F-Secure Anti-Virus for Microsoft Exchange
F-Secure Anti-Virus for Microsoft Exchange
F-Secure Anti-Virus for Microsoft Exchange
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong><br />
Administrator’s Guide
"F-<strong>Secure</strong>" and the triangle symbol are registered trademarks of F-<strong>Secure</strong> Corporation and F-<strong>Secure</strong><br />
product names and symbols/logos are either trademarks or registered trademarks of F-<strong>Secure</strong><br />
Corporation. All product names referenced herein are trademarks or registered trademarks of their<br />
respective companies. F-<strong>Secure</strong> Corporation disclaims proprietary interest in the marks and names of<br />
others. Although F-<strong>Secure</strong> Corporation makes every ef<strong>for</strong>t to ensure that this in<strong>for</strong>mation is accurate,<br />
F-<strong>Secure</strong> Corporation will not be liable <strong>for</strong> any errors or omission of facts contained herein. F-<strong>Secure</strong><br />
Corporation reserves the right to modify specifications cited in this document without prior notice.<br />
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of<br />
this document may be reproduced or transmitted in any <strong>for</strong>m or by any means, electronic or<br />
mechanical, <strong>for</strong> any purpose, without the express written permission of F-<strong>Secure</strong> Corporation.<br />
Copyright © 1993-2006 F-<strong>Secure</strong> Corporation. All rights reserved.<br />
Portions Copyright © 1991-2006 Kaspersky Lab.<br />
This product includes software developed by the Apache Software Foundation (http://<br />
www.apache.org/). Copyright © 2000-2006 The Apache Software Foundation. All rights reserved.<br />
This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2006 The PHP<br />
Group. All rights reserved.<br />
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution<br />
are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file.<br />
All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the<br />
“Artistic License”.<br />
This product may be covered by one or more F-<strong>Secure</strong> patents, including the following:<br />
GB2353372<br />
GB2374260<br />
GB2366691 GB2366692 GB2366693 GB2367933 GB2368233<br />
12000040-7B15
Contents<br />
About This Guide 9<br />
How This Guide Is Organized ............................................................................................ 10<br />
Conventions Used in F-<strong>Secure</strong> Guides.............................................................................. 12<br />
Symbols .................................................................................................................... 12<br />
Chapter 1 Introduction 14<br />
1.1 Overview ....................................................................................................................15<br />
1.2 How F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Works...........................................16<br />
1.3 Key Features..............................................................................................................19<br />
1.4 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Mail Server and Gateway Products ...........................................21<br />
Chapter 2 Deployment 23<br />
2.1 Installation Modes ......................................................................................................24<br />
2.2 Network Requirements...............................................................................................24<br />
2.3 Deployment Scenarios ...............................................................................................25<br />
2.3.1 Minimum Installation.......................................................................................25<br />
2.3.2 Medium to Large Installation ..........................................................................27<br />
2.3.3 Per<strong>for</strong>mance-Critical Installation.....................................................................28<br />
2.3.4 <strong>Microsoft</strong> <strong>Exchange</strong> Cluster Environment ......................................................30<br />
Chapter 3 Installation 32<br />
3.1 System Requirements................................................................................................33<br />
3.1.1 Minimum System Requirements.....................................................................33<br />
3.1.2 Which SQL Server to Use <strong>for</strong> the Quarantine Database? ..............................35<br />
3
3.1.3 Web Browser Software Requirements ...........................................................36<br />
3.2 Improving Reliability and Per<strong>for</strong>mance ......................................................................37<br />
3.3 Centrally Administered or Stand-alone Installation? ..................................................38<br />
3.4 Installation Overview ..................................................................................................38<br />
3.5 Installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>...............................................40<br />
3.6 After the Installation ...................................................................................................59<br />
3.6.1 Importing Product MIB files to F-<strong>Secure</strong> Policy Manager Console.................59<br />
3.6.2 Configuring the Product..................................................................................60<br />
3.7 Upgrading the Previous Version ................................................................................60<br />
3.8 Upgrading the Evaluation Version..............................................................................63<br />
3.9 Uninstalling F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> ..........................................64<br />
Chapter 4 Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> 65<br />
4.1 Overview ....................................................................................................................66<br />
4.2 Administering F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> .......................................66<br />
4.3 Using the Web Console .............................................................................................67<br />
4.3.1 Logging in <strong>for</strong> the First Time...........................................................................67<br />
4.4 Checking the Product Status......................................................................................70<br />
4.5 Configuring the Web Console ....................................................................................73<br />
4.6 Using F-<strong>Secure</strong> Policy Manager Console ..................................................................74<br />
4.7 Modifying Settings and Viewing Statistics..................................................................75<br />
4.7.1 Centrally Administered Mode .........................................................................75<br />
4.7.2 Stand-alone Mode ..........................................................................................76<br />
4.8 Manually Processing Mailboxes and Public Folders ..................................................77<br />
4.8.1 Centrally Administered Mode .........................................................................77<br />
4.8.2 Stand-alone Mode ..........................................................................................86<br />
4.8.3 Creating Scanning Operations .......................................................................87<br />
4.9 Configuring Alert Forwarding ...................................................................................119<br />
4.9.1 Centrally Administered Mode .......................................................................119<br />
4.9.2 Stand-Alone Mode........................................................................................122<br />
4.10 Viewing Alerts ..........................................................................................................123<br />
4
Chapter 5 Centrally Managed Administration 125<br />
5.1 Overview ..................................................................................................................126<br />
5.2 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Settings ..............................................126<br />
5.2.1 Real-Time Processing ..................................................................................128<br />
5.2.2 Manual Processing.......................................................................................159<br />
5.2.3 Scheduled Processing..................................................................................174<br />
5.2.4 Content Scanner Servers .............................................................................175<br />
5.2.5 Quarantine....................................................................................................178<br />
5.2.6 Reporting......................................................................................................182<br />
5.2.7 Advanced......................................................................................................182<br />
5.3 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Statistics.............................................184<br />
5.3.1 Common.......................................................................................................185<br />
5.3.2 Real-Time Processing ..................................................................................186<br />
5.3.3 Manual Processing.......................................................................................189<br />
5.3.4 Quarantine....................................................................................................192<br />
5.4 F-<strong>Secure</strong> Content Scanner Server Settings.............................................................193<br />
5.4.1 Interface........................................................................................................195<br />
5.4.2 <strong>Virus</strong> Scanning .............................................................................................196<br />
5.4.3 <strong>Virus</strong> Statistics ..............................................................................................199<br />
5.4.4 Database Updates........................................................................................201<br />
5.4.5 Spam Filtering ..............................................................................................202<br />
5.4.6 Threat Detection Engine...............................................................................204<br />
5.4.7 Proxy Configuration......................................................................................205<br />
5.4.8 Advanced......................................................................................................206<br />
5.5 F-<strong>Secure</strong> Content Scanner Server Statistics ...........................................................208<br />
5.5.1 Server...........................................................................................................208<br />
5.5.2 Scan Engines ...............................................................................................209<br />
5.5.3 Common.......................................................................................................210<br />
5.5.4 Spam Control................................................................................................210<br />
5.5.5 <strong>Virus</strong> Statistics ..............................................................................................211<br />
5.6 F-<strong>Secure</strong> Automatic Update Agent Settings ............................................................212<br />
5.7 F-<strong>Secure</strong> Management Agent Settings ....................................................................214<br />
Chapter 6 Administration with Web Console 216<br />
6.1 Overview ..................................................................................................................217<br />
5
6.2 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Settings ..............................................218<br />
6.2.1 Summary ......................................................................................................218<br />
6.2.2 <strong>Virus</strong> Scanning .............................................................................................220<br />
6.2.3 Stripping Attachments ..................................................................................236<br />
6.2.4 Content Filtering ...........................................................................................246<br />
6.2.5 Manual Scanning..........................................................................................253<br />
6.2.6 Quarantine....................................................................................................257<br />
6.2.7 Advanced......................................................................................................267<br />
6.2.8 Internal Domains ..........................................................................................273<br />
6.3 F-<strong>Secure</strong> Content Scanner Server Settings.............................................................275<br />
6.3.1 Summary ......................................................................................................275<br />
6.3.2 Database Updates........................................................................................282<br />
6.3.3 Scan Engines ...............................................................................................284<br />
6.3.4 Proxy Configuration......................................................................................289<br />
6.3.5 Archive Scanning..........................................................................................292<br />
6.3.6 Advanced......................................................................................................295<br />
6.3.7 Interface........................................................................................................297<br />
6.4 F-<strong>Secure</strong> Automatic Update Agent Settings ............................................................298<br />
6.4.1 Summary ......................................................................................................299<br />
6.4.2 Automatic Updates .......................................................................................301<br />
6.4.3 PM Proxies ...................................................................................................303<br />
6.5 F-<strong>Secure</strong> Management Agent Settings ....................................................................304<br />
Chapter 7 Quarantine Management 307<br />
7.1 Introduction ..............................................................................................................308<br />
7.2 Configuring Quarantine Options...............................................................................309<br />
7.3 Searching the Quarantined Content.........................................................................310<br />
7.4 Query Results Page .................................................................................................314<br />
7.5 Viewing Details of a Quarantined Message .............................................................316<br />
7.6 Reprocessing the Quarantined Content...................................................................318<br />
7.7 Releasing the Quarantined Content.........................................................................319<br />
7.8 Removing the Quarantined Content.........................................................................321<br />
7.9 Deleting Old Quarantined Content Automatically.....................................................321<br />
7.10 Quarantine Logging..................................................................................................322<br />
7.11 Quarantine Statistics ................................................................................................323<br />
6
7.12 Moving the Quarantine Storage ...............................................................................324<br />
Chapter 8 Administering F-<strong>Secure</strong> Spam Control 326<br />
8.1 Overview ..................................................................................................................327<br />
8.2 Spam Control Settings in Centrally Managed Environments ...................................328<br />
8.3 Spam Control Settings in Web Console...................................................................331<br />
8.4 Realtime Blackhole List Configuration .....................................................................336<br />
8.4.1 Enabling Realtime Blackhole Lists ...............................................................336<br />
8.4.2 Optimizing F-<strong>Secure</strong> Spam Control Per<strong>for</strong>mance ........................................338<br />
Chapter 9 Updating <strong>Virus</strong> and Spam Definition Databases 340<br />
9.1 Overview ..................................................................................................................341<br />
9.2 Automatic Updates with F-<strong>Secure</strong> Automatic Update Agent....................................341<br />
9.3 Configuring Automatic Updates ...............................................................................342<br />
9.4 Manual Updates .......................................................................................................342<br />
9.4.1 Using FSUPDATE ........................................................................................342<br />
9.4.2 Updating the <strong>Virus</strong> Definition Database Remotely Using LATEST.ZIP ........343<br />
Appendix A Deploying the Product on a Cluster 344<br />
A.1 System and Network Recommendations ................................................................ 345<br />
A.2 Installation Overview ................................................................................................347<br />
A.3 Creating Quarantine Storage ...................................................................................348<br />
A.3.1 Quarantine Storage in Active-Passive Cluster .............................................348<br />
A.3.2 Quarantine Storage in Active-Active Cluster ................................................353<br />
A.4 Installing the Product................................................................................................356<br />
A.4.1 Installing on Active-Passive Cluster .............................................................356<br />
A.4.2 Installing on Active-Active Cluster ................................................................358<br />
A.5 Administering the Cluster Installation with F-<strong>Secure</strong> Policy Manager......................360<br />
A.6 Using the Quarantine in the Cluster Installation.......................................................363<br />
A.7 Troubleshooting .......................................................................................................363<br />
Appendix B Variables in Warning Messages 364<br />
List of Variables................................................................................................................ 365<br />
Outbreak Management Alert Variables ............................................................................ 367<br />
7
Appendix C Services and Processes 368<br />
Chapter D Troubleshooting 374<br />
D.1 Overview ..................................................................................................................375<br />
D.2 Starting and Stopping...............................................................................................375<br />
D.3 Viewing the Log File.................................................................................................375<br />
D.4 Common Problems and Solutions............................................................................376<br />
D.4.1 Installing Service Packs................................................................................379<br />
D.4.2 Securing the Quarantine...............................................................................379<br />
D.4.3 Administration Issues ...................................................................................380<br />
D.5 Frequently Asked Questions ....................................................................................381<br />
D.6 F-<strong>Secure</strong> Automatic Update Agent Troubleshooting................................................386<br />
Technical Support 392<br />
F-<strong>Secure</strong> Online Support Resources ............................................................................... 393<br />
Web Club .........................................................................................................................395<br />
<strong>Virus</strong> Descriptions on the Web .........................................................................................395<br />
8
ABOUT THIS GUIDE<br />
How This Guide Is Organized.................................................... 10<br />
Conventions Used in F-<strong>Secure</strong> Guides ..................................... 13<br />
9
10<br />
How This Guide Is Organized<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Administrator's Guide is<br />
divided into the following chapters:<br />
Chapter 1. Introduction. General in<strong>for</strong>mation about F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and other F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Mail Server and<br />
Gateway products.<br />
Chapter 2. Deployment. Instructions and examples how to set up your<br />
network environment be<strong>for</strong>e you can install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Chapter 3. Installation. Instructions how to install and set up F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Chapter 4. Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Instructions how to use and administer F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>.<br />
Chapter 9. Updating <strong>Virus</strong> and Spam Definition Databases. Instructions<br />
how to update your virus definition database.<br />
Chapter 5. Centrally Managed Administration. Instructions how to<br />
remotely administer F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and<br />
F-<strong>Secure</strong> Content Scanner Server when they have been installed in<br />
centralized administration mode.<br />
Chapter 6. Administration with Web Console. Instructions how to<br />
administer F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> with the Web<br />
Console.<br />
Chapter 8. Administering F-<strong>Secure</strong> Spam Control. General in<strong>for</strong>mation<br />
about and instructions on how to configure F-<strong>Secure</strong> Spam Control.<br />
Appendix A. Deploying the Product on a Cluster. Describes how the<br />
product can be deployed and used on the cluster environment.<br />
Appendix B. Variables in Warning Messages. Lists variables that can<br />
be included in virus warning messages.<br />
Appendix C. Services and Processes. Describes services, devices and<br />
processes of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.
About This Guide 11<br />
Chapter D. Troubleshooting. Solutions to some common problems.<br />
Technical Support. Contains the contact in<strong>for</strong>mation <strong>for</strong> assistance.<br />
About F-<strong>Secure</strong> Corporation. Describes the company background and<br />
products.<br />
See the F-<strong>Secure</strong> Policy Manager Administrator's Guide <strong>for</strong> detailed<br />
in<strong>for</strong>mation about installing and using the F-<strong>Secure</strong> Policy Manager<br />
components:<br />
F-<strong>Secure</strong> Policy Manager Console, the tool <strong>for</strong> remote<br />
administration of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
F-<strong>Secure</strong> Policy Manager Server, which enables communication<br />
between F-<strong>Secure</strong> Policy Manager Console and the managed<br />
systems.
12<br />
Conventions Used in F-<strong>Secure</strong> Guides<br />
Symbols<br />
Fonts<br />
This section describes the symbols, fonts, and terminology used in this<br />
manual.<br />
l<br />
WARNING: The warning symbol indicates a situation with a<br />
risk of irreversible destruction to data.<br />
IMPORTANT: An exclamation mark provides important in<strong>for</strong>mation<br />
that you need to consider.<br />
REFERENCE - A book refers you to related in<strong>for</strong>mation on the<br />
topic available in another document.<br />
NOTE - A note provides additional in<strong>for</strong>mation that you should<br />
consider.<br />
TIP - A tip provides in<strong>for</strong>mation that can help you per<strong>for</strong>m a task<br />
more quickly or easily.<br />
⇒ An arrow indicates a one-step procedure.<br />
Arial bold (blue) is used to refer to menu names and commands, to<br />
buttons and other items in a dialog box.<br />
Arial Italics (blue) is used to refer to other chapters in the manual, book<br />
titles, and titles of other manuals.<br />
Arial Italics (black) is used <strong>for</strong> file and folder names, <strong>for</strong> figure and table<br />
captions, and <strong>for</strong> directory tree names.<br />
Courier New is used <strong>for</strong> messages on your computer screen.
PDF Document<br />
For More In<strong>for</strong>mation<br />
Courier New bold is used <strong>for</strong> in<strong>for</strong>mation that you must type.<br />
SMALL CAPS (BLACK) is used <strong>for</strong> a key or key combination on your<br />
keyboard.<br />
Arial underlined (blue) is used <strong>for</strong> user interface links.<br />
Arial italics is used <strong>for</strong> window and dialog box names.<br />
This manual is provided in PDF (Portable Document Format). The PDF<br />
document can be used <strong>for</strong> online viewing and printing using Adobe®<br />
Acrobat® Reader. When printing the manual, please print the entire<br />
manual, including the copyright and disclaimer statements.<br />
Visit F-<strong>Secure</strong> at http://www.f-secure.com <strong>for</strong> documentation, training<br />
courses, downloads, and service and support contacts.<br />
In our constant attempts to improve our documentation, we would<br />
welcome your feedback. If you have any questions, comments, or<br />
suggestions about this or any other F-<strong>Secure</strong> document, please contact<br />
us at documentation@f-secure.com.<br />
13
1<br />
INTRODUCTION<br />
Overview..................................................................................... 15<br />
How F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Works ........... 16<br />
Key Features .............................................................................. 19<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Mail Server and Gateway Products............ 21<br />
14
1.1 Overview<br />
Malicious code, such as computer viruses, is one of the main threats <strong>for</strong><br />
companies today. In the past, malicious code spread mainly via disks and<br />
the most common viruses were the ones that infected disk boot sectors.<br />
When users began to use office applications with macro capabilities -<br />
such as <strong>Microsoft</strong> Office - to write documents and distribute them via mail<br />
and groupware servers, macro viruses started spreading rapidly.<br />
After the millennium, the most common spreading mechanism has been<br />
the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide<br />
a very fast and efficient way <strong>for</strong> viruses to spread themselves without any<br />
user intervention and that is why e-mail worm outbreaks, like Sober,<br />
Netsky and Bagle, have caused a lot of damage around the world.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Mail Server and Gateway products are designed to<br />
protect your company's mail and groupware servers and to shield the<br />
company network from any malicious code that travels in HTTP or SMTP<br />
traffic. In addition, they protect your company network against spam. The<br />
protection can be implemented on the gateway level to screen all<br />
incoming and outgoing e-mail (SMTP), web surfing (HTTP and<br />
FTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can be<br />
implemented on the mail server level so that it does not only protect<br />
inbound and outbound traffic but also internal mail traffic and public<br />
sources, such as Public Folders on <strong>Microsoft</strong> <strong>Exchange</strong> servers.<br />
Providing the protection already on the gateway level has plenty of<br />
advantages. The protection is easy and fast to set up and install,<br />
compared to rolling out antivirus protection on hundreds or thousands of<br />
workstations. The protection is also invisible to the end users which<br />
ensures that the system cannot be by-passed and makes it easy to<br />
maintain. Of course, protecting the gateway level alone is not enough to<br />
provide a complete antivirus solution; file server and workstation level<br />
protection is needed, also.<br />
Why clean 1000 workstations when you can clean one attachment at the<br />
gateway level?<br />
CHAPTER 1 15<br />
Introduction
16<br />
1.2 How F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Works<br />
Scanning<br />
Attachments and<br />
Message Bodies<br />
Flexible and Scalable<br />
<strong>Anti</strong>-<strong>Virus</strong> Protection<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is designed to detect and<br />
disinfect viruses and other malicious code from e-mail transmissions<br />
through <strong>Microsoft</strong> <strong>Exchange</strong> 2000/2003 Server. Scanning is done in real<br />
time as the mail passes through <strong>Microsoft</strong> <strong>Exchange</strong> Server. On-demand<br />
scanning of user mailboxes and Public Folders is also available.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> scans attachments and<br />
message bodies <strong>for</strong> malicious code. It can also be instructed to remove<br />
particular attachments according to the file name or the file extension. In<br />
addition, it can filter out messages containing keywords that have been<br />
defined as disallowed.<br />
If the intercepted mail contains malicious code, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> can be configured to disinfect or drop the content.<br />
Any malicious code found during the scan process can be placed in the<br />
Quarantine, where it can be further examined. Stripped attachments can<br />
also be placed in the Quarantine <strong>for</strong> further examination.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is installed on <strong>Microsoft</strong><br />
<strong>Exchange</strong> 2000/2003 Server and it intercepts mail traveling through<br />
mailboxes and Public folders. Intercepted attachments and documents<br />
are sent to F-<strong>Secure</strong> Content Scanner Server, which returns disinfected<br />
files back to F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
The two-component product architecture ensures that the anti-virus<br />
protection does not increase the load on the protected system and that<br />
the infected data is never stored on the production network. It also<br />
enables you to implement a server pool, so you can share the traffic load<br />
between multiple F-<strong>Secure</strong> Content Scanner Servers and have backup<br />
servers if the traffic to primary servers stops <strong>for</strong> some reason.
Powerful and Always<br />
Up-to-date<br />
<strong>Virus</strong> and Spam<br />
Outbreak Detection<br />
Stand-alone and<br />
Centralized<br />
Administration Modes<br />
Alerting F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has extensive alerting<br />
functions, which means that the system administrator can specify a<br />
recipient inside the company network to be notified about the infection<br />
found in the data content. Of course, the network administrator can be<br />
notified about the infection also.<br />
Scalability and<br />
Reliability<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> uses the award-winning<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> scanner to ensure the highest possible detection rate<br />
and disinfection capability. The daily F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> signature<br />
database updates provide F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> an<br />
always up-to-date protection capability.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> scanner consistently ranks at the top when compared<br />
to competing products. Our team of dedicated virus researchers is on call<br />
24-hours a day responding to new and emerging threats. In fact,<br />
F-<strong>Secure</strong> is one of the only companies to release tested virus definition<br />
updates on a daily basis, to make sure our customers are receiving the<br />
highest quality service and protection.<br />
Massive spam and virus outbreaks consist of millions of messages which<br />
share at least one identifiable pattern that can be used to distinguish the<br />
outbreak. Any message that contains one or more of these patterns can<br />
be assumed to be a part of the same spam or virus outbreak.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can identify these patterns<br />
from the message envelope, headers and body, in any language,<br />
message <strong>for</strong>mat and encoding type. It can detect spam messages and<br />
new viruses during the first minutes of the outbreak.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be installed either in<br />
stand-alone or centrally administered mode. Depending on how it has<br />
been installed, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is managed<br />
either with the Web Console or F-<strong>Secure</strong> Policy Manager.<br />
F-<strong>Secure</strong> Policy Manager provides a scalable way to manage the security<br />
of multiple applications on multiple operating systems, from one central<br />
location. F-<strong>Secure</strong> Policy Manager is comprised of two components,<br />
F-<strong>Secure</strong> Policy Manager Console and F-<strong>Secure</strong> Policy Manager Server,<br />
CHAPTER 1 17<br />
Introduction
18<br />
which are used to administer applications. They are seamlessly<br />
integrated with the F-<strong>Secure</strong> Management Agents that handle all<br />
management functions on local hosts.<br />
Easy to Administer If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is installed in stand-alone<br />
mode it can be managed with the web-based user interface. With Web<br />
Console, you can configure F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
settings, set up scheduled scans or run manual processes any time you<br />
want.<br />
If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has been installed in<br />
centrally administered configuration, it is managed with F-<strong>Secure</strong> Policy<br />
Manager. With its graphical user interface, F-<strong>Secure</strong> Policy Manager<br />
Console provides a centralized view of the domains and hosts in your<br />
network and lets you configure the security policies <strong>for</strong> all F-<strong>Secure</strong><br />
components. F-<strong>Secure</strong> Policy Manager receives status in<strong>for</strong>mation from<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
F-<strong>Secure</strong> Policy Manager Server is the server side component that<br />
handles communication between F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> and F-<strong>Secure</strong> Policy Manager Console. It exchanges security<br />
policies, software updates, status in<strong>for</strong>mation, statistics, alerts, and other<br />
in<strong>for</strong>mation between F-<strong>Secure</strong> Policy Manager Console and all managed<br />
systems.<br />
Figure 1-1 (1) E-mail arrives from the Internet to F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>, which (2) filters malicious content from mails and attachments, and (3)<br />
delivers cleaned files <strong>for</strong>ward.
1.3 Key Features<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> provides the following<br />
features and capabilities.<br />
Superior Protection Superior detection rate with multiple scanning engines.<br />
Automatic malicious code detection and disinfection.<br />
<strong>Virus</strong> Outbreak<br />
Detection<br />
Heuristic scanning detects also unknown Windows and macro<br />
viruses.<br />
Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,<br />
RAR, TAR, TGZ, Z and ZIP archive files.<br />
Automatic daily virus definition database updates.<br />
Suspicious and unsafe attachments can be stripped away from<br />
e-mails.<br />
Password protected archives can be treated as unsafe.<br />
Intelligent file type recognition.<br />
Message filtering based on keywords in message subjects and<br />
text.<br />
Utilizes the low-level <strong>Anti</strong>-<strong>Virus</strong> API (AV API 2.0) <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> 2000 Server, and AV AP 2.5 <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
2003 Server.<br />
The virus outbreak detection is an additional active layer of<br />
protection that automatically detects virus outbreaks and<br />
quarantines suspicious messages.<br />
<strong>Virus</strong> outbreaks are transparently detected and infected<br />
messages are quarantined be<strong>for</strong>e the outbreak becomes<br />
widespread.<br />
The product can notify the administrator about virus outbreaks.<br />
Quarantined unsafe messages can be reprocessed<br />
automatically.<br />
CHAPTER 1 19<br />
Introduction
20<br />
Transparency and<br />
Scalability<br />
<strong>Virus</strong>es are intercepted be<strong>for</strong>e they can enter the network and<br />
spread out on workstations and servers.<br />
Real-time scanning of internal, inbound and outbound mail<br />
messages and Public Folder notes.<br />
Automatic protection of new mailboxes and Public Folders.<br />
Total transparency to end-users. Users cannot bypass the<br />
system, which means that messages and documents cannot be<br />
exchanged without scanning.<br />
Support <strong>for</strong> Windows 2000 Advanced Server or Windows Server<br />
2003 clusters. Both Active-Passive and Active-Active clusters are<br />
supported.<br />
Management Controlling and monitoring the behavior of the products remotely.<br />
Protection against<br />
Spam<br />
Starting predefined operations remotely.<br />
Monitoring statistics provided by the products remotely with<br />
F-<strong>Secure</strong> Policy Manager or F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console.<br />
Possibility to configure and manage stand-alone installations with<br />
the convenient F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console.<br />
Contains new quarantine management features: you can manage<br />
and search quarantined content with the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console.<br />
Possible spam messages are transparently detected be<strong>for</strong>e they<br />
become widespread.<br />
Efficient spam detection based on different analyses on the<br />
e-mail content.<br />
Multiple filtering mechanisms guarantee the high accuracy of<br />
spam detection.<br />
Spam detection works in every language and message <strong>for</strong>mat.
1.4 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Mail Server and Gateway<br />
Products<br />
The F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> product line consists of workstation, file server,<br />
mail server, gateway and mobile products.<br />
F-<strong>Secure</strong> Internet Gatekeeper is a high per<strong>for</strong>mance, totally<br />
automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP)<br />
virus scanning solution <strong>for</strong> the gateway level. F-<strong>Secure</strong> Internet<br />
Gatekeeper works independently of firewall and e-mail server<br />
solutions, and does not affect their per<strong>for</strong>mance.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> protects your<br />
<strong>Microsoft</strong> <strong>Exchange</strong> users from malicious code contained within<br />
files they receive in mail messages and documents they open<br />
from shared databases. Malicious code is also stopped in<br />
outbound messages and in notes being posted on Public Folders.<br />
The product operates transparently and scans files in the<br />
<strong>Exchange</strong> Server In<strong>for</strong>mation Store in real-time. Manual and<br />
scheduled scanning of user mailboxes and Public Folders is also<br />
supported.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> MIMEsweeper provides a powerful<br />
anti-virus scanning solution that tightly integrates with Clearswift<br />
MIMEsweeper <strong>for</strong> SMTP and MIMEsweeper <strong>for</strong> Web products.<br />
F-<strong>Secure</strong> provides top-class anti-virus software with fast and<br />
simple integration to Clearswift MAILsweeper and WEBsweeper,<br />
giving the corporation the powerful combination of complete<br />
content security.<br />
F-<strong>Secure</strong> Internet Gatekeeper <strong>for</strong> Linux provides a<br />
high-per<strong>for</strong>mance solution at the Internet gateway level, stopping<br />
viruses and other malicious code be<strong>for</strong>e the spread to end users<br />
desktops or corporate servers. The product scans SMTP, HTTP,<br />
FTP and POP3 traffic <strong>for</strong> viruses, worms and trojans, and blocks<br />
and filters out specified file types. ActiveX and Java code can<br />
also be scanned or blocked. The product receives updates<br />
CHAPTER 1 21<br />
Introduction
22<br />
automatically from F-<strong>Secure</strong>, keeping the virus protection always<br />
up to date. A powerful and easy-to-use management console<br />
simplifies the installation and configuration of the product.<br />
F-<strong>Secure</strong> Messaging Security Gateway delivers the<br />
industry’s most complete and effective security <strong>for</strong> e-mail. It<br />
combines a robust enterprise-class messaging plat<strong>for</strong>m with<br />
perimeter security, antispam, antivirus, secure messaging and<br />
outbound content security capabilities in an easy-to-deploy,<br />
hardened appliance.
2<br />
DEPLOYMENT<br />
Installation Modes....................................................................... 24<br />
Network Requirements............................................................... 24<br />
Deployment Scenarios ............................................................... 25<br />
23
24<br />
2.1 Installation Modes<br />
2.2 Network Requirements<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be installed either in<br />
stand-alone or centrally administered mode. In stand-alone installation,<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is managed with Web<br />
Console. In centrally administered mode, it is managed centrally with<br />
F-<strong>Secure</strong> Policy Manager components: F-<strong>Secure</strong> Policy Manager Server<br />
and F-<strong>Secure</strong> Policy Manager Console.<br />
To administer F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> in the centrally<br />
administered mode, you have to install the following components:<br />
F-<strong>Secure</strong> Policy Manager Server (on a dedicated machine)<br />
F-<strong>Secure</strong> Policy Manager Console (on the administrator's<br />
machine)<br />
This network configuration is valid <strong>for</strong> all scenarios described in this<br />
chapter. Make sure that the following network traffic can travel:<br />
Service Process Inbound ports Outbound ports<br />
F-<strong>Secure</strong> Content Scanner<br />
Server<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console<br />
F-<strong>Secure</strong> Automatic<br />
Update Agent<br />
%ProgramFiles%\F-<strong>Secure</strong>\<br />
Content Scanner Server\<br />
fsavsd.exe<br />
%ProgramFiles%\F-<strong>Secure</strong>\<br />
Web User Interface\<br />
bin\fswebuid.exe<br />
18971 (TCP) +<br />
1024-65536 (TCP), only<br />
with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> Internet Mail on a<br />
separate host<br />
F-<strong>Secure</strong> Automatic Update.exe 371 (UDP), only if<br />
BackWeb Polite Protocol<br />
is used<br />
DNS (53, UDP/TCP),<br />
HTTP (80) or other known<br />
port used <strong>for</strong> HTTP proxy<br />
25023 DNS (53, UDP and TCP),<br />
1433 (TCP), only with the<br />
dedicated SQL server<br />
DNS (53, UDP and TCP),<br />
HTTP (80)
Service Process Inbound ports Outbound ports<br />
FSNRB %ProgramFiles%\F-<strong>Secure</strong>\<br />
Common\fnrb32.exe<br />
FSMA (AMEH) %ProgramFiles%\F-<strong>Secure</strong>\<br />
Common\fameh32.exe<br />
F-<strong>Secure</strong> Quarantine<br />
Manager<br />
%ProgramFiles%\F-<strong>Secure</strong>\<br />
Quarantine Manager\fqm.exe<br />
2.3 Deployment Scenarios<br />
2.3.1 Minimum Installation<br />
- DNS (53, UDP/TCP),<br />
HTTP (80)<br />
- DNS (53, UDP/TCP),<br />
SMTP (25)<br />
- DNS (53, UDP/TCP),<br />
1433 (TCP), only with the<br />
dedicated SQL server<br />
Depending on the number of protected systems and the amount of data<br />
traffic, you might consider various scenarios of deploying F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. There are various ways to deploy<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> that are suitable to different<br />
environments.<br />
If the mail traffic is not very heavy, see “Minimum Installation”, 25.<br />
If the mail traffic is rather heavy, see “Medium to Large<br />
Installation”, 27.<br />
For very large, per<strong>for</strong>mance-critical installations, see<br />
“Per<strong>for</strong>mance-Critical Installation”, 28.<br />
For <strong>Microsoft</strong> <strong>Exchange</strong> Cluster Environments, see “<strong>Microsoft</strong><br />
<strong>Exchange</strong> Cluster Environment”, 30.<br />
If the mail traffic is not very heavy, you can install F-<strong>Secure</strong> Content<br />
Scanner Server on the same machine that runs <strong>Microsoft</strong> <strong>Exchange</strong><br />
Server. In this case, both F-<strong>Secure</strong> Content Scanner Server and<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> will reside on the <strong>Microsoft</strong><br />
<strong>Exchange</strong> Server.<br />
CHAPTER 2 25<br />
Deployment
26<br />
You can administer F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and<br />
F-<strong>Secure</strong> Content Scanner Server by using the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console.<br />
Figure 2-1 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> minimum installation<br />
Alternatively, you can choose to install F-<strong>Secure</strong> Policy Manager to<br />
enable centralized administration of F-<strong>Secure</strong> Content Scanner Server<br />
and F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.
2.3.2 Medium to Large Installation<br />
If the mail traffic is rather heavy, F-<strong>Secure</strong> Content Scanner Server should<br />
be installed on a dedicated machine. This minimizes the extra load on the<br />
<strong>Microsoft</strong> <strong>Exchange</strong> Server.<br />
You should install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> in<br />
centralized administration mode on each <strong>Microsoft</strong> <strong>Exchange</strong> Server.<br />
Figure 2-2 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>, medium to large<br />
installation<br />
CHAPTER 2 27<br />
Deployment
28<br />
2.3.3 Per<strong>for</strong>mance-Critical Installation<br />
In very large, per<strong>for</strong>mance-critical installations you should use multiple<br />
F-<strong>Secure</strong> Content Scanner Server installations. Each F-<strong>Secure</strong> Content<br />
Scanner Server should be installed on a dedicated machine. F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can share the virus scanning load<br />
between multiple F-<strong>Secure</strong> Content Scanner Servers.<br />
Figure 2-3 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> with multiple F-<strong>Secure</strong><br />
Content Scanner Servers
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> should be installed in<br />
centralized administration mode on each <strong>Microsoft</strong> <strong>Exchange</strong> Server.<br />
Figure 2-4 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> installed on each<br />
<strong>Microsoft</strong> <strong>Exchange</strong> Server<br />
CHAPTER 2 29<br />
Deployment
30<br />
2.3.4 <strong>Microsoft</strong> <strong>Exchange</strong> Cluster Environment<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be installed on a<br />
Windows 2000 Advanced Server or Windows Server 2003 Enterprise<br />
Edition cluster. The product supports standard two-node Active-Passive<br />
and Active-Active clusters.<br />
<strong>Microsoft</strong> <strong>Exchange</strong> needs to be properly configured and running in<br />
the cluster be<strong>for</strong>e installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> needs to be installed<br />
separately on both cluster nodes. When installing in <strong>Microsoft</strong> <strong>Exchange</strong><br />
cluster environment, the product must be installed in centrally managed<br />
mode, so that you can configure and manage the product with F-<strong>Secure</strong><br />
Policy Manager. Changing the product settings with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console is not supported in cluster<br />
environments, but it can be used <strong>for</strong> some quarantine management<br />
functions.<br />
The settings on both cluster nodes must be identical. To ensure this,<br />
place the servers as their own domain in the F-<strong>Secure</strong> Policy Manager<br />
Console and configure all the settings on the domain level, not on the<br />
host level.<br />
It is recommended to install a local F-<strong>Secure</strong> Content Scanner Server on<br />
both cluster nodes. However, if a remote F-<strong>Secure</strong> Content Scanner<br />
Server is used, the dedicated IP address of each cluster node must be<br />
visible to the remote F-<strong>Secure</strong> Content Scanner Server.<br />
When installing the product, the setup program detects <strong>Microsoft</strong><br />
<strong>Exchange</strong> Cluster automatically. The setup program also creates a cluster<br />
resource <strong>for</strong> the product automatically. The cluster resource makes it<br />
possible to use the product in the cluster, by giving the control of the<br />
resource to the cluster service. This and other resources together<br />
guarantee that the product works properly in the cluster in every situation.<br />
You can check the state of the resource in <strong>Microsoft</strong> Cluster Administrator<br />
console, under the same branch where the <strong>Exchange</strong> resources reside.<br />
For detailed instructions, see “Deploying the Product on a Cluster”, 344.
A Note about Installing on Active-Passive Cluster<br />
The product can be installed either on an active or a passive cluster node.<br />
When installing on a passive node (which does not have active <strong>Microsoft</strong><br />
<strong>Exchange</strong> services), the setup program may display a notification about<br />
missing <strong>Microsoft</strong> <strong>Exchange</strong> components, but the installation can be<br />
continued.<br />
CHAPTER 2 31<br />
Deployment
3<br />
INSTALLATION<br />
System Requirements ................................................................ 33<br />
Improving Reliability and Per<strong>for</strong>mance....................................... 37<br />
Installation Overview .................................................................. 38<br />
Installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> ............... 40<br />
After the Installation.................................................................... 59<br />
Upgrading the Previous Version................................................. 60<br />
Upgrading the Evaluation Version .............................................. 63<br />
Uninstalling F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>........... 64<br />
32
3.1 System Requirements<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is installed on the computer<br />
running <strong>Microsoft</strong> <strong>Exchange</strong> Server and requires the following hardware<br />
and software.<br />
3.1.1 Minimum System Requirements<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has to be installed to the<br />
same machine that runs <strong>Microsoft</strong> <strong>Exchange</strong> Server. You need to log in<br />
with administrator-level privileges to install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>.<br />
In order to install the product successfully on a non-english version<br />
of the operating system, your default system locale should be the<br />
same as the language of the operating system. You can set the<br />
locale in Control Panel > Regional Options > General > Your locale<br />
(location).<br />
Operating system: <strong>Microsoft</strong>® Windows 2000 Server with<br />
the latest service pack<br />
<strong>Microsoft</strong>® Windows 2000 Advanced<br />
Server with the latest service pack<br />
<strong>Microsoft</strong>® Windows Server 2003,<br />
Standard Edition with latest service pack<br />
<strong>Microsoft</strong>® Windows Server 2003,<br />
Enterprise Edition with latest service<br />
pack<br />
<strong>Microsoft</strong>® Windows Server 2003 R2,<br />
Standard Edition<br />
<strong>Microsoft</strong>® Windows Server 2003 R2,<br />
Enterprise Edition<br />
<strong>Microsoft</strong> <strong>Exchange</strong><br />
Server:<br />
<strong>Microsoft</strong>® <strong>Exchange</strong> Server 2000 with<br />
Service Pack 3 or later<br />
<strong>Microsoft</strong>® <strong>Exchange</strong> Server 2003<br />
Processor: Intel Pentium 4 2GHz or faster<br />
CHAPTER 3 33<br />
Installation
34<br />
Memory: 1 GB<br />
Disk space to install: 260 MB<br />
Disk space <strong>for</strong><br />
processing:<br />
SQL server (<strong>for</strong><br />
quarantine<br />
database):<br />
F-<strong>Secure</strong> Policy<br />
Manager version:<br />
10 GB or more. The required disk space<br />
depends on the number of mailboxes, amount of<br />
data traffic and the size of the In<strong>for</strong>mation Store.<br />
<strong>Microsoft</strong> SQL Server 2000 (Enterprise,<br />
Standard or Workgroup edition) with<br />
Service Pack 4<br />
<strong>Microsoft</strong> SQL Server 2000 Desktop<br />
Engine (MSDE) with Service Pack 4<br />
<strong>Microsoft</strong> SQL Server 2005 (Enterprise,<br />
Standard, Workgroup or Express<br />
edition)<br />
For more in<strong>for</strong>mation, see “Which SQL Server to<br />
Use <strong>for</strong> the Quarantine Database?”, 35.<br />
When centralized quarantine management is<br />
used, the SQL server must be reachable from<br />
the network and file sharing must be enabled.<br />
F-<strong>Secure</strong> Policy Manager 6.0 or newer.<br />
F-<strong>Secure</strong> Policy Manager is required only in<br />
centrally managed environments.<br />
For <strong>Microsoft</strong> Windows Server 2003 Service Pack 1 related support<br />
in<strong>for</strong>mation, see<br />
http://support.f-secure.com/enu/corporate/w2003sp1/<br />
The release notes document contains the latest in<strong>for</strong>mation about<br />
the product and might have changes to system requirements and<br />
the installation procedure. It is highly recommended to read the<br />
release notes be<strong>for</strong>e you proceed with the installation.
3.1.2 Which SQL Server to Use <strong>for</strong> the Quarantine Database?<br />
<strong>Microsoft</strong> SQL Server<br />
Desktop Engine and<br />
SQL Server 2005<br />
Express Edition<br />
As a minimum requirement, the Quarantine database should have the<br />
capacity to store in<strong>for</strong>mation about all inbound and outbound mail to and<br />
from your organization that would normally be sent during 2-3 days.<br />
Take into account the following SQL server specific considerations when<br />
deciding which SQL server to use:<br />
When using <strong>Microsoft</strong> SQL Server Desktop Engine (MSDE), the<br />
Quarantine database size is limited to 2 GB.<br />
MSDE includes a concurrent workload governor that limits the<br />
scalability of MSDE. For more in<strong>for</strong>mation, see<br />
http://msdn.microsoft.com/library/?url=/library/en-us/architec/<br />
8_ar_sa2_0ciq.asp?frame=true.<br />
It is not recommended to use MSDE or SQL Server 2005<br />
Express Edition if you are planning to use centralized quarantine<br />
management with multiple F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> installations.<br />
MSDE is delivered together with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>, and you can install it during the F-<strong>Secure</strong><br />
Internet <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Setup. For more<br />
in<strong>for</strong>mation, see “Installation Overview”, 38.<br />
CHAPTER 3 35<br />
Installation
36<br />
<strong>Microsoft</strong> SQL<br />
Server 2000/2005<br />
If your organization sends a large amount of e-mails, it is<br />
recommended to use <strong>Microsoft</strong> SQL Server 2000/2005.<br />
It is recommended to use <strong>Microsoft</strong> SQL Server 2000/2005 if you<br />
are planning to use centralized quarantine management with<br />
multiple F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> installations.<br />
For more in<strong>for</strong>mation, see “Per<strong>for</strong>mance-Critical Installation”, 28.<br />
Note that the product does not support Windows Authentication<br />
when connecting to <strong>Microsoft</strong> SQL Server 2000/2005. The<br />
<strong>Microsoft</strong> SQL Server 2000/2005 that the product will use <strong>for</strong> the<br />
Quarantine database should be configured to use Mixed Mode<br />
authentication.<br />
If you plan to use <strong>Microsoft</strong> SQL Server 2005, you must<br />
purchase it and obtain your own license be<strong>for</strong>e you start to<br />
deploy F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. To<br />
purchase <strong>Microsoft</strong> SQL Server 2005, contact your <strong>Microsoft</strong><br />
reseller.<br />
3.1.3 Web Browser Software Requirements<br />
In order to administer the product with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console, one of the following web browsers is required:<br />
<strong>Microsoft</strong> Internet Explorer 6.0 or later<br />
Netscape Communicator 8.1 or later<br />
Mozilla Firefox 1.5 or later<br />
Opera 9.00 or later<br />
Konqueror 3.5 or later<br />
Any other web browser supporting HTTP 1.0, SSL, Java scripts and<br />
cookies may be used as well. <strong>Microsoft</strong> Internet Explorer 5.5 or earlier<br />
cannot be used to administer the product.
3.2 Improving Reliability and Per<strong>for</strong>mance<br />
You can improve the system reliability and overall per<strong>for</strong>mance by<br />
upgrading the following components.<br />
Processor If the system load is high, a fast processor on the <strong>Microsoft</strong> <strong>Exchange</strong><br />
Server speeds up the e-mail message processing. As <strong>Microsoft</strong><br />
<strong>Exchange</strong> Server handles a large amount of data, a fast processor alone<br />
is not enough to guarantee a fast operation of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Memory Memory consumption is directly proportional to the size of processed<br />
mails - scanning a single mail may use memory in amounts up to three<br />
times the size of the mail concerned. If the average size of mail messages<br />
is big, or <strong>Microsoft</strong> <strong>Exchange</strong> Server has to process large messages<br />
regularly, increasing the amount of physical memory increases the overall<br />
per<strong>for</strong>mance.<br />
If large messages are processed only now and then, it might be enough<br />
to increase the size of the virtual memory. In this case, large messages<br />
will slow the system down.<br />
Hard Drive Hard drive size is an important reliability factor. Hard drive per<strong>for</strong>mance is<br />
crucial <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Server to per<strong>for</strong>m well. For best<br />
per<strong>for</strong>mance, a RAID system is recommended; <strong>for</strong> servers with only<br />
moderate load, SCSI hard disks are adequate. If your server has an IDE<br />
hard disk, DMA access support is recommended.<br />
Operating System It is highly recommended to have the latest service packs <strong>for</strong> the<br />
operating system being used. These fixes make the plat<strong>for</strong>m more stable<br />
and thus increase the reliability of the system.<br />
CHAPTER 3 37<br />
Installation
38<br />
3.3 Centrally Administered or Stand-alone<br />
Installation?<br />
3.4 Installation Overview<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be managed either with<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console or F-<strong>Secure</strong><br />
Policy Manager Console. You can select the management method when<br />
you install the product.<br />
If you already use F-<strong>Secure</strong> Policy Manager to administer other F-<strong>Secure</strong><br />
products, it is recommended to install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> in centralized administration mode.<br />
The quarantined mails are managed using the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console in both centrally administered and<br />
stand-alone installations. In centrally managed environments all other<br />
features are managed with F-<strong>Secure</strong> Policy Manager.<br />
When installing in <strong>Microsoft</strong> <strong>Exchange</strong> cluster environment, the<br />
product must be installed in centrally managed mode, so that you<br />
can configure and manage the product with F-<strong>Secure</strong> Policy<br />
Manager.<br />
Be<strong>for</strong>e you start to install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>,<br />
uninstall any potentially conflicting products, such as anti-virus, file<br />
encryption, and disk encryption software that employ low-level device<br />
drivers. Close all Windows applications be<strong>for</strong>e starting the installation.
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be installed to the same<br />
computer that runs F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> Servers 5.50. You should<br />
uninstall any potentially conflicting products, such as other anti-virus, file<br />
encryption, and disk encryption software, which employ low-level device<br />
drivers, be<strong>for</strong>e you install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
If you want to run F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> Servers 5.50 on the same<br />
computer where you install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>, make sure that F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> Servers 5.50 is<br />
installed be<strong>for</strong>e you install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>.<br />
To administer F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> in centralized<br />
administration mode, you need to install F-<strong>Secure</strong> Policy Manager<br />
Console and F-<strong>Secure</strong> Policy Manager Server. Detailed in<strong>for</strong>mation on<br />
F-<strong>Secure</strong> Policy Manager Console and F-<strong>Secure</strong> Policy Manager Server<br />
is provided in the F-<strong>Secure</strong> Policy Manager Administrator's Guide.<br />
Follow these steps to set up F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>:<br />
Centralized Administration mode:<br />
1. Run F-<strong>Secure</strong> Policy Manager setup to set up F-<strong>Secure</strong> Policy<br />
Manager Server. See F-<strong>Secure</strong> Policy Manager Administrator’s<br />
Guide <strong>for</strong> instructions.<br />
2. Install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. For more<br />
in<strong>for</strong>mation, see “Installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>”, 40.<br />
3. Import the product MIB files to F-<strong>Secure</strong> Policy Manager, if they<br />
cannot be uploaded there during the installation. For more<br />
in<strong>for</strong>mation, see “Importing Product MIB files to F-<strong>Secure</strong> Policy<br />
Manager Console”, 59.<br />
4. Check that F-<strong>Secure</strong> Automatic Update Agent can retrieve the latest<br />
virus definition databases. For more in<strong>for</strong>mation, see “Updating <strong>Virus</strong><br />
and Spam Definition Databases”, 340.<br />
CHAPTER 3 39<br />
Installation
40<br />
Stand-alone mode:<br />
1. Install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. For more<br />
in<strong>for</strong>mation, see “Installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>”, 40.<br />
2. Check that F-<strong>Secure</strong> Automatic Update Agent can retrieve the latest<br />
virus definition databases. For more in<strong>for</strong>mation, see “Updating <strong>Virus</strong><br />
and Spam Definition Databases”, 340.<br />
After the installation is complete, check and configure settings <strong>for</strong><br />
F-<strong>Secure</strong> Content Scanner Server, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> and F-<strong>Secure</strong> Management Agent.<br />
3.5 Installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong><br />
Follow these instructions to install F-<strong>Secure</strong> Content Scanner Server and<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Step 1. 1. Insert the F-<strong>Secure</strong> CD in your CD-ROM drive.<br />
2. Select F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> from the Install<br />
Software menu.<br />
Step 2. Read the in<strong>for</strong>mation in the Welcome screen.
Click Next to continue.<br />
Step 3. Read the licence agreement.<br />
CHAPTER 3 41<br />
Installation
42<br />
If you accept the agreement, check the I accept the agreement<br />
checkbox and click Next to continue.<br />
Step 4. Enter the product keycode.<br />
Click Next to continue.
Step 5. Choose the components to install.<br />
If you want to install F-<strong>Secure</strong> Content Scanner Server and F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> on the <strong>Microsoft</strong> <strong>Exchange</strong> Server<br />
computer, select all components. Click Next to continue.<br />
When you install F-<strong>Secure</strong> Spam Control, or F-<strong>Secure</strong> Content<br />
Scanner Server in stand-alone mode, F-<strong>Secure</strong> Automatic Update<br />
Agent is automatically installed to provide virus definition database<br />
updates. For more in<strong>for</strong>mation, see “Automatic Updates with<br />
F-<strong>Secure</strong> Automatic Update Agent”, 341.<br />
CHAPTER 3 43<br />
Installation
44<br />
Step 6. Choose the destination folder <strong>for</strong> the installation.<br />
Click Next to continue.
Step 7. Choose the administration method.<br />
If you install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> in stand-alone<br />
mode, you cannot configure settings and receive alerts and status<br />
in<strong>for</strong>mation in F-<strong>Secure</strong> Policy Manager Console. Click Next to continue.<br />
If you selected the stand-alone installation, continue to Step 10. , 48.<br />
If you select the stand-alone mode, use the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console to change product settings and<br />
statistics. For more in<strong>for</strong>mation, see “Administration with Web<br />
Console”, 216.<br />
CHAPTER 3 45<br />
Installation
46<br />
Step 8. Enter the path to the public management key file admin.pub that was<br />
created during F-<strong>Secure</strong> Policy Manager Console setup.<br />
You can transfer the public key in various ways (use a shared folder on<br />
the file server, a floppy disk, or send the key as an attachment in an<br />
e-mail message). Click Next to continue.
Step 9. Enter the IP address or URL of the F-<strong>Secure</strong> Policy Manager Server you<br />
installed earlier.<br />
Click Next to continue.<br />
If the product MIB files cannot be uploaded to F-<strong>Secure</strong> Policy<br />
Manager during installation, you can import them manually.<br />
For more in<strong>for</strong>mation, see “Importing Product MIB files to F-<strong>Secure</strong><br />
Policy Manager Console”, 59.<br />
CHAPTER 3 47<br />
Installation
48<br />
Step 10. Enter an SMTP address that will be used by F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> to send warning and in<strong>for</strong>mational messages to<br />
end-users.<br />
The SMTP address should be a valid, existing address that is allowed to<br />
send messages. Click Next to continue.
Step 11. Select the user account that F-<strong>Secure</strong> Outbreak Manager should use.<br />
Select either the local system account or enter the name and password<br />
<strong>for</strong> the user account that F-<strong>Secure</strong> Outbreak Manager should use. The<br />
account is used to run the outbreak handler scripts or programs.<br />
If you do need to see the outbreak handler script running on the desktop<br />
select Allow to interact with desktop. By default, the script or program<br />
runs in the background.<br />
For more in<strong>for</strong>mation, see “Outbreak Management”, 156. Click Next to<br />
continue.<br />
If you want to use the default \SYSTEM account, do not enter any<br />
password.<br />
Make sure that the account has all the necessary privileges to run<br />
the outbreak handler script.<br />
CHAPTER 3 49<br />
Installation
50<br />
Step 12. Specify the Quarantine management method.<br />
If you want to manage quarantines locally, select Local quarantine<br />
management. Select Centralized quarantine management if you install<br />
the product on multiple instances. For more in<strong>for</strong>mation, see “<strong>Microsoft</strong><br />
<strong>Exchange</strong> Cluster Environment”, 30.<br />
Click Next to continue.
Step 13. Specify the location of the Quarantine database.<br />
If you want to install the Quarantine database on the same server as the<br />
product installation, select (a) Install and use <strong>Microsoft</strong> SQL Server<br />
Desktop Engine.<br />
If you are using <strong>Microsoft</strong> SQL Server or <strong>Microsoft</strong> SQL Server Desktop<br />
Engine already, select (b) Use the existing installation of MIcrosoft SQL<br />
Server or MSDE.<br />
Click Next to continue.<br />
CHAPTER 3 51<br />
Installation
52<br />
a Specify the installation directory <strong>for</strong> <strong>Microsoft</strong> SQL Server<br />
Desktop Engine and data files.<br />
Enter the username and password <strong>for</strong> the server administrator<br />
account. Click Next to continue.<br />
b Specify the computer name of the SQL Server where you want to<br />
create the Quarantine database.<br />
Enter the username and password to log on to the server. Click<br />
Next to continue.
If the server has a database with the same name, you can either<br />
use the existing database, remove the existing database and<br />
create a new one or keep the existing database and create a new<br />
one with a new name.<br />
CHAPTER 3 53<br />
Installation
54<br />
Step 14. Select whether you want to install the product with F-<strong>Secure</strong> World Map<br />
Support.<br />
The product can collect and send statistics about viruses and other<br />
malware to the F-<strong>Secure</strong> World Map service. if you agree to send<br />
statistics to F-<strong>Secure</strong> World Map, select Yes and click Next to continue.
Step 15. If you selected the centralized administration mode, the installation<br />
program connects to specified F-<strong>Secure</strong> Policy Manager Server<br />
automatically to install F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> MIB<br />
files. If the installation program cannot connect to F-<strong>Secure</strong> Policy<br />
Manager Server, the following dialog opens.<br />
Make sure that the computer where you are installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is allowed to connect to the administration port on<br />
F-<strong>Secure</strong> Policy Manager Server, or if you use proxy, make sure that the<br />
connection is allowed from the proxy to the server. Check that any firewall<br />
does not block the connection.<br />
If you want to skip installing MIB files, click Cancel. You can install MIB<br />
files later either manually or by running the Setup again.<br />
CHAPTER 3 55<br />
Installation
56<br />
Step 16. The list of components that will be installed is displayed.<br />
Click Start to install listed components.
Step 17. The installation status of the components is displayed.<br />
Click Next to continue.<br />
CHAPTER 3 57<br />
Installation
58<br />
Step 18. The installation is completed.<br />
Click Finish to close the Setup wizard.<br />
Step 19. If you are installing F-<strong>Secure</strong> Spam Control, the setup prompts you to<br />
select whether to restart the <strong>Microsoft</strong> <strong>Exchange</strong> In<strong>for</strong>mation Store<br />
service automatically to complete the installation. Click Yes to restart the<br />
In<strong>for</strong>mation Store service automatically.
3.6 After the Installation<br />
This section describes what you have to do after the installation. These<br />
steps include:<br />
Importing product MIBs to F-<strong>Secure</strong> Policy Manager (if that is<br />
required), and<br />
Initial configuration of the product.<br />
3.6.1 Importing Product MIB files to F-<strong>Secure</strong> Policy Manager<br />
Console<br />
If you are using the product in centrally managed mode, there are cases<br />
when the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> MIB JAR file cannot<br />
be uploaded to F-<strong>Secure</strong> Policy Manager Server during the installation. In<br />
these cases you will have to import the MIB files to F-<strong>Secure</strong> Policy<br />
Manager. You will have to import the MIB files if:<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is located in a<br />
different network segment than F-<strong>Secure</strong> Policy Manager, and<br />
there is a firewall between them blocking access to Policy<br />
Manager’s administrative port (8080).<br />
F-<strong>Secure</strong> Policy Manager Server has been configured so that<br />
administrative connections from anywhere else than the localhost<br />
are blocked.<br />
The recommended way is to import the MIBs via F-<strong>Secure</strong> Policy<br />
Manager Console Tools menu. You can do it as follows:<br />
1. Open the Tools menu and select the Installation packages... option.<br />
2. Click Import....<br />
3. When the Import Installation Packages dialog opens, browse to<br />
locate the fsavmse660.mib.jar file located under the Jars subdirectory<br />
in the setup package. Then click Open.<br />
4. After importing the new MIB files, restart F-<strong>Secure</strong> Policy Manager<br />
Console.<br />
CHAPTER 3 59<br />
Installation
60<br />
3.6.2 Configuring the Product<br />
After the installation, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is<br />
functional, but it is using mostly default values. It is highly recommended<br />
to go through all the settings of all installed components. You should also<br />
retrieve the latest virus definition database updates.<br />
Configure F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has been installed<br />
in the centralized administration mode, use F-<strong>Secure</strong> Policy<br />
Manager Console to configure the settings <strong>for</strong> F-<strong>Secure</strong> Content<br />
Scanner Server and F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
and distribute the policy. For more in<strong>for</strong>mation, see “Centrally<br />
Managed Administration”, 125.<br />
If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has been installed<br />
in stand-alone mode, use the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console to configure the settings of F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. For more in<strong>for</strong>mation, see<br />
“Administration with Web Console”, 216.<br />
Specify the domains which should be considered to be internal<br />
domains. For more in<strong>for</strong>mation, see “Internal Domains”, 159.<br />
Retrieve virus definition database updates. For more in<strong>for</strong>mation,<br />
see “Updating <strong>Virus</strong> and Spam Definition Databases”, 340.<br />
3.7 Upgrading the Previous Version<br />
If you have a previous version of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> installed on your computer, you can upgrade it easily. You do<br />
not need to remove your previous version, F-<strong>Secure</strong> Setup uninstalls it<br />
automatically.
During upgrade the setup will stop and restart <strong>Microsoft</strong> <strong>Exchange</strong><br />
In<strong>for</strong>mation Store, IIS Admin Service and all services that depend on<br />
them:<br />
<strong>Microsoft</strong> <strong>Exchange</strong> In<strong>for</strong>mation Store<br />
World Wide Web Publishing Service<br />
Simple Mail Transport Protocol (SMTP)<br />
<strong>Microsoft</strong> <strong>Exchange</strong> Routing Engine<br />
<strong>Microsoft</strong> <strong>Exchange</strong> POP3<br />
Network News Transport Protocol (NNTP)<br />
<strong>Microsoft</strong> <strong>Exchange</strong> MTA Stacks<br />
<strong>Microsoft</strong> <strong>Exchange</strong> In<strong>for</strong>mation Store<br />
<strong>Microsoft</strong> <strong>Exchange</strong> IMAP4<br />
IIS Admin Service<br />
CHAPTER 3 61<br />
Installation
62<br />
Follow these instructions to upgrade F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>:<br />
1. Run the Setup program. For more in<strong>for</strong>mation, see “Installing<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>”, 40.<br />
2. Depending on the installed F-<strong>Secure</strong> products, F-<strong>Secure</strong> Setup will<br />
suggest upgrading one or more components.<br />
Select the components you want to upgrade.<br />
3. The setup needs to stop and restart <strong>Microsoft</strong> <strong>Exchange</strong> Server<br />
related services during the upgrade.<br />
Click OK to continue.<br />
4. After the Setup finishes, restart the computer if the Setup program<br />
prompts you to do so.
5. Configure F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. For more<br />
in<strong>for</strong>mation, see “Centrally Managed Administration”, 125. If you<br />
installed F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> in stand-alone<br />
mode, see “Administration with Web Console”, 216.<br />
6. that F-<strong>Secure</strong> Automatic Update Agent can retrieve the latest virus<br />
definition databases. For more in<strong>for</strong>mation, see “Updating <strong>Virus</strong> and<br />
Spam Definition Databases”, 340.<br />
3.8 Upgrading the Evaluation Version<br />
If you want to use F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> after your<br />
evaluation period expires, you need a new keycode. Contact your<br />
software vendor or renew your license online.<br />
After you have received the new keycode, you can either reinstall<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> with your new keycode (see<br />
“Installing F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>”, 40) or register the<br />
new keycode from F-<strong>Secure</strong> Settings and Statistics.<br />
To register the new keycode from F-<strong>Secure</strong> Settings and Statistics<br />
1. Open F-<strong>Secure</strong> Settings and Statistics by double-clicking the<br />
F-<strong>Secure</strong> icon in the Windows system tray and select F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> to open the evaluation screen.<br />
2. Click Register Keycode... and enter the new keycode you have<br />
received.<br />
CHAPTER 3 63<br />
Installation
64<br />
If you do not want to continue to use F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> after your evaluation license expires, you should uninstall the<br />
software.<br />
3.9 Uninstalling F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong><br />
To uninstall F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>, select Add/<br />
Remove Programs from the Windows Control Panel. To uninstall<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> completely, uninstall the<br />
components in the following order:<br />
1. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
2. F-<strong>Secure</strong> SNMP Support (if it was installed)<br />
3. F-<strong>Secure</strong> Spam Control<br />
4. F-<strong>Secure</strong> Content Scanner Server<br />
5. F-<strong>Secure</strong> Automatic Update Agent<br />
IMPORTANT: If there is another F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> product<br />
installed on the same computer, check whether it uses F-<strong>Secure</strong><br />
Automatic Update Agent or F-<strong>Secure</strong> Policy Manager <strong>for</strong> getting<br />
virus definition database updates. If the other product gets the<br />
updates from F-<strong>Secure</strong> Policy Manager, you can uninstall F-<strong>Secure</strong><br />
Automatic Update Agent.
4<br />
USING F-SECURE<br />
ANTI-VIRUS FOR<br />
MICROSOFT EXCHANGE<br />
Overview..................................................................................... 66<br />
Administering F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>........ 66<br />
Using the Web Console.............................................................. 67<br />
Checking the Product Status...................................................... 70<br />
Configuring the Web Console..................................................... 73<br />
Using F-<strong>Secure</strong> Policy Manager Console................................... 74<br />
Modifying Settings and Viewing Statistics .................................. 75<br />
Manually Processing Mailboxes and Public Folders .................. 77<br />
Configuring Alert Forwarding.................................................... 119<br />
Viewing Alerts........................................................................... 123<br />
65
66<br />
4.1 Overview<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be used either in the<br />
stand-alone mode, or in the centrally administered mode, based on your<br />
selections during the installation and the initial setup.<br />
4.2 Administering F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong><br />
In the centralized administration mode, you can administer F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and F-<strong>Secure</strong> Content Scanner<br />
Servers with F-<strong>Secure</strong> Policy Manager. You can use the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console to start and stop<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>, check its current status and<br />
to connect to F-<strong>Secure</strong> Web Club <strong>for</strong> support, but you cannot change any<br />
settings with it.<br />
In the stand-alone mode, you use the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console to start and stop F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>, modify its settings, edit scheduled tasks and start<br />
manual processing.<br />
To open the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console,<br />
start it from F-<strong>Secure</strong> Settings and Statistics or select F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> from the Windows Start menu > Programs ><br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> > F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console. You can open F-<strong>Secure</strong> Settings and<br />
Statistics by double-clicking the F-<strong>Secure</strong> icon in the Windows system<br />
tray.
4.3 Using the Web Console<br />
CHAPTER 4 67<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
In centrally managed installations of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>, the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console<br />
can be used <strong>for</strong> monitoring the system status and statistics. It can also be<br />
used <strong>for</strong> viewing the settings currently in use and executing some<br />
operations. However, in centrally managed installations it cannot be used<br />
<strong>for</strong> configuring the system or scanning settings; use F-<strong>Secure</strong> Policy<br />
Manager <strong>for</strong> this instead.<br />
4.3.1 Logging in <strong>for</strong> the First Time<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console does not<br />
support <strong>Microsoft</strong> Internet Explorer 5.5 or older.<br />
<strong>Microsoft</strong> Internet Explorer 6.0 users:<br />
The address of the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console, https://127.0.0.1:25023/, should be added to the Trusted sites in<br />
Internet Explorer 6.0 Security Options. This ensures that the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console works properly in all<br />
environments.<br />
Be<strong>for</strong>e you log in the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console <strong>for</strong> the first time, check that Java script and cookies are enabled<br />
in the browser you use.<br />
When you log in <strong>for</strong> the first time, your browser will display a Security Alert<br />
dialog window about the security certificate <strong>for</strong> F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console. You can create a security certificate<br />
<strong>for</strong> F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console be<strong>for</strong>e<br />
logging in, and then install the certificate during the login process.<br />
If your company has an established process <strong>for</strong> creating and<br />
storing certificates, you can follow that process to create and store<br />
the security certificate <strong>for</strong> F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console.
68<br />
Step 1. Create the security certificate<br />
1. Browse to the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console installation directory, <strong>for</strong> example:<br />
C:\Program Files\F-<strong>Secure</strong>\Web User Interface\bin\<br />
2. Locate the certificate creation utility, makecert.bat, and double click it<br />
to run the utility.<br />
3. The utility creates a certificate that will be issued to all local IP<br />
addresses, and restarts the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console service to take the certificate into use. Wait<br />
until the utility completes, and the window closes. Now you can<br />
proceed to logging in.<br />
Step 2. Log in and install the security certificate<br />
1. Select Programs>F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>>F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console,<br />
or enter the address of the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> and the port number in your web browser. Note, that the<br />
protocol used is https. For example:<br />
https://127.0.0.1:25023<br />
2. The Security Alert about the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console certificate is displayed. If you install the<br />
certificate now, you will not see the Security Alert window again. Click<br />
View Certificate to view the certificate in<strong>for</strong>mation and to install the<br />
certificate.<br />
3. The Certificate window opens. Click Install Certificate to proceed to<br />
the Certificate Import Wizard.<br />
4. Follow the instructions in the Certificate Import Wizard. When the<br />
wizard has completed, you are prompted to add the new certificate in<br />
the Certificate Root Store. Click Yes.<br />
5. If the Security Alert window is still displayed, click Yes to proceed.<br />
6. When the login page opens, enter the user name and the password.<br />
Note, that you must have administrator rights to the host. Then click<br />
Log In.
CHAPTER 4 69<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Figure 4-1 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console Login<br />
page<br />
7. You will be <strong>for</strong>warded to the home page, which displays a summary of<br />
the system status.<br />
Figure 4-2 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Home page
70<br />
4.4 Checking the Product Status<br />
You can check the overall product status on the Home page. The Home<br />
page displays an overview of each component status and most important<br />
statistics of the installed F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
components. From the Home page you can also open the product logs<br />
and proceed to configure the product components.<br />
This section describes the statistics and operations available on the<br />
Home page.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
The Home page displays the status the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> as well as a summary of the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> statistics.<br />
Status indicator Displays the status of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Processed messages Displays the total number of messages that<br />
have been processed.<br />
Infected messages Displays the number of infected messages<br />
found since the last reset of statistics.<br />
Stripped attachments Displays the number of attachments that have<br />
been stripped.<br />
Click Configure to configure F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
For more in<strong>for</strong>mation, see “Overview”, 217.
F-<strong>Secure</strong> Content Scanner Server<br />
CHAPTER 4 71<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
The Home page displays the status the F-<strong>Secure</strong> Content Scanner<br />
Server as well as a summary of the F-<strong>Secure</strong> Content Scanner Server<br />
statistics.<br />
Status indicator Displays the status of F-<strong>Secure</strong> Content<br />
Scanner Server.<br />
Last time virus definition<br />
databases updated<br />
Click Configure to configure F-<strong>Secure</strong> Content Scanner Server. For more<br />
in<strong>for</strong>mation, see “F-<strong>Secure</strong> Content Scanner Server Settings”, 275.<br />
F-<strong>Secure</strong> Automatic Update Agent<br />
Displays the last date and time when the<br />
virus definition databases were updated.<br />
Database update version Displays the version of the virus definition<br />
database update.<br />
The version is shown in YYYY-MM-DD_NN<br />
<strong>for</strong>mat, where YYYY-MM-DD is the release<br />
date of the update and NN is the number of<br />
the update <strong>for</strong> that day.<br />
Scanned files Displays the number of files the server has<br />
scanned <strong>for</strong> viruses.<br />
Last time infection found Displays the last infection detected by the<br />
server.<br />
Status indicator Displays the status of F-<strong>Secure</strong> Automatic<br />
Update Agent.<br />
Communication method Displays the currently used client protocol.<br />
Last connection to the<br />
server<br />
Displays the last date and time when<br />
F-<strong>Secure</strong> Automatic Update Agent polled the<br />
F-<strong>Secure</strong> Automatic Update Server <strong>for</strong> new<br />
updates.
72<br />
Click Configure to configure F-<strong>Secure</strong> Automatic Update Agent. For<br />
more in<strong>for</strong>mation, see “Updating <strong>Virus</strong> and Spam Definition Databases”,<br />
340.<br />
F-<strong>Secure</strong> Management Agent<br />
Status indicator Displays the status of F-<strong>Secure</strong><br />
Management Agent.<br />
Management method Displays if the host is standalone (configured<br />
locally) or networked (at least sometimes<br />
connected through a network or a temporary<br />
link).<br />
Click Configure to configure the F-<strong>Secure</strong> Management Agent. For more<br />
in<strong>for</strong>mation, see “F-<strong>Secure</strong> Management Agent Settings”, 304.<br />
Toolbar Buttons<br />
Click Show F-<strong>Secure</strong> Log to view the F-<strong>Secure</strong> log file (LogFile.log) in a<br />
new Internet browser window. Click Download to download and save the<br />
LogFile.log <strong>for</strong> later use.<br />
Click Export Settings to open a list of all F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> settings in a new Internet browser window. Select<br />
File > Save As... to save the file <strong>for</strong> later use.<br />
Click Export Statistics to open a list of all F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> statistics in a new Internet browser window. Select<br />
File > Save As... to save or print the file <strong>for</strong> later use.<br />
Click Configure Console to configure the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console. For instructions, see “Configuring the<br />
Web Console”, 73.<br />
Click Help to open the online help.
4.5 Configuring the Web Console<br />
CHAPTER 4 73<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
On the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console<br />
Configuration page you can specify settings <strong>for</strong> connections to the server.<br />
You can also open the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console access log from this page.<br />
Limit session timeout Specify the length of time a client can be<br />
connected to the server. When the session<br />
expires, the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console displays a<br />
warning. The default value is 60 minutes.<br />
Click Show Access Log to view the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console access log. Note that the Web Console access<br />
log differs from standard web server access logs, as it logs only the first<br />
request per session.<br />
Listen on address Specify the IP address of the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console Server.<br />
Port Specify the port where the server listens <strong>for</strong><br />
connections. The default port is 25023.<br />
Accept connections from<br />
the following hosts<br />
Specify a list of hosts which are allowed to<br />
connect to F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console.<br />
To add a new host in the list, click Add to add new a new line in the table<br />
and then enter the IP address of the host.
74<br />
4.6 Using F-<strong>Secure</strong> Policy Manager Console<br />
In the centralized administration mode, you can open F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> components from the Windows Start menu ><br />
Programs > F-<strong>Secure</strong> Policy Manager Console. When the Policy<br />
Manager Console opens, go to the Advanced Mode user interface by<br />
selecting View > Advanced Mode (this step is required in F-<strong>Secure</strong> Policy<br />
Manager version 5.50 and later). Then select the Policy tab to view the<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> components.<br />
F-<strong>Secure</strong> Policy Manager Console is used to create policies <strong>for</strong> F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> installations that are running on<br />
selected hosts or groups of hosts. Policies are created by assigning<br />
values to variables shown on the Policy tab of the Properties pane (the<br />
middle pane) in F-<strong>Secure</strong> Policy Manager Console. To assign a value,<br />
select a variable – marked by the leaf icon – in the Properties pane and<br />
enter the value in the Editor pane (the right pane).<br />
After a policy is created, it must be distributed to hosts by choosing<br />
Distribute from the File menu.<br />
After changing the settings and distributing the policy, you have to wait <strong>for</strong><br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> to poll the policy.<br />
For testing purposes you may also want to change the polling<br />
intervals. To do that, select the domain in F-<strong>Secure</strong> Policy Manager<br />
console and set the Incoming Packages Polling Interval and<br />
Outgoing Packages Update Interval variables to 30-45 seconds.<br />
The variables are located under each of the two trees in the<br />
F-<strong>Secure</strong> Management Agent / Settings / Communications branch.<br />
Note that since the default polling interval is 10 minutes, it might<br />
take up to 10 minutes <strong>for</strong> the new setting to take effect.<br />
Alternatively, you can click Poll the server now in F-<strong>Secure</strong><br />
Management Agent.<br />
For detailed in<strong>for</strong>mation on installing and using F-<strong>Secure</strong> Policy Manager<br />
console, see the F-<strong>Secure</strong> Policy Manager Administrator’s Guide.
4.7 Modifying Settings and Viewing Statistics<br />
CHAPTER 4 75<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
This section describes how you can modify product settings and view<br />
product statistics in both centrally administered and stand-alone mode.<br />
4.7.1 Centrally Administered Mode<br />
To change F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> settings in the<br />
centrally administered mode, select F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> from the Properties pane. Make sure the Policy tab is selected<br />
and assign values to variables under the Settings branch. Modify settings<br />
by assigning new values to the basic leaf node variables (marked by the<br />
leaf icons) shown in the Policy tab of the Properties pane. Initially, every<br />
variable has a default value, which is displayed in gray. Select the<br />
variable from the Properties pane and enter the new value in the Editor<br />
pane to change it. You can either type the new value or select it from a list<br />
box. If you enter an invalid value, it will be displayed in red in the<br />
Properties pane. Click Clear to revert to the default value or Undo to<br />
cancel the most recent change that has not been distributed. For detailed<br />
explanations of all variables, see “F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Settings”, 126.<br />
Settings that are configured during the installation and the initial<br />
setup require that you select the Final check box from the Product<br />
View pane. These settings include Primary and Backup Content<br />
Scanner Servers and Quarantine settings.<br />
Select the Status tab of the Properties pane to view statistics and the<br />
settings that were configured during the installation of F-<strong>Secure</strong> Content<br />
Scanner Server and F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Statistics are updated periodically and can be reset by choosing Reset<br />
Statistics on the Policy tab of the Properties pane. For more in<strong>for</strong>mation,<br />
see “F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Statistics”, 184.
76<br />
Changing Settings That Have Been Modified During Installation<br />
or Upgrade<br />
4.7.2 Stand-alone Mode<br />
If you want to change a setting that has been modified locally during<br />
installation or upgrade, you need to mark the setting as Final in the<br />
restriction editor. The settings descriptions in this manual indicate the<br />
settings <strong>for</strong> which you need to use the Final restriction. You can also<br />
check in F-<strong>Secure</strong> Policy Manager Console whether you need to use the<br />
Final restriction <strong>for</strong> a setting. Do the following:<br />
1. Select the Policy tab and then select the setting you want to check.<br />
2. Now select the Status tab to see if the setting has been modified<br />
locally.<br />
If the setting is not shown in grayed font in the Status view, then<br />
the product uses the setting from the base policy and there<strong>for</strong>e<br />
the Final restriction is not needed.<br />
If the setting is shown in normal black font, then the setting has<br />
been modified locally. You must mark the setting as Final when<br />
you change it.<br />
To change F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> settings in<br />
stand-alone mode, open the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Web Console and select the variables you want to change from the<br />
options tree. For detailed explanations of all variables, see<br />
“Administration with Web Console”, 216.<br />
To view statistics <strong>for</strong> real-time scanning, select Summary on the options<br />
tree. To reset all counters to zero, click Reset Statistics.<br />
To view statistics <strong>for</strong> the latest manual scan, select Manual Scanning on<br />
the options tree. The Manual Scanning property page displays the<br />
following statistics: the number of processed mailboxes, the number of<br />
processed Public Folders, the numbers of processed, infected, and<br />
suspicious messages in mailboxes and in the Public Folders. Manual<br />
scanning statistics are reset every time a new manual scan is per<strong>for</strong>med.
CHAPTER 4 77<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
4.8 Manually Processing Mailboxes and Public<br />
Folders<br />
You can scan mailboxes and Public Folders <strong>for</strong> viruses and strip<br />
attachments manually at any time. You can also create scheduled scan<br />
tasks to scan mailboxes and Public Folders periodically.<br />
4.8.1 Centrally Administered Mode<br />
You can per<strong>for</strong>m virus scans and strip attachments manually by using<br />
controls under the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> /<br />
Operations branch.<br />
To start a manual scan, select Start under F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> / Operations / Manual Scanning. Click Start<br />
in the Editor pane. Choose Distribute from the File menu.<br />
To stop a manual scan, select Stop under F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> / Operations / Manual Scanning. Click Stop<br />
in the Editor pane. Choose Distribute <strong>for</strong> the File menu.<br />
To view the scanning report - the total numbers of mailboxes and<br />
Public Folders, and the numbers of processed mailboxes and<br />
Public Folders, open the Reports tab.<br />
For in<strong>for</strong>mation how to configure options <strong>for</strong> manual scans, see<br />
“Manual Processing”, 159.<br />
Creating Scheduled Operation<br />
Open F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> > Settings > Scheduled<br />
Processing settings branch and click Add to start the Scheduled<br />
Operation Wizard.
78<br />
Step 1. Enter the name <strong>for</strong> the new task and select how frequently you want the<br />
operation to be per<strong>for</strong>med.<br />
Once - Only once at the specified time.<br />
Daily - Every day at the specified time, starting from the specified<br />
date.<br />
Weekly - Every week at the specified time on the same day when<br />
the first operation is scheduled to start.<br />
Monthly - Every month at the specified time on the same date<br />
when the first operation is scheduled to start.<br />
Do not use any special characters in the task name.<br />
Click Next to continue.<br />
Step 2. Specify whether you want to process all messages or only those<br />
messages that have not been processed previously during the manual<br />
processing.
CHAPTER 4 79<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Specify how many concurrent transactions the scanner can have with<br />
F-<strong>Secure</strong> Content Scanner Server.<br />
Click Next to continue.
80<br />
Step 3. Choose mailboxes that should be processed during the scheduled<br />
operation.<br />
Do not scan mailboxes - Do not process any mailboxes.<br />
Scan all mailboxes - Process all mailboxes.<br />
Scan only included mailboxes - Process all mailboxes specified in<br />
the list.<br />
Scan all except excluded mailboxes - Process all except those<br />
mailboxes specified in the list.<br />
Click Add to add a new mailbox to the list. Click Edit to edit a previously<br />
created entry. Click Remove to remove the selected folder or Remove All<br />
to remove all entries from the list.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> examines all<br />
mailboxes.<br />
Click Next to continue.
CHAPTER 4 81<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Step 4. Choose settings <strong>for</strong> virus scanning of mailboxes during the scheduled<br />
operation, and Click Next to continue.<br />
For settings descriptions, see “<strong>Virus</strong> Scanning”, 130.
82<br />
Step 5. Choose settings <strong>for</strong> stripping attachments during the scheduled<br />
operation, and click Next to continue.<br />
For settings descriptions, see “Stripping Attachments”, 147.
CHAPTER 4 83<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Step 6. Select Public Folders that should be processed during the scheduled<br />
operation.<br />
Do not scan Public Folders - Do not process any Public Folders.<br />
Scan all Public Folders - Process all notes posted to all Public<br />
Folders.<br />
Scan only included Public Folders - Process all notes posted to<br />
Public Folders specified in the list.<br />
Scan all except excluded Public Folders - Process all notes<br />
posted to all Public Folders, except those specified in the list.<br />
Click Add to add a new Public Folder to the list. Click Edit to edit a<br />
previously created entry. Click Remove to remove the selected folder or<br />
Remove All to remove all entries from the list.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> processes all<br />
Public Folders.<br />
Click Next to continue.
84<br />
Step 7. Choose settings <strong>for</strong> virus scanning of Public Folders during the scheduled<br />
operation, and click Next to continue.<br />
For settings descriptions, see “<strong>Virus</strong> Scanning”, 130.
CHAPTER 4 85<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Step 8. Choose settings <strong>for</strong> stripping attachments during the scheduled<br />
operation, and click Next to continue.
86<br />
Step 9. The Scheduled Operation Wizard displays the summary of created<br />
operation. Click Finish accept the new scheduled operation and to exit<br />
the wizard.<br />
4.8.2 Stand-alone Mode<br />
Specify the manual scanning settings on the Manual Scanning property<br />
pages. After you have specified the manual scanning settings, select the<br />
Manual Processing and click Start.<br />
Under Progress, you can view the progress of the manual scan - the total<br />
numbers of mailboxes and Public Folders, and the numbers of processed<br />
mailboxes and Public Folders. In the bottom of the property page, the<br />
results of the previous manual scan are shown - the numbers of<br />
processed, infected and suspicious messages in the mailboxes and in the<br />
Public Folders.
4.8.3 Creating Scanning Operations<br />
CHAPTER 4 87<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
To process mailboxes manually, you need to set up a manual processing<br />
task. For more in<strong>for</strong>mation, see “Creating Manual Scanning Operation”,<br />
87.<br />
If you want to run scanning tasks frequently, you can set up scheduled<br />
operations. For more in<strong>for</strong>mation, see “Creating Scheduled Operation”,<br />
102.<br />
Creating Manual Scanning Operation<br />
Start the Manual Scanning Wizard by clicking the Configure... button on<br />
the Manual Scanning page.<br />
Step 1. Specify Messages to Process<br />
1. Specify whether you want to process all messages or only those<br />
messages that have not been processed previously.<br />
2. Specify how many concurrent transactions the scanner can have with<br />
F-<strong>Secure</strong> Content Scanner Server.
88<br />
3. Click Next to continue.<br />
If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is operating on a<br />
system that has multiple processors or you are using a<br />
high-per<strong>for</strong>mance computer, you can increase per<strong>for</strong>mance by<br />
increasing the number of concurrent transactions.<br />
If you want to use the default settings <strong>for</strong> most of the scanning<br />
settings, click Last to proceed to the last page of the Manual<br />
Scanning wizard where you can see a summary of the scanning<br />
task settings.<br />
Step 2. Select Mailboxes to Process<br />
1. Choose mailboxes that should be processed during the manual<br />
scanning operation.<br />
Do not process mailboxes - Do not process any mailboxes.<br />
Process all mailboxes - Process all mailboxes.<br />
Process only these mailboxes - Process all specified mailboxes.<br />
Process all except these mailboxes - Process all except specified<br />
mailboxes.
CHAPTER 4 89<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Click Add... to add a new mailbox to the list. Click the checkbox in<br />
the column to mark a mailbox to be removed. Click Clear<br />
to remove all currently marked entries from the list.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> examines all<br />
mailboxes.<br />
2. Click Next to continue.<br />
Step 3. Specify <strong>Virus</strong> Scanning Settings <strong>for</strong> Mailboxes
90<br />
1. Choose settings <strong>for</strong> virus scanning of mailboxes.<br />
Attachments to scan Specify which message attachments are<br />
checked <strong>for</strong> viruses.<br />
Scan mail message<br />
body<br />
Do not scan attachments <strong>for</strong> viruses - Process<br />
messages without scanning any attachments <strong>for</strong><br />
viruses.<br />
Scan all attachments - Scan all message<br />
attachments regardless of filename extension.<br />
Scan all attachments with these extensions -<br />
Scan all attachments with specified filename<br />
extensions.<br />
Scan all attachments except with these<br />
extensions - Scan all attachments except those<br />
with specified filename extensions.<br />
You can add new file types on the extensions<br />
lists by typing the file extensions in the file<br />
extensions text boxes. Separate the extensions<br />
by spaces.<br />
Specify whether the body of the e-mail message<br />
should be scanned <strong>for</strong> malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans message bodies.<br />
Although scanning message bodies can slow<br />
down the per<strong>for</strong>mance, it is recommended as a<br />
virus can be carried inside a message body.
Enable File Type<br />
Recognition<br />
Action<br />
Action on infected<br />
attachments<br />
CHAPTER 4 91<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
By default, Intelligent File Type Recognition is<br />
disabled during the real-time processing.<br />
Intelligent File Type Recognition strengthens the<br />
security - you can block unsafe content that has<br />
a safe filename extension (<strong>for</strong> example, a<br />
<strong>Microsoft</strong> Word document using the ‘rtf’ filename<br />
extension) and you do not accidentally block<br />
safe content that has unsafe filename extension<br />
(<strong>for</strong> example, a text file using the ‘doc’ filename<br />
extension). Intelligent File Type Recognition can<br />
degrade the system per<strong>for</strong>mance.<br />
Specify whether infected attachments should be<br />
disinfected or dropped.<br />
Disinfect attachment - Try to disinfect the<br />
infected attachment. If the disinfection<br />
succeeds, the recipient receives the disinfected<br />
file instead of the original one. If the disinfection<br />
fails, the infected attachment is dropped, and it<br />
is not delivered to the recipient.<br />
Drop attachment - Do not disinfect or deliver<br />
infected attachments. All infected attachments<br />
are dropped.
92<br />
Quarantine infected<br />
attachments<br />
Send warning<br />
message to mailbox<br />
owner<br />
2. Click Next to continue.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> tries to disinfect infected attachments.<br />
Specify whether infected attachments should be<br />
placed in the Quarantine or not. For more<br />
in<strong>for</strong>mation, see “Quarantine Management”,<br />
307.<br />
Specify whether to send a message to the<br />
mailbox owner when an infected attachment is<br />
found. Click Edit... to edit the in<strong>for</strong>mational text<br />
file that replaces the infected attachment if it is<br />
dropped.<br />
Step 4. Specify Attachment Stripping Settings <strong>for</strong> Mailboxes
1. Choose settings <strong>for</strong> stripping attachments.<br />
CHAPTER 4 93<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Strip attachments Specify which attachments should be stripped<br />
from messages and public folder notes.<br />
Enable File Type<br />
Recognition<br />
Action<br />
Action on stripped<br />
attachment<br />
Do not strip - Do not strip any attachments.<br />
Strip all attachments - Strip all attachments from<br />
all messages and notes.<br />
Strip all attachments except these allowed - Strip<br />
all except specified attachments.<br />
Strip only these disallowed attachments - Strip<br />
only specified attachments.<br />
You can add new file types on the attachments<br />
lists by typing the file extensions in the allowed<br />
and disallowed attachments text boxes.<br />
Separate the extensions by spaces.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
Specify whether stripped attachments should be<br />
quarantined or dropped.<br />
Quarantine attachment - All stripped<br />
attachments are placed in the Quarantine. For<br />
more in<strong>for</strong>mation, see “Quarantine<br />
Management”, 307.<br />
Drop attachment - All stripped attachments are<br />
deleted automatically.
94<br />
Send in<strong>for</strong>mational<br />
message to the<br />
mailbox owner<br />
2. Click Next to continue.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> quarantines stripped attachments.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the owner of the mailbox when<br />
an attachment is stripped. Click Edit to edit the<br />
message.<br />
Notify administrator Specify whether the administrator should be<br />
notified when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> strips an attachment.<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.<br />
Send warning alert - Send a warning alert to the<br />
administrator.<br />
Send security alert - Send a security alert to the<br />
administrator.
Step 5. Select Public Folders to Process<br />
1. Select Public Folders that should be processed.<br />
CHAPTER 4 95<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Do not process public folders - Do not process any Public<br />
Folders.<br />
Process all public folders - Process all notes posted to all Public<br />
Folders.<br />
Process only included public folders - Process all notes posted to<br />
the listed Public Folders.<br />
Process all except excluded public folders - Process all notes<br />
posted to all Public Folders, except the listed ones.<br />
The notes and attachments to be processed in the selected<br />
folders are defined with the Attachments to Scan and Scan<br />
Mail Message Body settings.<br />
Click Add to add a new Public Folder to the list. Click Clear to<br />
remove the selected folder or Clear All to remove all entries from the<br />
list. By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> processes<br />
all Public Folders.<br />
2. Click Next to continue.
96<br />
Step 6. Specify <strong>Virus</strong> Scanning Settings <strong>for</strong> Public Folders<br />
1. Choose settings <strong>for</strong> virus scanning of Public Folders.<br />
Attachments to scan Specify which message attachments are<br />
checked <strong>for</strong> viruses.<br />
Do not scan attachments <strong>for</strong> viruses - Do not<br />
scan any attachments.<br />
Scan all attachments - Scan all message<br />
attachments.<br />
Scan all attachments with these extensions -<br />
Scan all attachments with specified filename<br />
extensions.<br />
Scan all attachments except with these<br />
extensions - Scan all attachments except those<br />
with specified filename extensions.
Scan mail message<br />
body<br />
Enable File Type<br />
Recognition<br />
Action<br />
Action on infected<br />
attachments<br />
CHAPTER 4 97<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
You can add new file types on the extensions<br />
lists by typing the file extensions in the file<br />
extensions text boxes. Separate the extensions<br />
by spaces.<br />
Specify whether the body of the e-mail message<br />
should be scanned <strong>for</strong> malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans message bodies.<br />
Although scanning message bodies can slow<br />
down the per<strong>for</strong>mance, it is recommended as a<br />
virus can be carried inside a message body.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
By default, Intelligent File Type Recognition is<br />
disabled during the real-time processing.<br />
Intelligent File Type Recognition strengthens the<br />
security - you can block unsafe content that has<br />
a safe filename extension (<strong>for</strong> example, a<br />
<strong>Microsoft</strong> Word document using the ‘rtf’ filename<br />
extension) and you do not accidentally block<br />
safe content that has unsafe filename extension<br />
(<strong>for</strong> example, a text file using the ‘doc’ filename<br />
extension). Intelligent File Type Recognition can<br />
degrade the system per<strong>for</strong>mance.<br />
Specify whether infected attachments should be<br />
disinfected or dropped.
98<br />
Quarantine infected<br />
attachments<br />
Send warning<br />
message to the<br />
originator<br />
2. Click Next to continue.<br />
Disinfect attachment - Try to disinfect the<br />
infected attachment. If the disinfection<br />
succeeds, the recipient receives the disinfected<br />
file instead of the original one. If the disinfection<br />
fails, the infected attachment is dropped, and it<br />
is not delivered to the recipient.<br />
Drop attachment - Do not disinfect or deliver<br />
infected attachments. All infected attachments<br />
are dropped.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> tries to disinfect infected attachments.<br />
Specify whether infected attachments should be<br />
placed in the Quarantine or not. For more<br />
in<strong>for</strong>mation, see “Quarantine Management”,<br />
307.<br />
Specify whether to send a warning message to<br />
the originator of the public folder message,<br />
which contained an infected attachment. Click<br />
Edit to edit the message.
CHAPTER 4 99<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Step 7. Specify Attachment Stripping Settings <strong>for</strong> Public<br />
Folders<br />
1. Choose settings <strong>for</strong> stripping attachments.<br />
Strip attachments Specify which attachments should be stripped<br />
from messages and public folder notes.<br />
Do not strip - Do not strip any attachments.<br />
Strip all attachments - Strip all attachments from<br />
all messages and notes.<br />
Strip all attachments except these allowed - Strip<br />
all except specified attachments.<br />
Strip only these disallowed attachments - Strip<br />
only specified attachments.
100<br />
Enable File Type<br />
Recognition<br />
Action<br />
Action on stripped<br />
attachments<br />
Send the<br />
in<strong>for</strong>mational<br />
message to the<br />
originator<br />
You can add new file types on the attachments<br />
lists by typing the file extensions in the allowed<br />
and disallowed attachments text boxes.<br />
Separate the extensions by spaces.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
Specify whether stripped attachments should be<br />
quarantined or dropped.<br />
Quarantine attachment - All stripped<br />
attachments are placed in the Quarantine. For<br />
more in<strong>for</strong>mation, see “Quarantine<br />
Management”, 307.<br />
Drop attachment - All stripped attachments are<br />
deleted automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> quarantines stripped attachments.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the originator of the message<br />
when an attachment is stripped. Click Edit to<br />
edit the message.
2. Click Next to continue.<br />
CHAPTER 4 101<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Notify administrator Specify whether the administrator should be<br />
notified when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> strips an attachment.<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.<br />
Send warning alert - Send a warning alert to the<br />
administrator.<br />
Send security alert - Send a security alert to the<br />
administrator.
102<br />
Step 8. Finish<br />
The Manual Scanning Wizard displays the summary of created operation.<br />
Click Finish accept the new manual scanning operation and to exit the<br />
wizard.<br />
Creating Scheduled Operation<br />
Start the Scheduled Operation Wizard by clicking Add Task...in the<br />
Scheduled Processing window.
CHAPTER 4 103<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Step 1. Specify Scanning Task Name and Schedule<br />
1. Enter the name <strong>for</strong> the new task and select how frequently you want<br />
the operation to be per<strong>for</strong>med.<br />
Once - Only once at the specified time<br />
Daily - Every day at the specified time, starting from the specified<br />
date<br />
Weekly - Every week at the specified time on the same day when<br />
the first operation is scheduled to start.<br />
Monthly - Every month at the specified time on the same date<br />
when the first operation is scheduled to start.<br />
2. Enter the start time of the task in hh:mm <strong>for</strong>mat.<br />
3. Enter the start date of the task in mm/dd/yyyy <strong>for</strong>mat.<br />
Do not use any special characters in the task name.<br />
4. Click Next to continue.
104<br />
Step 2. Specify Messages to Process<br />
1. Specify whether you want to process all messages or only those<br />
messages that have not been processed previously during the<br />
scheduled processing.<br />
2. Specify how many concurrent transactions the scanner can have with<br />
F-<strong>Secure</strong> Content Scanner Server.<br />
3. Click Next to continue.
Step 3. Select Mailboxes to Process<br />
CHAPTER 4 105<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
1. Choose mailboxes that should be processed during the scheduled<br />
operation.<br />
Do not process mailboxes - Do not process any mailboxes.<br />
Process all mailboxes - Process all mailboxes.<br />
Process only these mailboxes - Process all specified mailboxes.<br />
Process all except these mailboxes - Process all except specified<br />
mailboxes.<br />
Click Add... to add a new mailbox to the list. Click the checkbox in<br />
the column to mark a mailbox to be removed. Click Clear<br />
to remove all currently marked entries from the list.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> examines all<br />
mailboxes.<br />
2. Click Next to continue.
106<br />
Step 4. Specify <strong>Virus</strong> Scanning Settings <strong>for</strong> Mailboxes<br />
1. Choose settings <strong>for</strong> virus scanning of mailboxes during the scheduled<br />
operation.<br />
Attachments to scan Specify which message attachments are<br />
checked <strong>for</strong> viruses.<br />
Do not scan attachments <strong>for</strong> viruses - Process<br />
messages without scanning any attachments <strong>for</strong><br />
viruses.<br />
Scan all attachments - Scan all message<br />
attachments regardless of filename extension.<br />
Scan all attachments with these extensions -<br />
Scan all attachments with specified filename<br />
extensions.
Scan mail message<br />
body<br />
Enable File Type<br />
Recognition<br />
CHAPTER 4 107<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Scan all attachments except with these<br />
extensions - Scan all attachments except those<br />
with specified filename extensions.<br />
You can add new file types on the extensions<br />
lists by typing the file extensions in the file<br />
extensions text boxes. Separate the extensions<br />
by spaces.<br />
Specify whether the body of the e-mail message<br />
should be scanned <strong>for</strong> malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans message bodies.<br />
Although scanning message bodies can slow<br />
down the per<strong>for</strong>mance, it is recommended as a<br />
virus can be carried inside a message body.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
By default, Intelligent File Type Recognition is<br />
disabled during the real-time processing.<br />
Intelligent File Type Recognition strengthens the<br />
security - you can block unsafe content that has<br />
a safe filename extension (<strong>for</strong> example, a<br />
<strong>Microsoft</strong> Word document using the ‘rtf’ filename<br />
extension) and you do not accidentally block<br />
safe content that has unsafe filename extension<br />
(<strong>for</strong> example, a text file using the ‘doc’ filename<br />
extension). Intelligent File Type Recognition can<br />
degrade the system per<strong>for</strong>mance.
108<br />
Action<br />
Action on infected<br />
attachments<br />
Quarantine infected<br />
attachments<br />
Send warning<br />
message to mailbox<br />
owner<br />
2. Click Next to continue.<br />
Specify whether infected attachments should be<br />
disinfected or dropped.<br />
Disinfect attachment - Try to disinfect the<br />
infected attachment. If the disinfection<br />
succeeds, the recipient receives the disinfected<br />
file instead of the original one. If the disinfection<br />
fails, the infected attachment is dropped, and it<br />
is not delivered to the recipient.<br />
Drop attachment - Do not disinfect or deliver<br />
infected attachments. All infected attachments<br />
are dropped.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> tries to disinfect infected attachments.<br />
Specify whether infected attachments should be<br />
placed in the Quarantine or not. For more<br />
in<strong>for</strong>mation, see “Quarantine Management”,<br />
307.<br />
Specify whether to send a message to the<br />
mailbox owner when an infected attachment is<br />
found. Click Edit... to edit the in<strong>for</strong>mational text<br />
file that replaces the infected attachment if it is<br />
dropped.
CHAPTER 4 109<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Step 5. Specify Attachment Stripping Settings <strong>for</strong> Mailboxes<br />
1. Choose settings <strong>for</strong> stripping attachments during the scheduled<br />
operation.<br />
Strip attachments Specify which attachments should be stripped<br />
from messages and public folder notes.<br />
Do not strip - Do not strip any attachments.<br />
Strip all attachments - Strip all attachments from<br />
all messages and notes.<br />
Strip all attachments except these allowed - Strip<br />
all except specified attachments.<br />
Strip only these disallowed attachments - Strip<br />
only specified attachments.
110<br />
Enable File Type<br />
Recognition<br />
Action<br />
Action on stripped<br />
attachment<br />
Send the<br />
in<strong>for</strong>mational<br />
message to the<br />
mailbox owner<br />
You can add new file types on the attachments<br />
lists by typing the file extensions in the allowed<br />
and disallowed attachments text boxes.<br />
Separate the extensions by spaces.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
Specify whether stripped attachments should be<br />
quarantined or dropped.<br />
Quarantine attachment - All stripped<br />
attachments are placed in the Quarantine. For<br />
more in<strong>for</strong>mation, see “Quarantine<br />
Management”, 307.<br />
Drop attachment - All stripped attachments are<br />
deleted automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> quarantines stripped attachments.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the owner of the mailbox when<br />
an attachment is stripped. Click Edit to edit the<br />
message.
2. Click Next to continue.<br />
Step 6. Select Public Folders to Process<br />
CHAPTER 4 111<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Notify administrator Specify whether the administrator should be<br />
notified when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> strips an attachment.<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.<br />
Send warning alert - Send a warning alert to the<br />
administrator.<br />
Send security alert - Send a security alert to the<br />
administrator.
112<br />
1. Select Public Folders that should be processed during the scheduled<br />
operation.<br />
Do not process public folders - Do not process any Public<br />
Folders.<br />
Process all public folders - Process all notes posted to all Public<br />
Folders.<br />
Process only included public folders - Process all notes posted to<br />
the listed Public Folders.<br />
Process all except excluded public folders - Process all notes<br />
posted to all Public Folders, except the listed ones.<br />
The notes and attachments to be processed in the selected<br />
folders are defined with the Attachments to Scan and Scan<br />
Mail Message Body settings.<br />
Click Add to add a new Public Folder to the list. Click Clear to<br />
remove the selected folder or Clear All to remove all entries from the<br />
list. By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> processes<br />
all Public Folders.<br />
2. Click Next to continue.
CHAPTER 4 113<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Step 7. Specify <strong>Virus</strong> Scanning Settings <strong>for</strong> Public Folders<br />
1. Choose settings <strong>for</strong> virus scanning of Public Folders during the<br />
scheduled operation.<br />
Attachments to scan Specify which message attachments are<br />
checked <strong>for</strong> viruses.<br />
Do not scan attachments <strong>for</strong> viruses - Do not<br />
scan any attachments.<br />
Scan all attachments - Scan all message<br />
attachments.<br />
Scan all attachments with these extensions -<br />
Scan all attachments with specified filename<br />
extensions.<br />
Scan all attachments except with these<br />
extensions - Scan all attachments except those<br />
with specified filename extensions.
114<br />
Scan mail message<br />
body<br />
Enable File Type<br />
Recognition<br />
Action<br />
Action on infected<br />
attachments<br />
You can add new file types on the extensions<br />
lists by typing the file extensions in the file<br />
extensions text boxes. Separate the extensions<br />
by spaces.<br />
Specify whether the body of the e-mail message<br />
should be scanned <strong>for</strong> malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans message bodies.<br />
Although scanning message bodies can slow<br />
down the per<strong>for</strong>mance, it is recommended as a<br />
virus can be carried inside a message body.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
By default, Intelligent File Type Recognition is<br />
disabled during the real-time processing.<br />
Intelligent File Type Recognition strengthens the<br />
security - you can block unsafe content that has<br />
a safe filename extension (<strong>for</strong> example, a<br />
<strong>Microsoft</strong> Word document using the ‘rtf’ filename<br />
extension) and you do not accidentally block<br />
safe content that has unsafe filename extension<br />
(<strong>for</strong> example, a text file using the ‘doc’ filename<br />
extension). Intelligent File Type Recognition can<br />
degrade the system per<strong>for</strong>mance.<br />
Specify whether infected attachments should be<br />
disinfected or dropped.
Quarantine infected<br />
attachments<br />
Send warning<br />
message to the<br />
originator<br />
2. Click Next to continue.<br />
CHAPTER 4 115<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Disinfect attachment - Try to disinfect the<br />
infected attachment. If the disinfection<br />
succeeds, the recipient receives the disinfected<br />
file instead of the original one. If the disinfection<br />
fails, the infected attachment is dropped, and it<br />
is not delivered to the recipient.<br />
Drop attachment - Do not disinfect or deliver<br />
infected attachments. All infected attachments<br />
are dropped.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> tries to disinfect infected attachments.<br />
Specify whether infected attachments should be<br />
placed in the Quarantine or not. For more<br />
in<strong>for</strong>mation, see “Quarantine Management”,<br />
307.<br />
Specify whether to send a warning message to<br />
the originator of the public folder message,<br />
which contained an infected attachment. Click<br />
Edit to edit the message.
116<br />
Step 8. Specify Attachment Stripping Settings <strong>for</strong> Public<br />
Folders<br />
1. Choose settings <strong>for</strong> stripping attachments during the scheduled<br />
operation.<br />
Strip attachments Specify which attachments should be stripped<br />
from messages and public folder notes.<br />
Do not strip - Do not strip any attachments.<br />
Strip all attachments - Strip all attachments from<br />
all messages and notes.<br />
Strip all attachments except these allowed - Strip<br />
all except specified attachments.<br />
Strip only these disallowed attachments - Strip<br />
only specified attachments.
Enable File Type<br />
Recognition<br />
Action<br />
Action on stripped<br />
attachment<br />
Send the<br />
in<strong>for</strong>mational<br />
message to the<br />
originator<br />
CHAPTER 4 117<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
You can add new file types on the attachments<br />
lists by typing the file extensions in the allowed<br />
and disallowed attachments text boxes.<br />
Separate the extensions by spaces.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
Specify whether stripped attachments should be<br />
quarantined or dropped.<br />
Quarantine attachment - All stripped<br />
attachments are placed in the Quarantine. For<br />
more in<strong>for</strong>mation, see “Quarantine<br />
Management”, 307.<br />
Drop attachment - All stripped attachments are<br />
deleted automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> quarantines stripped attachments.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the originator of the message<br />
when an attachment is stripped. Click Edit to<br />
edit the message.
118<br />
Notify administrator Specify whether the administrator should be<br />
notified when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> strips an attachment.<br />
2. Click Next to continue.<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.<br />
Send warning alert - Send a warning alert to the<br />
administrator.<br />
Send security alert - Send a security alert to the<br />
administrator.
Step 9. Finish<br />
CHAPTER 4 119<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
The Scheduled Operation Wizard displays the summary of created<br />
operation. Click Finish accept the new scheduled operation and to exit<br />
the wizard.<br />
4.9 Configuring Alert Forwarding<br />
Alerts are sent if security has been compromised or a program wants to<br />
notify about some specific events, such as starting/stopping modules, low<br />
disk space, etc. Alerts are also sent when a program or operation has<br />
encountered a problem.<br />
4.9.1 Centrally Administered Mode<br />
You can configure where F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
sends alerts by editing the Alert Forwarding table, which is located under<br />
F-<strong>Secure</strong> Management Agent / Settings / Alerting / Alert Forwarding.
120<br />
You can specify where an alert is sent according to its severity level. You<br />
can send the alert to any of the following:<br />
F-<strong>Secure</strong> Policy Manager Console<br />
Windows Event Viewer<br />
E-mail<br />
SNMP.<br />
All events are sent to the log file in addition to other<br />
locations you choose.<br />
Figure 4-3 The Alert Forwarding table in F-<strong>Secure</strong> Policy Manager<br />
You should configure settings in the F-<strong>Secure</strong> Management Agent /<br />
Settings / Alerting / Alerting Agents branch accordingly.<br />
If you choose to <strong>for</strong>ward alerts to e-mail, you will need to specify the<br />
recipient’s e-mail address. This is done as follows:<br />
1. Click Add to add a new row in the E-mail Address table.<br />
2. Type the e-mail address on the new row.<br />
3. Select the types of alerts that are to be sent to this address.<br />
4. Click Apply.<br />
If you choose to send alerts as e-mails to administrators using the SMTP<br />
protocol, you will need to specify the e-mail address of the recipient as<br />
shown below. This dialog opens once you have selected the e-mail<br />
checkbox in the Alert Forwarding table.
Figure 4-4 The Addresses dialog <strong>for</strong> specifying alert recipients<br />
CHAPTER 4 121<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
By default, in<strong>for</strong>mation-level and warning-level alerts are not sent to<br />
F-<strong>Secure</strong> Policy Manager console and are not displayed <strong>for</strong> the user,<br />
either. These lower priority alerts and notifications can be very useful <strong>for</strong><br />
troubleshooting, but enabling their alerting will substantially increase the<br />
number of transmitted alerts. If you have a large domain structure,<br />
specifying very strict alert-<strong>for</strong>warding rules may flood F-<strong>Secure</strong> Policy<br />
Manager console with alerts.<br />
In addition, you can configure the alert target by setting the policy<br />
variables under target-specific branches. For example, F-<strong>Secure</strong><br />
Management Agent / Settings / Alerting / F-<strong>Secure</strong> Policy Manager<br />
Console / Retry Send Interval specifies how often a host will attempt to<br />
send alerts to F-<strong>Secure</strong> Policy Manager console if previous attempts have<br />
failed.<br />
Since F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is a fundamental part of<br />
the network, more alerts will probably be <strong>for</strong>warded from it to F-<strong>Secure</strong><br />
Policy Manager than from other hosts.
122<br />
4.9.2 Stand-Alone Mode<br />
You can configure alert <strong>for</strong>warding by editing the Alert Forwarding table in<br />
the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console. You can<br />
access it from the Home page by clicking the Configure... button in the<br />
F-<strong>Secure</strong> Management Agent section. When the F-<strong>Secure</strong> Management<br />
Agent Configuration page opens, click the Alert Forwarding... button to<br />
open the F-<strong>Secure</strong> Management Agent Configuration > Alert Forwarding<br />
page.<br />
Figure 4-5 F-<strong>Secure</strong> Management Agent Configuration > Alert Forwarding page<br />
You can specify where an alert is sent according to its severity level. You<br />
can send an alert to any of the following:<br />
F-<strong>Secure</strong> Policy Manager Console<br />
Windows Event Viewer<br />
E-mail<br />
SNMP.
CHAPTER 4 123<br />
Using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
To <strong>for</strong>ward alerts to an e-mail, specify the e-mail address of the recipient.<br />
Follow these instructions:<br />
1. Click Add to add a new row in the E-mail Address table.<br />
2. Type the e-mail address on the new row.<br />
3. Select the types of alerts that are to be sent to this address.<br />
4. Click Apply.<br />
4.10 Viewing Alerts<br />
In<strong>for</strong>mational and warning-level alerts are not sent to F-<strong>Secure</strong> Policy<br />
Manager Console by default. If you want to use centralized administration<br />
mode, it is recommended to have all alerts sent to F-<strong>Secure</strong> Policy<br />
Manager Console.<br />
When F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has encountered a<br />
problem, it sends an alert to the administrator. Alerts are also sent if<br />
security has been compromised or a program wants to notify about some<br />
specific events - the product has found a virus, there is not enough disk<br />
space to do some operation, and so on.<br />
Alerts are displayed on the Alerts tab of the Properties pane. When an<br />
alert is received, Alert in the F-<strong>Secure</strong> Policy Manager Console toolbar<br />
will light up. To view the alerts, click Alert. The Alerts tab in the Properties<br />
pane will open.<br />
Every received alert is displayed in the following <strong>for</strong>mat:<br />
Ack Click Ack to acknowledge the alert. If all alerts are<br />
acknowledged, Ack is grayed out.<br />
Severity The severity of the alert. Each severity level has its own<br />
icon:<br />
Info Normal operating in<strong>for</strong>mation from the<br />
host
124<br />
Warning Warning from the host<br />
Error Recoverable error on the host<br />
Fatal error Unrecoverable error on the host<br />
Security<br />
alert<br />
Date/Time Date and time of the alert.<br />
Description Description of the problem.<br />
<strong>Virus</strong> or other security hazard detected<br />
Host/User Name of the host and user where the alert originated.<br />
Product The F-<strong>Secure</strong> product that sent the alert.<br />
When an alert is selected from the list, the Editor pane displays more<br />
specific in<strong>for</strong>mation about the alert.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> reports fatal errors, virus<br />
alerts, and other events as configured in the Alert Forwarding table under<br />
F-<strong>Secure</strong> Management Agent / Settings / Alerting branch.
5<br />
CENTRALLY MANAGED<br />
ADMINISTRATION<br />
Overview................................................................................... 126<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Settings .............. 126<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Statistics ............. 184<br />
F-<strong>Secure</strong> Content Scanner Server Settings ............................. 193<br />
F-<strong>Secure</strong> Content Scanner Server Statistics............................ 208<br />
F-<strong>Secure</strong> Automatic Update Agent Settings............................. 212<br />
F-<strong>Secure</strong> Management Agent Settings .................................... 214<br />
125
126<br />
5.1 Overview<br />
If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is installed in the centrally<br />
administered mode, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is<br />
managed centrally with F-<strong>Secure</strong> Policy Manager. In the centralized<br />
administration mode, you can use the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console to check the current status of F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and to connect to F-<strong>Secure</strong> Web Club<br />
<strong>for</strong> support, but you cannot change any settings with it.<br />
5.2 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Settings<br />
In the centralized administration mode, you can change settings and start<br />
operations using F-<strong>Secure</strong> Policy Manager Console. For more<br />
in<strong>for</strong>mation, see “Using F-<strong>Secure</strong> Policy Manager Console”, 74.<br />
Figure 5-1 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> setting categories<br />
Settings<br />
Language Defines the language used in reports,<br />
alerting and warning messages, and in the<br />
Quarantine in<strong>for</strong>mation.<br />
Currently the only supported language is<br />
English.
CHAPTER 5 127<br />
Centrally Managed Administration<br />
Real-Time Processing Change real-time virus scanning, content<br />
blocking and outbreak management<br />
settings. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> uses these settings while it is<br />
processing mailboxes and Public Folders in<br />
real-time. For more in<strong>for</strong>mation, see<br />
“Real-Time Processing”, 128.<br />
If you have F-<strong>Secure</strong> Spam Control installed,<br />
the Spam Control settings are displayed<br />
under this branch. For settings descriptions,<br />
see “Spam Control Settings in Centrally<br />
Managed Environments”, 328.<br />
Manual Processing Change manual processing settings.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
uses these settings when you manually<br />
process mailboxes and Public Folders. For<br />
more in<strong>for</strong>mation, see “Manual Processing”,<br />
159. For more in<strong>for</strong>mation on how to start<br />
the manual processing, see “Manually<br />
Processing Mailboxes and Public Folders”,<br />
77.<br />
Scheduled Processing Change scheduled processing settings.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
can process mailboxes and Public Folders at<br />
scheduled times. For more in<strong>for</strong>mation, see<br />
“Scheduled Processing”, 174.<br />
Content Scanner Servers Change settings F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> uses to connect to<br />
F-<strong>Secure</strong> Content Scanner Servers. For<br />
more in<strong>for</strong>mation, see “Content Scanner<br />
Servers”, 175.<br />
Quarantine Change Quarantine settings. All infected and<br />
blocked messages and notes can be moved<br />
to the Quarantine. For more in<strong>for</strong>mation, see<br />
“Quarantine”, 178.
128<br />
5.2.1 Real-Time Processing<br />
Reporting Change the address of the notification<br />
sender. For more in<strong>for</strong>mation, see<br />
“Reporting”, 182.<br />
Advanced Change mailbox and Public Folder polling<br />
intervals. For more in<strong>for</strong>mation, see<br />
“Advanced”, 182.<br />
Operations<br />
Reset Statistics<br />
Manual Scanning<br />
You can change real-time virus scanning and content blocking settings<br />
and make changes to the outbreak management settings from the<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> / Settings / Real-Time<br />
Processing branch. You can also define domains that belong to the<br />
internal network of the company.<br />
Figure 5-2 Real-Time Processing settings<br />
Use operations to reset F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> statistics or manually<br />
scan mailboxes and Public Folders <strong>for</strong><br />
viruses. For more in<strong>for</strong>mation, see “Manually<br />
Processing Mailboxes and Public Folders”,<br />
77.
CHAPTER 5 129<br />
Centrally Managed Administration<br />
<strong>Virus</strong> Scanning Change settings used when scanning<br />
messages and attachments <strong>for</strong> viruses in<br />
real-time. For more in<strong>for</strong>mation, see “<strong>Virus</strong><br />
Scanning”, 130.<br />
Content Blocking Change settings used when stripping<br />
attachments in real-time. For more<br />
in<strong>for</strong>mation, see “Content Blocking”, 145.<br />
Spam Control Change settings used when incoming<br />
messages are scanned <strong>for</strong> spam. For more<br />
in<strong>for</strong>mation, see “Spam Control Settings in<br />
Centrally Managed Environments”, 328.<br />
The Spam Control settings branch is<br />
displayed only if you have F-<strong>Secure</strong> Spam<br />
Control installed.<br />
Outbreak Management Change virus outbreak notification settings.<br />
For more in<strong>for</strong>mation, see “Outbreak<br />
Management”, 156.<br />
Internal Domains Define internal domains of the company<br />
network. For more in<strong>for</strong>mation, see “Internal<br />
Domains”, 159.
130<br />
<strong>Virus</strong> Scanning<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> can examine message bodies and attachments,<br />
intercept them and send them to F-<strong>Secure</strong> Content Scanner Server,<br />
which scans them <strong>for</strong> malicious code.<br />
Figure 5-3 Real-Time Processing / <strong>Virus</strong> Scanning settings<br />
Examine Attachments Specify which message attachments are<br />
checked <strong>for</strong> viruses.<br />
All Attachments - Scan all message attachments<br />
in e-mail messages and public folder notes <strong>for</strong><br />
malicious code.<br />
All Attachments with Included Extensions - Scan<br />
all attachments with extensions specified in the<br />
Included Extensions setting.
CHAPTER 5 131<br />
Centrally Managed Administration<br />
All Attachments except Excluded Extensions -<br />
Scan all attachments, except <strong>for</strong> those with<br />
extensions specified in the Excluded Extensions<br />
setting.<br />
Do not Scan - Do not scan any attachments in<br />
e-mail messages and public folder notes.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> examines all files with included<br />
extensions.<br />
Included Extensions Specify extensions of attachments to be<br />
scanned if the Examine Attachments setting is<br />
set to All Files with Included Extensions.<br />
Excluded Extensions Specify extensions of files that are not scanned<br />
if the Examine Attachments setting is set to All<br />
Attachments except Excluded Extensions.<br />
Action On Infected<br />
Attachments<br />
You can modify Included Extensions and<br />
Excluded Extensions lists as needed. Separate<br />
each extension by a space (‘ ‘). Wildcards * and<br />
? can be used. To specify the files that have no<br />
extension, type a dot ('.').<br />
Specify whether infected attachments should be<br />
disinfected or dropped.<br />
Disinfect - Try to disinfect the infected<br />
attachment. If the disinfection succeeds, the<br />
recipient receives the disinfected file instead of<br />
the original one. If the disinfection fails, the<br />
infected attachment is dropped, and it is not<br />
delivered to the recipient.<br />
Drop - Do not disinfect or deliver infected<br />
attachments. All infected attachments are<br />
dropped.
132<br />
Quarantine Infected<br />
Attachments<br />
<strong>Virus</strong> In<strong>for</strong>mational<br />
File Text<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> disinfects infected attachments.<br />
Specify whether infected or suspicious<br />
attachments should be quarantined.<br />
Yes - All infected and suspicious attachments<br />
are placed to the Quarantine. For more<br />
in<strong>for</strong>mation, see “Quarantine”, 178.<br />
No - Infected and suspicious attachments are<br />
not quarantined.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> places all infected attachments to the<br />
Quarantine.<br />
If the infected attachment is dropped, F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> replaces it<br />
with the <strong>Virus</strong> In<strong>for</strong>mational File. Specify the text<br />
of the replacement file. For more in<strong>for</strong>mation<br />
about the variables you can use in the text, see<br />
“Variables in Warning Messages”, 364.<br />
Scan Message Body Specify whether the body of the e-mail message<br />
should be scanned <strong>for</strong> malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans the message body.<br />
Although scanning message bodies can slow<br />
down the per<strong>for</strong>mance, it is recommended as<br />
some viruses can be carried inside message<br />
bodies.<br />
Scan OLE Objects Specify whether linked and embedded OLE<br />
objects in messages should be scanned <strong>for</strong><br />
malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans OLE objects.
Intelligent File Type<br />
Recognition<br />
CHAPTER 5 133<br />
Centrally Managed Administration<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
By default, Intelligent File Type Recognition is<br />
disabled during the real-time processing.<br />
Intelligent File Type Recognition strengthens the<br />
security - you can block unsafe content that has<br />
a safe filename extension (<strong>for</strong> example, a<br />
<strong>Microsoft</strong> Word document using the ‘rtf’ filename<br />
extension) and you do not accidentally block<br />
safe content that has unsafe filename extension<br />
(<strong>for</strong> example, a text file using the ‘doc’ filename<br />
extension). Intelligent File Type Recognition can<br />
degrade the system per<strong>for</strong>mance.
134<br />
Inbound Mail<br />
Figure 5-4 Real-Time Processing / <strong>Virus</strong> Scanning / Inbound Mail settings
CHAPTER 5 135<br />
Centrally Managed Administration<br />
Trusted Mailboxes Define users’ mailboxes that should be<br />
excluded from real-time virus scanning.<br />
Stop the Whole Message<br />
if Infection Found<br />
To add mailboxes to the table, click Add in<br />
the Editor pane of F-<strong>Secure</strong> Policy Manager<br />
Console. A new table row appears.<br />
Double-click the Mailbox cell and enter the<br />
name of the trusted mailbox.<br />
It is not safe to use trusted mailboxes. You<br />
should not send or copy messages from<br />
trusted mailboxes to other mailboxes. Keep<br />
all trusted mailboxes on a separate message<br />
store, as messages are scanned always<br />
when they are sent to another store.<br />
Specify whether F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> should stop inbound<br />
messages that contain malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not stop these messages.<br />
Yes - Inbound messages with infected<br />
attachment(s) will be stopped completely.<br />
No - Infected attachments will be<br />
automatically disinfected or dropped from<br />
inbound messages.<br />
In both cases, a warning message will be<br />
sent to the sender if Send Warning Message<br />
to Sender is set to Yes.
136<br />
Add Warning Message Specify whether a virus warning message<br />
should be added to the mail message which<br />
had infected content and which goes to the<br />
original message recipient. If you want to<br />
add the warning message, the original<br />
message is embedded in the virus warning<br />
message without the infected attachment.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> adds the virus warning message.<br />
Warning Subject Specify the subject of the virus warning<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364.<br />
Warning Message Specify the text of the warning message. For<br />
more in<strong>for</strong>mation about the variables you<br />
can use in the text, see “Variables in<br />
Warning Messages”, 364.<br />
Send Warning Message<br />
To Sender<br />
Warning Subject For<br />
Sender<br />
Specify whether a virus warning message<br />
should be sent to the sender of the mail<br />
message which had infected content. If you<br />
want to add the warning message, the<br />
original message is attached to the virus<br />
warning message without the infected<br />
attachment.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send the virus warning<br />
message to the sender.<br />
Specify the subject of the virus warning<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364.
Warning Message For<br />
Sender<br />
Proactive <strong>Virus</strong> Threat<br />
Detection<br />
CHAPTER 5 137<br />
Centrally Managed Administration<br />
Specify the text of the warning message. For<br />
more in<strong>for</strong>mation about the variables you<br />
can use in the text, see “Variables in<br />
Warning Messages”, 364.<br />
The virus warning message will be sent to<br />
the sender of the infected message only if<br />
the sender belongs to an internal domain<br />
that has been defined in the Internal<br />
Domains settings. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> does not send the<br />
warning message outside the company<br />
domain. For more in<strong>for</strong>mation, see “Internal<br />
Domains”, 159.<br />
Specify whether proactive virus threat<br />
detection is enabled or disabled.<br />
Proactive virus threat detection can identify<br />
new and unknown e-mail malware, including<br />
viruses and worms.<br />
When proactive virus threat detection is<br />
enabled, the product analyzes inbound<br />
e-mail messages <strong>for</strong> possible security<br />
threats. All possibly harmful messages are<br />
quarantined as unsafe.<br />
Unsafe messages can be reprocessed<br />
periodically, as antivirus updates may<br />
confirm the unsafe message as safe or<br />
infected.<br />
When proactive virus threat detection is<br />
disabled, inbound mails are only scanned by<br />
antivirus engines.
138<br />
Outbound<br />
Figure 5-5 Real-Time Processing / <strong>Virus</strong> Scanning / Outbound Mail settings
Stop The Whole<br />
Message If Infection<br />
Found<br />
CHAPTER 5 139<br />
Centrally Managed Administration<br />
Specify whether all outgoing messages that<br />
have infected content should be stopped or<br />
not.<br />
Yes - Stop all outbound messages with<br />
infected content completely.<br />
No - Disinfect or drop the infected<br />
attachment be<strong>for</strong>e sending the outbound<br />
message.<br />
In both cases a warning message is sent to<br />
the sender if the Send Warning Message to<br />
Sender setting is set to Yes.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> stops the whole message.<br />
A note about MAPI clients:<br />
If you set F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> to disinfect<br />
infected files and to stop the whole message if an infection is<br />
found, messages that are sent from MAPI clients are not stopped if<br />
they can be disinfected. Messages are scanned and disinfected<br />
when they are in the Outbox. When a message leaves the Outbox<br />
folder, it does not contain malicious code anymore, so it is not<br />
stopped.
140<br />
Send Warning Message<br />
To Sender<br />
Specify whether a virus warning message<br />
should be sent to the sender of the mail<br />
message which had infected content. If you<br />
want to add the warning message, the<br />
original message is embedded in the virus<br />
warning message.<br />
The warning is sent only if the sender of the<br />
message with the infected attachment is an<br />
internal user. No warnings will be sent<br />
outside the organization.<br />
Warning Subject Specify the subject of the virus warning<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364.<br />
Warning Message Specify the text of the warning message. For<br />
more in<strong>for</strong>mation about the variables you<br />
can use in the text, see “Variables in<br />
Warning Messages”, 364.<br />
If the sender sends an infected message to<br />
internal and external recipients, the sender<br />
can receive two warning messages about<br />
the same infection.<br />
Add Disclaimer Specify whether you want to add a<br />
disclaimer to all outgoing messages.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> adds a disclaimer.<br />
Disclaimer Specify the disclaimer text.<br />
Proactive <strong>Virus</strong> Threat<br />
Detection<br />
Specify whether proactive virus threat<br />
detection is enabled or disabled.
Public Folders<br />
CHAPTER 5 141<br />
Centrally Managed Administration<br />
Proactive virus threat detection can identify<br />
new and unknown e-mail malware, including<br />
viruses and worms.<br />
When proactive virus threat detection is<br />
enabled, the product analyzes inbound<br />
e-mail messages <strong>for</strong> possible security<br />
threats. All possibly harmful messages are<br />
quarantined as unsafe.<br />
Unsafe messages can be reprocessed<br />
periodically, as antivirus updates may<br />
confirm the unsafe message as safe or<br />
infected.<br />
When proactive virus threat detection is<br />
disabled, inbound mails are only scanned by<br />
antivirus engines.<br />
The Real-Time Processing / Public Folders settings include real-time<br />
scanning <strong>for</strong> viruses and real-time stripping of attachments. Real-time<br />
scanning of Public Folders checks all notes posted to Public Folders <strong>for</strong><br />
malicious code. Real-time scanning <strong>for</strong> viruses removes infected<br />
attachments from Public Folder notes.
142<br />
Figure 5-6 Real-Time Processing / <strong>Virus</strong> Scanning / Public Folders settings
CHAPTER 5 143<br />
Centrally Managed Administration<br />
Examine Public Folders Specify Public Folders that should be<br />
processed in real-time.<br />
Process All Public Folders - Process all<br />
notes posted to all Public Folders.<br />
Process Only Included Folders - Process all<br />
notes posted to the Public Folders specified<br />
in the Included Folders setting.<br />
Process All except Excluded Folders -<br />
Process all notes posted to all Public<br />
Folders, except those specified in the<br />
Excluded Folders setting.<br />
Do not Process Public Folders - Do not<br />
process any Public Folders.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> processes all Public Folders.<br />
Included Folders Specify Public Folders to be scanned <strong>for</strong><br />
viruses if the Examine Public Folders setting<br />
is set to Process Only Included Folders.<br />
Excluded Folders Specify Public Folders to be excluded from<br />
scanning if the Examine Public Folders<br />
setting is set to Process All except Excluded<br />
Folders.<br />
To add Public Folders to Included Folders and Excluded Folders<br />
table, click Add in the Editor pane of F-<strong>Secure</strong> Policy Manager<br />
Console. Double-click the Folder Name cell in the new table row<br />
and enter the name and path of the Public Folder. Double-click the<br />
Include Subfolders cell and select Yes if you want to include or<br />
exclude all subfolders of the folder you entered.<br />
The folder name should start from the name of the Public folder<br />
tree. You can use wildcards in folder names.<br />
All infected messages which are sent to public folders with Outlook<br />
WebAccess are disinfected or dropped regardless of the Examine<br />
Public Folders setting.
144<br />
Send Warning Message<br />
To Originator<br />
Specify whether a virus warning message<br />
should be sent to the original writer of the<br />
note which had infected content that was not<br />
disinfected.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends the virus warning message<br />
to the originator.<br />
The warning will be sent only if the originator<br />
of the note with the infected attachment<br />
belongs to an internal domain. This means<br />
that no warnings will be sent outside the<br />
company.<br />
Warning Subject Specify the subject of the virus warning<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364.<br />
Warning Message Specify the text of the warning message. For<br />
more in<strong>for</strong>mation about the variables you<br />
can use in the text, “Variables in Warning<br />
Messages”, 364.
Content Blocking<br />
CHAPTER 5 145<br />
Centrally Managed Administration<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can strip unwanted<br />
attachments and filter content from inbound and outbound messages<br />
during the on-access scanning of mailboxes.<br />
Figure 5-7 Content Blocking settings categories<br />
On-Access Specify the settings used during the<br />
on-access scanning of messages.<br />
Inbound Mail Inbound mail includes all e-mail messages<br />
coming into the <strong>Microsoft</strong> <strong>Exchange</strong><br />
In<strong>for</strong>mation Store from external sources<br />
such as an SMTP server. It also includes all<br />
internal mail that someone inside the<br />
organization sends to another mailbox which<br />
is inside the organization. For more<br />
in<strong>for</strong>mation, see “Internal Domains”, 159.<br />
Inbound Mail settings consist of the following<br />
settings:<br />
Trusted Mailboxes - Define users’ mailboxes<br />
that should be excluded from real-time<br />
attachment stripping and content filtering.
146<br />
It is not safe to use trusted mailboxes. You<br />
should not send or copy messages from<br />
trusted mailboxes to other mailboxes. Keep<br />
all trusted mailboxes on a separate message<br />
store, as messages are scanned always<br />
when they are sent to another store.<br />
If you are using F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> in centrally managed<br />
mode and have multiple <strong>Microsoft</strong> <strong>Exchange</strong><br />
servers running under the same domain,<br />
only those trusted mailboxes that belong to<br />
the current server are trusted.<br />
Stripping Attachments - Define attachments<br />
that should be stripped from inbound<br />
messages. For more in<strong>for</strong>mation, see<br />
“Stripping Attachments”, 147.<br />
Content Filtering - Define how inbound<br />
content should be filtered based on<br />
keywords. For more in<strong>for</strong>mation, see<br />
“Content Filtering”, 151.<br />
Outbound Mail Outbound mail includes all e-mail messages<br />
which leave the <strong>Microsoft</strong> <strong>Exchange</strong><br />
In<strong>for</strong>mation Store and go out via SMTP.<br />
Outbound Mail settings consist of the<br />
following settings:<br />
Stripping Attachments - Define attachments<br />
that should be stripped from outbound<br />
messages.For more in<strong>for</strong>mation, see<br />
“Stripping Attachments”, 147.<br />
Content Filtering - Define how outbound<br />
content should be filtered based on<br />
keywords. For more in<strong>for</strong>mation, see<br />
“Content Filtering”, 151.
Stripping Attachments<br />
CHAPTER 5 147<br />
Centrally Managed Administration<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be configured to remove<br />
attachments in real-time from inbound and outbound messages and<br />
during the on-access scanning by their file name or the file extension<br />
even without scanning them <strong>for</strong> malicious code.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can strip attachments from<br />
mailboxes and Public Folders when you run the manual scan. For more<br />
in<strong>for</strong>mation, see “Manual Processing”, 159. For more in<strong>for</strong>mation on how<br />
to run the manual scan, see “Manually Processing Mailboxes and Public<br />
Folders”, 77.<br />
Figure 5-8 The Stripping Attachments settings in On-Access, Inbound Mail and<br />
Outbound Mail branches<br />
Strip Attachments Specify which attachments should be<br />
stripped from messages and Public Folder<br />
notes.<br />
Disabled - Do not strip any attachments.<br />
All Files - Strip all attachments from all<br />
messages and notes.
148<br />
All Disallowed Attachments - Strip all<br />
attachments specified in the Disallowed<br />
Attachments setting.<br />
All Attachments Except Allowed - Strip all<br />
attachments except those specified in the<br />
Allowed Attachments setting.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> strips all disallowed attachments.<br />
Allowed Attachments Specify attachments that should not be<br />
stripped if the Strip Attachments setting is<br />
set to All Attachments Except Allowed.<br />
Disallowed Attachments Specify attachments that should be stripped<br />
if the Strip Attachments setting is set to All<br />
Disallowed Attachments.<br />
Intelligent File Type<br />
Recognition<br />
You can modify Allowed Attachments and<br />
Disallowed Attachments lists as needed.<br />
Separate each extension by a comma (‘,‘).<br />
Wildcards * and ? can be used. To specify<br />
the files that have no extension, type a dot<br />
('.').<br />
Trojans and other malicious code can<br />
disguise themselves with filename<br />
extensions which are usually considered<br />
safe to use. Intelligent File Type Recognition<br />
can recognize the real file type of the<br />
message attachment and use that while the<br />
attachment is processed. Specify whether<br />
you want to use Intelligent File Type<br />
Recognition or not.<br />
By default, the Intelligent File Type<br />
Recognition is disabled during the real-time<br />
processing and enabled during the manual<br />
processing.
Action on Stripped<br />
Attachments<br />
Add In<strong>for</strong>mational<br />
Message<br />
CHAPTER 5 149<br />
Centrally Managed Administration<br />
Specify whether stripped attachments should<br />
be quarantined or dropped.<br />
Quarantine - All stripped attachments are<br />
placed in the Quarantine. For more<br />
in<strong>for</strong>mation, see “Quarantine”, 178.<br />
Drop - All stripped attachments are deleted<br />
automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> quarantines stripped attachments.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be added to the mail message which<br />
originally had the stripped attachment.<br />
During the on-access scanning, the<br />
in<strong>for</strong>mational message can be sent to the<br />
mailbox owner or to the originator of an<br />
infected message or an infected Public<br />
Folder note.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not add the in<strong>for</strong>mational<br />
message.<br />
In<strong>for</strong>mational Subject Specify the subject of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364.<br />
In<strong>for</strong>mational Message Specify the text of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the text, see<br />
“Variables in Warning Messages”, 364.<br />
The in<strong>for</strong>mational message cannot be added<br />
to outbound messages.
150<br />
Notify Administrator Specify whether the administrator should be<br />
notified when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> strips an attachment.<br />
Send In<strong>for</strong>mational<br />
Message To Sender<br />
In<strong>for</strong>mational Subject For<br />
Sender<br />
In<strong>for</strong>mational Message<br />
For Sender<br />
No Alerts - Do not send any notification to<br />
the administrator.<br />
In<strong>for</strong>mational - Send an in<strong>for</strong>mational alert to<br />
the administrator.<br />
Warning - Send a warning alert to the<br />
administrator.<br />
Security - Send a security alert to the<br />
administrator.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends an in<strong>for</strong>mational alert to the<br />
administrator. For more in<strong>for</strong>mation, see<br />
“Configuring Alert Forwarding”, 119.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the sender of the mail<br />
message which had the stripped attachment.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send in<strong>for</strong>mational<br />
message to the sender.<br />
Specify the subject of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364.<br />
Specify the text of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the text, see<br />
“Variables in Warning Messages”, 364.
Content Filtering<br />
CHAPTER 5 151<br />
Centrally Managed Administration<br />
The in<strong>for</strong>mational message will be sent to the sender of the<br />
stripped attachment only if the sender belongs to the internal<br />
domain. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> does not send<br />
the in<strong>for</strong>mational message outside the company domain. For more<br />
in<strong>for</strong>mation, see “Internal Domains”, 159.<br />
If a message contains some stripped and some disinfected<br />
content, the message is considered to be infected. In these cases,<br />
the only message that is sent is the virus warning message, and no<br />
in<strong>for</strong>mational messages about the stripped attachment is sent.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be configured to filter<br />
messages in real-time from inbound and outbound mail traffic based on a<br />
list of keywords that have been defined as denied. You can specify a<br />
separate list of keywords <strong>for</strong> message subjects and message text.
152<br />
Figure 5-9 Real-Time Processing / Content Blocking / Inbound Mail / Content<br />
Filtering settings
CHAPTER 5 153<br />
Centrally Managed Administration<br />
Filter content Specify whether keyword-based content<br />
filtering should be enabled or disabled.<br />
Disallowed Keywords in<br />
Message Subject<br />
Disallowed Keywords in<br />
Message Text<br />
Action on Disallowed<br />
Content<br />
By default keyword-based content filtering is<br />
disabled.<br />
Specify disallowed keywords in message<br />
subject. When Content Filtering is enabled,<br />
messages that have these keywords in their<br />
subjects are filtered out. The action to take<br />
on these messages depends on the Action<br />
on Disallowed Content setting (see below).<br />
Specify disallowed keywords in message<br />
bodies. When Content Filtering is enabled,<br />
messages that have these keywords in the<br />
body text are filtered out.<br />
Specify whether filtered messages should be<br />
quarantined or dropped.<br />
Quarantine - All filtered messages are<br />
placed in the Quarantine. For more<br />
in<strong>for</strong>mation, see “Quarantine”, 178.<br />
Drop - All filtered messages are deleted<br />
automatically.
154<br />
Send In<strong>for</strong>mational<br />
Message to Recipient<br />
In<strong>for</strong>mational Subject <strong>for</strong><br />
Recipient<br />
In<strong>for</strong>mational Message<br />
<strong>for</strong> Recipient<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the recipient of the<br />
disallowed content that was filtered. (This<br />
setting exists in the Inbound Mail branch<br />
only.)<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send the in<strong>for</strong>mational<br />
message.<br />
The in<strong>for</strong>mational message will be sent only<br />
if the recipient of the message with the<br />
disallowed content is an internal user. This<br />
means that no in<strong>for</strong>mational messages will<br />
be sent outside the company.<br />
Specify the subject of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364. (This<br />
setting exists in the Inbound Mail branch<br />
only.)<br />
Specify the text of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the text, “Variables<br />
in Warning Messages”, 364. (This setting<br />
exists in the Inbound Mail branch only.)
CHAPTER 5 155<br />
Centrally Managed Administration<br />
Notify Administrator Specify whether an alert should be sent to<br />
the administrator when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> filters a message,<br />
and what type of an alert it should be.<br />
Send In<strong>for</strong>mational<br />
Message to Sender<br />
No Alerts - Do not send any notification to<br />
the administrator.<br />
In<strong>for</strong>mational - Send an in<strong>for</strong>mational alert to<br />
the administrator.<br />
Warning - Send a warning alert to the<br />
administrator.<br />
Security - Send a security alert to the<br />
administrator.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends an in<strong>for</strong>mational alert to the<br />
administrator. For more in<strong>for</strong>mation, see<br />
“Configuring Alert Forwarding”, 119.<br />
F-<strong>Secure</strong> Management Agent alert<br />
<strong>for</strong>warding table controls where alerts with<br />
certain severity level will be sent.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the sender of the<br />
disallowed content which was dropped or<br />
quarantined. (This setting exists in the<br />
Outbound Mail branch only.)<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send in<strong>for</strong>mational<br />
message to the sender.
156<br />
In<strong>for</strong>mational Subject <strong>for</strong><br />
Sender<br />
In<strong>for</strong>mational Message<br />
<strong>for</strong> Sender<br />
Outbreak Management<br />
Specify the subject of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line, see<br />
“Variables in Warning Messages”, 364. (This<br />
setting exists in the Outbound Mail branch<br />
only.)<br />
Specify the text of the in<strong>for</strong>mational<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the text, see<br />
“Variables in Warning Messages”, 364. (This<br />
setting exists in the Outbound Mail branch<br />
only.)<br />
The in<strong>for</strong>mational message will be sent to<br />
the sender of the disallowed content only if<br />
the sender belongs to the internal domain.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
does not send the in<strong>for</strong>mational message<br />
outside the company domain. For more<br />
in<strong>for</strong>mation, see “Internal Domains”, 159.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can alert administrators when<br />
the number of infections detected within a specified time frame exceeds a<br />
specified value.
Figure 5-10 Real-Time Processing / Outbreak Management settings<br />
Notify When Number Of<br />
Infections Detected<br />
Exceeds<br />
Notify When Number Of<br />
Infections Detected<br />
Within<br />
CHAPTER 5 157<br />
Centrally Managed Administration<br />
Specify the number of infected objects that<br />
should be found within the time period<br />
specified in the Notify When Number Of<br />
Infections Detected Within setting, which<br />
should be considered as a virus outbreak.<br />
Use the value zero (0) to disable the<br />
outbreak notification.<br />
By default, the outbreak notification is<br />
disabled (0).<br />
Specifies the outbreak notification time<br />
frame.<br />
By default, the time frame is 30 minutes.
158<br />
Send Security Alert Specify whether a security alert should be<br />
sent to the administrator when a virus<br />
outbreak is detected. For more in<strong>for</strong>mation,<br />
see “Configuring Alert Forwarding”, 119.-<br />
Send Outbreak<br />
Notification<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends the security alert.<br />
Specify whether outbreak notification e-mail<br />
should be sent to the notification addresses<br />
specified in the Notification Addresses<br />
setting when a virus outbreak is detected.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send the outbreak<br />
notification.<br />
Notification Addresses Specify the e-mail addresses of the<br />
recipients who should receive the outbreak<br />
notification e-mail. Separate each address<br />
with a comma (‘,’) or space (‘ ‘).<br />
Notification Subject Specify the subject of the outbreak<br />
notification e-mail message. For more<br />
in<strong>for</strong>mation about the variables you can use<br />
in the subject line, see “Variables in Warning<br />
Messages”, 364.<br />
Notification Message Specify the text of the outbreak notification<br />
e-mail message. For more in<strong>for</strong>mation about<br />
the variables you can use in the text, see<br />
“Variables in Warning Messages”, 364.<br />
Run Outbreak Handler<br />
Script<br />
Specify whether an outbreak handler script<br />
should be run when a virus outbreak is<br />
detected.
Internal Domains<br />
5.2.2 Manual Processing<br />
CHAPTER 5 159<br />
Centrally Managed Administration<br />
Outbreak Handler Script Specify the pathname and filename of an<br />
external program or script that should be run<br />
when a virus outbreak is detected. Use<br />
quotation marks if the path or the filename<br />
contains spaces, <strong>for</strong> example “C:\Program<br />
Files\Example\Outbreak Detected.exe”.<br />
You can use the following environment<br />
variables in the script:<br />
$INTERVAL-MINUTES - The outbreak<br />
detection interval in minutes.<br />
$INFECTIONS-LIMIT - The number of<br />
infections that must be found within the<br />
specified detection interval to trigger the<br />
outbreak alert.<br />
$INFECTIONS-FOUND - The actual number<br />
of infections found within detection interval.<br />
If you want to run a batch file, use the <strong>for</strong>mat<br />
“cmd batch.bat”.<br />
Specify the domains which should be considered to be internal domains.<br />
All messages which are going to internal domains are considered to be<br />
inbound messages. Separate each domain name with a space. You can<br />
use * wildcard, <strong>for</strong> example, *example.com.<br />
Variables located under F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> /<br />
Settings / Manual Processing / Common configure the options that are<br />
common <strong>for</strong> manual scans of mailboxes and Public Folders. For<br />
in<strong>for</strong>mation how to manually process mailboxes and Public Folders, see<br />
“Manually Processing Mailboxes and Public Folders”, 77.
160<br />
Figure 5-11 Manual Processing settings categories<br />
Common Specify whether you want to process all<br />
messages every time you manually process<br />
mailboxes and Public Folders, or just the<br />
messages that have not been processed yet.<br />
For more in<strong>for</strong>mation, see “Common”, 161.<br />
Mailboxes Specify manual mailbox processing settings.<br />
For more in<strong>for</strong>mation, see “Mailboxes”, 163.<br />
Public Folders Specify manual Public Folder processing<br />
settings. For more in<strong>for</strong>mation, see “Public<br />
Folders”, 169.
Common<br />
Figure 5-12 Manual Processing / Common settings<br />
CHAPTER 5 161<br />
Centrally Managed Administration<br />
Incremental Scanning Specify whether you want to process all<br />
messages or only those messages that have<br />
not been processed previously.<br />
All Messages - Process all messages every<br />
time you run a manual scan.<br />
Only Recent Messages - Process only<br />
recent messages, which have not been<br />
processed previously.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> processes only recent messages.<br />
You can process all messages <strong>for</strong> example<br />
after the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> virus definition database has been<br />
updated. For more in<strong>for</strong>mation, see<br />
“Updating <strong>Virus</strong> and Spam Definition<br />
Databases” on page 70.
162<br />
Number of Concurrent<br />
Transactions<br />
Specify how many concurrent transactions<br />
the scanner can have with F-<strong>Secure</strong> Content<br />
Scanner Server.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> uses two concurrent transactions<br />
with F-<strong>Secure</strong> Content Scanner Server.<br />
You can increase the per<strong>for</strong>mance on a<br />
multiprocessor system by increasing the<br />
number of concurrent transactions.
Mailboxes<br />
Figure 5-13 Manual Processing / Mailboxes settings<br />
CHAPTER 5 163<br />
Centrally Managed Administration<br />
Examine Mailboxes Specify which mailboxes should be<br />
processed during the manual scanning.<br />
Process Only Included Mailboxes - Process<br />
all mailboxes specified in the Included<br />
Mailboxes setting.<br />
Process All Except Excluded Mailboxes -<br />
Process all mailboxes, except those<br />
specified in the Excluded Mailboxes setting.<br />
Process All Mailboxes - Process all<br />
mailboxes.<br />
Don't Process Mailboxes - Do not process<br />
any mailboxes.
164<br />
Examine Mailboxes By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> examines all mailboxes.<br />
Included Mailboxes Specify mailboxes that should be scanned if<br />
the Examine Mailboxes setting is set to<br />
Process Only Included Mailboxes.<br />
Excluded Mailboxes Specify mailboxes that should not be<br />
scanned if the Examine Mailboxes setting is<br />
set to Process All Except Excluded<br />
Mailboxes.<br />
To add a new mailbox to Included and Excluded Mailboxes lists,<br />
click Add in the Editor pane of F-<strong>Secure</strong> Policy Manager Console.<br />
Then, double-click the Mailbox cell and enter the name of the<br />
mailbox to be included.<br />
Check the Inbox, Outbox, Sent Items and Deleted Items check<br />
boxes to include or exclude them from the scan. The Others check<br />
box contains all other folders of the selected mailbox. You can<br />
change whether folders should be included or excluded from the<br />
scan by double-clicking the cell and selecting either Yes or No.<br />
Attachments To Scan Specify which attachments should be<br />
scanned <strong>for</strong> viruses.<br />
All Attachments with Included Extensions -<br />
Scan all attachments with extensions<br />
specified under the Included Extensions<br />
setting.<br />
All Attachments Except Excluded<br />
Extensions - Scan all attachments, except<br />
the ones with extensions specified under the<br />
Excluded Extensions setting.<br />
All Attachments - Scan all attachments.<br />
None - Do not scan attachments.
CHAPTER 5 165<br />
Centrally Managed Administration<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans all files.<br />
Included Extensions Specify extensions of attachments to be<br />
scanned if the Examine Mailboxes setting is<br />
set to All Attachments with Included<br />
Extensions.<br />
Excluded Extensions Specify extensions of files that are not<br />
scanned if the Examine Mailboxes setting is<br />
set to All Attachments except Excluded<br />
Extensions.<br />
Intelligent File Type<br />
Recognition<br />
You can modify the default set of Included<br />
and Excluded Extensions as needed.<br />
Separate each extension by a space (‘ ‘).<br />
Wildcards * and ? can be used. To specify<br />
the files that have no extension, type a dot<br />
('.').<br />
Trojans and other malicious code can<br />
disguise themselves with filename<br />
extensions which are usually considered<br />
safe to use. Intelligent File Type Recognition<br />
can recognize the real file type of the<br />
message attachment and use that while the<br />
attachment is processed. Specify whether<br />
you want to use Intelligent File Type<br />
Recognition or not.<br />
By default, the Intelligent File Type<br />
Recognition is enabled during the manual<br />
processing.
166<br />
Action On Infected<br />
Attachments<br />
Send Warning Message<br />
To Mailbox Owner<br />
Specify whether infected attachments<br />
should be disinfected or dropped.<br />
Disinfect - Try to disinfect the infected<br />
attachment. If the disinfection succeeds, the<br />
recipient receives the disinfected file instead<br />
of the original one. If the disinfection fails,<br />
the infected attachment is dropped, and it is<br />
not delivered to the recipient.<br />
Drop - Do not disinfect or deliver infected<br />
attachments. All infected attachments are<br />
dropped.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> disinfects infected attachments.<br />
Specify whether a virus warning message<br />
should be sent to the mailbox owner of the<br />
mail message which had infected content. If<br />
you want to add the warning message, the<br />
original message is embedded in the virus<br />
warning message.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends the warning message to<br />
mailbox owner.<br />
Warning Subject Specify the subject of the virus warning<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line,<br />
see “Variables in Warning Messages”, 364.<br />
Warning Message Specify the text of the warning message.<br />
For more in<strong>for</strong>mation about the variables<br />
you can use in the text, see “Variables in<br />
Warning Messages”, 364.
Quarantine Infected<br />
Attachments<br />
CHAPTER 5 167<br />
Centrally Managed Administration<br />
Specify whether infected attachments<br />
should be placed in the Quarantine or not.<br />
Yes - All infected and dropped attachments<br />
are placed in the Quarantine. For more<br />
in<strong>for</strong>mation, “Quarantine”, 178.<br />
No - All infected and dropped files are<br />
deleted automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> places infected attachments in<br />
the Quarantine.<br />
Scan Message Body Specify whether the body of the e-mail<br />
message should be scanned <strong>for</strong> malicious<br />
code. As some viruses can be carried inside<br />
a message body, it is recommended to scan<br />
them. Scanning message bodies can slow<br />
down the per<strong>for</strong>mance.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans message body.
168<br />
Stripping Attachments<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be configured to remove<br />
attachments according to the file name or the file extension, without even<br />
scanning them <strong>for</strong> malicious code. Using the variables under the Manual<br />
Scanning / Mailboxes / Stripping Attachments branch you can configure<br />
the options <strong>for</strong> stripping attachments during manual processing of the<br />
mailboxes.<br />
-<br />
Figure 5-14 Manual Processing / Mailboxes / Stripping Attachments settings<br />
For more in<strong>for</strong>mation, see “Stripping Attachments”, 147.
Public Folders<br />
CHAPTER 5 169<br />
Centrally Managed Administration<br />
Use the variables under Manual Scanning / Public Folders to configure<br />
options <strong>for</strong> manual processing of Public Folders.<br />
Figure 5-15 Manual Processing / Public Folders settings<br />
Examine Public Folders Specify Public Folders that should be<br />
scanned <strong>for</strong> viruses.<br />
Process Only Included Folders - Process all<br />
notes posted to the Public Folders specified<br />
in the Included Folders setting.<br />
Process All Except Excluded Folders -<br />
Process all notes posted to all Public<br />
Folders, except those specified in the<br />
Excluded Folders setting.<br />
Process All Public Folders - Process all<br />
notes posted to all Public Folders.
170<br />
Don't Process Public Folders - Do not<br />
process any Public Folders <strong>for</strong> viruses.<br />
The notes and attachments to be processed<br />
in the selected folders are defined with the<br />
Attachments to Scan and Scan Message<br />
Body settings.<br />
Examine Public Folders By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> processes all Public Folders.<br />
Included Folders Specify Public Folders to be scanned <strong>for</strong><br />
viruses if the Examine Public Folders setting<br />
is set to Scan Only Included Folders.<br />
Excluded Folders Specify Public Folders to be excluded from<br />
scanning if the Examine Public Folders<br />
setting is set to Scan All Except Excluded<br />
Folders.<br />
To add Public Folders to Included and<br />
Excluded Folders tables, click Add in the<br />
Editor pane of F-<strong>Secure</strong> Policy Manager<br />
Console. Double-click the Folder Name cell<br />
and enter the name and path of the Public<br />
Folder. Double-click the Include Subfolders<br />
cell and select Yes if you want to include or<br />
exclude all subfolders of the folder you<br />
entered.<br />
You can use ‘\*’ to specify folders that have<br />
not been specified otherwise.
CHAPTER 5 171<br />
Centrally Managed Administration<br />
Attachments To Scan Specify which attachments will be checked<br />
<strong>for</strong> malicious code during the manual<br />
processing of Public folders.<br />
All Attachments - All attachments will be<br />
checked <strong>for</strong> malicious code during the<br />
manual processing.<br />
All Attachments with Included Extensions -<br />
Only attachments with extensions specified<br />
in the Included Extensions setting will be<br />
scanned.<br />
All Attachments except Excluded<br />
Extensions - All attachments will be<br />
scanned, except files with the extensions<br />
specified in the Excluded Extensions<br />
setting.<br />
None - Attachments will not be checked <strong>for</strong><br />
malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans all attachments.<br />
Included Extensions Specify attachments that should be scanned<br />
if the Attachments To Scan setting is set to<br />
All Attachments with Included Extensions.<br />
Excluded Extensions Specify extensions of files that are not<br />
scanned if the Attachments To Scan setting<br />
is set to All Attachments except Excluded<br />
Extensions.<br />
You can modify the default Included and<br />
Excluded Extensions lists as needed.<br />
Separate each extension by a space (‘ ‘).<br />
Wildcards * and ? can be used. To specify<br />
the files that have no extension, type a dot<br />
('.').
172<br />
Intelligent File Type<br />
Recognition<br />
Action On Infected<br />
Attachments<br />
Action On Infected<br />
Attachments<br />
Send Warning Message<br />
To Originator<br />
Trojans and other malicious code can<br />
disguise themselves with filename<br />
extensions which are usually considered<br />
safe to use. Intelligent File Type Recognition<br />
can recognize the real file type of the<br />
message attachment and use that while the<br />
attachment is processed. Specify whether<br />
you want to use Intelligent File Type<br />
Recognition or not.<br />
By default, the Intelligent File Type<br />
Recognition is enabled during the manual<br />
processing.<br />
Specify whether infected attachments<br />
should be disinfected or dropped.<br />
Disinfect - Try to disinfect the infected<br />
attachment. If the disinfection succeeds, the<br />
recipient receives the disinfected file instead<br />
of the original one. If the disinfection fails,<br />
the infected attachment is dropped, and it is<br />
not delivered to the recipient.<br />
Drop - Do not disinfect or deliver infected<br />
attachments. All infected attachments are<br />
dropped.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> disinfects infected files.<br />
Specify whether a virus warning message<br />
should be sent to the original writer of the<br />
note which had infected content.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send the warning<br />
message to the originator.
Stripping Attachments<br />
For more in<strong>for</strong>mation, see “Stripping Attachments”, 147.<br />
CHAPTER 5 173<br />
Centrally Managed Administration<br />
Warning Subject Specify the subject of the virus warning<br />
message. For more in<strong>for</strong>mation about the<br />
variables you can use in the subject line,<br />
see “Variables in Warning Messages”, 364.<br />
Warning Message Specify the text of the warning message.<br />
For more in<strong>for</strong>mation about the variables<br />
you can use in the text, see “Variables in<br />
Warning Messages”, 364.<br />
Quarantine Infected<br />
Attachments<br />
Specify whether infected attachments<br />
should be placed in the Quarantine or not.<br />
Yes - All infected and dropped attachments<br />
are placed in the Quarantine. For more<br />
in<strong>for</strong>mation, see “Quarantine”, 178.<br />
No - All infected and dropped files are<br />
deleted automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> places infected attachments in<br />
the Quarantine.<br />
Scan Message Body Specify whether the body of the message<br />
should be scanned <strong>for</strong> malicious code. As<br />
some viruses can be carried inside a<br />
message body, it is recommended to scan<br />
message bodies. Scanning message bodies<br />
can slow down the per<strong>for</strong>mance.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans message bodies.
174<br />
5.2.3 Scheduled Processing<br />
Displays all scheduled tasks and date and time when the next scheduled<br />
task occurs <strong>for</strong> the next time.<br />
Deactivate scheduled tasks in the list by clearing the checkbox in front of<br />
the task. Activate it again by checking the checkbox.<br />
Click Add to start the Scheduled Operation Wizard. To duplicate a task,<br />
select it from the list and click Copy. To edit a previously created task,<br />
click Edit. To remove the selected task from the list, click Clear Row.<br />
Click Clear Table to remove all tasks from the list.<br />
Force Row en<strong>for</strong>ces the current scheduled task to be active in all<br />
subdomains and hosts. Force Table en<strong>for</strong>ces all current scheduled tasks<br />
to be active in all subdomains and hosts. For more in<strong>for</strong>mation, see Policy<br />
Manager 5 Administrator’s Guide.<br />
For in<strong>for</strong>mation how to create scheduled operations, see “Creating<br />
Scheduled Operation”, 102.
5.2.4 Content Scanner Servers<br />
Figure 5-16 Content Scanner Server settings<br />
CHAPTER 5 175<br />
Centrally Managed Administration<br />
Primary Servers Specify all F-<strong>Secure</strong> Content Scanner<br />
Servers where F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> should send files to be<br />
processed. If you list more than one<br />
F-<strong>Secure</strong> Content Scanner Server, F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> uses load<br />
sharing between them.<br />
IMPORTANT: This setting must be defined<br />
as Final with the Restriction Editor be<strong>for</strong>e the<br />
policies are distributed. Otherwise the<br />
setting will not be changed in the product.
176<br />
Backup Servers Specify F-<strong>Secure</strong> Content Scanner Servers<br />
that act as backup servers from primary<br />
servers. If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> cannot contact primary F-<strong>Secure</strong><br />
Content Scanner Servers, it interacts with<br />
backup servers.<br />
IMPORTANT: This setting must be defined<br />
as Final with the Restriction Editor be<strong>for</strong>e the<br />
policies are distributed. Otherwise the<br />
setting will not be changed in the product.<br />
Local Interaction Mode This setting controls how F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> Agent interacts with a Content<br />
Scanner Server running on the same host.<br />
Max Size of Data<br />
Processed in Memory<br />
Enabled - Data are transferred via local<br />
temporary files and/or shared memory,<br />
which provides the best per<strong>for</strong>mance<br />
possible.<br />
Disabled - Data are transferred via data<br />
stream sockets.<br />
Usually, you do not need to change this<br />
setting. It is recommended to use the local<br />
interaction mode to obtain the optimum<br />
per<strong>for</strong>mance.<br />
Specifies the maximum size (in kilobytes) of<br />
data to be transferred to the server via<br />
shared memory in the local interaction<br />
mode. When the amount of data exceeds<br />
that, a local temporary file will be used <strong>for</strong><br />
data transfer.<br />
If the option is set to zero (0), all data<br />
transfers via shared memory are disabled.<br />
The setting is ignored if the local interaction<br />
mode is disabled.
CHAPTER 5 177<br />
Centrally Managed Administration<br />
Working Directory Specify the name and location of the working<br />
directory, where temporary files are placed.<br />
IMPORTANT: This setting must be defined<br />
as Final with the Restriction Editor be<strong>for</strong>e the<br />
policies are distributed. Otherwise the<br />
setting will not be changed in the product.<br />
During the installation, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> automatically adjusts<br />
the access rights so that only the operating<br />
system and the local administrator can<br />
access files in the Working directory. If you<br />
change this setting after the installation,<br />
make sure that the new folder has secure<br />
access permissions.<br />
Connection Timeout Specify the time interval (in seconds) how<br />
long F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> should wait <strong>for</strong> a response from<br />
F-<strong>Secure</strong> Content Scanner Server be<strong>for</strong>e it<br />
stops attempting to send or receive data.<br />
By default, the connection timeout is 900<br />
seconds (15 minutes).
178<br />
5.2.5 Quarantine<br />
Figure 5-17 Quarantine settings
CHAPTER 5 179<br />
Centrally Managed Administration<br />
Quarantine Storage Specify the path to the Quarantine storage<br />
where all quarantined mails and attachments<br />
are placed.<br />
Retain Items in<br />
Quarantine<br />
If you change the Quarantine Storage<br />
setting, select the Final checkbox in the<br />
Restriction Editor to override initial settings.<br />
During the installation, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> adjusts the access<br />
rights to the Quarantine Storage so that only<br />
the product, operating system and the local<br />
administrator can access it. If you change<br />
the Quarantine Storage setting, make sure<br />
that the new location has secure access<br />
permissions.<br />
Specify how long quarantined e-mails are<br />
stored in the Quarantine be<strong>for</strong>e they are<br />
deleted automatically.<br />
The setting defines the default retention<br />
period <strong>for</strong> all Quarantine categories. To<br />
change the retention period <strong>for</strong> different<br />
categories, configure Quarantine Cleanup<br />
Exceptions settings.<br />
Delete Old Items Every Specify how often old items are deleted from<br />
the Quarantine.<br />
Quarantine Cleanup<br />
Exceptions<br />
The setting defines the default cleanup<br />
interval <strong>for</strong> all Quarantine categories. To<br />
change the cleanup interval <strong>for</strong> different<br />
categories, configure Quarantine Cleanup<br />
Exceptions settings.<br />
Specify separate Quarantine retention<br />
periods and cleanup intervals <strong>for</strong> each<br />
Quarantine category.
180<br />
Quarantine Size<br />
Threshold<br />
Quarantined Items<br />
Threshold<br />
Notify When Quarantine<br />
Threshold is Reached<br />
Specify the minimum amount of free disk<br />
space (in megabytes) required on the disk<br />
where the Quarantine storage resides. If the<br />
specified value is reached, the product<br />
sends a warning alert.<br />
If the threshold is specified as zero (0), the<br />
amount of free disk space is not checked.<br />
Specify the critical number of items in the<br />
Quarantine. When the Quarantine holds the<br />
critical number of items, the product sends<br />
an alert to the administrator.<br />
If the threshold is specified as zero (0), the<br />
amount of items is not checked.<br />
Specify the level of the alert that is sent to<br />
administrator when threshold levels are<br />
reached.<br />
Quarantine Worms Specify if the product should quarantine<br />
mails infected with mass mail worms or<br />
viruses such as Netsky or Bagle.<br />
Quarantine Problematic<br />
Mails<br />
Released Quarantine<br />
Message Subject<br />
Released Quarantine<br />
Message Body<br />
Specify if mails that contain mal<strong>for</strong>med or<br />
broken attachments should be quarantined<br />
<strong>for</strong> later analysis or recovery.<br />
Specify the subject of the message released<br />
from the Quarantine.<br />
Specify the body of the message released<br />
from the Quarantine.<br />
The Released Quarantine Message is<br />
generated only <strong>for</strong> items which have been<br />
removed from the <strong>Microsoft</strong> <strong>Exchange</strong> store<br />
and it is sent automatically when the<br />
administrator releases the message to the<br />
intended recipient.
Automatically Process<br />
Unsafe Messages<br />
Max Attempts to Process<br />
Unsafe Messages<br />
Final Action on Unsafe<br />
Messages<br />
CHAPTER 5 181<br />
Centrally Managed Administration<br />
Specify how often the product tries to<br />
reprocess unsafe messages that are<br />
retained in the Quarantine. Set the value to<br />
Disabled to keep all unsafe to process<br />
unsafe messages manually.<br />
Specify how many times the product tries to<br />
reprocess unsafe messages that are<br />
retained in the Quarantine.<br />
Use the Final Action on Unsafe Messages<br />
setting to specify the action that takes place<br />
if the message is retained in the Quarantine<br />
after the maximum attempts.<br />
Specify the action to unsafe messages after<br />
the maximum number of reprocesses have<br />
been attempted.<br />
Leave in Quarantine - Leave messages in<br />
the Quarantine and process them manually.<br />
Release to Intended Recipients - Release<br />
messages from the Quarantine and send<br />
them to original recipients.<br />
Quarantine Log Directory Specify the path to the directory where<br />
Quarantine logfiles are placed.<br />
Rotate Quarantine Logs<br />
Every<br />
Keep Rotated Quarantine<br />
Logs<br />
Specify how often the product rotates<br />
Quarantine logfiles. At the end of each<br />
rotation time a new log is created.<br />
Specify how many rotated log flies should be<br />
kept.
182<br />
5.2.6 Reporting<br />
5.2.7 Advanced<br />
Figure 5-18 Reporting settings<br />
Notification sender<br />
address<br />
Figure 5-19 Advanced settings<br />
Specify the address used by F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> Agent <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> <strong>for</strong><br />
sending warning and in<strong>for</strong>mational<br />
messages to the end-users (<strong>for</strong> example,<br />
recipients, senders and mailbox owners).
New Mailbox Polling<br />
Interval<br />
New Folder Polling<br />
Interval<br />
Max Levels of Nested<br />
Messages<br />
CHAPTER 5 183<br />
Centrally Managed Administration<br />
Specify how often (in seconds) F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> should<br />
check <strong>for</strong> newly established mailboxes. You<br />
can disable the new mailbox polling by using<br />
the value 0 (zero).<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> polls new mailboxes every 1 hour.<br />
Specify how often (in seconds) F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> should<br />
check <strong>for</strong> newly established Public Folders.<br />
You can disable the new mailbox polling by<br />
using the value 0 (zero).<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> polls new folders every 1 hour.<br />
Specify how many levels deep to scan in<br />
nested e-mail messages. A nested e-mail<br />
message is a message that includes one or<br />
more e-mail messages as attachments. If<br />
zero (0) is specified, the maximum nesting<br />
level is not limited.<br />
Note: It is not recommended to set the<br />
maximum nesting level to unlimited as this<br />
will make the product more vulnerable to<br />
DoS (Denial-of-Service) attacks.
184<br />
Action on Mails with<br />
Exceeding Nesting<br />
Levels<br />
5.3 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Statistics<br />
To view statistics, open the Status tab from the Properties pane and open<br />
the Statistics subtree. It displays statistics <strong>for</strong> the host <strong>for</strong> each F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> installation. If a policy domain is<br />
selected, the Status view displays the number of hosts in the domain and<br />
which hosts are disconnected from F-<strong>Secure</strong> Policy Manager.<br />
Resetting Statistics<br />
Specify the action to take on inbound e-mail<br />
messages with nesting levels exceeding the<br />
upper level specified in the Max Levels of<br />
Nested Messages setting.<br />
Drop - E-mail messages with exceeding<br />
nesting levels are not delivered to the<br />
recipient(s).<br />
The nested messages are quarantined if the<br />
Quarantine Problematic Mails setting under<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> /<br />
Settings / Real-Time Processing /<br />
Quarantine is set to Yes.<br />
Pass Through - Nested e-mail messages will<br />
be scanned up to level specified in the Max<br />
Levels of Nested Messages setting and then<br />
delivered to the recipient(s).<br />
You can reset statistics by using controls under the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> / Operations branch.
5.3.1 Common<br />
CHAPTER 5 185<br />
Centrally Managed Administration<br />
To reset real-time scanning statistics, use the variables under F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> / Operations / Reset Statistics. Select<br />
Reset and click Start in the Editor pane. The Status above the button will<br />
display "Operation still in progress" until the program reports that statistics<br />
have been reset.<br />
Figure 5-20 Common statistics<br />
Version Displays the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> version number.<br />
Previous Reset of<br />
Statistics<br />
Displays the last date and time when the<br />
statistics were reset.<br />
MIB Version Displays the MIB version number.<br />
Installation Directory Displays the complete path where F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is<br />
installed.<br />
Build Displays the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> build number.<br />
Common Displays the product name and lists all<br />
installed hotfixes.
186<br />
5.3.2 Real-Time Processing<br />
Status Displays whether F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> is running (started),<br />
stopped, or whether the current status of the<br />
agent is unknown.<br />
Real-Time Processing Displays the number of mailboxes and<br />
Public Folders that are protected in<br />
real-time. For more in<strong>for</strong>mation, see<br />
“Real-Time Processing”, 186.<br />
Manual Processing Displays the statistics of the last manual<br />
scan and attachment stripping. For more<br />
in<strong>for</strong>mation, see “Manual Processing”, 189.<br />
Real-time processing statistics displays the number of mailboxes and<br />
Public Folders that are protected in real-time.<br />
Figure 5-21 Real-Time Processing statistics
CHAPTER 5 187<br />
Centrally Managed Administration<br />
Protected Mailboxes Displays the number of currently protected<br />
mailboxes.<br />
Protected Public Folders Displays the number of currently protected<br />
Public Folders.<br />
Total Number of<br />
Infections Found<br />
Number of Infections<br />
Found Within Outbreak<br />
Interval<br />
Displays the number of viruses F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has<br />
detected.<br />
Displays the number of viruses F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has<br />
detected within the last outbreak interval. For<br />
more in<strong>for</strong>mation, see “Outbreak<br />
Management”, 156.<br />
Inbound Mail Displays the real-time inbound mail<br />
processing statistics. See the following<br />
section <strong>for</strong> more in<strong>for</strong>mation.<br />
Outbound Mail Displays the real-time outbound mail<br />
processing statistics. See the following<br />
section <strong>for</strong> more in<strong>for</strong>mation.<br />
Public Folders Displays the real-time Public Folder<br />
processing statistics. See the following<br />
section <strong>for</strong> more in<strong>for</strong>mation.<br />
Last Infection Found Displays the name of the last virus that was<br />
found.<br />
Last Time Infection<br />
Found<br />
Displays the time when the last virus was<br />
found.
188<br />
Inbound, Outbound Mail and Public Folders<br />
Inbound, Outbound Mail and Public Folders Statistics display the statistics<br />
of processed, infected, and suspicious mail messages.<br />
Inbound Mail includes e-mail messages coming into <strong>Microsoft</strong><br />
<strong>Exchange</strong> In<strong>for</strong>mation Store from external sources such as SMTP<br />
connector, and internal mail flowing inside organization.<br />
Outbound Mail includes e-mail messages leaving <strong>Exchange</strong><br />
In<strong>for</strong>mation Store and going out via SMTP, NNTP or IMAP4.<br />
Public Folders statistics display statistics <strong>for</strong> processed Public<br />
Folder notes.<br />
Figure 5-22 Inbound Mail, Outbound Mail and Public Folders statistics<br />
Processed Messages Displays the total number of processed<br />
messages.<br />
Infected Messages Displays the total number of messages that<br />
have been infected with malicious code.<br />
Suspicious Messages Displays the number of messages that have<br />
not been scanned reliably. The message is<br />
considered to be suspicious if it is encrypted<br />
or it has been compressed with unknown<br />
algorithm, or there was a scanning problem<br />
when the message was being scanned.<br />
Stripped Attachments Displays the number attachments that have<br />
been stripped from messages.
5.3.3 Manual Processing<br />
Filtered Messages Displays the total number of inbound<br />
messages that contained disallowed<br />
keywords.<br />
CHAPTER 5 189<br />
Centrally Managed Administration<br />
Last Infection Found Displays the name of the last virus found.<br />
Last Time Infection<br />
Found<br />
Number of Spam<br />
Messages<br />
Manual processing statistics displays the statistics of the last manual<br />
scan and attachment stripping.<br />
Figure 5-23 Manual Processing statistics<br />
Displays the date and time when the last<br />
infection was found.<br />
Displays the total number of inbound<br />
messages found to be spam. (This setting<br />
exists under the Inbound Mail branch only.)<br />
Size of Spam Messages Displays the total size (in kilobytes) of the<br />
inbound mail messages considered spam.<br />
(This setting exists under the Inbound Mail<br />
branch only.)
190<br />
Total Amount of<br />
Mailboxes<br />
Displays the total number of mailboxes in the<br />
<strong>Exchange</strong> Store that F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> processes during the<br />
manual processing.<br />
Scanned Mailboxes Displays the number of mailboxes that have<br />
been scanned.<br />
Total Amount of Public<br />
Folders<br />
Displays the total number of Public Folders<br />
in the <strong>Exchange</strong> Store that F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> processes<br />
during the manual processing.<br />
Scanned Public Folders Displays the number of Public Folders that<br />
have been scanned.<br />
Estimated Time Left Displays the estimated time left to finish the<br />
manual processing.<br />
Elapsed Time Displays the time that has elapsed since the<br />
manual processing was started.<br />
Mailboxes Displays the manual mailbox processing<br />
statistics. See the following section <strong>for</strong> more<br />
in<strong>for</strong>mation.<br />
Public Folders Displays the manual Public Folders<br />
processing statistics. See the following<br />
section <strong>for</strong> more in<strong>for</strong>mation.
Manual Processing of Mailboxes and Public Folders<br />
CHAPTER 5 191<br />
Centrally Managed Administration<br />
Figure 5-24 Manual Processing / Mailboxes and Manual Processing / Public<br />
Folders statistics<br />
Previous Scanning Displays the date and time of the previous<br />
processing.<br />
Processed Messages Displays the total number of processed<br />
messages.<br />
Infected Messages Displays the total number of messages that<br />
have been infected with malicious code.<br />
Suspicious Messages Displays the number of messages that have<br />
not been scanned reliably. The message is<br />
considered to be suspicious if it is encrypted<br />
or it has been compressed with an unknown<br />
algorithm, or there was a scanning problem<br />
when the message was being scanned.<br />
Stripped Attachments Displays the number attachments that have<br />
been stripped from messages.<br />
Last Infection Found Displays the name of the last virus found.<br />
Last Time Infection<br />
Found<br />
Displays the date and time when the last<br />
infection was found.
192<br />
5.3.4 Quarantine<br />
Currently Processed<br />
Mailbox<br />
Currently Processed<br />
Public Folder<br />
Displays the name of the mailbox that was<br />
the last one to be processed during manual<br />
scan. (This setting exists under the<br />
Mailboxes branch only.)<br />
Displays the name of the public folder that<br />
was the last one to be processed during<br />
manual scan. (This setting exists under the<br />
Public Folders branch only.)<br />
Quarantine statistics displays the details of the items in Quarantine and<br />
statistics by Quarantine categories.<br />
Total Number of<br />
Quarantined Items<br />
Total Size of<br />
Quarantine Storage<br />
Displays the total number of items in the<br />
Quarantine.<br />
E-mail messages and infected, suspicious and<br />
disallowed attachments are stored as separate<br />
items in the Quarantine storage. For example, if<br />
a message has 3 attachments and only one<br />
attachment is infected, 2 items will be created in<br />
the Quarantine storage, and both items have the<br />
same Quarantine ID in the Quarantine database.<br />
Displays the total size (in megabytes) of the<br />
Quarantine storage.<br />
Statistics by Category Displays the number and total size of<br />
quarantined messages by category.
5.4 F-<strong>Secure</strong> Content Scanner Server Settings<br />
CHAPTER 5 193<br />
Centrally Managed Administration<br />
Use the variables under the F-<strong>Secure</strong> Content Scanner Server / Settings<br />
branch to define the settings <strong>for</strong> content providers and to change the<br />
general content scanning options.<br />
Figure 5-25 F-<strong>Secure</strong> Content Scanner Server Settings categories<br />
Interface Specify how the server will interact with<br />
clients.<br />
<strong>Virus</strong> Scanning Specify the scanning engines to be used<br />
when F-<strong>Secure</strong> Content Scanner Server<br />
scans files <strong>for</strong> viruses, and the files that<br />
should be scanned. For more in<strong>for</strong>mation,<br />
see “<strong>Virus</strong> Scanning”, 196.<br />
<strong>Virus</strong> Statistics Specify the settings <strong>for</strong> the list of Most Active<br />
<strong>Virus</strong>es. <strong>for</strong> more in<strong>for</strong>mation, see “<strong>Virus</strong><br />
Statistics”, 199.<br />
Database Updates Specify how you want to keep the virus<br />
definition databases up-to-date. For more<br />
in<strong>for</strong>mation, see “Database Updates”, 201.<br />
Spam Filtering Specify the number of Spam Scanner<br />
instances to be created and used <strong>for</strong> spam<br />
analysis. For more in<strong>for</strong>mation, see “Spam<br />
Filtering”, 202.
194<br />
Threat Detection Engine Configure the virus outbreak and spam<br />
threat detection. For more in<strong>for</strong>mation, see<br />
“Threat Detection Engine”, 204.<br />
Proxy Configuration Specify proxy server parameters that<br />
Content Scanner Server uses when it<br />
connects to the threat detection center. For<br />
more in<strong>for</strong>mation, see “Proxy Configuration”,<br />
205.<br />
Advanced Specify the location and the minimum size of<br />
the Working directory. For more in<strong>for</strong>mation,<br />
see “Advanced”, 206
5.4.1 Interface<br />
Specify how the server will interact with clients.<br />
Figure 5-26 Interface settings<br />
CHAPTER 5 195<br />
Centrally Managed Administration<br />
IP Address Specifies the service listen address in case<br />
of multiple network interface cards or<br />
multiple IP addresses. If you do not assign<br />
an IP address (0.0.0.0), the server responds<br />
to all IP addresses assigned to the host.<br />
TCP Port Specifies the TCP port that the server listens<br />
<strong>for</strong> incoming requests. The default port<br />
number is 18971. If you change this port<br />
number, you must modify the connection<br />
settings of the client accordingly, so that the<br />
client sends requests to the same port.<br />
Accept Connections Specifies a comma-separated list of IP<br />
addresses the server accepts incoming<br />
requests from. If the list is empty, the server<br />
accepts connections from any host.
196<br />
5.4.2 <strong>Virus</strong> Scanning<br />
Max Connections Specifies the maximum number of<br />
simultaneous connections the server can<br />
accept. Value zero (0) means no limit.<br />
Max Connections Per<br />
Host<br />
Specifies the maximum number of<br />
simultaneous connections the server can<br />
accept from a particular host. Value zero (0)<br />
means no limit.<br />
Send Content Timeout Specifies how long the server should wait<br />
be<strong>for</strong>e it timeouts on sending data to the<br />
client.<br />
Receive Content Timeout Specifies how long the server should wait<br />
be<strong>for</strong>e it timeouts when receiving data from<br />
the client.<br />
Keep Alive Timeout Specifies the length of time be<strong>for</strong>e the server<br />
closes an inactive/idle connection. This<br />
ensures that all connections are closed if the<br />
protocol fails to close a connection.<br />
Select the scanning engines to be used and the files that should be<br />
excluded from the Scan Engines table.
Figure 5-27 <strong>Virus</strong> Scanning settings<br />
CHAPTER 5 197<br />
Centrally Managed Administration<br />
Scan Engines Scan engines can be enabled or disabled. If<br />
you want to disable the scanning just <strong>for</strong><br />
certain files, enter the appropriate file<br />
extensions to Excluded extensions field and<br />
separate each extension with a space. The<br />
Excluded extensions field supports * and ?<br />
wildcards.<br />
Scan Inside Archives Specify whether files inside compressed<br />
archive files should be scanned <strong>for</strong> viruses, if<br />
they are not excluded from scanning.<br />
Scanning inside archives takes time.<br />
Disabling scanning inside archives improves<br />
per<strong>for</strong>mance, but it also means that the<br />
network users need to use up-to-date virus<br />
protection on their workstations.
198<br />
Max Levels in Nested<br />
Archives<br />
Suspect Max Nested<br />
Archives<br />
Suspect Password<br />
Protected Archives<br />
Acceptable Unpacked<br />
Size Threshold<br />
If Scan Inside Archives is enabled, F-<strong>Secure</strong><br />
Content Scanner Server can scan files<br />
inside archives that may exist inside of other<br />
archives. Furthermore, these nested<br />
archives can contain other archives.<br />
Specify the number of levels F-<strong>Secure</strong><br />
Content Scanner Server goes through<br />
be<strong>for</strong>e the action selected in Suspect Max<br />
Nested Archives takes place. The default<br />
setting is 3.<br />
Increasing the value increases the load on<br />
the system and thus decreases the overall<br />
system per<strong>for</strong>mance. This means that the<br />
system becomes more vulnerable <strong>for</strong> denial<br />
of service attacks.<br />
If the amount of nested archives exceeds the<br />
value specified in the Max Levels in Nested<br />
Archives, the file is stopped if Treat as<br />
Unsafe is selected. If Treat as Safe is<br />
selected, the archive file is sent to the user.<br />
Compressed archive files can be protected<br />
with passwords. These archives can be<br />
opened only with a valid password, so<br />
F-<strong>Secure</strong> Content Scanner Server cannot<br />
scan their content. Password protected<br />
archives can be stopped by selecting Treat<br />
as Unsafe. If Treat as Safe is selected,<br />
password protected archives are delivered to<br />
recipient.<br />
Specify the acceptable unpacked size (in<br />
kilobytes) <strong>for</strong> archive files. If the unpacked<br />
size of an archive file exceeds this threshold,<br />
the server will consider the archive<br />
suspicious and corresponding action will be<br />
taken.
5.4.3 <strong>Virus</strong> Statistics<br />
Scan Extensions Inside<br />
Archives<br />
Extensions Allowed in<br />
Password Protected<br />
Archives<br />
CHAPTER 5 199<br />
Centrally Managed Administration<br />
Enter all the extensions you want to scan<br />
inside archives.<br />
Define a space-separated list of the file<br />
extensions allowed in password protected<br />
archives. Wildcards (*, ?) can be used.<br />
Example: "DO? *ML".<br />
Max Scan Timeout Specify the maximum time that one scanning<br />
task can last. The Max Scan Timeout is 10<br />
minutes by default.<br />
Select the number of most active viruses and the number of days to be<br />
displayed on the Top 10 virus list.
200<br />
Figure 5-28 <strong>Virus</strong> Statistics settings<br />
Time Period Specify the time period <strong>for</strong> the most active<br />
viruses list. The product shows statistics<br />
about most active viruses detected during<br />
the specified time period. The possible value<br />
range is from 1 hour to 90 days.<br />
<strong>Virus</strong>es to Show Specify the number of most active viruses to<br />
be displayed <strong>for</strong> the time period specified in<br />
the 'Time Period' setting. The possible<br />
values are Top 5, Top 10 and Top 30.<br />
Send Statistics to<br />
F-<strong>Secure</strong> World Map<br />
The product can collect and send statistics<br />
about viruses and other malware to the<br />
F-<strong>Secure</strong> World Map service.<br />
When the F-<strong>Secure</strong> World Map support is<br />
enabled, the product sends encrypted e-mail<br />
reports periodically to the service. These<br />
reports list only the name and the amount of<br />
found malware and they do not contain any<br />
sensitive in<strong>for</strong>mation such as IP or e-mail<br />
addresses or user names.<br />
You can also <strong>for</strong>ward unencrypted reports to<br />
a configurable e-mail address and use the<br />
same statistics <strong>for</strong> your own internal<br />
purposes.
5.4.4 Database Updates<br />
Figure 5-29 Database Updates settings<br />
CHAPTER 5 201<br />
Centrally Managed Administration<br />
Mail Server Address Specify the IP address of mail transfer agent<br />
where you want to send the unencrypted<br />
report.<br />
Mail Server Port Specify the port of the mail transfer agent.<br />
E-mail Addresses <strong>for</strong><br />
Unencrypted Reports<br />
Verify Integrity of<br />
Downloaded Databases<br />
Specify e-mail addresses where the<br />
unencrypted report is sent.<br />
Specify whether the product should verify<br />
that the downloaded virus definition<br />
databases are the original databases<br />
published by F-<strong>Secure</strong> Corporation and that<br />
they have not been altered or corrupted in<br />
any way be<strong>for</strong>e taking them to use.
202<br />
5.4.5 Spam Filtering<br />
Notify When Databases<br />
Become Old<br />
Notify When Databases<br />
Older Than<br />
Figure 5-30 Spam Filtering settings<br />
Specify whether F-<strong>Secure</strong> Content Scanner<br />
Server should notify the administrator if virus<br />
definition databases have not been updated<br />
recently.<br />
Specify the time (in days) how old virus<br />
definition databases can be be<strong>for</strong>e F-<strong>Secure</strong><br />
Content Scanner Server sends the<br />
notification to the administrator.
CHAPTER 5 203<br />
Centrally Managed Administration<br />
The number of spam scanner instances can be configured in F-<strong>Secure</strong><br />
Content Scanner Server / Settings / Spam Filtering.<br />
Number of spam scanner<br />
instances<br />
Specify the number of Spam Scanner<br />
instances to be created and used <strong>for</strong> spam<br />
analysis. As one instance of the spam<br />
scanner is capable of processing one mail<br />
message at a time, this setting defines how<br />
many messages will undergo spam analysis<br />
simultaneously. The default value is 3.<br />
You might need to modify this setting if you<br />
enable Realtime Blackhole Lists (DNSBL/<br />
RBL) <strong>for</strong> spam filtering. For more<br />
in<strong>for</strong>mation, see “Enabling Realtime<br />
Blackhole Lists”, 238 and “Optimizing<br />
F-<strong>Secure</strong> Spam Control Per<strong>for</strong>mance”, 240.<br />
The server must be restarted after this<br />
setting has been changed.<br />
IMPORTANT: Spam analysis is a<br />
processor-intensive operation and each<br />
spam scanner instance takes approximately<br />
25MB of memory (process fsavsd.exe). Do<br />
not increase the number of instances unless<br />
the product is running on a powerful<br />
computer.
204<br />
5.4.6 Threat Detection Engine<br />
Figure 5-31 Threat Detection Engine settings<br />
The virus outbreak and spam threat detection can be configured in<br />
F-<strong>Secure</strong> Content Scanner Server / Settings / Threat Detection Engine.<br />
VOD Cache Size Specify the maximum number of patterns to<br />
cache <strong>for</strong> the virus outbreak detection service.<br />
By default, the cache size is 10000 cached<br />
patterns.<br />
Class Cache Size Specify the maximum number of patterns to<br />
cache <strong>for</strong> spam detection service. By default, the<br />
cache size is 10000 cached patterns.<br />
Action on Connection<br />
Failure<br />
Increasing cache sizes may increase the threat<br />
detection per<strong>for</strong>mance but it requires more disk<br />
space and may degrade the threat detection<br />
rate. Cache sizes can be disabled (set the size<br />
to 0) <strong>for</strong> troubleshooting purposes.<br />
Specify the action <strong>for</strong> messages when the threat<br />
detection center cannot be contacted and the<br />
threat detection engine cannot classify the<br />
message.<br />
Pass through - The message is passed through<br />
without scanning it <strong>for</strong> spam.
5.4.7 Proxy Configuration<br />
Figure 5-32 Proxy configuration<br />
CHAPTER 5 205<br />
Centrally Managed Administration<br />
Heuristic Scanning - F-<strong>Secure</strong> Content Scanner<br />
Server checks the message using spam<br />
heuristics.<br />
Trusted Networks Specify networks and hosts in the mail relay<br />
network which can be trusted not to be operated<br />
by spammers and do not have open relays or<br />
open proxies.<br />
Define the network as a network/netmask pair<br />
(10.1.0.0/255.255.0.0), with the network/nnn<br />
CIDR specification (10.1.0.0/16), or use ‘*’<br />
wildcard to match any number and ‘-’ to define a<br />
range of numbers (172.16.*.1, 172.16.4.10-110).
206<br />
5.4.8 Advanced<br />
Specify proxy server parameters that Content Scanner Server uses when<br />
it connects to the threat detection center.<br />
Use Proxy Server Specify whether F-<strong>Secure</strong> Content Scanner<br />
Server uses a proxy server when it connects to<br />
the threat detection center.<br />
Proxy Server Address Specify the address of the proxy server.<br />
Proxy Server Port Specify the port number of the proxy server.<br />
Figure 5-33 Advanced settings
CHAPTER 5 207<br />
Centrally Managed Administration<br />
Working Directory Specify where temporary files are stored.<br />
The Working directory should be on a local<br />
hard disk <strong>for</strong> the best per<strong>for</strong>mance. Make<br />
sure that there is enough free disk space <strong>for</strong><br />
temporary files.<br />
Working Directory Clean<br />
Interval<br />
IMPORTANT: This setting must be defined<br />
as Final with the Restriction Editor be<strong>for</strong>e the<br />
policies are distributed. Otherwise the<br />
setting will not be changed in the product.<br />
During the setup, access rights are adjusted<br />
so that only the operating system and the<br />
local administrator can access files in the<br />
Working directory. If you make changes to<br />
Working Directory settings, make sure that<br />
the new directory has the same rights.<br />
Specify the time after which the inactive<br />
temporary files in the Working directory are<br />
deleted. The default clean interval is 15<br />
minutes.<br />
Free Space Threshold Specify when F-<strong>Secure</strong> Content Scanner<br />
Server should send a low disk space alert to<br />
the administrator. The default setting is 100<br />
megabytes.<br />
Max Number of<br />
Concurrent Transactions<br />
Specifies the maximum number of<br />
transactions the server processes<br />
simultaneously.
208<br />
5.5 F-<strong>Secure</strong> Content Scanner Server Statistics<br />
5.5.1 Server<br />
Figure 5-34 F-<strong>Secure</strong> Content Scanner Server Statistics<br />
The Statistics branch in the F-<strong>Secure</strong> Content Scanner Server tree<br />
displays the version of F-<strong>Secure</strong> Content Scanner Server that is currently<br />
installed on the selected host, the MIB version and the location of<br />
F-<strong>Secure</strong> Content Scanner Server installation directory.<br />
The Server branch contains the following in<strong>for</strong>mation:<br />
Version The version of the F-<strong>Secure</strong> Content<br />
Scanner Server daemon.<br />
Status The status of F-<strong>Secure</strong> Content Scanner<br />
Server, whether it has been started and it is<br />
running or it is stopped.<br />
Start Time The date and time when the server was<br />
started.<br />
Previous Reset of<br />
Statistics<br />
Number of Active<br />
Processors<br />
The date and time of the last reset of<br />
statistics.<br />
The number of currently active processors.
5.5.2 Scan Engines<br />
The Scan Engines table displays the scan engine statistics and<br />
in<strong>for</strong>mation.<br />
CHAPTER 5 209<br />
Centrally Managed Administration<br />
Number of Scanned Files The number of files that have been scanned.<br />
Last Database Update The last date and time when virus definition<br />
database was updated.<br />
Last Infection Found The name of the last infection that was<br />
encountered.<br />
Last Time Infection<br />
Found<br />
The date and time when the last infection<br />
was found.<br />
Name The name of the scan engine.<br />
Version The version number of the scan engine.<br />
Status The status of the scan engine, whether it has<br />
been loaded and enabled, is loaded but<br />
disabled, has not been loaded at all, or is<br />
malfunctioning.<br />
Last Database Update The last date and time when virus definition<br />
database was taken into use <strong>for</strong> this scan<br />
engine.<br />
Database Date The date the virus signature database <strong>for</strong><br />
this scan engine was created.<br />
Last Infection Found Displays the last infection found by this scan<br />
engine.<br />
Last Time Infection<br />
Found<br />
Displays the date and time of the last<br />
infection found by this scan engine.
210<br />
5.5.3 Common<br />
5.5.4 Spam Control<br />
Processed Files Displays the number of files processed by<br />
this scan engine.<br />
Infected Files Displays the number of infected files found<br />
by this scan engine.<br />
Disinfected Files Displays the number of files successfully<br />
disinfected by this scan engine.<br />
The Common statistics branch displays the list of installed product<br />
hotfixes.<br />
The Spam Control branch displays the following in<strong>for</strong>mation:<br />
Spam Scanner Version Displays the version and build number of the<br />
Spam Scanner.<br />
Status Displays the status of the Spam Scanner.<br />
Previous Reset of<br />
Statistics<br />
Displays when the Spam Scanner statistics<br />
were reset last time.<br />
Database Version Displays the version of the database<br />
currently used by the Spam Scanner.<br />
Last Database Update Displays the date and time when the Spam<br />
Scanner database was last updated.
5.5.5 <strong>Virus</strong> Statistics<br />
Number of Processed<br />
Messages<br />
The <strong>Virus</strong> Statistics branch displays the following in<strong>for</strong>mation:<br />
Figure 5-35 F-<strong>Secure</strong> Content Scanner Server Statistics / <strong>Virus</strong> Statistics<br />
CHAPTER 5 211<br />
Centrally Managed Administration<br />
Displays the total number of e-mail<br />
messages that have been analyzed <strong>for</strong><br />
spam.<br />
Total Spam Statistics These statistics show how many mail<br />
messages have been identified with each<br />
spam confidence level rating.<br />
Last Updated Displays the date and time when the virus<br />
statistics were updated last time.<br />
Most Active <strong>Virus</strong>es Displays the list of most active viruses.
212<br />
5.6 F-<strong>Secure</strong> Automatic Update Agent Settings<br />
Figure 5-36 F-<strong>Secure</strong> Automatic Update Agent Communications settings<br />
To edit F-<strong>Secure</strong> Automatic Update Agent Settings, go to F-<strong>Secure</strong><br />
Automatic Update Agent > Settings > Communications.<br />
Automatic updates Enable and disable the automatic virus definition<br />
updates. By default, automatic updates are<br />
enabled.<br />
Internet connection<br />
checking<br />
Specify whether the product should check <strong>for</strong> a<br />
usable Internet connection be<strong>for</strong>e trying to<br />
connect to the Update Server.<br />
HTTP settings Configure HTTP proxy settings. If you use HTTP<br />
proxy, all connections to the Update Server or<br />
F-<strong>Secure</strong> Policy Manager Proxy go through the<br />
proxy. If the HTTP proxy cannot be reached, the<br />
product connects directly to the Update Server.<br />
Use download<br />
schedule<br />
Specify whether you want to limit automatic<br />
updates to certain time periods.<br />
PM Proxies Policy Manager Proxy can be used to reduce the<br />
load on the server by caching Policy Manager<br />
content in the proxy.
Intermediate Server<br />
failover time<br />
Intermediate Server<br />
polling interval<br />
Allow fetching<br />
updates from<br />
F-<strong>Secure</strong> Update<br />
Server<br />
CHAPTER 5 213<br />
Centrally Managed Administration<br />
You can set Policy Manager Proxies in priority<br />
order. Updates are downloaded from the primary<br />
sources first, secondary update sources can be<br />
used as a backup.<br />
The product connects to the Update Server<br />
through any configured Policy Manager Proxies.<br />
If the product cannot connect to Policy Manger<br />
Proxy, it connects directly to the Update Server<br />
Define the failover time to connect to specified<br />
update servers.<br />
If the product cannot connect to update servers<br />
during the specified time, it retrieves the latest<br />
virus definition updates from F-<strong>Secure</strong> Update<br />
Server if Allow fetching updates from F-<strong>Secure</strong><br />
Update Server is enabled.<br />
Define how often the product checks the virus<br />
definition database update sources <strong>for</strong> new<br />
updates.<br />
Enable the product to download virus definition<br />
updates from F-<strong>Secure</strong> Update Server when it<br />
cannot connect to specified update servers.
214<br />
5.7 F-<strong>Secure</strong> Management Agent Settings<br />
Communications<br />
If the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is working in centrally<br />
administered mode, you have to make sure F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> sends and receives data from F-<strong>Secure</strong> Policy<br />
Manager Server. To do this, change communications settings from<br />
F-<strong>Secure</strong> Management Agent.<br />
For detailed in<strong>for</strong>mation on F-<strong>Secure</strong> Management Agent, see the<br />
F-<strong>Secure</strong> Policy Manager Administrator's Guide.<br />
Host Configuration Mode Shows whether the host is stand-alone or<br />
centrally administered.<br />
Active Protocol Sets the active protocol.<br />
Protocols A subdirectory containing the settings <strong>for</strong> the<br />
File Sharing and the HTTP protocol. These<br />
settings should be carefully checked be<strong>for</strong>e<br />
distribution. Errors can result in problems<br />
with communicating with the hosts.<br />
Slow Connection<br />
Definition<br />
This setting can be used to disallow<br />
F-<strong>Secure</strong> Management Agent from<br />
downloading large remote installation<br />
packages over slow network connections.<br />
F-<strong>Secure</strong> Management Agent measures the<br />
speed of the network link to F-<strong>Secure</strong> Policy<br />
Manager Server and stops the download if<br />
the minimum speed specified by this setting<br />
is not met.
HTTP<br />
Management Server<br />
Address<br />
Incoming Packages<br />
Polling Interval<br />
Outgoing Packages<br />
Update Interval<br />
CHAPTER 5 215<br />
Centrally Managed Administration<br />
URL of the F-<strong>Secure</strong> Policy Manager Server.<br />
The URL should not have a slash at the end.<br />
For example:<br />
“http://fsms.example.com”.<br />
Defines how often the host tries to fetch<br />
incoming packages (such as Base Policy<br />
files or new virus signature databases) from<br />
the F-<strong>Secure</strong> Policy Manager Server.<br />
Defines how often the host tries to transmit<br />
to the administrator in<strong>for</strong>mation that is<br />
periodically updated (such as statistics).<br />
Spool Time Limit The maximum time the host will store the<br />
in<strong>for</strong>mation it is unable to transmit.
6<br />
ADMINISTRATION WITH<br />
WEB CONSOLE<br />
Overview................................................................................... 217<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Settings .............. 218<br />
F-<strong>Secure</strong> Content Scanner Server Settings ............................. 275<br />
F-<strong>Secure</strong> Automatic Update Agent Settings............................. 298<br />
F-<strong>Secure</strong> Management Agent Settings .................................... 304<br />
216
6.1 Overview<br />
CHAPTER 6 217<br />
Administration with Web Console<br />
This section describes how to use Web Console to administer F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
If F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is installed in the<br />
stand-alone mode, it can be administered with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console. The Web Console is installed with<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
To open the Web Console, double-click the F-<strong>Secure</strong> Settings and<br />
Statistics icon in the Windows system tray and double-click F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>, or select it from the Start menu ><br />
Programs > F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.
218<br />
6.2 F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Settings<br />
6.2.1 Summary<br />
You can use the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console to start and stop F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>,<br />
modify its settings, edit scheduled tasks and start manual processing.<br />
The Summary page displays the current status of the product and a<br />
summary of the most important product statistics.<br />
Figure 6-1 Summary page
CHAPTER 6 219<br />
Administration with Web Console<br />
Status<br />
Status The current status of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> is Started when it is<br />
Running and Stopped when it has been stopped<br />
or disabled.<br />
Version The version and the build number of installed<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Protected mailboxes Displays the number of currently protected<br />
mailboxes.<br />
Protected public<br />
folders<br />
Displays the number of currently protected<br />
Public Folders.<br />
Infections found Displays the number of infections found.<br />
Infections found within<br />
outbreak interval<br />
Last time infection<br />
found<br />
Displays the number of infections that have<br />
been found within the currently defined<br />
outbreak interval.<br />
Displays the date and time when the last<br />
infection was found.<br />
Last infection found Displays the name of the last infection that was<br />
found.<br />
Click Start to start the product and Stop to stop it.<br />
Click Reset Statistics to reset the statistics displayed on this page.
220<br />
6.2.2 <strong>Virus</strong> Scanning<br />
<strong>Virus</strong> Scanning settings are used to specify how inbound and outbound<br />
messages and Public Folder notes that are sent to F-<strong>Secure</strong> Content<br />
Scanner Server are to be checked <strong>for</strong> malicious code.<br />
Figure 6-2 <strong>Virus</strong> Scanning / Statistics page<br />
Statistics<br />
Infections found Displays the total number of infections found.<br />
Infections found within<br />
outbreak interval<br />
Last time infection<br />
found<br />
Displays the number of infections that have<br />
been found during the currently defined outbreak<br />
interval.<br />
Displays the date and time when the last<br />
infection was found.
CHAPTER 6 221<br />
Administration with Web Console<br />
Last infection found Displays the name of the last infection that was<br />
found.<br />
Processed Displays the number of processed message<br />
bodies and attachments.<br />
Infected Displays the number of attachments that have<br />
been infected with malicious code.<br />
Suspicious Displays the number of stripped messages and<br />
messages that have not been scanned reliably.<br />
The message is considered to be suspicious if it<br />
is encrypted or it has been compressed with an<br />
unknown algorithm, or there was a scanning<br />
problem when the message was being scanned.
222<br />
Common<br />
Edit the <strong>Virus</strong> Scanning / Common settings to specify which messages<br />
should be scanned <strong>for</strong> malicious code.<br />
Note that you may have to scroll the page to view all the settings.<br />
Figure 6-3 <strong>Virus</strong> Scanning / Common settings
Scan mail and public folders <strong>for</strong> viruses<br />
Scan mail and public<br />
folders <strong>for</strong> viruses<br />
Scan mail message<br />
body<br />
CHAPTER 6 223<br />
Administration with Web Console<br />
Specify which message attachments are<br />
checked <strong>for</strong> viruses.<br />
Do not scan - Do not scan any attachments<br />
Scan all - Scan all message attachments<br />
Scan all attachments with these extensions -<br />
Scan all attachments with specified filename<br />
extensions.<br />
Scan all attachments except with these<br />
extensions - Scan all attachments except those<br />
with specified filename extensions.<br />
You can add new file types on the extensions<br />
lists by typing the file extensions in the file<br />
extensions text boxes. Separate the extensions<br />
by spaces.<br />
Specify whether the body of the e-mail message<br />
should be scanned <strong>for</strong> malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans message bodies.<br />
Although scanning message bodies can slow<br />
down the per<strong>for</strong>mance, it is recommended as a<br />
virus can be carried inside a message body.<br />
Scan OLE objects Specify whether linked and embedded OLE<br />
objects in messages should be scanned <strong>for</strong><br />
malicious code.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> scans OLE objects.
224<br />
Enable File Type<br />
Recognition<br />
Max level of nested<br />
messages<br />
Action<br />
Action on infected<br />
attachments<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
By default, Intelligent File Type Recognition is<br />
disabled during the real-time processing.<br />
Intelligent File Type Recognition strengthens the<br />
security - you can block unsafe content that has<br />
a safe filename extension (<strong>for</strong> example, a<br />
<strong>Microsoft</strong> Word document using the ‘rtf’ filename<br />
extension) and you do not accidentally block<br />
safe content that has unsafe filename extension<br />
(<strong>for</strong> example, a text file using the ‘doc’ filename<br />
extension). Intelligent File Type Recognition can<br />
degrade the system per<strong>for</strong>mance.<br />
Set the maximum number of levels of messages<br />
inside messages that F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> should scan.<br />
If the number of levels exceeds the specified<br />
limit, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
per<strong>for</strong>ms the action specified in the Action on<br />
messages with exceeding nesting levels setting.<br />
Specify whether infected attachments should be<br />
disinfected or dropped.<br />
Disinfect attachment - Try to disinfect the<br />
infected attachment. If the disinfection<br />
succeeds, the recipient receives the disinfected<br />
file instead of the original one. If the disinfection<br />
fails, the infected attachment is dropped, and it<br />
is not delivered to the recipient.
Action on messages<br />
with exceeding nesting<br />
levels<br />
Quarantine infected<br />
attachments<br />
<strong>Virus</strong> in<strong>for</strong>mational text<br />
file<br />
Reporting<br />
Notification sender<br />
address<br />
CHAPTER 6 225<br />
Administration with Web Console<br />
Drop attachment - Do not disinfect or deliver<br />
infected attachments. All infected attachments<br />
are dropped.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> tries to disinfect infected attachments.<br />
Specify the action to take on e-mail messages<br />
with nesting levels exceeding the upper level<br />
specified in the Max Levels of Nested Messages<br />
setting.<br />
Drop - E-mail messages with exceeding nesting<br />
levels are not delivered to the recipient(s). The<br />
nested messages are quarantined if the<br />
Quarantine Problematic Mails setting on the<br />
General / Quarantine page is set to Yes.<br />
Pass Through - Nested e-mail messages will be<br />
scanned up to level specified in the Max Levels<br />
of Nested Messages setting and then delivered<br />
to the recipient(s).<br />
Specify whether infected attachments should be<br />
placed in the Quarantine or not. For more<br />
in<strong>for</strong>mation, see “Quarantine”, 257.<br />
Edit the in<strong>for</strong>mational text file that replaces the<br />
infected attachment if it is dropped.<br />
Define the SMTP address to use when sending<br />
notifications to end-users. The SMTP address<br />
should be a valid, existing address that is<br />
allowed to send messages.
226<br />
Inbound Mail<br />
Edit <strong>Virus</strong> Scanning / Inbound Mail settings to define whether the whole<br />
message should be stopped if an infection is found and to specify the<br />
trusted mailboxes and the warning messages <strong>for</strong> infected, inbound mails.<br />
These settings are specific to the mails that are destined to the internal<br />
domains defined under the General / Internal Domains branch. For more<br />
in<strong>for</strong>mation, see “Internal Domains”, 273.<br />
Figure 6-4 Real-Time Scanning / Inbound Mail settings
Processing options<br />
Stop the whole<br />
message if infection<br />
found<br />
CHAPTER 6 227<br />
Administration with Web Console<br />
Specify whether F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> should stop inbound<br />
messages that contain malicious code.<br />
When this setting is enabled, inbound messages<br />
with infected attachment(s) will be stopped<br />
completely.<br />
When this setting is disabled, infected<br />
attachments will be disinfected automatically or<br />
dropped from inbound messages.<br />
In both cases, a warning message will be sent to<br />
the sender if the Send Warning Message to<br />
Sender setting enabled.<br />
When this setting is enabled, all messages are<br />
scanned when they enter the system. The clean<br />
messages will be delivered to the mailbox<br />
server, where they will be scanned again. On the<br />
other hand, enabling this setting reduces internal<br />
network traffic, because infected messages are<br />
stopped be<strong>for</strong>e they enter the system.<br />
Trusted mailboxes<br />
Trusted mailboxes Define users’ mailboxes that should be excluded<br />
from real-time virus scanning.<br />
Trusted mailbox feature works only <strong>for</strong><br />
messages that are sent directly to an address<br />
defined as trusted mailbox. If the message has<br />
multiple recipients, and some of them are<br />
defined on the Trusted mailboxes list but some<br />
are not, the message will be scanned.
228<br />
Editing Trusted Mailboxes List<br />
Click Specify to open a dialog box where you can add new trusted<br />
mailboxes, or remove trusted mailboxes from the list.<br />
To add new mailbox to the list, click Add. Select mailboxes from<br />
the list and click OK.<br />
To delete a address from the list, click on column to select<br />
mailboxes that you want to delete. Click Clear to delete the<br />
currently marked mailboxes from the trusted mailboxes list.<br />
It is not safe to use trusted mailboxes. You should not send or copy<br />
messages from trusted mailboxes to other mailboxes. Keep all<br />
trusted mailboxes on a separate message store, as messages are<br />
scanned always when they are sent to another store.<br />
Notification message options<br />
Add warning message<br />
to the original message<br />
Send warning<br />
message to sender<br />
Specify whether a virus warning message<br />
should be added to the mail message which had<br />
infected content and which goes to the original<br />
message recipient. If you want to add the<br />
warning message, the original message is<br />
embedded in the virus warning message without<br />
the infected attachment.<br />
Click Edit to edit the warning message that is<br />
added to the mail message.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not add the virus warning<br />
message.<br />
Specify whether a virus warning message<br />
should be sent to the sender of the mail<br />
message which had infected content. If you want<br />
to add the warning message, the original<br />
message is embedded in the virus warning<br />
message without the infected attachment.
CHAPTER 6 229<br />
Administration with Web Console<br />
Click Edit to Edit the warning message that is<br />
sent to the sender of the mail message which<br />
had infected content.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send the virus warning<br />
message to the sender.<br />
The virus warning message will be sent to the<br />
sender of the infected message only if the<br />
sender belongs to the internal domain. F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> does not send<br />
the warning message outside the company<br />
domain.
230<br />
Outbound Mail<br />
Edit <strong>Virus</strong> Scanning / Outbound Mail real-time processing settings to<br />
define what should be done to infected outbound messages and set<br />
warning messages to infected, outbound mails.<br />
Figure 6-5 <strong>Virus</strong> Scanning / Outbound Mail settings
Processing options<br />
Stop the whole<br />
message if infection<br />
found<br />
Notifications<br />
Send warning<br />
message to sender<br />
CHAPTER 6 231<br />
Administration with Web Console<br />
Specify whether all outgoing messages that<br />
have infected content should be stopped or not.<br />
Check the checkbox to stop all outbound<br />
messages with infected content completely. The<br />
original message will be attached to the warning<br />
and bounced back to the sender with disinfected<br />
content. Clear the checkbox to disinfect or drop<br />
the infected attachment be<strong>for</strong>e sending the<br />
outbound message. By default, F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> stops the<br />
whole message.<br />
If you set F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> to disinfect infected files and stop the<br />
whole message if an infection is found,<br />
messages are not stopped if they are send from<br />
a MAPI client if they can be disinfected.<br />
Messages are scanned and disinfected when<br />
they are in the Outbox. When a message leaves<br />
the Outbox folder, it does not contain malicious<br />
code anymore, so it is not stopped.<br />
Specify whether a virus warning message<br />
should be sent to the sender of the mail<br />
message which had infected content. If you want<br />
to add the warning message, the original<br />
message is embedded in the virus warning<br />
message.<br />
Click Edit to edit the warning message.<br />
If the sender sends an infected message to<br />
internal and external recipients, the sender can<br />
receive two warning messages about the same<br />
infection.
232<br />
Public Folders<br />
Add disclaimer to all<br />
outgoing messages<br />
Edit Public Folders real-time processing settings to define which Public<br />
Folders should be scanned <strong>for</strong> malicious code and to set warning<br />
messages to infected Public Folder notes.<br />
Figure 6-6 <strong>Virus</strong> Scanning / Public Folders settings<br />
Specify whether you want to add a disclaimer to<br />
all outgoing messages.<br />
Click Edit to edit the disclaimer text.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> adds a disclaimer.
Editing Public Folders<br />
Click Specify to open a dialog box where you can add new Public<br />
Folders, or remove Public Folders from the list.<br />
CHAPTER 6 233<br />
Administration with Web Console<br />
Examine public folders<br />
Examine public folders Specify public folders that should be scanned <strong>for</strong><br />
viruses.<br />
Do not scan public folders - Do not process any<br />
Public Folders.<br />
Scan all public folders - Process all notes posted<br />
to all Public Folders.<br />
Scan only included public folders - Process all<br />
notes posted to the listed Public Folders.<br />
Scan all except excluded public folders -<br />
Process all notes posted to all Public Folders,<br />
except to the ones in the list.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> processes all Public Folders.<br />
To add new Public Folder to the list, click Add. Select Public<br />
Folders from the list and click OK.<br />
To select all subfolders of the Public Folder in the list, check the<br />
checkbox in column.<br />
To delete a Public Folder from the list, click on column to<br />
select Public Folders that you want to delete. Click Clear<br />
delete the currently marked Public Folders from the list.<br />
to<br />
All infected messages which are sent to public folders with Outlook<br />
WebAccess are disinfected or dropped regardless of the Examine<br />
Public Folders setting.
234<br />
Notifications<br />
Send warning<br />
message to originator<br />
Outbreak Detection<br />
Specify whether a virus warning message<br />
should be sent to the original writer of the note<br />
which had infected content that could not be<br />
disinfected.<br />
Click Edit to edit the warning message.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends the virus warning message to<br />
the originator.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can alert administrators when<br />
the number of infections detected within a specified time frame exceeds a<br />
specified value.
Figure 6-7 <strong>Virus</strong> Scanning / Outbreak Detection settings<br />
Condition<br />
Notify when number of<br />
infections detected<br />
exceed<br />
Action<br />
Send security alert to<br />
the administrator<br />
CHAPTER 6 235<br />
Administration with Web Console<br />
Specify the number of infected objects that<br />
should be found within a specified time period,<br />
<strong>for</strong> it to be considered as a virus outbreak. Use<br />
the value zero (0) to disable the outbreak<br />
notification.<br />
By default, the outbreak notification is disabled<br />
(0).<br />
Specify whether a security alert should be sent<br />
to the administrator when a virus outbreak is<br />
detected.
236<br />
Send outbreak<br />
notification message<br />
Run outbreak handler<br />
script<br />
6.2.3 Stripping Attachments<br />
Specify whether outbreak notification e-mail<br />
should be sent to the notification addresses<br />
specified in the Notification Addresses setting<br />
when a virus outbreak is detected.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send the outbreak<br />
notification.<br />
Click Edit to edit the outbreak notification<br />
message.<br />
Specify an external program that should be run<br />
when a virus outbreak is detected. The external<br />
program is run using the user account defined<br />
during the installation.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> can be configured to remove<br />
attachments in real-time from inbound and outbound messages by their<br />
file name or the file extension even without scanning them <strong>for</strong> malicious<br />
code. The Statistics page displays the number of attachments stripped<br />
from inbound and outbound mail and public folders.
On-Access<br />
Figure 6-8 Stripping Attachments / Statistics page<br />
CHAPTER 6 237<br />
Administration with Web Console<br />
Statistics<br />
Attachments stripped Displays the number of stripped attachments in<br />
inbound mail, outbound mail and public folders.<br />
Edit On-Access stripping attachments settings to set which attachments<br />
should be stripped during the on-access scanning.<br />
Note that you have to scroll the page to view all the settings.
238<br />
Figure 6-9 Content Blocking / On-Access / Stripping Attachments settings<br />
Strip attachments<br />
Strip attachments Specify which attachments should be stripped<br />
from messages and public folder notes.<br />
Do not strip - Do not strip any attachments.<br />
Strip all attachments - Strip all attachments from<br />
all messages and notes.<br />
Strip all attachments except these allowed - Strip<br />
all except specified attachments.<br />
Strip only these disallowed attachments - Strip<br />
only specified attachments.
Enable File Type<br />
Recognition<br />
Action on stripped attachment<br />
Action on stripped<br />
attachment<br />
Add in<strong>for</strong>mational<br />
message<br />
CHAPTER 6 239<br />
Administration with Web Console<br />
You can add new file types on the attachments<br />
lists by typing the file extensions in the allowed<br />
and disallowed attachments text boxes.<br />
Separate the extensions by spaces.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
Specify whether stripped attachments should be<br />
quarantined or dropped.<br />
Quarantine attachment - All stripped<br />
attachments are placed in the Quarantine. For<br />
more in<strong>for</strong>mation, see “Quarantine”, 257.<br />
Drop attachment - All stripped attachments are<br />
deleted automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> quarantines stripped attachments.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be added to the mail message which<br />
originally had the stripped attachment. During<br />
the on-access scanning, the in<strong>for</strong>mational<br />
message can be sent to the mailbox owner or to<br />
the originator of an infected message or an<br />
infected Public Folder note.<br />
Click Edit to edit the message that is added to<br />
the message which contained the stripped<br />
attachment.
240<br />
Send the in<strong>for</strong>mational<br />
message to sender<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not add the in<strong>for</strong>mational<br />
message.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the sender of the mail<br />
message which had the stripped attachment.<br />
Click Edit to edit the message that is sent to the<br />
sender of the mail message which contained the<br />
stripped attachment.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send an in<strong>for</strong>mational<br />
message to the sender.<br />
Notify administrator Specify whether the administrator should be<br />
notified when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> strips an attachment.<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.<br />
Send warning alert - Send a warning alert to the<br />
administrator.<br />
Send security alert - Send a security alert to the<br />
administrator.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends an in<strong>for</strong>mational alert to the<br />
administrator.
Inbound Mail<br />
Edit Stripping Attachments / Inbound Mail settings to specify which<br />
attachments should be stripped from the inbound mail. For settings<br />
descriptions, see below.<br />
Figure 6-10 Stripping Attachments / Inbound Mail settings<br />
CHAPTER 6 241<br />
Administration with Web Console<br />
Note that you may have to scroll the page to view all the settings.
242<br />
Strip attachments<br />
Strip attachments Specify which attachments should be stripped<br />
from messages and public folder notes.<br />
Enable File Type<br />
Recognition<br />
Do not strip - Do not strip any attachments.<br />
Strip all attachments - Strip all attachments from<br />
all messages and notes.<br />
Strip all attachments with these extensions -<br />
Strip all except specified attachments.<br />
Strip all attachments except with these<br />
extensions - Strip only specified attachments.<br />
You can add new file types on the extensions<br />
lists by typing the file extensions in the file<br />
extensions text boxes. Separate the extensions<br />
by spaces.<br />
Trojans and other malicious code can disguise<br />
themselves with filename extensions which are<br />
usually considered safe to use. Intelligent File<br />
Type Recognition can recognize the real file type<br />
of the message attachment and use that while<br />
the attachment is processed. Specify whether<br />
you want to use Intelligent File Type Recognition<br />
or not.<br />
By default, the Intelligent File Type Recognition<br />
is disabled during the real-time processing and<br />
enabled during the manual processing.
Editing Trusted Mailboxes List<br />
Click Specify to open a dialog box where you can add new trusted<br />
mailboxes, or remove trusted mailboxes from the list.<br />
CHAPTER 6 243<br />
Administration with Web Console<br />
Trusted mailboxes<br />
Trusted mailboxes Define users’ mailboxes that should be excluded<br />
from real-time content filtering and attachment<br />
stripping.<br />
Trusted mailbox feature works only <strong>for</strong><br />
messages that are sent directly to an address<br />
defined as trusted mailbox. If the message has<br />
multiple recipients, and some of them are<br />
defined on the Trusted mailboxes list but some<br />
are not, the message will be scanned.<br />
To add new mailbox to the list, click Add. Select mailboxes from<br />
the list and click OK.<br />
To delete a address from the list, click on column to select<br />
mailboxes that you want to delete. Click Clear to delete the<br />
currently marked mailboxes from the trusted mailboxes list.<br />
Action on stripped attachment<br />
Action on stripped<br />
attachment<br />
Specify whether stripped attachments should be<br />
quarantined or dropped.<br />
Quarantine attachment - All stripped<br />
attachments are placed in the Quarantine. For<br />
more in<strong>for</strong>mation, see “Quarantine”, 257.<br />
Drop attachment - All stripped attachments are<br />
deleted automatically.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> quarantines stripped attachments.
244<br />
Add in<strong>for</strong>mational<br />
message<br />
Send in<strong>for</strong>mational<br />
message to sender<br />
Specify whether an in<strong>for</strong>mational message<br />
should be added to the mail message which<br />
originally had the stripped attachment. During<br />
on-access scanning, the in<strong>for</strong>mational message<br />
can be sent to the mailbox owner or to the<br />
originator of an infected message or an infected<br />
Public Folder note.<br />
Click Edit to edit the warning message that is<br />
added to the mail message.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not add the in<strong>for</strong>mational<br />
message.<br />
Specify whether an in<strong>for</strong>mational message<br />
should be sent to the sender of the mail<br />
message which had the stripped attachment.<br />
Click Edit to edit the warning message that is<br />
sent to the sender of the mail message which<br />
contained the stripped attachment.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> does not send an in<strong>for</strong>mational<br />
message to the sender.<br />
Notify administrator Specify whether the administrator should be<br />
notified when F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> strips an attachment.<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.<br />
Send warning alert - Send a warning alert to the<br />
administrator.
Outbound Mail<br />
CHAPTER 6 245<br />
Administration with Web Console<br />
Send security alert - Send a security alert to the<br />
administrator.<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> sends an in<strong>for</strong>mational alert to the<br />
administrator. For more in<strong>for</strong>mation, see<br />
“Configuring Alert Forwarding”, 119.<br />
F-<strong>Secure</strong> Management Agent alert <strong>for</strong>warding<br />
table controls where alerts with certain severity<br />
level will be sent.<br />
Edit Stripping Attachments / Outbound Mail attachment stripping settings<br />
to set which attachments should be stripped from the outbound mail. For<br />
settings descriptions, see “Inbound Mail”, 241.<br />
Note that you have to scroll the page to view all the settings.
246<br />
6.2.4 Content Filtering<br />
Figure 6-11 Stripping Attachments / Outbound Mail settings<br />
The Content Filtering settings specify how content should be filtered<br />
based on keywords found in message subject and content. The Spam<br />
Control settings are also located under the Content Filtering branch, but<br />
they are displayed only if you have installed F-<strong>Secure</strong> Spam Control with<br />
the product.
Figure 6-12 Content Filtering / Statistics page<br />
CHAPTER 6 247<br />
Administration with Web Console<br />
Statistics<br />
Spam messages Displays the total number of spam messages<br />
that have been found.<br />
Size of spam<br />
messages<br />
Filtered inbound<br />
messages<br />
Filtered outbound<br />
messages<br />
Displays the total size of spam messages that<br />
have been found.<br />
Displays the total number of inbound messages<br />
that have been filtered.<br />
Displays the total number of outbound<br />
messages that have been filtered.
248<br />
Spam Control<br />
Inbound Mail<br />
For in<strong>for</strong>mation on F-secure Spam Control settings, see “Spam Control<br />
Settings in Web Console”, 331.<br />
Edit Content Filtering / Inbound Mail settings to define how content should<br />
be filtered in the inbound mail based on keywords in message subjects<br />
and text. For settings descriptions, see below.
Figure 6-13 Content Filtering / Inbound Mail settings<br />
CHAPTER 6 249<br />
Administration with Web Console<br />
Processing options<br />
Enable content filtering Specify whether the content of inbound<br />
messages is filtered based on the subjects and<br />
texts of the messages as defined on this tab.<br />
List of disallowed<br />
keywords in message<br />
subject<br />
List of disallowed<br />
keywords in message<br />
text<br />
Lists the keywords that are not allowed in<br />
message subject and that are used as filtering<br />
criteria.<br />
Lists the keywords that are not allowed in<br />
message text and that are used as filtering<br />
criteria.
250<br />
Editing Keyword Lists<br />
Click Edit to open a dialog box where you can<br />
add new disallowed keywords, or remove<br />
keywords from the list.<br />
Select the checkbox in the column to mark<br />
the entries that you want to remove.<br />
Click Clear to remove the selected entries<br />
from the list.<br />
Click Edit to open a dialog box where you can add new disallowed<br />
keywords, or remove keywords from the list.<br />
To add new keyword to the list, click Add.<br />
To add multiple entries at once, click Import.<br />
To delete a keyword from the list, click on column to select<br />
keywords that you want to delete. Click Clear to delete the<br />
currently marked keywords from the list.<br />
Trusted mailboxes<br />
Trusted mailboxes Define users’ mailboxes that should be excluded<br />
from real-time content filtering and attachment<br />
stripping.<br />
Trusted mailbox feature works only <strong>for</strong><br />
messages that are sent directly to an address<br />
defined as trusted mailbox. If the message has<br />
multiple recipients, and some of them are<br />
defined on the Trusted mailboxes list but some<br />
are not, the message content will be filtered and<br />
attachments stripped.
Editing Trusted Mailboxes List<br />
Click Specify to open a dialog box where you can add new trusted<br />
mailboxes, or remove trusted mailboxes from the list.<br />
CHAPTER 6 251<br />
Administration with Web Console<br />
To add new mailbox to the list, click Add. Select mailboxes from<br />
the list and click OK.<br />
To delete a address from the list, click on column to select<br />
mailboxes that you want to delete. Click Clear to delete the<br />
currently marked mailboxes from the trusted mailboxes list.<br />
Action on message with disallowed content<br />
Action Specify the action to take on a message with<br />
disallowed content.<br />
Send in<strong>for</strong>mational<br />
message to recipient<br />
Quarantine message - The filtered message is<br />
placed in the Quarantine.<br />
Drop message - The filtered message will be<br />
deleted automatically.<br />
Specify whether a warning message will be sent<br />
to the recipient of the disallowed content that<br />
has been filtered.<br />
The warning message will be sent only if the<br />
recipient of the message with the disallowed<br />
content is a user belonging to an internal domain<br />
(<strong>for</strong> more in<strong>for</strong>mation, see “Internal Domains”,<br />
273). This means that no in<strong>for</strong>mational<br />
messages will be sent outside the company.<br />
Click Edit to edit the warning message text.<br />
Notify administrator Specify whether an alert will be sent to the<br />
administrator when an attachment is stripped<br />
from a message and what type of an alert it<br />
should be.
252<br />
Outbound Mail<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.<br />
Send warning alert - Send a warning alert to the<br />
administrator.<br />
Send security alert - Send a security alert to the<br />
administrator.<br />
F-<strong>Secure</strong> Management Agent alert <strong>for</strong>warding<br />
table controls where alerts with certain severity<br />
level will be sent.<br />
Edit Outbound Mail content blocking settings to set which attachments<br />
should be stripped from the outbound mail and how messages should be<br />
blocked based on keywords found in the message subjects and text. For<br />
settings descriptions, see “Inbound Mail”, 248.
6.2.5 Manual Scanning<br />
Figure 6-14 Content Filtering / Outbound Mail settings<br />
CHAPTER 6 253<br />
Administration with Web Console<br />
You can process mailboxes and public folders manually as needed.
254<br />
Figure 6-15 Manual Processing page
Processing Mailboxes Manually<br />
The Status field displays the current status of the manual process.<br />
CHAPTER 6 255<br />
Administration with Web Console<br />
To start processing mailboxes manually, click Start. Click Stop to<br />
terminate the currently running manual scan<br />
Click Configure... to set up a new manual processing task. For<br />
more in<strong>for</strong>mation, see “Creating Manual Scanning Operation”,<br />
87.<br />
Click Show Report to view the report of the last manual<br />
processing task.<br />
Progress<br />
Estimated time Displays the estimated time that is left of the<br />
manual processing.<br />
Elapsed time Displays the time that has elapsed since the<br />
manual processing was started.<br />
Processed number<br />
mailboxes<br />
Last processed<br />
mailbox<br />
Processed number<br />
public folders<br />
Last processed public<br />
folder<br />
Messages in<br />
Mailboxes<br />
Messages in Public<br />
Folders<br />
Displays the number of mailboxes that have<br />
been processed out of the total number of<br />
mailboxes.<br />
Displays the mailbox that is currently being<br />
processed.<br />
Displays the number of public folders that have<br />
been processed out of the total number of public<br />
folders.<br />
Displays the public folder that is currently being<br />
processed.<br />
Displays the number of processed, infected and<br />
suspicious messages in mailboxes.<br />
Displays the number of processed, infected and<br />
suspicious messages in Public Folders.
256<br />
Scheduled Scan Tasks<br />
Figure 6-16 Scheduled Processing page<br />
Editing Scheduled Tasks<br />
The Scheduled tasks table displays all scheduled tasks and the date and<br />
time when the next scheduled task occurs <strong>for</strong> the next time.
6.2.6 Quarantine<br />
CHAPTER 6 257<br />
Administration with Web Console<br />
Clear the checkbox in front of the task to deactivate a scheduled. Check<br />
the checkbox to activate it again.<br />
When the scheduled scanning task is complete, column<br />
reports completed scheduled scanning tasks. you can view the<br />
report by clicking the Report... link displayed in this column.<br />
Click the Edit... link displayed in<br />
task<br />
column to edit a scanning<br />
Click Show Latest Report to display a report of per<strong>for</strong>med<br />
scheduled tasks.<br />
Click Add Task... to start the Scheduled Operation Wizard. For<br />
more in<strong>for</strong>mation, see “Creating Scheduled Operation”, 102.<br />
To delete a scheduled tasks from the list, click on column to<br />
select scheduled tasks that you want to delete. Click Clear to<br />
delete the currently marked scheduled tasks from the list.<br />
Quarantine in F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is handled<br />
through a SQL database. The product is able to quarantine e-mails and<br />
attachments which contain malicious or otherwise unwanted content,<br />
such as spam messages.<br />
The Quarantine management is divided into two different parts:<br />
Quarantine-related configuration, and<br />
the management of the quarantined content, <strong>for</strong> example<br />
searching <strong>for</strong> and deleting quarantined content.<br />
In stand-alone installations, quarantine-related settings are configured<br />
and the quarantined files managed through the Web Console.<br />
The Quarantine Query page in Web Console is used <strong>for</strong> searching the<br />
quarantined content.<br />
When the product places content to the Quarantine, it saves the content<br />
as separate files into the Quarantine Storage (a directory specified in the<br />
Quarantine settings) and inserts an entry to the Quarantine Database with<br />
in<strong>for</strong>mation about the quarantined content. For more in<strong>for</strong>mation, see<br />
“Quarantine Management”, 248.
258<br />
Quarantine Thresholds<br />
Figure 6-17 Quarantine thresholds settings
Quarantine thresholds<br />
Quarantined items<br />
threshold<br />
CHAPTER 6 259<br />
Administration with Web Console<br />
Specify the critical number of items in the<br />
Quarantine storage. If the specified value is<br />
reached or exceeded, the product sends an<br />
alert. If zero (0) is specified, the number of<br />
items in the Quarantine storage is not<br />
checked. The default value is 100000 items.<br />
E-mail messages and infected, suspicious<br />
and disallowed attachments are stored and<br />
counted as separate items in the Quarantine<br />
storage. For example, if a message has<br />
three attachments and only one of them has<br />
been found infected, two items will be<br />
created in the Quarantine storage. These<br />
items still have the same Quarantine ID in<br />
the Quarantine database.<br />
Quarantine size threshold Specify the critical size (in megabytes) of the<br />
quarantine folder. If the specified value is<br />
reached, the product sends an alert. The<br />
default value is 200. If zero (0) is specified,<br />
the size of the Quarantine is not checked.<br />
The allowed value range is from 0 to 10240.
260<br />
Notify when quarantine<br />
threshold is reached<br />
Quarantine Reprocess, Retention and Cleanup<br />
Specify how the administrator should be<br />
notified when the Quarantine Size Threshold<br />
and/or Quarantined Items Threshold are<br />
reached. No alert is sent if both thresholds<br />
are set to zero (0). The options available are:<br />
When quarantined content is reprocessed, it is scanned again, and if it is<br />
found clean, it is sent to the intended recipients. For more in<strong>for</strong>mation,<br />
see “Reprocessing the Quarantined Content”, 318.
Figure 6-18 Quarantine cleanup settings<br />
Reprocess unsafe messages<br />
Automatically reprocess<br />
unsafe messages<br />
Max attempts to process<br />
unsafe messages<br />
CHAPTER 6 261<br />
Administration with Web Console<br />
Specify how often the product tries to<br />
reprocess unsafe messages that are<br />
retained in the Quarantine. Set the value to<br />
Disabled to keep all unsafe to process<br />
unsafe messages manually.<br />
Specify how many times the product tries to<br />
reprocess unsafe messages that are<br />
retained in the Quarantine.<br />
Use the Final Action on Unsafe Messages<br />
setting to specify the action that takes place<br />
if the message is retained in the Quarantine<br />
after the maximum attempts.
262<br />
Final action on unsafe<br />
messages<br />
Specify the action to unsafe messages after<br />
the maximum number of reprocesses have<br />
been attempted.<br />
Leave in Quarantine - Leave messages in<br />
the Quarantine and process them manually.<br />
Release to Intended Recipients - Release<br />
messages from the Quarantine and send<br />
them to original recipients.<br />
Quarantine retention and cleanup<br />
Retain items in<br />
quarantine<br />
Specify how long quarantined items should<br />
be retained in the Quarantine be<strong>for</strong>e they are<br />
deleted.<br />
Use the Quarantine Cleanup Exceptions<br />
table to change the retention period <strong>for</strong> a<br />
particular Quarantine category.<br />
Delete old items every Specify how often the storage should be<br />
cleaned of old quarantined items.<br />
Use the Quarantine Cleanup Exceptions<br />
table to change the cleanup interval <strong>for</strong> a<br />
particular Quarantine category.<br />
Exceptions Specify separate quarantine retention period<br />
and cleanup interval <strong>for</strong> each Quarantine<br />
category. If retention period and cleanup<br />
interval <strong>for</strong> a category are not defined in this<br />
table, then the default ones (specified<br />
above) are used.<br />
Active -Enable or disable the selected entry<br />
in the table.<br />
Quarantine category - Select a category the<br />
retention period or cleanup interval of which<br />
you want to modify. The categories are:
CHAPTER 6 263<br />
Administration with Web Console<br />
Infected<br />
Disallowed<br />
Suspicious<br />
Spam<br />
Scan failure<br />
Unsafe<br />
Retention period - Specify an exception to<br />
the default retention period <strong>for</strong> the selected<br />
Quarantine category.<br />
Cleanup interval - Specify an exception to<br />
the default cleanup interval <strong>for</strong> the selected<br />
Quarantine category.<br />
Send in<strong>for</strong>mational alert<br />
Send warning alert<br />
Send error alert<br />
Send security alert
264<br />
Quarantine Logging<br />
Figure 6-19 Quarantine logging settings<br />
Logging<br />
Quarantine log<br />
directory<br />
Rotate quarantine<br />
logs<br />
Keep rotated<br />
quarantine logs<br />
Specify the path <strong>for</strong> Quarantine log files.<br />
Specify how often the product rotates<br />
Quarantine log files. At the end of each rotation<br />
time a new log file is created.<br />
Specify how many rotated log flies should be<br />
stored in the Quarantine.
Quarantine Options<br />
CHAPTER 6 265<br />
Administration with Web Console<br />
Quarantine Options<br />
Quarantine worms Specify whether the product should<br />
Quarantine files infected with mass worms or<br />
mail viruses such as Sobig or Bagle.<br />
Quarantine problematic<br />
messages<br />
Specify if messages that contain mal<strong>for</strong>med<br />
or broken attachments should be<br />
quarantined <strong>for</strong> later analysis or recovery.<br />
This setting works together with the Security<br />
Options/Action on Mal<strong>for</strong>med Mails setting in<br />
the inbound and outbound mail settings.
266<br />
Quarantine Database<br />
Figure 6-20 Quarantine database settings<br />
You can specify the database where in<strong>for</strong>mation about quarantined<br />
e-mails is stored and from which it is retrieved.<br />
Quarantine database<br />
SQL server name The name of the SQL server where the<br />
database is located.<br />
Database name The name of the Quarantine database. The<br />
default name is FSMSE_Quarantine.<br />
User name The user name the product uses when<br />
accessing the database.<br />
Password The password the product uses when accessing<br />
the database.
Quarantine Storage<br />
6.2.7 Advanced<br />
CHAPTER 6 267<br />
Administration with Web Console<br />
Quarantine storage Specify the location of the Quarantine<br />
Storage where quarantined e-mails and<br />
attachments are placed.<br />
WARNING: During the setup, access<br />
rights are adjusted so that only the<br />
operating system, the product itself and<br />
the local administrator can access files in<br />
the Quarantine. If you make changes to<br />
the Quarantine storage settings, make<br />
sure that the new directory has the same<br />
rights.<br />
IMPORTANT: This setting must be defined<br />
as Final with the Restriction Editor be<strong>for</strong>e the<br />
policies are distributed. Otherwise the<br />
setting will not be changed in the product.<br />
Make sure that F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> service<br />
has write access to this directory. Adjust the access rights to the<br />
directory so that only the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> service and the local administrator can access files in<br />
the Quarantine.<br />
Advanced settings control mail delivery and scanning timeout settings<br />
and polling intervals <strong>for</strong> new mailboxes and Public Folders.<br />
IMPORTANT: These settings control the <strong>Virus</strong> Scanning interface<br />
of <strong>Microsoft</strong> <strong>Exchange</strong> Server and modifying them may seriously<br />
affect system per<strong>for</strong>mance. Use them with caution.
268<br />
Figure 6-21 Advanced settings<br />
Mail Delivery Settings<br />
Mail opening timeout Specify the number of seconds to try to open a<br />
message.<br />
Max mail sending<br />
retries<br />
Specify the number of times to try to send a<br />
message if sending it fails.<br />
Mail sending timeout Specify the number of seconds to wait to try<br />
sending a message.<br />
Scanning Interface Parameters<br />
Number of scanning<br />
threads<br />
Specify the maximum number of scans to be run<br />
simultaneously. When the upper limit of<br />
simultaneous scanning threads is reached,<br />
messages are queued until a thread is finished.
Advanced<br />
New mailbox polling<br />
interval<br />
New Public Folder<br />
polling interval<br />
CHAPTER 6 269<br />
Administration with Web Console<br />
Specify how often F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> should check <strong>for</strong> newly<br />
established mailboxes. You can disable the new<br />
mailbox polling by using the value 0 (zero).<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> polls new mailboxes every 60<br />
minutes.<br />
Specify how often F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> should check <strong>for</strong> newly<br />
established Public Folders. You can disable the<br />
new mailbox polling by using the value 0 (zero).<br />
By default, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> polls new folders every 60 minutes.<br />
Message scan timeout Specify the maximum time to wait (in seconds)<br />
to scan a message.
270<br />
Scanning Servers<br />
Edit the Servers settings to configure the connection between F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and F-<strong>Secure</strong> Content Scanner Server.<br />
Note that you may have to scroll the page to view all the settings.<br />
Figure 6-22 Advanced / Scanning Servers settings
Scanning servers<br />
Primary Content<br />
Scanner Servers<br />
Backup Content<br />
Scanner Servers<br />
Editing F-<strong>Secure</strong> Content Scanner Server Addresses<br />
CHAPTER 6 271<br />
Administration with Web Console<br />
Specify all F-<strong>Secure</strong> Content Scanner Servers<br />
where F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> should send files to be processed. If<br />
you list more than one F-<strong>Secure</strong> Content<br />
Scanner Server, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> uses load sharing between<br />
them.<br />
Specify F-<strong>Secure</strong> Content Scanner Servers that<br />
act as backup servers <strong>for</strong> primary servers. If<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
cannot contact primary F-<strong>Secure</strong> Content<br />
Scanner Servers, it interacts with backup<br />
servers.<br />
To add new F-<strong>Secure</strong> Content Scanner Server IP addresses or<br />
host names to the list, click Add.<br />
To delete a address from the list, click on column to select<br />
addresses that you want to delete. Click Clear to delete the<br />
currently marked addresses permanently.<br />
Connection timeout Enter the time interval (in seconds) that<br />
specifies how long F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> should wait <strong>for</strong> a response<br />
from F-<strong>Secure</strong> Content Scanner Server be<strong>for</strong>e<br />
stopping attempts to send or receive data.<br />
Restore connection<br />
interval<br />
Enter the time interval (in seconds) that<br />
specifies how long F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> will wait be<strong>for</strong>e attempting<br />
a new connection with the primary F-<strong>Secure</strong><br />
Content Scanner Servers, in case the previous<br />
connection attempt failed or a connection with<br />
the server was lost.
272<br />
Use local interaction<br />
mode<br />
Maximum shared<br />
memory data size<br />
Specify whether the product should interact with<br />
F-<strong>Secure</strong> Content Scanner Server in the local<br />
interaction mode.<br />
When F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> and F-<strong>Secure</strong> Content Scanner<br />
Server are installed on the same host and the<br />
local interaction mode is enabled, data are<br />
transferred via local temporary files and/or<br />
shared memory. This provides the best possible<br />
per<strong>for</strong>mance.<br />
If local interaction mode is disabled, data is<br />
transferred via data stream sockets.<br />
It is recommended to use the local interaction<br />
mode to obtain the optimum per<strong>for</strong>mance.<br />
Specify the maximum size of data to be<br />
transferred between the <strong>Anti</strong>-<strong>Virus</strong> Agent and<br />
the F-<strong>Secure</strong> Content Scanner Server via<br />
shared memory.<br />
By default, the maximum size is 1024 kilobytes.<br />
When the amount of data exceeds the<br />
maximum size, a local temporary file will be<br />
used <strong>for</strong> data transfer.<br />
If the option is set to zero (0), all data transfers<br />
via shared memory are disabled.<br />
This setting is ignored if local interaction mode<br />
is disabled.
6.2.8 Internal Domains<br />
CHAPTER 6 273<br />
Administration with Web Console<br />
Working directory Specify the name and location of the Working<br />
directory, where temporary files are placed.<br />
During the installation, F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> automatically adjusts the<br />
access rights so that only the operating system<br />
and the local administrator can access files in<br />
the Working directory. If you change this setting<br />
after the installation, make sure that the new<br />
folder has secure access permissions.<br />
Specify the domains which should be considered to be internal domains.<br />
All messages which are going to internal domains are considered to be<br />
inbound messages. Separate each domain name with a space. You can<br />
use * wildcard, <strong>for</strong> example, *example.com.
274<br />
Figure 6-23 Internal Domains settings<br />
You can define how the mails destined <strong>for</strong> the internal domains are<br />
processed by configuring the <strong>Virus</strong> Scanning / Inbound Mail, Stripping<br />
Attachments / Inbound Mail and Content Filtering / Inbound Mail settings.<br />
Editing Internal Domain Addresses<br />
To add a new domain name to the list, click Add. You can use ‘*’<br />
wildcard. For example, *example.com.<br />
To import a list of domain addresses from a CSV file, click<br />
Import....<br />
To delete a domain name from the list, click on column to<br />
select addresses that you want to delete. Click Clear<br />
delete the currently marked addresses permanently.<br />
to
6.3 F-<strong>Secure</strong> Content Scanner Server Settings<br />
6.3.1 Summary<br />
Status<br />
CHAPTER 6 275<br />
Administration with Web Console<br />
F-<strong>Secure</strong> Content Scanner Server can be administered with the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console. You can check the<br />
system status, check statistics and modify the settings of F-<strong>Secure</strong><br />
Content Scanner Server on the computer where the product is installed<br />
and running. Note that if the product is installed in the centralized<br />
administration mode, you cannot change any settings from the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console and should use F-<strong>Secure</strong><br />
Policy Manager Console instead.<br />
You can see the current status of the F-<strong>Secure</strong> Content Scanner Server,<br />
and virus and spam scanner statistics under the Summary branch.<br />
You can see the statistics of all virus scans on the Status page of<br />
F-<strong>Secure</strong> Content Scanner Server. The statistics display the number of<br />
scanned files, the last database update, the last virus found and the last<br />
time a virus was found.
276<br />
Figure 6-24 Summary page<br />
Status<br />
Status Displays whether F-<strong>Secure</strong> Content Scanner<br />
Server is currently running or not.<br />
Version Displays the current version number and build of<br />
F-<strong>Secure</strong> Content Scanner Server.<br />
Start time Displays the start date and time of F-<strong>Secure</strong><br />
Content Scanner Server.<br />
Scanned files Displays how many files have been scanned<br />
since the last reset.<br />
Last database update Displays the last date and time when virus<br />
definition databases were updated.
<strong>Virus</strong> Statistics<br />
Database Update<br />
Version<br />
CHAPTER 6 277<br />
Administration with Web Console<br />
Displays the version of the virus definition<br />
database update.<br />
The version is shown in YYYY-MM-DD_NN<br />
<strong>for</strong>mat, where YYYY-MM-DD is the release date<br />
of the update and NN is the number of the<br />
update <strong>for</strong> that day.<br />
Last infection found Displays the name of the last virus that was<br />
found.<br />
Last time infection<br />
found<br />
Displays the date and time the last virus was<br />
found.<br />
Click Start to start F-<strong>Secure</strong> Content Scanner Server and Stop to stop<br />
F-<strong>Secure</strong> Content Scanner Server.<br />
Click Reset Statistics to reset the statistics in this window.<br />
You can see the list of most active viruses on the Summary > <strong>Virus</strong><br />
Statistics page in F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console.
278<br />
Figure 6-25 Summary / <strong>Virus</strong> Statistics settings<br />
Most active viruses<br />
Most active viruses<br />
table<br />
This table displays a list of the 5, 10 or 30 most<br />
often found viruses during the specified time<br />
period. It also displays the number of times each<br />
virus has been found and the percentage that<br />
each virus represents of the total number of<br />
viruses encountered.<br />
Click Configure to specify the statistics you<br />
want to view.<br />
Time period - Specify the number of days from<br />
which the virus in<strong>for</strong>mation is displayed.
Spam Scanner Statistics<br />
CHAPTER 6 279<br />
Administration with Web Console<br />
<strong>Virus</strong>es to show - Specify the number of most<br />
active viruses to show in the <strong>Virus</strong> Statistics<br />
table. The options available are Top 5, Top 10<br />
and Top 30.<br />
F-<strong>Secure</strong> World Map<br />
The product can collect and send statistics about viruses and other<br />
malware to the F-<strong>Secure</strong> World Map service.<br />
When the F-<strong>Secure</strong> World Map support is enabled, the product sends<br />
encrypted e-mail reports periodically to the service. These reports list only<br />
the name and the amount of found malware and they do not contain any<br />
sensitive in<strong>for</strong>mation such as IP or e-mail addresses or user names.<br />
You can also <strong>for</strong>ward unencrypted reports to a configurable e-mail<br />
address and use the same statistics <strong>for</strong> your own internal purposes.<br />
MTA IP address Specify the IP address of mail transfer agent<br />
where you want to send the unencrypted report.<br />
MTA port Specify the port of the mail transfer agent.<br />
Recipients Specify e-mail addresses where the<br />
unencrypted report is sent.<br />
This page is displayed only if you have installed F-<strong>Secure</strong> Spam<br />
Control.<br />
On the Spam Control page you can see the status of F-<strong>Secure</strong> Spam<br />
Control, spam definition databases and the spam scanning statistics.
280<br />
Figure 6-26 Summary / Spam Scanner Statistics page<br />
Spam Control statistics<br />
Version Shows the version and build number of the<br />
F-<strong>Secure</strong> Spam Scanner.<br />
Status Shows the status of the F-<strong>Secure</strong> Spam<br />
Scanner. The possible statuses are:<br />
Unknown or not installed - This status might be<br />
displayed right after installation when the<br />
product statistics are not yet updated, or if the<br />
F-<strong>Secure</strong> Spam Scanner is not installed.
Click Reset Statistics to reset the statistics in this window.<br />
CHAPTER 6 281<br />
Administration with Web Console<br />
Not loaded - This status is displayed when the<br />
F-<strong>Secure</strong> Content Scanner Server failed to load<br />
the scan engine <strong>for</strong> some reason. You should<br />
check the logfile.log <strong>for</strong> the reason of the failure.<br />
It might be, <strong>for</strong> example, that one or more<br />
database files are missing or corrupted.<br />
Loaded but disabled - This status is displayed<br />
when the engine is loaded but disabled by the<br />
administrator. It means that the disabled scan<br />
engine will not be used on scanning. A scan<br />
engine should be disabled <strong>for</strong> troubleshooting<br />
purposes only.<br />
Loaded and enabled - This status is normally<br />
shown <strong>for</strong> the scan engine. It means that the<br />
engine has been loaded and will be used <strong>for</strong><br />
scanning.<br />
Database version Shows the version of the database currently<br />
used by the F-<strong>Secure</strong> Spam Scanner.<br />
Last database update Shows the date and time when the F-<strong>Secure</strong><br />
Spam Scanner database was last updated.<br />
Number of processed<br />
files<br />
Shows the total number of files that have been<br />
analyzed <strong>for</strong> spam.<br />
Total spam statistics table:<br />
Confidence level rating Shows the confidence levels used in the spam<br />
scanning. The scale used is from 1 to 9.<br />
Number of messages Shows the number of messages that have<br />
received a certain spam confidence level when<br />
scanned by F-secure Spam Scanner.
282<br />
6.3.2 Database Updates<br />
F-<strong>Secure</strong> Content Scanner Server can notify the administrator if it detects<br />
that virus and/or spam definition databases are outdated. You can change<br />
the notification and other database updates settings on the Updates<br />
page. For more in<strong>for</strong>mation about virus definition database updates, see<br />
“Updating <strong>Virus</strong> and Spam Definition Databases”, 340.
Figure 6-27 Database Updates settings<br />
‘<br />
Database updates<br />
Verify integrity of<br />
downloaded databases<br />
Notify when databases<br />
become old<br />
CHAPTER 6 283<br />
Administration with Web Console<br />
Specify whether the product verifies that the<br />
downloaded virus definition databases are the<br />
original databases published by F-<strong>Secure</strong><br />
Corporation and that they have not been altered<br />
or corrupted in any way be<strong>for</strong>e taking them to<br />
use.<br />
Specify what kind of an alert F-<strong>Secure</strong> Content<br />
Scanner Server should send to the administrator<br />
when virus definition databases are not<br />
up-to-date.<br />
Send in<strong>for</strong>mational alert - Send an in<strong>for</strong>mational<br />
alert to the administrator.
284<br />
6.3.3 Scan Engines<br />
Notify when databases<br />
older than<br />
Send warning alert - Send a warning alert to the<br />
administrator.<br />
Send security alert - Send a security alert to the<br />
administrator.<br />
Do not notify - Do not send any notification to the<br />
administrator.<br />
Specify when virus definition databases are<br />
outdated. If databases are older than the<br />
specified amount of days, F-<strong>Secure</strong> Content<br />
Scanner Server sends an alert to the<br />
administrator.<br />
F-<strong>Secure</strong> Content Scanner Server uses multiple top quality scanning<br />
engines to ensure the highest possible detection rate and disinfection<br />
capability. You can view an overview of the engine statuses and updates<br />
on the Scan Engines page.
Figure 6-28 <strong>Virus</strong> Scanning page<br />
Scan engines<br />
Scan Engine Displays the name of the scan engine.<br />
CHAPTER 6 285<br />
Administration with Web Console<br />
Version Displays the version number of the scan engine.<br />
Database Date Displays the date of the currently used virus<br />
definition database.<br />
Last Updated Displays the last date when the virus definition<br />
database was updated.
286<br />
Properties<br />
You can view the detailed statistics and statuses of the scan engines on<br />
the Scan Engines > Properties page.<br />
Note that you have to scroll the page to view all the settings.<br />
Figure 6-29 Scan Engines > Properties page<br />
Scan engine<br />
Number of processed<br />
files<br />
Number of files found<br />
infected<br />
Displays the number of files the selected scan<br />
engine has scanned.<br />
Displays the number of infected files the<br />
selected scan engine has found.
Threat Detection<br />
Number of disinfected<br />
files<br />
Displays the number of infected files the<br />
selected scan engine has successfully<br />
disinfected.<br />
CHAPTER 6 287<br />
Administration with Web Console<br />
Database date Displays the date of the currently used virus<br />
definition database <strong>for</strong> the selected scan engine.<br />
Last database update Displays the last date when the virus definition<br />
database was updated.<br />
Last infection found Displays the name of the latest infection that<br />
was found with the selected scan engine.<br />
Last time infection<br />
found<br />
Engine excluded<br />
extensions<br />
Displays the date and time of the last infection.<br />
Specify a space-separated list of file extensions<br />
excluded from scanning by the engine. You can<br />
also use wildcards: ‘?’ matches exactly one<br />
character, ‘*’ matches any number of characters,<br />
including zero (0) characters. For example:<br />
“PP?, PDF, X*”.<br />
Click Reset Statistics to reset the statistics <strong>for</strong> a scan engine.<br />
Select the scan engine and click Enable to turn it on or Disable to turn it<br />
off.<br />
You can configure the virus outbreak and spam threat detection on the<br />
Scan Engines > Threat Detection page.
288<br />
Figure 6-30 Scan Engines > Threat Detection page<br />
Cache<br />
VOD cache size Specify the maximum number of patterns to<br />
cache <strong>for</strong> the virus outbreak detection service.<br />
By default, the cache size is 10000 cached<br />
patterns.<br />
Class cache size Specify the maximum number of patterns to<br />
cache <strong>for</strong> spam detection service. By default, the<br />
cache size is 10000 cached patterns.<br />
Advanced<br />
Action on connection<br />
failure<br />
Increasing cache sizes may increase the threat<br />
detection per<strong>for</strong>mance but it requires more disk<br />
space and may degrade the threat detection<br />
rate. Cache sizes can be disabled (set the size<br />
to 0) <strong>for</strong> troubleshooting purposes.<br />
Specify the action <strong>for</strong> messages when the threat<br />
detection center cannot be contacted and the<br />
threat detection engine cannot classify the<br />
message.
6.3.4 Proxy Configuration<br />
CHAPTER 6 289<br />
Administration with Web Console<br />
Pass through - The message is passed through<br />
without scanning it <strong>for</strong> spam.<br />
Heuristic Scanning - F-<strong>Secure</strong> Content Scanner<br />
Server checks the message using spam<br />
heuristics.<br />
Trusted networks Specify networks and hosts in the mail relay<br />
network which can be trusted not to be operated<br />
by spammers and do not have open relays or<br />
open proxies.<br />
Define the network as a network/netmask pair<br />
(10.1.0.0/255.255.0.0), with the network/nnn<br />
CIDR specification (10.1.0.0/16), or use ‘*’<br />
wildcard to match any number and ‘-’ to define a<br />
range of numbers (172.16.*.1, 172.16.4.10-110).<br />
You can specify proxy server parameters that Content Scanner Server<br />
uses when it connects to the threat detection center on the Proxy<br />
Configuration page.
290<br />
Figure 6-31 Proxy Configuration page<br />
Proxy Configuration<br />
Use proxy server Specify whether F-<strong>Secure</strong> Content Scanner<br />
Server uses a proxy server when it connects to<br />
the threat detection center.<br />
Proxy server address Specify the address of the proxy server.<br />
Proxy server port Specify the port number of the proxy server.<br />
Authentication<br />
method<br />
Specify the authentication method to use to<br />
authenticate to the proxy server.<br />
NoAuth - The proxy server does not require<br />
authentication.<br />
Basic - The proxy uses the basic authentication<br />
scheme.<br />
NTLM - The proxy uses NTLM authentication<br />
scheme.
User name Specify the user name <strong>for</strong> the proxy server<br />
authentication.<br />
Password Specify the password <strong>for</strong> the proxy server<br />
authentication.<br />
CHAPTER 6 291<br />
Administration with Web Console<br />
Domain Specify the domain name <strong>for</strong> the proxy server<br />
authentication.
292<br />
6.3.5 Archive Scanning<br />
F-<strong>Secure</strong> Content Scanner Server can scan files inside archives. You can<br />
change the archive scanning and other advanced settings in the <strong>Virus</strong><br />
Scanning / Archive Scanning page.<br />
Figure 6-32 Archive Scanning settings page
CHAPTER 6 293<br />
Administration with Web Console<br />
<strong>Virus</strong> scanning<br />
Scan inside archives Select whether F-<strong>Secure</strong> Content Scanner<br />
Server should scan files inside the archives <strong>for</strong><br />
possible infections.<br />
Max levels in nested<br />
archives<br />
Suspect max nested<br />
archives<br />
Suspect password<br />
protected archives<br />
Set the number of levels of archives inside<br />
archives that F-<strong>Secure</strong> Content Scanner Server<br />
should scan. Note that nested archives can be<br />
used in denial-of-service attacks, so it is not<br />
recommended to set the maximum value very<br />
high.<br />
Specify whether F-<strong>Secure</strong> Content Scanner<br />
Server should treat archives with more nested<br />
levels than you have set above as safe or<br />
unsafe.<br />
Treat as safe - Archives are scanned to the<br />
specified level and allowed through if no<br />
infections are found.<br />
Treat as unsafe - Archives with exceeding<br />
nested levels are always quarantined.<br />
Password protected archives cannot be<br />
scanned. Select whether to treat them as safe or<br />
unsafe. As password protected archives cannot<br />
be inspected without knowing the password, the<br />
user who receives the password protected<br />
archive should have up-to-date virus protection<br />
on the workstation if they are treated as safe.<br />
Treat as safe - Password protected archives are<br />
allowed to go through.<br />
Treat as unsafe - Password protected archives<br />
are quarantined.
294<br />
Acceptable unpacked<br />
size threshold<br />
Scan these extensions<br />
in archive files<br />
Extensions allowed in<br />
password protected<br />
archives<br />
Specify the acceptable unpacked size (in<br />
kilobytes) <strong>for</strong> archive files. If the unpacked size<br />
of an archive file exceeds this threshold, the<br />
server will consider the archive suspicious and<br />
corresponding action will be taken.<br />
Specify files that are scanned inside archives.<br />
Click Modify to edit the list of extensions you<br />
want to scan inside archives.<br />
Specify a space-separated list of the file<br />
extensions allowed in password protected<br />
archives. Wildcards (*, ?) can be used. Example:<br />
"DO? *ML".
6.3.6 Advanced<br />
CHAPTER 6 295<br />
Administration with Web Console<br />
You can change the Working Directory settings from the Advanced page.<br />
The Working directory specifies where temporary files are stored.<br />
Figure 6-33 Advanced settings<br />
Advanced<br />
Working directory Specify the working directory. Enter the<br />
complete path to the field or click Browse to<br />
browse to the path you want to set as the new<br />
working directory.<br />
Working directory<br />
clean interval<br />
Specify how often the working directory is<br />
cleaned of all files that may be left there. By<br />
default, files are cleaned every 30 minutes.
296<br />
Free space threshold Set the free space threshold of the working<br />
directory. F-<strong>Secure</strong> Content Scanner Server<br />
sends an alert to the administrator when the<br />
drive has less than the specified amount of<br />
space left.<br />
Max number of<br />
concurrent<br />
transactions<br />
Specify how many files F-<strong>Secure</strong> Content<br />
Scanner Server should process simultaneously.<br />
Max scan timeout Specify how long a scan task can be carried out<br />
be<strong>for</strong>e it is automatically cancelled.<br />
Number of spam<br />
scanner instances<br />
Specify the number of Spam Scanner instances<br />
to be created and used <strong>for</strong> spam analysis. As<br />
one instance of the spam scanner is capable of<br />
processing one mail message at a time, this<br />
setting defines how many messages will<br />
undergo spam analysis simultaneously. The<br />
default value is 3.<br />
You might need to modify this setting if you<br />
enable Realtime Blackhole Lists (DNSBL/ RBL)<br />
<strong>for</strong> spam filtering.<br />
The server must be restarted after this setting<br />
has been changed.<br />
IMPORTANT: Spam analysis is a<br />
processor-intensive operation and each spam<br />
scanner instance takes approximately 25MB of<br />
memory (process fsavsd.exe). Do not increase<br />
the number of instances unless the product is<br />
running on a powerful computer.
6.3.7 Interface<br />
CHAPTER 6 297<br />
Administration with Web Console<br />
You can specify how F-<strong>Secure</strong> Content Scanner Server should interact<br />
with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Agent <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
Figure 6-34 Interface settings<br />
Service connections<br />
IP address Specify the IP address that F-<strong>Secure</strong> Content<br />
Scanner Server listens to. If you do not assign<br />
any IP address (0.0.0.0), F-<strong>Secure</strong> Content<br />
Scanner Server responds to all connections.<br />
TCP port Specify the port number that F-<strong>Secure</strong> Content<br />
Scanner Server listens <strong>for</strong> incoming<br />
connections. By default, the port number is<br />
18971.
298<br />
Accept connections Specify the hosts that are allowed to connect to<br />
F-<strong>Secure</strong> Content Scanner Server. If you do not<br />
specify any clients, F-<strong>Secure</strong> Content Scanner<br />
Server accepts connections from all clients.<br />
Limit max connections<br />
to<br />
Limit max connections<br />
per host to<br />
Specify the maximum number of simultaneous<br />
connections that F-<strong>Secure</strong> Content Scanner<br />
Server accepts. If you do not want to limit the<br />
number of connections, set the value to 0.<br />
Specify the maximum number of simultaneous<br />
connections per client that F-<strong>Secure</strong> Content<br />
Scanner Server accepts. If you do not want to<br />
limit the number of connections per client, set<br />
the value to 0.<br />
Send content timeout Specify how long F-<strong>Secure</strong> Content Scanner<br />
Server tries to send data to a client be<strong>for</strong>e it<br />
stops sending it.<br />
Receive content<br />
timeout<br />
Specify how long F-<strong>Secure</strong> Content Scanner<br />
Server waits to receive data from a client be<strong>for</strong>e<br />
it stops listening.<br />
Keep alive timeout Specify how long F-<strong>Secure</strong> Content Scanner<br />
Server keeps an inactive connection open.<br />
6.4 F-<strong>Secure</strong> Automatic Update Agent Settings<br />
With F-<strong>Secure</strong> Automatic Update Agent, virus and spam definition<br />
database updates are retrieved automatically when they are published.<br />
When a new virus is found, F-<strong>Secure</strong> provides a new virus definition<br />
database update.
6.4.1 Summary<br />
Status Displays the current status of F-<strong>Secure</strong><br />
Automatic Update Agent.<br />
CHAPTER 6 299<br />
Administration with Web Console<br />
Version Displays the version number of F-<strong>Secure</strong><br />
Automatic Update Agent.<br />
Channel name Displays the channel from where the<br />
updates are downloaded.<br />
Channel address Displays the address of the Automatic<br />
Updates Server.<br />
Latest installed update Displays the version and name of the latest<br />
installed update.<br />
Last check time Displays the date and time when the last<br />
update check was done.<br />
Last check result Displays the result of the last update check.
300<br />
Downloads<br />
Next check time Displays the date and time <strong>for</strong> the next<br />
update check.<br />
Last successful check<br />
time<br />
Available Packages<br />
Displays the date and time when the last<br />
successful update check was done.<br />
Current HTTP proxy Displays the address of the HTTP proxy that<br />
is currently used.<br />
Current Policy Manager<br />
proxy<br />
Displays the address of the F-<strong>Secure</strong> Policy<br />
Manager proxy that is currently used.<br />
Title Displays the title of the downloaded package.<br />
Download time Displays the download date and time.<br />
Size Displays the size of the downloaded package.
Installed Packages<br />
6.4.2 Automatic Updates<br />
You can configure the Download options on the Downloads page.<br />
Updates<br />
CHAPTER 6 301<br />
Administration with Web Console<br />
TItle Displays the title of the downloaded package.<br />
Installation time Displays the date and time when the update was<br />
installed.<br />
Result Displays the installation status.<br />
Enable automatic<br />
updates<br />
Select whether automatic updates are<br />
enabled or disabled.
302<br />
HTTP Settings<br />
Internet connection<br />
checking<br />
Use ‘Detect connection’, unless you<br />
experience problems with that setting. The<br />
options available are:<br />
Assume always connected - Assume that<br />
the computer is always connected to the<br />
Internet.<br />
Detect connections - Detect when the<br />
computer is connected to the Internet.<br />
Detect traffic - Assume that there is an<br />
Internet connection when the product<br />
detects any traffic.<br />
Use HTTP proxy Select whether HTTP proxy should be used.<br />
No - HTTP proxy is not used.<br />
From browser settings - Use the same HTTP<br />
proxy settings as the web browser.<br />
User defined - Define the HTTP proxy.<br />
User defined proxy Define the HTTP proxy address.
6.4.3 PM Proxies<br />
CHAPTER 6 303<br />
Administration with Web Console<br />
Active Enable or disable the F-<strong>Secure</strong> Policy Manager<br />
Proxy.<br />
Address Specify the address of F-<strong>Secure</strong> Policy Manager<br />
Proxy.<br />
Server failover time Define (in hours) the failover time to connect to<br />
specified update servers.<br />
Server polling interval Define (in minutes) how often the product<br />
checks F-<strong>Secure</strong> Policy Manager Proxies <strong>for</strong><br />
new updates.<br />
Allow fetching<br />
updates from<br />
F-<strong>Secure</strong> Update<br />
Server<br />
Enable the product to download virus definition<br />
updates from F-<strong>Secure</strong> Update Server when it<br />
cannot connect to specified update servers.
304<br />
6.5 F-<strong>Secure</strong> Management Agent Settings<br />
F-<strong>Secure</strong> Management Agent en<strong>for</strong>ces the security policies set by the<br />
administrator. It handles all management functions on the local<br />
workstations and provides a common interface <strong>for</strong> all F-<strong>Secure</strong><br />
applications. and operates within the policy-based management<br />
infrastructure.<br />
You can access F-<strong>Secure</strong> Management Agent settings from F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console Home page by clicking<br />
the Configure... button in the F-<strong>Secure</strong> Management Agent section.<br />
Note that you may have to scroll the page to view all the settings.
Figure 6-35 F-<strong>Secure</strong> Management Agent Configuration page<br />
Status<br />
CHAPTER 6 305<br />
Administration with Web Console<br />
The Status section displays detailed in<strong>for</strong>mation on the host, <strong>for</strong><br />
example the DNS and WINS names and the IP address. In addition, it<br />
displays the date and time when the policy file that is currently in use<br />
was issued and the date and time when the host connected to the<br />
server last time.
306<br />
Communication method<br />
F-<strong>Secure</strong> Policy Manager<br />
Server<br />
Network communication<br />
directory<br />
If you use F-<strong>Secure</strong> Policy Manager Server,<br />
specify the URL of F-<strong>Secure</strong> Policy Manager<br />
Server. Do not add a slash at the end of the<br />
URL.<br />
For example: “http://fsms.example.com”.<br />
If you use the network communication<br />
directory, Specify the path to the<br />
Communication directory hierarchy. This<br />
must be specified as a UNC path (<strong>for</strong><br />
example, \\server\commdir). Do not use<br />
mapped drive letters (<strong>for</strong> example,<br />
S:\commdir).<br />
User account - The user account that is used<br />
<strong>for</strong> accessing the shared directory.<br />
Password - The password of the account<br />
that is used <strong>for</strong> accessing the shared<br />
directory.<br />
Stand-alone Select Stand-alone if you have use F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Exchange</strong> Web Console to<br />
administer the product.<br />
Advanced<br />
Maximum size of<br />
F-<strong>Secure</strong> log file<br />
Specify the maximum size <strong>for</strong> F-<strong>Secure</strong> log<br />
file. The default value is 5000 KB.
7<br />
QUARANTINE<br />
MANAGEMENT<br />
Introduction............................................................................... 308<br />
Configuring Quarantine Options............................................... 309<br />
Searching the Quarantined Content......................................... 310<br />
Query Results Page ................................................................. 314<br />
Viewing Details of a Quarantined Message.............................. 316<br />
Reprocessing the Quarantined Content ................................... 318<br />
Releasing the Quarantined Content ......................................... 319<br />
Removing the Quarantined Content......................................... 321<br />
Deleting Old Quarantined Content Automatically..................... 321<br />
Quarantine Logging.................................................................. 322<br />
Quarantine Statistics ................................................................ 323<br />
Moving the Quarantine Storage................................................ 324<br />
307
308<br />
7.1 Introduction<br />
You can manage and search quarantined mails with the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console. You can search <strong>for</strong><br />
quarantined content by using different search criteria, including the<br />
quarantine ID, recipient and sender address, the time period during which<br />
the message was quarantined, and so on. You can reprocess and delete<br />
messages, and specify storage and automatic deletion times based on<br />
the reason <strong>for</strong> quarantining the message.<br />
If you have multiple F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
installations, you can manage the quarantined content on all of them from<br />
one single F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console. For<br />
more in<strong>for</strong>mation, see “Per<strong>for</strong>mance-Critical Installation”, 28 and<br />
“<strong>Microsoft</strong> <strong>Exchange</strong> Cluster Environment”, 30.<br />
The quarantine consists of:<br />
Quarantine database<br />
Quarantine storage.<br />
Quarantine Database<br />
The quarantine database contains in<strong>for</strong>mation about the quarantined<br />
messages. If there are several F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> installations in the network, they can either have their own<br />
quarantine databases, or they can use a common quarantine database.<br />
An SQL database server is required <strong>for</strong> the quarantine database.<br />
The following SQL databases can be used <strong>for</strong> storing in<strong>for</strong>mation about<br />
the quarantined content:<br />
<strong>Microsoft</strong> SQL Server 2000 Desktop Engine (MSDE)<br />
<strong>Microsoft</strong> SQL Server 2000<br />
<strong>Microsoft</strong> SQL Server 2005<br />
MSDE is delivered together with the product. If you want to use another<br />
database (<strong>Microsoft</strong> SQL Server 2000), you must buy it and get your own<br />
license be<strong>for</strong>e you start to deploy F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>.
For more in<strong>for</strong>mation on the SQL servers recommended <strong>for</strong> different<br />
environments, see “Which SQL Server to Use <strong>for</strong> the Quarantine<br />
Database?”, 35.<br />
Quarantine Storage<br />
CHAPTER 7 309<br />
Quarantine Management<br />
The quarantine storage where the quarantined messages are stored is<br />
located on the server where F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
is installed. If there are several F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> installations in the network, they all have their own storages.<br />
The storages are accessible from a single F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console.<br />
Quarantine Reasons<br />
The quarantine storage can store:<br />
Messages and attachments that are infected and cannot be<br />
automatically disinfected. (Infected)<br />
Suspicious content, <strong>for</strong> example password-protected archives,<br />
nested archives and mal<strong>for</strong>med messages. (Suspicious)<br />
Messages and attachments that have been blocked by their<br />
filename or filename extension. (Disallowed)<br />
Messages that are considered spam. (Spam)<br />
Files that could not be scanned, <strong>for</strong> example severely corrupted<br />
files. (Scan failure)<br />
Messages that have been identified as unsafe; messages that<br />
contain patterns that can be assumed to be a part of a spam or<br />
virus outbreak. (Unsafe)<br />
7.2 Configuring Quarantine Options<br />
In stand-alone installations, all the quarantine settings can be configured<br />
on the Quarantine page in F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Web Console. For more in<strong>for</strong>mation on the settings, see “Quarantine”,<br />
257.
310<br />
In centrally managed installations, the quarantine settings are configured<br />
with F-secure Policy Manager in the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> / Settings / Quarantine branch. For more in<strong>for</strong>mation, see<br />
“Quarantine”, 178.<br />
The actual quarantine management is done through F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console.<br />
7.3 Searching the Quarantined Content<br />
You can search the quarantined content on the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> > Quarantine page in the Web Console.<br />
Figure 7-1 Quarantine query options
You can use the following search criteria:<br />
CHAPTER 7 311<br />
Quarantine Management<br />
Quarantine ID Enter the quarantine ID of a quarantined<br />
message. The quarantine ID is displayed in the<br />
notification sent to the user about the<br />
quarantined message.<br />
Object type Select the type of the quarantined content.<br />
Attachment - Search <strong>for</strong> quarantined<br />
attachments. You can also specify the Name of<br />
the attachment and the Location of the mailbox<br />
or public folder where the quarantined<br />
attachment was found.<br />
Mail - Search <strong>for</strong> quarantined mails. You can<br />
also specify the Message ID and the Sender<br />
host of the quarantined mail.<br />
Mails and attachments - Search <strong>for</strong> both<br />
quarantined mails and attachments.<br />
Reason Select the quarantining reason from the<br />
drop-down menu. For more in<strong>for</strong>mation, see<br />
“Quarantine Reasons”, 309.<br />
Reason details Specify details about the scanning or processing<br />
results that caused the message to be<br />
quarantined. For Example:<br />
The message is classified as spam - the field<br />
displays the spam confidence level rating and a<br />
list of spam tests that triggered the spam level.<br />
The message is infected - the field displays the<br />
name of the infection found.<br />
Sender Enter the e-mail sender address. You can only<br />
search <strong>for</strong> one address at a time, but you can<br />
widen the search by using the wildcards.
312<br />
Recipients Enter the e-mail recipient address.<br />
Subject Enter the message subject to be used as search<br />
criteria.<br />
Show only You can use this option to view the current<br />
status of messages that you have set to be<br />
reprocessed, released or deleted. Because<br />
processing a large number of e-mails may take<br />
time, you can use this option to monitor how the<br />
operation is progressing.<br />
The options available are:<br />
Unprocessed e-mails - Displays only e-mails<br />
that the administrator has not set to be released,<br />
reprocessed or deleted.<br />
E-mails to be released - Displays only e-mails<br />
that are currently set to be released, but have<br />
not been released yet.<br />
E-mails to be reprocessed - Displays only<br />
e-mails that are currently set to be reprocessed,<br />
but have not been reprocessed yet.<br />
E-mails to be reprocessed and released -<br />
Displays e-mails that are currently set to be<br />
reprocessed or released, but have not been<br />
reprocessed or released yet.
Click Query to start the search. The Quarantine Query Results page is<br />
displayed once the query is completed.<br />
If you want to clear all the fields on the Query page, click Reset.<br />
Using Wildcards<br />
You can use the following SQL wildcards in the quarantine queries:<br />
CHAPTER 7 313<br />
Quarantine Management<br />
Search period Select the time period when the data has been<br />
quarantined. Select Exact start and end dates to<br />
specify the date and time (year, month, day,<br />
hour, minute) when the data has been<br />
quarantined.<br />
Sort Results Specify how the search results are sorted by<br />
selecting one of the options in the Sort Results<br />
by: drop-down menu: based on Date, Sender,<br />
Recipients, Subject or Reason.<br />
Display Select how many items you want to view per<br />
page.<br />
Wildcard Explanation<br />
% Any string of zero or more characters.<br />
_ (underscore) Any single character.<br />
[ ] Any single character within the specified<br />
range ([a-f]) or set ([abcdef]).<br />
[^] Any single character not within the specified<br />
range ([^a-f]) or set ([^abcdef]).<br />
If you want to search <strong>for</strong> '%', '_' and '[' as regular symbols in one of<br />
the fields, you must enclose them into square brackets: '[%]', '[_]',<br />
'[[]'
314<br />
7.4 Query Results Page<br />
Figure 7-2 Quarantine Query Results Page<br />
The Quarantine Query Results page displays a list of mails and<br />
attachments that were found in the query. To view detailed in<strong>for</strong>mation<br />
about a quarantined content, click the Quarantine ID (QID) number link in<br />
the QID column. For more in<strong>for</strong>mation, see “Viewing Details of a<br />
Quarantined Message”, 316.<br />
The Query Results page displays status icons of the content that was<br />
found in the search:<br />
Icon E-mail status<br />
Quarantined e-mail. The administrator has not specified any<br />
actions to be taken on this e-mail.<br />
Quarantined e-mail with attachments. The administrator has<br />
not specified any actions to be taken on this e-mail.<br />
Quarantined e-mail that the administrator has set to be<br />
released. The release operation has not been completed yet.
Icon E-mail status<br />
Quarantined e-mail that the administrator has set to be<br />
reprocessed. The reprocessing operation has not been<br />
completed yet.<br />
Quarantined e-mail that the administrator has set to be<br />
deleted. The deletion operation has not been completed yet.<br />
Quarantined e-mail set to be released, which failed.<br />
Quarantined e-mail set to be reprocessed, which failed.<br />
Quarantined Mail Operations<br />
CHAPTER 7 315<br />
Quarantine Management<br />
You can select an operation to per<strong>for</strong>m on the messages that were found<br />
in the query:<br />
Click Reprocess to scan the currently selected e-mail again, or<br />
click Reprocess All to scan all e-mail messages that were found.<br />
For more in<strong>for</strong>mation, see “Reprocessing the Quarantined<br />
Content”, 318.<br />
Click Release to deliver the currently selected e-mail without<br />
further processing, or click Release All to deliver all e-mail<br />
messages that were found. For more in<strong>for</strong>mation, see “Releasing<br />
the Quarantined Content”, 319.<br />
WARNING: Releasing quarantined content entails a<br />
security risk, because the content is delivered to the<br />
recipient without being scanned.<br />
Click Delete to delete the currently selected e-mail from the<br />
quarantine, or click Delete All to delete all e-mail messages that<br />
were found. For more in<strong>for</strong>mation, see “Removing the<br />
Quarantined Content”, 321.
316<br />
Quarantined Attachment Operations<br />
You can select an operation to per<strong>for</strong>m on the attachments that were<br />
found in the query:<br />
Click Send to deliver the currently selected attachment without<br />
further processing, or click Send All to deliver all attachments<br />
that were found. For more in<strong>for</strong>mation, see “Releasing the<br />
Quarantined Content”, 319.<br />
WARNING: Releasing quarantined content entails a<br />
security risk, because the content is delivered to the<br />
recipient without being scanned.<br />
Click Delete to delete the currently selected e-mail from the<br />
quarantine, or click Delete All to delete all e-mail messages that<br />
were found. For more in<strong>for</strong>mation, see “Removing the<br />
Quarantined Content”, 321.<br />
7.5 Viewing Details of a Quarantined Message<br />
To view the details of a quarantined message, do the following:<br />
1. On the Query Search Results page, click the Quarantine ID (QID)<br />
number link in the QID column.<br />
2. The Quarantined Content Details page opens.
Figure 7-3 Quarantined Content Details page<br />
The Quarantined Content Details page displays the following<br />
in<strong>for</strong>mation about the quarantined mails:<br />
QID - Quarantine ID.<br />
CHAPTER 7 317<br />
Quarantine Management<br />
Submit date - The date and time when the item was placed in the<br />
quarantine.<br />
Processing server - The F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> server that processed the message.<br />
Sender - The address of the message sender.<br />
Recipients - The addresses of all the message recipients.<br />
Sender host - The address of the sender mail server or client.<br />
Subject - The message subject.<br />
Message size - The size of the quarantined message.<br />
Quarantine reason - The reason why the content was<br />
quarantined.<br />
Click the Show... link to access the content of the quarantined message.
318<br />
Click Download to download the quarantined message to your computer<br />
to check it.<br />
WARNING: In many countries, it is illegal to read other<br />
people’s messages.<br />
The Quarantined Content Details page displays the following<br />
in<strong>for</strong>mation about the quarantined attachments:<br />
QID - Quarantine ID.<br />
Submit date - The date and time when the item was placed in the<br />
quarantine.<br />
Sender - The address of the attachment sender.<br />
Recipients - The addresses of all the attachment recipients.<br />
Location - The location of the mailbox or public folder where the<br />
quarantined attachment was found.<br />
Subject - The message subject.<br />
Attachment name - The name of the attachment.<br />
Attachment size - The size of the attachment file.<br />
Quarantine reason - The reason why the content was<br />
quarantined.<br />
Click Download to download the quarantined attachment to your<br />
computer to check it.<br />
WARNING: In many countries, it is illegal to read other<br />
people’s messages.<br />
7.6 Reprocessing the Quarantined Content<br />
When quarantined content is reprocessed, it is scanned again, and if it is<br />
found clean, it is sent to the intended recipients.<br />
For example, if some content was placed in the quarantine because of an<br />
error situation, you can use the time period when the error occurred as<br />
search criteria, and then reprocess the content. This is done as follows:
CHAPTER 7 319<br />
Quarantine Management<br />
1. Select the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> tab and the<br />
Quarantine page.<br />
2. Select the start and end dates and times of the quarantining period<br />
from the Start time: and End Time: drop-down menus.<br />
3. If you want to specify how the search results are sorted, select the<br />
sorting criteria and order from the Sort results by: and order:<br />
drop-down menus.<br />
4. Select the number of items to be displayed on a results page from the<br />
Display: drop-down menu.<br />
5. Click the Query button.<br />
6. When the query is finished, the query results page is displayed. Click<br />
the Reprocess All button to reprocess the displayed quarantined<br />
content.<br />
7. The e-mails that have been reprocessed and found clean are<br />
delivered to the intended recipients. They are also automatically<br />
deleted from the quarantine. The progress of the reprocessing<br />
operation is displayed in the Web Console.<br />
7.7 Releasing the Quarantined Content<br />
When quarantined content is released, it is sent to the intended recipients<br />
without any further processing. You might need to do this, <strong>for</strong> example, to<br />
deliver a password-protected archive from the quarantine to the recipient.<br />
In the example below the quarantined message is searched <strong>for</strong> by using<br />
the Quarantine ID as the search criteria. The Quarantine ID is included in<br />
the notification message delivered to the user.<br />
WARNING: Releasing quarantined content entails a security<br />
risk, because the content is delivered to the recipient without<br />
being scanned.<br />
If you need to release a quarantined message, it is done as follows:
320<br />
1. Select the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> tab and the<br />
Quarantine page.<br />
2. Enter the Quarantine ID of the message in the Quarantine ID field.<br />
3. Click Query.<br />
4. When the query is finished, the query results page is displayed. Click<br />
the Release button to release the displayed quarantined content. The<br />
Release Quarantined Content dialog opens.<br />
5. Specify whether you want to release the content to the original<br />
recipient or specify an address where the content is to be <strong>for</strong>warded.<br />
It may not be legal to <strong>for</strong>ward the e-mail to anybody else than<br />
the original recipient.<br />
6. Specify what happens to the quarantined content after it has been<br />
released by selecting one of the Action after release options:<br />
Leave in the quarantine<br />
Delete from quarantine<br />
7. Click Release. The content is now delivered to the recipient.
7.8 Removing the Quarantined Content<br />
CHAPTER 7 321<br />
Quarantine Management<br />
Quarantined messages are removed from the quarantine based on the<br />
currently configured quarantine retention and cleanup settings. For an<br />
example on how to configure those settings, see “Deleting Old<br />
Quarantined Content Automatically”, 321.<br />
If you want to remove a large amount of quarantined messages at once,<br />
<strong>for</strong> example all the messages that have been categorized as spam, do the<br />
following:<br />
1. Select the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> tab and the<br />
Quarantine page in the Web Console.<br />
2. Select the quarantining reason, Spam, from the Reason: drop-down<br />
menu.<br />
3. Click Query.<br />
4. When the query is finished, the query results page is displays all<br />
quarantined messages that have been classified as spam. Click the<br />
Delete All button to delete all the displayed quarantined content.<br />
5. You are prompted to confirm the deletion. Click OK. The content is<br />
now removed from the quarantine.<br />
7.9 Deleting Old Quarantined Content Automatically<br />
Quarantined content is deleted automatically based on the Quarantine<br />
Retention and Cleanup settings on the Quarantine > Options page. By<br />
default all types of quarantined content are stored in quarantine <strong>for</strong> one<br />
month, and quarantine clean-up task is executed once an hour.<br />
You can specify exceptions to the default retention and clean-up times in<br />
the Exceptions table. These exceptions are based on the quarantine<br />
category. If you want, <strong>for</strong> example, to have infected messages deleted<br />
sooner, you can specify an exception rule <strong>for</strong> them as follows:<br />
1. Go to the Quarantine > Options page.<br />
2. Click the Add button below the Exceptions table. A new row is added<br />
in the table.
322<br />
3. Select the category <strong>for</strong> which you want to specify the exception, <strong>for</strong><br />
example Infected, from the Quarantine Category drop-down menu.<br />
4. Specify a retention period that is shorter than the default value, <strong>for</strong><br />
example 1 day, in the Retention Period column.<br />
5. Specify a cleanup interval that is shorter than the default value, <strong>for</strong><br />
example 30 minutes, in the Cleanup Interval column.<br />
6. Enable the exception you just created by selecting the Enabled check<br />
box.<br />
7. Click Apply.<br />
7.10 Quarantine Logging<br />
To view the Quarantine Log, open the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> tab in the Web Console, and go to the Quarantine page. Then<br />
click the Show Log File button.
7.11 Quarantine Statistics<br />
CHAPTER 7 323<br />
Quarantine Management<br />
The Quarantine statistics page displays the number of quarantined items<br />
in each quarantine category, and the total size of the quarantine.<br />
Figure 7-4 Quarantine > Statistics page<br />
E-mail messages and infected, suspicious and disallowed<br />
attachments are stored and counted as separate items in the<br />
quarantine storage. For example, if a message has three<br />
attachments and only one of them has been found infected, two<br />
items will be created in the quarantine storage. These items still<br />
have the same quarantine ID in the quarantine database.
324<br />
7.12 Moving the Quarantine Storage<br />
When you want to change the Quarantine storage location either using<br />
the F-<strong>Secure</strong> Policy Manager Console or F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web Console, note that the product does not create<br />
the new directory automatically. Be<strong>for</strong>e you change the Quarantine<br />
storage directory, make sure that the directory exists and it has proper<br />
security permissions.<br />
You can use the xcopy command to create and change the Quarantine<br />
storage directory by copying the existing directory with the current<br />
ownership and ACL in<strong>for</strong>mation. In the following example, the Quarantine<br />
storage is moved from C:\Program Files\F-<strong>Secure</strong>\Quarantine<br />
Manager\quarantine to D:\Quarantine:<br />
1. Stop F-<strong>Secure</strong> Quarantine Manager service to prevent any<br />
quarantine operations while you move the location of the Quarantine<br />
storage. Run the following command from the command prompt:<br />
net stop "F-<strong>Secure</strong> Quarantine Manager"<br />
2. Run the following command from the command prompt to copy the<br />
current content to the new location:<br />
xcopy "C:\Program Files\F-<strong>Secure</strong>\Quarantine<br />
Manager\quarantine" D:\Quarantine\ /O /X /E<br />
Note the use of backslashes in the source and destination directory<br />
paths.<br />
3. Change the path <strong>for</strong> FSMSEQS$ shared folder. If the product is<br />
installed in the local quarantine management made, you can skip this<br />
step.
CHAPTER 7 325<br />
Quarantine Management<br />
To change the FSMSEQS$ path, follow these steps:<br />
a. Open Windows Control Panel > Administrative Tools > Computer<br />
Management.<br />
b. Open System Tools > Shared Folders > Shares. and find<br />
FSMSEQS$ there.<br />
c. Right-click FSMSEQS$ and select Stop Sharing. Confirm that you<br />
want to stop sharing FSMSEQS$.<br />
d. Right-click FSMSEQS$ again and select New Share.<br />
e. Follow Share a Folder Wizard instructions to create FSMSEQS$<br />
shared folder.<br />
i. Specify the new directory (in this example, D:\Quarantine) as<br />
the folder path, FSMSEQS$ as the share name and F-<strong>Secure</strong><br />
Quarantine Storage as the description.<br />
ii. On the Permissions page, select Administrators have full<br />
access; other users have read-only access. Note that the<br />
Quarantine storage has file/directory security permissions set<br />
only <strong>for</strong> the SYSTEM and Administrators group.<br />
f. Click Finish.<br />
4. Change the location of the Quarantine storage from the F-<strong>Secure</strong><br />
Policy Manager Console (F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Exchange</strong>/Settings/<br />
Quarantine/Quarantine Storage) or F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console (<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> ><br />
Quarantine > Options > Quarantine Storage).<br />
5. Make sure that the product has received new settings.<br />
6. Restart F-<strong>Secure</strong> Quarantine Manager service. Run the following<br />
command from the command prompt:<br />
net start "F-<strong>Secure</strong> Quarantine Manager"<br />
For more in<strong>for</strong>mation about the xcopy command and options, refer<br />
to MS Windows Help and Support.
8<br />
ADMINISTERING<br />
F-SECURE SPAM<br />
CONTROL<br />
Overview................................................................................... 327<br />
Spam Control Settings in Centrally Managed Environments.... 328<br />
Spam Control Settings in Web Console ................................... 331<br />
Realtime Blackhole List Configuration...................................... 336<br />
326
8.1 Overview<br />
CHAPTER 8 327<br />
Administering F-<strong>Secure</strong> Spam Control<br />
When F-<strong>Secure</strong> Spam Control is enabled, incoming messages that are<br />
considered spam are marked automatically by adding an X-header with<br />
the spam flag or predefined text in the message header. The end users<br />
can then create filtering rules that direct the messages marked with the<br />
spam flag header into a junk mail folder.<br />
F-<strong>Secure</strong> Spam Control databases can be updated with F-<strong>Secure</strong><br />
Automatic Update Agent. In order to update the databases, F-<strong>Secure</strong><br />
Automatic Update Agent must be installed on the same computer as<br />
F-<strong>Secure</strong> Spam Control. Database updates are digitally signed <strong>for</strong><br />
maximum security, and you can use only these updates <strong>for</strong> updating the<br />
F-<strong>Secure</strong> Spam Control spam definition databases.<br />
F-<strong>Secure</strong> Spam Control databases are needed <strong>for</strong> the heuristic<br />
spam scanning only.<br />
In <strong>Microsoft</strong> <strong>Exchange</strong> 2003 environment, the <strong>Microsoft</strong> <strong>Exchange</strong> server<br />
can move messages to the Junk mail folder based on the spam<br />
confidence level value. This feature is available immediately after the<br />
product has been installed, if the end user has activated this functionality.<br />
For more in<strong>for</strong>mation about how to configure this functionality at the end<br />
user’s computer, see the <strong>Microsoft</strong> Outlook 2003 or <strong>Microsoft</strong> Outlook<br />
Web Access online help.
328<br />
8.2 Spam Control Settings in Centrally Managed<br />
Environments<br />
Change the settings in F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>/<br />
Settings / Real-time Processing / Spam Control to configure how<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> scans incoming mail <strong>for</strong><br />
spam.<br />
These settings are used only if F-<strong>Secure</strong> Spam Control is installed with<br />
the product. Otherwise they will be ignored.<br />
Figure 8-1 Spam Control settings in a centrally managed environment<br />
Spam filtering Specify whether inbound mails should be<br />
scanned <strong>for</strong> spam.<br />
Heuristic Spam<br />
Analysis<br />
Realtime Blackhole List (RBL) spam filtering is<br />
not enabled by default even if you enable spam<br />
filtering from the settings. For in<strong>for</strong>mation on<br />
configuring Realtime Blackhole Lists, see<br />
“Realtime Blackhole List Configuration”, 336.<br />
Specify whether heuristic spam analysis is used<br />
to filter inbound mails <strong>for</strong> spam.
CHAPTER 8 329<br />
Administering F-<strong>Secure</strong> Spam Control<br />
When the heuristic spam analysis is enabled, all<br />
messages that the threat detection engine does<br />
not classify as spam are further analyzed <strong>for</strong><br />
spam.<br />
When the heuristic spam analysis is disabled,<br />
only the threat detection engine scans inbound<br />
mails <strong>for</strong> spam.<br />
Heuristic spam analysis slows down the<br />
per<strong>for</strong>mance but improves the spam detection<br />
rate.<br />
Spam filtering level Specify the spam filtering level. Decreasing the<br />
level allows less spam to pass, but more regular<br />
mails may be falsely identified as spam.<br />
Increasing the level allows more spam to pass,<br />
but a smaller number of regular e-mail messages<br />
are falsely identified as spam.<br />
Action on Spam<br />
Message<br />
For example, if the spam filtering level is set to 3,<br />
more spam is filtered, but also more regular<br />
mails may be falsely identified as spam. If the<br />
spam filtering level is set to 7, more spam may<br />
pass undetected, but a smaller number of<br />
regular mails will be falsely identified as spam.<br />
The allowed values are from 1 to 9.<br />
Specify the action to take with a message<br />
considered spam.<br />
Pass through - The product allows the message<br />
to pass through.<br />
Quarantine - The product places the message<br />
into the quarantine folder.<br />
Drop - The message is deleted.
330<br />
Add X-Header with<br />
Spam flag<br />
Add X-Header with<br />
summary<br />
Specifies if the spam flag will be added to the<br />
mail as a X-Spam-Flag header in the following<br />
<strong>for</strong>mat:<br />
X-Spam-Flag: <br />
where is either "YES" or "NO".<br />
YES - the mail is considered spam.<br />
NO - the mail is not considered spam.<br />
Example: X-Spam-Flag: YES<br />
Specify if the summary of triggered hits will be<br />
added to the mail as X-Spam-Status header in<br />
the following <strong>for</strong>mat:<br />
X-Spam-Status: , hits=<br />
required= tests=<br />
where<br />
is Yes or No,<br />
is the spam confidence rating<br />
returned by the spam scanner,<br />
is the current spam filtering level,<br />
is the comma-separated list of<br />
tests run against the mail.<br />
Example:<br />
X-Spam-Status: Yes, hits=8 required=5<br />
tests=DATE_IN_FUTURE_03_06,DATE_SPAMWAR<br />
E_Y2K,FORGED_MUA_THEBAT_BOUN,MISSING_MI<br />
MEOLE,MISSING_OUTLOOK_NAME
Modify spam message<br />
subject<br />
Add this text to spam<br />
message subject<br />
8.3 Spam Control Settings in Web Console<br />
CHAPTER 8 331<br />
Administering F-<strong>Secure</strong> Spam Control<br />
Specify if the product modifies the subject of mail<br />
messages considered spam.<br />
Specifies the text that will be added in the<br />
beginning of the subject of an e-mail considered<br />
spam.<br />
Max message size Specify the maximum size of mail messages to<br />
be scanned <strong>for</strong> spam. If the size of a mail<br />
message exceeds the specified maximum size,<br />
spam filtering <strong>for</strong> this mail will be omitted.<br />
Since all spam messages are relatively small in size, it is<br />
recommended to use the default value.<br />
You can configure the spam control settings on the Spam Control page of<br />
the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console. These<br />
settings are used only if F-<strong>Secure</strong> Spam Control is installed with the<br />
product, otherwise they are be ignored.
332<br />
Figure 8-2 Spam Control settings in a locally managed environment<br />
Check messages <strong>for</strong><br />
spam<br />
Enable heuristic<br />
spam analysis<br />
Specify whether inbound mails should be<br />
scanned <strong>for</strong> spam.<br />
Realtime Blackhole List (RBL) spam filtering is<br />
not enabled by default even if you enable spam<br />
filtering from the settings. For in<strong>for</strong>mation on<br />
configuring Realtime Blackhole Lists, see<br />
“Realtime Blackhole List Configuration”, 336.<br />
Specify whether heuristic spam analysis is used<br />
to filter inbound mails <strong>for</strong> spam.<br />
When the heuristic spam analysis is enabled, all<br />
messages that the threat detection engine does<br />
not classify as spam are further analyzed <strong>for</strong><br />
spam.
CHAPTER 8 333<br />
Administering F-<strong>Secure</strong> Spam Control<br />
When the heuristic spam analysis is disabled,<br />
only the threat detection engine scans inbound<br />
mails <strong>for</strong> spam.<br />
Heuristic spam analysis slows down the<br />
per<strong>for</strong>mance but improves the spam detection<br />
rate.<br />
Spam filtering level Specify the spam filtering level. Decreasing the<br />
level allows less spam to pass, but more regular<br />
mails may be falsely identified as spam.<br />
Increasing the level allows more spam to pass,<br />
but a smaller number of regular e-mail<br />
messages are falsely identified as spam.<br />
Action on spam<br />
message<br />
For example, if the spam filtering level is set to 3,<br />
more spam is filtered, but also more regular<br />
mails may be falsely identified as spam. If the<br />
spam filtering level is set to 7, more spam will<br />
pass undetected, but a smaller number of<br />
regular mails will be falsely identified as spam.<br />
The allowed values are from 1 to 9.<br />
The spam levels are determined by calculating<br />
points <strong>for</strong> each e-mail. The spam scanning<br />
involves a large number of different rules, which<br />
give each e-mail different points depending on<br />
the mail content and header in<strong>for</strong>mation. These<br />
points are then calculated to a number between<br />
1 and 9, which defines the likelihood of the<br />
message being spam.<br />
Specify the action to take with a message<br />
considered spam.<br />
Let message pass through - The product allows<br />
the message to pass through.<br />
Quarantine message - The product places the<br />
message into the quarantine folder.
334<br />
Add X-Header with<br />
Spam flag<br />
Add X-Header with<br />
summary<br />
Drop message - The message is deleted.<br />
Specifies if the spam flag will be added to the<br />
mail as a X-Spam-Flag header in the following<br />
<strong>for</strong>mat:<br />
X-Spam-Flag: <br />
where is either "YES" or "NO".<br />
YES - the mail is considered spam.<br />
NO - the mail is not considered spam.<br />
Example: X-Spam-Flag: YES<br />
Specify if the summary of triggered hits will be<br />
added to the mail as X-Spam-Status header in<br />
the following <strong>for</strong>mat:<br />
X-Spam-Status: , hits=<br />
required= tests=<br />
where<br />
is Yes or No,<br />
is the spam confidence rating<br />
returned by the spam scanner,<br />
is the current spam filtering level,<br />
is the comma-separated list of<br />
tests run against the mail.
Add this text to spam<br />
message subject<br />
Maximum message<br />
size to process <strong>for</strong><br />
spam<br />
CHAPTER 8 335<br />
Administering F-<strong>Secure</strong> Spam Control<br />
Example: X-Spam-Status: Yes, hits=8<br />
required=5 tests=DATE_IN_FUTURE_03_06,<br />
DATE_SPAMWARE_Y2K,FORGED_MUA_THEBAT_BOUN,<br />
MISSING_MIMEOLE,MISSING_OUTLOOK_NAME<br />
Specify the text that will be added in the<br />
beginning of the subject of an e-mail considered<br />
spam.<br />
Specify the maximum size of mail messages to<br />
be scanned <strong>for</strong> spam. If the size of a mail<br />
message exceeds the specified maximum size,<br />
spam filtering <strong>for</strong> this mail will be omitted.<br />
Since all spam messages are relatively small in<br />
size, it is recommended to use the default value.
336<br />
8.4 Realtime Blackhole List Configuration<br />
This section describes how to enable and disable Realtime Blackhole<br />
Lists, how to optimize F-<strong>Secure</strong> Spam Control per<strong>for</strong>mance, and how to<br />
specify blocked and safe recipients and senders by using black- and<br />
whitelisting.<br />
8.4.1 Enabling Realtime Blackhole Lists<br />
The product supports DNS Blackhole List (DNSBL), also known as<br />
Realtime Blackhole List (RBL), functionality in spam filtering. The<br />
functionality is disabled by default.<br />
To enable DNSBL/RBL:<br />
1. Make sure you have a working DNS server configured in Windows<br />
Server networking. The primary DNS server should be configured to<br />
allow recursive DNS queries. DNS protocol is used to make the<br />
DNSBL/RBL queries.<br />
2. Make sure you do not have a firewall preventing DNS access from<br />
the host where F-<strong>Secure</strong> Spam Control is running.<br />
3. Test the DNS functionality by running the nslookup command at<br />
<strong>Microsoft</strong> Windows command prompt on the host running F-<strong>Secure</strong><br />
Spam Control.<br />
An example:<br />
C:\>nslookup 2.0.0.127.sbl-xbl.spamhaus.org.<br />
Server: <br />
Non-authoritative answer:<br />
Name: 2.0.0.127.sbl-xbl.spamhaus.org<br />
Addresses: 127.0.0.2, 127.0.0.4, 127.0.0.6<br />
4. If the test is successful, continue with these instructions. If the test is<br />
not successful, you should double-check your DNS and firewall<br />
configuration.
CHAPTER 8 337<br />
Administering F-<strong>Secure</strong> Spam Control<br />
5. Find the sample configuration file fssc_example.cfg in F-<strong>Secure</strong><br />
Spam Control installation directory:<br />
\Spam Control\fssc_example.cfg<br />
6. Copy the file to the same directory with the name fssc.cfg<br />
7. Open fssc.cfg in a text editor (like Windows Notepad).<br />
8. The configuration file has instructions inside. For typical use, you can<br />
leave the settings like they are. However, it is recommended to<br />
configure at least the trusted_networks setting to identify the public<br />
IP address(es) of your network. For more in<strong>for</strong>mation, see the<br />
instructions in fssc_example.cfg.<br />
9. When the configuration file is ready, restart F-<strong>Secure</strong> Content<br />
Scanner Server through F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Web Console.<br />
To verify that DNSBL/RBL is working correctly:<br />
1. If DNSBL/RBL is operating correctly, you should see this kind of<br />
headers in messages classified as spam:<br />
X-Spam-Status: YES, database-version=2005-04-06_1 hits=9<br />
required=5 tests=RCVD_IN_DSBL, RCVD_IN_NJABL_PROXY,<br />
RCVD_IN_SORBS_DUL<br />
Tests like RCVD_IN_DSBL, RCVD_IN_NJABL, RCVD_IN_SORBS,<br />
RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DSBL, RCVD_IN_XBL indicate that<br />
DNSBL/RBL was successfully used to classify the mail.<br />
2. If DNS functionality is not operating correctly, you may see a<br />
significant decrease in the product throughput. In that case, disable<br />
the DNSBL/RBL functionality by changing the dns_available setting<br />
in fssc.cfg to:<br />
dns_available no<br />
and restarting F-<strong>Secure</strong> Content Scanner Server through F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console.<br />
You can <strong>for</strong>ce F-<strong>Secure</strong> Spam Control to use a specific DNS server (not<br />
necessarily configured in <strong>Microsoft</strong> Windows networking) by adding a new<br />
system environment variable as described in the instructions below.<br />
However, this should be needed only in troubleshooting situations.<br />
Normally it is best to use the Windows networking settings.
338<br />
To <strong>for</strong>ce F-<strong>Secure</strong> Spam Control to use a specific DNS server, do the<br />
following:<br />
1. Right-click the My Computer icon and select Properties.<br />
2. Select Advanced and click the Environment Variables.. button.<br />
3. In the System variables panel click New...<br />
4. In the New System Variable dialog specify the new variable as<br />
follows:<br />
Variable Name: RES_NAMESERVERS<br />
Variable Value: <br />
5. Click OK.<br />
6. Restart the computer to take the new system environment variable<br />
into use.<br />
8.4.2 Optimizing F-<strong>Secure</strong> Spam Control Per<strong>for</strong>mance<br />
Due to the nature of DNSBL/RBL, processing time <strong>for</strong> each mail<br />
increases when DNS queries are made. If needed, the per<strong>for</strong>mance can<br />
be improved by increasing the number of mails being processed<br />
concurrently by F-<strong>Secure</strong> Spam Control.<br />
By default, the product processes a maximum of three e-mails at the<br />
same time, because there can be three Spam Scanner engine instances<br />
running simultaneously. The number of Spam Scanner instances can be<br />
controlled by using a command-line switch <strong>for</strong> F-<strong>Secure</strong> Content Scanner<br />
Server.<br />
To change the value to 5, so that a maximum five mails can be processed<br />
at the same time, type: fsavsd.exe --spam-scanner-instances=x (x is the<br />
value you want to take into use), <strong>for</strong> example:<br />
C:\Program Files\F-<strong>Secure</strong>\Content Scanner Server><br />
fsavsd.exe --spam-scanner-instances=5<br />
F-<strong>Secure</strong> Content Scanner Server Daemon, 6.42.162<br />
Copyright (c) 1998-2005 F-<strong>Secure</strong> Corporation
CHAPTER 8 339<br />
Administering F-<strong>Secure</strong> Spam Control<br />
'spam-scanner-instances' (oid=1.3.6.1.4.1.2213.18.1.35.500)<br />
has been set to 5.<br />
To take the new setting into use, restart F-<strong>Secure</strong> Content Scanner<br />
Server.<br />
IMPORTANT: Each additional instance of the Spam Scanner takes<br />
approximately 25Mb of memory (process fsavsd.exe). Typically<br />
you should not need more than 5 instances.
9<br />
UPDATING VIRUS AND<br />
SPAM DEFINITION<br />
DATABASES<br />
Overview................................................................................... 341<br />
Automatic Updates with F-<strong>Secure</strong> Automatic Update Agent.... 341<br />
Configuring Automatic Updates................................................ 342<br />
Manual Updates ....................................................................... 342<br />
340
9.1 Overview<br />
CHAPTER 9 341<br />
Updating <strong>Virus</strong> and Spam Definition Databases<br />
It is of the utmost importance that virus definition databases are kept<br />
up-to-date. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> takes care of this<br />
task automatically. This section describes how the automatic updates<br />
work, how you can configure them and how you can update the virus<br />
definitions manually.<br />
In<strong>for</strong>mation about the latest virus database update can be found at:<br />
http://www.F-<strong>Secure</strong>.com/download-purchase/updates.shtml<br />
9.2 Automatic Updates with F-<strong>Secure</strong> Automatic<br />
Update Agent<br />
With F-<strong>Secure</strong> Automatic Update Agent, virus and spam definition<br />
database updates are retrieved automatically when they are published.<br />
When a new virus is found, F-<strong>Secure</strong> provides a new virus definition<br />
database update. F-<strong>Secure</strong> Automatic Update Agent uses HTTP protocol<br />
to fetch this update. <strong>Virus</strong> and spam definition updates are digitally signed<br />
<strong>for</strong> maximum security.<br />
In order to update the spam definition databases F-<strong>Secure</strong> Automatic<br />
Update Agent must be installed on the same computer as F-<strong>Secure</strong> Spam<br />
Control.<br />
You may install and use F-<strong>Secure</strong> Automatic Update Agent in conjunction<br />
with licensed F-<strong>Secure</strong>'s antivirus and security products. F-<strong>Secure</strong><br />
Automatic Update Agent shall be used only <strong>for</strong> receiving updates and<br />
related in<strong>for</strong>mation on F-<strong>Secure</strong>'s antivirus and security products.<br />
F-<strong>Secure</strong> Automatic Update Agent may not be used <strong>for</strong> any other purpose<br />
or service.
342<br />
9.3 Configuring Automatic Updates<br />
9.4 Manual Updates<br />
9.4.1 Using FSUPDATE<br />
F-<strong>Secure</strong> Automatic Update Agent user interface provides in<strong>for</strong>mation<br />
about downloaded virus and spam definition updates. To access the<br />
F-<strong>Secure</strong> Automatic Update Agent user interface, open the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console, and select the F-<strong>Secure</strong><br />
Automatic Update Agent tab. For more in<strong>for</strong>mation, see “F-<strong>Secure</strong><br />
Automatic Update Agent Settings”, 298.<br />
In centrally managed installations, you can use the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console <strong>for</strong> monitoring the F-<strong>Secure</strong><br />
Automatic Update Agent settings. To change these settings, use<br />
F-<strong>Secure</strong> Policy Manager Console. For more in<strong>for</strong>mation, see “F-<strong>Secure</strong><br />
Automatic Update Agent Settings”, 212.<br />
If you do not want to use F-<strong>Secure</strong> Automatic Update Agent to<br />
automatically update your virus definition database, you can do it<br />
manually with a program called FSUPDATE or by downloading the<br />
LATEST.ZIP file.<br />
FSUPDATE is a program that automatically updates the virus definition<br />
database. FSUPDATE can be downloaded from:<br />
http://www.f-secure.com/download-purchase/updates.shtml<br />
Run FSUPDATE.exe on the computer where you installed F-<strong>Secure</strong><br />
Content Scanner Server. The update process takes approximately one<br />
minute.
CHAPTER 9 343<br />
Updating <strong>Virus</strong> and Spam Definition Databases<br />
9.4.2 Updating the <strong>Virus</strong> Definition Database Remotely Using<br />
LATEST.ZIP<br />
You can update the virus definition database remotely by using F-<strong>Secure</strong><br />
Policy Manager and downloading the LATEST.ZIP archive as follows:<br />
1. Download the LATEST.ZIP archive from:<br />
http://www.f-secure.com/download-purchase/updates.shtml<br />
2. Run F-<strong>Secure</strong> Policy Manager console.<br />
3. Open the Tools menu and select Update <strong>Virus</strong> Definitions on the<br />
Server....<br />
4. Browse to the location where you saved the LATEST.ZIP file and click<br />
Open.
A<br />
APPENDIX:<br />
Deploying the Product<br />
on a Cluster<br />
System and Network Recommendations ................................. 345<br />
Installation Overview ................................................................ 347<br />
Creating Quarantine Storage.................................................... 348<br />
Installing the Product................................................................ 356<br />
Administering the Cluster Installation with F-<strong>Secure</strong> Policy<br />
Manager ................................................................................... 360<br />
Using the Quarantine in the Cluster Installation ....................... 363<br />
Troubleshooting........................................................................ 363<br />
344
A.1 System and Network Recommendations<br />
APPENDIX A 345<br />
Deploying the Product on a Cluster<br />
F-<strong>Secure</strong> Policy Manager<br />
When F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is installed on<br />
a cluster, you have to use F-<strong>Secure</strong> Policy Manager to administer<br />
it. F-<strong>Secure</strong> Policy Manager must be installed on a separate<br />
server, it cannot be installed on the cluster. It is recommended to<br />
use F-<strong>Secure</strong> Policy Manager version 6.01 or later.<br />
<strong>Microsoft</strong> SQL Server<br />
<strong>Microsoft</strong> SQL Server is required <strong>for</strong> the quarantine database.<br />
<strong>Microsoft</strong> SQL Server must be installed on a separate computer.<br />
It is recommended to use <strong>Microsoft</strong> SQL Server 2000 or 2005<br />
(Standard or Enterprise Edition). <strong>Microsoft</strong> SQL Server 2005<br />
Express Edition can be used, but is not recommended if your<br />
organization sends and receives a large amount of e-mail<br />
messages. <strong>Microsoft</strong> SQL Server 2000 Desktop Edition (MSDE)<br />
cannot be used with the product installed on a cluster.<br />
Server <strong>for</strong> the quarantine storage<br />
if you plan to deploy the product on an active-active cluster, the<br />
quarantine storage requires a dedicated server. The server must<br />
belong in the same domain with <strong>Microsoft</strong> <strong>Exchange</strong> Servers. If<br />
you plan to install the product on an active-passive cluster, you<br />
can have the quarantine storage on the cluster or on a dedicated<br />
server.<br />
The quarantine storage can be created on the same server<br />
running <strong>Microsoft</strong> SQL Server or F-<strong>Secure</strong> Policy Manager<br />
Server as long as it belongs to the same domain as your<br />
<strong>Microsoft</strong> <strong>Exchange</strong> Servers and it has sufficient disk<br />
space.<br />
Sample Active-Passive Cluster Deployment<br />
The following diagram displays how the product can be deployed and<br />
used on the active-passive cluster environment.
346<br />
Sample Active-Active Cluster Deployment<br />
The following diagram displays how the product can be deployed and<br />
used on the active-active cluster environment.
A.2 Installation Overview<br />
APPENDIX A 347<br />
Deploying the Product on a Cluster<br />
Follow these steps to deploy and use F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> on a cluster.<br />
1. Install F-<strong>Secure</strong> Policy Manager on a dedicated server. If you already<br />
have F-<strong>Secure</strong> Policy Manager installed in the network, you can use it<br />
to administer F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. For more<br />
in<strong>for</strong>mation, see F-<strong>Secure</strong> Policy Manager Administrator’s Guide.<br />
2. Install <strong>Microsoft</strong> SQL Server 2000 or 2005 on a dedicated server.<br />
<strong>Microsoft</strong> SQL Server must be installed with the mixed authentication<br />
mode (Windows Authentication and SQL Server Authentication).<br />
After the installation, make sure that Named Pipes and TCP/IP<br />
protocols are enabled in SQL Server network configuration.<br />
3. Create the quarantine storage <strong>for</strong> quarantined e-mail messages and<br />
attachments.<br />
If you plan to install the product on an active-passive cluster, see<br />
“Quarantine Storage in Active-Passive Cluster”, 348. If you plan to install<br />
the product on an active-active cluster, see “Quarantine Storage in<br />
Active-Active Cluster”, 353.<br />
4. Install the product on each node.<br />
If you plan to install the product on an active-passive cluster, see<br />
“Installing on Active-Passive Cluster”, 356. If you plan to install the<br />
product on an active-active cluster, see “Installing on Active-Passive<br />
Cluster”, 356.<br />
IMPORTANT: Install the product completely on one node be<strong>for</strong>e<br />
you install it on another node.<br />
5. Create a policy domain <strong>for</strong> the cluster in F-<strong>Secure</strong> Policy Manager<br />
and import cluster nodes there. For more in<strong>for</strong>mation, see<br />
“Administering the Cluster Installation with F-<strong>Secure</strong> Policy Manager”, 360.<br />
6. Log on each node and configure the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console to accept connections from authorized hosts.
348<br />
A.3 Creating Quarantine Storage<br />
Follow instructions in this section to create the Quarantine Storage.<br />
A.3.1 Quarantine Storage in Active-Passive Cluster<br />
1. Log on to the active node of the cluster with thedomain administrator<br />
account.<br />
2. Create a directory <strong>for</strong> the quarantine storage on the physical disk<br />
shared by the cluster nodes. You can create it on the same disk with<br />
MIcrosoft <strong>Exchange</strong> Server storage and log files. For example, create<br />
Quarantine directory on disk D:.<br />
3. Go to Windows Start menu > All Programs > Administrative Tools and<br />
select Cluster Administrator.<br />
4. Under Groups, right-click <strong>Exchange</strong> Virtual Server and select New ><br />
Resource.
Enter the following in<strong>for</strong>mation:<br />
Name: F-<strong>Secure</strong> Quarantine Storage<br />
Resource Type: File Share<br />
APPENDIX A 349<br />
Deploying the Product on a Cluster<br />
Group: make sure that your <strong>Exchange</strong> Virtual Server is selected.<br />
Click Next.<br />
5. Possible Owners dialog opens.<br />
6. Verify that all nodes that are running <strong>Exchange</strong> Server are listed<br />
under Possible owners and click Next.<br />
7. Dependencies dialog opens.
350<br />
In Available resources, select the <strong>Exchange</strong> Server Network Name<br />
and the disk with the quarantine storage directory and click Add to<br />
add them to Resource dependencies. Click Next.<br />
8. File Share Parameters dialog opens.
APPENDIX A 351<br />
Deploying the Product on a Cluster<br />
Type FSAVMSEQS$ as Share name. (Note: the dollar ($)<br />
character at the end of the share name makes the share hidden<br />
when you view network resources of the cluster with Windows<br />
Explorer.) E<br />
Enter the directory name you created on step 2 as Path (<strong>for</strong><br />
example, D:\Quarantine).<br />
In the Comment box, type F-<strong>Secure</strong> Quarantine Storage.<br />
Make sure that User limit is set to Maximum allowed.<br />
Click Permissions<br />
9. Permissions dialog opens.
352<br />
Add Administrator, <strong>Exchange</strong> Domain Servers and SYSTEM to the<br />
Group or user names. Remove Everyone account. Grant Change and<br />
Read permissions <strong>for</strong> <strong>Exchange</strong> Domain Servers and SYSTEM, and<br />
Full Control, Change and Read permissions <strong>for</strong> Administrator<br />
account. Click OK.<br />
10. In File Share Parameters dialog, click Advanced.<br />
Make sure that Normal share is selected in Advanced File Share<br />
Properties. Click OK.<br />
11. In File Share Parameters dialog, click Finish to create F-<strong>Secure</strong><br />
Quarantine Storage resource.
APPENDIX A 353<br />
Deploying the Product on a Cluster<br />
12. Right-click the F-<strong>Secure</strong> Quarantine Storage resource and click Bring<br />
Online.<br />
A.3.2 Quarantine Storage in Active-Active Cluster<br />
For an active-active cluster installation, the quarantine storage must be<br />
set on a dedicated computer. This computer should be the member of the<br />
same domain as your <strong>Exchange</strong> Servers.<br />
1. Log on to the server where you plan to create the quarantine storage<br />
(<strong>for</strong> example, APPSERVER) with a domain administrator account.<br />
2. Create a directory (<strong>for</strong> example, C:\Quarantine) <strong>for</strong> the quarantine<br />
storage on the local hard disk.<br />
3. Right-click the directory in the Windows Explorer and select Sharing<br />
and Security.<br />
4. The Sharing tab opens.
354<br />
Type FSAVMSEQS$ as Share name and make sure that User limit is<br />
set to Maximum Allowed.<br />
Click Permissions<br />
5. Permissions dialog opens.<br />
Add Administrator, <strong>Exchange</strong> Domain Servers and SYSTEM to the<br />
Group or user names. Remove Everyone account. Grant Change and<br />
Read permissions <strong>for</strong> <strong>Exchange</strong> Domain Servers and SYSTEM, and<br />
Full Control, Change and Read permissions <strong>for</strong> Administrator<br />
account. Click OK.<br />
6. In the directory properties dialog, go to the Security tab.
APPENDIX A 355<br />
Deploying the Product on a Cluster<br />
Remove all existing groups and users and add Administrator,<br />
<strong>Exchange</strong> Domain Servers and SYSTEM to the Group or user<br />
names. Grant all except Full Control permissions <strong>for</strong> <strong>Exchange</strong><br />
Domain Servers and SYSTEM. Grant all permissions <strong>for</strong><br />
Administrator. Click OK.<br />
7. To verify that the quarantine storage is accessible, log on as the<br />
domain administrator to any node in the cluster and try to open<br />
\\\FSAVMSEQS$\ with Windows Explorer, where <br />
is the name of the server where you created the quarantine storage<br />
share.
356<br />
A.4 Installing the Product<br />
Follow the instructions in this section to install the product on a cluster<br />
installation.<br />
A.4.1 Installing on Active-Passive Cluster<br />
This section describes how to install the product on an active-passive<br />
cluster.<br />
1. Log on to the active node of the cluster using a domain administrator<br />
account.<br />
2. Run F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> setup wizard. Install<br />
the product in the centralized management mode. Specify the IP<br />
address of F-<strong>Secure</strong> Policy Manager Server and admin.pub that you<br />
created during the F-<strong>Secure</strong> Policy Manager installation. For more<br />
in<strong>for</strong>mation, see “Installation”, 32.<br />
3. The setup wizard asks <strong>for</strong> the location of the quarantine directory.<br />
Specify the UNC path to the Quarantine Storage share that you<br />
created be<strong>for</strong>e the installation as the Quarantine Directory. For<br />
example, \\\FSAVMSEQS$, where is the<br />
network name of your <strong>Exchange</strong> Virtual Server.
APPENDIX A 357<br />
Deploying the Product on a Cluster<br />
4. The setup program asks to specify the SQL Server to use <strong>for</strong> the<br />
quarantine database.<br />
Select the server running <strong>Microsoft</strong> SQL Server.<br />
5. Complete the installation on the active node.<br />
6. Log on to the passive node of the cluster using a domain<br />
administrator account. Repeat steps 2-4.<br />
7. After you specify the SQL Server to use, the setup wizard asks you to<br />
specify the quarantine database.
358<br />
Select Use the existing database.<br />
8. Complete the installation on the passive node.<br />
A.4.2 Installing on Active-Active Cluster<br />
This section describes how to install the product on an active-active<br />
cluster.<br />
1. Log on to the first node of the cluster using a domain administrator<br />
account.<br />
2. Run F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> setup wizard. Install<br />
the product in the centralized management mode. Specify the IP<br />
address of F-<strong>Secure</strong> Policy Manager Server and admin.pub that you<br />
created during the F-<strong>Secure</strong> Policy Manager installation. For more<br />
in<strong>for</strong>mation, see “Installation”, 32.<br />
3. The setup wizard asks <strong>for</strong> the location of the quarantine directory.
APPENDIX A 359<br />
Deploying the Product on a Cluster<br />
Specify the UNC path to the Quarantine Storage share that you<br />
created be<strong>for</strong>e the installation as the Quarantine Directory. For<br />
example, \\\FSAVMSEQS$, where is the name of<br />
the server where you created the quarantine storage share.<br />
4. The setup program asks to specify the SQL Server to use <strong>for</strong> the<br />
quarantine database.<br />
Select the server running <strong>Microsoft</strong> SQL Server.
360<br />
5. Complete the installation on the first active node.<br />
6. Log on to the second node of the cluster using a domain<br />
administrator account and repeat steps 2-4.<br />
7. After you specify the SQL Server to use, the setup wizard asks you to<br />
specify the quarantine database.<br />
Select Use the existing database.<br />
8. Complete the installation on the second node.<br />
A.5 Administering the Cluster Installation with<br />
F-<strong>Secure</strong> Policy Manager<br />
To administer the product installed on a cluster, create a new subdomain<br />
under your organization or network domain. Import all cluster nodes to<br />
this subdomain.
To change product configuration on all cluster nodes, follow these<br />
instructions:<br />
1. Select the cluster subdomain in the Policy Domains tree.<br />
APPENDIX A 361<br />
Deploying the Product on a Cluster<br />
2. Change required settings.<br />
3. Distribute the policy.<br />
4. All nodes receive new settings next time they poll the F-<strong>Secure</strong> Policy<br />
Manager Server.
362<br />
If you need to change settings on a particular node, follow these<br />
instructions:<br />
1. Select the corresponding host in the Policy Domains.<br />
2. Change required settings.<br />
3. Distribute the policy.<br />
4. The host receives new settings next time it polls the F-<strong>Secure</strong> Policy<br />
Manager Server.
APPENDIX A 363<br />
Deploying the Product on a Cluster<br />
A.6 Using the Quarantine in the Cluster Installation<br />
A.7 Troubleshooting<br />
Configure the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console to accept connections from authorized hosts. By default,<br />
the Web Console accepts connections from the local host only.<br />
You can manage all quarantined items by connecting to any node<br />
of the cluster. You can release, reprocess or download<br />
quarantined messages and attachments when at least one node<br />
of the cluster is online.<br />
Use the IP address of the <strong>Exchange</strong> Virtual Server(s) when you<br />
connect to F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console.<br />
If the product fails to quarantine a file or reports that the<br />
quarantine storage is not accessible, make sure that directory<br />
sharing and security permissions are set as follows: change, write<br />
and read operations are allowed <strong>for</strong> SYSTEM and <strong>Exchange</strong><br />
Domain Servers, and full control is allowed <strong>for</strong> Administrator.<br />
To change the location of the quarantine storage from F-<strong>Secure</strong><br />
Policy Manager Console, use the Final flag to override the setting<br />
set during product installation on the host.
B<br />
APPENDIX:<br />
Variables in Warning<br />
Messages<br />
List of Variables ........................................................................ 365<br />
Outbreak Management Alert Variables..................................... 367<br />
364
List of Variables<br />
APPENDIX B 365<br />
Variables in Warning Messages<br />
The following table lists the variables that can be included in the warning<br />
and in<strong>for</strong>mational messages sent by the product if an infection is found or<br />
content is blocked.<br />
If both stripping and scanning are allowed and the Agent found both types<br />
of disallowed content (infected and to be stripped) in an e-mail message,<br />
a warning message will be sent to the end-user instead of an<br />
in<strong>for</strong>mational one, if it is required.<br />
These variables will be dynamically replaced by their actual names. If an<br />
actual name is not present, the corresponding variable will be replaced<br />
with [Unknown].<br />
Variable Description<br />
$ANTI-VIRUS-SERVER The DNS/WINS name or IP address of<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>.<br />
$CSS-NAME The DNS/WINS name or IP address of<br />
F-<strong>Secure</strong> Content Scanner Server.<br />
$NAME-OF-SENDER The e-mail address where the original content<br />
comes from.<br />
$NAME-OF-RECIPIENT The e-mail addresses where the original<br />
content is sent.<br />
$SUBJECT The original e-mail message subject.<br />
$REPORT-BEGIN Marks the beginning of the scan report. This<br />
variable does not appear in the warning<br />
message.<br />
$REPORT-END Marks the end of the scan report. This variable<br />
does not appear in the warning message.<br />
When using <strong>Microsoft</strong> Outlook Web Access and <strong>Microsoft</strong> Internet<br />
Explorer, the $NAME-OF-RECIPIENT variable may contain an<br />
incorrect value when posting messages to protected public folders.
366<br />
The following table lists variables that can be included in the scan report,<br />
in other words the variables that can be used in the warning message<br />
between $REPORT-BEGIN and $REPORT-END.<br />
Variable Description<br />
$AFFECTED-FILENAM<br />
E<br />
The name of the original file or attachment.<br />
$AFFECTED-FILESIZE The size of the original file or attachment.<br />
$THREAT The name of the threat that was found in the<br />
content. For example, it can contain the name<br />
of the found infection, etc.<br />
$TAKEN-ACTION The action that was taken to remove the<br />
threat. These include the following: dropped,<br />
disinfected, etc.<br />
$QUARANTINE-ID The identification number of the quarantined<br />
attachment or file.
Outbreak Management Alert Variables<br />
$INTERVAL-TIME Detection interval in minutes.<br />
APPENDIX B 367<br />
Variables in Warning Messages<br />
$INTERVAL-MINUTES Outbreak limit of infections within detection<br />
interval.<br />
$INFECTIONS-LIMIT Actual number of infections found within the<br />
detection interval.<br />
$INFECTIONS-FOUND Detection interval in minutes.
C APPENDIX:<br />
Services and<br />
Processes<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> ............................ 369<br />
F-<strong>Secure</strong> Content Scanner Server ........................................... 370<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console...... 370<br />
F-<strong>Secure</strong> Management Agent (FSMA)..................................... 371<br />
F-<strong>Secure</strong> Automatic Updates Agent......................................... 373<br />
368
The following tables list the services and processes that are running on<br />
the system after the installation.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Service Process Description<br />
F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong><br />
<strong>Exchange</strong><br />
F-<strong>Secure</strong> Outbreak<br />
Manager<br />
fshkmngr.exe The F-<strong>Secure</strong> Hook Manager<br />
is a central component of<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> and it is<br />
used to get the whole system<br />
up and running.<br />
fswbsthk.exe The F-<strong>Secure</strong> Web Storage<br />
Hook processes mail in<br />
mailboxes and public folders,<br />
as well as composes and<br />
sends warning and notification<br />
messages to end users.<br />
fsstrods.exe The F-<strong>Secure</strong> Web Storage<br />
On-Demand Scanner<br />
per<strong>for</strong>ms manual and<br />
scheduled operations under<br />
mailboxes and public folders.<br />
fsobmngr.exe The Outbreak Manager reacts<br />
on a virus outbreak by sending<br />
an alert, a notification e-mail<br />
message and running a<br />
specified program or a script.<br />
APPENDIX C 369<br />
Services and Processes
370<br />
F-<strong>Secure</strong> Content Scanner Server<br />
Service Process Description<br />
F-<strong>Secure</strong> Content<br />
Scanner Server<br />
Daemon<br />
fsavsd.exe The back-end component that<br />
provides anti-virus scanning<br />
and spam filtering services <strong>for</strong><br />
Simple Content Inspection<br />
Protocol (SCIP) compliant<br />
clients.<br />
F-<strong>Secure</strong> Management Agent<br />
starts and controls the service<br />
automatically.<br />
fsdbuh.exe The Database Update Handler<br />
process verifies and checks<br />
the integrity of virus definition<br />
and spam control database<br />
updates.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console<br />
Service Process Descriptions<br />
F-<strong>Secure</strong> Web UI<br />
Daemon<br />
fswebuid.exe HTTP server that hosts<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console. Supports HTTP/1.0,<br />
HTTP/1.1 and HTTPS.<br />
F-<strong>Secure</strong> Management Agent<br />
starts and controls the service<br />
automatically.
F-<strong>Secure</strong> Management Agent (FSMA)<br />
Service Process Description<br />
F-<strong>Secure</strong><br />
Management<br />
Agent<br />
F-<strong>Secure</strong> Network<br />
Request Broker<br />
fsma32.exe F-<strong>Secure</strong> Management Agent<br />
is an FSMA service<br />
responsible <strong>for</strong> starting other<br />
services and monitoring them.<br />
fnrb32.exe The service handles the<br />
communication with F-<strong>Secure</strong><br />
Policy Manager via the<br />
network shared directory or<br />
HTTP interface.<br />
F-<strong>Secure</strong> Management Agent<br />
starts and controls the service<br />
automatically.<br />
fsmb32.exe F-<strong>Secure</strong> Message Broker<br />
provides the inter-process<br />
communication interface <strong>for</strong><br />
integrated services and<br />
applications.<br />
fch32.exe F-<strong>Secure</strong> Configuration<br />
Handler that works with<br />
F-<strong>Secure</strong> Policy Manager<br />
driver and enables other<br />
components to read base<br />
policy settings and to update<br />
incremental policy settings and<br />
statistics.<br />
APPENDIX C 371<br />
Services and Processes
372<br />
Service Process Description<br />
fameh32.exe Alert and Management<br />
Extensions Handler is used to<br />
send alerts and reports to<br />
F-<strong>Secure</strong> Policy Manager<br />
Console, LogFile.log,<br />
Windows event log and SMTP<br />
server.<br />
fih32.exe F-<strong>Secure</strong> Installation Handler<br />
enables the remote installation<br />
and updating of integrated<br />
F-<strong>Secure</strong> products.<br />
fsm32.exe The F-<strong>Secure</strong> Settings and<br />
Statistics User Interface. The<br />
process is not running unless<br />
the user is logged in to the<br />
system.
F-<strong>Secure</strong> Automatic Updates Agent<br />
Service Process Description<br />
F-<strong>Secure</strong><br />
Automatic Updates<br />
Agent<br />
servic~1.exe The service starts and controls<br />
the F-secure Automatic<br />
Update Agent client process.<br />
f-secu~1.exe F-<strong>Secure</strong> Automatic<br />
Update.exe. This is the client<br />
process that polls and<br />
automatically downloads virus<br />
and spam definition database<br />
updates from F-<strong>Secure</strong>. It also<br />
handles F-<strong>Secure</strong> Automatic<br />
Updates Agent settings and<br />
provides the local user<br />
interface <strong>for</strong> a logged-on user.<br />
FSBWSYS.exe The Automatic Update Agent<br />
process provides automatic<br />
updates of virus definition<br />
databases <strong>for</strong> F-<strong>Secure</strong><br />
Content Scanner Server.<br />
THe process receives virus<br />
definition database updates<br />
from F-<strong>Secure</strong> Automatic<br />
Updates Agent Server via the<br />
HTTP or UDP-based protocol.<br />
APPENDIX C 373<br />
Services and Processes
D<br />
TROUBLESHOOTING<br />
Overview................................................................................... 375<br />
Starting and Stopping........................................................... 375<br />
Viewing the Log File ................................................................. 375<br />
Common Problems and Solutions............................................ 376<br />
Frequently Asked Questions .................................................... 381<br />
F-<strong>Secure</strong> Automatic Update Agent Troubleshooting ................ 386<br />
374
D.1 Overview<br />
D.2 Starting and Stopping<br />
D.3 Viewing the Log File<br />
If you have a problem that is not covered in here, see “Technical Support”,<br />
392.<br />
If you ever need to start or stop F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>, you can do it in the following ways:<br />
Open the Services applet from the Administrative tools folder in<br />
the Windows Control Panel and select F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>. To stop F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>, click Stop. To start the service, click Start.<br />
Open the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console and select the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> tab. Select the Summary page and click Start to<br />
activate F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>. Click Stop<br />
to stop it.<br />
From the command line - enter NET STOP FSAVAG4MSE to the<br />
command line to stop the service, and NET START FSAVAG4MSE to<br />
start the service.<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> uses the log file Logfile.log<br />
that is maintained by F-<strong>Secure</strong> Management Agent and contains all alerts<br />
generated by F-<strong>Secure</strong> components installed on the host. Logfile.log can<br />
be found on all hosts running F-<strong>Secure</strong> Management Agent. You can view<br />
the Logfile.log with any text editor, <strong>for</strong> example Windows Notepad. Open<br />
the logfile.log from F-<strong>Secure</strong> Settings and Statistics / F-<strong>Secure</strong><br />
Management Agent properties / Show log file, or from the Home page of<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console by clicking<br />
Show F-<strong>Secure</strong> Log.<br />
CHAPTER D 375<br />
Troubleshooting
376<br />
F-<strong>Secure</strong> Management Agent uses Logfile.log (in F-<strong>Secure</strong> / Common<br />
directory) <strong>for</strong> logging of all the alerts on the host.<br />
Logfile.log contains all the alerts generated by the host, regardless of the<br />
severity. Logfile.log file size can be configured in F-<strong>Secure</strong> Management<br />
Agent / Settings / Alerting / Alert Agents / Logfile / Maximum File Size.<br />
D.4 Common Problems and Solutions<br />
If you think that you have some problem with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>, check that both F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> and F-<strong>Secure</strong> Content Scanner Server are up and running.<br />
Checking F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
1. Make sure that F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> service<br />
and all its processes have started.<br />
Open Services in the Windows Control Panel and check that the<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> service has started.<br />
Open the Windows Task Manager and check that the following<br />
processes are running:<br />
fshkmngr.exe fsmb32.exe<br />
fswbsthk.exe fameh32.exe<br />
fsobmngr.exe fch32.exe<br />
fsma32.exe fsm32.exe<br />
fnrb32.exe<br />
2. To make sure that F-<strong>Secure</strong> Content Scanner Server accepts<br />
connections, start a telnet session to the F-<strong>Secure</strong> Content Scanner<br />
Server machine to the port 18971. If you have specified a different<br />
SCIP port, use that port instead.
If you get the cursor blinking in the upper left corner, it means that the<br />
connection has been established and F-<strong>Secure</strong> Content Scanner<br />
Server can accept incoming connections.<br />
If you get "Connection to the host lost" or other error message or if the<br />
cursor does not go to the upper left corner, it means that the<br />
connection attempt was unsuccessful.<br />
If your connection attempt was unsuccessful, (1) make sure that<br />
F-<strong>Secure</strong> Content Scanner Server is up and running, and (2) check<br />
the physical connection between F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> and F-<strong>Secure</strong> Content Scanner Server.<br />
The connection must be direct (without firewalls or scanners in<br />
between) and at least 100 Mbps fast. If the computer running<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has two or more network<br />
interfaces (including dial-up modem connection), make sure that all<br />
files <strong>for</strong>warded to F-<strong>Secure</strong> Content Scanner Server use the right<br />
network interface. Edit the routing table if needed.<br />
Checking F-<strong>Secure</strong> Content Scanner Server<br />
Problem:<br />
When the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> tries to send an<br />
attachment to F-<strong>Secure</strong> Content Scanner Server, the attachment is not<br />
scanned and the e-mail does not reach the recipient.<br />
Solution:<br />
The problem is that F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is unable<br />
to contact F-<strong>Secure</strong> Content Scanner Server(s).<br />
There are several possible causes <strong>for</strong> this:<br />
1. Incorrect keycode might have been used when installing F-<strong>Secure</strong><br />
Content Scanner Server. When installing F-<strong>Secure</strong> Content Scanner<br />
Server you should use the keycode <strong>for</strong> F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>, and not the keycode <strong>for</strong> F-<strong>Secure</strong> Content<br />
CHAPTER D 377<br />
Troubleshooting
378<br />
Scanner Server. If you have entered a wrong keycode, the installation<br />
did not install all the components required <strong>for</strong> F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>.<br />
2. A service or process may not be running on F-<strong>Secure</strong> Content<br />
Scanner Server. Make sure that all processes and services of<br />
F-<strong>Secure</strong> Content Scanner Server have started. Check the Services<br />
in Windows Control Panel. The following services should be started:<br />
F-<strong>Secure</strong> Content Scanner Server<br />
F-<strong>Secure</strong> Management Agent<br />
F-<strong>Secure</strong> Network Request Broker<br />
Check the Task Manager. The following processes should be running:<br />
fsmb32.exe fsma32.exe<br />
fsavsd.exe fih32.exe<br />
fsdbuh.exe fch32.exe<br />
fnrb32.exe fameh32.exe<br />
If any of these processes are not started, uninstall and reinstall the<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Content Scanner Server.<br />
Checking F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console<br />
Problem:<br />
I cannot open or access F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web<br />
Console.<br />
Solution:<br />
1. Make sure that F-<strong>Secure</strong> Web Console daemon has started and is<br />
running. Check the Services in Windows Control Panel. The following<br />
service should be started:<br />
F-<strong>Secure</strong> Web Console Daemon
D.4.1 Installing Service Packs<br />
D.4.2 Securing the Quarantine<br />
Check the Task Manager. The following process should be running:<br />
fswebuid.exe<br />
2. If you try to connect to the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console from a remote host, make sure that the<br />
connection is not blocked by a firewall or proxy server.<br />
If you wish to install a <strong>Microsoft</strong> <strong>Exchange</strong> Server Service Pack and<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> is already installed, stop<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> be<strong>for</strong>e installing the Service<br />
Pack and restart it after the Service Pack installation.<br />
Problem:<br />
I have installed F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and I'm<br />
worried about security of the local Quarantine storage where stripped<br />
attachments are quarantined. What do you recommend me?<br />
CHAPTER D 379<br />
Troubleshooting
380<br />
Solution:<br />
D.4.3 Administration Issues<br />
F -<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> creates and adjusts access<br />
rights to the local Quarantine storage during the installation. Keep in mind<br />
the following when setting up the local Quarantine storage:<br />
Do not place the Quarantine storage on a FAT drive. FAT file<br />
system does not support access rights on directories and files <strong>for</strong><br />
different users. If you place the Quarantine storage on a FAT<br />
drive everyone who has access to that drive will be able to get<br />
access to the quarantined content.<br />
Create and adjust access rights to the Quarantine storage<br />
manually if you use one on a network drive.<br />
Create and adjust access rights to the Quarantine storage<br />
manually when you change its path from F-<strong>Secure</strong> Policy<br />
Manager Console or F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
Web Console.<br />
Some settings are initially configured during the installation of<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and F-<strong>Secure</strong><br />
Content Scanner Server. They can be viewed on the Status tab of<br />
F-<strong>Secure</strong> Policy Manager Console.<br />
When changing such settings in F-<strong>Secure</strong> Policy Manager<br />
Console <strong>for</strong> the first time, you must en<strong>for</strong>ce the change by<br />
selecting the Final check box. This applies to the Primary and<br />
Backup Content Scanner Servers, Port, and Quarantine storage<br />
settings of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> and to the<br />
Working directory and Quarantine storage settings of F-<strong>Secure</strong><br />
Content Scanner Server.
D.5 Frequently Asked Questions<br />
Per<strong>for</strong>mance<br />
Q. Why does the time to open a message in mailboxes and Public<br />
Folders increase after installation of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong>?<br />
A. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> scans each message <strong>for</strong><br />
viruses, hence the delay with opening the message. A message<br />
scanned once is marked as scanned and will be opened quickly next<br />
time. Of course, if a message has been changed, it will be scanned<br />
<strong>for</strong> viruses again.<br />
Q. <strong>Microsoft</strong> Outlook displays an error message stating something<br />
like “Cannot open message” or “Cannot open message in<br />
preview pane”. What should be done?<br />
A. Check that F-<strong>Secure</strong> Content Scanner Server is up and running. If a<br />
mail cannot be scanned, access to it is not allowed.<br />
Q. Why does e-mail stay in the Outbox <strong>for</strong> a while after being sent?<br />
A. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> scans each message <strong>for</strong><br />
viruses, hence the delay with sending the message.<br />
Q. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> complains about<br />
connection timeout to F-<strong>Secure</strong> Content Scanner Server. What<br />
should be done?<br />
A. Make sure that F-<strong>Secure</strong> Content Scanner Server is running, that it<br />
has been installed with the correct keycode <strong>for</strong> F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
<strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>, and that the connection to F-<strong>Secure</strong> Content<br />
Scanner Server is direct and at least 100 Mbps fast. If the computer<br />
running F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> has multiple<br />
network interfaces (including dial-up connections), make sure that all<br />
files <strong>for</strong>warded to F-<strong>Secure</strong> Content Scanner Server(s) use the right<br />
network interface.<br />
CHAPTER D 381<br />
Troubleshooting
382<br />
Settings<br />
Q. Every time when the server shuts down I get error reports that<br />
F-<strong>Secure</strong> SMTP and Real-Time Scanners cannot connect to the<br />
server. What is the problem?<br />
A. When you shut down the computer with F-<strong>Secure</strong> Content Scanner<br />
Server and F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> components,<br />
F-<strong>Secure</strong> Content Scanner Server may shut down be<strong>for</strong>e F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> components, which may cause<br />
them to report that they have lost the connection to F-<strong>Secure</strong> Content<br />
Scanner Server.<br />
Q. Is it possible to strip attachments with size greater than or equal<br />
to a given value?<br />
A. No, this is not possible at the moment. Use the <strong>Exchange</strong> Manager to<br />
limit the size of attached files.<br />
Q. Are the newly created mailboxes and Public Folders<br />
automatically covered by F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong>?<br />
A. Yes. The default polling interval <strong>for</strong> newly created mailboxes and<br />
Public Folders is 1 hour. For more in<strong>for</strong>mation, see “Advanced”, 182.<br />
For more in<strong>for</strong>mation on how to set the polling interval in stand-alone<br />
mode, see “Advanced”, 267.
Q. I am trying to change Primary and Backup Content Scanner<br />
Servers settings through F-<strong>Secure</strong> Policy Manager Console, but<br />
the changes did not affect F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong>. Why?<br />
A. Primary and Backup Content Scanner Servers settings are initially<br />
configured during the installation of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> and can thus be viewed on the Status tab of F-<strong>Secure</strong><br />
Policy Manager Console. To override the settings made by the setup<br />
program, select the Final check box when changing this setting in<br />
F-<strong>Secure</strong> Policy Manager Console <strong>for</strong> the first time. This also applies<br />
to the Port and Quarantine storage settings of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> and to the Working directory and Quarantine<br />
storage settings of F-<strong>Secure</strong> Content Scanner Server.<br />
Q. A message has an attachment with a file extension that should<br />
be stripped. Why the attachment was not stripped?<br />
A. F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> does not strip<br />
attachments with a size of 0 Kb, as they cannot contain any malicious<br />
code.<br />
Q. I have a Public Folder that is excluded from the virus scan, but<br />
some messages are scanned and disinfected be<strong>for</strong>e they arrive<br />
to the excluded Public Folder. Why?<br />
A. If you send a message from a MAPI client, the message goes to the<br />
Outbox folder be<strong>for</strong>e it is sent to the Public Folder. The message is<br />
scanned when it is in the Outbox folder according to the processing<br />
settings <strong>for</strong> this mailbox. When the message arrives in the Public<br />
Folder, it is scanned according to the Public Folder processing<br />
settings. Thus, messages sent with SMTP are not scanned in<br />
excluded Public Folders.<br />
CHAPTER D 383<br />
Troubleshooting
384<br />
Q. A message is not scanned if it comes from a trusted mailbox.<br />
Why?<br />
A. If an infected attachment arrives to a mailbox, it passes the virus<br />
scanner but it is not disinfected or stopped. The real-time scanner<br />
scans messages in the message store only once, so when the<br />
infected message is sent from the trusted mailbox to another mailbox<br />
inside the same message store, the real-time scanner does not scan<br />
it again.<br />
If you use trusted mailboxes, store those messages in a different<br />
message store. When a message moves between message stores, it<br />
is scanned and infected attachments can be disinfected. You can also<br />
run the manual scan periodically to remove infected attachments.<br />
Q. When I release an e-mail from the Quarantine, sometimes two<br />
warning messages are sent to the recipient. Why?<br />
A. When you release an e-mail that has an infected attachment from the<br />
Quarantine and the user uses POP3 to retrieve mail from the server,<br />
the user may receive two warning messages while the infected<br />
attachment remains in the Quarantine.<br />
Local Protection with F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> Windows Servers<br />
Q. Can all files on a <strong>Microsoft</strong> <strong>Exchange</strong> computer be scanned <strong>for</strong><br />
viruses, or are some files and folders excluded from scanning<br />
automatically?<br />
A. The working and quarantine directories of F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> are added to the OAS excluded list during the<br />
installation.<br />
<strong>Microsoft</strong> Knowledgebase article #245822 ‘Recommendations <strong>for</strong><br />
troubleshooting an <strong>Exchange</strong> computer with antivirus software<br />
installed’ describes what files and folders should never be scanned<br />
with file-based antivirus software: http://support.microsoft.com/<br />
default.aspx?scid=kb;en-us;245822.
Quarantined and Disinfected Files<br />
Q. When examining a raw message that has been disinfected, there<br />
seems to be some data that should be stripped. Is the message<br />
still infected?<br />
A. Disinfected messages do not contain any malicious code. The<br />
<strong>Microsoft</strong> <strong>Exchange</strong> server keeps the original message header in the<br />
message, so MIME-part headers may appear in the raw message<br />
data.<br />
Q. A message has an Attachment_In<strong>for</strong>mation.txt file as an<br />
embedded OLE object. What is this file and why do I get a<br />
warning message when I try to open the file?<br />
A. The original message had an infection which F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> removed and replaced with the<br />
Attachment_In<strong>for</strong>mation.txt file. As embedded OLE objects have to<br />
be replaced with text attachments to avoid corrupting OLE objects,<br />
the Attachment_In<strong>for</strong>mation.txt is an embedded OLE object that<br />
causes the warning message. The <strong>Virus</strong>Info text file contains<br />
in<strong>for</strong>mation about the infection that has been removed.<br />
The Attachment_In<strong>for</strong>mation.txt file may appear also in Public Folder<br />
messages <strong>for</strong> the same reason.<br />
Q. During the installation, I get a notification that an application is<br />
requesting access to a protected system. What causes this?<br />
A. You are using Windows 2000 Certificate Service and this behavior is<br />
normal with it.<br />
Q. What happens to e-mails saved in the Drafts folder during the<br />
real-time scanning?<br />
A. Messages saved temporarily into the Drafts folder are considered to<br />
be inbound and they are scanned and stripped accordingly.<br />
CHAPTER D 385<br />
Troubleshooting
386<br />
Q. Why users cannot attach some attachments to e-mail messages<br />
when using <strong>Microsoft</strong> Outlook Web Access and <strong>Microsoft</strong><br />
Internet Explorer?<br />
A. When using <strong>Microsoft</strong> Outlook Web Access and <strong>Microsoft</strong> Internet<br />
Explorer, you cannot send a message that has an attachment that<br />
cannot be disinfected or an attachment that is set to be stripped.<br />
When users try to attach the attachment, they receive an error<br />
message and the sending will fail.<br />
D.6 F-<strong>Secure</strong> Automatic Update Agent<br />
Troubleshooting<br />
The F-<strong>Secure</strong> Automatic Update Agent log file may be useful when<br />
solving problems when virus and/or spam definition databases do<br />
not update properly. Open the F-<strong>Secure</strong> Automatic Update Agent<br />
from F-<strong>Secure</strong> Settings and Statistics and click Show log file to<br />
view a detailed log of actions of the F- <strong>Secure</strong> Automatic Update<br />
Agent.
Q. How can I verify that updating the virus and spam definition<br />
databases really works?<br />
A. First, open the F-<strong>Secure</strong> Automatic Update Agent window from<br />
F-<strong>Secure</strong> Settings and Statistics and select the Received Packages<br />
tab. If a virus definitions database update has been downloaded, you<br />
should see something like “F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Update 2004-06-09”<br />
under Title.<br />
Check the Last Result column. If the update has been successfully<br />
placed into the destination directory, the Latest Result displays<br />
Installed. If the Latest Result is Not installed, the update has been<br />
downloaded but the F-<strong>Secure</strong> Automatic Update Agent could not<br />
copy it into the destination directory. The F-<strong>Secure</strong> Automatic Update<br />
Agent tries to copy it there again in one minute intervals. Click<br />
Package Properties to see the error message.<br />
If the Last Result value is Installed, check the date and time in the<br />
First Installed column at the bottom of the Received Packages page.<br />
Then, open Windows Explorer and select the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong><br />
folder, select Details from the View menu, and click the Modified<br />
column title above the file list to display the files sorted by date and<br />
time. The F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> folder should have files (with filename<br />
extensions .def, .avc, .set or .dat) which have the same date and time<br />
as the First Installed column.<br />
CHAPTER D 387<br />
Troubleshooting
388<br />
Q. The Received Packages page states that a virus definition<br />
database update is “Not installed”. What should I do?<br />
A. Click on the package title and then Package Properties to view the<br />
error message.<br />
Unable to locate<br />
anti-virus database<br />
update directory<br />
Not enough free disk<br />
space<br />
Could not create<br />
temporary directory<br />
Could not switch<br />
database update<br />
directory to a new one<br />
The directory does not exist, the<br />
communication directory is corrupted, or<br />
your client is in Standard mode and the<br />
update directory is in a network drive. Open<br />
the Settings page in the F-<strong>Secure</strong> Automatic<br />
Update Agent window and click Change to<br />
select the destination directory again.<br />
The drive of the destination directory is full.<br />
Free some disk space.<br />
Check that the current user has appropriate<br />
access rights to the destination directory.<br />
Note that if the destination is a<br />
communication directory, the same rights are<br />
also required <strong>for</strong> its subdirectories. If the<br />
destination is the “Other” subdirectory, the<br />
same rights are required <strong>for</strong> its parent<br />
directory.<br />
Another application has a file open in the<br />
destination directory, so it cannot be deleted.<br />
This can occasionally happen if multiple<br />
hosts are retrieving the update at the same<br />
time. The client will retry in one minute<br />
intervals, so wait and see if the result<br />
changes to “Installed”.<br />
If the update is still uninstalled, close all<br />
applications on the computer where the<br />
destination directory is, or reboot it. If the<br />
client is in NT application mode, see the<br />
explanation above <strong>for</strong> “Could not create<br />
temporary directory”.
Q. The Received Packages page states that a virus definition<br />
database update is “Installed”, but there are no new files in the<br />
<strong>Anti</strong>-<strong>Virus</strong> directory. Why?<br />
A. After downloading the update and placing it into a communication<br />
directory, F-<strong>Secure</strong> Content Scanner Server does not immediately<br />
retrieve the files from there. The delay depends on the polling interval<br />
of F-<strong>Secure</strong> Management Agent, with a default interval of 10 minutes<br />
the delay can be up to 20-30 minutes.<br />
In a stand-alone installation, make sure F-<strong>Secure</strong> Automatic Update<br />
Agent is installed in Stand-alone mode. Open the Settings page in<br />
F-<strong>Secure</strong> Automatic Update Agent window. The Change button<br />
should be disabled.<br />
With centrally managed installations, check that you have enabled<br />
“Poll Automatically” <strong>for</strong> <strong>Virus</strong> Definitions Updates in F-<strong>Secure</strong> Policy<br />
Manager Server. Open the Settings page in the F-<strong>Secure</strong> Automatic<br />
Update Agent window and check that you have selected the correct<br />
communication directory as the destination <strong>for</strong> the updates. If you are<br />
not sure, try downloading Latest.zip from<br />
http://www.F-<strong>Secure</strong>.com/download-purchase/updates.shtml, and<br />
import it to F-<strong>Secure</strong> Policy Manager Console. If the update succeeds<br />
this way, but not with F-<strong>Secure</strong> Automatic Update Agent, and the<br />
Received Packages page states that an update is “Installed”, the<br />
F-<strong>Secure</strong> Automatic Update Agent is most probably configured to<br />
place the updates in a wrong directory.<br />
Q. The Installed Packages page states that a virus definition<br />
database update fas “Failed” after I upgraded the product. What<br />
should I do?<br />
A. During the upgrade, F-<strong>Secure</strong> Automatic Update Agent retrieves the<br />
latest virus definition update. If the previous version of the product<br />
had the same version of the database installed already, F-<strong>Secure</strong><br />
Automatic Update Agent does not overwrite files and marks the<br />
update as failed. The message disappears automatically during the<br />
next virus database update.<br />
CHAPTER D 389<br />
Troubleshooting
390<br />
Q. I installed the F-<strong>Secure</strong> Automatic Update Agent, but it has not<br />
downloaded any virus definition updates. What’s wrong?<br />
A. Select the Received Packages tab in the F-<strong>Secure</strong> Automatic Update<br />
Agent window and check that no virus definitions update packages<br />
are listed in there.<br />
Select the Channel Status page in the F-<strong>Secure</strong> Automatic Update<br />
Agent. If the Channel Name and Channel Address fields are empty,<br />
the client has not yet connected to F-<strong>Secure</strong> Automatic Update<br />
server. Make sure that your Internet connection is working, and if the<br />
Current Status is Ready, click Connect Now to <strong>for</strong>ce the client to<br />
connect to the server immediately. Downloading the virus definitions<br />
database update <strong>for</strong> the first time can take a while if you have a lot of<br />
other Internet traffic open at the same time.<br />
If the client cannot connect to the server, make sure that your browser<br />
can access the Internet. Open your browser and connect to<br />
http://fsbwserver.f-secure.com/. If you cannot connect to the web<br />
page, check your network settings. If the connection was successful,<br />
open the Settings page. If Polite Agent is selected in the<br />
Communication section, change it to HTTP. If you change the<br />
protocol from Polite Agent to HTTP or vice versa, you have to restart<br />
the F-<strong>Secure</strong> Automatic Update Agent.<br />
If changing to HTTP communication did not help, open the Internet<br />
options in your browser to determine if you are connected through an<br />
HTTP proxy server. A few examples:<br />
Internet Explorer 6.0: Under the Tools menu, select Internet<br />
Options. Select the Connection tab and click LAN Settings....<br />
Check the settings in the Proxy server section. If you have the<br />
Use a proxy server <strong>for</strong> your LAN option selected and there is an<br />
address and port defined, you are using an HTTP proxy server. If<br />
the Use a proxy server <strong>for</strong> your LAN option is not selected and
you see a proxy server setting in the Address section but it is<br />
grayed out, click Advanced, remove the address and specify port<br />
0.<br />
Mozilla Firefox 1.0: Under the Tools menu, select Options. Select<br />
the General category, and click Connection Settings.... If the<br />
Manual proxy configuration option is selected, you can see the<br />
address and port number of the HTTP proxy server in the<br />
Connection Settings window.<br />
If you have determined that you are connecting through an HTTP<br />
proxy server, enable the “Use HTTP proxy” checkbox on the<br />
F-<strong>Secure</strong> Automatic Update Agent window’s Settings page and type<br />
in the field the proxy server address and port number that you<br />
retrieved from your browser (i.e. myproxy.mydomain.com:80).<br />
If you are not connected through a proxy server ensure that the Use<br />
HTTP proxy option is not selected.<br />
After these operations, your Automatic Update Agent client should be<br />
able to connect and receive content. If you are not able to receive<br />
content and your client is configured correctly you will have to contact<br />
your network administrator and have them verify your firewall is<br />
configured to accept outgoing HTTP requests and incoming<br />
responses to these requests.<br />
CHAPTER D 391<br />
Troubleshooting
Technical Support<br />
F-<strong>Secure</strong> Online Support Resources........................................ 393<br />
Web Club.................................................................................. 395<br />
<strong>Virus</strong> Descriptions on the Web ................................................. 395<br />
392
F-<strong>Secure</strong> Online Support Resources<br />
Technical Support 393<br />
F-<strong>Secure</strong> Technical Support is available through F-<strong>Secure</strong> support web<br />
pages, e-mail and by phone. Support requests can be submitted through<br />
a <strong>for</strong>m on F-<strong>Secure</strong> support web pages directly to F-<strong>Secure</strong> support.<br />
F-<strong>Secure</strong> support web pages <strong>for</strong> any F-<strong>Secure</strong> product can be accessed<br />
at http://support.f-secure.com/. All support issues, frequently asked<br />
questions and hotfixes can be found under the support pages.<br />
If you have questions about F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong><br />
not covered in this manual or on the F-<strong>Secure</strong> support web pages, you<br />
can contact your local F-<strong>Secure</strong> distributor or F-<strong>Secure</strong> Corporation<br />
directly.<br />
For technical assistance, please contact your local F-<strong>Secure</strong> Business<br />
Partner. Send your e-mail to:<br />
<strong>Anti</strong>-<strong>Virus</strong>-@f-secure.com<br />
Example: <strong>Anti</strong>-<strong>Virus</strong>-Norway@f-secure.com<br />
If there is no authorized F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> Business Partner in your<br />
country, you can submit a support request directly to F-<strong>Secure</strong>. There is<br />
an online "Web submit <strong>for</strong>m" accessible through F-<strong>Secure</strong> support web<br />
pages under the "Contact Support" page. Fill in all the fields and describe<br />
the problem as accurately as possible. Please include the FSDiag report<br />
taken from the problematic server with the support request.<br />
Be<strong>for</strong>e contacting support, please run the F-<strong>Secure</strong> Diagnostic utility<br />
FSDiag.exe on each of the hosts running F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong><br />
<strong>Microsoft</strong> <strong>Exchange</strong> and F-<strong>Secure</strong> Content Scanner Server. This utility<br />
gathers basic in<strong>for</strong>mation about hardware, operating system, network<br />
configuration and installed F-<strong>Secure</strong> and third-party software. You can run<br />
the F-<strong>Secure</strong> Diagnostics tool from the F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong><br />
<strong>Exchange</strong> Web Console as follows:<br />
1. Log in to the Web Console.<br />
2. Type https://127.0.0.1:25023/fsdiag/ in the browser’s address field.<br />
3. The F-<strong>Secure</strong> Diagnostics tool starts and the dialog window displays<br />
the progress of the data collection.
394<br />
4. When the tool has finished collecting the data, click Get Report to<br />
download and save the collected data.<br />
You can also find and run the FSDiag.exe utility under the<br />
F-<strong>Secure</strong>\Common folder, if you prefer not to do it through the F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console. The tool generates a file<br />
called FSDiag.tar.gz.<br />
Please include the following in<strong>for</strong>mation with your support request:<br />
Version number of F-<strong>Secure</strong> Management Agent, F-<strong>Secure</strong><br />
<strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong>, F-<strong>Secure</strong> Policy Manager<br />
Server, and F-<strong>Secure</strong> Policy Manager Console. Include the build<br />
number if available.<br />
Description how F-<strong>Secure</strong> components are configured.<br />
The name and the version number of the operating system on<br />
which F-<strong>Secure</strong> products and protected systems are running. For<br />
Windows, include the build number and Service Pack number.<br />
The version number and the configuration of your <strong>Microsoft</strong><br />
<strong>Exchange</strong> Server. If possible, describe your network<br />
configuration and topology.<br />
A detailed description of the problem, including any error<br />
messages displayed by the program, and any other details that<br />
could help us replicate the problem.<br />
Logfile.log from the machines running F-<strong>Secure</strong> products. This<br />
file can be found under Program Files\F-<strong>Secure</strong>\Common. If you<br />
are sending the FSDiag report you do not need to send the<br />
Logfile.log separately, because it is already included in the<br />
FSDiag report.<br />
If the whole product or a component crashed, include the<br />
drwtsn32.log file from the Windows NT directory and the latest<br />
records from the Windows Application Log.
Web Club<br />
<strong>Virus</strong> Descriptions on the Web<br />
Technical Support 395<br />
The F-<strong>Secure</strong> Web Club provides assistance and updated versions of the<br />
F-<strong>Secure</strong> products. To connect to the Web Club on our Web site, open the<br />
F-<strong>Secure</strong> <strong>Anti</strong>-<strong>Virus</strong> <strong>for</strong> <strong>Microsoft</strong> <strong>Exchange</strong> Web Console, and click the<br />
Web Club link in the banner.<br />
Alternatively, right-click on the F-<strong>Secure</strong> icon in the Window taskbar, and<br />
choose the Web Club command.<br />
To connect to the Web Club directly from within your Web browser, go to:<br />
http://www.f-secure.com/anti-virus/webclub/corporate/<br />
F-<strong>Secure</strong> Corporation maintains a comprehensive collection of<br />
virus-related in<strong>for</strong>mation on its Web site. To view the <strong>Virus</strong> In<strong>for</strong>mation<br />
Database, connect to: http://www.f-secure.com/virus-info/.
About F-<strong>Secure</strong> Corporation<br />
F-<strong>Secure</strong> Corporation is the fastest growing publicly listed company in the<br />
antivirus and intrusion prevention industry with more than 50% revenue<br />
growth in 2004. Founded in 1988, F-<strong>Secure</strong> has been listed on the Helsinki<br />
Stock <strong>Exchange</strong> since 1999. We have our headquarters in Helsinki, Finland,<br />
and offices in USA, France, Germany, Italy, Sweden, the United Kingdom and<br />
Japan. F-<strong>Secure</strong> is supported by service partners, value added resellers and<br />
distributors in over 50 countries. F-<strong>Secure</strong> protection is also available through<br />
mobile handset manufacturers such as Nokia and as a service through major<br />
Internet Service Providers, such as Deutsche Telekom, France Telecom and<br />
Charter Communications. The latest real-time virus threat scenario news are<br />
available at the F-<strong>Secure</strong> <strong>Anti</strong>virus Research Team weblog at<br />
http://www.f-secure.com/weblog/.<br />
Services <strong>for</strong> Individuals and Businesses<br />
F-<strong>Secure</strong> services and software protect individuals and businesses against<br />
computer viruses and other threats coming through the Internet or mobile<br />
networks. Our award-winning solutions include antivirus and desktop firewall<br />
with intrusion prevention, antispam and antispyware solutions. Our key<br />
strength is our proven speed of response to new threats. For businesses our<br />
solutions feature a centrally-managed and well-integrated suite of solutions<br />
<strong>for</strong> workstations and servers alike. Focused partners offer security as a<br />
service <strong>for</strong> companies that do not wish to build in-house security expertise.<br />
Visit our website at http://www.f-secure.com/products/ to learn more about our<br />
products and services.