How it Works
Kaspersky
Loading...
E
I
K
L
M
P
S
T
Loading...
Loading...
SECURITY 6.0 FOR MICROSOFT EXCHANGE SERVER 2007
User Manual
115 pgs2.62 Mb0

Kaspersky SECURITY 6.0 FOR MICROSOFT EXCHANGE SERVER 2007 User Manual

THE ADMINISTRATOR'S GUIDE
KASPERSKY SECURITY 6.0
FOR MICROSOFT
EXCHANGE SERVER 2007
2
Dear User!
Thank you for choosing our product. We hope that this documentation helps you in your work and answers your questions about this software product.
Attention! This document is the property of Kaspersky Lab: all rights to this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction and distribution of this document or parts thereof will result in civil, administrative or criminal liability in accordance with the laws of the Russian Federation.
Any type of reproduction or distribution of any materials, including in translated form, is allowed only with the written permission of Kaspersky Lab.
This document and the graphic images it contains may be used exclusively for information, non-commercial or personal purposes.
This document may be amended without prior notification. For the latest version, please refer to Kaspersky Lab’s website
at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance or accuracy of any materials used in this document for which the rights are held by third parties, or for the potential damages associated with using such documents.
This document includes registered and non-registered trademarks. All trademarks are the property of their owners.
© Kaspersky Lab 1997-2009
+7 (495) 645-7939,
Tel., fax: +7 (495) 797-8700,
+7 (495) 956-7000
http://www.kaspersky.com
http://support.kaspersky.com
Revision date: 4/23/09
3
TABLE OF CONTENTS
INTRODUCTION ........................................................................................................................................................... 6
Overview of the application ...................................................................................................................................... 6
Threats to computer security ................................................................................................................................... 7
Application structure ................................................................................................................................................ 9
Software system requirements ................................................................................................................................ 9
Hardware system requirements ............................................................................................................................... 9
Distribution Kit ........................................................................................................................................................ 10
The end-user license agreement (EULA) ......................................................................................................... 10
Services for registered users ................................................................................................................................. 10
Obtaining information about the application ........................................................................................................... 11
Data sources for independent search .............................................................................................................. 11
Contacting the Sales Department .................................................................................................................... 12
Contacting the Technical Support Service ....................................................................................................... 12
Discussion of Kaspersky Lab applications on the web forum ........................................................................... 13
OPERATION OF THE APPLICATION ......................................................................................................................... 14
Microsoft Exchange Server 2007 roles and corresponding anti-virus configurations ............................................. 14
Security Server architecture ................................................................................................................................... 15
Server protection deployment ................................................................................................................................ 15
Server protection system maintenance .................................................................................................................. 16
Application operation on a cluster of servers ......................................................................................................... 16
INSTALLING, UPDATING AND REMOVING THE APPLICATION ............................................................................. 18
Application installation ........................................................................................................................................... 18
First-time installation ........................................................................................................................................ 19
Step 1. Greeting and License Agreement ................................................................................................... 19
Step 2. Selecting the type of the installation ............................................................................................... 19
Step 3. Selecting application components to be installed ........................................................................... 19
Step 4. Enabling server protection .............................................................................................................. 20
Step 5. Restarting Microsoft Exchange Server services ............................................................................. 20
Step 6. Additional information about the application ................................................................................... 21
Step 7. Copying files ................................................................................................................................... 21
Step 8. Installing the license and completing the setup .............................................................................. 21
Reinstalling the application ............................................................................................................................... 21
Initial Configuration Wizard .................................................................................................................................... 21
Modification of the Security Server settings ........................................................................................................... 24
Removing the application ....................................................................................................................................... 25
GETTING STARTED ................................................................................................................................................... 26
Starting the application .......................................................................................................................................... 26
Application interface............................................................................................................................................... 26
Main window .................................................................................................................................................... 27
Context menu ................................................................................................................................................... 28
Creating the list of managed servers ..................................................................................................................... 29
Connecting the Management Console to the server .............................................................................................. 30
Minimum required configuration ............................................................................................................................. 31
Mail server protection without additional configuration........................................................................................... 31
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
4
Checking application functioning ........................................................................................................................... 32
UPDATING THE KASPERSKY SECURITY DATABASES .......................................................................................... 34
Manual update ....................................................................................................................................................... 35
Automatic database updating ................................................................................................................................ 35
Selecting the updates source ................................................................................................................................. 36
Editing the connection settings .............................................................................................................................. 38
Running updates under a different user account ................................................................................................... 39
ANTI-VIRUS PROTECTION ........................................................................................................................................ 40
Anti-virus protection levels ..................................................................................................................................... 41
Enabling and disabling anti-virus server protection. Selecting the anti-virus protection level ................................ 42
Scanning attachments ........................................................................................................................................... 44
Disabling the scanning of outgoing email............................................................................................................... 46
Selecting actions to be performed on objects ........................................................................................................ 47
Background scan ................................................................................................................................................... 51
Configuring anti-virus protection performance ....................................................................................................... 53
BACKUP STORAGE ................................................................................................................................ ................... 56
Viewing the backup storage ................................................................................................................................... 57
Viewing properties of a backed-up object ................................................................................................ .............. 59
Quick filtering of objects ......................................................................................................................................... 59
Backup storage filters ............................................................................................................................................ 60
Restoring objects from backup storage.................................................................................................................. 63
Sending objects for analysis .................................................................................................................................. 63
Deleting objects from backup storage .................................................................................................................... 64
Configuring the backup storage settings ................................................................................................................ 64
NOTIFICATIONS ......................................................................................................................................................... 66
Creating a notification template ............................................................................................................................. 67
Viewing and editing notification parameters ........................................................................................................... 70
Customizing general notification settings ............................................................................................................... 71
PREVENTING VIRUS OUTBREAKS .......................................................................................................................... 73
Enabling and disabling the virus outbreak prevention rules ................................................................................... 74
Setting the virus activity level threshold ................................................................................................................. 75
Configuring the response to a virus outbreak ........................................................................................................ 76
Configuring notifications about virus outbreaks ..................................................................................................... 77
REPORTS ................................................................................................................................................................... 79
Generating reports ................................................................ ................................................................ ................. 81
Creating a report generation task ..................................................................................................................... 82
Viewing and configuring a report generation task ............................................................................................ 86
Viewing reports ...................................................................................................................................................... 88
APPLICATION EVENT LOGS ................................................................ ..................................................................... 90
Configuring the diagnostics level ........................................................................................................................... 91
Editing log settings ................................................................................................................................................. 92
MANAGING KASPERSKY SECURITY LICENSES .................................................................................................... 93
License information ................................................................................................................................................ 95
Installing a license ................................................................................................................................................. 96
Removing a license ............................................................................................................................................... 96
License-related notifications .................................................................................................................................. 97
T A B L E O F C O N T E N T S
5
Unprotected storage areas .................................................................................................................................... 97
FREQUENTLY ASKED QUESTIONS ................................................................................................ ......................... 99
TABLE OF MACRO SUBSTITUTION ........................................................................................................................ 101
GLOSSARY ............................................................................................................................................................... 103
KASPERSKY LAB ..................................................................................................................................................... 107
INDEX ....................................................................................................................................................................... 108
LICENSE AGREEMENT ........................................................................................................................................... 112
6
IN THIS SECTION
Overview of the application ............................................................................................................................................... 6
Threats to computer security ............................................................................................................................................. 7
Application structure .......................................................................................................................................................... 9
Software system requirements .......................................................................................................................................... 9
Hardware system requirements ......................................................................................................................................... 9
Distribution Kit ................................................................................................................................................................. 10
Services for registered users ........................................................................................................................................... 10
Obtaining information about the application .................................................................................................................... 11
INTRODUCTION
The main source of viruses today is the global Internet, and the majority of virus infections occur via email attachments. The overwhelming majority of computers have an email client program installed, with an address book which malicious programs can potentially use to find new victims. As a result, the user of an infected computer will send infected email messages to his or her contacts. If infected files, due to someone's negligence, enter the commercial mailing lists of large companies, the virus can affect hundreds or even thousands of direct recipients, who infect their contacts in turn.
It is acknowledged that information has become an important asset, to be guarded and protected. At the same time, to gain profit through the use of the information, it must be available to the company's employees, clients and partners. This raises the issue of data security, and in particular: the protection of corporate mail servers against external threats; the prevention of virus outbreaks within corporate networks, and the filtering out of unsolicited email.
OVERVIEW OF THE APPLICATION
Kaspersky Security 6.0 for Microsoft Exchange Server 2007 (hereinafter referred to as Kaspersky Security or the application) protects mailboxes, public folders and relayed email located on Microsoft Exchange Server 2007 (hereinafter Microsoft Exchange Server) against malicious programs. The application scans all email traffic passing through the protected Microsoft Exchange Server.
Kaspersky Security performs the following functions:
Scanning and analysis of incoming and outgoing email messages for the presence of malicious objects. This
analysis processes the body and attachments of the email message. The application can be configured to disinfect or delete a malicious object, or to add a warning message to the email message.
Saving backup copies of scanned objects. Before attempting to disinfect or delete an object, a copy is stored in
a special storage to enable subsequent restoration if required. Configurable filters allow the easy location of stored objects.
Notifying the sender, the recipient and the system administrator about messages that contain malicious objects.
Maintaining event logs, and creating regular reports about the application’s operation and the status of anti-virus
protection. The application allows the creation of reports with a user-specified level of detail, either at a specified interval or upon request.
I N T R O D U C T I O N
7
Some application features are only available when the protected Microsoft Exchange Server functions in certain roles (see section «Microsoft Exchange Server 2007 roles and corresponding anti-virus configurations» on page 14).
Henceforth in the text of this Administrator's Guide the term "virus" will be used as a generic term to include viruses, Trojan Horses, and worms. A particular type of malware will be mentioned only when it is required.
Detecting virus outbreaks as they emerge, automatically taking emergency steps and sending notifications. The
application identifies attempts to mass-mail infected messages, either from the Internet or from computers within the corporate network.
Configuring application settings depending on the intensity and the nature of the traffic, as well as the
characteristics of the server’s installed hardware, including the amount of RAM, CPU speed, and number of
processors.
Updating the Kaspersky Security databases, either automatically or in manual mode. The anti-virus databases
can be updated from the Kaspersky Lab's ftp and http servers, or from a local/network folder that contains the latest set of updates.
Re-scanning messages for the presence of new viruses, using a schedule. This task is performed as a
background scan, and has only a small effect on the mail server’s performance.
Creating the list of protected storage areas, which offers additional flexibility in regards to license restrictions on
the number of protected mail boxes.
Managing licenses.
THREATS TO COMPUTER SECURITY
There are many different types of threats that can affect your computer. This section gives you a general overview of them.
Worms
This category of malicious programs propagates by exploiting vulnerabilities in the operating system. This group was named because of their ability to tunnel from one computer to another, using networks, email, and other channels. This ability allows worms to spread extremely quickly.
When a worm penetrates a computer, it calculates the IP addresses of other locally accessible computers, and sends copies of itself to these computers. In addition, worms also utilize data from email client program’s address books. Some of these malicious programs occasionally create work files on system disks, but they can run without using any system resources at all, except for RAM.
Viruses
Viruses are programs which infect other files, adding their own code to them to gain control of the infected files when they are opened. This simple definition explains the fundamental action performed by a virus, which is infection.
Trojans
Trojans are programs which perform unauthorized actions on infected computers, such as erasing information on
hard drives, making the system “freeze”, and stealing confidential information. Trojan Horses are not strictly viruses
as they do not infect programs or data, and are unable to propagate independently into computers. They are distributed by malicious users as "useful" software. However, the damage inflicted by Trojans can greatly exceed that from a traditional virus attack.
Recently, worms have become the commonest type of malware, followed by viruses and Trojans. Some malicious computer programs have characteristics of two or even all three of the above categories.
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
8
The following potentially dangerous types of malware have also become widespread:
Adware
Adware comprises programs which are secretly included in a program, usually freeware, to display advertising
messages. The advertising component is situated in the program’s interface. Frequently, adware programs take
other actions: for instance, they can gather the users' personal information and send it back to the developer; they can change the web browser's settings (browser's home page, search page, security levels, and so on); they can create traffic that is not controlled by the user. This activity may lead to a security breach and to direct financial losses.
Riskware
Riskware is potentially dangerous software which does not itself perform any malicious functions, but which, since it contains security breaches and errors, can be used by intruders as an auxiliary component of a malicious program. Under some conditions, having such programs on your computer can put your data at risk. These programs include, for instance, some remote administration utilities, keyboard layout toggles, IRC client programs, FTP servers, and some utilities used for stopping or hiding running processes.
Spyware
Spyware obtains unauthorized access to the user's computer, and secretly gathers information about an individual user or organization. It usually provides no clue to its existence, and often escapes detection. As a rule, the goal of spyware is to:
keep track of a user's actions;
gather information about the contents of the hard drive; this usually involves scanning some folders and the
system registry to compile a list of software installed on the computer;
gather information on the quality of the internet connection, such as the bandwidth and modem speed.
Jokes
Joke software does not inflict direct damage to the computer, but displays messages stating that the damage has already been done, or will be done under certain conditions. These programs often warn the user of non-existent dangers, such as imminent hard disk formatting (although no formatting is actually taking place) or the detection of viruses in uninfected files.
Automatic dialers (PornWare)
Pornware programs make modem connections to various pay-per-visit Internet resources, generally pornographic in nature.
Hack Tools
Hacker tools are programs used by hackers to obtain unauthorized access to your computer. They include illegal vulnerability scanners, password cracking programs, and other types of programs for cracking network resources or penetrating a system.
Other malicious programs
This category includes programs created to implement Denial of Service attacks on remote servers, to hack other computers, and programs that are part of the development environment for malicious programs. These programs include hack tools, virus builders, vulnerability scanners, password cracking programs, and other types of software used for obtaining unauthorized access to the system under attack.
I N T R O D U C T I O N
9
Malware is distributed mainly via email and the Internet, although a memory stick, floppy disk or CD can also be a source of infection. Therefore, the comprehensive anti-virus protection extends beyond simple regular scans for viruses, and includes the more complex task of real-time computer protection from malicious software.
APPLICATION STRUCTURE
Kaspersky Security comprises these components:
The Security Server which scans email traffic for viruses, performs anti-virus database updates, ensures the
integrity of the application and its data storage, and enables administrative services for remote management and configuration.
The Management Console which provides the user interface for managing the application’s administrative
services, and enables configuration of the application and management of the server component. The management module is implemented as an extension of the Microsoft Management Console (MMC).
SOFTWARE SYSTEM REQUIREMENTS
The Security Server requirements:
Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft
Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 x64 Enterprise Edition / Microsoft Windows Server 2008 x64 Standard Edition / Microsoft Windows Server 2003 x64 R2 Enterprise Edition / Microsoft Windows Server 2003 x64 R2 Standard Edition / Microsoft Windows Server 2003 x64 Enterprise Edition / Microsoft Windows Server 2003 x64 Standard Edition.
Microsoft Exchange Server 2007 x64 or Microsoft Exchange Server 2007 x64 Service Pack 1, should be
deployed in one of the appropriate Microsoft Exchange Server 2007 configurations (see section «Microsoft Exchange Server 2007 roles and corresponding anti-virus configurations» on page 14).
Microsoft Core XML Services (MSXML) 6.0.
Management Console requirements:
Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft
Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 / Microsoft Windows Server 2003 x64 (with Service Pack 2 installed) / Microsoft Windows Server 2003 x64 R2 Standard Edition / Microsoft Windows Server 2003 x64 R2 Enterprise Edition / Microsoft Windows XP x64 (with Service Pack 2 installed) / Microsoft Windows Vista x64 / Microsoft Windows Server 2003 R2 Standard Edition / Microsoft Windows Server 2003 R2 Enterprise Edition / Microsoft Windows Vista / Microsoft Windows Server 2003 (with Service Pack 2 installed) / Microsoft Windows XP (with Service Pack 3 installed).
Microsoft Management Console 3.0.
HARDWARE SYSTEM REQUIREMENTS
The hardware requirements of the Security Server are identical to the requirements of Microsoft Exchange Server 2007. Depending upon the application settings and its mode of operation, considerable disk space may be required for backup storage and other service folders - for instance, the default size of the backup storage folder can be up to 1024 MB.
Management Console hardware requirements:
Intel Pentium 300 MHz or higher;
256 MB free RAM (recommended);
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
10
Before breaking the seal on the installation disk envelope, carefully read through the EULA.
100 MB disk space for the application files.
DISTRIBUTION KIT
You can purchase the boxed version of Kaspersky Anti-Virus from our resellers, or purchase it online from Internet shops, such as the eStore section of http://www.kaspersky.com.
If you buy the boxed version of the program, the package will include:
A sealed envelope with the installation CD containing the program files and documentation in PDF format.
A User Guide in printed form (if this item was included in the order) or a Product Guide.
The program activation code, attached to the installation CD envelope.
The end-user license agreement (EULA).
If you buy Kaspersky Anti-Virus from an online store, you will download the product from the Kaspersky Lab website (Downloads Product Downloads). You can download the User Guide from the Downloads Documentation section. You will be sent an activation code by email after your payment has been received.
THE END-USER LICENSE AGREEMENT (EULA)
The End-User License Agreement is a legal agreement between you and Kaspersky Lab that specifies the terms on which you may use the software you have purchased.
Read the EULA through carefully!
If you do not agree with the terms of the EULA, you can return your boxed product to the reseller from whom you purchased it and be reimbursed the amount you paid for the program, provided that the envelope containing the installation disk is still sealed.
By opening the sealed installation disk, you accept all the terms of the EULA.
SERVICES FOR REGISTERED USERS
Kaspersky Lab Ltd. offers an extensive service package to all legally registered users of Kaspersky Security, enabling them to boost the application's performance.
After purchasing a license, you become a registered user and, during the period of your license, you will be provided with these services:
hourly updates to the application databases and updates to the software package;
support on issues related to the installation, configuration and use of the purchased software product. Services
will be provided by phone or via email;
information about new Kaspersky Lab products and about new viruses appearing worldwide. This service is
available to users who subscribe to Kaspersky Lab's newsletter on the Technical Support Service web site.
I N T R O D U C T I O N
11
Support on issues related to the performance and the use of operating systems, or other non-Kaspersky technologies, is not provided.
IN THIS SECTION
Data sources for independent search .............................................................................................................................. 11
Contacting the Sales Department .................................................................................................................................... 12
Contacting the Technical Support Service ....................................................................................................................... 12
Discussion of Kaspersky Lab applications on the web forum. ......................................................................................... 13
OBTAINING INFORMATION ABOUT THE APPLICATION
If you have any questions regarding purchasing, installing or using the application, answers are readily available.
Kaspersky Lab provides many sources of information about the application, from which you can select the most convenient source, depending on the urgency or importance of your question.
DATA SOURCES FOR INDEPENDENT SEARCH
Information about the application is available at these locations, which are discussed below:
application page at Kaspersky Lab's web site;
application page at the Technical Support web site (in the Knowledge Base);
online help system;
documentation.
Application page at Kaspersky Lab's web site
http://www.kaspersky.com/security_ms_exchange_07
On this page you can find general information about the application and its features. You can purchase the application or renew your license in our online store.
Application page at the Technical Support web site (in the Knowledge Base)
http://support.kaspersky.com/exchange/security6.0
This page contains articles published by the Technical Support experts.
These articles contain useful information, guidelines, and answers to frequently asked questions about the purchase,
installation, and use of the application. They are grouped in topics, such as “Work with key files”, “Database
updates”, or “Troubleshooting”. The articles provide information not only about this application, but also about other
Kaspersky Lab's products, and contain news from the Technical Support Service in general.
Online help system
The application package includes a complete help file which describes all aspects of working with the application, including: application setup; configuring protection for email accounts, public folders and transit mail on Microsoft Exchange Server 2007; scanning email for the presence of malware; configuring notifications, and other tasks.
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
12
If you are not yet a registered user of Kaspersky Lab's applications you can fill out a registration form on page (https://support.kaspersky.com/en/personalcabinet/registration/form/). During registration enter the activation code for your application or the key file name.
To open the help file, select Help in the Help menu of the product console.
If you have a question about a specific application window, you can use the context help. To open the context help, open the window or the tab that interests you, and press the <F1> button.
Documentation
The Administrator's Guide describes how to work with the application, prevent virus outbreaks, generate reports, and many other aspects.
The PDF file containing this document is included in the application package (installation CD).
You can download the documentation file from the application page at Kaspersky Lab's web site.
CONTACTING THE SALES DEPARTMENT
If you have any questions regarding selecting or purchasing the application, or extending your license, please phone the Sales Department in our Central Office in Moscow at:
+7 (495) 797-87-00, +7 (495) 645-79-39, +7 (495) 956-70-00
The service is provided in English or Russian.
Alternatively, you can forward your question to our Sales Department by email at sales@kaspersky.com.
CONTACTING THE TECHNICAL SUPPORT SERVICE
If you have encounter problems while using Kaspersky Security, first check if the solution to your problem can be found in this documentation, particularly in the section Frequently asked questions (see section «Frequently asked questions» on page 99).
If you cannot find the solution to your problem and you have already purchased the application, please contact Kaspersky Lab's Technical Support Service by phone or via the Internet.
Technical Support Service specialists will answer your questions regarding the installation and use of the application, and will assist you in neutralizing the consequences of malware activity if your computer has already become infected.
Before contacting the Technical Support Service, please read the Technical Support Terms and Conditions (http://support.kaspersky.com/support/rules).
Email request to the Technical Support Service (for registered users)
You can send your question to the Technical Support Service specialists by filling out a Helpdesk web form at (http://support.kaspersky.com/helpdesk.html).
You can send your question in Russian, English, German, French, or Spanish. To send an email request, you should specify in it your customer ID, received during registration at the Technical
Support Service web site, and your password.
You will receive a Technical Support service specialist's response to your emailed question, at the email address you have specified in your question and in your Personal Cabinet (https://support.kaspersky.com/en/PersonalCabinet).
Describe the problem you have encountered in the request web form in as much detail as possible. In the mandatory fields specify the following:
I N T R O D U C T I O N
13
Request type. Questions most frequently asked by users are grouped into special topics, for example "Product
installation/removal problem" or "Virus scan/removal problem". If you have not found an appropriate topic, select "General Question".
Application name and version number.
Request text. Please describe your problem with all necessary detail.
Customer ID and password. Enter the client number and the password which you received during registration
at the Technical Support service website.
E-mail address. The Technical Support service specialists will use this email address to reply to your request.
Technical support by phone
If you have an urgent problem, you can always call the Technical Support Service in your city. While asking for English (http://support.kaspersky.com/support/support_local) or international (http://support.kaspersky.com/support/international) technical support, please remember to provide the necessary information (http://support.kaspersky.com/support/details). This will help our specialists assist you with maximum efficiency.
DISCUSSION OF KASPERSKY LAB APPLICATIONS ON THE WEB
FORUM
If your question does not require an urgent answer, you can discuss it with Kaspersky Lab's specialists and other users in our forum located at http://forum.kaspersky.com.
In this forum you can view existing topics, leave your comments, create new topics, and use the search engine.
For example, you can discuss strategies for using the application in a corporate context, or configuration options.
14
IN THIS SECTION
Microsoft Exchange Server 2007 roles and corresponding anti-virus configurations ...................................................... 14
Security Server architecture ............................................................................................................................................ 15
Server protection deployment .......................................................................................................................................... 15
Server protection system maintenance ........................................................................................................................... 16
Application operation on a cluster of servers ................................................................................................................... 16
OPERATION OF THE APPLICATION
Kaspersky Security scans and, if possible, disinfects all incoming and outgoing email messages, as well as messages stored on the server. The application analyzes the message body and attached files in any format.
The detection of malicious programs is based on records contained in Kaspersky Security's databases. These databases are regularly updated by Kaspersky Lab, and uploaded to Kaspersky Lab's update servers. Additionally, the application uses a special analysis facility called a heuristic analyzer which can detect previously unknown viruses.
The application scans objects received by the server in real time. The user cannot open and view a new message before it is scanned.
The application processes each object using the rules specified by the administrator for each type of object. For instance, an infected object can be disinfected, deleted, or replaced by a notification text. The administrator may also specify that the application will deliver messages to the user containing infected objects, although it will change the object name (by adding information about the virus) and the object extension.
Prior to modifying an object, the application can save a copy of it in a special backup location to allow subsequent restoration, or for forwarding to Kaspersky Lab for analysis.
The application sends notifications about events as they occur to the anti-virus security administrator, the recipient, and the sender of the infected message, and also places a record of the event in the application log file and in the Microsoft Windows event log.
If the virus outbreak detection facility is enabled, the application will register the virus activity level, and will automatically take emergency measures to prevent the outbreak. It can also send notifications about the threat of a virus outbreak, or record the event in the Microsoft Windows event log and the Kaspersky Security application log files.
MICROSOFT EXCHANGE SERVER 2007 ROLES AND
CORRESPONDING ANTI-VIRUS CONFIGURATIONS
Successful operation of Kaspersky Security requires that the protected Microsoft Exchange Server 2007 should be deployed at least in one of the following roles:
Mailbox.
Hub Transport.
Edge Transport.
If Microsoft Exchange Server is deployed as a Mailbox, Kaspersky Security interacts with it using the VSAPI 2.6 standard. In other cases the Transport Agents technology is used. Please note that in the Hub Transport role, objects are first scanned by Kaspersky Security and then processed by Microsoft Exchange Transport Agents. In the Edge
O P E R A T I O N O F T H E A P P L I C A T I O N
15
Transport role, the procedure is reversed - the objects are first processed by Microsoft Exchange Transport Agents and then by Kaspersky Security.
To avoid object rescanning on each role, check the Optimize performance (see the section «Configuring anti-virus protection performance» on page 53).
SECURITY SERVER ARCHITECTURE
The server component of the application, the Security Server, consists of the following main subsystems:
The E-mail Interceptor intercepts objects arriving at the Microsoft Exchange Server and forwards them to the
anti-virus scan subsystem. It is integrated into the Microsoft Exchange Server processes using either VSAPI 2.6 or Transport Agents, according to the configuration selected during Microsoft Exchange Server deployment (see section «Microsoft Exchange Server 2007 roles and corresponding anti-virus configurations» on page 14).
The Anti-Virus performs anti-virus scans of objects. This component includes several processes, with one anti-
virus kernel per process. The anti-virus scan subsystem also includes storage for temporary objects while scanning objects in RAM. The storage is located in the working folder Store in the installation folder, and must be excluded from the scan scope of any anti-virus applications installed in the corporate network.
The Internal Application Management and Integrity Control Module is launched in a separate process and is
a Microsoft Windows service. The service is called Kaspersky Security 6.0 for Microsoft Exchange Server 2007, and is launched automatically when either the first message is being transferred, when the Management Console attempts to connect to the Security Server and after the initial configuration wizard has completed. This service does not depend on the state of the Microsoft Exchange Server (that is, whether it is started or stopped), so that he application can be configured even if the Microsoft Exchange Server is stopped. For correct operation of the application, the Internal Application Management Module must always be running; stopping this service manually is not recommended.
SERVER PROTECTION DEPLOYMENT
To create a system using Kaspersky Security to protect email servers against malicious software:
1. Install the Security Server component on all protected Microsoft Exchange servers. The installation must be performed from the distribution kit individually for each server.
Management console is installed together with Security server. It provides centralized access to all Security servers of Kaspersky Security from the single administrator's workplace. If necessary, Management console can be installed separately on a computer, belonging to the enterprise network. If several administrators are working jointly, the Management Console can be installed on each administrator's computer.
2. Create a list of managed servers (see section «Creating the list of managed servers» on page 29).
3. Connect the Management Console to the servers (see section «Connecting the Management Console to the server» on page 30).
4. Configure the anti-virus protection system for each server:
Configure the anti-virus update settings (see section «Updating the Kaspersky Security databases» on page
34).
Verify the correctness of the settings and of the application operation using the EICAR test "virus" (see
section «Checking application functioning» on page 32).
Configure the notification system which issues notifications about registered events during the application's
operation (see section «Notifications» on page 66).
Configure the event logs (see section «Editing log settings» on page 92).
Edit the report parameters (see section «Generating reports» on page 81).
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 2 0 0 7
16
The anti-virus protection of the server will be enabled automatically when Microsoft Exchange Server is started.
The procedure for installing Kaspersky Security on a cluster of servers differs from the usual procedure in that:
Before installation of Kaspersky Security is completed on all cluster nodes, the clustered mailbox
servers (CMS) must not be moved between different cluster nodes.
In the course of installation of Kaspersky Security to all cluster nodes, all installation folders must
have the same location.
The user under whose account installation is performed, should have write permissions to the Active
Directory configuration.
The Data Migration Wizard is installed on a cluster of servers, but does not allow migration of the application data.
Edit the settings for detecting virus outbreaks and sending corresponding notifications (see section
«Preventing Virus outbreaks» on page 73).
SERVER PROTECTION SYSTEM MAINTENANCE
Keeping the server protection system up-to-date involves:
periodic updating of the anti-virus databases;
receiving and processing notifications about the detection of objects containing malware, and about threats of
virus outbreaks;
regular review of reports about the application’s operation, and about the state of mail server anti-virus
protection;
processing and cleaning backup storage.
APPLICATION OPERATION ON A CLUSTER OF SERVERS
Kaspersky Security 6.0 for Microsoft Exchange Server 2007 supports the following types of clusters:
single copy cluster (SCC);
cluster continuous replication (CCR).
The application automatically identifies the server cluster during installation. This means that the order in which the application is installed to different cluster nodes does not matter.
After installation to a cluster of servers, all application settings are stored in the Active Directory, and all cluster nodes use those parameters. However, parameters which refer to the physical server are set for each cluster node manually. These parameters are edited in the Anti-virus protection window on the Performance tab (see section «Configuring anti-virus protection performance» on page 53).
Kaspersky Security automatically defines active cluster nodes, and applies the Active Directory settings to them. When a cluster node moves from active to passive mode, a notification about disconnection from the server will appear (the notification will appear only if the Management Console is open and connected to the server).
The scan results for each cluster node will be displayed only for those messages which were forwarded by the Microsoft Exchange virtual server to this cluster node. The scan results include:
O P E R A T I O N O F T H E A P P L I C A T I O N
17
the backup storage content;
information presented in reports;
the set of events registered in the application log.
the values of the virus outbreak counters.
The procedure for uninstalling Kaspersky Security from a cluster of servers differs from the usual procedure in that:
Clustered mailbox servers (CMS) must not be moved between nodes before application removal is completed.
In the process of uninstalling the application from the active cluster node, the cluster resource of the Microsoft
Exchange Information Store, and all resources of the Microsoft Exchange Database Instance which depend upon it, are stopped. Once the removal procedure is complete, the original status of these services will be automatically restored.
18
To install, update and remove Kaspersky Security, the user must have local administrator's rights on the server. To use Microsoft Windows Vista and Microsoft Windows Server 2008 with the User Account Control function (UAC) enabled, the user must have extended local administrator's rights.
IN THIS SECTION
Application installation ..................................................................................................................................................... 18
Initial Configuration Wizard .............................................................................................................................................. 21
Modification of the Security Server settings ..................................................................................................................... 24
Removing the application ................................................................................................................................................ 25
Information about installing Kaspersky Security on a cluster of servers can be found in the corresponding section (see section «Application operation on a cluster of servers» on page 16).
INSTALLING, UPDATING AND REMOVING THE APPLICATION
Before starting installation of the application, make sure that your computer’s software and hardware meet the
requirements (see section «Hardware system requirements» on page 9 and section «Software system requirements» on
page 9).
APPLICATION INSTALLATION
The application installation program is designed similarly to the standard Microsoft Windows Setup Wizard, which will guide you through the steps, and which can be navigated using the Back and Next buttons. The setup wizard will complete its work after the Finish button is clicked. The Cancel button can be used at any time to exit the wizard.
The setup wizard will allow you to install some or all of Kaspersky Security’s program components, including interceptors
for the different Microsoft Exchange Server roles, and the Management Console. The installed interceptors together comprise the Security Server. This configuration is recommended while initial creating the Exchange server’s anti-virus protection system. You can select either complete or custom installation of the application, or to repair an existing Kaspersky Security installation.
After the Management Console is installed, a group Kaspersky Security 6.0 for Microsoft Exchange Server 2007 and an application icon will appear in the Run/Programs menu in your computer.
The Security Server will be installed on your computer as a service, with the following attributes:
name – Kaspersky Security 6.0 for Microsoft Exchange Server 2007;
startup type - manual;
account - Local system.
The Security Server’s properties can be viewed using standard Microsoft Windows administration tools. Information about the operation of the Security Server is registered in the Microsoft Windows event log on the computer on which the Security Server is installed.
I N S T A L L I N G , U P D A T I N G A N D R E M O V I N G T H E A P P L I C A T I O N
19
The procedure used to install the application from the distribution kit downloaded from the Internet is identical to the procedure used to install the application from the installation CD.
FIRST-TIME INSTALLATION
To install Kaspersky Security on your computer, run the executable file on the installation CD included in the distribution package. There follows a detailed discussion of each step of the application installation.
STEP 1. GREETING AND LICENSE AGREEMENT
The installation process begins with a greeting window, followed by a window containing the License Agreement.
Please, read the License Agreement carefully, and accept the terms and conditions contained therein to proceed with the installation.
STEP 2. SELECTING THE TYPE OF THE INSTALLATION
During this step you must choose the type of installation. You can choose either Typical or Custom installation. Custom installation allows you to select the specific components you want to install.
STEP 3. SELECTING APPLICATION COMPONENTS TO BE INSTALLED
If you selected custom installation in the previous step, you must specify which application components will be installed on your computer in the dialog box shown (see figure below).
Figure 1: Selecting components for the installation
The set of components available for installation will differ depending on whether Microsoft Exchange Server 2007 is installed, and how it is configured.
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
20
If Microsoft Exchange Server 2007 is deployed as both Mailbox and Hub Transport, the following components will be available for installation:
Interceptor for Mailbox role.
Interceptor for transport configurations.
Management Console.
If Microsoft Exchange Server 2007 is deployed as Edge Transport or Hub Transport only, the following components will be available for installation:
Interceptor for transport configurations.
Management Console.
If Microsoft Exchange Server 2007 is deployed as a Mailbox only, the following components will be available for installation:
Interceptor for Mailbox role.
Management Console.
In all other cases, only the Management Console is available for installation.
Select the components to be installed.
The full name for the default installation folder is displayed in the lower part of the window. To change the installation folder, click the Browse button and specify another folder.
Using the Reset button, you can undo any changes, and return to the default settings.
Clicking on the Disk Usage button opens a dialog box showing the free disk space on local drives, and the disk space required to install the selected components.
STEP 4. ENABLING SERVER PROTECTION
If you selected at least one interceptor in the previous step, you can choose to enable automatic anti-virus server protection immediately after the wizard completes. Alternatively, you can do it later manually using the Management
Console (see section «Starting the application» on page 26).
If the application’s default parameter values (see section «Mail server protection without additional configuration » on
page 31) meet your requirements, check the Enable anti-virus protection immediately after application installation box.
By default, all mailbox storage areas and public folders on the server will be selected as protected storage areas. If the maximum number of protected email boxes quoted by your license is less than the number of storage areas created on the server, some of the mailboxes should be moved to unprotected storage areas before protection is enabled (see section «Unprotected storage areas» on page 97).
If you wish to edit the default settings, disable automatic activation of anti-virus protection.
STEP 5. RESTARTING MICROSOFT EXCHANGE SERVER SERVICES
If earlier in the installation you selected the installation of at least one interceptor, during this step you will see a notification about restarting the Microsoft Exchange Transport service and the Microsoft Exchange Information Store. During the installation procedure these services will be automatically stopped, and then restarted.
I N S T A L L I N G , U P D A T I N G A N D R E M O V I N G T H E A P P L I C A T I O N
21
Email messages will not be scanned for the presence of malicious objects and database updates will not be available, before the license is installed.
The Initial Configuration Wizard will be launched immediately after application installation is complete (see section «Initial Configuration Wizard» on page 21).
All parameters will return to the default settings when the application is repaired!
STEP 6. ADDITIONAL INFORMATION ABOUT THE APPLICATION
This step displays information about using third-party anti-virus software with this application. Press the Next button to continue.
STEP 7. COPYING FILES
To proceed with the installation, press the Install button in the wizard window. This will start the process of copying the application files to your computer.
STEP 8. INSTALLING THE LICENSE AND COMPLETING THE SETUP
After the installation is complete, the license installation window will appear.
The license is a file in special format which confirms your right to use the application. The license contains all service information required for the full-featured functionality of the application, and reference data for the user, namely:
support information (who is providing support and how you can get help);
restriction on the number of mail boxes which can be protected;
the license name, number, and expiration date.
You must install the key to ensure the application’s full functionality. To do this, press the Add button and select the key file in the standard Microsoft Windows file selection window.
If, at the time of application installation, you do not have a key (for example, you ordered it from Kaspersky Lab via the Internet but have not received it yet), you can install it later using the Management Console when you run the application for the first time.
REINSTALLING THE APPLICATION
Reinstallation of Kaspersky Security may be required if the initial installation of the application was cancelled or incorrect, or if during program operation the integrity of executable files was compromised.
To reinstall the application, run the executable file from the distribution package and select the Restore option in the wizard window that will open. This will reinstall Kaspersky Security using the same set of installation components as in the previous installation.
INITIAL CONFIGURATION WIZARD
The Initial Configuration Wizard starts immediately after application installation. It allows modification of the basic notification parameters and the connection settings required for application updates.
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
22
The Initial Configuration Wizard only starts up after installation of the Security Server.
The first wizard window contains a brief introduction to the application. Press the Next button to begin configuring the application.
Use the Notifications settings (see figure below) to specify:
The address of the web service that will be used to send notifications. By default, in the Microsoft Exchange
Server it is the following address:
https://<client_access_server>/ews/exchange.asmx
The name and password of the account that will be used to send notifications. The user must have a mailbox on
the Microsoft Exchange Organization, and be able to access it via Outlook Web Access (OWA).
The email address(es) to which the application will send any notifications not related to detection of dangerous
objects.
Figure 2: Initial Configuration Wizard. Configuring notification settings.
You can modify these settings later in the General settings window on the Notifications tab (see section «Customizing general notification settings» on page 71). To continue, press the Next button.
In the Updater settings window (see the figure below) the Enable hourly updating (recommended) box is checked by default. If you wish to disable hourly updates, uncheck this box.
If you connect to the Internet using a proxy server, define its address and port and the user authentication parameters, if necessary.
I N S T A L L I N G , U P D A T I N G A N D R E M O V I N G T H E A P P L I C A T I O N
23
You can modify these settings later in the Update window, on the Connection settings tab (see section «Editing the connection settings» on page 38). To continue, press the Next button.
Figure 3: Initial Configuration Wizard. Configuring the update settings
Press the Finish button in the last wizard window. The application will start using the specified settings.
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 2007
24
If the disk on which the application data folder is located has insufficient free space, the application’s performance may be impaired. In particular, message scanning and delivery may be stopped.
The migration wizard does not work on a cluster of servers (see section «Application operation on a cluster of servers» on page 16).
MODIFICATION OF THE SECURITY SERVER SETTINGS
By default, the folder containing the Security Server data (quarantine, log files, reports, statistics) is located within the destination folder specified during the application installation on the server. The folder paths can be found in the Folders tab of the General settings window (see figure below).
Figure 4: Destination folder and the application data folder
If you specify an alternative path for the application data folder, the data will be moved to that folder. To do this, select the
Kaspersky Security 6.0 for Microsoft Exchange Server 2007 program group in the Programs menu, and choose Data Migration Wizard.
The wizard will display a warning message that Kaspersky Security, and some Microsoft Exchange 2007 services, will have to be stopped. You will be offered to specify the new application data folder, which must be an empty folder on a local hard drive, and cannot be a subfolder of the current folder. The hard drive should provide enough disk space for the backup storage (the default size of this folder is up to 1024 MB) and other service folders.
I N S T A L L I N G , U P D A T I N G A N D R E M O V I N G T H E A P P L I C A T I O N
25
Information about removing the application from a cluster of servers can be viewed in the correspondent section (see section «Application operation on a cluster of servers» on page 16).
REMOVING THE APPLICATION
You can remove the application from your computer using the standard Windows Add/Remove Programs tool, or using the application distribution kit. This will remove all installed components (i.e. both the Security Server and the Management Console) from your computer.
26
IN THIS SECTION
Starting the application .................................................................................................................................................... 26
Application interface ........................................................................................................................................................ 26
Creating the list of managed servers ............................................................................................................................... 29
Connecting the Management Console to the server ....................................................................................................... 30
Minimum required configuration ...................................................................................................................................... 31
Mail server protection without additional configuration .................................................................................................... 31
Checking application functioning ..................................................................................................................................... 32
GETTING STARTED
This chapter contains the necessary information about starting the components of Kaspersky Security and the Management Console interface.
STARTING THE APPLICATION
The application’s server component is started automatically when Microsoft Exchange Server loads. If anti-virus protection of the server is enabled, it will start immediately after the Microsoft Exchange Server is launched.
The application’s operation can be controlled from the administrator's workstation, through Management Console.
To start Management Console,
select the Management Console item in the program group menu Kaspersky Security 6.0 for Microsoft Exchange Server 2007, from the standard Start / Programs Microsoft Windows menu.
APPLICATION INTERFACE
The user interface of the application is provided by the Microsoft Management Console (MMC) component. The Management Console is a dedicated isolated facility integrated into MMC.
G E T T I N G S T A R T E D
27
MAIN WINDOW
The main Management Console window (see figure below) contains a menu, a toolbar, a view pane and a results pane. The menu provides management functions for files and windows, as well as access to the help system. The buttons on the toolbar allow direct access to some frequently accessed items of the main menu. The view pane displays the Kaspersky Security 6.0 for Microsoft Exchange Server 2007 namespace in the form of a console tree, while the results pane lists the elements of the selected object in the console tree.
Figure 5: Main application window
The Kaspersky Security 6.0 for Microsoft Exchange Server 2007 namespace will contain a node for each of the servers managed via the console. The namespace does not contain any elements immediately after the installation of the Management Console.
A newly added (see section «Creating the list of managed servers» on page 29) server will appear in the console tree as a <Server name> node. When the server is selected in the console tree (see figure above) the results pane will display hyperlinks which can be used to control and configure the application on that server.
General settings - used for viewing general application settings, including license details and information about
the licenses and installed key files, and for actions including renewing the license, configuring the application operation diagnostics, and also editing the server settings related to sending notifications.
Anti-virus protection - used for viewing and editing the settings for managed server anti-virus protection.
Update - used to edit the settings for the Kaspersky Security database update service, to set up an automatic
update schedule and to update the databases manually.
The <Server name> node will include nested folders, each of which is used for managing a particular function of the application:
Notification templates - for configuring notifications about infected or suspicious objects detected during an
anti-virus scan.
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
28
OBJECT
COMMAND
PURPOSE
Kaspersky Security 6.0 for Microsoft Exchange Server 2007
Add server
Add a new Exchange server with Security Server installed to the list of servers managed via the console.
<Server name>
Disconnect from server
Disconnect an Exchange server with Security server installed from the Management Console.
Connect to server
Connect an Exchange server with Security server installed to the Management Console.
Delete
Remove an Exchange server from the list of servers that have their Security servers managed via the Management Console.
Notification templates
New notification
Create and configure a new notification template.
Backup storage
New filter
Create and configure a new filter used to search for objects in backup storage.
Properties
Edit the general settings for backup storage.
Reports
New task
Creating a new task of report generation.
Properties
Configuring the statistics parameters.
Reaction rules for threatening events - for specifying criteria used to identify virus outbreaks, editing settings
for related notifications, and specifying the application's automatic responses.
Backup - for working with the backup storage of objects; includes the list of objects currently stored.
Reports - for managing reports, through a list of templates used to create reports about application operation
and about email traffic scanned by the application.
CONTEXT MENU
Each category of objects in the console tree has its own context menu, which opens by right-clicking on the object.
In addition to the standard Microsoft Management Console (MMC) commands, this context menu contains commands used for handling particular objects. The list of objects and the corresponding set of commands which are accessible via the context menu are provided in the table below.
Table 1. Context menu commands
Additional context menu commands are provided for:
notification templates;
virus outbreak detection rules;
backup copy storage objects;
report generation tasks.
The Enable command allows you to enable creation of notifications for objects in the Notification templates folder based on a template. You can disable notification creation, using the Disable command.
You can enable the virus outbreaks detection rule in the Reaction rules for threatening events folder, using the Enable command. You can disable notification creation, using the Disable command.
G E T T I N G S T A R T E D
29
The Save to disk command allows you to obtain the original copy of an object from the Backup folder that was saved before processing by the application. Additionally, the Send file for analysis command is available for objects with the status suspicious, which sends an object from backup storage for analysis to Kaspersky Lab's specialists.
A report for the selected task is created for objects in the Reports folder using the Create report command, which can be opened using the View report command.
CREATING THE LIST OF MANAGED SERVERS
To control the application via the console, the Microsoft Exchange server on which the Security Server component is installed must be added to the list of managed servers. You can add either the local computer or any Exchange server within the network to this list. A connection between the Management Console and the Kaspersky Security application can also be established immediately after adding a server.
To add a server to the list of managed servers:
1. Select the Kaspersky Security 6.0 for Microsoft Exchange Server 2007 node in the console tree, and select the Add server command from the context menu or the Action menu. This will open the Connection window (see figure below).
2. Specify the computer on which the Security Server component is installed. If the server component is installed on the same computer as the Management Console, select Local computer (localhost). To add an Exchange server from the computers installed in the network, select Other computer and specify the computer name in the entry field. You can enter the name manually, by specifying one of the following:
IP address;
fully-qualified domain name (FQDN) in the format <Computer name>.<DNS-domain name>;
the computer name in the Microsoft Windows network (NetBIOS name);
or select the computer using the Browse button.
K A S P E R S K Y S E C U R I T Y 6.0 F O R M I C R O S O F T EX C H A N G E S E R V E R 20 0 7
30
When the application is connecting the Management Console to the Security Server, this name will be used to establish the connection.
The connection is established using the DCOM protocol.
The server you select must have the Security Server component installed.
The connection is established using the current account.
Figure 6: Connect to server window
As a result, the selected server will be displayed as a <Server name> node in the console tree. The local computer is displayed as localhost. The node structure will include the following nested folders: Notification templates, Reaction rules for threatening events, Backup and Reports. If the connection has not been established, or could not be established, you can connect to the server manually (see section «Connecting the Management Console to the server» on page 30).
To remove a server from the list of managed servers,
in the console tree, select the node that corresponds to the server you wish to remove. Open the context menu, and select the Delete command from the console tree, or use the corresponding item from the Action menu.
As a result, the selected node will be removed from the console tree.
CONNECTING THE MANAGEMENT CONSOLE TO THE
SERVER
To configure and manage Kaspersky Security using the Management Console, you must connect to the Security Server component installed on the Microsoft Exchange server. The application will then receive information from the server and display it in the console tree.
Loading...
+ 85 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use