Avira ANTIVIR EXCHANGE SERVER User Manual

MORE THAN SECURITY

www.avira.com

User Manual

Avira AntiVir

Exchange Server 2000/2003

Table of Contents

Table of Contents

1 About this Manual................................................................................1

1.1 Introduction ................................................................................... 1

1.2 The Structure of the Manual ........................................................1

1.3 Symbols and emphases ................................................................. 2

2 Avira AntiVir for Exchange - Product Overview..........................3

2.1 AntiVir ........................................................................................... 3

2.2 AntiVir Wall .................................................................................. 4

2.3 AntiVir Wall .................................................................................. 4

3 Getting Started .....................................................................................5

3.1 Installation on an Exchange Server ............................................. 5

3.2 Starting the AntiVir Exchange Management Console ................ 5

3.3 Configuration in the AntiVir Exchange Management Console .. 6

3.3.1 Required Basic Configuration Steps .............................................6

3.3.2 Required Policy Configuration Steps ............................................ 6

3.3.3 Recommended Basic Configuration Steps ....................................7

3.3.4 Virus Scanning in Exchange Databases ....................................... 7

3.4 Observing Data in AntiVir Monitor .............................................7

4 Installation ............................................................................................9

4.1 System Requirements ...................................................................9

4.2 Installation of Virus Scanners ...................................................... 9

4.3 Execution ..................................................................................... 10

4.3.1 Installation of Avira AntiVir Exchange on an Exchange Server10

4.4 Installation in Cluster ................................................................12

4.5 Uninstallation of Avira AntiVir Exchange for Exchange .........12

4.6 Insert Licence File ....................................................................... 13

5 General .................................................................................................15

5.1 The Architecture of Avira AntiVir Exchange ............................15

5.1.1 AntiVir Exchange Management Console .................................... 15

5.1.2 The AntiVir Server....................................................................... 16

5.1.3 The Grabber ................................................................................. 16

5.1.4 The AntiVir Service = Enterprise Message Handler (EMH) ..... 16

5.1.5 Avira AntiVir Exchange Configuration Settings........................ 19

5.2 Message Processing Sequence ....................................................20

5.3 User Interface ..............................................................................20

5.3.1 The Toolbar................................................................................... 21

5.3.2 The Icons....................................................................................... 21

5.4 Configuration in the Avira AntiVir Exchange Management

Console ......................................................................................... 23

Avira GmbH AntiVir Exchange Server I

Table of Contents

5.5 Basic Configuration .................................................................... 23

5.5.1 Configuration Reports.................................................................. 23

5.5.2 Import Configuration ................................................................... 24

5.5.3 AntiVir Server Settings ............................................................... 24

5.5.4 Individual Server Settings........................................................... 27

5.5.5 Address Lists ................................................................................30

5.5.6 Create Notification Templates ....................................................36

5.5.7 Folder settings..............................................................................43

5.5.8 Utility Settings ............................................................................. 47

5.6 Policy Configuration ................................................................... 47

5.6.1 Job Types ......................................................................................47

5.6.2 Actions ..........................................................................................49

5.6.3 Job Processing Sequence ............................................................. 49

5.7 AntiVir Monitor ........................................................................... 50

5.7.1 Quarantines.................................................................................. 51

5.7.2 AntiVir Reports ............................................................................57

6 AntiVir ..................................................................................................59

6.1 Overview ...................................................................................... 59

6.2 Virus Scanning ............................................................................ 60

6.2.1 Scanning in the Information Store.............................................. 61

6.2.2 AntiVir powered by Avira............................................................ 62

6.2.3 Enabling Virus Scanning – Example ..........................................63

6.3 Virus Scan in the Information Store – Sample Job ................... 69

6.3.1 General Settings........................................................................... 70

6.3.2 Scheduling ....................................................................................70

6.3.3 Defining Actions........................................................................... 71

6.3.4 Job Details ....................................................................................73

6.3.5 Server Status ................................................................................ 73

6.4 File Restrictions for Attachments .............................................. 74

6.4.1 By Type .........................................................................................74

6.4.2 By Message Size ........................................................................... 75

6.4.3 By Type and/or Attachment Size................................................. 75

6.4.4 Configuring Fingerprints.............................................................75

6.4.5 Denying File Attachments by Type – Example .......................... 81

6.4.6 Limiting Message Size - Example ...............................................84

6.4.7 Denying Attachment Types and Size – Example .......................87

7 AntiVir Wall.........................................................................................93

7.1 Overview ...................................................................................... 93

7.2 Address Filtering ........................................................................ 94

7.2.1 Blocking Senders and/or Recipients – Example ......................... 95

7.3 Content Filtering With Dictionaries .......................................... 97

7.3.1 Setting up Dictionaries ................................................................98

II AntiVir Exchange Server Avira GmbH

Table of Contents

7.3.2 Checking and Denying Text Contents – Example.................... 100

7.4 Spam Filtering With the AntiVir Wall Spam Filtering Job ... 104

7.4.1 Definite No-Spam Criteria ........................................................ 106

7.4.2 Definite Spam Criteria .............................................................. 108

7.4.3 Practical Tips.............................................................................. 108

7.4.4 Spam Filtering – Example.........................................................109

7.4.5 Advanced Spam Filtering ..........................................................117

7.4.6 Manual Spam Filtering Configuration .....................................121

7.5 Spam Filtering With the DCC Spam Filtering Job ................. 122

7.5.1 What is DCC? .............................................................................122

7.5.2 DCC Settings ..............................................................................123

7.5.3 Spam Filtering with DCC – Example .......................................125

7.6 Blocking Images ........................................................................126

7.6.1 Blocking Offensive Images - Example ...................................... 126

7.7 Limiting the Number of Recipients .......................................... 129

7.7.1 Limiting Number of Recipients – Example ..............................129

8 Service ................................................................................................133

8.1 Support ...................................................................................... 133

8.2 Online shop ................................................................................ 133

8.3 Service hotline ........................................................................... 133

9 Appendix ............................................................................................135

9.1 Glossary ..................................................................................... 135

Avira GmbH AntiVir Exchange Server III

Table of Contents

IV AntiVir Exchange Server Avira GmbH

1 About this Manual

In this section you will get an overview of the structure and content of this
manual.

After a short introduction you will get information on the following topics:

z “The Structure of the Manual”
z “Symbols and emphases”

1.1 Introduction

We have enclosed in this manual all the information you need about AntiVir
Exchange Server 2000/2003 and we shall guide you step by step through the con­figuration and operations of this software.

The Appendix contains a comprehensive Glossary, explaining the basic terms used
in the manual.

About this Manual

For further information and assistance, please refer to our Website, to the Hotline
of our Technical Support and to our regular Newsletter (“Service” ).

Your Avira Team

1.2 The Structure of the Manual

Chapter Contents

“About this Manual” The structure of the manual, symbols and

“Avira AntiVir for Exchange ­Product Overview”

“Getting Started” Starting and stopping the software, program

“Installation” Instructions about installing the AntiVir

emphasis.

Overview of the software features and sys­tem requirements.

interface, technical background, notes ini.

Exchange Server 2000/2003 on your system,
system requirements.

“General” Description of the software architecture,

user interface, configuration of the AntiVir
Exchange Management Console and the
AntiVir monitors.

“AntiVir ” Virus scanning, file-and size restrictions in

emails and databases.

Avira GmbH AntiVir Exchange Server 1

About this Manual

Chapter Contents

“AntiVir Wall” Checking and blocking contents using tex-

“Service” Avira GmbH Support and Service.

“Appendix” Glossary, explaining terms and abbreviation

1.3 Symbols and emphases

The following symbols appear in this manual:

Symbol Explanation

The info symbol is used to indicate special points that must be
observed for trouble-free use of your system.

tual analysis, checking senders and recipi­ents, avoiding mailflood, limiting the
number of recipients.

The warning symbol means Attention. Be careful! It indica­tes important passages in the text that must be observed in
order to avoid any loss of data, damage to your system or any
other unpleasant occurrences. Read these passages with parti­cular care and attention.

Here, we give you support on particular problems, we provide
tips and tricks or alternative solutions and special points.

The following emphases are used:

Emphasis Explanation

C:\AntiVirData File names and file paths

Choose component, select
all

http://www.avira.de URLs

“Symbols and emphases” Cross-references within the documents

Elements of the software interface such as
menu items, window titles, buttons in the dia­logue windows

2 AntiVir Exchange Server Avira GmbH

Avira AntiVir for Exchange - Product Overview

2 Avira AntiVir for Exchange - Product Overview

E-mail Lifecycle Management (ELM) is a set of strategies and methods for proces­sing, storing, and managing e-mail , from creation to deletion, in accordance with
business processes and statutory regulations. E-mail Lifecycle Management ensu­res effective business processes in every company. The Avira AntiVir Exchange
from Avira GmbH is the leading software package for E-mail Lifecycle Manage­ment and is the ideal solution for implementing secure and efficient business pro­cesses. With Avira AntiVir Exchange, e-mails pass through all the necessary
processes on a single platform, from encryption and virus protection, anti-spam­ming and content-filtering, to classification and long-term archiving.
E-mail can be controlled and automatically processed throughout its entire lifecy­cle based on specific rules. Third-party archiving systems can be seamlessly incor­porated into Avira AntiVir Exchange and used for audit-proof e-mail archiving.

Consisting of a range of modules that can be used either individually or in combi­nation with each other, Avira AntiVir Exchange represents a highly scaleable, cus­tomizable solution. Using a common security concept, the modules interact
directly with each other to yield an outstanding level of performance and almost
unparalleled security. User-definable notification texts for senders, recipients and
administrators provide transparency. All modules are managed centrally through
a standardized user interface from Notes clients and browsers. Common logs, sta­tistics and fault reports cut down on administration costs.

2.1 AntiVir

AntiVir provides comprehensive protection of your Microsoft Exchange environ­ment from e-mail attacks, viruses and harmful content. Scanning all messages
and databases on the server, it reliably removes all viruses and other potentially
harmful attachments and places them in quarantine.

z Recursive virus scanning of all messages and attachments in real-time,

both event- and time-controlled

z Information Store scanning on every server
z Scans do not affect replication times
z Powerful built-in virus scanner
z Support for automatic virus pattern updates
z Scanning of e-mail message bodies and attachments
z File type identification attachments using unique, tamperproof file finger-

prints or by file extension; detection and blocking of manipulated files

z Definition of file restrictions through combination of filename, file exten-

sion and file size

z Application of file restrictions on archives, for example zip or rar
z Creation and use of user-defined file patterns to ensure exchange of current

information (for example price lists or terms and conditions)

z Automatic detection of new mailboxes
z Virus scanning of encrypted messages in combination with Crypt

Avira GmbH AntiVir Exchange Server 3

Avira AntiVir for Exchange - Product Overview

2.2 AntiVir Wall

Sexual and racist mail, an increasing volume of unsolicited advertising, and ever
new methods of attack by hackers, make it necessary to protect company systems
and employees from these problems. AntiVir Wall provides protection from
misuse and uncontrolled use of e-mail and databases. This module provides com­prehensive protection from spam and junk mail and prevents the sending of con-
fidential information.

z Checking for forbidden, undesired or confidential content according to the

corporate policies

z Blocking of e-mail from specific senders (known spam sources, mailing lists,

etc.) and to specific recipients (for example competitors)

z Analysis of images for undesirable contents (for example pornography) with

the Xblock function

z Use of current spam patterns for fast detection of new spammer tricks
z User-specific, management of whitelists and blacklists on the server for

effective blocking of unwanted mail

z Specification of sender/recipient channels for regulating dedicated e-mail

communications

z User-editable exclusion lists for addresses and content in subject and mes-

sage body

z Flexible notification about blocked messages (direct or time-controlled) to

administration or mail recipient or sender

z User-specific access to quarantined messages
z Central quarantine management, especially efficient in enterprise and

multi-server environments

2.3 AntiVir Wall

The automatic organization and context-based storage of contents, the establish­ment of flexible delivery and distribution mechanisms and the automated inde­xing for die e-mail archiving are examples of the content-sensitive operations that
can be implemented with AntiVir Wall.

z Classification into company-specific e-mail categories
z Automatic classification of messages in one or more categories
z Response management through defined classifications, for example for cus-

z Document protection, for example scanning outbound mail and attach-

tomer support: automatic mail forwarding to qualified operators

ments for relevant information.

4 AntiVir Exchange Server Avira GmbH

3Getting Started

3.1 Installation on an Exchange Server

To install Avira AntiVir Exchange, double-click the file
antivir_exchange_server_2k_de.exe
in the installation package.
Follow the Installation instructions.Unless you specify a different installation
directory, Avira AntiVir Exchange is installed in the default directory, i.e.:

C:\Programme\H+BEDV\AntiVirExchange\ (German)
C:\Program Files\H+BEDV\AntiVirExchange\ (English)

.

Disable any real-time or on-access scan functions of your scan engines for the
...\AntiVirExchange\AntiVirData directory.

For further information on installing the software, see “Installation” on page 9.

Getting Started

3.2 Starting the AntiVir Exchange Management Console

Avira AntiVir Exchange is a server product which is configured through the Anti­Vir Exchange Management Console. The service must be running for the product
to work, also refer to “The AntiVir Service = Enterprise Message Handler (EMH)”

on page 16. To start the Console, select Æ Programs Æ Avira GmbHÆ

AntiVir ExchangeÆ AntiVir Exchange Management Console.

Before the AntiVir Exchange Management Console exits, you are prompted to
save any changes.

Pending changes are indicated by an asterisk (*) next to the top node. You can
save your configuration while you are working in Avira AntiVir Exchange by cli-

cking the button. The configuration settings are saved in the Config-
Data.xml file located in the H+BEDV\AntiVirExchange\Config.

Avira GmbH AntiVir Exchange Server 5

Getting Started

3.3 Configuration in the AntiVir Exchange Management Console

Following the installation, use the AntiVir Exchange Management Console to
make the following settings.

3.3.1 Required Basic Configuration Steps

Basic Configuration is used to define the valid servers, e-mail addresses, shared
templates and utility settings.

1. Under Basic Configuration Æ General Settings in the E-mail addres-
ses tab check the entries for the AntiVir Exchange Administrators and the
internal domains. Refer to “AntiVir Server Settings” on page 24.

3.3.2 Required Policy Configuration Steps

Use the Policy Configuration to define and enable selected jobs according to the
company’s policies.

1. Under Sample jobs, find the template you wish to use.

2. To create a new job, select the template and drag it to the Mail Transport

Jobs folder. Give the job a name and edit its properties. Then, under Pro-
perties, enable the job (Active).

3. Make sure that the jobs are performed in the correct order (see “Job Proces-

sing Sequence” on page 49).

4. Save your changes, also refer to “Starting the AntiVir Exchange Manage-

ment Console” on page 5.

For further information on setting up jobs and company policies, refer to “Policy

Configuration” on page 47.

6 AntiVir Exchange Server Avira GmbH

3.3.3 Recommended Basic Configuration Steps

In the Basic Configuration, it is recommended to define individual settings for
address lists, templates, etc. However, this is not necessary for simply testing the
system.

1. Configure the Address lists (for selections in job rules) under General
Settings.

2. Where required, change the standard templates under General Settings.

3. Under Utility Settings, configure any accessories required, e.g. dictiona-
ries and DCC servers (for AntiVir Wall), fingerprints.

For further information on Basic Configuration please refer to “Basic Configura-

tion” on page 23. Module-specific settings are described in the corresponding sec-

tions:

z “AntiVir” on page 59,
z “AntiVir Wall” on page 93.

For information on further customizing options, refer to “Configuration in the

Avira AntiVir Exchange Management Console” on page 23.

Getting Started

3.3.4 Virus Scanning in Exchange Databases

Under Information Store Jobs, you can enter appropriate settings for each
AntiVir server separately. It is not possible to create Informations Store jobs. A
new Information Store job is automatically provided whenever a new server is
specified. If the server is removed, the Information Store job will also be deleted.
For further details on Information Store jobs, please refer to “Scanning in the

Information Store” on page 61.

3.4 Observing Data in AntiVir Monitor

After having saved your settings, use the AntiVir Monitor to monitor the opera-
tion of Avira AntiVir Exchange. With the AntiVir Monitor, you can view current
data in real-time and manage, for example, the Quarantines of the configured
AntiVir servers. For details refer to Section “AntiVir Monitor” on page 50.

Avira GmbH AntiVir Exchange Server 7

Getting Started

8 AntiVir Exchange Server Avira GmbH

4 Installation

4.1 System Requirements

To install Avira AntiVir Exchange, your system must meet the following require­ments:

z CD-ROM drive or network access
z RAM: Domino recommendation plus additional 64 MB
z Hard disk: at least 400 MB for installation
z Microsoft .NET Framework 1.1
z Operating systems:

– Windows 2000 Server from Service Pack 4
– Windows 2000 Advanced Server from Service Pack 4
– Windows Server 2003
– SBS 2003

z Exchange Server:

– MS Domino Server 2000 from Service Pack 4
– MS Domino Server 2000 Enterprise Edition from Service Pack 4
– MS Domino Server 2003 SP2

z User Rights

– User logged on to Active Directory with Administration rights for the

Active Directory

Installation

Disable any real-time or on-access scan functions of your scan engines for the
...\AntiVirExchange\AntiVirData directory.

4.2 Installation of Virus Scanners

The Avira AntiVir scan engine can optionally be installed together with Avira
AntiVir. The AntiVir scan engine is fully preconfigured and ready for immediate
use. A virus scanning job that uses AntiVir is supplied and needs only to be enab­led.

Avira AntiVir Exchange also supports virus scanners from other manufacturers.
However, these virus scanners are not supplied with Avira AntiVir Exchange. To
use a scan engine other than AntiVir, you must install it on your server before
using Avira AntiVir Exchange.

Disable any real-time or on-access scan functions of your scan engines for the
...\AntiVirExchange\AntiVirData directory.

Avira GmbH AntiVir Exchange Server 9

Installation

4.3 Execution

4.3.1 Installation of Avira AntiVir Exchange on an Exchange Server

From the installation package, call (double-click) the file
setup_AntiVir_<Version No>_<Build No>.exe.

1. First select the Setup language. Then select the desired product version and
language. The selected product language applies to the user interface and
for the notifications sent to the users by Avira AntiVir Exchange.

2. In the window displayed next, accept the License Agreement and click Next
to continue.

3. In the next dialogue, select the features to be installed. This selection inclu­des all server components and the AntiVir Exchange Management Console:

1

In case another Information Store Scan application
the feature will be disabled. If you wish to use Avira AntiVir Exchange Information
Store Scan, the other application has to be uninstalled first.

4. Click Next.

is already run on the server,

1. Information Store Scan applications are programs that use the Microsoft
interface for virus scanners (VSAPI).

10 AntiVir Exchange Server Avira GmbH

Installation

In case you have defined two or more virtual servers, you will now be
prompted for the active virtual server on which Avira AntiVir Exchange is to
be registered:

5. In the next screen, you have to specify the path of the configuration file:

6. If you do not operate Avira AntiVir Exchange on several servers and want to

work with a central configuration file for administration purposes1, confirm
the default setting and click Next.

7. In the next dialog, specify the Administrator’s e-mail address:

1. See also “Installation in Cluster” on page 12

Avira GmbH AntiVir Exchange Server 11

Installation

8. A summary of your settings is now displayed:

9. Now disable the on-access scanners for the ...\AntiVirData directory,
unless you have already done so.

10.Check your configuration settings.
These settings will be added as standard entries to the configuration of the
AntiVir server. For details refer to “AntiVir Server Settings” on page 24.

11.Follow the instructions on screen and click Install. AntiVir is installed to
the following directory:

<LW>:\<Std.progr.direct>\AviraGmbH\AntiVirExchange\

When you click Finish in the final dialog, Avira AntiVir Exchange is fully
installed.

If you are interested in a solution for multi-server environments please contact:

support@avira.com.

4.4 Installation in Cluster

If you are interested in a solution for cluster please contact: support@avira.com.

4.5 Uninstallation of Avira AntiVir Exchange for Exchange

Click and select

1. Settings Æ Control Panel Æ Software.

2. Select the Avira AntiVir Exchange Server 2000/2003.

3. Click Change to call the Setup.

4. In the Welcome window, click Next.

5. In the selection dialogue, click Remove program.

6. Click Next and confirm with Remove.

The Setup then uninstalls Avira AntiVir Exchange without removing your confi­guration and the Quarantine data. A decision concerning this data can be taken
separately after completing the uninstallation:

12 AntiVir Exchange Server Avira GmbH

Click No if you want to keep your configuration and Quarantine data and Yes if all
Avira AntiVir Exchange components are to be deleted.

4.6 Insert Licence File

Copy the licence file into the directory C:\Program Files\H+BEDV\Anti­Vir Exchange\Licence.

Restart the service AntiVir for Exchange to actually activate the licence.

Installation

Avira GmbH AntiVir Exchange Server 13

Installation

14 AntiVir Exchange Server Avira GmbH

5 General

5.1 The Architecture of Avira AntiVir Exchange

Avira AntiVir for Exchange consists of three main components:

z AntiVir Exchange Management Console
z AntiVir Server
z AntiVir Exchange Configuration (Also refer to

“Configuration in the Avira AntiVir Exchange Management Console” on
page 23).

5.1.1 AntiVir Exchange Management Console

The AntiVir Exchange Management Console is the "cockpit" from where Avira
AntiVir Exchange is configured and administered. It is a so-called "Snap-In" for
the MMC. The AntiVir Exchange Management Console can be used to administer
individual Exchange server with AntiVir Exchange installed as well as entire "Anti­Vir server farm". This simplifies daily administration tasks, in particular in a
multi-server environment. With the AntiVir Exchange Management Console, the
Administrator has access to all configuration information needed and the AntiVir
Monitor (Quarantine) of the AntiVir servers.

General

Two different access methods are used for configuring the system and for acces­sing the quarantine.

1. Standard Windows file access
Windows file access is used for accessing the AntiVir Exchange configura­tion file, for example for changing the security settings. The AntiVir
Exchange configuration file can be available locally or accessible through a

Universal Naming Convention (UNC) path.

2. SOAP and SSL
The AntiVir Monitor (see “AntiVir Monitor” on page 50) is accessed through
SOAP and SSL using a permanently assigned communication port.

The AntiVir Exchange Management Console supports two operating modes.

1. Local Administration
Here, AntiVir Exchange Management Console is run directly on the
Exchange server on which all components of AntiVir Exchange are installed.
This mode is suited for smaller systems and for managing the server locally.

2. Remote Administration
In this case, the AntiVir Exchange Management Console is not installed on
the Exchange server, but on a client.

Avira GmbH AntiVir Exchange Server 15

General

The AntiVir Exchange Management Console can run under the following cli­ent operating systems:

– Windows 2000 Professional
– Windows 2003
– Windows XP Professional

Remote administration is suited for central administration in multi-server envi­ronments, with the AntiVir Exchange Management Console accessing one or
more Exchange servers to configure and administer AntiVir Exchange.

5.1.2 The AntiVir Server

All of the functions and processes of the AntiVir Exchange which run exclusively
on the Exchange Server are referrd to as AntiVir Server. The AntiVir Server can be
installed in simple environments as well as in front-end/back-end environments.
It is divided into different sections.

5.1.3 The Grabber

The Grabber is a process ensuring that all messages, schedule queries, etc. sent,
received or routed by the Exchange server are grabbed. The SMTP protocol is used
for transporting e-mail, schedule queries, etc. The entire e-mail traffic is chan­neled through the SMTP Advanced Queue (a part of the SMTP protocol), regard­less of whether the mail is internal (between mailboxes on the same server or
mailbox store), inbound or outbound.

All messages must go through the Advanced Queue.

The Grabber is “latched in” to this Advanced Queue. As a registered event sink, it
monitors the mail traffic and routes all relevant information to the AntiVir
Exchange Service – the second component of Server. Each message is held there
until the AntiVir Server has finished processing it.

Internal Exchange information, for instance replication messages, are recogni­zed as such by the Grabber and left in the Exchange system unchanged.

5.1.4 The AntiVir Service = Enterprise Message Handler (EMH)

As Windows service, the AntiVir Exchange service is started on a permanent basis
and uses all information provided by the Grabber. From then on, the subsequent
processing through AntiVir Exchange is entirely monitored and controlled by the
AntiVir Exchange service. If the AntiVir Exchange service is stopped, the AntiVir
Exchange security functions are switched off. The AntiVir Exchange service has
access to all information required, including, for instance:

z the configured AntiVir jobs,
z the installed AntiVir Exchange license,
z the Active Directory,
z the AntiVir Quarantine

16 AntiVir Exchange Server Avira GmbH

Using this information, it scans messages for viruses, identifies and quarantines
spam and adds legal liability disclaimers.

After processing is complete, the AntiVir Exchange service returns the e-mails to
the Exchange server.

5.1.4.1 AntiVir Quarantine

Virus-infected or other undesirable messages can optionally be stopped on the
server to prevent them reaching their intended recipients. These messages are
instead placed in the AntiVir Quarantine. Several default quarantines are set up
on each AntiVir server during installation. The administrator can set up additio­nal quarantines.

AntiVir quarantines consist of

z a quarantine directory on the Exchange server

(...\AntiVirData\Quarantine\Default-Quarantine),

z the messages copied into the quarantine,
z a quarantine database (LocIdxDB.mdb).

General

For each e-mail quarantined e-mail, Avira AntiVir Exchange automatically creates
an entry in the Quarantine database, a Microsoft Access file.

The following information is stored in that database:

z Message Subject line
z Date and time
z Message sender
z Message recipient
z Short description of the applicable restriction
z Message size
z Name of the AntiVir job that quarantined the message
z Name of the Exchange server
z Name of the mail file
z Processing history

When you view an AntiVir Quarantine using the AntiVir Exchange Management
Console, the information from the Quarantine database is shown first. When you
open a Quarantine entry, further information is read from the message file.

For communicating with the Quarantine, AntiVir uses SOAP (Simple Object
Access Protocol) and SSL (Secure Socket Layer). This applies both to local access
directly on the server and to access from remote Windows workstations. By
default, port 8008 is used for communications. You can change this port in the
AntiVir Exchange Management Console (AntiVir Servers node), but you
must then also make this change in all other AntiVir Exchange Management Con­soles that access the server. All stations must use the same port. SSL is used to
encrypt the SOAP communications channel. The required components are inclu­ded with the package.

Avira GmbH AntiVir Exchange Server 17

General

Only authorized persons have access to the AntiVir quarantines via the network.
The user privileges are set through the properties of the file access.acl
(...\H+BEDV\AntiVirExchange\AppData\). These privileges are che-
cked by the AntiVir Exchange service. If not logged on to the server, you must
authenticate yourself when calling the Quarantine for the first time. The authen-
tication information is temporarily stored so that subsequent calls (in particular
of other quarantines) use the same login information. If that fails, a user name
and password input dialog appears.

For successful access, the following conditions must be fulfilled:

z The AntiVir Exchange service is running.
z The communication port (default: 8008) is available.
z The station’s name can be resolved and accessed through TCP/IP.
z The user has the required Windows user rights.

5.1.4.2 Active Directory / LDIF

Avira AntiVir Exchange does not make any changes or additions to the Active
Directory. However, Avira AntiVir Exchange does read various information from
the Active Directory.

When started, the AntiVir Exchange service determines the available Global Cata­log server, which is used, for example, for resolving addresses in distribution lists
during e-mail processing.

The AntiVir Exchange Management Console uses the Active Directory to select
sender/recipient conditions.

If an Active Directory is not available – for example because the corresponding
ports are not open – an LDIF file can be used. This can, for example, be created
through an LDAP export from an Active Directory, an Exchange 5.5 user directory
or a Notes Name and Address Book (NAB).

5.1.4.3 Compressed Files and Archives: The Avira AntiVir Exchange Unpacker

Files are often compressed (zipped) before being sent by e-mail. To allow com­pressed files to be scanned for viruses, Avira AntiVir Exchange unpacks the files
before running the scan. An unpacker is automatically installed with Avira AntiVir
Exchange.

The unpacker supports the following archive formats:

z ACE
z CAB
z ZIP
z Selfextracting ZIP
z ARJ
z Selfextracting ARJ
z TAR
z GZIP
z TGZ (Tape archive)
z UUE (Executable compressed ASCII archive)

18 AntiVir Exchange Server Avira GmbH

z LZH (LH ARC)
z RAR
z Selfextracting RAR
z Java Archive (.jar)
z BZIP2

Archives can themselves contain further archives. These recursively com­pressed files are by default decompressed to a nesting depth of five levels. All
archives exceeding this nesting depth are moved to the badmail folder (see

“Badmail” on page 56).

The standard upper limit for an e-mail including unpacked files is 500 MB. Such
a limit is particularly important to handle so-called "ZIP of Death" attacks.
You can change the recursion depth and the space restriction on the console
under AntiVir Servers Æ Properties Æ General tab.

5.1.5 Avira AntiVir Exchange Configuration Settings

All information required to run Avira AntiVir Exchange is saved in the Avira Anti­Vir Exchange configuration file, an XML file named ConfigData.xml.

General

The structure of the ConfigData.xml file is similar to that of a database: various
entries exist for each configuration area. Since all configuration settings are
stored in a single file, the configuration can be easily distributed and backed up. If
you have a problem with the configuration, you can simply send the Config-
Data.xml file to the Avira Support team for assistance.

The configuration settings are needed by both the AntiVir server and the AntiVir
Exchange Management Console. The AntiVir server needs it, for example, for
information on the AntiVir jobs to be carried out. To make changes to the configu­ration with the console, the console must be able to access the ConfigData.xml
file. The configuration file can be placed both in a local directory and on a shared
network path. The Avira AntiVir Exchange configuration used by the AntiVir
Exchange Management Console and the AntiVir server is specified through an
entry in the Registry. The path to the configuration file can be entered in the for-

mat C:\..... or as UNC path (\\Servername\Share\Config-

Data.xml). If the specified Avira AntiVir Exchange configuration file is not
available, Avira AntiVir Exchange uses the "last known good" configuration, which
is logged in the Windows events log. The last known good configuration is saved
locally for each server and is updated whenever the Avira AntiVir Exchange confi­guration is changed and access from the Avira AntiVir Exchange configuration file
to the last know good configuration is possible.

To open a non-standard configuration with the Console, you must specify the
file with a special parameter. Run Avira.msc file with the parameter config and
the desired configuration file. For example:

"C:\Programme\Avira GmbH\AntiVir Exchange\Avira.msc"
config "C:\OtherDirectory\Directory\ConfigData.xml"

You can also specify a UNC path here.

Avira GmbH AntiVir Exchange Server 19

General

For detailed instructions for customizing the Avira AntiVir Exchange configura­tion, refer to “Configuration in the Avira AntiVir Exchange Management Console”

on page 23.

5.2 Message Processing Sequence

The sequence is as follows:

1. An e-mail message arrives at the mail server.

2. The e-mail is intercepted from the SMTP Advanced Queue by the Grabber.

3. The Enterprise Message Handler (EMH) [= AntiVir Exchange Service] fet­ches the mail for processing.

4. According to the configuration settings, the EMH checks whether or not the
e-mail is to be processed by Avira AntiVir Exchange.

5. Messages to be processed are dealt with as specified in the configuration
settings (jobs by priority).

6. When processing is complete, the EMH releases the e-mail and, if applicable,
modifies the e-mail as configured.

5.3 User Interface

After you have opened Avira AntiVir Exchange, select Basic Configuration,
Policy Configuration or AntiVir Monitor in the left column. The right window

then shows the corresponding subfolder. To view the online help, click on the
toolbar or select Help in the Action menu

.

20 AntiVir Exchange Server Avira GmbH

5.3.1 The Toolbar

General

Previous

Next

Up one level

Properties of the selected item

Update view

Export list

Help

Save

Move up one position

Move down one position

5.3.2 The Icons

Enable job

Disable job

New item

Set filter in quarantine/badmail

Disable filter in quarantine/bad-

mail

AntiVir Exchange Management Start console and logo.

Basic Configuration for general settings for all modules

Node for Global settings.

The address list folder.

An individual AntiVir address list (orange collar). Included by

default in Avira AntiVir Exchange, cannot be edited.

An individual user-defined address list (yellow collar). Created by

the user and configurable under Properties.

The Notification Templates folder, which contains the individual

templates notification for each job type and recipient.

An individual notification template; configurable under Proper-

ties.

Avira GmbH AntiVir Exchange Server 21

General

A list of all AntiVir servers, in which you can add, remove and config-

ure servers. The common server properties are defined under General

Settings ‡ AntiVir Servers Settings. konfiguriert. Alternatively,

right-click AntiVir Servers ‡ Properties. This includes the default

e-mail addresses and the internal domain(s).

General AntiVir Servers settings under the node General Settings

in the right window section.

Folder Settings and Utility Settings. Folder Settings contains the

quarantines, while Utility Settings contains all add-ons, such as

virus scanners.

The Quarantine folder structure, which contains all quarantine fold-

ers.

An individual quarantine folder; configurable under Properties.

The Fingerprints folder.

A logically linked fingerprint group.

An individual fingerprint; configurable under Properties.

The folder for the dictionaries used for content filtering.

An individual dictionary; configurable under Properties.

DCC Folder

A single DCC configuration.

Policy Configuration for configuring individual jobs according to the

company policy.

Folder for sample jobs; contains sample jobs for each job type.

An AntiVir with different job types, configurable under Properties.

An AntiVir with different job types, configurable under Properties.

The AntiVir Monitor for viewing all quarantine folders on each avail-

able server. The quarantine folders contain the copies of original mes-

sages including attachments.

The Quarantine folders with original messages for viewing, including

detailed information for each message.

A single quarantined item.

An invalid quarantined item.

A resent quarantined item.

22 AntiVir Exchange Server Avira GmbH

General

Information Store quarantine item.

Time and weekday of quarantine maintenance.

Folder for reports supplied with AntiVir.

Individual AntiVir report.

5.4 Configuration in the Avira AntiVir Exchange Management Con­sole

The AntiVir Exchange Management Console window consists of three sections:

z Basic Configuration

The Basic Configuration is used for general settings and the essential basic
settings of the modules.

z Policy Configuration

The Policy Configuration is used to implement the company policies by
way of jobs.

z AntiVir Monitor

The AntiVir Monitor allows to view the Quarantine areas on each available
server as well as detailed information on the mails quarantined there.

5.5 Basic Configuration

In the Basic Configuration, you can make

z the general settings, such as:

– Adress lists,
– Notification Templates
–all Folders (such as the Quarantines)

z and Utilities:

– dictionaries and the DCC server for content checking,
– Fingerprints for blocking attachments,
– the virus scanners and
– unpackers

5.5.1 Configuration Reports

The configuration reports provide an overview of the current configuration:

1. Right-click on Basic Configuration.

2. Click All AufgabenÆ Show configuration reports ...

3. A list of all configuration reports is displayed:

Avira GmbH AntiVir Exchange Server 23

General

Click on the desired report and then on Display report: . The report is
opened as HTML file in the browser. Click Preview Report for a pre­view of the printed report.

Click Save Report to save the selected report as HTML file.

5.5.2 Import Configuration

To update any of the above elements and items, such as dictionaries and finger­prints, with a new version, select Basic Configuration Æ All Tasks Æ Import
Configuration and select the XML file provided by Avira GmbH

This function updates only individual jobs, not the complete configuration
(ConfigData.xml).

Before you update a Basic Configuration object, make a backup copy of the exis­ting object. The new version replaces the old one, overwriting any user-defined
settings.

5.5.3 AntiVir Server Settings

The AntiVir Server Settings option is used to configure the standard settings
for all AntiVir servers
for details refer to “Individual Server Settings” on page 27.

Select Basic Configuration Æ General Settings, in the right window section
click on AntiVir Server Settings and select Properties from the context menu
(right-click) or open the Properties with a double-click. As an alternative, in the
left window section under Basic Configuration, right-click on AntiVir Servers
to open the Properties.

1

. Additionally, each server can be configured individually;

1. For background information refer to “The AntiVir Server” on page 16.

24 AntiVir Exchange Server Avira GmbH