F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00 Administrator's Manual

F-Secure Anti-Virus for

Microsoft Exchange

Administrator’s Guide

"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure

product names and symbols/logos are either trademarks or registered trademarks of F-Secure

Corporation. All product names referenced herein are trademarks or registered trademarks of their

respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of

others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,

F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure

Corporation reserves the right to modify specifications cited in this document without prior notice.

Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of

this document may be reproduced or transmitted in any form or by any means, electronic or

mechanical, for any purpose, without the express written permission of F-Secure Corporation.

This product includes software developed by the Apache Software Foundation (http://

This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution

All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the

“Artistic License”.

This product may be covered by one or more F-Secure patents, including the following:

GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233

GB2374260

1

Contents

About This Guide 6

How This Guide Is Organized .............................................................................................. 7

Conventions Used in F-Secure Guides................................................................................ 9

Symbols ...................................................................................................................... 9

Chapter 1 Using F-Secure Anti-Virus for Microsoft Exchange 11

1.1 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................12

1.2 Using Web Console ...................................................................................................13

1.2.1 Logging in for the First Time...........................................................................13

1.2.2 Modifying Settings and Viewing Statistics with Web Console........................15

1.2.3 Checking the Product Status .........................................................................16

1.3 Using F-Secure Policy Manager Console ..................................................................16

1.3.1 Modifying Settings and Viewing Statistics in Centrally Administered Mode ...16

Chapter 2 Centrally Managed Administration 19

2.1 Overview....................................................................................................................20

2.2 F-Secure Anti-Virus for Microsoft Exchange Settings................................................20

2.2.1 General Settings.............................................................................................20

2.2.2 Transport Protection.......................................................................................29

2.2.3 Storage Protection..........................................................................................48

2.3 F-Secure Anti-Virus for Microsoft Exchange Statistics...............................................80

2.3.1 Common.........................................................................................................81

2.3.2 Transport Protection.......................................................................................82

2.3.3 Storage Protection..........................................................................................83

2

2.3.4 Quarantine......................................................................................................85

2.4 F-Secure Content Scanner Server Settings...............................................................86

2.4.1 Interface..........................................................................................................86

2.4.2 Virus Scanning ...............................................................................................87

2.4.3 Virus Statistics................................................................................................90

2.4.4 Database Updates..........................................................................................91

2.4.5 Spam Filtering ................................................................................................92

2.4.6 Threat Detection Engine.................................................................................93

2.4.7 Proxy Configuration........................................................................................94

2.4.8 Advanced........................................................................................................95

2.5 F-Secure Content Scanner Server Statistics .............................................................96

2.5.1 Server.............................................................................................................96

2.5.2 Scan Engines .................................................................................................97

2.5.3 Common.........................................................................................................98

2.5.4 Spam Control..................................................................................................98

2.5.5 Virus Statistics................................................................................................99

2.6 F-Secure Management Agent Settings......................................................................99

2.7 F-Secure Automatic Update Agent Settings ............................................................101

Chapter 3 Administration with Web Console 103

3.1 Overview..................................................................................................................104

3.2 Home........................................................................................................................104

3.3 Transport Protection.................................................................................................109

3.3.1 Attachment Filtering......................................................................................111

3.3.2 Virus Scanning .............................................................................................114

3.3.3 Grayware Scanning......................................................................................117

3.3.4 Archive Processing.......................................................................................120

3.3.5 Content Filtering ..........................................................................................123

3.3.6 Other Options...............................................................................................126

3.4 Spam Control...........................................................................................................129

3.4.1 Status ...........................................................................................................130

3.4.2 Settings.........................................................................................................131

3.5 Storage Protection ...................................................................................................135

3.5.1 Real-Time Scanning.....................................................................................137

3.5.2 Manual Scanning .........................................................................................146

3.5.3 Scheduled Scanning ....................................................................................159

3

3.6 Quarantine ...............................................................................................................172

3.6.1 Query............................................................................................................173

3.6.2 Options.........................................................................................................173

3.7 Automatic Updates...................................................................................................181

3.7.1 Communications...........................................................................................183

3.8 General Server Properties .......................................................................................187

3.8.1 Administration...............................................................................................188

3.8.2 Network Configuration .................................................................................194

3.8.3 Notifications..................................................................................................196

3.8.4 Sample Submission......................................................................................197

3.8.5 Engines.........................................................................................................198

3.8.6 Lists and Templates .....................................................................................208

Chapter 4 Quarantine Management 211

4.1 Introduction ..............................................................................................................212

4.1.1 Quarantine Reasons.....................................................................................213

4.2 Configuring Quarantine Options...............................................................................214

4.3 Quarantine Status ....................................................................................................214

4.3.1 Quarantine Logging......................................................................................214

4.4 Searching the Quarantined Content.........................................................................214

4.5 Query Results Page.................................................................................................219

4.5.1 Viewing Details of the Quarantined Message ..............................................220

4.6 Quarantine Operations.............................................................................................221

4.6.1 Reprocessing the Quarantined Content.......................................................223

4.6.2 Releasing the Quarantined Content.............................................................224

4.6.3 Removing the Quarantined Content.............................................................225

4.6.4 Deleting Old Quarantined Content Automatically.........................................225

4

4.7 Moving the Quarantine Storage...............................................................................226

Chapter 5 Updating Virus and Spam Definition Databases 228

Overview..................................................................................................................229

Automatic Updates with F-Secure Automatic Update Agent....................................229

Configuring Automatic Updates ...............................................................................229

AppendixA Variables in Warning Messages 231

List of Variables................................................................................................................ 232

AppendixB Sending E-mail Alerts And Reports 234

B.1 Overview................................................................................................................. 235

B.2 Solution....................................................................................................................235

B.2.1 Creating a Scoped Receive Connector........................................................236

B.2.2 Grant the Relay Permission on the New Scoped Connector........................237

B.2.3 Specify SMTP Server for Alerts and Reports...............................................237

AppendixC Troubleshooting 238

C.1 Overview ..................................................................................................................239

C.2 Starting and Stopping...............................................................................................239

C.3 Viewing the Log File.................................................................................................240

Quarantine Logs...................................................................................................... 240

C.4 Common Problems and Solutions............................................................................240

Checking F-Secure Anti-Virus for Microsoft Exchange........................................... 241

Checking F-Secure Content Scanner Server.......................................................... 242

Checking F-Secure Anti-Virus for Microsoft Exchange Web Console .................... 243

C.4.1 Installing Service Packs................................................................................243

5

C.4.2 Securing the Quarantine...............................................................................244

C.4.3 Administration Issues ...................................................................................244

C.5 Frequently Asked Questions....................................................................................245

Technical Support 246

F-Secure Online Support Resources ............................................................................... 247

Web Club .........................................................................................................................249

Virus Descriptions on the Web .........................................................................................249

6

ABOUT THIS GUIDE

How This Guide Is Organized...................................................... 7

Conventions Used in F-Secure Guides....................................... 9

About This Guide 7

How This Guide Is Organized

F-Secure Anti-Virus for Microsoft Exchange Administrator's Guide is

divided into the following chapters:

Chapter 1. Using F-Secure Anti-Virus for Microsoft Exchange.

Instructions how to use and administer F-Secure Anti-Virus for Microsoft

Exchange.

Chapter 2. Centrally Managed Administration. Instructions how to

remotely administer F-Secure Anti-Virus for Microsoft Exchange and

F-Secure Content Scanner Server when they have been installed in

centralized administration mode.

Chapter 3. Administration with Web Console. Instructions how to

administer F-Secure Anti-Virus for Microsoft Exchange with the Web

Console.

Chapter 4. Quarantine Management. Instructions how you can manage

and search quarantined mails with the F-Secure Anti-Virus for Microsoft

Exchange Web Console.

Chapter 5. Updating Virus and Spam Definition Databases. Instructions

how to update your virus definition database.

Appendix A. Variables in Warning Messages. Lists variables that can

be included in virus warning messages.

Appendix B. Sending E-mail Alerts And Reports. Instructions how to

configure the product to send alerts to the administrator by e-mail.

Appendix C. Troubleshooting. Solutions to some common problems.

Technical Support. Contains the contact information for assistance.

About F-Secure Corporation. Describes the company background and

products.

8

See the F-Secure Policy Manager Administrator's Guide for detailed

information about installing and using the F-Secure Policy Manager

components:

 F-Secure Policy Manager Console, the tool for remote

administration of F-Secure Anti-Virus for Microsoft Exchange.

 F-Secure Policy Manager Server, which enables communication

between F-Secure Policy Manager Console and the managed

systems.

CHAPTER 2 9

Conventions Used in F-Secure Guides

This section describes the symbols, fonts, and terminology used in this

manual.

Symbols

 An arrow indicates a one-step procedure.

Fonts

Arial bold (blue) is used to refer to menu names and commands, to

buttons and other items in a dialog box.

Arial Italics (blue) is used to refer to other chapters in the manual, book

titles, and titles of other manuals.

Arial Italics (black) is used for file and folder names, for figure and table

captions, and for directory tree names.

Courier New is used for messages on your computer screen.

Courier New bold is used for information that you must type.

WARNING: The warning symbol indicates a situation with a

risk of irreversible destruction to data.

IMPORTANT: An exclamation mark provides important information

that you need to consider.

REFERENCE - A book refers you to related information on the

topic available in another document.

l

NOTE - A note provides additional information that you should

consider.

TIP - A tip provides information that can help you perform a task

more quickly or easily.

10

SMALL CAPS (BLACK) is used for a key or key combination on your

keyboard.

Arial underlined (blue)

is used for user interface links.

Arial italics is used for window and dialog box names.

PDF Document

This manual is provided in PDF (Portable Document Format). The PDF

document can be used for online viewing and printing using Adobe®

Acrobat® Reader. When printing the manual, please print the entire

manual, including the copyright and disclaimer statements.

For More Information

Visit F-Secure at http://www.f-secure.com for documentation, training

courses, downloads, and service and support contacts.

In our constant attempts to improve our documentation, we would

welcome your feedback. If you have any questions, comments, or

suggestions about this or any other F-Secure document, please contact

us at documentation@f-secure.com

.

11

1

USING F-SECURE

A

NTI-VIRUS FOR

M

ICROSOFT EXCHANGE

Administering F-Secure Anti-Virus for Microsoft Exchange........ 12

Using Web Console.................................................................... 13

Using F-Secure Policy Manager Console................................... 16

12

1.1 Administering F-Secure Anti-Virus for Microsoft

Exchange

F-Secure Anti-Virus for Microsoft Exchange can be used either in the

stand-alone mode or in the centrally administered mode, based on your

selections during the installation and the initial setup.

Centralized

Administration

Mode

In the centralized administration mode, you can administer F-Secure

Anti-Virus for Microsoft Exchange with F-Secure Policy Manager.

You can use the F-Secure Anti-Virus for Microsoft Exchange Web

Console to start and stop F-Secure Anti-Virus for Microsoft Exchange,

check its current status and to connect to F-Secure Web Club for support.

In centrally managed installations, F-Secure Anti-Virus for Microsoft

Exchange Web Console cannot be used for configuring the system or

scanning settings, but you can manage the quarantined content with it.

Stand-alone

Mode

You can use F-Secure Anti-Virus for Microsoft Exchange Web Console to

administer the product; monitor the status, modify settings, manage the

quarantine and to start and stop the product if necessary.

CHAPTER 1 13

Using F-Secure Anti-Virus for Microsoft Exchange

1.2 Using Web Console

You can open F-Secure Anti-Virus for Microsoft Exchange Web Console

in any of the following ways:

 Go to Windows Start menu > Programs > F-Secure Anti-Virus for

Microsoft Exchange > F-Secure Anti-Virus for Microsoft

Exchange Web Console

 Enter the address of F-Secure Anti-Virus for Microsoft Exchange

and the port number in your web browser. Note that the protocol

used is https. For example: 

https://127.0.0.1:25023

When the Web Console login page opens, enter your user name and the

password and click Log In. Note that you must have administrator rights

to the host where F-Secure Anti-Virus for Microsoft Exchange Web

Console is installed.

1.2.1 Logging in for the First Time

Before you log in the F-Secure Anti-Virus for Microsoft Exchange Web

Console for the first time, check that javascript and cookies are enabled in

the browser you use.

Microsoft Internet Explorer users:

The address of the F-Secure Anti-Virus for Microsoft Exchange

Web Console, https://127.0.0.1:25023/

, should be added to the

Trusted sites in Internet Explorer Security Options to ensure that

F-Secure Anti-Virus for Microsoft Exchange Web Console works

properly in all environments.

14

When you log in for the first time, your browser displays a Security Alert

dialog window about the security certificate for F-Secure Anti-Virus for

Microsoft Exchange Web Console. You can create a security certificate

for F-Secure Anti-Virus for Microsoft Exchange Web Console before

logging in, and then install the certificate during the login process.

Step 1. Create the security certificate

1. Browse to the F-Secure Anti-Virus for Microsoft Exchange Web

Console installation directory, for example:

C:\Program Files (x86)\F-Secure\Web User Interface\bin\

2. Locate the certificate creation utility, makecert.bat, and double click it

to run the utility.

3. The utility creates a certificate that will be issued to all local IP

addresses, and restarts the F-Secure Anti-Virus for Microsoft

Exchange Web Console service to take the certificate into use.

4. Wait until the utility completes, and the window closes. Now you can

proceed to logging in.

Step 2. Log in and install the security certificate

1. Open F-Secure Anti-Virus for Microsoft Exchange Web Console.

2. The Security Alert about the F-Secure Anti-Virus for Microsoft

Exchange Web Console certificate is displayed. If you install the

certificate now, you will not see the Security Alert window again.

If you are using Internet Explorer 7, click Continue and then

Certificate Error.

3. Click View Certificate to view the certificate information.

4. The Certificate window opens. Click Install Certificate to install the

certificate with the Certificate Import Wizard.

If your company has an established process for creating and

storing certificates, follow that process to create and store the

security certificate for F-Secure Anti-Virus for Microsoft Exchange

Web Console.

CHAPTER 1 15

Using F-Secure Anti-Virus for Microsoft Exchange

5. The Certificate window opens. Click Install Certificate to proceed to

the Certificate Import Wizard.

6. Follow the instructions in the Certificate Import Wizard.

If you are using Internet Explorer 7, in the Place all certificates in the

following store selection, select the Trusted Root Certification

Authorities store.

If you are using Internet Explorer 6, you are prompted to add the new

certificate in the Certificate Root Store when the wizard has

completed. Click Yes to do so.

7. If the Security Alert window is still displayed, click Yes to proceed or

log back in to the F-Secure Anti-Virus for Microsoft Exchange Web

Console.

8. When the login page opens, log in to Web Console with your user

name and the password.

9. The Web Console displays Getting Started page when you log in for

the first time. You can check and configure the following information in

the Getting Started page to complete the installation:

 Internal domains and senders

 E-mail alerts and reports

 Database updates

 Product updates

1.2.2 Modifying Settings and Viewing Statistics with Web

Console

To change F-Secure Anti-Virus for Microsoft Exchange settings in

stand-alone mode, open the F-Secure Anti-Virus for Microsoft Exchange

Web Console and select the variables you want to change from the left

pane. For detailed explanations of all variables, see “Administration with

Web Console”, 103.

16

1.2.3 Checking the Product Status

You can check the overall product status on the Home page of F-Secure

Anti-Virus for Microsoft Exchange Web Console. Summary and Services

tabs in the Home page displays an overview of each component status

and most important statistics of the installed F-Secure Anti-Virus for

Microsoft Exchange components. From the Home page you can also

open the product logs and proceed to configure the product components.

1.3 Using F-Secure Policy Manager Console

In the centralized administration mode, you can administer F-Secure

Anti-Virus for Microsoft Exchange with F-Secure Policy Manager. To open

F-Secure Policy Manager Console, select Windows Start menu >

Programs > F-Secure Policy Manager Console.

When the Policy Manager Console opens, go to the Advanced Mode user

interface by selecting View > Advanced Mode.

F-Secure Policy Manager Console is used to create policies for F-Secure

Anti-Virus for Microsoft Exchange installations that are running on

selected hosts or groups of hosts.

For detailed information on installing and using F-Secure Policy Manager

console, see the F-Secure Policy Manager Administrator’s Guide.

1.3.1 Modifying Settings and Viewing Statistics in Centrally

Administered Mode

To change F-Secure Anti-Virus for Microsoft Exchange settings in the

centrally administered mode, follow these instructions:

1. Select F-Secure Anti-Virus for Microsoft Exchange from the

Properties pane.

2. Make sure the Policy tab is selected and assign values to variables

under the Settings branch.

CHAPTER 1 17

Using F-Secure Anti-Virus for Microsoft Exchange

3. Modify settings by assigning new values to the basic leaf node

variables (marked by the leaf icons) shown in the Policy tab of the

Properties pane. For detailed explanations of all variables, see

“F-Secure Anti-Virus for Microsoft Exchange Settings”, 20

Initially, every variable has a default value, which is displayed in gray.

Select the variable from the Properties pane and enter the new value

in the Editor pane to change it. You can either type the new value or

select it from a list box.

Click Clear to revert to the default value or Undo to cancel the most

recent change that has not been distributed.

4. After you have modified settings and cretated a new policy, it must be

distributed to hosts. Choose Distribute from the File menu.

5. After distributing the policy, you have to wait for F-Secure Anti-Virus

for Microsoft Exchange to poll the new policy file. Alternatively, click

Poll the server now in the Server Properties page in F-Secure

Anti-Virus for Microsoft Exchange Web Console.

To view statistics, select the Status tab of the Properties pane. Statistics

are updated periodically and can be reset by choosing Reset Statistics on

the Policy tab of the Properties pane. For more information, see

“F-Secure Anti-Virus for Microsoft Exchange Statistics”, 80.

Settings that are configured during the installation and the

initial setup require that you select the Final check box from the

Product View pane. For more information, see “Changing

Settings That Have Been Modified During Installation or

Upgrade”, 18.

For testing purposes you may also want to change the polling

intervals. To do that, select the domain in F-Secure Policy

Manager console and set the Incoming Packages Polling

Interval and Outgoing Packages Update Interval variables to

30-45 seconds. The variables are located under each of the

two trees in the F-Secure Management Agent / Settings /

Communications branch. Note that since the default polling

interval is 10 minutes, it might take up to 10 minutes for the

new setting to take effect.

18

To manage the quarantined content, use F-Secure Anti-Virus for Microsoft

Exchange Web Console. For more information, see “Quarantine

Management”, 211.

Changing Settings That Have Been Modified During Installation

or Upgrade

If you want to change a setting that has been modified locally during

installation or upgrade, you need to mark the setting as Final in the

restriction editor. The settings descriptions in this manual indicate the

settings for which you need to use the Final restriction. You can also

check in F-Secure Policy Manager Console whether you need to use the

Final restriction for a setting. Do the following:

1. Select the Policy tab and then select the setting you want to check.

2. Select the Status tab to see if the setting has been modified locally.

 If the setting is not shown in grayed font in the Status view, then

the product uses the setting from the base policy and therefore

the Final restriction is not needed.

 If the setting is shown in normal black font, then the setting has

been modified locally. You must mark the setting as Final when

you change it.

Page is loading ...

F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00 Administrator's Manual

This manual is also suitable for

F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00 Administrator's Manual

Related papers

Other documents