Eset Mail Security 4 for Microsoft Exchange Server User Guide
ESET Mail Security 4
for Microsoft Exchange Server
User Guide
Microsoft® Windows® Server 2000 / 2003 / 2008
ESET Mail Security
Copyright © 2010 by ESET, spol. s.r.o.
ESET Mail Security was developed by ESET, spol. s r.o.
For more information visit www.eset.com.
All rights reserved. No part of this documentation may be
reproduced, stored in a retrieval system or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording,
scanning, or otherwise without permission in writing from the
author.
ESET, spol. s r.o. reserves the right to change any of the described
application software without prior notice.
Customer Care Worldwide: www.eset.eu/support
Customer Care North America: www.eset.com/support
REV. 10. 3. 2010
Contents
................................................4
1. Introduction
........................................................................4System requirements1.1
........................................................................4Methods used1.2
..............................................................................4Mailbox scanning via VSAPI1.2.1
..............................................................................4Message filtering on the SMTP server level1.2.2
........................................................................4Types of protection1.3
..............................................................................4Antivirus protection1.3.1
..............................................................................4Antispam protection1.3.2
..............................................................................5Application of user-defined rules1.3.3
................................................6
2. Installation
........................................................................6Typical Installation2.1
........................................................................7Custom Installation2.2
........................................................................9License2.3
........................................................................9Post-Installation Configuration2.4
................................................11
3. Update
........................................................................11Proxy server setup3.1
4. ESET Mail Security - Microsoft
................................................12
Exchange Server protection
........................................................................12General settings4.1
..............................................................................12Rules4.1.1
..............................................................................12Adding new rules4.1.1.1
..............................................................................13Actions4.1.1.2
..............................................................................13Log files4.1.2
..............................................................................13Message quarantine4.1.3
..............................................................................14Adding a new quarantine rule4.1.3.1
..............................................................................14Performance4.1.4
..............................................................................14Transport Agent4.1.5
........................................................................15Antivirus and antispyware settings4.2
4.2.4
4.2.4.4
........................................................................20Antispam settings4.3
........................................................................22FAQ4.4
..............................................................................15Actions4.2.1
..............................................................................15Alerts and notifications4.2.2
..............................................................................16Performance4.2.3
Virus-Scanning Application Programming
..............................................................................16
Interface (VSAPI)
..............................................................................16Microsoft Exchange Server 5.5 (VSAPI 1.0)4.2.4.1
.............................................................................16Actions4.2.4.1.1
.............................................................................16Performance4.2.4.1.2
..............................................................................17Microsoft Exchange Server 2000 (VSAPI 2.0)4.2.4.2
.............................................................................17Actions4.2.4.2.1
.............................................................................17Performance4.2.4.2.2
..............................................................................18Microsoft Exchange Server 2003 (VSAPI 2.5)4.2.4.3
.............................................................................18Actions4.2.4.3.1
.............................................................................19Performance4.2.4.3.2
Microsoft Exchange Server 2007/2010 (VSAPI
..............................................................................19
2.6)
.............................................................................19Actions4.2.4.4.1
.............................................................................20Performance4.2.4.4.2
..............................................................................20Transport Agent4.2.5
..............................................................................20Antispam engine parameter setup4.3.1
..............................................................................21Alerts and notifications4.3.2
..............................................................................21Transport Agent4.3.3
1. Introduction
1.2.1 Mailbox scanning via VSAPI
ESET Mail Security 4 for Microsoft Exchange Server is an
integrated solution protecting user mailboxes from
various types of malware content (most often they are
email attachments infected by worms or trojans,
documents containing harmful scripts, phishing, spam
etc.). ESET Mail Security provides three types of
protection: Antivirus, Antispam and application of userdefined rules. ESET Mail Security filters the malicious
content on the mailserver level, before it arrives in the
addressee’s email client inbox.
ESET Mail Security supports Microsoft Exchange Server
versions 5.5 and later, in addition to Microsoft Exchange
Server in a cluster environment. In newer versions
(Microsoft Exchange Server 2007 and later), specific roles
(mailbox, hub, edge) are also supported. You can
remotely manage ESET Mail Security in larger networks
with the help of ESET Remote Administrator.
As far as functionality is concerned, ESET Mail Security is
very similar to ESET NOD32 Antivirus 4.0. It has all the
tools necessary to ensure protection of the server-asclient (resident protection, web-access protection, email
client protection and antispam), while providing
Microsoft Exchange Server protection.
1.1 System requirements
Supported Operating Systems:
The mailbox scanning process is triggered and controlled
by the Microsoft Exchange Server. Emails in the Microsoft
Exchange Server store database are scanned
continuously. Depending on the version of Microsoft
Exchange Server, the VSAPI interface version and the
user-defined settings, the scanning process can be
triggered in any of the following situations:
When the user accesses email, e.g. in an email client
(email is always scanned with the latest virus signature
database)
In the background, when use of the Microsoft
Exchange Server is low
Proactively (based on the Microsoft Exchange Server’s
inner algorithm)
The VSAPI interface is currently used for antivirus scan
and rule-based protection.
1.2.2 Message filtering on the SMTP server level
SMTP server-level filtering is secured by a specialized
plugin. In Microsoft Exchange Server 2000 and 2003, the
plugin in question (Event Sink) is registered on the SMTP
server as a part of Internet Information Services (IIS). In
Microsoft Exchange Server 2007/2010, the plugin is
registered as a transport agent on the Edge or the Hub
roles of the Microsoft Exchange Server.
Microsoft Windows 2000 Server
Microsoft Windows 2003 Server (x86 and x64)
Microsoft Windows 2008 Server (x86 and x64)
Microsoft Windows 2008 Server R2
Supported Microsoft Exchange Server versions:
Microsoft Exchange Server 5.5 SP3, SP4
Microsoft Exchange Server 2000 SP1, SP2, SP3
Microsoft Exchange Server 2003 SP1, SP2
Microsoft Exchange Server 2007 SP1, SP2
Microsoft Exchange Server 2010
Hardware requirements depend on the operating system
version and the version of Microsoft Exchange Server in
use. We recommend reading the Microsoft Exchange
Server product documentation for more detailed
information on hardware requirements.
1.2 Methods used
Two independent methods are used to scan email
messages:
Mailbox scanning via VSAPI
Message filtering on the SMTP server level
4
4
SMTP server-level filtering by a transport agent provides
protection in the form of antivirus, antispam and userdefined rules. As opposed to VSAPI filtering, the SMTP
server-level filtering is performed before the scanned
email arrives in the Microsoft Exchange Server mailbox.
1.3 Types of protection
There are three types of protection:
1.3.1 Antivirus protection
Antivirus protection is one of the basic functions of the
ESET Mail Security product. It guards against malicious
system attacks by controlling file, email and Internet
communication. If a threat with malicious code is
detected, the Antivirus module can eliminate it by first
blocking it and then cleaning, deleting or moving it to
quarantine.
1.3.2 Antispam protection
Antispam protection integrates several technologies
(RBL, DNSBL, Fingerprinting, Reputation checking,
Content analysis, Bayesian filtering, Rules, Manual
whitelisting/blacklisting, etc.) to achieve maximum
detection of email threats. The antispam scanning core’s
output is the spam probability value of the given email
message expressed as a percentage (0 to 100). Values of
90 and above are considered sufficient for ESET Mail
Security to classify an email as spam.
Another component of the antispam protection module
4
is the Greylisting technique (disabled by default). The
technique relies on the RFC 821 specification, which states
that since SMTP is considered an unreliable transport,
every message transfer agent (MTA) should repeatedly
attempt to deliver an email after encountering a
temporary delivery failure. A substantial part of spam
consists of one-time deliveries (using specialized tools) to
a bulk list of email addresses generated automatically. A
server employing Greylisting calculates a control value
(hash) for the envelope sender address, the envelope
recipient address and the IP address of the sending MTA.
If the server cannot find the control value for the triplet
within its own database, it refuses to accept the message,
returning a temporary failure code (temporary failure, for
example, 451). A legitimate server will attempt a
redelivery of the message after a variable time period. The
triplet’s control value will be stored in the database of
verified connections on the second attempt, allowing any
email with relevant characteristics to be delivered from
then on.
1.3.3 Application of user-defined rules
Protection based on user-defined rules is available for
scanning with both the VSAPI and the transport agent.
You can use the ESET Mail Security user interface to
create individual rules that may also be combined. If one
rule uses multiple conditions, the conditions will be linked
using the logical operator AND. Consequently, the rule
will be executed only if all its conditions are fullfilled. If
multiple rules are created, the logical operator OR will be
applied, meaning the program will run the first rule for
which the conditions are met.
In the scanning sequence, the first technique used is
greylisting - if it is enabled. Consequent procedures will
always execute the following techniques: protection
based on user-defined rules, followed by an antivirus
scan and, lastly, an antispam scan.
5
2. Installation
After purchase, the ESET Mail Security installer can be
downloaded from ESET’s website as an .msi package.
Once you launch the installer, the installation wizard will
guide you through the basic setup. There are two types
of installation available with different levels of setup
details:
1. Typical Installation
2. Custom Installation
Enter your Username and Password, i.e., the
authentication data you received after the purchase or
registration of the product, into the corresponding fields.
If you do not currently have your username and
password available, authentication data can be inserted
at any time, directly from the program.
In the next step - License Manager - Add the license file
delivered via email after product purchase.
2.1 Typical Installation
Typical installation provides configuration options
appropriate for most users. The settings provide excellent
security coupled with ease of use and high system
performance. Typical installation is the default option and
is recommended if you do not have the particular
requirements for specific settings.
After selecting the installation mode and clicking Next,
you will be prompted to enter your username and
password for automatic updates of the program. This
plays a significant role in providing constant protection of
your system.
The next step is configuration of the ThreatSense.Net
Early Warning System. The ThreatSense.Net Early
Warning System helps ensure that ESET is immediately
and continuously informed about new infiltrations in
order to quickly protect its customers. The system allows
for submission of new threats to ESET‘s Threat Lab,
where they are analyzed, processed and added to the
virus signature database.
By default, the Enable ThreatSense.Net Early Warning
System option is selected, which will activate this
feature. Click Advanced setup... to modify detailed
settings for the submission of suspicious files.
The next step in the installation process is to configure
Detection of potentially unwanted applications.
Potentially unwanted applications are not necessarily
malicious, but can often negatively affect the behavior of
6
your operating system.
These applications are often bundled with other
programs and may be difficult to notice during the
installation process. Although these applications usually
display a notification during installation, they can easily
be installed without your consent.
Next, Enter your Username and Password. This step is
the same as in Typical installation (see “Typical
installation” ).
6
In the next step - License Manager - Add the license file
delivered via email after the product purchase.
Select the Enable detection of potentially unwanted
applications option to allow ESET Mail Security to detect
this type of threat (recommended).
The final step in Typical installation mode is to confirm
installation by clicking the Install button.
2.2 Custom Installation
After entering your username and password, click Next
to proceed to Configure your Internet connection.
Custom installation is designed for users who have
experience with fine-tuning programs and who wish to
modify advanced settings during installation.
After selecting the installation mode and clicking Next,
you will be prompted to select a destination location for
the installation. By default, the program installs in
C:\Program Files\ESET\ESET Mail Security\.
Click Browse… to change this location (not
recommended).
7
Loading...