F-secure ANTI-VIRUS FOR MIMESWEEPER ADMINISTRATOR GUIDE
F-Secure Anti-Virus
for MIMEsweeper
Administrator’s Guide
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure
product names and symbols/logos are either trademarks or registered trademarks of F-Secure
Corporation. All product names referenced herein are trademarks or registered trademarks of their
respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of
others. Although F-Secure Corporation makes every effort to ensure that this information is accurate,
F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure
Corporation reserves the right to modify specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of
this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of F-Secure Corporation.
This product may be covered by one or more F-Secure patents, including the following:
GB2353372 GB2366691 GB2366692 GB2366693
GB2367933 GB2368233 GB2374260
Copyright © 1993-2005 F-Secure Corporation.
Portions Copyright © 1991-2004 Kaspersky Lab.
All rights reserved. 12000073-5E16
Contents
About This Guide 5
How This Guide Is Organized .............................................................................................. 6
Conventions Used in F-Secure Guides................................................................................ 7
Symbols .......... ...... ....... ............................................. .................................................. 7
Chapter 1 Introduction 9
1.1 Overview ....................................................................................................................10
1.2 MIMEsweeper Product Family ...................................................................................11
1.3 Features.....................................................................................................................12
Chapter 2 Installation 13
2.1 Deployment................................................................................................................14
2.2 System Requirements........ ....... ...... ....... ...... ............................................. .................15
2.3 Installation Steps........................................................................................................15
Chapter 3 Configuration 19
3.1 Configuring F-Secure Anti-Virus for MIMEsweeper ...................................................20
3.2 Configuring Content Scanner Scenario......................................................................25
3.3 Configuring Alert Forwarding .....................................................................................28
Chapter 4 Updating Virus Definition Databases 33
4.1 Overview ....................................................................................................................34
4.2 Automatic Updates.....................................................................................................34
iii
4.3 Manual Updates.........................................................................................................35
4.3.1 Using FSUPDATE..........................................................................................35
4.3.2 Using LATEST.ZIP .........................................................................................35
4.3.3 Updating the Virus Definition Database Remotely .........................................35
Technical Support 37
Overview ............................................................................................................................ 38
F-Secure Online Support Resources .................................................................................38
Web Club .................................................................................................................. 39
Virus Descriptions on the Web.................................................................................. 39
About F-Secure Corporation
iv
ABOUT THIS GUIDE
How This Guide Is Organized...................................................... 6
Conventions Used in F-Secure Guides....................................... 7
5
6
How This Guide Is Organized
F-Secure Anti-Virus for MIMEsweeper Administrator's Guide is divided
into the following chapters:
Chapter 1. Introduction. General information on F-Secure Anti-Virus for
MIMEsweeper and other F-Secure Anti-Virus products.
Chapter 2. Installation. Instructions on how to install and deploy
F-Secure Anti-Virus for MIMEsweeper.
Chapter 3. Configuration. Instructions on how to configure F-Secure
Anti-Virus for MIMEsweeper, Content Scanner Scenario and Alerts.
Chapter 4. Updating Virus Definition Databases. Instructions on how to
keep virus definitio n databases up- to-date.
Technical Support. Instructions on how to get technical support for
problems in F-Secure Anti-Virus products.
About F-Secure Corporation Describes the company background and
products.
Conventions Used in F-Secure Guides
This section describes the symbols, fonts, and terminology used in this
manual.
Symbols
WARNING: The warning symbol indicates a situation with a
risk of irreversible destruction to data.
IMPORTANT: An exclamation mark provides important information
that you need to consider.
REFERENCE - A book refers you to related information on the
topic available in another document.
NOTE - A note provides additional information that you should
consider.
l
7
Fonts
TIP - A tip provides information that can help you perform a task
more quickly or easily.
⇒ An arrow indicates a one-step procedure.
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals.
Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names.
Courier New is used for messages on your computer screen.
8
Courier New bold is used for information that you must type.
SMALL CAPS (BLACK) is used for a key or key combination on your
keyboard.
PDF Document
For More Information
Arial underlined (blue )
Times New Roman regular is used for window and dialog box names.
This manual is provided in PDF (Portable Document Format). The PDF
document can be used for online viewing and printing using Adobe®
Acrobat® Reader. When printing the manual, please print the entire
manual, including the copyright and disclaimer statements.
Visit F-Secure at http://www.f-secure.com for documentation, training
courses, downloads, and service and support contacts.
In our constant attempts to improve our documentation, we would
welcome your feedback. If you have any questions, comments, or
suggestions about this or any other F-Secure document, please contact
us at documentation@f-secure.com
is used for user interface links.
.
1
INTRODUCTION
Overview..................................................................................... 10
MIMEsweeper Product Family.................................................... 11
Features..................................................................................... 12
9
10
1.1 Overview
Malicious code, such as computer viruses, is one of the main threats for
companies today. When users began to use office applications with
macro capabilities to write documents and distribute them via mail and
groupware servers, macro viruses started spreading rapidly.
After the millennium, the most common spreading mechanism has been
the e-mail. Today about 90% of viruses arrive via e-mail. E-mails provide
a very fast and efficient way for viruses to spread without any user
intervention and this is why e-mail worm outbreaks, like Bagle, Sober and
Mydoom, cause a lot of damage around the world.
The Internet is used by more and more people every day, which opens
another, so far dormant channel, HTTP, for viruses to spread. F-Secure
Anti-Virus Mail Server and Gateway products are designed to protect your
company's mail and groupware servers and to shield the company
network from any malicious code that travels in HTTP, FTP-over-HTTP or
SMTP traffic. The protection can be implemented on the gateway level to
screen all incoming and outgoing e-mail (SMTP), web surfing (HTTP) and
file transfer (FTP) traffic. Furthermore, it can be implemented on the mail
server level so that it not only protects inbound and outbound traffic but
also internal mail traffic and public sources, such as Public Folders on
Microsoft Exchange server s.
Providing the protection already on the gateway level has many
advantages: the protection is easy and fast to set up and install, and it is
invisible to the end users, which ensures that the system cannot be
by-passed and is easy to maintain. Protecting the gateway level alone,
however, is not enough to provide a complete antivirus solution; file
server and workstation level protection is needed, too.
1.2 MIMEsweeper Product Family
Clearswift, manufacturer of the MIMEsweeper product family, provides
complete content security solutions for email and Web traffic. With
Clearswift MIMEsweeper for SMTP, the company is protected against
every content-based email threat from spam to employee time-wasting,
circulation of pornography, breaches in confidentiality , legal liability and IT
resource misuse. Clearswift MIMEsweeper for Web does for web traffic
what Clearswift MIMEsweeper for SMTP does for SMTP: analyzes every
bit of traffic and removes every kind of content threat.
F-Secure integrates antivirus protection and disinfection with Clearswift
MIMEsweeper for SMTP and MIMEsweeper for Web, creating a
complete, integrated solution to detect and disinfect the Web- or
e-mail-borne viruses already at the gateway level. F-Secure Anti-Virus for
MIMEsweeper works together with the Clearswift products MIMEsweeper
for SMTP and MIMEsweeper for Web.
F-Secure Anti-Virus for MIMEsweeper
F-Secure Anti-Virus for MIMEsweeper provides a powerful antivirus
scanning solution that tightly integrates with Clearswift MIMEsweeper for
SMTP and MIMEsweeper for Web products giving the corporation the
powerful combination of complete content security.
CHAPTER 1 11
Introduction
There are three integration scenarios you can use with F-Secure
Anti-Virus. First, the Content Scanner scenario provides the most
effective integration and is the recommended way to set up the system.
Second, the F-Secure Anti-Virus scenario provided by Clearswift
integrates with the memory resident F-Secure Anti-Virus. Finally, when
using the command line interface to F-Secure Anti-Virus, you can use the
Virus Manager scenario provided by Clearswift. Although not as efficient
a scenario as the other two presented above, in this scenario the antivirus
scanner remains resident in memory, which means the command line
does not reload the scanner every time.
A Content Scanner scenario needs to be created using the MIMEsweeper
console. This scenario determines what is scanned for viruses and what
happens if a virus is found. For configuring Content Scanner Scenario,
see “
Configuring Content Scanner Scenario”, 25.
12
1.3 Features
F-Secure Anti-Virus for MIMEsweeper, as well as all other F-Secure
Anti-Virus Mail Server and Gateway products, has the following features:
Powerful and Always
Up-to-date
F-Secure Anti-Virus for MIMEsweeper uses the award-winning F-Secure
Anti-Virus scanner to ensure the highest possible detection rate and
disinfection capability. The daily virus definition database updates provide
protection that is always up to date.
Easy to Administer F-Secure Anti-Virus for MIMEsweeper can be managed either in
stand-alone mode or remotely using the powerful F-Secure Policy
Manager.
Superior Protection ! High level of protection with low maintenance costs
! Superior detection rate with multiple scanning engines
! Unparalleled malicious code detection and disinfection. F-Secure
Anti-Virus for MIMEsweeper detects all known viruses, worms and
Trojans, including Java and ActiveX viruses
! Heuristic scanning detects also unknown macro viruses
! Automatic daily virus definition database updates
2
INSTALLATION
Deployment................................................................................ 14
System Requirements................................................................ 15
Installation Steps........................................................................ 15
13
14
2.1 Deployment
F-Secure Anti-Virus for MIMEsweeper is always installed on the same
machine where MIMEsweeper for SMTP or MIMEsweeper for Web is
running.
Loading...