Page 1
F-Secure Anti-Virus for
Microsoft Exchange
Administrator ’s Guide
Page 2
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure
product names and symbols/logos are either trademarks or registered trademarks of F-Secure
Corporation. All product names referenced herein are trademarks or registered trademarks of their
respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of
others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,
F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure
Corporation reserves the right to modify specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of
this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of F-Secure Corporation.
Copyright © 1993-2009 F-Secure Corporation. All rights reserved.
Portions Copyright © 1991-2007 Kaspersky Lab.
This product includes software developed by the Apache Software Foundation (http://
www.apache.org/). Copyright © 2000-2007 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www .php.net/. Copyright © 1999-2007 The PHP
Group. All rights reserved.
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution
are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file.
All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the
“Artistic License”.
This product may be covered by one or more F-Secure patents, including the following:
GB2353372 GB2366691 GB2366692 GB2366693 GB2367933 GB2368233
GB2374260
12000040-9B02
Page 3
Contents
About This Guide 9
How This Guide Is Organized ............................................................................................ 10
Conventions Used in F-Secure Guides.............................................................................. 12
Symbols .................................................................................................................... 12
Chapter 1 Introduction 14
1.1 Overview....................................................................................................................15
1.2 How F-Secure Anti-Virus for Microsoft Exchange Works........................... ... ... .... ... ...16
1.3 Key Features..............................................................................................................19
1.4 Scanning Methods .............................. ... ....................................... ... .... ... ... ... .............21
1.5 F-Secure Anti-Virus Mail Server and Gateway Products ...........................................22
Chapter 2 Deployment 23
2.1 Installation Modes......................................................................................................24
2.2 Network Requirements...............................................................................................25
2.3 Deployment Scenarios...............................................................................................26
2.3.1 Single Exchange Server (2000/2003/2007)....................................................27
2.3.2 Multiple Exchange 2000/2003 Servers...........................................................28
2.3.3 Multiple Exchange Server 2007 Roles ...........................................................29
2.3.4 Large organization using Exchange 2007......................................................30
2.3.5 Centralized Quarantine Management.............................................................32
Chapter 3 Installation 35
3.1 System Requirements................... ... ... ... .... ... ... ... .... ... ... ....................................... ... ...36
3
Page 4
3.1.1 Installation on Microsoft Exchange Server 2000/2003...................................36
3.1.2 Installation on Microsoft Exchange Server 2007............................................38
3.2 Other System Component Requirements..................................................................40
3.2.1 SQL Server Requirements ....................................................... ... ...................40
3.2.2 Additional Windows Components......... ... .......................................................42
3.2.3 Web Browser Software Requirements ...........................................................43
3.3 Improving Reliability and Performance ......................................................................43
3.4 Centrally Administered or Stand-alone Installation? ..................................................44
3.5 Installation Overview..................................................................................................45
3.6 Installing F-Secure Anti-Virus for Microsoft Exchange.................. ... .... ... ... ... ... .... ... ...46
3.7 After the Installation ...................................................................................................60
3.7.1 Importing Product MIB files to F-Secure Policy Manager Console.................60
3.7.2 Configuring the Product..................................................................................61
3.8 Upgrading from the Version 6.62...............................................................................63
3.9 Upgrading the Evaluation Version.................... ... .... ... ... ... ... .......................................65
3.10 Uninstalling F-Secure Anti-Virus for Microsoft Exchange ..........................................66
Chapter 4 Using F-Secure Anti-Virus for Microsoft Exchange 67
4.1 Administering F-Secure Anti-Virus for Microsoft Exchange .......................................68
4.2 Using Web Console ...................................................................................................69
4.2.1 Logging in for the First Time.................... .... ... ... .............................................69
4.2.2 Modifying Settings and Viewing Statistics with Web Console........................71
4.2.3 Checking the Product Status ......................... ... ... ... .... ... ... ... .... ... ... ... .............72
4.3 Using F-Secure Policy Manager Console ..................................................................72
4.3.1 Modifying Settings and Viewing Statistics in Centrally Administered Mode...72
Chapter 5 Centrally Managed Administration 75
5.1 Overview....................................................................................................................76
5.2 F-Secure Anti-Virus for Microsoft Exchange Settings................................................76
5.2.1 General Settings............ ....................................... ... .... ... ................................76
5.2.2 Transport Protection.......................................................................................84
5.2.3 Storage Protection................ ... ....................................... ... ... .... ... ... ................99
5.3 F-Secure Anti-Virus for Microsoft Exchange Statistics.............................................126
5.3.1 Common.......................................................................................................127
4
Page 5
5.3.2 Transport Protection.....................................................................................128
5.3.3 Storage Protection................ ... ... .... ...................................... .... ... ... ... ... .... ... .129
5.3.4 Quarantine....................................................................................................132
5.4 F-Secure Content Scanner Server Settings.............................................................132
5.4.1 Interface........................................................................................................133
5.4.2 Virus Scanning........................................................ .... ... ... ... .... ... ... ... ...........134
5.4.3 Virus Statistics............... .... ... ... ... .... ...................................... .... ... ... ..............136
5.4.4 Database Updates........................................................................................138
5.4.5 Spam Filtering..............................................................................................138
5.4.6 Threat Detection Engine.......... ... .... ... ... ... .... ... ...................................... .... ... .139
5.4.7 Proxy Configuration......................................................................................140
5.4.8 Advanced......................................................................................................141
5.5 F-Secure Content Scanner Server Statistics ...........................................................142
5.5.1 Server...........................................................................................................142
5.5.2 Scan Engines ...............................................................................................143
5.5.3 Common.......................................................................................................144
5.5.4 Spam Control................................................................................................144
5.5.5 Virus Statistics............... .... ... ... ... .... ...................................... .... ... ... ..............145
5.6 F-Secure Management Agent Settings....................................................................145
5.7 F-Secure Automatic Update Agent Settings ............................................................147
Chapter 6 Administration with Web Console 149
6.1 Overview..................................................................................................................150
6.2 Home........................................................................................................................150
6.3 Transport Protection.................................................................................................155
6.3.1 Attachment Filtering........................................ ...................................... .... ... .158
6.3.2 Virus Scanning........................................................ .... ... ... ... .... ... ... ... ...........161
6.3.3 Grayware Scanning......................................................................................165
6.3.4 Archive Processing............................................ ... ... .....................................168
6.3.5 Content Filtering ............................ ...................................... .... ... ... ... ... .... ....172
6.3.6 Security Options...........................................................................................175
6.4 Storage Protection .............................. ... .... ... ... ... .... ... ... ... ....................................... .179
6.4.1 Real-Time Scanning.....................................................................................181
6.4.2 Manual Scanning .........................................................................................191
6.4.3 Scheduled Scanning ....................................................................................204
6.5 Spam Control...........................................................................................................216
5
Page 6
6.6 Quarantine ...............................................................................................................218
6.6.1 Query............................................................................................................220
6.6.2 Options.........................................................................................................220
6.7 Automatic Updates........................... ....................................... ... ... ... .... ... ... ..............228
6.7.1 Communications...........................................................................................231
6.8 Content Scanner Server................ ... ... ... .... ...................................... .... ... ... ... ... .... ....235
6.8.1 Options.........................................................................................................236
6.9 Server Properties... ... .... ...................................... .... ... ... ... ... .... .................................246
6.9.1 Network Configuration .................................................................................247
6.9.2 Administration...............................................................................................249
6.9.3 Notifications..................................................................................................254
6.9.4 Lists and Templates ................................................ .... ... ... ... .... ... .................255
6.9.5 Sample Submission......................................................................................259
Chapter 7 Quarantine Management 261
7.1 Introduction ..............................................................................................................262
7.1.1 Quarantine Reasons.....................................................................................263
7.2 Configuring Quarantine Options...............................................................................264
7.3 Quarantine Status ....................................................................................................264
7.3.1 Quarantine Logging......................................................................................264
7.4 Searching the Quarantined Content.........................................................................264
7.5 Query Results Page................................... ... ... ... .... ... ... ....................................... ... .269
7.5.1 Viewing Details of the Quarantined Message ..............................................270
7.6 Quarantine Operations.............................................................................................271
7.6.1 Reprocessing the Quarantined Content.......................................................273
7.6.2 Releasing the Quarantined Content.............................................................274
7.6.3 Removing the Quarantined Content.............................................................275
7.6.4 Deleting Old Quarantined Content Automatically.........................................275
7.7 Moving the Quarantine Storage ...............................................................................276
Chapter 8 Administering F-Secure Spam Control 278
8.1 Overview..................................................................................................................279
8.2 Spam Control Settings in Centrally Managed Environments ...................................280
8.3 Spam Control Settings in Web Console ..................................................................284
6
Page 7
8.4 Realtime Blackhole List Configuration .....................................................................289
8.4.1 Configuring Realtime Blackhole Lists...........................................................289
8.4.2 Optimizing F-Secure Spam Control Performance........................................291
Chapter 9 Updating Virus and Spam Definition Databases 293
9.1 Overview..................................................................................................................294
9.2 Automatic Updates with F-Secure Automatic Update Agent....................................294
9.3 Configuring Automatic Updates ...............................................................................294
AppendixA Variables in Warning Messages 296
List of Variables................................................................................................................ 297
AppendixB Services and Processes 299
B.1 List of Services and Processes.............. .... ... ... ... .... ... ... ... ... .... ... ... ... ....................... 300
AppendixC Deploying the Product on a Cluster 303
C.1 Installation Overview............................................................................................... 304
C.2 Creating Quarantine Storage ........................................ ... ........................................305
C.2.1 Quarantine Storage in Active-Passive Cluster .............................................305
C.2.2 Quarantine Storage in Active-Active Cluster ................................................310
C.2.3 Creating the Quarantine Storage for a Single Copy Cluster Environment ...312
C.2.4 Creating the Quarantine Storage for a Continuous Cluster Replication Environ-
ment..............................................................................................................319
C.3 Installing the Product. .... ... ... ....................................... ... ... ... .... ... ... ... .... ... ... ..............323
C.3.1 Installing on Active-Passive Cluster .............................................................323
C.3.2 Installing on Active-Active Cluster ................................................................325
C.4 Administering the Cluster Installation with F-Secure Policy Manager......................328
C.5 Using the Quarantine in the Cluster Installation.......................................................329
C.6 Uninstallation............................................................................................................331
C.7 Troubleshooting .......................................................................................................331
AppendixD Sending E-mail Alerts And Reports 332
D.1 Overview ................................................................................................................. 333
D.2 Solution ....................................................................................................................333
7
Page 8
D.2.1 Creating a Scoped Receive Connector....... ... ... ... ... ....... ... ... .... ... ... ... ... .... ... .334
D.2.2 Grant the Relay Permission on the New Scoped Connector....... ... ... ... .... ... .335
D.2.3 Specify SMTP Server for Alerts and Reports ...............................................335
Chapter E Troubleshooting 336
E.1 Overview..................................................................................................................337
E.2 Starting and Stopping...............................................................................................337
E.3 Viewing the Log File.................................................................................................338
E.4 Common Problems and Solutions............................................................................338
E.4.1 Installing Service Packs........................................... .... ... ... ... .... ... ... ... ... .... ....341
E.4.2 Securing the Quarantine....................................... ... .... ... ..............................342
E.4.3 Administration Issues ...................................................................................342
E.5 Frequently Asked Questions....................................................................................343
Technical Support 344
F-Secure Online Support Resources ............................................................................... 345
Web Club ....................... ... .... ...................................... .... ... ...................................... .... ....347
Virus Descriptions on the Web .........................................................................................347
8
Page 9
ABOUT THIS GUIDE
How This Guide Is Organized.................................................... 10
Conventions Used in F-Secure Guides..................................... 13
9
Page 10
10
How This Guide Is Organized
F-Secure Anti-Virus for Microsoft Exchange Administrator's Guid e is
divided into the following chapters:
Chapter 1. Introduction. General information about F-Secure Anti-V irus
for Microsoft Exchange and other F-Secure Anti-Virus Mail Server and
Gateway products.
Chapter 2. Deployment. Instructions and examples how to set up your
network environment before you can install F-Secure Anti-Virus for
Microsoft Exchange.
Chapter 3. Installation. Instructions how to install and set up F-Secure
Anti-Virus for Microsoft Exchange.
Chapter 4. Using F-Secure Anti-Virus for Microsoft Exchange.
Instructions how to use and administer F-Secure Anti-Virus for Microsoft
Exchange.
Chapter 5. Centrally Managed Administration. Instructions how to
remotely administer F-Secure Anti-Virus for Microsoft Exchange and
F-Secure Content Scanner Server when they have been installed in
centralized administration mode.
Chapter 6. Administration with Web Console. Instructions how to
administer F-Secure Anti-Virus for Microsoft Exchange with the Web
Console.
Chapter 7. Quarantine Manageme nt. Instructio ns how you can man age
and search quarantined mails with the F-Secure Anti-Virus for Microsoft
Exchange Web Console.
Chapter 9. Updating V irus and Sp am Definition Databases . Instructions
how to update your virus definition database.
Chapter 8. Administering F-Secure Spam Control. General information
about and instructions on how to configure F-Secure Spam Control.
Appendix A. Variables in Warning Messages. Lists variables that can
be included in virus warning messages.
Page 11
About This Guide 11
Appendix B. Services and Processes. Describes services, devices and
processes of F-Secure Anti-Virus for Microsoft Exchange.
Appendix D. Sending E-mail Alerts And Reports. Instructions how to
configure the product to send alerts to the administrator by e-mail.
Chapter E. Troubleshooting. Solutions to some common problems.
Technical Support. Contains the contact information for assistance.
About F-Secure Corporation. Describes the company background and
products.
See the F-Secure Policy Manager Administrator's Guide for detailed
information about installing and using the F-Secure Policy Manager
components:
F-Secure Policy Manager Console, the tool for remote
administration of F-Secure Anti-Virus for Microsoft Exchange.
F-Secure Policy Manager Server, which enables communication
between F-Secure Policy Manager Console and the managed
systems.
Page 12
12
Conventions Used in F-Secure Guides
This section describes the symbols, fonts, and terminology used in this
manual.
Symbols
WARNING: The warning symbol indicates a situation with a
risk of irreversible destruction to data.
IMPORTANT: An exclam ation mark provides important informa tion
that you need to consider.
REFERENCE - A book refers you to related information on the
topic available in another document.
NOTE - A note provides additional information that you should
consider.
l
Fonts
TIP - A tip provides information that can help you perf or m a task
more quickly or easily.
⇒ An arrow indicates a one-step procedure.
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals.
Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names.
Courier New is used for messages on your compute r screen.
Page 13
Courier New bold is used for information that you must type.
SMALL CAPS (BLACK) is used for a key or key combination on your
keyboard.
13
PDF Document
For More Information
Arial underlined (blue)
Arial italics is used for window and dialog box names.
This manual is provided in PDF (Portable Document Format). The PDF
document can be used for online viewing and printing using Adobe®
Acrobat® Reader. When pr inting the manual, please print the entire
manual, including the copyright and disclaimer statements.
Visit F-Secure at http://www.f-secure.com for documentation, training
courses, downloads, and service and supp o rt contacts.
In our constant attempts to improve our documentation, we would
welcome your feedback. If you have any questions, comments, or
suggestions about this or any other F-Secure document, please conta ct
us at documentation@f-secure.com
is used for user interface links.
.
Page 14
1
INTRODUCTION
Overview..................................................................................... 15
How F-Secure Anti-Virus for Microsoft Exchange Works........... 16
Key Features.............................................................................. 19
Scanning Methods...................................................................... 21
F-Secure Anti-Virus Mail Server and Gateway Products............ 22
14
Page 15
1.1 Overview
CHAPTER 1 15
Introduction
Malicious code, such as computer viruses, is one of the main threats for
companies today. In the past, malicious code spread mainly via disks and
the most common viruses were the ones that infected disk boot sectors.
When users began to use office applications with macro capabilities such as Microsoft Office - to write documen t s and distribu te them via mail
and groupware servers, macro viruses started spreading rapidly.
After the millennium, the most common spreading mechanism has been
the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide
a very fast and efficient way for viruses to spread themselves without any
user intervention and that is why e-mail worm outbreaks, like Sober,
Netsky and Bagle, have caused a lot of damage around the world.
F-Secure Anti-Virus Mail Server and Gateway products are designed to
protect your company's mail and groupware servers and to shield the
company network from any malicious code that travels in HTTP or SMTP
traffic. In addition, they protect your company network against spam. The
protection can be implemented on the gateway level to screen all
incoming and outgoing e-mail (SMTP), web surfing (HTTP and
FTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can be
implemented on the mail server level so that it does not only protect
inbound and outbound traffic but also internal mail traffic and public
sources, such as public folders on Microsoft Exchange servers.
Providing the protection already on the gateway level has plenty of
advantages. The protection is easy and fast to set up and install,
compared to rolling out antivirus protection on hundreds or thousands of
workstations. The protection is also invisible to the end users which
ensures that the system cannot be by-passed and makes it easy to
maintain. Of course, protecting the gateway level alone is not enough to
provide a complete antivirus solution; file server and workstation level
protection is needed, also.
Why clean 1000 workstations when you can clean one attachment at the
gateway level?
Page 16
16
1.2 How F-Secure Anti-Virus for Microsoft Exchange Works
F-Secure Anti-Virus for Microsoft Exchange is designed to detect and
disinfect viruses and other malicious code from e-mail transmissions
through Microsoft Exchange Server. Scanning is done in real time as the
mail passes through Microsoft Exchange Server. On-demand scanning of
user mailboxes and public folders is also available.
Scanning
Attachments and
Message Bodies
Flexible and Scalable
Anti-Virus Protection
Alerting F-Secure Anti-Virus for Microsoft Exchange has extensive alerting
Powerful and Always
Up-to-date
F-Secure Anti-Virus for Microsoft Exchange scans attachments and
message bodies for malicious code. It can also be instructed to remove
particular attachments according to the file name or the file extension.
If the intercepted mail contains malicious code, F-Secure Anti-Virus for
Microsoft Exchange can be configured to disinfect or drop the content.
Any malicious code found during the scan process can be placed in the
Quarantine, where it can be further examined. Stripped attachments can
also be placed in the Quarantine for further examination.
F-Secure Anti-Virus for Microsoft Exchange is installed on Microsoft
Exchange Server and it intercepts mail traveling to and from mailboxes
and public folders. The messages and documents are scanned with the
scanning component, F-Secure Content Scanner Server, which also
disinfects the infected messages.
functions, which means that the system administrator can specify a
recipient, such as the network administrator, to be notified about the
infection found in the data content.
F-Secure Anti-Virus for Microsoft Exchange uses the award-winning
F-Secure Anti-Virus techniques and scanning engines to ensure the
highest possible detection rate and disinfection capability. The F-Secure
Anti-Virus definition databases are upda ted typically multiple times a day
and they provide F-Secure Anti-Virus for Microsoft Exchange an always
up-to-date protection capability.
Page 17
CHAPTER 1 17
Introduction
F-Secure Anti-Virus scanner consistently r anks at the top when compar ed
to competing products. Our team of dedicated virus resea rchers is on call
24-hours a day responding to new and emerging threats. In fact,
F-Secure is one of the only companies to release tested virus definition
updates continuously, to make sure our customers are receiving the
highest quality service and protection.
Virus and Spam
Outbreak Detection
Stand-alone and
Centralized
Administration Modes
Scalability and
Reliability
Easy to
Administer
Massive spam and virus outbreaks consist of millions of messages which
share at least one identifiable pattern that can be used to distinguish the
outbreak. Any message that contains one or more of these patterns can
be assumed to be a part of the same spam or virus outbreak.
F-Secure Anti-Virus for Microsoft Exchange can identify these patterns
from the message envelope, headers and body, in any language,
message format and encoding type. It can detect spam messages and
new viruses during the first minutes of the outbreak.
F-Secure Anti-Virus for Microsoft Exchange can be installed either in
stand-alone or centrally administered mode. Depending on how it has
been installed, F-Secure Anti-Virus for Microsoft Exchange is managed
either with the F-Secure Anti-Virus for Microsoft Exchange Web Console
or F-Secure Policy Manager.
F-Secure Policy Manager provides a scalable way to manage the security
of multiple applications on multiple operating systems, from one central
location. F-Secure Policy Manager is comprised of two components,
F-Secure Policy Manager Console and F-Secure Policy Manager Server,
which are used to administer applications. They are seamlessly
integrated with the F-Secure Management Agents that handle all
management functions on local hosts.
If F-Secure Anti-Virus for Microsoft Exchange is installed in stand-alone
mode it can be managed with the web-based user interface.
If F-Secure Anti-Virus for Microsoft Exchange has been installed in
centrally administered configuration, it is managed with F-Secure Policy
Manager. With its graphical user interface, F-Secure Policy Manager
Console provides a centralized view of the domains and hosts in your
network, lets you configure the security policies for all F-Secure
Page 18
18
components and set up scheduled scans and run manual scanning
operations. F-Secure Policy Manager receives status information from
F-Secure Anti-Virus for Microsoft Exchange.
F-Secure Policy Manager Server is the server side component that
handles communication between F-Secure Anti-Virus for Microsoft
Exchange and F-Secure Policy Manager Console. It exchanges security
policies, software updates, status information, statistics, alerts, and other
information between F-Secure Policy Manager Console and all managed
systems.
Figure 1-1 (1) E-mail arrives from the Internet to F-Secure Anti-Virus for Microsoft
Exchange, which (2) filters malicious content from mails and attachments, and (3)
delivers cleaned files forward.
Page 19
1.3 Key Features
F-Secure Anti-Virus for Microsoft Exchange provides the following
features and capabilities.
Superior Protection Superior detection rate with multiple scanning engines.
Automatic malicious code detection and disinfection.
The grayware scan detects spyware, adware, dialers, joke
programs, remote access tools, and any other unwelcome files
and programs.
Heuristic scanning detects also unknown Windows and macro
viruses.
Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,
RAR, TAR, TGZ, Z and ZIP archive files.
Automatic and consistent virus definition database updates.
Suspicious and unsafe attachments can be stripped away from
e-mails.
Password protected archives can be treated as unsafe.
Intelligent file type recognition.
CHAPTER 1 19
Introduction
Virus Outbreak
Detection
The virus outbreak detection is an additional active layer of
protection that automatically detects virus outbreaks and
quarantines suspicious messages.
Virus outbreaks are transparen tly detected and infected
messages are quarantined before the outbreak becomes
widespread.
Quarantined unsafe messages can be reprocessed
automatically.
Page 20
20
Transparen cy and
Scalability
Viruses are intercepted before they can enter the network and
spread out on workstations and servers.
Real-time scanning of internal, inbound and outbound mail
messages and public folder notes.
Automatic protection of new mailboxes and public folders.
Total transparency to end-users. Users cannot bypass the
system, which means that messages and documents cannot be
exchanged without scanning.
Management Controlling and monitoring the behavior of the products remotely.
Starting predefined operations remotely.
Monitoring statistics provided by the products remotely with
F-Secure Policy Manager or F-Secure Anti-Virus for Microsoft
Exchange Web Console.
Possibility to configure and manage stand-alone installations with
the convenient F-Secure Anti-Virus for Microsoft Exchange Web
Console.
You can manage and search quarantined content with the
F-Secure Anti-Virus for Microsoft Exchange Web Console.
Protection against
Spam
Possible spam messages are transparently detected before they
become widespread.
Efficient spam detection based on different analyses on the
e-mail content.
Multiple filtering mechanisms guarantee the high accuracy of
spam detection.
Spam m essages can be separated from legitimate messages and
processed using the Spam Confidence Levels.
Spam detection works in every language and message format.
Page 21
1.4 Scanning Methods
Virus Scanning
The virus scan uses virus definition databases to detect and disinfect
viruses. Virus definition databases are updated typically multiple times a
day and they provide an always up-to-date protection capability.
Heuristic Scanning
The heuristic scan analyzes files for suspicious code behavior so that the
product can detect unknown malware.
Proactive Virus Threat Detection
The proactive virus threat detection analyzes e-mail messages for
possible virus patterns and security threats. All possibly harmful
messages are quarantined as unsafe. The proactive virus thr eat detection
can detect new viruses during the first minutes of the outbr ea k.
Grayware Scanning
The grayware scan detects applications that have annoying or
undesirable behavior that can reduce the performance of computers on
the network and introduce significant security risks to your organization.
Grayware includes spyware, adware, dialers, joke programs, remote
access tools, and any other unwelcome files and programs that can
perform a variety of undesired and threatening actions, such as irritating
users with pop-up windows, logging user key strokes, and exposing the
computer to vulnerabilities.
CHAPTER 1 21
Introduction
Page 22
22
1.5 F-Secure Anti-Virus Mail Server and Gateway Products
The F-Secure Anti-Virus product line consists of workstation, file server,
mail server, gateway and mobile products.
F-Secure Anti-Virus for Microsoft Exchange™ protects your
Microsoft Exchange users from malicious code contained within
files they receive in mail messages and documents they open
from shared databases. Malicious code is also stopped in
outbound messages and in notes being posted on public folders.
The product operates transparently and scans files in the
Exchange Server Information Store in real-time. Manual and
scheduled scans of user mailboxes and public folders are also
supported.
F-Secure Internet Gatekeeper for Linux™ provides a
high-performance solution at the Internet gateway level, stopping
viruses and other malicious code before they spread to end use rs
desktops or corporate servers. The product scans SMTP, HTTP,
FTP and POP3 traffic for viruses, worms and trojans, and blocks
and filters out specified file types. ActiveX and Java code can
also be scanned or blocked. The product receives updates
automatically from F-Secure, keeping the virus protection always
up to date. A powerful and easy-to-use management console
simplifies the installation and configuration of the product.
F-Secure Messaging Security Gateway™ delivers the
industry’s most complete and effective security for e-mail. It
combines a robust enterprise-class messaging platform with
perimeter security, antispam, antivirus, secure messaging and
outbound content security capabilities in an easy-to-deploy,
hardened appliance.
Page 23
2
DEPLOYMENT
Installation Modes....................................................................... 24
Network Requirements............................................................... 25
Deployment Scenarios............................................................... 26
23
Page 24
24
2.1 Installation Modes
F-Secure Anti-Virus for Microsoft Exchange can be installed either in
stand-alone or centrally administered mode. In stand-alone installation,
F-Secure Anti-Virus for Microsoft Exchange is managed with Web
Console. In centrally administered mode, it is managed centrally with
F-Secure Policy Manager components: F-Secure Policy Manager Server
and F-Secure Policy Manager Console.
To administer F-Secure Anti-Virus for Microsoft Exchange in the centrally
administered mode, you have to install the following components:
F-Secure Policy Manager Server (on a dedicated machine)
F-Secure Policy Manager Console (on the administ ra to r's
machine or on the same machine with F-Secure Policy Manager
Server).
For up-to-date information on supported platforms, see
F-Secure Policy Manager Release Notes.
Page 25
2.2 Network Requirements
This network configuration is valid for all scenarios described in this
chapter. Make sure that the following network traffic can pass through:
Service Process Inbound ports Outbound ports
CHAPTER 2 25
Deployment
F-Secure Content Scanner
Server
F-Secure Anti-Virus for
Microsoft Exchange Web
Console
F-Secure
Update Agent
F-Secure Network Request
Broker
F-Secure Management
Agent
F-Secure Quarantine
Manager
Automatic
%ProgramFiles%\F-Secure\Cont
ent Scanner Server\fsavsd.exe
%ProgramFiles%\F-Secure\Web
User Interface\bin\fswebuid.exe
%ProgramFiles%\F-Secure\FSA
UA\program\fsaua.exe
%ProgramFiles%\F-Secure\Com
mon\fnrb32.exe
%ProgramFiles%\F-Secure\Com
mon\fameh32.exe
%ProgramFiles%\F-Secure\Quar
antine Manager\fqm.exe
18971 (TCP) (on
localhost only)
25023 DNS (53, UDP and TCP),
- DNS (53, UDP and TCP),
- DNS (53, UDP/TCP),
- DNS (53, UDP/TCP),
- DNS (53, UDP/TCP),
DNS (53, UDP/TCP),
HTTP (80) or another
known port used for
HTTP proxy
1433 (TCP), only with the
dedicated SQL server
HTTP (80) and/or another
port used to connect to
F-Secure
Server
HTTP (80) or another port
used to connect to
F-Secure Policy Manager
Server
SMTP (25)
1433 (TCP), only with the
dedicated SQL server
Policy Manager
F-Secure World Map
Reporting Service
%ProgramFiles%\F-Secure\Cont
ent Scanner
Server\fswmrsvc.exe
- DNS (53, UDP/TCP),
SMTP (25)
Page 26
26
2.3 Deployment Scenarios
Depending on how the Microsoft Exchange Server roles are deployed in
your environment, you might consider various scenarios of deploying
F-Secure Anti-Virus for Microsoft Exchange. There are various ways to
deploy F-Secure Anti-Virus for Microsoft Exch ange that are suitable to
different environments:
If you have just a single Microsoft Exchange Server, see “Single
Exchange Server (2000/2003/2007)”, 27.
If you have multiple Microsoft Exchange Servers, see “Multiple
Exchange 2000/2003 Servers”, 28.
If you have multiple Microsoft Exchange Servers with Exchange
Edge and Mailbox Server roles, see “Multiple Exchange Server
2007 Roles”, 29.
If you have multiple Microsoft Exchange Servers deployed on
dedicated servers with server roles and possibly clustered
mailbox servers, see “Large organization using Exchange 2007”,
30.
If you have multiple Microsoft Exchange Server installations and
you want to configure the product to use one SQL server and
database for the quarantine management, see “Centralized
Quarantine Management”, 32.
Page 27
2.3.1 Single Exchange Server (2000/2003/2007)
Your organization has a single server (Microsoft Exchange Server 2000/
2003/2007 or Microsoft Small Business Server 2003/2008) that holds all
mailboxes, public folders and sends and receives all inbound and
outbound messages over SMTP. Usually , the server is loca ted behind the
firewall or router.
CHAPTER 2 27
Deployment
Installing F-Secure Anti-Virus for Microsoft Exchange
Install F-Secure Anti-Virus for Microsoft Exchange to the server running
Microsoft Exchange Server or Microsoft Small Business Server.
Installing F-Secure Spam Control
If you have a license for F-Secure Spam Control, you can install it on the
same server with F-Secure Anti-Virus for Microsoft Exchange.
Administration Modes
You can install the product in st and -alone mo de and a dminister it with the
Web Console.
The product receives anti-virus and spam database updates from
F-Secure Update Server.
Page 28
28
2.3.2 Multiple Exchange 2000/2003 Servers
Your organization has multiple Microsoft Exchange Server 2000 or 2003
installations. Usually, the front-end server is located in the perimeter
network and receives inbound mail using SMTP and forwards all
messages to the back-end server. The back-end Exchange server holds
all mailboxes and public folders. In a larger organization, back-end
servers may be clustered.
Installing F-Secure Anti-Virus for Microsoft Exchange
Install F-Secure Anti-Virus for Microsoft Exchange to both front-end and
back-end Exchange servers.
Installing F-Secure Spam Control
If you have a license for F-Secure Spam Control, you can install it on the
front-end server with F-Secure Anti-Virus for Microsoft Exchange.
Administration Modes
Install F-Secure Policy Manager Server on a dedicated server or on the
same server with one of Exchange servers. You can administer the
product with F-Secure Policy Manager Console.
Page 29
When you install the product, configure each installation to connect to th e
same F-Secure Policy Manager Server.
The product installations receive anti-virus and sp am database updates
from F-Secure Policy Manager Server, which receives updates from
F-Secure Update Server.
2.3.3 Multiple Exchange Server 2007 Roles
CHAPTER 2 29
Deployment
Your organization has multiple Microsoft Exchange Server 2007
installations. Exchange Edge and Mailbox Server roles are deployed to
separate servers and the Hub Server is deployed either on a separate
server or on the same server with the Mailbox Server. The Edge Server
handles incoming and outgoing messages using SMTP and Mailbox
Server holds all mailboxes and public folders and Hub Server routes mail
traffic between Exchange servers.
Installing F-Secure Anti-Virus for Microsoft Exchange
Install F-Secure Anti-Virus for Microsoft Exchange to all servers where
Exchange Edge, Hub and Mailbox Server roles are deployed.
If the Exchange role is changed later, the product has to be
reinstalled.
Page 30
30
Installing F-Secure Spam Control
If you have a license for F-Secure Spam Control, you can install it on the
Edge server.
Administration Modes
Install F-Secure Policy Manager Server on a dedicated server or on the
same server with one of Exchange servers. You can administer the
product with F-Secure Policy Manager Console.
When you install the product, configure each insta llation to conn ect to the
same F-Secure Policy Manager Server.
The product installations receive anti-virus and sp am database updates
from F-Secure Policy Manager Server, which receives updates from
F-Secure Update Server.
2.3.4 Large organization using Exchange 2007
Your organization has multiple Microsoft Exchange Server 2007
installations. All Exchange roles are deployed on dedicated servers.
Mailbox servers are possibly clustered.
Page 31
CHAPTER 2 31
Deployment
Installing F-Secure Anti-Virus for Microsoft Exchange
Install F-Secure Anti-Virus for Microsoft Exchange to the server where
Exchange Edge, Hub and Mailbox Server roles are deployed. Do not
install the product to Client Access or Unified Messaging Server roles.
Installing F-Secure Spam Control
If you have a license for F-Secure Spam Control, you can install it on the
Edge server.
Administration Modes
Install F-Secure Policy Manager Server on a dedicated server. You can
administer the product with F-Secure Policy Manager Console.
When you install the product, configure each installation to connect to th e
same F-Secure Policy Manager Server.
The product installations receive anti-virus and sp am database updates
from F-Secure Policy Manager Server, which receives updates from
F-Secure Update Server.
Page 32
32
2.3.5 Centralized Quarantine Management
Your organization has multiple Microsoft Exchange Server installations.
For example, you have front-end and back-end servers running
Exchange Server 2000/2003, or a network configuration with Edge and
Mailbox roles running Exchange Server 2007.
Microsoft SQL Server is installed on a dedicated server or on the server
running F-Secure Policy Manager Server.
Page 33
CHAPTER 2 33
Deployment
Installing F-Secure Anti-Virus for Microsoft Exchange
When you install the product, configure each installation to use the same
SQL server and database.
Make sure that the SQL server, the database name, user name
and password are identical in the quarantine configuration for all
F-Secure Anti-Virus for Microsoft Exchange installations.
Make sure that all the servers are allowed to communicate with
the SQL server using mixed mode authentication. For more
information, see “Enabling the mixed mode authentication in the
Microsoft SQL Server”, 33.
In environments with heavy e-mail traffic, it is recommended to
use a Microsoft SQL server installed on a separate server. When
using the free Microsoft SQL Server 2005 Express Edition
included in F-Secure Anti-Virus for Microsoft Exchange, the
Quarantine database size is limited to 4 GB.
You can use F-Secure Anti-Virus for Microsoft Exchange Web
Console to manage and search quarantined content. For more
information, see “Quarantine Management”, 261.
Enabling the mixed mode authentication in the Microsoft SQL
Server
If you install Microsoft SQL Server 2005/2008 separately, it supports
Windows Authentication only by default. You have to change the
authentication to mixed mode during the setup or configure it later with
Microsoft SQL Server user interface.
The mixed mode authentication allows you to log into the SQL server with
either your Windows or SQL username and password.
Make sure that the sa password is strong when you change the
authentication mode from the Windows authentication to the mixed
authentication mode.
Follow these steps to change the authentication mode:
Page 34
34
1. Open Microsoft SQL Server Management Studio or Microsoft SQL
Server Management Studio Express.
If you do not have Microsoft SQL Server Management Studio
installed, you can freely download Management Studio Express from
the Microsoft web site
.
2. Connect to the SQL server.
3. In Object Explorer, go to Security > Logins.
4. Right-click on sa and select Properties.
5. Open the General page and change the password. Confirm the new
password that you entered.
6. Open the Status page and select Enabled in the Login section.
7. Click OK.
8. In Object Explorer, right-click on the server name and select
Properties.
9. On the Security page, select SQL Server and Windows
Authentication mode under Server authentication.
10. Click OK.
11. Right-click on the server name and select Restart.
Wait for a moment for the service to resta rt before you continue.
12. Use Management Studio to test the connection to the SQL server with
the sa account and the new password you set.
Page 35
3
INSTALLATION
System Requirements................................................................ 36
Other System Component Requirements................................... 40
Improving Reliability and Performance....................................... 43
Installation Overview.................................................................. 45
Installing F-Secure Anti-Virus for Microsoft Exchange............... 46
After the Installation.................................................................... 60
Upgrading from the Version 6.62................................................ 63
Upgrading the Evaluation Version.............................................. 65
Uninstalling F-Secure Anti-Virus for Microsoft Exchange........... 66
35
Page 36
36
3.1 System Requirements
F-Secure Anti-Virus for Microsoft Exchange is installed on the computer
running Microsoft Exchange Server.
The release notes document contains the latest information about
the product and might have changes to system requirements and
the installation procedure. It is highly recommended to read the
release notes before you proceed with the installation.
3.1.1 Installation on Microsoft Exchange Server 2000/2003
The product can be installed on a computer running one of the following
Microsoft Exchange Server versions:
Microsoft® Exchange Server 2000 with Service Pack 3 or later
Microsoft® Exchange Server 2003 with the latest service pack
Operating system:
Microsoft® Windows Server 2000,
Standard Edition with latest service
pack
Microsoft® Windows Server 2003,
Standard Edition with the latest
service pack
Microsoft® Windows Server 2003,
Enterprise Edition with the latest
service pack
Microsoft® Windows Server 2003 R2,
Standard Edition
Microsoft® Windows Server 2003 R2,
Enterprise Edition
Microsoft® Small Business Server
2003
Microsoft® Small Business Server
2003 R2
Page 37
Processor: 32-bit processor: Intel Pentium 4 or
compatible, 2GHz or faster
Memory: 1 GB minimum
Disk space to install: 300 MB.
For performance and security reasons, it is
not possible to install the product on any other
than an NTFS partition.
CHAPTER 3 37
Installation
Disk space for
processing:
Network: 100Mbps Fast Ethernet NIC, switched
F-Secure Policy
Manager version:
Other: A CD-ROM drive is required if you are
Cluster Environment
The product supports the following cluster models of Microsoft Exchange
Server 2003:
Active - Active Cluster
Active - Passive Cluster
For detailed instructions how to deploy and install the product on a
cluster, see “Deploying the Product on a Cluster”, 303.
10 GB or more. The required disk space
depends on the number of mailboxes, amount
of data traffic and the size of the Information
Store.
network connection
F-Secure Policy Manager 8.11 or newer.
F-Secure Policy Manager is required only in
centrally managed environments.
installing the product from CD-ROM.
Page 38
38
3.1.2 Installation on Microsoft Exchange Server 2007
The product can be installed on a computer running one of the following
Microsoft Exchange Server versions:
Microsoft® Exchange Server 2007 (64-bit version) with the latest
service pack
Microsoft® Small Business Server 2008
The 32-bit evaluation version of Microsof t Exchange Server 2007 is
not supported.
Operating system:
Microsoft® Windows Server 2003,
Standard x64 Edition with the latest
service pack
Microsoft® Windows Server 2003,
Enterprise x64 Edition with the latest
service pack
Microsoft® Windows Server 2003 R2,
Standard x64 Edition
Microsoft® Windows Server 2003 R2,
Enterprise x64 Edition
Microsoft® Windows Server 2008,
Standard Edition
Microsoft® Windows Server 2008,
Enterprise Edition
Microsoft® Small Business Server
2008
Processor: 64-bit processor: AMD Opteron/Athlon x64 or
Intel Xeon with Extended Memory 64
Technology (EM64T)
Memory: 1 GB minimum
Disk space to install: 300 MB.
Page 39
CHAPTER 3 39
Installation
For performance and security reasons, it is
not possible to install the product on any other
than an NTFS partition.
Disk space for
processing:
10 GB or more. The required disk space
depends on the number of mailboxes, amount
of data traffic and the size of the Information
Store.
Network: 100Mbps Fast Ethernet NIC, switched
network connection
F-Secure Policy
F-Secure Policy Manager 8.11 or newer.
Manager version:
F-Secure Policy Manager is required only in
centrally managed environments.
Other: A CD-ROM drive is required if you are
installing the product from CD-ROM.
Microsoft Exchange Server Roles
The product supports the following roles of Microsoft Exchange Server
2007:
Edge Server role
Hub Server role
Mailbox Server role
Combo Server (Mailbox Server and Hub Server roles)
Cluster Environment
The product supports the following cluster models of Microsoft Exchange
Server 2007:
Cluster Continuous Replication (CCR)
Single Copy Cluster (SCC)
Page 40
40
For detailed instructions how to deploy and install the product on a
cluster, see “Deploying the Product on a Cluster”, 303.
3.2 Other System Component Requirements
The product requires Microsoft® SQL Server for the quarantine
management. Depending on the selected deployment and administration
method, you may need have some additional software as well.
3.2.1 SQL Server Requirements
The product requires Microsoft® SQL Server for the quarantine
management. The following versions of Microsoft SQL Server are
recommended to use:
Microsoft SQL Server 2005 (Enterprise, Standard, Workgroup or
Express edition) with the latest service pack
Microsoft SQL Server 2008 (Enterprize, Standard, Workgroup or
Express edition)
Microsoft SQL Server 2005 Express Edition Service Pack 3 is distributed
with the product and can be installed during F- Secure Anti-Virus for
Microsoft Exchange Setup.
When centralized quarantine management is used, the SQL server
must be reachable from the network and file sharing must be
enabled.
The product supports also Microsoft SQL Server 2000 with Service Pack
4 and Microsoft SQL Server 2000 Desktop Engine (MSDE) with Service
Pack 4.
Page 41
Which SQL Server to Use for the Quarantine Database?
As a minimum requirement, the Quarantine database should have the
capacity to store information about all inbound and outbound mail to and
from your organization that would normally be sent during 2-3 days.
The upgrade installation does not upgrade the SQL server if you
choose to use the existing database.
If you want to upgrade MSDE 2000 to SQL Server 2005 Express,
follow the instructions on the Microsoft web page:
http://www.microsoft.com/technet/prodtechnol/sql/2005/
msde2sqlexpress.mspx.
Take the following SQL server specific considerations into account when
deciding which SQL server to use:
CHAPTER 3 41
Installation
Microsoft SQL Server
2005 Express Edition
When using Microsoft SQL Server 2005/2008 Express Edition,
the Quarantine database size is limited to 4 GB.
Microsoft SQL Server 2005/2008 Express Edition supports
Microsoft Windows Server 2008.
It is not recommended to use Microsoft SQL Server 2005
Express Edition if you are planning to use centralized quarantine
management with multiple F-Secure Anti-Virus for Microsoft
Exchange installations.
Microsoft SQL Server 2005 Express Edition is delivered
together with F-Secure Anti-Virus for Microsoft Exchange, and
you can install it during the F-Secure Anti-Virus for Microsoft
Exchange Setup.
Page 42
42
Microsoft SQL
Server 2000, 2005
and 2008
If your organization sends a large amount of e-mails, it is
recommended to use Microsoft SQL Server 2000, 2005 or 2008.
It is recommended to use Microsoft SQL Server if you are
planning to use centralized quarantine management with multiple
F-Secure Anti-Virus for Microsoft Exchange installations.
Note that the product does not support Windows Authentication
when connecting to Microsoft SQL Server. The Microsoft SQL
Server that the product will use for the Quarantine database
should be configured to use Mixed Mode authentication.
If you plan to use Microsoft SQL Server 2000, 2005 or 2008,
you must purchase it and obtain your own license before you
start to deploy F-Secure Anti-Virus for Microsoft Exchange. To
purchase Microsoft SQL Server 2005 or 2008, contact your
Microsoft reseller.
3.2.2 Additional Windows Components
Depending on how you deploy the product to your network system, the
following Windows components may be required:
Microsoft .NET Framework version 2.0 is required to install
Microsoft SQL Server 2005 Express Edition, and Microsoft .NET
Framework version 3.5 is required with Microsoft SQL Server
2008 Express Edition.
If you plan to have Microsoft SQL Server on the same server,
Microsoft .NET Framework must be installed before installing
F-Secure Anti-Virus for Microsoft Exchange. Microsoft .NET
Framework can be downloaded from the Microsoft Download
Center.
If you plan to install the product on Microsoft Windows 2000
platform, the latest Microsoft Data Access Components (MDAC,
version 2.8 or newer) have to be installed to the system before
installing the product. The latest version of MDAC can be
downloaded from the Microsoft Download Center.
Page 43
3.2.3 Web Browser Software Requirements
In order to administer the product with F-Secure Anti-Virus for Microsoft
Exchange Web Console, one of the following web browsers is required:
Microsoft Internet Explorer 6.0 or later
Mozilla Firefox 2.0 or later
Opera 9.00 or later
Any other web browser supporting HTTP 1.0, SSL, javascripts and
cookies may be used as well. Microsoft Internet Explorer 5.5 or earlier
cannot be used to administer the product.
3.3 Improving Reliability and Performance
You can improve the system reliability and overall performance by
upgrading the following components.
Processor If the system load is high, a fast processor on the Microsoft Exchange
Server speeds up the e-mail message processing. As Microsoft
Exchange Server handles a large amount of data, a fast processor alone
is not enough to guarantee a fast operation of F-Secure Anti-Virus for
Microsoft Exchange.
CHAPTER 3 43
Installation
Memory Memory consumption is directly proportional to the size of processed
mails - scanning a single mail may use memory in amounts up to three
times the size of the mail concerned. If the average size of mail messages
is big, or Microsoft Exchange Server has to process large messages
regularly , increasing the amo unt of physical memory increa ses the overall
performance.
If large messages are processed only now and then, it might be enough
to increase the size of the virtual memory. In this case, large messages
will slow the system down.
Page 44
44
Hard Drive Hard drive size is an important reliability factor. Hard drive performance is
crucial for Microsoft Exchange Server to perform well. For best
performance, a RAID system is recommended; for servers with only
moderate load, SCSI hard disks are adequate. If your server has an IDE
hard disk, DMA access support is recommended.
Operating
System
It is highly recommended to have the latest service packs for the
operating system being used. These fixes make the platform more stable
and thus increase the reliability of the system.
3.4 Centrally Administered or Stand-alone Installation?
F-Secure Anti-Virus for Microsoft Exchange can be managed either with
F-Secure Anti-Virus for Microsoft Exchange Web Console or F-Secure
Policy Manager Console. You can select the management method when
you install the product.
If you already use F-Secure Policy Manager to administer oth er F-Secure
products, it is recommended to install F-Secure An ti-Virus for Microsoft
Exchange in centralized administration mode.
The quarantined mails are managed using the F-Secure Anti-Virus for
Microsoft Exchange Web Console in both centrally administered and
stand-alone installations. In centrally managed environments all other
features are managed with F-Secure Policy Manager.
Page 45
3.5 Installation Overview
F-Secure Anti-Virus for Microsoft Exchange can be installed to the same
computer that runs F-Secure Anti-Virus for Servers 8.0. You should
uninstall any potentially conflicting products, such as other anti-virus, file
encryption, and disk encryption software, which employ low-level device
drivers, before you install F-Secure Anti-Virus for Microsoft Exchange.
If you run F-Secure Anti-Virus for Servers 8.0 on the same
computer where you install F-Secure Anti-Virus for Microsoft
Exchange, make sure that F-Secure Anti-Virus for Servers 8.0 is
installed before you install F-Secure Anti-Virus for Microsoft
Exchange.
To administer F-Secure Anti-Virus for Microsoft Exchange in centralized
administration mode, you need to install F-Secure Policy Manager
Console and F-Secure Policy Manager Server. Detailed information on
F-Secure Policy Manager Console and F-Secure Policy Manager Server
is provided in the F-Secure Policy Manager Administrator's Guide.
You need to log in with administrator-level privileges to install F-Secure
Anti-Virus for Microsoft Exchange.
CHAPTER 3 45
Installation
Follow these steps to set up F-Secure Anti-Virus for Microsoft Exchange:
Centralized Administration mode:
1. Run F-Secure Policy Manager setup to set up F-Secure Policy
Manager Server. See F-Secure Policy Manager Administrator’s
Guide for instructions.
2. Install F-Secure Anti-Virus for Microsoft Exchange. For more
information, see “Installing F-Secure Anti-Virus for Microsoft
Exchange”, 46.
3. Import the product MIB files to F-Secure Policy Manager, if they
cannot be uploaded there during the installation. For more
information, see “Importing Product MIB files to F-Secure Policy
Manager Console”, 60.
4. Check that F-Secure Automatic Update Agent can retrieve the latest
virus and spam definition databases. For more information, see
“Updating Virus and Spam Definition Databases”, 293.
Page 46
46
Stand-alone mode:
1. Install F-Secure Anti-Virus for Microsoft Exchange. For more
information, see “Installing F-Secure Anti-Virus for Microsoft
Exchange”, 46.
2. Check that F-Secure Automatic Update Agent can retrieve the latest
virus and spam definition databases. For more information, see
“Updating Virus and Spam Definition Databases”, 293.
After the installation is complete, check and configure the product
settings.
3.6 Installing F-Secure Anti-Virus for Microsoft Exchange
Follow these instructions to install F-Secure Anti-Virus for Microsoft
Exchange and F-Secure Spam Control.
Step 1. 1. Insert the F-Secure CD in your CD-ROM drive.
2. Select F-Secure Anti-Virus for Microsoft Exchange from the Install
Software menu.
Page 47
Step 2. Read the information in the Welcome screen.
Click Next to continue.
Step 3. Read the license agreement.
CHAPTER 3 47
Installation
If you accept the agreement, check the I accept this agreement
checkbox and click Next to continue.
Page 48
48
Step 4. Enter the product keycode.
Click Next to continue.
Step 5. Choose the components to install.
For more information about F-Secure Spam Control, see “Administering
F-Secure Spam Control”, 278. Click Next to continue.
Page 49
Step 6. Choose the destination folder for the installation.
Click Next to continue.
Step 7. Choose the administration method.
CHAPTER 3 49
Installation
If you install F-Secure Anti-Virus for Microsoft Exchange in stand-alone
mode, you cannot configure settings and receive alerts and status
information in F-Secure Policy Manager Console. Click Next to continue.
Page 50
50
If you selected the stand-alone installation, continue to Step 10., 52.
If you select the stand-alone mode, use the F-Secure An ti-V irus for
Microsoft Exchange Web Console to change product settings and
to view statistics. For more information, see “Administration with
Web Console”, 149.
Step 8. The centrally managed administration mode requires the public
management key. Enter the path to the public management key file
admin.pub that was created during F-Secure Policy Manager Console
setup.
You can transfer the public key in various ways (use a shared folder on
the file server, a USB device, or send the key as an attachment in an
e-mail message). Click Next to continue.
Page 51
CHAPTER 3 51
Installation
Step 9. In the centrally managed administration mode, enter the IP address or
URL of the F-Secure Policy Manager Server you installed earlier.
Click Next to continue.
If the product MIB files cannot be uploaded to F-Secure Policy
Manager during installation, you can import them manually.
For more information, see “Importing Product MIB files to F-Secure
Policy Manager Console”, 60.
Page 52
52
Step 10. Enter an SMTP address that will be used by F-Secure Anti-Virus for
Microsoft Exchange to send warning and informational messages to
end-users.
The SMTP address should be a valid, existing address that is allowed to
send messages. Click Next to continue.
Step 11. Specify the Quarantine management method.
If you want to manage the Quarantine database locally, select Local
quarantine management. Select Centralized quarantine management if
you install the product on multiple servers. Click Next to continue.
Page 53
Step 12. Specify the location of the Quaran tine database.
If you want to install Microsoft SQL Server 2005 Express Edition and the
Quarantine database on the same server as the product installation,
select (a) Install and use Microsoft SQL Server 2005 Express Edition.
If you are using Microsoft SQL Server already, select (b) Use the existing
installation of MIcrosoft SQL Server.
CHAPTER 3 53
Installation
Click Next to continue to either (a) or (b) based on your selection.
a Specify the installation and the database directory for Microsoft
SQL Server 2005 Express Edition.
Page 54
54
Enter the password for the database server administra tor account
that will be used to create the new database. Click Next to
continue.
Then, specify the name for the SQL database that stores
information about the quarantined content.
Enter the user name and the password that you want to use to
connect to the quarantine database.
• Use a different account than the server administrator
account. If the new account does not exist, the product
creates it during the installation.
• The password should be strong enough to comply with your
current Windows password security policy.
Page 55
CHAPTER 3 55
Installation
b Specify the computer name of the SQL Server where you wan t to
create the Quarantine database.
Enter the password for the sa account that you use to log on to
the server. Click Next to continue.
If the server has a database with the same name, you can either
use the existing database, remove the existin g da tabase and
create a new one or keep the existing database and cre ate a new
one with a new name.
Page 56
56
Step 13. Select whether you want to install the product with F-Secure World Map
Support.
The product can collect and send statistics about viruses and other
malware to the F-Secure World Map service. If you agree to send
statistics to F-Secure World Map, select Yes and click Next to continue.
If you enable F-Secure World Map support, make sure that the server can
relay messages properly. For more information, see “Sending E-mail
Alerts And Reports”, 332.
Page 57
CHAPTER 3 57
Step 14. If you selected the centralized administration mode, specify the DNS
name or IP address of the F-Secure Policy Manager Server and the
administration port.
Click Next to continue.
Installation
Step 15. If you selected the centralized administration mode, the installation
program connects to specified F-Secure Policy Manager Se rver
automatically to install F-Secure Anti-Virus for Microsoft Exchange MIB
files. If the installation program cannot connect to F-Secure Policy
Manager Server, the following dialog opens.
Make sure that the computer where you are inst alling F-Secure Anti-V irus
for Microsoft Exchange is allowed to conne ct to the administration port (by
default, 8080) on F-Secure Policy Manager Server, or if you use proxy,
make sure that the connection is allowed from the proxy to the server.
Check that any firewall does not block the connection. For more
information, see F-Secure Policy Manager Administrator’s Guide.
Page 58
58
If you want to skip installing MIB files, click Cancel. You can install MIB
files later either manually or by running the Setup again.
Step 16. The list of components that will be installed is displayed.
Click Start to install listed components.
Step 17. The installation status of the components is displayed.
Click Next to continue.
Page 59
Step 18. The installation is complete.
Click Finish to close the Setup wizard.
CHAPTER 3 59
Installation
Page 60
60
3.7 After the Installation
After the installation is complete, importing product MIBs to F-Secure
Policy Manager (if that is required), and perform the initial configuration of
the product.
3.7.1 Importing Product MIB files to F-Secure Policy Manager Console
If you are using the product in centrally managed mode, there are cases
when the F-Secure Anti-Virus for Microsof t Exchange MIB JAR file cannot
be uploaded to F-Secure Policy Manager Server during the in stallation. In
these cases you will have to import the MIB files to F-Secure Policy
Manager. You will have to import the MIB files if:
F-Secure Anti-Virus for Microsoft Exchange is located in a
different network segment than F-Secure Policy Manager, and
there is a firewall between them blocking access to Policy
Manager’s administrative port (8080).
F-Secure Policy Manager Server has been configured so that
administrative connections from anywhere else than the localhost
are blocked.
To import the MIBs with F-Secure Policy Manager Console, follow these
instructions:
1. Open the Tools menu and select the Installation packages option.
2. Click Import.
3. When the Import Installation Packages dialog opens, browse to the
Jars directory to locate the jar file.
4. Click Open to import the installation package.
5. After importing the new MIB files, restart F-Secure Policy Manager
Console.
Page 61
3.7.2 Configuring the Product
After the installation, F-Secure Anti-Virus for Microsoft Exchange is
functional, but it is using mostly default values. It is highly recommended
to go through all the settings of all installed components.
Configure F-Secure Anti-Virus for Microsoft Exchange.
If F-Secure Anti-Virus for Microsoft Exchange has been installed
in the centralized administration mode, use F-Secure Policy
Manager Console to configure the settings for F-Secure Content
Scanner Server and F-Secure Anti-Virus for Microsoft Exchange
and distribute the policy. For more information, see “Centrally
Managed Administration”, 75.
If F-Secure Anti-Virus for Microsoft Exchange has been installed
in stand-alone mode, use the F-Secure Anti-Virus for Microsoft
Exchange Web Console to configure the settings of F-Secure
Anti-Virus for Microsoft Exchange. For more information, see
“Administration with Web Console”, 149.
Specify the IP addresses of hosts that belong to your
organization. For more information, see “Network Configuration”,
62.
Verify that the product is able to retrieve the virus and spam
definition database updates.
If necessary, reconfigure your firewalls or other devices that may
block the database downloads. For more information, see
“Network Requirements”, 25.
CHAPTER 3 61
Installation
Page 62
62
Network Configuration
The mail direction is based on the Internal Domains and Internal SMTP
senders settings and it is determined as follows:
1. E-mail messages are considered internal if they come from internal
SMTP sender hosts and mail recipients belong to one o f the specified
internal domains (internal recipients).
2. E-mail messages are considered outbound if they come from
internal SMTP sender hosts and mail recipients do not belong to the
specified internal domains (external recipients).
3. E-mail messages that come from hosts that are not defined as
internal SMTP sender hosts are considered inbound.
4. E-mail messages submitted via MAPI or Pickup Folder are treated as
if they are sent from the internal SMTP sender host.
If e-mail messages come from internal SMTP sender hosts and
contain both internal and external recipients, message s are split
and processed as internal and outbound respectively.
If F-Secure Anti-Virus for Microsoft Exchange has been installed in the
centralized administration mode, configure the mail direction with
F-Secure Policy Manager Console. For more information, see “Network
Configuration”, 77.
If F-Secure Anti-Virus for Microsoft Exchange has been installed in
stand-alone mode, configure the mail direction with F-Secure Anti-Virus
for Microsoft Exchange Web Console. For more information, see
“Network Configuration”, 247.
Page 63
3.8 Upgrading from the Version 6.62
Backup your current configuration before starting the upgrade.
We recommend that you upgrade you r Microsoft SQL Se rver to the
latest version. If you are using MSDE, upgrade it to Microsoft SQL
Server 2005 Express Edition.
CHAPTER 3 63
Installation
Standalone
Mode
Centralized
Administration
Mode
1. Install F-Secure Anti-Virus for Microsoft Exchange. For more
information, see “Installing F-Secure Anti-Virus for Microsoft
Exchange”, 46.
• Your previous settings are migrated to the new version during the
installation.
• You may need to reboot the system to complete the installation.
2. After the installation, open F-Secure Anti-Virus for Microsoft
Exchange Web Console and check the policy migration report. The
link to the report is in the Getting Started page.
The report file is located on the local disk in:
%Program Files%\F-Secure\Anti-Virus Agent for Microsoft
Exchange\msemigrpt.htm.
3. Check the product configuration to finish the upgrade.
Before you install the latest version of the product, upgrade F-Secure
Policy Manager to version 8.11.
We recommend that you back up your policy data (select Save
Policy As in the Policy Manager Console) before the upgrade.
1. Install F-Secure Anti-Virus for Microsoft Exchange. For more
information, see “Installing F-Secure Anti-Virus for Microsoft
Exchange”, 46.
2. The setup program imports the JAR package that contains the
product MIB files and the migration tool to F-Secure Policy Manager
automatically. If the JAR package could not be imported, import it
manually after the installation.
Close F-Secure Policy Manager Console after the JAR package has
been imported.
Page 64
64
3. After the F-Secure Anti-Virus for Microsoft Exchange installation is
complete, open F-Secure Policy Manager Console.
4. F-Secure Policy Manager Console prompts you to migrate the
previous policy settings to the new version.
Policy settings are migrated for all hosts and domains that you
manage with F-Secure Policy Manager. If you administer
multiple installations of F-Secure Anti-Virus for Microsoft
Exchange, migrate policy settings after you have upgraded all
installations of the product.
5. To migrate policy settings, click Yes.
If you want to migrate policy settings later, follow these instructions:
a Open F-Secure Policy Manager Console.
bGo to F-Secure > F-Secure Anti-Virus for Microsoft Exchange >
Operations > Policy Migration.
c Click Migrate.
6. After the policy migration is complete, check the migration report and
change the product settings if needed.
7. Distribute policie s to fin ish th e up gr a de.
Page 65
3.9 Upgrading the Evaluation Version
If you want to use F-Secure Anti-Virus for Microsoft Exchange af ter your
evaluation period expires, you need a new keycode. Contact your
software vendor or renew your license online.
After you have received the new keycode, you can either reinstall
F-Secure Anti-Virus for Microsoft Exchange with your new keycode (see
“Installing F-Secure Anti-Virus for Microsoft Exchange”, 46) or register the
new keycode from F-Secure Settings and Statistics.
To register the new keycode from F-Secure Settings and Statistics:
1. Open F-Secure Settings and Statistics by double-clicking the
F-Secure icon in the Windows system tray and select F-Secure
Anti-Virus for Microsoft Exchange to open the evaluation screen.
CHAPTER 3 65
Installation
2. Eenter the new keycode you have received and click Register
Keycode.
If you do not want to continue to use F-Secure Anti-Virus for Microsoft
Exchange after your evaluation license exp ires, you should uninstall the
software.
When the license expires, F-Secure Anti-Virus for Microsoft Exchange
stops processing e-mails and messages posted to public folders.
However, the messages are still delivered to the recipients.
Page 66
66
3.10 Uninstalling F-Secure Anti-Virus for Microsoft Exchange
To uninstall F-Secure Anti-Virus for Microsoft Exchange, select Add/
Remove Programs from the Windows Control Panel. To uninstall
F-Secure Anti-Virus for Microsoft Exchange completely, uninstall the
components in the following order:
1. F-Secure Spam Control (if it was installed)
2. F-Secure Anti-Virus for Microsoft Exchange
Some files and directories may remain after the uninstallation and
can be removed manually.
Page 67
4
USING F-SECURE
A
NTI-VIRUS FOR
ICROSOFT EXCHANGE
M
Administering F-Secure Anti-Virus for Microsoft Exchange........ 68
Using Web Console.................................................................... 69
Using F-Secure Policy Manager Console................................... 72
67
Page 68
68
4.1 Administering F-Secure Anti-Virus for Microsoft Exchange
F-Secure Anti-Virus for Microsoft Exchange can be used either in the
stand-alone mode or in the centrally administered mode, based on your
selections during the installation and the initial setup.
Centralized
Administration
Mode
Stand-alone
Mode
In the centralized administration mode, you can administer F-Secure
Anti-Virus for Microsoft Exchange with F-Secure Policy Manager.
You can use the F-Secure Anti-Virus for Microsoft Exchange Web
Console to start and stop F-Secure Anti-Virus for Microsoft Exchange,
check its current status and to connect to F-Secure Web Club for support.
In centrally managed installations, F-Secure Anti-Virus for Microsoft
Exchange Web Console cannot be used for configuring the system or
scanning settings, but you can manage the quarantined content with it.
You can use F-Secure Anti-Virus for Microsoft Exchange Web Console to
administer the product; monitor the status, modify settings, manage the
quarantine and to start and stop the product if necessary.
Page 69
4.2 Using Web Console
You can open F-Secure Anti-Virus for Microsoft Exchange Web Console
in any of the following ways:
Go to Windows St art men u > Programs > F-Secure Anti-V iru s for
Microsoft Exchange > F-Secure Anti-Virus for Microsoft
Exchange Web Console
Enter the address of F-Secure Anti-Viru s for Microsoft Exchange
and the port number in your web browser. Note that the protocol
used is https. For example:
https://127.0.0.1:25023
When the Web Console login page opens, enter your user name and the
password and click Log In. Note that you must have administrator rights
to the host where F-Secure Anti-Virus for Microsoft Exchange Web
Console is installed.
4.2.1 Logging in for the First Time
Before you log in the F-Secure Anti-Virus for Microsoft Exchange Web
Console for the first time, check that javascript and cookies are enabled in
the browser you use.
CHAPTER 4 69
Using F-Secure Anti-Virus for Microsoft Exchange
Microsoft Internet Explorer users:
The address of the F-Secure Anti-Virus for Microsoft Exchange
Web Console, https://127.0.0.1:25023/
Trusted sites in Internet Explorer Security Options to ensure that
F-Secure Anti-Virus for Microsoft Exchange Web Console works
properly in all environments.
, should be added to the
Page 70
70
When you log in for the first time, your browser displays a Security Alert
dialog window about the security certificate for F-Secure Anti-Virus for
Microsoft Exchange Web Console. You can create a security certificate
for F-Secure Anti-Virus for Microsoft Exchange Web Console before
logging in, and then install the certificate during the login process.
If your company has an established process for creating and
storing certificates, follow that process to create an d stor e the
security certificate for F-Secure Anti-Virus for Microsoft Exchange
Web Console.
Step 1. Create the security certificate
1. Browse to the F-Secure Anti-Virus for Microsoft Exchange Web
Console installation directory, for example:
C:\Program Files (x86)\F-Secure\Web User Interface\bin\
2. Locate the certificate creation utility, makecert.bat, and double click it
to run the utility.
3. The utility creates a certificate that will be issued to all local IP
addresses, and restarts the F-Secure Anti-Virus for Microsoft
Exchange Web Console service to take the certificate into use.
4. Wait until the utility completes, and the window closes. Now you can
proceed to logging in.
Step 2. Log in and install the security certificate
1. Open F-Secure Anti-Virus for Microsoft Exchange Web Console.
2. The Security Alert about the F-Secure Anti-Virus for Microsoft
Exchange Web Console certificate is displayed. If you install the
certificate now, you will not see the Security Alert window again.
If you are using Internet Explorer 7, click Continue and then
Certificate Error.
3. Click View Certificate to view the certificate information.
4. The Certificate window opens. Click Install Certificate to install the
certificate with the Certificate Import Wizard.
Page 71
CHAPTER 4 71
Using F-Secure Anti-Virus for Microsoft Exchange
5. The Certificate window opens. Click Install Certificate to proceed to
the Certificate Import Wizard.
6. Follow the instructions in the Certificate Import Wizard.
If you are using Internet Explorer 7, in the Place all certificates in the
following store selection, select the Trusted Root Certification
Authorities store.
If you are using Internet Explorer 6, you are prompted to add the new
certificate in the Certificate Root Store when the wizard has
completed. Click Yes to do so.
7. If the Security Alert window is still displayed, click Yes to proceed or
log back in to the F-Secure Anti-Virus for Microsoft Exchange Web
Console.
8. When the login page opens, log in to Web Console with your user
name and the password.
9. The Web Console displays Getting Started page when you log in for
the first time. Y ou can check and configure the follo wing information in
the Getting Started page to complete the installation:
Internal domains and senders
E-mail alerts and reports
Database updates
Product updates
4.2.2 Modifying Settings and Viewing Statistics with Web Console
To change F-Secure Anti-Virus for Microsoft Exchange settings in
stand-alone mode, open the F-Secure Anti-Virus for Microsoft Exchange
Web Console and select the variables you want to change from the left
pane. For detailed explanations of all variables, see “Administration with
Web Console”, 149.
Page 72
72
4.2.3 Checking the Product Status
You can check the overall product status on the Home page of F-Secure
Anti-Virus for Microsoft Exchange Web Console. Summary and Services
tabs in the Home page displays an overview of each component status
and most important statistics of the installed F-Secure Anti-Virus for
Microsoft Exchange components. From the Home page you can also
open the product logs and proceed to configure the product components.
4.3 Using F-Secure Policy Manager Console
In the centralized administration mode, you can administer F-Secure
Anti-Virus for Microsoft Exchange with F-Secure Policy Manager. To open
F-Secure Policy Manager Console, select Windows Start menu >
Programs > F-Secure Policy Manager Console.
When the Policy Manager Console opens, go to the Advanced Mode user
interface by selecting View > Advanced Mode.
F-Secure Policy Manager Console is used to create policies for F-Secure
Anti-Virus for Microsoft Exchange installations that are running on
selected hosts or groups of hosts.
For detailed information on installing and using F-Secure Policy Manager
console, see the F-Secure Policy Manager Administrator’s Guide.
4.3.1 Modifying Settings and Viewing Statistics in Centrally Administered Mode
To change F-Secure Anti-Virus for Microsoft Exchange settings in the
centrally administered mode, follow these instructions:
1. Select F-Secure Anti-Virus for Microsoft Exchange from the
Properties pane.
2. Make sure the Policy tab is selected and assign values to variables
under the Settings branch.
Page 73
CHAPTER 4 73
Using F-Secure Anti-Virus for Microsoft Exchange
3. Modify settings by assigning new values to the basic leaf node
variables (marked by the leaf icons) shown in the Policy tab of the
Properties pane. For detailed explan ations of all variables, see
“F-Secure Anti-Virus for Microsoft Exchange Settings”, 76
Initially , every variable has a default value, which is displayed in gray.
Select the variable from the Properties pane and enter the new value
in the Editor pane to change it. You can either type the new value or
select it from a list box.
Click Clear to revert to the default value or Undo to cancel the most
recent change that has not been distributed.
Settings that are configured during the installation and the
initial setup require that you select the Final check box from the
Product View pane. For more information, see “Changing
Settings That Have Been Modified During Installation or
Upgrade”, 74.
4. After you have modified settings and cretated a new policy, it must be
distributed to hosts. Choose Distribute from the File menu.
5. After distributing the policy, you have to wait for F-Secure Anti-Virus
for Microsoft Exchange to poll the new policy file.
For testing purposes you may also want to change the polling
intervals. To do that, select the domain in F-Secure Policy
Manager console and set the Incoming Packages Polling
Interval and Outgoing Packages Update Interval variables to
30-45 seconds. The variables are located under each of the
two trees in the F-Secure Management Agent / Settings /
Communications branch. Note that since the default polling
interval is 10 minutes, it might take up to 10 minutes for the
new setting to take effect.
Alternatively, you can click Poll the server now in F-Secure
Management Agent.
To view statistics, select the Status tab of the Properties pane. Statistics
are updated periodically and can be reset by ch oosing Reset Statistics on
the Policy tab of the Properties pane. For more information, see
“F-Secure Anti-Virus for Microsoft Exchange Statistics”, 126.
Page 74
74
T o m anage the quarantined conten t, use F-Secure Anti-Virus for Microsoft
Exchange Web Console. For more information, see “Quarantine
Management”, 261.
Changing Settings That Have Been Modified During Installation
or Upgrade
If you want to change a setting that has been modified locally du ring
installation or upgrade, you need to mark the setting as Final in the
restriction editor. The settings descriptions in this manual indicate the
settings for which you need to use the Final restriction. You can also
check in F-Secure Policy Manager Console whether you need to use the
Final restriction for a setting. Do the following:
1. Select the Policy tab and then select the setting you want to check.
2. Select the Status tab to see if the setting has been modified locally.
If the setting is not shown in grayed font in the Status view, then
the product uses the setting from the base po licy an d th er ef or e
the Final restriction is not needed.
If the setting is shown in normal black font, then the setting has
been modified locally. You must mark the setting as Final when
you change it.
Page 75
5
CENTRALLY MANAGED
A
DMINISTRATION
Overview..................................................................................... 76
F-Secure Anti-Virus for Microsoft Exchange Settings................ 76
F-Secure Anti-Virus for Microsoft Exchange Statistics............. 126
F-Secure Content Scanner Server Settings............................. 132
F-Secure Content Scanner Server Statistics............................ 142
F-Secure Management Agent Settings.................................... 145
F-Secure Automatic Update Agent Settings............................. 147
75
Page 76
76
5.1 Overview
If F-Secure Anti-Virus for Microsoft Exchange is installed in the centrally
administered mode, F-Secure Anti-Virus for Microsoft Exchange is
managed centrally with F-Secure Policy Manager. In the centralized
administration mode, you can use the F-Secure Anti-Virus for Microsoft
Exchange Web Console for the quarantine man agement and to check the
current status of F-Secure Anti-Virus for Microsoft Exchange, but you
cannot change any settings with it.
5.2 F-Secure Anti-Virus for Microsoft Exchange Settings
In the centralized administration mode, you can change settings and star t
operations using F-Secure Policy Manager Console. For more
information, see “Using F-Secure Policy Manager Console”, 72.
5.2.1 General Settings
Notifications
Specify Notification Sender Address that is used by F-Secure Anti-Virus
for Microsoft Exchange for sending warning and informational messages
to the end-users (for example, recipients, senders and mailbox owners).
Make sure that the notification sender address is a valid SMTP
address. A public folder cannot be used as the notification sender
address.
Page 77
Network Configuration
The mail direction is based on the Internal Domains and Internal SMTP
senders settings and it is determined as follows:
1. E-mail messages ar e con sid e re d internal if they come from internal
SMTP sender hosts and mail recipients belong to one o f the specified
internal domains (internal recipients).
2. E-mail messages are considered outbound if they come from
internal SMTP sender hosts and mail recipients do not belong to the
specified internal domains (external recipients).
3. E-mail messages that come from hosts that are not defined as
internal SMTP sender hosts are conside red inbound.
4. E-mail messages submitted via MAPI or Pickup Folder are treated as
if they are sent from the internal SMTP sender host.
If e-mail messages come from internal SMTP sender hosts and
contain both internal and external recipients, message s are split
and processed as internal and outbound respectively.
Internal Domains Specify internal domains. Messages coming to
CHAPTER 5 77
Centrally Managed Administration
internal domains are considered to be inbound
mail unless they come from internal SMTP
sender hosts.
Internal SMTP
Senders
Separate each domain name with a space. You
can use an asterisk (*) as a wildcard. For
example, *example.com internal.example.net
Specify the IP addresses of hosts that belong to
your organization. Specify all hosts within the
organization that send messages to Exchange
Edge or Hub servers via SMTP as Internal
SMTP Senders.
Page 78
78
Separate each IP address with a space. An IP
address range can be defined as:
a network/netmask pair (for example,
10.1.0.0/255.255.0.0), or
a network/nnn CIDR specification (for
example, 10.1.0.0/16).
Y ou can use an asterisk (* ) to match any number
or dash (-) to define a range of numbers. For
example,
172.16.4.4 172.16.*.1 172.16.4.0-16
172.16.250-255.*
If end-users in the organization use other than
Microsoft Outlook e-mail client to send and
receive e-mail, it is recommended to specify all
end-user workstations as Internal SMTP
Senders.
If the organization has Exchange Edge and Hub
servers, the server with the Hub role installed
should be added to the Internal SMTP Sender
on the server where the Edge role is installed.
IMPORTANT: Do not specify the server where
the Edge role is installed as Internal SMTP
Sender.
Page 79
Lists and Templates
Match Lists
Specify file and match lists that can be used by other settings.
List name Specify the name for the match list.
Type Specify whether the list contains keywords, file
Filter Specify file names, extensions, keywords or
Description Specify a short description for the list.
Message Templates
Specify message templates for notifications.
Template name Specify the name for the message template.
Subject line Specify the subject line of the notification
CHAPTER 5 79
Centrally Managed Administration
patterns or e-mail addresses.
email addresses that the match list contains.
message.
Message body Specify the notification message text.
For more information about the variables you
can use in notification messages, see “Variables
in Warning Messages”, 296.
Page 80
80
Quarantine
When the product places content to the Quarantine, it saves the content
as separate files into the Quarantine Storage and inserts an entry to the
Quarantine Database with information about the quarantined content.
Quarantine Storage Specify the path to the Quarantine storage
where all quarantined mails and attachment s are
placed.
If you change the Quarantine Storage setting,
select the Final checkbox in the Restriction
Editor to override initial settings.
During the installation, F-Secure Anti-Virus for
Microsoft Exchange adjusts the access rights to
the Quarantine Storage so that only the product,
operating system and the local administrator can
access it. If you change the Quarantine Storage
setting, make sure that the new location has
secure access permissions. For more
information, see “Moving the Quarantine
Storage”, 276.
Retain Items in
Quarantine
Delete Old Items
Every
Specify how long quarantined e-mails are stored
in the Quarantine before they are deleted
automatically.
The setting defines the default retention period
for all Quarantine categories. To change the
retention period for different categories,
configure Quarantine Cleanup Exceptions
settings.
Specify how of ten old items are deleted from the
Quarantine.
Page 81
CHAPTER 5 81
Centrally Managed Administration
The setting defines the default cleanup interval
for all Quarantine categories. To change the
cleanup interval for different categories,
configure Quarantine Cleanup Exceptions
settings.
Quarantine Cleanup
Exceptions
Quarantine Size
Threshold
Quarantined Items
Threshold
Notify When
Quarantine Threshold
is Reached
Released Quarantine
Message Template
Specify separate Quarantine retention periods
and cleanup intervals for infected files,
suspicious files, disallowed attachments,
disallowed content, spam messages, scan
failures and unsafe files.
Specify the critical size (in megabytes) of the
Quarantine. If the Quarantine size reaches the
specified value, the product sends an alert to the
administrator.
If the threshold is specified as zero (0), the size
of the Quarantine is not checked.
Specify the critical number of items in the
Quarantine. When the Quarantine holds the
critical number of items, the product sends an
alert to the administrator.
If the threshold is specified as zero (0), the
amount of items is not checked.
Specify the level of the alert that is sent to
administrator when threshold levels are
reached.
Specify the template for the message that is sent
to the intented recipients when e-mail content is
released from the quarantine. For more
information, see “Lists and Templates”, 79.
Page 82
82
The product generates the message only when
the item is removed from the Microsoft
Exchange Server store and sends it
automatically when you release the item to
intended recipients.
Automatically
Process Unsafe
Messages
Max Attempts to
Process Unsafe
Messages
Final Action on
Unsafe Messages
Quarantine Log
Directory
Specify how often the product tries to reprocess
unsafe messages that are retained in the
Quarantine. Set the value to Disabled to process
unsafe messages manually.
Specify how many times the product tries to
reprocess unsafe messages that are retained in
the Quarantine.
Use the Final Action on Unsafe Messages
setting to specify the action that takes place if
the message is retained in the Quarantine af ter
the maximum attempts.
Specify the action on unsafe me ssages af ter the
maximum number of reprocesses have been
attempted.
Leave in Quarantine - Leave messages in the
Quarantine and process them manually.
Release to Intended Recipients - Release
messages from the Quarantine and send them
to original recipients.
Specify the path to the directory where
Quarantine logfiles are placed.
Rotate Quarantine
Logs Every
Keep Rotated
Quarantine Logs
Specify how often the product rotates
Quarantine logfiles. At the end of each rotation
time a new log is created.
Specify how many rotated log flies are kept.
Page 83
Sample Submission
You can use the product to send samples of unsafe e-mails and new, yet
undefined malware to F-Secure for analysis.
CHAPTER 5 83
Centrally Managed Administration
Max Submission
Attempts
Resend Interval Specify the time interval (in minutes) how long
Connection Timeout Specify the time (in seconds) how long the
Send Timeout Specify the time (in seconds) how long the
Content Scanner Server
Edit the Content Scanner Server settings to change the general content
scanning options.
Max Size of Data
Processed in Memory
Specify how man y times th e product atte mpt s to
send the sample if the submission fails.
F-Secure Anti-Virus for Microsoft Exchange
should wait before trying to send the sample
again if the previous submission failed.
product tries to contact the F-Secure Hospital
server.
product waits for the sample submission to
complete.
Specify the maximum size (in kilobytes) of data
to be transferred to the server via shared
memory in the local interaction mode. When the
amount of data exceeds the specified limit, a
local temporary file will be used for data transfer .
If the option is set to zero (0), all data transfers
via shared memory are disabled.
The setting is ignored if the local interaction
mode is disabled.
Page 84
84
Connection Timeout Specify the time interval (in seconds) how long
F-Secure Anti-Virus for Microsoft Exchange
should wait for a response from F-Secure
Content Scanner Server before it stops
attempting to send or receive data.
Working directory Specify the name and location of the working
directory, where temporary files are placed.
IMPORTANT: This setting must be defined as
Final with the Restriction Editor before the
policies are distributed. Otherwise the settin g
will not be changed in the product.
During the installation, F-Secure Anti-Virus for
Microsoft Exchange automatically adjusts the
access rights so that only the operating system
and the local administrator can access files in
the Working directory. If you change this setting
after the installation, make sure that the new
folder has secure access permissions.
If F-Secure Content Scanner Server uses a proxy server when it
connects to the threat detection center and the proxy server
requires authentication, the proxy authentication settings can be
configured with F-Secure Anti-Virus for Microsoft Exchange Web
Console only. For more information , see “Proxy Server”, 239.
5.2.2 Transport Protection
You can configure inbound, outbound and internal message protection
separately. For more information about the mail direction and
configuration options, see “Network Configuration”, 77.
You cannot add automatic disclaimers to messages with the
product, you can configure Microsoft Exchange Server to do that.
Some malware add disclaimers to infected messages, so
disclaimers should not be used for stating that the message is
clean of malware.
Page 85
Attachment Filtering
Specify attachments to remove from inbound, outbound and internal
messages based on the file name or the file extension.
Strip Attachments Enable or disable the attachment stripping.
CHAPTER 5 85
Centrally Managed Administration
List of Attachments to
Strip
Use Exclusions Specify attachments that are not filtered. Leave
Action on Stripped
Attachments
Quarantine Stripped
Attachments
Do Not Quarantine
These Attachments
Specify which attachments are stripped from
messages. For more information, see “Lists and
Templates”, 79.
the list empty if you do not want to exclude any
attachments from the filtering.
Specify how disallowed attachments are
handled.
Drop Attachment - Remove the attachment from
the message and deliver the message to the
recipient without the disallowed attachment.
Drop the Whole Message - Do not deliver the
message to the recipient at all.
Specify whether stripped attachments are
quarantined.
The default option is Enabled.
Specify which files are not quarantined even
when they are stripped. For more informa tio n ,
see “Lists and Templates”, 79.
Send Notification
Message to Recipient
Specify the template for the notification message
that is sent to the intented recipient when
disallowed or suspicious attachment is found.
Note that the notification message is not sent if
the whole message is dropped.
Page 86
86
Send Notification
Message to Sender
Do Not Notify on
These Attachments
Notify Administrator Specify whether the administrator is notified
Virus Scanning
Specify the template for the notification message
that is sent to the original sender of the messag e
when disallowed or suspicious attachment is
found. For more information, see “Lists and
Templates”, 79.
Leave notification message fields empty if you
do not want to send any notification messages.
By default, notification messages are not sent.
Specify attachments that do not generate
notifications. When the product finds specified
file or file extension, no notification is sent.
when the product strips an attachment and the
alert level of the notification..
Configure the Alert Forwarding table to specify
where the alert is sent based on the severity
level. The Alert Forwarding table can be found
in:
F-Secure Management Agent/Settings/Alerting.
Specify inbound, outbound and internal messages and attachments that
should be scanned for malicious code.
Disabling virus scanning disables archive processing and grayware
scanning as well.
Page 87
CHAPTER 5 87
Centrally Managed Administration
Scan Messages for
Viruses
List of Attachments to
Scan
Use Exclusions Specify attachments that are not scanned.
Heuristic Scanning Enable or disable the heuristic scan. The
Attempt to Disinfect
Infected Attachments
Enable or disable the virus scan. The virus scan
scans messages for viruses and other malicious
code.
Specify attachments that are scanned for
viruses. For more information, see “Lists and
Templates”, 79.
Leave the list empty if you do not want to
exclude any attachments from the scan.
heuristic scan analyzes files for suspicious code
behavior so that the product can detect unknown
malware.
By default, the heuristic scan is enabled for
inbound mails and disabled for outbound and
internal mails.
The heuristic scan may affect the product
performance and increase the risk of false
malware alarms.
Specify whether the product should try to
disinfect an infected attachment before
processing it. If the disinfection succeeds, the
product does not process the attachment further.
Action on Infected
Messages
Disinfection may affect the product performance.
Infected files inside archives are not disinfected
even when the setting is enabled.
Specify whether to drop the infected attachment
or the whole message when an infected
message is found.
Page 88
88
Drop Attachment - Remove the infected
attachment from the message and deliver the
message to the recipient without the attachment.
Drop the Whole Message - Do not deliver the
message to the recipient at all.
Quarantine Infected
Messages
Do Not Quarantine
These Infections
Send Virus
Notification Message
to Recipient
Send Virus
Notification Message
to Sender
Specify whether infected or suspicious
messages are quarantined.
Specify infections that are never placed in the
quarantine. If a message is infected with a virus
or worm which has a name that matches a
keyword specified in this list, the message is not
quarantined. For more information, see “Lists
and Templates”, 79.
Specify the template for the notification message
that is sent to the intented recipient when a virus
or other malicious code is found.
Note that the notification message is not sent if
the whole message is dropped.
Specify the template for the notification message
that is sent to the original sender of the messag e
when a virus or other malicious code is found.
Leave notification message fields empty if you
do not want to send any notification messages.
By default, notification messages are not sent.
For more information, see “Lists and Templates”,
79.
Page 89
CHAPTER 5 89
Centrally Managed Administration
Do Not Notify on
These Infections
Notify Administrator Specify whether the administrator is notified
Archive Processing
Specify how the product processes inbound, outbound and internal
archive files.
Note that scanning inside archives takes time. Disabling scanning inside
archives improves performance, but it also means that the network users
need to use up-to-date virus protection on their workstations.
Archive processing is disabled when virus scanning is disabled.
Specify infections that do not gene rate
notifications. When the product finds the
specified infection, no notification is sent. For
more information, see “Lists and Templates”, 79.
when F-Secure Anti-Virus for Microsoft
Exchange finds a virus in a message.
Configure the Alert Forwarding table to specify
where the alert is sent based on the severity
level. The Alert Forwarding table can be found
in:
F-Secure Management Agent/Settings/Alerting.
Scan Archives Specify whether files inside compressed archive
files are scanned for viruses and other malicious
code.
List of Files to Scan
Inside Archives
Use Exclusions Specify files that are not scanned inside
Specify files inside archives that are scanned for
viruses. For more information, see “Lists and
Templates”, 79.
archives. Leave the list empty if you do not want
to exclude any files from the scan.
Page 90
90
Max Levels in Nested
Archives
Action on Max
Nested Archives
Action on Password
Protected Archives
Specify how many levels of archives inside other
archives the product scans when Scan Viruses
Inside Archives is enabled.
Specify the action to take on archives with
nesting levels exceeding the upper level
specified in the Max Levels in Nested Archives
setting.
Pass through - Deliver the message with the
archive to the recipient.
Drop archive - Remove the archive from the
message and deliver the message to the
recipient without it.
Drop the whole message - Do not deliver the
message to the recipient.
Specify the action to take on archives which are
protected with passwords. These archives can
be opened only with a valid password, so the
product cannot scan their content.
Pass through - Deliver the message with the
password protected archive to the recipient.
Detect Disallowed
Files Inside Archives
Drop archive - Remove the password protected
archive from the message and deliver the
message to the recipient without it.
Drop the whole message - Do not deliver the
message to the recipient.
Specify whether files inside compressed archive
files are processed for disallowed content.
Disallowed content is not processed when the
archive scanning is disabled.
Page 91
CHAPTER 5 91
Centrally Managed Administration
List of Disallowed
Files to Detect Inside
Archives
Action on Archives
with Disallowed Files
Quarantine Dropped
Archives
Notify Administrator Specify whether the administrator is notified
Specify files which are not allowed inside
archives. For more information, see “Lists and
Templates”, 79.
Specify the action to take on archives which
contain disallowed files.
Pass through - Deliver the message with the
archive to the recipient.
Drop archive - Remove the archive from the
message and deliver the message to the
recipient without it.
Drop the whole message - Do not deliver the
message to the recipient.
Specify whether archives that are not delivered
to recipients are placed in the quarantine. For
more information, see “Quarantine
Management”, 261.
when F-Secure Anti-Virus for Microsoft
Exchange blocks a malformed, password
protected, or overnested archive file.
If the archive is blocked because it contains
malware, grayware or disallowed files, the
administrator receives a notification about that
instead of this notification.
Configure the Alert Forwarding table to specify
where the alert is sent based on the severity
level. The Alert Forwarding table can be found
in:
F-Secure Management Agent/Settings/Alerting.
Page 92
92
Zero-Day Protection
Select whether Proactive Virus Threat Detection is enabled or disabled.
Proactive virus threat detection can identify new and unknown e-mail
malware, including viruses and worms.
When proactive virus threat detection is enabled, the product analyzes
e-mail messages for possible security threats. All possibly harmful
messages are quarantined as unsafe.
Unsafe messages can be reprocessed periodically, as antivirus updates
may confirm the unsafe message as safe or infected.
When proactive virus threat detection is disabled, mails are only scanned
by antivirus engines.
Grayware Scanning
Specify how the pr oduct processes grayware items in inbound, outbound
and internal messages.
Note that grayware scanning increases the scanning overhead. By
default, grayware scanning is enabled for inbound messages only.
Grayware scanning is disabled when virus scanning is disabled.
Scan Messages for
Grayware
Action on Grayware S pecify the action to take on items which contain
Enable or disable the grayware scan.
The default value is Enabled for inbound
messages and Disabled for outbound and
internal messages.
grayware.
Pass Through - Leave grayware items in the
message.
Page 93
CHAPTER 5 93
Centrally Managed Administration
Drop Attachment - Remove grayware items from
the message.
Drop the Whole Message - Do not deliver the
message to the recipient.
Grayware Exclusion
List
Quarantine Dropped
Grayware
Do Not Quarantine
This Grayware
Send Warning
Message to Recipient
Send Warning
Message to Sender
Specify the list of keywords for grayware types
that are not scanned. Leave the list empty if you
do not want to exclude any grayware types from
the scan.
Specify whether grayware attachments are
quarantined.
Specify grayware that are never placed in the
quarantine. For more information, see “Lists and
Templates”, 79.
Specify the template for the notification message
that is sent to the intented recipient when a
grayware item is found in a message.
Note that the notification message is not sent if
the whole message is dropped.
Specify the template for the notification message
that is sent to the original sender of the messag e
when a grayware item is found in a message.
Leave notification message fields empty if you
do not want to send any notification messages.
By default, notification messages are not sent.
Do Not Notify on This
Grayware
For more information, see “Lists and Templates”,
79.
Specify the list of keywords for grayware types
that are not notified about.
Page 94
94
If the product finds a grayware item with a name
that matches the keyword, the recipient and the
sender are not notified about the grayware item
found.
Leave the list empty if you do not want to
exclude any grayware types from notifications.
Notify Administrator Specify whether the administrator is notified
when F-Secure Anti-Virus for Microsoft
Exchange finds a grayware item in a message.
Configure the Alert Forwarding table to specify
where the alert is sent based on the severity
level. The Alert Forwarding table can be found
in: F-Secure Management Agent/Settings/
Alerting.
Content Filtering
Specify how F-Secure Anti-Virus filters disallowed content in inbound,
outbound and internal messages.
Filter Disallowed
Content
Disallowed Keywords
in Message Subject
Disallowed Keywords
in Message Text
Disallowed Keywords
in Message Text
Specify whether e-mail messages are scanned
for disallowed content.
Specify the list of disallowed keywords to check
in e-mail message subjects. For more
information, see “Using Keywords in Content
Filtering”, 95.
Specify the list of disallowed keywords to check
in e-mail message text. For more information,
see “Using Keywords in Content Filtering”, 95.
Specify the action to take on messages which
contain disallowed keywords.
Page 95
CHAPTER 5 95
Centrally Managed Administration
Report only - Deliver the message to the
recipient and notify the administrator that the
scanned message contained disallowed content.
Drop the whole message - Do not deliver the
message to the recipient.
Quarantine - Quarantine the message with
disallowed content.
Send Notification
Message to Recipient
Send Notification
Message to Sender
Notify Administrator Specify whether the administrator is notified
Specify whether re cipients are notified when
disallowed content is found.
Specify whether the original sender is notified
when disallowed content is found.
To enable the notification, select a template for
the notification message. To disable the
notification, leave the notification field empty.
For more information, see “Lists and Templates”,
79.
when F-Secure Anti-Virus for Microsoft
Exchange finds a message with disallowed
content.
Configure the Alert Forwarding table to specify
where the alert is sent based on the severity
level. The Alert Forwarding table can be found
in: F-Secure Management Agent/Settings/
Alerting.
Using Keywords in Content Filtering
When the content filtering is enabled, all messages are checked against
every keyword sequence that is specified in the selected list of keywords.
A keyword may contain any characters, including pu nctuation symbols,
spaces, and other word separators. Keywords are case insensitive.
Page 96
96
You can use ‘?’ character in a keyword to match any character in that
position in the keyword and ‘*’ to match any number of characters.
Keyword examples:
example Matches any message text or subject that
contains the word ‘example’.
another example Matches any message text or subject that
contains the ‘another example’ text. Words
‘another’ and ‘example’ have to be separated
with exactly one space character.
co?p?rate Matches any message text or subject that
contains - for example - words ‘corporate’ or
‘cooperate’.
another*example Matches any message text or subject that
contains words ‘another’ and ‘example’
separated with any number of characters. For
example, ‘another example’ or ‘another keyword
example’.
To represent ‘?’ or ‘*’ characters themselves in keywords, use ‘\?’ and ‘\*’
sequences correspondingly. To represent ‘\’ character, use ‘\\’.
For example, to match the '*** SPAM ***' string, enter '\*\*\* spam \*\*\*'.
S pam Control
To change settings used when inbound messages are scanned for spam,
see “Administering F-Secure Spam Control”, 278.
The threat detection engine of F-Secure Anti-Virus for Microsoft
Exchange can identify spam and virus patterns from the message
envelope, headers and body during the first mi nu tes of th e ne w s pam or
virus outbreak.
You can configure Spam Control settings for inbound messages,
and only if you have F-Secure Spam Control installed.
Page 97
File Type Recognition
Select whether you want to use Intelligent File Type Recognition or not.
Trojans and other malicious code can disguise themselves with filename
extensions which are usually considered safe to use. Intelligent File Type
Recognition can recognize the real file type of the message attachment
and use that while the attachment is processed.
Using Intelligent File Type Recognition strengthens the security , but
can degrade the system performance.
Security Options
Configure security options to limit actions on malformed and suspicious
messages.
CHAPTER 5 97
Centrally Managed Administration
Action on Malformed
Mails
Max Levels of Nested
Messages
Specify the action for non-RFC compliant
e-mails. If the message has an incorrect
structure, the product cannot parse the message
reliably.
Drop the Whole Message - Do not deliver the
message to the recipient.
Pass Through - The product allows the message
to pass through.
Pass Through and Report - The product allows
the message to pass through, but sends a report
to the administrator.
Specify how many levels dee p to scan in nested
e-mail messages. A nested e-mail message is a
message that includes one or more e-mail
messages as attachments. If zero (0) is
specified, the maximum nesting level is not
limited.
Page 98
98
It is not recommended to set the maximum
nesting level to unlimited as this will make the
product more vulnerable to DoS
(Denial-of-Service) attacks.
Action on Mails with
Exceeding Nesting
Levels
Quarantine
Problematic
Messages
Notify Administrator Specify whether the administrator is notified
Specify the action to take on messages with
nesting levels exceeding the upper level
specified in the Max Levels of Nested Messages
setting.
Drop the Whole Message - Messages with
exceeding nesting levels are not delivered to the
recipient.
Pass Through - Nested messages are scanned
up to level specified in the Max Levels of Nested
Messages setting. Exceeding nesting levels are
not scanned, but the message is delivered to the
recipient.
Specify if mails that contain malformed or broken
attachments are quarantin ed for later analysis or
recovery.
when F-Secure Anti-Virus for Microsoft
Exchange detects a malformed or a suspicious
e-mail message.
Configure the Alert Forwarding table to specify
where the alert is sent based on the severity
level. The Alert Forwarding table can be found
in: F-Secure Management Agent/Settings/
Alerting.
Page 99
Trusted Senders and Recipients
You can use trusted senders and recipients lists to exclude some
messages from the mail scanning and processing completely.
CHAPTER 5 99
Centrally Managed Administration
Trusted Senders
Trusted Recipients
5.2.3 Storage Protection
Edit general Storage Protection settings to configure how mailboxes and
public folders are scanned in the Exchange Store with real-time,
background, manual and scheduled scanning.
Real-Time Scanning
The real-time scanning can automatically scan messages th at have b een
created or received.
General Real-Time Scanning Settings
Specify which messages you want to scan during the real-time scanning.
Scan Only Messages
Created Within
Specify senders who are excluded fr om the m ail
scanning and processing.
Specify recipients who are excluded from the
mail scanning and processing.
Specify which messages are scanned with the
real-time scanning, for example; Last hour, Last
day, Last week. Messages that have been
created before the specified time are not
scanned.
This setting works only with Microsoft Exchange
Server 2007.
Scan Timeout Specify how long to wait for the real-time scan
result. After the specified time, the client that
tries to access the scanned message gets the
"virus scanning in progress" notificaion.
Page 100
100
Virus Scanning
Specify messages and attachments in the Microsoft Exchange Storage
that should be scanned for malicious code.
Disabling virus scanning disables archive processing and grayware
scanning as well.
Scan Mailboxes Specify mailboxes that are scanned for viruses.
Disabled - Do not scan any mailboxes.
Scan All Mailboxes - Scan all mailboxes.
Scan Only Included Mailboxes - Scan mailboxes
specified in the Included Mailboxes list.
Scan All Except Excluded Mailboxes - Scan all
mailboxes except those specified in the
Excluded Mailboxes list.
Included Mailboxes Specify mailboxes that are scanned for viruses
when the Scan Mailboxes setting is set to Scan
Only Included Mailboxes.
Excluded Mailboxes Specify mailboxes that are not scanned when
the Scan Mailboxes setting is set to Scan All
Except Excluded Mailboxes.
Scan Public Folders Specify public folders that are scanned for
viruses.
Disabled - Do not scan any public folders.
Scan All Folders - Scan all public folders.
Scan Only Included Folders - Scan public
folders specified in the Included Folders list.
Scan All Except Excluded Folders - Scan all
public folders except those specified in the
Excluded Folders list.
Loading...