Page is loading ...
F-Secure Anti-Virus for
Microsoft Exchange
Administrator’s Guide
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure
product names and symbols/logos are either trademarks or registered trademarks of F-Secure
Corporation. All product names referenced herein are trademarks or registered trademarks of their
respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of
others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,
F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure
Corporation reserves the right to modify specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of
this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of F-Secure Corporation.
Copyright © 1993-2010 F-Secure Corporation. All rights reserved.
Portions Copyright © 2003 Commtouch ® Software Ltd.
Copyright © 1997-2009 BitDefender.
This product includes software developed by the Apache Software Foundation (http://
www.apache.org/). Copyright © 2000-2007 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2007 The PHP
Group. All rights reserved.
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution
are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file.
All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the
“Artistic License”.
This product may be covered by one or more F-Secure patents, including the following:
GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233
GB2374260
1
Contents
About This Guide 6
How This Guide Is Organized .............................................................................................. 7
Conventions Used in F-Secure Guides................................................................................ 9
Symbols ...................................................................................................................... 9
Chapter 1 Using F-Secure Anti-Virus for Microsoft Exchange 11
1.1 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................12
1.2 Using Web Console ...................................................................................................13
1.2.1 Logging in for the First Time...........................................................................13
1.2.2 Modifying Settings and Viewing Statistics with Web Console........................15
1.2.3 Checking the Product Status .........................................................................16
1.3 Using F-Secure Policy Manager Console ..................................................................16
1.3.1 Modifying Settings and Viewing Statistics in Centrally Administered Mode ...16
Chapter 2 Centrally Managed Administration 19
2.1 Overview....................................................................................................................20
2.2 F-Secure Anti-Virus for Microsoft Exchange Settings................................................20
2.2.1 General Settings.............................................................................................20
2.2.2 Transport Protection.......................................................................................29
2.2.3 Storage Protection..........................................................................................48
2.3 F-Secure Anti-Virus for Microsoft Exchange Statistics...............................................80
2.3.1 Common.........................................................................................................81
2.3.2 Transport Protection.......................................................................................82
2.3.3 Storage Protection..........................................................................................83
2
2.3.4 Quarantine......................................................................................................85
2.4 F-Secure Content Scanner Server Settings...............................................................86
2.4.1 Interface..........................................................................................................86
2.4.2 Virus Scanning ...............................................................................................87
2.4.3 Virus Statistics................................................................................................90
2.4.4 Database Updates..........................................................................................91
2.4.5 Spam Filtering ................................................................................................92
2.4.6 Threat Detection Engine.................................................................................93
2.4.7 Proxy Configuration........................................................................................94
2.4.8 Advanced........................................................................................................95
2.5 F-Secure Content Scanner Server Statistics .............................................................96
2.5.1 Server.............................................................................................................96
2.5.2 Scan Engines .................................................................................................97
2.5.3 Common.........................................................................................................98
2.5.4 Spam Control..................................................................................................98
2.5.5 Virus Statistics................................................................................................99
2.6 F-Secure Management Agent Settings......................................................................99
2.7 F-Secure Automatic Update Agent Settings ............................................................101
Chapter 3 Administration with Web Console 103
3.1 Overview..................................................................................................................104
3.2 Home........................................................................................................................104
3.3 Transport Protection.................................................................................................109
3.3.1 Attachment Filtering......................................................................................111
3.3.2 Virus Scanning .............................................................................................114
3.3.3 Grayware Scanning......................................................................................117
3.3.4 Archive Processing.......................................................................................120
3.3.5 Content Filtering ..........................................................................................123
3.3.6 Other Options...............................................................................................126
3.4 Spam Control...........................................................................................................129
3.4.1 Status ...........................................................................................................130
3.4.2 Settings.........................................................................................................131
3.5 Storage Protection ...................................................................................................135
3.5.1 Real-Time Scanning.....................................................................................137
3.5.2 Manual Scanning .........................................................................................146
3.5.3 Scheduled Scanning ....................................................................................159
3
3.6 Quarantine ...............................................................................................................172
3.6.1 Query............................................................................................................173
3.6.2 Options.........................................................................................................173
3.7 Automatic Updates...................................................................................................181
3.7.1 Communications...........................................................................................183
3.8 General Server Properties .......................................................................................187
3.8.1 Administration...............................................................................................188
3.8.2 Network Configuration .................................................................................194
3.8.3 Notifications..................................................................................................196
3.8.4 Sample Submission......................................................................................197
3.8.5 Engines.........................................................................................................198
3.8.6 Lists and Templates .....................................................................................208
Chapter 4 Quarantine Management 211
4.1 Introduction ..............................................................................................................212
4.1.1 Quarantine Reasons.....................................................................................213
4.2 Configuring Quarantine Options...............................................................................214
4.3 Quarantine Status ....................................................................................................214
4.3.1 Quarantine Logging......................................................................................214
4.4 Searching the Quarantined Content.........................................................................214
4.5 Query Results Page.................................................................................................219
4.5.1 Viewing Details of the Quarantined Message ..............................................220
4.6 Quarantine Operations.............................................................................................221
4.6.1 Reprocessing the Quarantined Content.......................................................223
4.6.2 Releasing the Quarantined Content.............................................................224
4.6.3 Removing the Quarantined Content.............................................................225
4.6.4 Deleting Old Quarantined Content Automatically.........................................225
4
4.7 Moving the Quarantine Storage...............................................................................226
Chapter 5 Updating Virus and Spam Definition Databases 228
Overview..................................................................................................................229
Automatic Updates with F-Secure Automatic Update Agent....................................229
Configuring Automatic Updates ...............................................................................229
AppendixA Variables in Warning Messages 231
List of Variables................................................................................................................ 232
AppendixB Sending E-mail Alerts And Reports 234
B.1 Overview................................................................................................................. 235
B.2 Solution....................................................................................................................235
B.2.1 Creating a Scoped Receive Connector........................................................236
B.2.2 Grant the Relay Permission on the New Scoped Connector........................237
B.2.3 Specify SMTP Server for Alerts and Reports...............................................237
AppendixC Troubleshooting 238
C.1 Overview ..................................................................................................................239
C.2 Starting and Stopping...............................................................................................239
C.3 Viewing the Log File.................................................................................................240
Quarantine Logs...................................................................................................... 240
C.4 Common Problems and Solutions............................................................................240
Checking F-Secure Anti-Virus for Microsoft Exchange........................................... 241
Checking F-Secure Content Scanner Server.......................................................... 242
Checking F-Secure Anti-Virus for Microsoft Exchange Web Console .................... 243
C.4.1 Installing Service Packs................................................................................243
5
C.4.2 Securing the Quarantine...............................................................................244
C.4.3 Administration Issues ...................................................................................244
C.5 Frequently Asked Questions....................................................................................245
Technical Support 246
F-Secure Online Support Resources ............................................................................... 247
Web Club .........................................................................................................................249
Virus Descriptions on the Web .........................................................................................249
About This Guide 7
How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is
divided into the following chapters:
Chapter 1. Using F-Secure Anti-Virus for Microsoft Exchange.
Instructions how to use and administer F-Secure Anti-Virus for Microsoft
Exchange.
Chapter 2. Centrally Managed Administration. Instructions how to
remotely administer F-Secure Anti-Virus for Microsoft Exchange and
F-Secure Content Scanner Server when they have been installed in
centralized administration mode.
Chapter 3. Administration with Web Console. Instructions how to
administer F-Secure Anti-Virus for Microsoft Exchange with the Web
Console.
Chapter 4. Quarantine Management. Instructions how you can manage
and search quarantined mails with the F-Secure Anti-Virus for Microsoft
Exchange Web Console.
Chapter 5. Updating Virus and Spam Definition Databases. Instructions
how to update your virus definition database.
Appendix A. Variables in Warning Messages. Lists variables that can
be included in virus warning messages.
Appendix B. Sending E-mail Alerts And Reports. Instructions how to
configure the product to send alerts to the administrator by e-mail.
Appendix C. Troubleshooting. Solutions to some common problems.
Technical Support. Contains the contact information for assistance.
About F-Secure Corporation. Describes the company background and
products.
8
See the F-Secure Policy Manager Administrator's Guide for detailed
information about installing and using the F-Secure Policy Manager
components:
F-Secure Policy Manager Console, the tool for remote
administration of F-Secure Anti-Virus for Microsoft Exchange.
F-Secure Policy Manager Server, which enables communication
between F-Secure Policy Manager Console and the managed
systems.
CHAPTER 2 9
Conventions Used in F-Secure Guides
This section describes the symbols, fonts, and terminology used in this
manual.
Symbols
An arrow indicates a one-step procedure.
Fonts
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals.
Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names.
Courier New is used for messages on your computer screen.
Courier New bold is used for information that you must type.
WARNING: The warning symbol indicates a situation with a
risk of irreversible destruction to data.
IMPORTANT: An exclamation mark provides important information
that you need to consider.
REFERENCE - A book refers you to related information on the
topic available in another document.
l
NOTE - A note provides additional information that you should
consider.
TIP - A tip provides information that can help you perform a task
more quickly or easily.
10
SMALL CAPS (BLACK) is used for a key or key combination on your
keyboard.
Arial underlined (blue)
is used for user interface links.
Arial italics is used for window and dialog box names.
PDF Document
This manual is provided in PDF (Portable Document Format). The PDF
document can be used for online viewing and printing using Adobe®
Acrobat® Reader. When printing the manual, please print the entire
manual, including the copyright and disclaimer statements.
For More Information
Visit F-Secure at http://www.f-secure.com for documentation, training
courses, downloads, and service and support contacts.
In our constant attempts to improve our documentation, we would
welcome your feedback. If you have any questions, comments, or
suggestions about this or any other F-Secure document, please contact
us at documentation@f-secure.com
.
12
1.1 Administering F-Secure Anti-Virus for Microsoft
Exchange
F-Secure Anti-Virus for Microsoft Exchange can be used either in the
stand-alone mode or in the centrally administered mode, based on your
selections during the installation and the initial setup.
Centralized
Administration
Mode
In the centralized administration mode, you can administer F-Secure
Anti-Virus for Microsoft Exchange with F-Secure Policy Manager.
You can use the F-Secure Anti-Virus for Microsoft Exchange Web
Console to start and stop F-Secure Anti-Virus for Microsoft Exchange,
check its current status and to connect to F-Secure Web Club for support.
In centrally managed installations, F-Secure Anti-Virus for Microsoft
Exchange Web Console cannot be used for configuring the system or
scanning settings, but you can manage the quarantined content with it.
Stand-alone
Mode
You can use F-Secure Anti-Virus for Microsoft Exchange Web Console to
administer the product; monitor the status, modify settings, manage the
quarantine and to start and stop the product if necessary.
CHAPTER 1 13
Using F-Secure Anti-Virus for Microsoft Exchange
1.2 Using Web Console
You can open F-Secure Anti-Virus for Microsoft Exchange Web Console
in any of the following ways:
Go to Windows Start menu > Programs > F-Secure Anti-Virus for
Microsoft Exchange > F-Secure Anti-Virus for Microsoft
Exchange Web Console
Enter the address of F-Secure Anti-Virus for Microsoft Exchange
and the port number in your web browser. Note that the protocol
used is https. For example:
https://127.0.0.1:25023
When the Web Console login page opens, enter your user name and the
password and click Log In. Note that you must have administrator rights
to the host where F-Secure Anti-Virus for Microsoft Exchange Web
Console is installed.
1.2.1 Logging in for the First Time
Before you log in the F-Secure Anti-Virus for Microsoft Exchange Web
Console for the first time, check that javascript and cookies are enabled in
the browser you use.
Microsoft Internet Explorer users:
The address of the F-Secure Anti-Virus for Microsoft Exchange
Web Console, https://127.0.0.1:25023/
, should be added to the
Trusted sites in Internet Explorer Security Options to ensure that
F-Secure Anti-Virus for Microsoft Exchange Web Console works
properly in all environments.
14
When you log in for the first time, your browser displays a Security Alert
dialog window about the security certificate for F-Secure Anti-Virus for
Microsoft Exchange Web Console. You can create a security certificate
for F-Secure Anti-Virus for Microsoft Exchange Web Console before
logging in, and then install the certificate during the login process.
Step 1. Create the security certificate
1. Browse to the F-Secure Anti-Virus for Microsoft Exchange Web
Console installation directory, for example:
C:\Program Files (x86)\F-Secure\Web User Interface\bin\
2. Locate the certificate creation utility, makecert.bat, and double click it
to run the utility.
3. The utility creates a certificate that will be issued to all local IP
addresses, and restarts the F-Secure Anti-Virus for Microsoft
Exchange Web Console service to take the certificate into use.
4. Wait until the utility completes, and the window closes. Now you can
proceed to logging in.
Step 2. Log in and install the security certificate
1. Open F-Secure Anti-Virus for Microsoft Exchange Web Console.
2. The Security Alert about the F-Secure Anti-Virus for Microsoft
Exchange Web Console certificate is displayed. If you install the
certificate now, you will not see the Security Alert window again.
If you are using Internet Explorer 7, click Continue and then
Certificate Error.
3. Click View Certificate to view the certificate information.
4. The Certificate window opens. Click Install Certificate to install the
certificate with the Certificate Import Wizard.
If your company has an established process for creating and
storing certificates, follow that process to create and store the
security certificate for F-Secure Anti-Virus for Microsoft Exchange
Web Console.
CHAPTER 1 15
Using F-Secure Anti-Virus for Microsoft Exchange
5. The Certificate window opens. Click Install Certificate to proceed to
the Certificate Import Wizard.
6. Follow the instructions in the Certificate Import Wizard.
If you are using Internet Explorer 7, in the Place all certificates in the
following store selection, select the Trusted Root Certification
Authorities store.
If you are using Internet Explorer 6, you are prompted to add the new
certificate in the Certificate Root Store when the wizard has
completed. Click Yes to do so.
7. If the Security Alert window is still displayed, click Yes to proceed or
log back in to the F-Secure Anti-Virus for Microsoft Exchange Web
Console.
8. When the login page opens, log in to Web Console with your user
name and the password.
9. The Web Console displays Getting Started page when you log in for
the first time. You can check and configure the following information in
the Getting Started page to complete the installation:
Internal domains and senders
E-mail alerts and reports
Database updates
Product updates
1.2.2 Modifying Settings and Viewing Statistics with Web
Console
To change F-Secure Anti-Virus for Microsoft Exchange settings in
stand-alone mode, open the F-Secure Anti-Virus for Microsoft Exchange
Web Console and select the variables you want to change from the left
pane. For detailed explanations of all variables, see “Administration with
Web Console”, 103.
16
1.2.3 Checking the Product Status
You can check the overall product status on the Home page of F-Secure
Anti-Virus for Microsoft Exchange Web Console. Summary and Services
tabs in the Home page displays an overview of each component status
and most important statistics of the installed F-Secure Anti-Virus for
Microsoft Exchange components. From the Home page you can also
open the product logs and proceed to configure the product components.
1.3 Using F-Secure Policy Manager Console
In the centralized administration mode, you can administer F-Secure
Anti-Virus for Microsoft Exchange with F-Secure Policy Manager. To open
F-Secure Policy Manager Console, select Windows Start menu >
Programs > F-Secure Policy Manager Console.
When the Policy Manager Console opens, go to the Advanced Mode user
interface by selecting View > Advanced Mode.
F-Secure Policy Manager Console is used to create policies for F-Secure
Anti-Virus for Microsoft Exchange installations that are running on
selected hosts or groups of hosts.
For detailed information on installing and using F-Secure Policy Manager
console, see the F-Secure Policy Manager Administrator’s Guide.
1.3.1 Modifying Settings and Viewing Statistics in Centrally
Administered Mode
To change F-Secure Anti-Virus for Microsoft Exchange settings in the
centrally administered mode, follow these instructions:
1. Select F-Secure Anti-Virus for Microsoft Exchange from the
Properties pane.
2. Make sure the Policy tab is selected and assign values to variables
under the Settings branch.
CHAPTER 1 17
Using F-Secure Anti-Virus for Microsoft Exchange
3. Modify settings by assigning new values to the basic leaf node
variables (marked by the leaf icons) shown in the Policy tab of the
Properties pane. For detailed explanations of all variables, see
“F-Secure Anti-Virus for Microsoft Exchange Settings”, 20
Initially, every variable has a default value, which is displayed in gray.
Select the variable from the Properties pane and enter the new value
in the Editor pane to change it. You can either type the new value or
select it from a list box.
Click Clear to revert to the default value or Undo to cancel the most
recent change that has not been distributed.
4. After you have modified settings and cretated a new policy, it must be
distributed to hosts. Choose Distribute from the File menu.
5. After distributing the policy, you have to wait for F-Secure Anti-Virus
for Microsoft Exchange to poll the new policy file. Alternatively, click
Poll the server now in the Server Properties page in F-Secure
Anti-Virus for Microsoft Exchange Web Console.
To view statistics, select the Status tab of the Properties pane. Statistics
are updated periodically and can be reset by choosing Reset Statistics on
the Policy tab of the Properties pane. For more information, see
“F-Secure Anti-Virus for Microsoft Exchange Statistics”, 80.
Settings that are configured during the installation and the
initial setup require that you select the Final check box from the
Product View pane. For more information, see “Changing
Settings That Have Been Modified During Installation or
Upgrade”, 18.
For testing purposes you may also want to change the polling
intervals. To do that, select the domain in F-Secure Policy
Manager console and set the Incoming Packages Polling
Interval and Outgoing Packages Update Interval variables to
30-45 seconds. The variables are located under each of the
two trees in the F-Secure Management Agent / Settings /
Communications branch. Note that since the default polling
interval is 10 minutes, it might take up to 10 minutes for the
new setting to take effect.
18
To manage the quarantined content, use F-Secure Anti-Virus for Microsoft
Exchange Web Console. For more information, see “Quarantine
Management”, 211.
Changing Settings That Have Been Modified During Installation
or Upgrade
If you want to change a setting that has been modified locally during
installation or upgrade, you need to mark the setting as Final in the
restriction editor. The settings descriptions in this manual indicate the
settings for which you need to use the Final restriction. You can also
check in F-Secure Policy Manager Console whether you need to use the
Final restriction for a setting. Do the following:
1. Select the Policy tab and then select the setting you want to check.
2. Select the Status tab to see if the setting has been modified locally.
If the setting is not shown in grayed font in the Status view, then
the product uses the setting from the base policy and therefore
the Final restriction is not needed.
If the setting is shown in normal black font, then the setting has
been modified locally. You must mark the setting as Final when
you change it.
/