 70

4.1 Overview....................................................................................................................71

4.2 F-Secure Anti-Virus for Microsoft Exchange Settings................................................71

4.2.1 Summary........................................................................................................72

4.2.2 Virus Scanning ...............................................................................................74

4.2.3 Stripping Attachments ....................................................................................90

4.2.4 Content Filtering...........................................................................................100

4.2.5 Manual Scanning..........................................................................................107

4.2.6 Quarantine....................................................................................................111

4.2.7 Advanced......................................................................................................121

4.2.8 Internal Domains ..........................................................................................127

4.3 F-Secure Content Scanner Server Settings.............................................................129

4.3.1 Summary......................................................................................................129

4.3.2 Database Updates........................................................................................136

4.3.3 Scan Engines ...............................................................................................138

4.3.4 Proxy Configuration......................................................................................143

4.3.5 Archive Scanning..........................................................................................146

4.3.6 Advanced......................................................................................................149

4.3.7 Interface........................................................................................................151

4.4 F-Secure Automatic Update Agent Settings ............................................................152

4.4.1 Summary......................................................................................................153

4.4.2 Automatic Updates.......................................................................................156

4.5 F-Secure Management Agent Settings....................................................................157

Chapter 5 Quarantine Management 160

5.1 Introduction ..............................................................................................................161

5.2 Configuring Quarantine Options...............................................................................162

5.3 Searching the Quarantined Content.........................................................................163

5

5.4 Query Results Page.................................................................................................167

5.5 Viewing Details of a Quarantined Message.............................................................169

5.6 Reprocessing the Quarantined Content...................................................................171

5.7 Releasing the Quarantined Content.........................................................................172

5.8 Removing the Quarantined Content.........................................................................174

5.9 Deleting Old Quarantined Content Automatically.....................................................174

5.10 Quarantine Logging..................................................................................................175

5.11 Quarantine Statistics................................................................................................176

5.12 Moving the Quarantine Storage ...............................................................................177

Chapter 6 Administering F-Secure Spam Control 179

6.1 Overview..................................................................................................................180

6.2 Spam Control Settings in Web Console...................................................................180

6.3 Realtime Blackhole List Configuration .....................................................................185

6.3.1 Enabling Realtime Blackhole Lists ...............................................................185

6.3.2 Optimizing F-Secure Spam Control Performance........................................187

Chapter 7 Updating Virus and Spam Definition Databases 189

7.1 Overview..................................................................................................................190

7.2 Automatic Updates with F-Secure Automatic Update Agent....................................190

7.3 Configuring Automatic Updates ...............................................................................190

7.4 Manual Updates.......................................................................................................191

7.4.1 Using FSUPDATE........................................................................................191

AppendixA Variables in Warning Messages 192

List of Variables................................................................................................................ 193

Outbreak Management Alert Variables............................................................................ 195

AppendixB Services and Processes 196

Chapter C Troubleshooting 202

C.1 Overview..................................................................................................................203

C.2 Starting and Stopping...............................................................................................203

6

C.3 Viewing the Log File.................................................................................................203

C.4 Common Problems and Solutions............................................................................204

C.4.1 Installing Service Packs................................................................................207

C.4.2 Securing the Quarantine...............................................................................207

C.5 Frequently Asked Questions....................................................................................208

C.6 F-Secure Automatic Update Agent Troubleshooting................................................213

Technical Support 218

F-Secure Online Support Resources ............................................................................... 219

Web Club .........................................................................................................................220

Virus Descriptions on the Web .........................................................................................221

7

ABOUT THIS GUIDE

How This Guide Is Organized...................................................... 8

Conventions Used in F-Secure Guides..................................... 13

8

How This Guide Is Organized

F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is

divided into the following chapters:

Chapter 1. Introduction. General information about F-Secure Anti-Virus

for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and

Gateway products.

Chapter 2. Requirements. System requirements and instructions how to

set up F-Secure Anti-Virus for Microsoft Exchange.

Chapter 3. Using F-Secure Anti-Virus for Microsoft Exchange.

Instructions how to use and administer F-Secure Anti-Virus for Microsoft

Exchange.

Chapter 4. Administration with Web Console. Instructions how to

administer F-Secure Anti-Virus for Microsoft Exchange with the Web

Console.

Chapter 6. Administering F-Secure Spam Control. General information

about and instructions on how to configure F-Secure Spam Control.

Chapter 7. Updating Virus and Spam Definition Databases. Instructions

how to update your virus definition database.

Appendix A. Variables in Warning Messages. Lists variables that can

be included in virus warning messages.

Appendix B. Services and Processes. Describes services, devices and

processes of F-Secure Anti-Virus for Microsoft Exchange.

Chapter C. Troubleshooting. Solutions to some common problems.

Technical Support. Contains the contact information for assistance.

About F-Secure Corporation. Describes the company background and

products.

9

Conventions Used in F-Secure Guides

This section describes the symbols, fonts, and terminology used in this

manual.

Symbols

⇒ An arrow indicates a one-step procedure.

Fonts

Arial bold (blue) is used to refer to menu names and commands, to

buttons and other items in a dialog box.

Arial Italics (blue) is used to refer to other chapters in the manual, book

titles, and titles of other manuals.

Arial Italics (black) is used for file and folder names, for figure and table

captions, and for directory tree names.

Courier New is used for messages on your computer screen.

WARNING: The warning symbol indicates a situation with a

risk of irreversible destruction to data.

IMPORTANT: An exclamation mark provides important information

that you need to consider.

REFERENCE - A book refers you to related information on the

topic available in another document.

l

NOTE - A note provides additional information that you should

consider.

TIP - A tip provides information that can help you perform a task

more quickly or easily.

10

Courier New bold is used for information that you must type.

SMALL CAPS (BLACK) is used for a key or key combination on your

keyboard.

Arial underlined (blue)

is used for user interface links.

Arial italics is used for window and dialog box names.

PDF Document

This manual is provided in PDF (Portable Document Format). The PDF

document can be used for online viewing and printing using Adobe®

Acrobat® Reader. When printing the manual, please print the entire

manual, including the copyright and disclaimer statements.

For More Information

Visit F-Secure at http://www.f-secure.com for documentation, training

courses, downloads, and service and support contacts.

In our constant attempts to improve our documentation, we would

welcome your feedback. If you have any questions, comments, or

suggestions about this or any other F-Secure document, please contact

us at documentation@f-secure.com

.

11

1

INTRODUCTION

Overview..................................................................................... 12

How F-Secure Anti-Virus for Microsoft Exchange Works........... 13

Key Features.............................................................................. 15

F-Secure Anti-Virus Mail Server and Gateway Products............ 17

12

1.1 Overview

Malicious code, such as computer viruses, is one of the main threats for

companies today. In the past, malicious code spread mainly via disks and

the most common viruses were the ones that infected disk boot sectors.

When users began to use office applications with macro capabilities -

such as Microsoft Office - to write documents and distribute them via mail

and groupware servers, macro viruses started spreading rapidly.

After the millennium, the most common spreading mechanism has been

the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide

a very fast and efficient way for viruses to spread themselves without any

user intervention and that is why e-mail worm outbreaks, like Sober,

Netsky and Bagle, have caused a lot of damage around the world.

F-Secure Anti-Virus Mail Server and Gateway products are designed to

protect your company's mail and groupware servers and to shield the

company network from any malicious code that travels in HTTP or SMTP

traffic. In addition, they protect your company network against spam. The

protection can be implemented on the gateway level to screen all

incoming and outgoing e-mail (SMTP), web surfing (HTTP and

FTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can be

implemented on the mail server level so that it does not only protect

inbound and outbound traffic but also internal mail traffic and public

sources, such as Public Folders on Microsoft Exchange servers.

Providing the protection already on the gateway level has plenty of

advantages. The protection is easy and fast to set up and install,

compared to rolling out antivirus protection on hundreds or thousands of

workstations. The protection is also invisible to the end users which

ensures that the system cannot be by-passed and makes it easy to

maintain. Of course, protecting the gateway level alone is not enough to

provide a complete antivirus solution; file server and workstation level

protection is needed, also.

Why clean 1000 workstations when you can clean one attachment at the

gateway level?

CHAPTER 1 13

Introduction

1.2 How F-Secure Anti-Virus for Microsoft Exchange

Works

F-Secure Anti-Virus for Microsoft Exchange is designed to detect and

disinfect viruses and other malicious code from e-mail transmissions

through Microsoft Exchange 2000/2003 Server. Scanning is done in real

time as the mail passes through Microsoft Exchange Server. On-demand

scanning of user mailboxes and Public Folders is also available.

Scanning

Attachments and

Message Bodies

F-Secure Anti-Virus for Microsoft Exchange scans attachments and

message bodies for malicious code. It can also be instructed to remove

particular attachments according to the file name or the file extension. In

addition, it can filter out messages containing keywords that have been

defined as disallowed.

If the intercepted mail contains malicious code, F-Secure Anti-Virus for

Microsoft Exchange can be configured to disinfect or drop the content.

Any malicious code found during the scan process can be placed in the

Quarantine, where it can be further examined. Stripped attachments can

also be placed in the Quarantine for further examination.

Flexible and Scalable

Anti-Virus Protection

F-Secure Anti-Virus for Microsoft Exchange is installed on Microsoft

Exchange 2000/2003 Server and it intercepts mail traveling through

mailboxes and Public folders. Intercepted attachments and documents

are sent to F-Secure Content Scanner Server, which returns disinfected

files back to F-Secure Anti-Virus for Microsoft Exchange.

The two-component product architecture ensures that the anti-virus

protection does not increase the load on the protected system and that

the infected data is never stored on the production network. It also

enables you to implement a server pool, so you can share the traffic load

between multiple F-Secure Content Scanner Servers and have backup

servers if the traffic to primary servers stops for some reason.

14

Alerting F-Secure Anti-Virus for Microsoft Exchange has extensive alerting

functions, which means that the system administrator can specify a

recipient inside the company network to be notified about the infection

found in the data content. Of course, the network administrator can be

notified about the infection also.

Powerful and Always

Up-to-date

F-Secure Anti-Virus for Microsoft Exchange uses the award-winning

F-Secure Anti-Virus scanner to ensure the highest possible detection rate

and disinfection capability. The daily F-Secure Anti-Virus signature

database updates provide F-Secure Anti-Virus for Microsoft Exchange an

always up-to-date protection capability.

F-Secure Anti-Virus scanner consistently ranks at the top when compared

to competing products. Our team of dedicated virus researchers is on call

24-hours a day responding to new and emerging threats. In fact,

F-Secure is one of the only companies to release tested virus definition

updates on a daily basis, to make sure our customers are receiving the

highest quality service and protection.

Virus and Spam

Outbreak Detection

Massive spam and virus outbreaks consist of millions of messages which

share at least one identifiable pattern that can be used to distinguish the

outbreak. Any message that contains one or more of these patterns can

be assumed to be a part of the same spam or virus outbreak.

F-Secure Anti-Virus for Microsoft Exchange can identify these patterns

from the message envelope, headers and body, in any language,

message format and encoding type. It can detect spam messages and

new viruses during the first minutes of the outbreak.

Easy to Administer F-Secure Anti-Virus for Microsoft Exchange can be managed with the

web-based user interface. With Web Console, you can configure

F-Secure Anti-Virus for Microsoft Exchange settings, set up scheduled

scans or run manual processes any time you want.

CHAPTER 1 15

Introduction

Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft

Exchange, which (2) filters malicious content from mails and attachments, and (3)

delivers cleaned files forward.

1.3 Key Features

F-Secure Anti-Virus for Microsoft Exchange provides the following

features and capabilities.

Superior Protection  Superior detection rate with multiple scanning engines.

 Automatic malicious code detection and disinfection.

 Heuristic scanning detects also unknown Windows and macro

viruses.

 Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,

RAR, TAR, TGZ, Z and ZIP archive files.

 Automatic daily virus definition database updates.

 Suspicious and unsafe attachments can be stripped away from

e-mails.

16

 Password protected archives can be treated as unsafe.

 Intelligent file type recognition.

 Message filtering based on keywords in message subjects and

text.

 Utilizes the low-level Anti-Virus API (AV API 2.0) for Microsoft

Exchange 2000 Server, and AV AP 2.5 for Microsoft Exchange

2003 Server.

Virus Outbreak

Detection

 The virus outbreak detection is an additional active layer of

protection that automatically detects virus outbreaks and

quarantines suspicious messages.

 Virus outbreaks are transparently detected and infected

messages are quarantined before the outbreak becomes

widespread.

 The product can notify the administrator about virus outbreaks.

 Quarantined unsafe messages can be reprocessed

automatically.

Transparency and

Scalability

 Viruses are intercepted before they can enter the network and

spread out on workstations and servers.

 Real-time scanning of internal, inbound and outbound mail

messages and Public Folder notes.

 Automatic protection of new mailboxes and Public Folders.

 Total transparency to end-users. Users cannot bypass the

system, which means that messages and documents cannot be

exchanged without scanning.

Management  Controlling and monitoring the behavior of the products remotely.

 Starting predefined operations remotely.

 Monitoring statistics provided by the products remotely with

F-Secure Anti-Virus for Microsoft Exchange Web Console.

 You can manage and search quarantined content with the

F-Secure Anti-Virus for Microsoft Exchange Web Console.

CHAPTER 1 17

Introduction

Protection against

Spam

 Possible spam messages are transparently detected before they

become widespread.

 Efficient spam detection based on different analyses on the

e-mail content.

 Multiple filtering mechanisms guarantee the high accuracy of

spam detection.

 Spam detection works in every language and message format.

1.4 F-Secure Anti-Virus Mail Server and Gateway

Products

The F-Secure Anti-Virus product line consists of workstation, file server,

mail server, gateway and mobile products.

 F-Secure Internet Gatekeeper is a high performance, totally

automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP)

virus scanning solution for the gateway level. F-Secure Internet

Gatekeeper works independently of firewall and e-mail server

solutions, and does not affect their performance.

 F-Secure Anti-Virus for Microsoft Exchange™ protects your

Microsoft Exchange users from malicious code contained within

files they receive in mail messages and documents they open

from shared databases. Malicious code is also stopped in

outbound messages and in notes being posted on Public Folders.

The product operates transparently and scans files in the

Exchange Server Information Store in real-time. Manual and

scheduled scanning of user mailboxes and Public Folders is also

supported.

 F-Secure Anti-Virus for MIMEsweeper™ provides a powerful

anti-virus scanning solution that tightly integrates with Clearswift

MIMEsweeper for SMTP and MIMEsweeper for Web products.

F-Secure provides top-class anti-virus software with fast and

18

simple integration to Clearswift MAILsweeper and WEBsweeper,

giving the corporation the powerful combination of complete

content security.

 F-Secure Internet Gatekeeper for Linux™ provides a

high-performance solution at the Internet gateway level, stopping

viruses and other malicious code before the spread to end users

desktops or corporate servers. The product scans SMTP, HTTP,

FTP and POP3 traffic for viruses, worms and trojans, and blocks

and filters out specified file types. ActiveX and Java code can

also be scanned or blocked. The product receives updates

automatically from F-Secure, keeping the virus protection always

up to date. A powerful and easy-to-use management console

simplifies the installation and configuration of the product.

 F-Secure Messaging Security Gateway™ delivers the

industry’s most complete and effective security for e-mail. It

combines a robust enterprise-class messaging platform with

perimeter security, antispam, antivirus, secure messaging and

outbound content security capabilities in an easy-to-deploy,

hardened appliance.

19

2

REQUIREMENTS

Which SQL Server to Use for the Quarantine Database?.......... 20

Network Requirements............................................................... 21

Web Browser Software Requirements....................................... 22

Improving Reliability and Performance....................................... 23

Configuring the Product After the Installation............................. 24

20

2.1 Which SQL Server to Use for the Quarantine

Database?

As a minimum requirement, the Quarantine database should have the

capacity to store information about all inbound and outbound mail to and

from your organization that would normally be sent during 2-3 days.

Take into account the following SQL server specific considerations when

deciding which SQL server to use:

Microsoft SQL Server

Desktop Engine and

SQL Server 2005

Express Edition

 When using Microsoft SQL Server Desktop Engine (MSDE), the

Quarantine database size is limited to 2 GB.

 MSDE includes a concurrent workload governor that limits the

scalability of MSDE. For more information, see

http://msdn.microsoft.com/library/?url=/library/en-us/architec/

8_ar_sa2_0ciq.asp?frame=true.

 It is not recommended to use MSDE or SQL Server 2005

Express Edition if you are planning to use centralized quarantine

management with multiple F-Secure Anti-Virus for Microsoft

Exchange installations.

MSDE is delivered together with F-Secure Anti-Virus for

Microsoft Exchange, and you can install it during the F-Secure

Internet Anti-Virus for Microsoft Exchange Setup. For more

information, see “Installation Overview”, 28.

Page is loading ...

F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE Administrator's Manual

F-SECURE ANTI-VIRUS - FOR MICROSOFT EXCHANGE Administrator's Manual

Related papers

Other documents