F-secure ANTI-VIRUS FOR MICROSOFT EXCHANGE 6.62 ADMINISTRATOR GUIDE

F-Secure Anti-Virus for

Microsoft Exchange

Administrator’s Guide

"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.

Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation.

This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file. All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the “Artistic License”.

This product may be covered by one or more F-Secure patents, including the following:

GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233 GB2374260

12000040-7B15

Contents

About This Guide 9

How This Guide Is Organized ............................................................................................ 10

Conventions Used in F-Secure Guides.............................................................................. 12

Symbols .................................................................................................................... 12

Chapter 1 Introduction 14

1.1 Overview....................................................................................................................15

1.2 How F-Secure Anti-Virus for Microsoft Exchange Works........................... ... ... .... ... ...16

1.3 Key Features..............................................................................................................19

1.4 F-Secure Anti-Virus Mail Server and Gateway Products ...........................................21

Chapter 2 Deployment 23

2.1 Installation Modes......................................................................................................24

2.2 Network Requirements...............................................................................................24

2.3 Deployment Scenarios...............................................................................................25

2.3.1 Minimum Installation...... .... .............................................................................25

2.3.2 Medium to Large Installation ............. .............................................................27

2.3.3 Performance-Critical Installation.....................................................................28

2.3.4 Microsoft Exchange Cluster Environment ......................................................30

Chapter 3 Installation 32

3.1 System Requirements...................... ... ... .... ... .............................................................33

3.1.1 Minimum System Requirements..................................... ... ... .... ......................33

3.1.2 Which SQL Server to Use for the Quarantine Database?..............................35

3.1.3 Web Browser Software Requirements ...........................................................36

3.2 Improving Reliability and Performance ......................................................................37

3.3 Centrally Administered or Stand-alone Installation? ..... ... ....... ... ... ... .... ... ... ... ... .... ... ...38

3.4 Installation Overview..................................................................................................38

3.5 Installing F-Secure Anti-Virus for Microsoft Exchange......................... ... ... ... ... .... ... ...40

3.6 After the Installation ...................................................................................................59

3.6.1 Importing Product MIB files to F-Secure Policy Manager Console.................59

3.6.2 Configuring the Product..................................................................................60

3.7 Upgrading the Previous Version ............................. ... ................................................60

3.8 Upgrading the Evaluation Version................. ... ... .... ... ... ... ..........................................63

3.9 Uninstalling F-Secure Anti-Virus for Microsoft Exchange ..........................................64

Chapter 4 Using F-Secure Anti-Virus for Microsoft Exchange 65

4.1 Overview....................................................................................................................66

4.2 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................66

4.3 Using the Web Console .............................................................................................67

4.3.1 Logging in for the First Time................. ... .... ... ... ... ..........................................67

4.4 Checking the Product Status......................................................................................70

4.5 Configuring the Web Console................ .... ... ... ... .... ...................................................73

4.6 Using F-Secure Policy Manager Console ..................................................................74

4.7 Modifying Settings and Viewing Statistics..................................................................75

4.7.1 Centrally Administered Mode .........................................................................75

4.7.2 Stand-alone Mode..........................................................................................76

4.8 Manually Processing Mailboxes and Public Folders..................................................77

4.8.1 Centrally Administered Mode .........................................................................77

4.8.2 Stand-alone Mode..........................................................................................86

4.8.3 Creating Scanning Operations ....... ... ... ... .... ... ................................................87

4.9 Configuring Alert Forwarding ...................................................................................119

4.9.1 Centrally Administered Mode .......................................................................119

4.9.2 Stand-Alone Mode........................................................................................122

4.10 Viewing Alerts ..........................................................................................................123

Chapter 5 Centrally Managed Administration 125

5.1 Overview..................................................................................................................126

5.2 F-Secure Anti-Virus for Microsoft Exchange Settings..............................................126

5.2.1 Real-Time Processing..................................................................................128

5.2.2 Manual Processing.......................................................................................159

5.2.3 Scheduled Processing..................................................................................174

5.2.4 Content Scanner Servers........................................ .... ... ... ... .... ....................175

5.2.5 Quarantine....................................................................................................178

5.2.6 Reporting......................................................................................................182

5.2.7 Advanced......................................................................................................182

5.3 F-Secure Anti-Virus for Microsoft Exchange Statistics.............................................184

5.3.1 Common.......................................................................................................185

5.3.2 Real-Time Processing..................................................................................186

5.3.3 Manual Processing.......................................................................................189

5.3.4 Quarantine....................................................................................................192

5.4 F-Secure Content Scanner Server Settings.............................................................193

5.4.1 Interface........................................................................................................195

5.4.2 Virus Scanning.............. .... ... ... .....................................................................196

5.4.3 Virus Statistics................... ... ... .....................................................................199

5.4.4 Database Updates........................................................................................201

5.4.5 Spam Filtering..............................................................................................202

5.4.6 Threat Detection Engine.......... ... .... ... ...........................................................204

5.4.7 Proxy Configuration......................................................................................205

5.4.8 Advanced......................................................................................................206

5.5 F-Secure Content Scanner Server Statistics ...........................................................208

5.5.1 Server...........................................................................................................208

5.5.2 Scan Engines ...............................................................................................209

5.5.3 Common.......................................................................................................210

5.5.4 Spam Control................................................................................................210

5.5.5 Virus Statistics................... ... ... .....................................................................211

5.6 F-Secure Automatic Update Agent Settings ............................................................212

5.7 F-Secure Management Agent Settings....................................................................214

Chapter 6 Administration with Web Console 216

6.1 Overview..................................................................................................................217

6.2 F-Secure Anti-Virus for Microsoft Exchange Settings..............................................218

6.2.1 Summary......................................................................................................218

6.2.2 Virus Scanning.............. .... ... ... .....................................................................220

6.2.3 Stripping Attachments ............. .....................................................................236

6.2.4 Content Filtering................................... ... .... ... ... ... ... .....................................246

6.2.5 Manual Scanning..........................................................................................253

6.2.6 Quarantine....................................................................................................257

6.2.7 Advanced......................................................................................................267

6.2.8 Internal Domains............... ... ... ... ..................................................................2 73

6.3 F-Secure Content Scanner Server Settings.............................................................275

6.3.1 Summary......................................................................................................275

6.3.2 Database Updates........................................................................................282

6.3.3 Scan Engines ...............................................................................................284

6.3.4 Proxy Configuration......................................................................................289

6.3.5 Archive Scanning.................................. ... .... ... ... ... ........................................292

6.3.6 Advanced......................................................................................................295

6.3.7 Interface........................................................................................................297

6.4 F-Secure Automatic Update Agent Settings ............................................................298

6.4.1 Summary......................................................................................................299

6.4.2 Automatic Updates.......................................................................................301

6.4.3 PM Proxies...................................................................................................303

6.5 F-Secure Management Agent Settings....................................................................304

Chapter 7 Quarantine Management 307

7.1 Introduction ..............................................................................................................308

7.2 Configuring Quarantine Options...............................................................................309

7.3 Searching the Quarantined Content.........................................................................310

7.4 Query Results Page................................................ ... ... ... ... .... ... ... ...........................3 14

7.5 Viewing Details of a Quarantined Message .............................................................316

7.6 Reprocessing the Quarantined Content...................................................................318

7.7 Releasing the Quarantined Content.........................................................................319

7.8 Removing the Quarantined Content.........................................................................321

7.9 Deleting Old Quarantined Content Automatically.....................................................321

7.10 Quarantine Logging..................................................................................................322

7.11 Quarantine Statistics................................................................................................323

7.12 Moving the Quarantine Storage ...............................................................................324

Chapter 8 Administering F-Secure Spam Control 326

8.1 Overview..................................................................................................................327

8.2 Spam Control Settings in Centrally Managed Environments ...................................328

8.3 Spam Control Settings in Web Console...................................................................331

8.4 Realtime Blackhole List Configuration .....................................................................336

8.4.1 Enabling Realtime Blackhole Lists ...............................................................336

8.4.2 Optimizing F-Secure Spam Control Performance........................................338

Chapter 9 Updating Virus and Spam Definition Databases 340

9.1 Overview..................................................................................................................341

9.2 Automatic Updates with F-Secure Automatic Update Agent....................................341

9.3 Configuring Automatic Updates ...............................................................................342

9.4 Manual Updates.......................................................................................................342

9.4.1 Using FSUPDATE........................................................................................342

9.4.2 Updating the Virus Definition Database Remotely Using LATEST.ZIP........343

AppendixA Deploying the Product on a Cluster 344

A.1 System and Network Recommendations................................................................ 345

A.2 Installation Overview................................................................................................347

A.3 Creating Quarantine Storage..................................... ... ... ... .... .................................348

A.3.1 Quarantine Storage in Active-Passive Cluster .............................................348

A.3.2 Quarantine Storage in Active-Active Cluster ................................................353

A.4 Installing the Product........................................... .....................................................356

A.4.1 Installing on Active-Passive Cluster .............................................................356

A.4.2 Installing on Active-Active Cluster ................................................................358

A.5 Administering the Cluster Installation with F-Secure Policy Manager......................360

A.6 Using the Quarantine in the Cluster Installation.......................................................363

A.7 Troubleshooting .......................................................................................................363

AppendixB Variables in Warning Messages 364

List of Variables................................................................................................................ 365

Outbreak Management Alert Variables............................................................................ 367

AppendixC Services and Processes 368 Chapter D Troubleshooting 374

D.1 Overview..................................................................................................................375

D.2 Starting and Stopping...............................................................................................375

D.3 Viewing the Log File.................................................................................................375

D.4 Common Problems and Solutions............................................................................376

D.4.1 Installing Service Packs............................................................... ...... ... .... ... .379

D.4.2 Securing the Quarantine................................................. ... ... .... ... .................379

D.4.3 Administration Issues...................................................................................380

D.5 Frequently Asked Questions....................................................................................381

D.6 F-Secure Automatic Update Agent Troubleshooting................................................386

Technical Support 392

F-Secure Online Support Resources ............................................................................... 393

Web Club ....................... ... ...............................................................................................395

Virus Descriptions on the Web .........................................................................................395

ABOUT THIS GUIDE

How This Guide Is Organized.................................................... 10

Conventions Used in F-Secure Guides..................................... 13

How This Guide Is Organized

F-Secure Anti-Virus for Microsoft Exchange Administrator's Guid e is

divided into the following chapters:

Chapter 1. Introduction. General information about F-Secure Anti-V irus

for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and

Gateway products.

Chapter 2. Deployment. Instructions and examples how to set up your

network environment before you can install F-Secure Anti-Virus for

Microsoft Exchange.

Chapter 3. Installation. Instructions how to install and set up F-Secure

Anti-Virus for Microsoft Exchange.

Chapter 4. Using F-Secure Anti-Virus for Microsoft Exchange.

Instructions how to use and administer F-Secure Anti-Virus for Microsoft

Exchange.

Chapter 9. Updating V irus and Sp am Definition Databases . Instructions

how to update your virus definition database.

Chapter 5. Centrally Managed Administration. Instructions how to

remotely administer F-Secure Anti-Virus for Microsoft Exchange and

F-Secure Content Scanner Server when they have been installed in

centralized administration mode.

Chapter 6. Administration with Web Console. Instructions how to

administer F-Secure Anti-Virus for Microsoft Exchange with the Web

Console.

Chapter 8. Administering F-Secure Spam Control. General information

about and instructions on how to configure F-Secure Spam Control.

Appendix A. Deploying the Product on a Cluster. Describes how the

product can be deployed and used on the cluster environment.

Appendix B. Variables in Warning Messages. Lists variables that can

be included in virus warning messages.

Appendix C. Services and Processes. Describes services, devices and

processes of F-Secure Anti-Virus for Microsoft Exchange.

About This Guide 11

Chapter D. Troubleshooting. Solutions to some common problems.

Technical Support. Contains the contact information for assistance. About F-Secure Corporation. Describes the company backgrou nd and

products. See the F-Secure Policy Manager Administrator's Guide for detailed

information about installing and using the F-Secure Policy Manager components:

 F-Secure Policy Manager Console, the tool for remote

administration of F-Secure Anti-Virus for Microsoft Exchange.

 F-Secure Policy Manager Server, which enables communication

between F-Secure Policy Manager Console and the managed systems.

Conventions Used in F-Secure Guides

This section describes the symbols, fonts, and terminology used in this

manual.

Symbols

WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data.

IMPORTANT: An exclamation mark provides important information that you need to consider.

REFERENCE - A book refers you to related information on the topic available in another document.

NOTE - A note provides additional information that you should consider.

Fonts

TIP - A tip provides information that can help you perf or m a task more quickly or easily.

⇒ An arrow indicates a one-step procedure.

Arial bold (blue) is used to refer to menu names and commands, to

buttons and other items in a dialog box.

Arial Italics (blue) is used to refer to other chapters in the manual, book

titles, and titles of other manuals.

Arial Italics (black) is used for file and folder names, for figure and table

captions, and for directory tree names.

Courier New is used for messages on your compute r screen.

Courier New bold is used for information that you must type.

SMALL CAPS (BLACK) is used for a key or key combination on your

keyboard.

PDF Document

For More Information

Arial underlined (blue)

Arial italics is used for window and dialog box names.

This manual is provided in PDF (Portable Document Format). The PDF document can be used for online viewing and printing using Adobe® Acrobat® Reader. When pr inting the manual, please print the entire manual, including the copyright and disclaimer statements.

Visit F-Secure at http://www.f-secure.com for documentation, training courses, downloads, and service and supp o rt contacts.

In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please conta ct us at documentation@f-secure.com

is used for user interface links.

INTRODUCTION

Overview..................................................................................... 15

How F-Secure Anti-Virus for Microsoft Exchange Works........... 16

Key Features.............................................................................. 19

F-Secure Anti-Virus Mail Server and Gateway Products............ 21

1.1 Overview

CHAPTER 1 15

Introduction

Malicious code, such as computer viruses, is one of the main threats for companies today. In the past, malicious code spread mainly via disks and the most common viruses were the ones that infected disk boot sectors. When users began to use office applications with macro capabilities such as Microsoft Office - to write documen t s and distribu te them via mail and groupware servers, macro viruses started spreading rapidly.

After the millennium, the most common spreading mechanism has been the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide a very fast and efficient way for viruses to spread themselves without any user intervention and that is why e-mail worm outbreaks, like Sober, Netsky and Bagle, have caused a lot of damage around the world.

F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to shield the company network from any malicious code that travels in HTTP or SMTP traffic. In addition, they protect your company network against spam. The protection can be implemented on the gateway level to screen all incoming and outgoing e-mail (SMTP), web surfing (HTTP and FTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can be implemented on the mail server level so that it does not only protect inbound and outbound traffic but also internal mail traffic and public sources, such as Public Folders on Microsoft Exchange servers.

Providing the protection already on the gateway level has plenty of advantages. The protection is easy and fast to set up and install, compared to rolling out antivirus protection on hundreds or thousands of workstations. The protection is also invisible to the end users which ensures that the system cannot be by-passed and makes it easy to maintain. Of course, protecting the gateway level alone is not enough to provide a complete antivirus solution; file server and workstation level protection is needed, also.

Why clean 1000 workstations when you can clean one attachment at the gateway level?

1.2 How F-Secure Anti-Virus for Microsoft Exchange Works

F-Secure Anti-Virus for Microsoft Exchange is designed to detect and disinfect viruses and other malicious code from e-mail transmissions through Microsoft Exchange 2000/2003 Server. Scanning is done in real time as the mail passes through Microsoft Exchange Server. On-demand scanning of user mailboxes and Public Folders is also available.

Scanning

Attachments and

Message Bodies

Flexible and Scalable

Anti-Virus Protection

F-Secure Anti-Virus for Microsoft Exchange scans attachments and message bodies for malicious code. It can also be instructed to remove particular attachments according to the file name or the file extension. In addition, it can filter out messages containing keywords that have been defined as disallowed.

If the intercepted mail contains malicious code, F-Secure Anti-Virus for Microsoft Exchange can be configured to disinfect or drop the content. Any malicious code found during the scan process can be placed in the Quarantine, where it can be further examined. Stripped attachments can also be placed in the Quarantine for further examination.

F-Secure Anti-Virus for Microsoft Exchange is installed on Microsoft Exchange 2000/2003 Server and it intercepts mail traveling through mailboxes and Public folders. Intercepted attachments and documents are sent to F-Secure Content Scanner Server, which returns disinfected files back to F-Secure Anti-Virus for Microsoft Exchange.

The two-component product architecture ensures that the anti-virus protection does not increase the load on the protected system and that the infected data is never stored on the production network. It also enables you to implement a server pool, so you can share the traffic load between multiple F-Secure Content Scanner Servers and have backup servers if the traffic to primary servers stops for some reason.

Alerting F-Secure Anti-Virus for Microsoft Exchange has extensive alerting

functions, which means that the system administrator can specify a recipient inside the company network to be notified about the infection found in the data content. Of course, the network administrator can be notified about the infection also.

CHAPTER 1 17

Introduction

Powerful and Always

Up-to-date

Virus and Spam

Outbreak Detection

Stand-alone and

Centralized

Administration Modes

F-Secure Anti-Virus for Microsoft Exchange uses the award-winning F-Secure Anti-Virus scanner to ensure the highe st possible detection rate and disinfection capability. The daily F-Secure Anti-Virus signature database updates provide F-Secure Anti-Virus for Microsof t Exchange an always up-to-date protection capability.

F-Secure Anti-Virus scanner consistently r anks at the top when compar ed to competing products. Our team of dedicated virus resea rchers is on call 24-hours a day responding to new and emerging threats. In fact, F-Secure is one of the only companies to release tested virus definition updates on a daily basis, to make sure our customers are receiving the highest quality service and protection.

Massive spam and virus outbreaks consist of millions of messages which share at least one identifiable pattern that can be used to distinguish the outbreak. Any message that contains one or more of these patterns can be assumed to be a part of the same spam or virus outbreak.

F-Secure Anti-Virus for Microsoft Exchange can identify these patterns from the message envelope, headers and body, in any language, message format and encoding type. It can detect spam messages and new viruses during the first minutes of the outbreak.

F-Secure Anti-Virus for Microsoft Exchange can be installed either in stand-alone or centrally administered mode. Depending on how it has been installed, F-Secure Anti-Virus for Microsoft Exchange is managed either with the Web Console or F-Secure Policy Manager.

Scalability and

Reliability

F-Secure Policy Manager provides a scalable way to manage the security of multiple applications on multiple operating systems, from one central location. F-Secure Policy Manager is comprised of two components, F-Secure Policy Manager Console and F-Secure Policy Manager Server,

which are used to administer applications. They are seamlessly integrated with the F-Secure Management Agents that handle all management functions on local hosts.

Easy to Administer If F-Secure Anti-Virus for Microsoft Exchange is installed in stand-alone

mode it can be managed with the web-based user interface. With Web Console, you can configure F-Secure Anti-Virus for Microsoft Exchange settings, set up scheduled scans or run manual processes any time you want.

If F-Secure Anti-Virus for Microsoft Exchange has been installed in centrally administered configuration, it is managed with F-Secure Policy Manager. With its graphical user interface, F-Secure Policy Manager Console provides a centralized view of the domains and hosts in your network and lets you configure the security policies for all F-Secure components. F-Secure Policy Manager receives status information from F-Secure Anti-Virus for Microsoft Exchange.

F-Secure Policy Manager Server is the server side component that handles communication between F-Secure Anti-Virus for Microsoft Exchange and F-Secure Policy Manager Console. It exchanges security policies, software updates, status information, statistics, alerts, and other information between F-Secure Policy Manager Console and all managed systems.

Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft Exchange, which (2) filters malicious content from mails and attachments, and (3) delivers cleaned files forward.

1.3 Key Features

F-Secure Anti-Virus for Microsoft Exchange provides the following features and capabilities.

Superior Protection  Superior detection rate with multiple scanning engines.

 Automatic malicious code detection and disinfection.  Heuristic scanning detects also unknown Windows and macro

viruses.

 Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,

RAR, TAR, TGZ, Z and ZIP archive files.

 Automatic daily virus definition database updates.  Suspicious and unsafe attachments can be stripped away from

e-mails.

 Password protected archives can be treated as unsafe.  Intelligent file type recognition.  Message filtering based on keywords in message subjects and

text.

 Utilizes the low-level Anti-Virus API (AV API 2.0) for Microsoft

Exchange 2000 Server, and AV AP 2.5 for Microsoft Exchange 2003 Server.

CHAPTER 1 19

Introduction

Virus Outbreak

Detection

 The virus outbreak detection is an additional active layer of

protection that automatically detects virus outbreaks and quarantines suspicious messages.

 Virus outbreaks are transparen tly detected and infected

messages are quarantined before the outbreak becomes widespread.

 The product can notify the administrator about virus outbreaks.  Quarantined unsafe messages can be reprocessed

automatically.

Transparen cy and

Scalability

 Viruses are intercepted before they can enter the network and

spread out on workstations and servers.

 Real-time scanning of internal, inbound and outbound mail

messages and Public Folder notes.

 Automatic protection of new mailboxes and Public Folders.  Total transparency to end-users. Users cannot bypass the

system, which means that messages and documents cannot be exchanged without scanning.

 Support for Windows 2000 Advanced Server or Windows Server

2003 clusters. Both Active-Passive and Active-Active clusters are supported.

Management  Controlling and monitoring the behavior of the products remotely.

 Starting predefined operations remotely.  Monitoring statistics provided by the products remotely with

F-Secure Policy Manager or F-Secure Anti-Virus for Microsoft Exchange Web Console.

 Possibility to configure and manage stand-alone installations with

the convenient F-Secure Anti-Virus for Microsoft Exchange Web Console.

 Contains new quarantine managemen t features: you can manage

and search quarantined content with the F-Secure Anti-Virus for Microsoft Exchange Web Console.

Protection against

Spam

 Possible spam messages are transparently detected before they

become widespread.

 Efficient spam detection based on different analyses on the

e-mail content.

 Multiple filtering mechanisms guarantee the high accuracy of

spam detection.

 Spam detection works in every language and message format.

1.4 F-Secure Anti-Virus Mail Server and Gateway Products

The F-Secure Anti-Virus product line consists of workstation, file server, mail server, gateway and mobile products.

 F-Secure Internet Gatekeeper is a high performance, totally

automated web (HTTP and FTP-over-HTTP) and e-mail (SMTP) virus scanning solution for the gateway level. F-Secure Internet Gatekeeper works independently of firewall and e-mail server solutions, and does not affect their performance.

 F-Secure Anti-Virus for Microsoft Exchange™ protects your

Microsoft Exchange users from malicious code contained within files they receive in mail messages and documents they open from shared databases. Malicious code is also stopped in outbound messages and in notes being posted on Public Folders. The product operates transparently and scans files in the Exchange Server Information Store in real-time. Manual and scheduled scanning of user mailboxes and Public Folders is a lso supported.

 F-Secure Anti-Virus for MIMEsweeper™ provides a powerful

anti-virus scanning solution that tightly integrates with Clearswift MIMEsweeper for SMTP and MIMEsweeper for Web products. F-Secure provides top-class anti-virus software with fast and simple integration to Clearswift MAILsweeper and WEBsweeper, giving the corporation the powerful combination of complete content security.

 F-Secure Internet Gatekeeper for Linux™ provides a

high-performance solution at the Internet gateway level, stopping viruses and other malicious code before the spread to end users desktops or corporate servers. The product scans SMTP, HTTP, FTP and POP3 traffic for viruses, worms and trojans, and blocks and filters out specified file types. ActiveX and Java code can also be scanned or blocked. The product receives updates

CHAPTER 1 21

Introduction

automatically from F-Secure, keeping the virus protection always up to date. A powerful and easy-to-use management console simplifies the installation and configuration of the product.

 F-Secure Messaging Security Gateway™ delivers the

industry’s most complete and effective security for e-mail. It combines a robust enterprise-class messaging platform with perimeter security, antispam, antivirus, secure messaging and outbound content security capabilities in an easy-to-deploy, hardened appliance.

DEPLOYMENT

Installation Modes....................................................................... 24

Network Requirements............................................................... 24

Deployment Scenarios............................................................... 25

2.1 Installation Modes

F-Secure Anti-Virus for Microsoft Exchange can be installed either in stand-alone or centrally administered mode. In stand-alone installation, F-Secure Anti-Virus for Microsoft Exchange is managed with Web Console. In centrally administered mode, it is managed centrally with F-Secure Policy Manager components: F-Secure Policy Manager Server and F-Secure Policy Manager Console.

To administer F-Secure Anti-Virus for Microsoft Exchange in the centrally administered mode, you have to install the following components:

 F-Secure Policy Manager Server (on a dedicated machine)  F-Secure Policy Manager Console (on the administ ra to r's

machine)

2.2 Network Requirements

This network configuration is valid for all scenarios described in this chapter. Make sure that the following network traffic can travel:

Service Process Inbound ports Outbound ports

F-Secure Content Scanner Server

F-Secure Anti-Virus for Microsoft Exchange Web Console

F-Secure Automatic Update Agent

%ProgramFiles%\F-Secure\ Content Scanner Server\ fsavsd.exe

%ProgramFiles%\F-Secure\ Web User Interface\ bin\fswebuid.exe

F-Secure Automatic Update.exe 371 (UDP), only if

18971 (TCP) + 1024-65536 (TCP), only with F-Secure Anti-Virus for Internet Mail on a separate host

25023 DNS (53, UDP and TCP),

BackWeb Polite Protocol is used

DNS (53, UDP/TCP), HTTP (80) or other known port used for HTTP proxy

1433 (TCP), only with the dedicated SQL server

DNS (53, UDP and TCP), HTTP (80)

Service Process Inbound ports Outbound ports

CHAPTER 2 25

Deployment

FSNRB %ProgramFiles%\F-Secure\

Common\fnrb32.exe

FSMA (AMEH) %ProgramFiles%\F-Secure\

Common\fameh32.exe

F-Secure Quarantine Manager

%ProgramFiles%\F-Secure\ Quarantine Manager\fqm.exe

2.3 Deployment Scenarios

Depending on the number of protected systems and the amount of data traffic, you might consider various scenarios of deploying F-Secure Anti-Virus for Microsoft Exchange. There are various ways to deploy F-Secure Anti-Virus for Microsoft Exchange that are suitable to different environments.

 If the mail traffic is not very heavy, see “Minimum Installation”, 25.  If the mail traffic is rather heavy, see “Medium to Large

Installation”, 27.

 For very large, performance-critical installations, see

“Performance-Critical Installation”, 28.

 For Microsoft Exchange Cluster Environments, see “Microsoft

Exchange Cluster Environment”, 30.

- DNS (53, UDP/TCP), HTTP (80)

- DNS (53, UDP/TCP), SMTP (25)

- DNS (53, UDP/TCP), 1433 (TCP), only with the dedicated SQL server

2.3.1 Minimum Installation

If the mail traffic is not very heavy, you can install F-Secure Content Scanner Server on the same machine that runs Microsoft Exchange Server. In this case, both F-Secure Content Scanner Server and F-Secure Anti-Virus for Microsoft Exchange will reside on the Microsoft Exchange Server.

You can administer F-Secure Anti-Virus for Microsoft Exchange and F-Secure Content Scanner Server by using the F-Secure Anti-Virus for Microsoft Exchange Web Console.

Figure 2-1 F-Secure Anti-Virus for Microsoft Exchange minimum installation

Alternatively, you can choose to install F-Secure Policy Manager to enable centralized administration of F-Secure Content Scanner Server and F-Secure Anti-Virus for Microsoft Exchan ge.

2.3.2 Medium to Large Installation

If the mail traffic is rather heavy, F-Secure Content Scanner Server should be installed on a dedicated machine. This minimizes the extr a load on the Microsoft Exchange Server.

You should install F-Secure Anti-V irus for Microsoft Exchange in centralized administration mode on each Microsoft Exchange Server.

CHAPTER 2 27

Deployment

Figure 2-2 F-Secure Anti-Virus for Microsoft Exchange, medium to large installation

2.3.3 Performance-Critical Installation

In very large, performance-critical installations you should use multiple F-Secure Content Scanner Server installations. Each F-Secure Content Scanner Server should be installed on a dedicated machine. F-Secure Anti-Virus for Microsoft Exchange can share the virus scanning load between multiple F-Secure Content Scanner Servers.

Figure 2-3 F-Secure Anti-Virus for Microsoft Exchange with multiple F-Secure Content Scanner Servers

CHAPTER 2 29

Deployment

F-Secure Anti-Virus for Microsoft Exchange should be installed in centralized administration mode on each Microsoft Exchange Server.

Figure 2-4 F-Secure Anti-Virus for Microsoft Exchange installed on each Microsoft Exchange Server

2.3.4 Microsoft Exchange Cluster Environment

F-Secure Anti-Virus for Microsoft Exchange can be installed on a Windows 2000 Advanced Server or Windows Server 2003 Enterprise Edition cluster. The product supports standard two-node Active-Passive and Active-Active clusters.

Microsoft Exchange need s to be properly configured and running in the cluster before installing F-Secure Anti-Virus for Microsoft Exchange.

F-Secure Anti-Virus for Microsoft Exchange needs to be installed separately on both cluster nodes. When installing in Microsoft Exchange cluster environment, the product must be installed in centrally managed mode, so that you can configure and manage the product with F-Secure Policy Manager. Changing the product settings with F-Secure Anti-Virus for Microsoft Exchange Web Console is not supported in cluster environments, but it can be used for some quarantine management functions.

The settings on both cluster nodes must be identical. To ensure this, place the servers as their own domain in the F-Secure Policy Manager Console and configure all the settings on the domain level, not on th e host level.

It is recommended to install a local F-Secure Content Scanner Server on both cluster nodes. However, if a remote F-Secure Content Scanner Server is used, the dedicated IP address of each cluster node must be visible to the remote F-Secure Content Scanner Server.

When installing the product, the setup program detects Microsoft Exchange Cluster automatically. The setup program also creates a cluster resource for the product automatically. The cluster resource makes it possible to use the product in the cluster, by giving the control of the resource to the cluster service. This and other resources together guarantee that the product works properly in the clu ster in ever y situa tion.

Y ou can che ck the state of the re source in Micro soft Cluster Administrator console, under the same branch where th e Exch an g e reso ur ce s res i de .

For detailed instructions, see “Deploying the Product on a Cluster”, 344.

+ 367 hidden pages