Eset Mail Security 4 for Microsoft Exchange Server User Guide

ESET Mail Security 4
for Microsoft Exchange Server
User Guide
Microsoft® Windows® Server 2000 / 2003 / 2008
ESET Mail Security
Copyright © 2010 by ESET, spol. s.r.o.
ESET Mail Security was developed by ESET, spol. s r.o. For more information visit www.eset.com. All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without permission in writing from the author. ESET, spol. s r.o. reserves the right to change any of the described application software without prior notice.
Customer Care Worldwide: www.eset.eu/support Customer Care North America: www.eset.com/support
REV. 10. 3. 2010
Contents
................................................4
1. Introduction
........................................................................4System requirements1.1
........................................................................4Methods used1.2
..............................................................................4Mailbox scanning via VSAPI1.2.1
..............................................................................4Message filtering on the SMTP server level1.2.2
........................................................................4Types of protection1.3
..............................................................................4Antivirus protection1.3.1
..............................................................................4Antispam protection1.3.2
..............................................................................5Application of user-defined rules1.3.3
................................................6
2. Installation
........................................................................6Typical Installation2.1
........................................................................7Custom Installation2.2
........................................................................9License2.3
........................................................................9Post-Installation Configuration2.4
................................................11
3. Update
........................................................................11Proxy server setup3.1
4. ESET Mail Security - Microsoft
................................................12
Exchange Server protection
........................................................................12General settings4.1
..............................................................................12Rules4.1.1
..............................................................................12Adding new rules4.1.1.1
..............................................................................13Actions4.1.1.2
..............................................................................13Log files4.1.2
..............................................................................13Message quarantine4.1.3
..............................................................................14Adding a new quarantine rule4.1.3.1
..............................................................................14Performance4.1.4
..............................................................................14Transport Agent4.1.5
........................................................................15Antivirus and antispyware settings4.2
4.2.4
4.2.4.4
........................................................................20Antispam settings4.3
........................................................................22FAQ4.4
..............................................................................15Actions4.2.1
..............................................................................15Alerts and notifications4.2.2
..............................................................................16Performance4.2.3
Virus-Scanning Application Programming
..............................................................................16
Interface (VSAPI)
..............................................................................16Microsoft Exchange Server 5.5 (VSAPI 1.0)4.2.4.1
.............................................................................16Actions4.2.4.1.1
.............................................................................16Performance4.2.4.1.2
..............................................................................17Microsoft Exchange Server 2000 (VSAPI 2.0)4.2.4.2
.............................................................................17Actions4.2.4.2.1
.............................................................................17Performance4.2.4.2.2
..............................................................................18Microsoft Exchange Server 2003 (VSAPI 2.5)4.2.4.3
.............................................................................18Actions4.2.4.3.1
.............................................................................19Performance4.2.4.3.2
Microsoft Exchange Server 2007/2010 (VSAPI
..............................................................................19
2.6)
.............................................................................19Actions4.2.4.4.1
.............................................................................20Performance4.2.4.4.2
..............................................................................20Transport Agent4.2.5
..............................................................................20Antispam engine parameter setup4.3.1
..............................................................................21Alerts and notifications4.3.2
..............................................................................21Transport Agent4.3.3
1. Introduction
1.2.1 Mailbox scanning via VSAPI
ESET Mail Security 4 for Microsoft Exchange Server is an integrated solution protecting user mailboxes from various types of malware content (most often they are email attachments infected by worms or trojans, documents containing harmful scripts, phishing, spam etc.). ESET Mail Security provides three types of protection: Antivirus, Antispam and application of user­defined rules. ESET Mail Security filters the malicious content on the mailserver level, before it arrives in the addressee’s email client inbox.
ESET Mail Security supports Microsoft Exchange Server versions 5.5 and later, in addition to Microsoft Exchange Server in a cluster environment. In newer versions (Microsoft Exchange Server 2007 and later), specific roles (mailbox, hub, edge) are also supported. You can remotely manage ESET Mail Security in larger networks with the help of ESET Remote Administrator.
As far as functionality is concerned, ESET Mail Security is very similar to ESET NOD32 Antivirus 4.0. It has all the tools necessary to ensure protection of the server-as­client (resident protection, web-access protection, email client protection and antispam), while providing Microsoft Exchange Server protection.
1.1 System requirements
Supported Operating Systems:
The mailbox scanning process is triggered and controlled by the Microsoft Exchange Server. Emails in the Microsoft Exchange Server store database are scanned continuously. Depending on the version of Microsoft Exchange Server, the VSAPI interface version and the user-defined settings, the scanning process can be triggered in any of the following situations:
When the user accesses email, e.g. in an email client (email is always scanned with the latest virus signature database)
In the background, when use of the Microsoft Exchange Server is low
Proactively (based on the Microsoft Exchange Server’s inner algorithm)
The VSAPI interface is currently used for antivirus scan and rule-based protection.
1.2.2 Message filtering on the SMTP server level
SMTP server-level filtering is secured by a specialized plugin. In Microsoft Exchange Server 2000 and 2003, the plugin in question (Event Sink) is registered on the SMTP server as a part of Internet Information Services (IIS). In Microsoft Exchange Server 2007/2010, the plugin is registered as a transport agent on the Edge or the Hub roles of the Microsoft Exchange Server.
Microsoft Windows 2000 Server Microsoft Windows 2003 Server (x86 and x64) Microsoft Windows 2008 Server (x86 and x64) Microsoft Windows 2008 Server R2
Supported Microsoft Exchange Server versions:
Microsoft Exchange Server 5.5 SP3, SP4 Microsoft Exchange Server 2000 SP1, SP2, SP3 Microsoft Exchange Server 2003 SP1, SP2 Microsoft Exchange Server 2007 SP1, SP2 Microsoft Exchange Server 2010
Hardware requirements depend on the operating system version and the version of Microsoft Exchange Server in use. We recommend reading the Microsoft Exchange Server product documentation for more detailed information on hardware requirements.
1.2 Methods used
Two independent methods are used to scan email messages:
Mailbox scanning via VSAPI Message filtering on the SMTP server level
4
4
SMTP server-level filtering by a transport agent provides protection in the form of antivirus, antispam and user­defined rules. As opposed to VSAPI filtering, the SMTP server-level filtering is performed before the scanned email arrives in the Microsoft Exchange Server mailbox.
1.3 Types of protection
There are three types of protection:
1.3.1 Antivirus protection
Antivirus protection is one of the basic functions of the ESET Mail Security product. It guards against malicious system attacks by controlling file, email and Internet communication. If a threat with malicious code is detected, the Antivirus module can eliminate it by first blocking it and then cleaning, deleting or moving it to quarantine.
1.3.2 Antispam protection
Antispam protection integrates several technologies (RBL, DNSBL, Fingerprinting, Reputation checking, Content analysis, Bayesian filtering, Rules, Manual whitelisting/blacklisting, etc.) to achieve maximum detection of email threats. The antispam scanning core’s output is the spam probability value of the given email message expressed as a percentage (0 to 100). Values of 90 and above are considered sufficient for ESET Mail Security to classify an email as spam.
Another component of the antispam protection module
4
is the Greylisting technique (disabled by default). The technique relies on the RFC 821 specification, which states that since SMTP is considered an unreliable transport, every message transfer agent (MTA) should repeatedly attempt to deliver an email after encountering a temporary delivery failure. A substantial part of spam consists of one-time deliveries (using specialized tools) to a bulk list of email addresses generated automatically. A server employing Greylisting calculates a control value (hash) for the envelope sender address, the envelope recipient address and the IP address of the sending MTA. If the server cannot find the control value for the triplet within its own database, it refuses to accept the message, returning a temporary failure code (temporary failure, for example, 451). A legitimate server will attempt a redelivery of the message after a variable time period. The triplet’s control value will be stored in the database of verified connections on the second attempt, allowing any email with relevant characteristics to be delivered from then on.
1.3.3 Application of user-defined rules
Protection based on user-defined rules is available for scanning with both the VSAPI and the transport agent. You can use the ESET Mail Security user interface to create individual rules that may also be combined. If one rule uses multiple conditions, the conditions will be linked using the logical operator AND. Consequently, the rule will be executed only if all its conditions are fullfilled. If multiple rules are created, the logical operator OR will be applied, meaning the program will run the first rule for which the conditions are met.
In the scanning sequence, the first technique used is greylisting - if it is enabled. Consequent procedures will always execute the following techniques: protection based on user-defined rules, followed by an antivirus scan and, lastly, an antispam scan.
5
2. Installation
After purchase, the ESET Mail Security installer can be downloaded from ESET’s website as an .msi package. Once you launch the installer, the installation wizard will guide you through the basic setup. There are two types of installation available with different levels of setup details:
1. Typical Installation
2. Custom Installation
Enter your Username and Password, i.e., the authentication data you received after the purchase or registration of the product, into the corresponding fields. If you do not currently have your username and password available, authentication data can be inserted at any time, directly from the program.
In the next step - License Manager - Add the license file delivered via email after product purchase.
2.1 Typical Installation
Typical installation provides configuration options appropriate for most users. The settings provide excellent security coupled with ease of use and high system performance. Typical installation is the default option and is recommended if you do not have the particular requirements for specific settings.
After selecting the installation mode and clicking Next, you will be prompted to enter your username and password for automatic updates of the program. This plays a significant role in providing constant protection of your system.
The next step is configuration of the ThreatSense.Net Early Warning System. The ThreatSense.Net Early Warning System helps ensure that ESET is immediately and continuously informed about new infiltrations in order to quickly protect its customers. The system allows for submission of new threats to ESET‘s Threat Lab, where they are analyzed, processed and added to the virus signature database.
By default, the Enable ThreatSense.Net Early Warning System option is selected, which will activate this feature. Click Advanced setup... to modify detailed settings for the submission of suspicious files.
The next step in the installation process is to configure Detection of potentially unwanted applications. Potentially unwanted applications are not necessarily malicious, but can often negatively affect the behavior of
6
your operating system.
These applications are often bundled with other programs and may be difficult to notice during the installation process. Although these applications usually display a notification during installation, they can easily be installed without your consent.
Next, Enter your Username and Password. This step is the same as in Typical installation (see “Typical installation” ).
6
In the next step - License Manager - Add the license file delivered via email after the product purchase.
Select the Enable detection of potentially unwanted applications option to allow ESET Mail Security to detect this type of threat (recommended). The final step in Typical installation mode is to confirm installation by clicking the Install button.
2.2 Custom Installation
After entering your username and password, click Next to proceed to Configure your Internet connection.
Custom installation is designed for users who have experience with fine-tuning programs and who wish to modify advanced settings during installation.
After selecting the installation mode and clicking Next, you will be prompted to select a destination location for the installation. By default, the program installs in C:\Program Files\ESET\ESET Mail Security\. Click Browse… to change this location (not recommended).
7
Loading...
+ 16 hidden pages