How it Works
Kaspersky
Loading...
A
E
Loading...
Loading...
ANTI-VIRUS 4.5
User Manual
145 pgs3.57 Mb0
User Manual
134 pgs1.77 Mb0
User Manual
146 pgs2.02 Mb0
Table of contents
Loading...

Kaspersky ANTI-VIRUS 4.5 User Manual

KASPERSKY LABS
Kaspersky Anti-Virus® 4.5
for Microsoft Exchange Server
USER’S GUIDE
KASPERSKY ANTI-VIRUS® 4.5
FOR MICROSOFT EXCHANGE SERVER
User’s Guide
Kaspersky Labs Ltd.
http://www.kaspersky.com
Edition date: December 2003
Contents
CHAPTER 1. KASPERSKY ANTI-VIRUS® 4.5 FOR MS EXCHANGE SERVER........ 7
1.1. What is new in version 4.5 .................................................................................... 9
1.2. Hardware and software requirements .................................................................. 9
1.2.1. Protected server is MS Exchange Server 5.5 ............................................... 9
1.2.2. Protected server is MS Exchange Server 2000/2003................................... 9
1.2.3. Requirements for the computer from which Anti-Virus Engine will be
controlled....................................................................................................... 10
1.3. Distribution Kit...................................................................................................... 10
1.4. Help desk for registered users ............................................................................ 11
1.5. Conventions......................................................................................................... 12
CHAPTER 2. INSTALLATION ...................................................................................... 13
2.1. Installing and uninstalling Kaspersky Anti-Virus® for MS Exchange Server...... 13
2.1.1. Step-by-step installation ............................................................................... 13
2.1.2. Enabling protection of mail bodies under MS Exchange Server 5.5 .......... 21
2.1.3. Updating version 4.2 to 4.5........................................................................... 24
2.1.4. Uninstalling.................................................................................................... 25
2.2. Selecting protected storages............................................................................... 25
2.3. Anti-virus features to support clustering facilities................................................ 28
CHAPTER 3. PROTECTION OF MS EXCHANGE SERVER MESSAGES .............. 29
3.1. Operating principles of the program. Message queue for anti-virus scan......... 29
3.2. Working Procedure.............................................................................................. 31
3.3. Anti-Virus Engine Control by means of Kaspersky AV MMC Snap-In.............. 32
3.3.1. Starting Kaspersky AV MMC Snap-In ......................................................... 32
3.3.2. Kaspersky AV MMC Snap-In Interface........................................................ 34
3.3.3. Adding/deleting server for control................................................................. 35
3.3.4. Setting/removing anti-virus protection. Disconnecting/connecting to
server. License. Importing/exporting settings .............................................. 37
3.3.5. Changing settings using Kaspersky AV MMC Snap-In............................... 40
3.3.6. Table of controlled servers. Customizing warning modes .......................... 41
3.4. Customizing Anti-Virus Engine settings.............................................................. 42
4 Kaspersky Anti-Virus 4.5 for MS Exchange Server
3.4.1. Categories: General and Settings............................................................... 42
3.4.2. Basic Settings for Anti-Virus Protection ....................................................... 43
3.4.2.1. Check Mode........................................................................................... 43
3.4.2.2. Advanced Scanning Modes .................................................................. 44
3.4.2.3. Objects to be scanned ........................................................................... 45
3.4.2.4. Scanning Methods ................................................................................. 46
3.4.3. Rules for scanned objects ............................................................................ 46
3.4.4. Virus Messages and Reports....................................................................... 50
3.4.4.1. Report Types.......................................................................................... 50
3.4.4.2. Sending report to administrator ............................................................. 51
3.4.4.3. Sending Report to Recipient and Sender ............................................. 53
3.4.4.4. Report File.............................................................................................. 54
3.4.4.5. Application Log....................................................................................... 55
3.4.5. Quarantine .................................................................................................... 58
3.4.6. Advanced: parameters of Anti-Virus Engine and MS Exchange Server
joint operation................................................................................................ 61
3.4.7. Advanced: Service Parameters ................................................................... 61
3.4.8. Advanced: Template Editing ........................................................................ 62
3.4.8.1. List of Templates.................................................................................... 62
3.4.8.2. Template Editor...................................................................................... 63
3.4.8.3. Macros and Conditional Clauses .......................................................... 66
3.5. Testing the program ............................................................................................ 72
3.6. System Performance Chart. System Monitor..................................................... 73
3.7. Operating in demo mode. Extending your license. Editing a list of
unprotected objects............................................................................................ 77
CHAPTER 4. KASPERSKY ANTI-VIRUS® CONTROL CENTRE .............................. 78
4.1. Launching Kaspersky AV Control Centre........................................................... 78
4.2. Kaspersky AV Control Centre Interface.............................................................. 80
4.2.1. Tasks tab....................................................................................................... 81
4.2.1.1. Properties window.................................................................................. 86
4.2.2. Components Tab.......................................................................................... 87
4.2.3. Settings Tab.................................................................................................. 88
4.2.3.1. Security Category .................................................................................. 90
4.2.3.2. Alerts Category ...................................................................................... 92
4.2.3.3. Customize Category .............................................................................. 95
4.3. New Task Wizard ................................................................................................ 97
Contents 5
4.3.1. Task Window ................................................................................................ 98
4.3.2. Schedule Window for Kaspersky AV Updater Task.................................... 99
4.3.2.1. Launching on Event ............................................................................. 100
4.3.2.2. Launching by Condition ....................................................................... 101
4.3.2.3. Launching Hourly................................................................................. 102
4.3.2.4. Launching Daily ................................................................................... 102
4.3.2.5. Launching Weekly ............................................................................... 103
4.3.2.6. Launching Monthly............................................................................... 104
4.3.3. Alerts Window............................................................................................. 105
4.3.4. User Account Window................................................................................ 105
4.3.5. Task Setting ................................................................................................ 106
CHAPTER 5. KASPERSKY ANTI-VIRUS® UPDATER ............................................. 107
5.1. How to Start Kaspersky AV Updater ................................................................107
5.2. Kaspersky AV Updater interface....................................................................... 108
5.2.1. Step 1. Kaspersky AV Updater Welcome Wizard Box.............................. 108
5.2.2. Step 2. Connection dialog box ................................................................... 109
5.2.2.1. Setting Kaspersky Anti-Virus® Update from the Internet.................... 110
5.2.2.2. Updating from local folder.................................................................... 115
5.2.2.3. Choosing objects to be updated.......................................................... 116
5.2.3. Step 3. Options box .................................................................................... 116
5.2.4. Step 4. Retrieving Updates window........................................................... 117
5.2.5. Step 5. Finishing Wizard box...................................................................... 118
CHAPTER 6. KASPERSKY ANTI-VIRUS® REPORT VIEWER................................ 119
CHAPTER 7. TREE CHART ....................................................................................... 122
7.1. Tree Chart.......................................................................................................... 122
7.2. Controls.............................................................................................................. 123
7.2.1. Check Box................................................................................................... 123
7.2.2. Option Button.............................................................................................. 124
7.2.3. Text Field .................................................................................................... 124
7.2.4. Path Field.................................................................................................... 125
7.2.5. Number Field .............................................................................................. 125
7.2.6. Drop-Down List........................................................................................... 126
APPENDIX A. REGISTRY SETTINGS....................................................................... 127
6 Kaspersky Anti-Virus 4.5 for MS Exchange Server
APPENDIX B. KASPERSKY LABS LTD. ................................................................... 134
B.1. Other Kaspersky Labs Products....................................................................... 135
B.2. Contact Information........................................................................................... 138
APPENDIX C. INDEX .................................................................................................. 139
APPENDIX D. LICENSE AGREEMENT .................................................................... 140
CHAPTER 1. KASPERSKY ANTI-
VIRUS® 4.5 FOR MS EXCHANGE SERVER
Kaspersky Anti-Virus® 4.5 for MS Exchange Server (hereinafter referred to as Kaspersky Anti-Virus public folders from viruses on MS Exchange Server 5.5/2000/2003 (hereinafter referred to as MS Exchange Server).
Kaspersky Anti-Virus
Checking and disinfecting mail messages "on-the-fly". The program
scans all MS Exchange Server 5.5/2000 incoming and outgoing messages as well as objects stored on it, and disinfects infected objects if possible. Such objects can include message texts, attached messages and files, and OLE objects.
User protection from infected messages. The program prevents user
access to the infected objects. Depending on the settings, it blocks a message with an infected object, deletes the infected object from the message, or replaces this object by a file containing information on the virus detected. The administrator can also customize the mode when the program skips a message with an infected object. In this case, the program changes the name of the infected object, adds information about the detected virus to it, and changes the object extension. As a result, the user will not be able to launch the infected file and infect his/her computer by accident.
Quarantine. The program renames suspicious and infected files, and
saves them to the quarantine directory on the hard disk.
Background scanning on demand. This option allows you to detect and
delete viruses in old messages received before Kaspersky Anti-Virus installation, as well as in messages checked after anti-virus database updating.
Scanning in several threads. Checking mail messages in several
threads accelerates the program’s performance.
®
) software package is designed to protect mailboxes and
®
performs the following functions on MS Exchange Server:
During scanning the program uses anti-virus databases that allow detection and deletion of all known virus types. Anti­virus databases are continuously growing and updated.
®
8 Kaspersky Anti-Virus 4.5 for MS Exchange Server
Self-descriptive reporting. The program sends virus alerts to
administrator, recipient or sender of the infected messages and places corresponding entries in the Application Log and program log file. Such thorough supervision of the program’s performance helps to quickly prevent infection of the server and other computers in your office.
Template Editor. You can set notifications and reports by means of a
special program.
The following software products are included in the package:
Kaspersky Anti-Virus
®
Engine for MS Exchange Server (Anti-Virus
Engine) – is a program component designed for anti-virus protection of the mail messages passing through MS Exchange Server. It is installed and operates on the server.
Anti-Virus Engine 5.5 includes Kaspersky AV AVAPI (1.0) Interceptor for MS Exchange Server (AVAPI Interceptor) and Kaspersky Anti-Virus MAPI Interceptor for MS Exchange Server (MAPI-service).
Anti-Virus Engine 2000/2003 includes Kaspersky AV VSAPI (2.0) Interceptor for MS Exchange Server (VSAPI Interceptor).
In addition, Anti-Virus Engine includes Kaspersky AV LDAP Notification Service, which keeps track of a list of unprotected mailboxes defined in Active Directory (MS Exchange Server 2000/2003) or Exchange Directory (MS Exchange Server 5.5).
®
Kaspersky Anti-Virus
MMC Snap-In – is a program component
designed for settings control and for launching Kaspersky Anti-Virus Engine from Microsoft Management Console (MMC), a standard Microsoft Windows 2000 utility.
Kaspersky Anti-Virus
®
Updater – is a virus-definition database-updating
utility. Anti-virus databases are used when searching for viruses in mail messages. Kaspersky Labs regularly updates these databases by adding new virus details to them; database updates are placed on Kaspersky Labs web sites and later retrieved by the updating utility.
Kaspersky Anti-Virus
components. In this software package, Kaspersky Anti-Virus® Control Centre is used to control only Kaspersky Anti-Virus
®
Control Centre — is a control shell for other
®
Updater. Using Kaspersky AV Control Centre, you can manage updating of anti-virus databases, schedule automatic updating, and review the Anti-Virus Updater performance statistics.
®
®
Kaspersky Anti-Virus® 4.5 for MS Exchange Server 9
1.1. What is new in version 4.5
MS Exchange Server 2003 assistance is provided with version 4.5.
For version 4.5, purchase of a special license for protecting public folders
is not required. The license is issued only for MS Exchange Server mailboxes. In this case, the protection is delivered to both MS Exchange Server mailboxes and public folders.
An option to disable protection of mailboxes has been introduced. Note
that if you want to protect more mailboxes than specified in your license, you should either buy a new license or limit the number of protected mailboxes. Otherwise, the program will operate in demo mode.
®
A new feature has been added to the Kaspersky Anti-Virus
the clustering facilities in MS Exchange Server 2000/2003.
In version 4.5, the Kaspersky AV Сontrol Centre Plug-In component is not
installed. The Kaspersky Anti-Virus MMC Snap-In component. The Kaspersky AV Сontrol Centre Plug-In is uninstalled in case of the updating of program version from 4.x to 4.5.
®
will be managed only through the
to support
1.2. Hardware and software requirements
1.2.1. Protected server is MS Exchange
Server 5.5
Requirements for protected server on which Anti-Virus Engine is installed:
Microsoft Windows NT 4.0 Service Pack 6;
MS Exchange Server 5.5 with Service Pack 4;
Active Directory Service Interfaces (ADSI) 2.5 or Active Directory Client
Extensions.
1.2.2. Protected server is MS Exchange
Server 2000/2003
Requirements for protected server on which Anti-Virus Engine is installed:
10 Kaspersky Anti-Virus 4.5 for MS Exchange Server
Microsoft Windows Server 2000 with Service Pack 2;
MS Exchange Server 2000 with Service Pack 2.
Requirements for the protected MS Exchange Server 2003 on which Anti-Virus Engine is installed:
MS Windows Server 2000 with Service Pack 3 or MS Windows Server
2003;
MS Exchange Server 2003.
You can install Anti-Virus Engine onto different cluster nodes using the Active/Active mode and then control Anti-Virus Engine on each of these nodes separately.
1.2.3. Requirements for the computer from
which Anti-Virus Engine will be controlled
The computer from which Anti-Virus Engine will be controlled must meet the following requirements:
If you intend to control your Anti-Virus Engine locally, install Kaspersky
Anti-Virus your computer.
If you intend to control your Anti-Virus Engine from a remote computer:
®
Control Centre and/or Kaspersky Anti-Virus® MMC Snap-In on
®
Kaspersky Anti-Virus
MS Windows 2000 operating system or higher or MS Windows
NT 4.0 with ММС version 1.2 or higher.
Active Directory Service Interfaces (ADSI) 2.5 or Active
Directory Client Extensions (MS Windows 2000 and higher automatically meets these requirements).
MMC Snap-In.
1.3. Distribution Kit
Kaspersky Anti-Virus® for MS Exchange Server is part of the series of Kaspersky Anti-Virus from our distributors (retail box) or online at one of our Internet shops (for example, www.kaspersky.com
The retail box includes:
®
corporate products. You can purchase the corporate products either
, the Buy online link).
Kaspersky Anti-Virus® 4.5 for MS Exchange Server 11
A sealed envelope with the installation CD containing files for the software
product.
User’s Guide.
A license key written on the installation CD.
License agreement.
Before you unseal the envelope containing the CD, be sure to thoroughly review the license agreement.
If you buy Kaspersky Anti-Virus
®
for MS Exchange Server online, you download the installation file of the product from the Kaspersky Labs website. This installation file includes this User Guide and the license key. The license key can also be sent to you by e-mail after receiving your payment.
The License Agreement is a legal agreement between you and the manufacturer (Kaspersky Labs Ltd.) describing the terms on which you may employ the anti­virus product which you have purchased.
Make sure you read this License Agreement!
If you do not agree to the terms of this LA, you can return the unused product to your Kaspersky Anti-Virus
®
dealer for a full refund, making sure the envelope
with the CD is sealed.
By unsealing the envelope, you agree to all the terms of the LA.
1.4. Help desk for registered users
Kaspersky Labs Ltd. offers a large service package enabling its legal customers to efficiently employ Kaspersky Anti-Virus®.
If you register and purchase a subscription you will be provided with the following services for the period of your subscription:
new versions of this Kaspersky Anti-Virus
phone or e-mail advising on matters related to the installation, setup, and
operation of our anti-virus software.
information about new Kaspersky Labs products and about new computer
viruses (for those who subscribe to the Kaspersky Labs newsletter).
Kaspersky Labs does not provide any information related to the operation and use of your operating system or various technologies.
®
software.
12 Kaspersky Anti-Virus 4.5 for MS Exchange Server
1.5. Conventions
In this book we use various conventions to emphasize different meaningful parts of the documentation. The Table below lists the conventions used in this User Guide.
Convention Meaning
Bold font
Note.
[key]— Function of the key.
Attention!
To do this,
1. Step 1.
2. …
Task or example
Solution
Menu titles, commands, window titles, dialog elements, etc.
Additional information, notes.
Critical information.
Actions that must be taken.
Formulation of the problem or an example of how to use the product.
A solution of the problem formulated.
Command line keys.
Text of information messages and the command line
Text of configuration files, information messages, and the command line.
CHAPTER 2. INSTALLATION
2.1. Installing and uninstalling
Kaspersky Anti-Virus Exchange Server
You can launch the installation program:
on MS Exchange Server 5.5 SP4 / 2000 SP2/2003. In this case you may
install all package components on the server.
on the computer from which the settings of server anti-virus protection will
be controlled. You will not be able to install the Kaspersky Anti-Virus Engine for MS Exchange Server component there as it is designed for operation on the server only.
Launch the setup.exe program from the CD to start the package installation. The setup wizard operates in dialog mode. Each dialog box contains a certain set of buttons to manage the setup process. The main buttons are:
OK— accept actions;
Cancel – cancel actions;
Next – move one step forward;
Back – move one step backward.
®
for MS
®
Before you install Kaspersky Anti-Virus® 4.5, make sure to quit all programs running on your computer.
Before installing Kaspersky Anti-Virus for MS Exchange Server provided by other developers that use the VirusScan API or Anti-Virus API technologies.
®
, remove all anti-virus software
2.1.1. Step-by-step installation
Step 1. Read general information
The first dialog of the Setup Wizard (see Figure 1) contains general information on Kaspersky Anti-Virus
®
4.5.
14 Kaspersky Anti-Virus 4.5 for MS Exchange Server
Step 2. Read the license agreement
The License Agreement dialog box (Figure 2) contains the Agreement text. Read it and click Yes if you accept the license agreement terms. Otherwise, click No to abort the setup.
Figure 1. First dialog box of Setup Wizard
Figure 2. The License Agreement
dialog box
Step 3. Installation requirements
Read the information on how to install and use the program in the Installation requirements dialog box (see Figure 3).
Figure 3. The Installation Requirements dialog box
Installation 15
Step 4. Enter customer information
Enter customer information in the Customer Information dialog box (see Figure
4). Enter the appropriate data in the User Name field and the Company Name field. By default the information for these fields is taken from the Windows registry.
Step 5. Select the program installation folder
Select the directories for installation of Kaspersky Anti-Virus® 4.5 components in the Choose Destination Folder Location dialog box (see Figure 5). The directory for components will be indicated in the Destination Folder group. The general files folder path will be indicated in the Common Files Folder group. Click on Browse to choose the directory.
The Common Files Folder field is hidden if a Kaspersky Labs server product is installed on the server.
Figure 4. The Customer Information dialog
box
Figure 5. The Choose Destination Folder
Location dialog box
16 Kaspersky Anti-Virus 4.5 for MS Exchange Server
Step 6. Add the program group name to the
Start\Programs menu
Define the folder name in the Select Program Folder dialog box (see Figure 6) to display the Kaspersky Anti-Virus
®
4.5 icon in
the standard Program menu. Click Next.
Figure 6. The Select Program Folder dialog
box
Step 7. Installation Requirements
The program defines the installation configuration according to availabsility of MS Exchange Server 2000 Service Pack 2, MS Exchange Server 2003, or MS Exchange Server 5.5 Service Pack 4 on the computer. If none of these products is installed, the Installation Requirements dialog box (see Figure 7) will appear on the display. In the lower part of the box you will see the Installation Options option buttons.
Do not install Kaspersky Anti-Virus® Engine for MS Exchange
Server ( default)
Install Kaspersky Anti-Virus® Engine for MS Exchange Server 5.5
Install Kaspersky Anti-Virus® Engine for MS Exchange
Server 2000/2003.
Choose the option button needed. By default, the installation program will resume but Anti-Virus Engine for MS Exchange Server will not be installed. If you choose to install Anti-Virus Engine for MS Exchange Server despite the fact that the server does not fulfill the installation requirements, the program will install all package components but the above-mentioned component will not operate at full-range.
Installation 17
If you install Kaspersky Anti-Virus®
4.5 on a server under Microsoft Windows NT 4.0 in which MMC and/or ADSI are absent, you will see the appropriate notifications with actions you can choose (see Figure
7).
You can interrupt the process, install
a. If MS Exchange Server has not been
detected
applications needed, and repeat the Kaspersky Anti-Virus when messages appear warning that the installation program requirements have not been satisfied.
®
installation
b. If MMC has not been detected
Figure 7. The Installation Requirements dialog box
c. If ADSI has not been detected
18 Kaspersky Anti-Virus 4.5 for MS Exchange Server
Step 8. Choose Kaspersky Anti-Virus® components to be
installed
In the Select Components dialog box (see Figure 8) check the components to install.
If you select Custom setup, you will have to choose the required components from the Select Components dialog box (see Figure 8).
The component list is conditioned by the installation pattern: if you install the program on a server, the list will contain
Figure 8. The Select Components
dialog box
all the components; otherwise, it will contain two components less.
To choose the components to be installed check the appropriate boxes at the left of the component names.
Step 9. Copying files to the hard disk
Read the setup information in the Start Copying Files dialog box (see Figure 9). Click Next to resume the installation. The program will start copying files to the hard disk. Percentage of completion is indicated by the progress bar in the Setup Status dialog box (see Figure 10).
Figure 9. The Start Copying Files dialog
box
Figure 10. The Setup Status dialog box
Installation 19
Step 10. Choose the report storage directory
In the Report Viewer Settings dialog box (see Figure 11), you should specify the folder in which to save the reports generated by Anti-Virus Updater and Kaspersky Anti-Virus
®
Control Centre. Reports generated by Anti-Virus Engine
are saved to the folder specified from MMC.
Step 11. Choosing service properties
While installing Anti-Virus Engine for MS Exchange Server 5.5, you should set the service account for the Kaspersky Anti-Virus Exchange Server service in the Service properties dialog box (see Figure 12). This service account must have MS Exchange Server administrator rights to change any messages in the mailboxes stored on this server (Service Account Admin rights). Enter the account name in the Account Name field. Enter the appropriate password in the Password field and the Confirm password field.
Note that the setup wizard does not check the validity of your information. If you enter incorrect information, the service will be unavailabsle (or will operate incorrectly).
The data you enter in the Service properties dialog box will be used to register Kaspersky AV LDAP Notification Service.
Under MS Exchange Server 2000/2003, Kaspersky AV LDAP Notification Service runs under the system account.
®
MAPI Interceptor for MS
Figure 11. The Report Viewer Settings
dialog box
Figure 12. The Service properties dialog
box
20 Kaspersky Anti-Virus 4.5 for MS Exchange Server
Step 12. Remote administration password
In the Administration Password dialog box (see Figure 13), enter the remote administration password that will be used by Kaspersky to connect to the protected server.
®
Network Control Centre
Step 13. Define paths to the license key files
In the License Key File dialog box (see Figure 14), define the license key file name and the path.
Figure 13. The Administration Password
dialog box
Figure 14. The License Key File dialog
box
If the file is located in the setup folder, its name will be displayed in the List of license key files to install.
If the license key file is located in a different folder, click Add and define the license key file name and path in the Select License Key File standard dialog box. If required, the program can use several license key files simultaneously.
Check the box in the Associate license key file types group if you want to activate the AddKey utility. After the AddKey utility is activated, you can install new license key files by double-clicking them.
The license key file is your personal "key" that contains all the housekeeping data essential for Kaspersky Anti-Virus
®
to apply all its features:
vendor information for this version (company name, addresses, telephone
numbers);
support information (who provides the support and where);
product release date;
license name and number;
Installation 21
functionality table for various components;
validity term of this license.
Step 14. To complete the setup
Upon completion of Kaspersky Anti-Virus® 4.5 for MS Exchange Server package installation, the Setup Wizard Complete dialog box will appear on the screen (see Figure 15a).
If your computer needs restarting, the installation program will inform you about this (see Figure 15a). Choose one of the following actions:
Yes, I want to restart my computer now – if you want to restart your
computer immediately.
No, I will restart my computer later – if you want to postpone
restarting.
If your computer does not need restarting, the installation program will offer to launch one or several of the installed components (see Figure 15b). Click Finish.
a. Variant 1
Figure 15. The Setup Wizard Complete dialog box
b. Variant 2
2.1.2. Enabling protection of mail bodies
under MS Exchange Server 5.5
AVAPI Interceptor protects message attachments in all protected mailboxes and public folders of MS Exchange Server 5.5 but it cannot protect message bodies due to restrictions in AVAPI 1.0 technology.
22 Kaspersky Anti-Virus 4.5 for MS Exchange Server
If you want the program to protect message bodies, run the MAPI service on your server. You can find the MAPI service in the list of installed services under the name "Kaspersky Anti-Virus
®
MAPI
Interceptor for MS Exchange Server."
You should start the MAPI service under a user's account which has rights to read the HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan registry key. This account must have rights of an MS Exchange Server administrator to be able to change any messages in mailboxes located on this server (Service Account Admin rights).
To force the program protect message bodies for new mailboxes and/or public folders, you should restart the MAPI service.
The MAPI service protects only those mailboxes that already contain a message store. Such a message store will be generated after receiving the first message in the mailbox or after first logon with Microsoft Outlook to that mailbox.
To force the program to protect mail bodies of all messages stored in protected public folders, run MAPI on your server and configure these public folders as described below:
1. Launch Microsoft Exchange Administrator (see Figure 16).
Figure 16. The Microsoft Exchange Administrator main window
2. Choose the public folder to be protected.
3. Choose the Properties item from the File menu or press the button. The Properties window will appear on the screen (see Figure 17).
Installation 23
Figure 17. The Properties dialog box
4. On the General tab press the Client Permissions button. The Client Permissions dialog box will appear on the screen (see Figure 19).
5. In the Client Permissions dialog box press the Add button (see Figure 18). The Add users dialog box will appear on the screen.
Figure 18. The Add Users dialog box
6. In the Add users dialog box in the address list choose the
Kaspersky Anti-Virus
®
for MS Exchange Server… address and
press the Add button. The program will use this address to check message bodies. If you find several mailboxes with similar names,
24 Kaspersky Anti-Virus 4.5 for MS Exchange Server
choose the one that is placed on the protecting server. Then press the OK button.
7. In the Client Permissions dialog box in the string-table, choose the
Kaspersky Anti-Virus
®
for MS Exchange Server string. Make sure that the Owner value is selected in the Roles drop-down list. Press the OK button.
Figure 19. The Client Permissions dialog box
8. In the Properties dialog box click the OK button.
9. Repeat all above steps for public folders to be protected.
You can make these settings not only using MS Exchange Administrator but also using Microsoft Outlook. The only difference is that you should choose the Properties item from the right-click menu of the public folder (see step 3) and then choose the Permissions tab in the Properties dialog box (see step 4).
10. Start or restart the MAPI service in order to force the program to check bodies of all messages stored in public folders.
2.1.3. Updating version 4.2 to 4.5
The above section describes the installation of Kaspersky Anti-Virus® on a computer on which no Kaspersky Labs products have been installed (see
Installation 25
subchapter 2.1 on page 6). This subchapter explains how to install and upgrade Kaspersky Anti-Virus
After you run setup.exe, a dialog box with a message that the program is about to update the current version of Kaspersky Anti-Virus to version 4.5 will appear on your screen. After searching for installed components, the program will offer to set the parameters for the Report Viewer component (see Step 10 on page 19) and prompt you to enter a password for remote administration of Kaspersky Anti-Virus® 4.5 for MS Exchange Server (see Step 12 on page 20).
Previous or current versions of Kaspersky AV Control Centre may have been installed on your computer, for example, together with another software package. In this case, the Component: Kaspersky Anti-Virus® Control Centre dialog box will appear on your screen, offering you several options on how to install the standard settings file.
Select one of the following options on how to install the settings file:
Combine – Add the standard settings file to the existing settings.
Overwrite – Write a new settings file over the existing settings file.
Skip – Leave the existing file without changes.
If Kaspersky AV Updater has been installed on your computer (together with Kaspersky Anti-Virus products), a dialog box with several options will appear on your screen. However, the Combine option will be unavailabsle in this dialog box. You will be offered the opportunity to overwrite the existing settings file or save the existing settings.
®
for MS Exchange Server from version 4.2 to 4.5.
®
for MS Exchange Server
®
for MS Exchange Server or other Kaspersky Labs
2.1.4. Uninstalling
Should you for any reason wish to uninstall Kaspersky Anti-Virus®, launch setup.exe for the second time from the folder into which you installed the product or use the Add or Remove Programs tool in the Windows Control Panel.
A removal confirmation dialog box will appear on your screen. Click OK to start the removal procedure. The program files will be removed from the computer.
If the removal program detects files that may be in use by other programs, the file removal confirmation dialog box will appear on your screen. Press Yes to remove the files.
2.2. Selecting protected storages
The program protects the number of mailboxes as specified in your license.
26 Kaspersky Anti-Virus 4.5 for MS Exchange Server
Both mailboxes and public folders on both versions of MS Exchange Server can be protected. Thus, you do not have to purchase a license for protecting public folders under MS Exchange Server.
If you have many licenses, the program can protect all storages
1
located on the
protected server.
If the number of protected mailboxes specified in your license is insufficient, you should exclude some of them from the list of protected mailboxes.
A list of unprotected mailboxes is formed in a similar way to the mailing list or the security group (for MS Exchange Server 2000/2003). The list is stored in Exchange Directory (for MS Exchange Server 5.5) or in Active Directory (for MS Exchange Server 2000/2003).
To form a list of unprotected mailboxes, the objects excluded from protection must be specified explicitly. If the list of unprotected mailboxes contains a mailing list group that, in turn, includes other mailing lists, these nested objects will be protected, too.
The list of unprotected mailboxes is managed (i.e. adding and deleting objects from the list) using the standard control tools: MS Exchange Administrator (for MS Exchange Server 5.5) or Active Directory Users & Computers (for MS Exchange Server 2000/2003).
The program interface displays only the name of this mailing list and the frequency of checking of its update status (see subchapter 3.4.2.3 on page 45).
The Kaspersky AV LDAP Notification Service, a special service included in the distribution kit, tracks changes in the list and restarts Anti-Virus Engine if necessary.
Anti-Virus Engine analyzes the From, To, and Copy fields and the name of the storage in which it scans messages. If any of the above fields or the storage name contains an address to be protected, the program scans the message for viruses.
While working with MS Exchange Server 2000/2003, incoming messages are scanned for any mail client or mail protocol. Outgoing messages are scanned only if an MS Exchange-compatible client (for example, MS Outlook) and the MAPI protocol are used to send mail. In other cases, outgoing messages are not scanned because they do not enter the storage on the protected server.
1
Hereafter, ‘ message storages’ denote mailboxes and public folders.
Installation 27
While working with MS Exchange Server 5.5, the program scans bodies of incoming messages only in protected storages and does not scan bodies of outgoing messages because of certain limitations of the AVAPI and MAPI technologies. Attached files are scanned in all storages: incoming messages are scanned without any limitations and outgoing messages are scanned only when an MS Exchange­compatible client and the MAPI protocol are used.
However, an unchecked message can get into the mailbox of a protected MS Exchange Server 2000 user even if Anti-Virus is enabled. This is possible when:
A message has false or unprotected addresses. There are protected and
unprotected addresses among the real recipient addresses. The program might not scan this message because the protected address is absent from availabsle message attributes handled by VSAPI Interceptor.
The message sent to check is not searched again in the other storages of
the same database due to internal optimization of MS Exchange Server.
A message sent to the address of an unprotected user (mailbox 1) from a
remote mailbox and forwarded to the protected mailbox (mailbox 2) via the MAPI protocol in Plain text and HTML (see Figure 20) is not checked by Anti-Virus VSAPI Interceptor if those two mailboxes are physically located in the same database.
Figure 20. Scheme of how an unchecked forwarded message gets into a protected mailbox
A message sent from a remote mailbox to the address of an unprotected
user (mailbox 1), and then forwarded to an unprotected mailbox (mailbox
3), and auto-forwarded (if set by an according MS Outlook rule) to a protected mailbox (mailbox 2) via the MAPI protocol in Plain text, HTML, and RTF formats (see Figure 21) is not checked by Anti-Virus VSAPI Interceptor if the mailboxes listed are included in the same database.
Figure 21. Scheme of how an unchecked auto-forwarded message gets into a protected
mailbox (if set by an MS Outlook rule)
28 Kaspersky Anti-Virus 4.5 for MS Exchange Server
A message created by user in an unprotected mailbox with the help of
Outlook Web Access (OWA) and forwarded to the protected user's mailbox is not checked if those two mailboxes are physically located in the same database.
A message created by user in an unprotected mailbox with the help of MS
Outlook, temporarily saved in the "Drafts" folder and subsequently forwarded to the protected user's mailbox is not checked if those two mailboxes are physically located in the same database.
To avoid such situations, we recommend that you keep the protected and unprotected storages in different MS Exchange Server 2000/2003 databases.
2.3. Anti-virus features to support clustering facilities
Usage of the independent group servers run by the Cluster Service as a single Network element is referred to as Cluster technology. It provides a higher level of resource and application safety and management.
The Kaspersky Anti-Virus Exchange Server 2000/2003 clustering facilities.
To ensure the Kaspersky Anti-Virus
Install the Kaspersky Anti-Virus
Do not use virtual Exchange-server’s name to adjust the Kaspersky AV
MMC Snap-In interface (see chapter 3.3 on page 32) for anti-virus protection management.
Add all cluster nodes as servers.
The Anti-Virus protection settings on all cluster nodes should be
identical. Make any changes of anti-virus protection settings for all clusters simultaneously.
Enter the virtual Exchange-server name as an SMTP server, adjusting
report parameters to perform report delivery correctly (see chapter 4.2.3.2 on page 92).
®
, version 4.5 for MS Exchange Server supports MS
®
operation on cluster, perform the following:
®
on each cluster node.
CHAPTER 3. PROTECTION OF
MS EXCHANGE SERVER MESSAGES
3.1. Operating principles of the program. Message queue for anti-virus scan
Anti-Virus Engine checks and disinfects (if possible) all incoming and outgoing mail messages, as well as those stored on the server. The program checks the message body and attachments, searching for viruses in archives, self-extracting executable modules, mail databases, plain mail files, and OLE objects. The running program uses anti-virus databases – special files with descriptions of a number of known viruses. These databases are updated by Kaspersky Labs on a daily basis. The program can use a special detection tool - Code Analyzer - that allows detection of unknown viruses in the files.
Anti-Virus Engine uses the AVAPI 1.0 and MAPI technologies (under MS Exchange Server 5.5) and the VS API 2.0 technology (under MS Exchange Server 2000/2003). The program checks all new incoming messages "on-the-fly". The user will not be able to view a new message until it is checked. Old messages, i.e. those unchecked by the program after the last anti-virus database update, are checked when a user requests their contents. In some cases, the user will have to wait for a while until the queue reaches the required message. Then he/she will be able to view its contents on the screen.
The program is able to check the old messages in the background scanning mode. Processor load increases when operating in background scanning mode but later the users will not have to wait. In the case of a request for an old message, MS Exchange Server will display it on the screen right away. In addition, under MS Exchange Server 2000/2003 the proactive scanning mode can be selected when the program first checks the requested messages (see subchapter 3.4.2.4 on page 46).
The message queue for Anti-Virus Engine consists of several sections. The queue for new messages that have just arrived on the server and those that have not been checked yet is at the beginning of the common queue. It is followed by a queue of old messages that have been requested by users and
30 Kaspersky Anti-Virus 4.5 for MS Exchange Server
scanned by the program in background mode. Under MS Exchange Server 2000/2003 there can be two more segments in the queue if you enable the proactive scanning mode. Both at the beginning of the new messages queue and at the beginning of the old messages queue there will appear the queues requested for review by users.
Table 1. Message queue for anti-virus check
Queue segment
Urgent New
New
Urgent Old
Old
Kind of message When it is displayed
New messages requested by user for review.
Under MS Exchange Server 2000/2003 only and if proactive scanning mode is enabled. Otherwise, the messages requested by user are checked in the common queue of new messages.
New messages Always.
Old messages requested by user for review.
Under MS Exchange Server 2000/2003 and if proactive scanning mode is enabled, this queue segment is distinguished from the common queue of old messages. Otherwise, the messages requested by user are checked in the common queue of old messages.
Old messages Always. If background scanning mode
is enabled, this queue segment includes old messages that were not checked after the last update of the anti-virus database. Otherwise, there will only be messages requested by the user in the old message list.
The program checks all message objects. It can scan them in several threads simultaneously (see subchapter 3.4.6 on page 61). The program treats each object in accordance with the selected settings (see subchapter 3.4.3 on page
46): it blocks out a message with an infected object, deletes the infected object
from the message, or changes this object with a file containing information on the virus detected. The administrator can also customize the mode when the program skips the message with an infected object. However, it changes the name of this object, adds the information on the virus to it, and changes the object extension. As a result, the user will not be able to accidentally launch the infected file and infect his/her computer.
Loading...
+ 115 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use