Kaspersky SECURITY 8.0 User Manual

Kaspersky Security 8.0 for Microsoft Exchange Servers
Administrator’s Guide
PROGRAMM VERSION: 8.0
2
Dear User!
Thank you for choosing our product. We hope that this document will help you in your work and provide answers to the majority of your questions.
Warning! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability by applicable law.
Any type of reproduction or distribution of any materials, including in translated form, is allowed only with the written permission of Kaspersky Lab.
This document and the graphic images it contains may be used exclusively for information, non-commercial or personal purposes.
This document may be amended without additional notification. For the latest version, please refer to Kaspersky Lab’s web site at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance or accuracy of any materials used in this document for which the rights are held by third parties, or for the potential damages associated with using such documents.
The document contains registered trademarks and service marks belonging to their respective owners.
Revision date: 22.09.2010
© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
http://www.kaspersky.com
http://support.kaspersky.com/
3
TABLE OF CONTENTS
ABOUT THIS GUIDE ..................................................................................................................................................... 6
In this document ....................................................................................................................................................... 6
Document conventions ............................................................................................................................................. 7
ADDITIONAL SOURCES OF INFORMATION ............................................................................................................... 9
Data sources for independent search ....................................................................................................................... 9
Discussing Kaspersky Lab applications on the web forum ................................................................ ..................... 10
Contacting the Technical documentation development group ................................................................................ 10
KASPERSKY SECURITY 8.0 FOR MICROSOFT EXCHANGE SERVER 2007 .......................................................... 11
Basic functionality ................................................................................................................................................... 11
Distribution Kit ........................................................................................................................................................ 12
Services for registered users .................................................................................................................................. 12
License agreement ................................................................................................................................................. 12
Hardware and software requirements ..................................................................................................................... 13
APPLICATION ARCHITECTURE ................................................................................................................................ 14
Application components and their purpose ............................................................................................................. 14
Security Server architecture ................................................................................................................................... 14
TYPICAL DEPLOYMENT SCHEMES .......................................................................................................................... 16
Microsoft Exchange Server roles and corresponding configurations ...................................................................... 16
Server protection deployment ................................................................................................................................. 16
Application deployment on a server cluster ............................................................................................................ 17
APPLICATION SETUP................................................................................................................................................. 18
Preparing installation .............................................................................................................................................. 18
Upgrading an earlier version ................................................................................................................................... 19
Application setup procedure ................................................................................................................................... 19
Step 1. Installing the required components ....................................................................................................... 19
Step 2. Greeting and License Agreement ......................................................................................................... 20
Step 3. Selecting the type of the installation ..................................................................................................... 20
Step 4. Selecting the application components .................................................................................................. 20
Step 5. Configuring connection to Microsoft SQL Server .................................................................................. 21
Step 6. Copying files ......................................................................................................................................... 21
Getting started. Application configuration wizard .................................................................................................... 22
Configuring updates .......................................................................................................................................... 22
Installing a license key ...................................................................................................................................... 22
Notification settings ........................................................................................................................................... 23
Configuring server protection ............................................................................................................................ 23
Testing the application functionality .................................................................................................................. 23
Restoring the application ................................................................ ................................................................ ........ 25
Removing the application ....................................................................................................................................... 25
MANAGING KASPERSKY SECURITY LICENSES ..................................................................................................... 27
Viewing information about installed licenses .......................................................................................................... 28
Installing a license key ............................................................................................................................................ 29
Removing a license key .......................................................................................................................................... 29
Notification about license expiry ............................................................................................................................. 29
A D M I N I S T R A T O R ' S G U I D E
4
Creating the list of protected mailboxes and storages ............................................................................................ 30
APPLICATION INTERFACE ........................................................................................................................................ 31
Main window ........................................................................................................................................................... 31
Context menu ......................................................................................................................................................... 33
APPLICATION START AND STOP ............................................................................................................................. 34
DEFAULT MICROSOFT EXCHANGE SERVER PROTECTION STATUS .................................................................. 36
GETTING STARTED.................................................................................................................................................... 37
Starting: Administration Console ............................................................................................................................ 37
Creating the list of protected Microsoft Exchange servers ...................................................................................... 37
Connecting the Administration Console to the Security Server .............................................................................. 39
UPDATING THE ANTI-VIRUS AND ANTI-SPAM DATABASES .................................................................................. 40
Manual update ........................................................................................................................................................ 41
Automatic database updating ................................................................................................................................. 42
Selecting the updates source ................................................................................................................................. 43
Editing the connection settings ............................................................................................................................... 43
ANTI-VIRUS PROTECTION ........................................................................................................................................ 44
Enabling and disabling anti-virus server protection ................................................................................................ 45
Creating rules for object processing ....................................................................................................................... 46
Scanning attached archives and containers ........................................................................................................... 47
Creating scanning exclusions ................................................................................................................................. 47
Configuring protection settings for mail accounts ................................................................................................... 48
Background scan .................................................................................................................................................... 48
ANTI-SPAM PROTECTION ......................................................................................................................................... 50
Configuring the anti-spam analysis ......................................................................................................................... 52
Creating the black and white lists of senders.......................................................................................................... 52
Advanced Anti-Spam configuration ........................................................................................................................ 54
Using external services for spam processing ......................................................................................................... 55
Using additional Anti-Spam functionality ................................................................................................................ 56
BACKUP STORAGE .................................................................................................................................................... 58
Viewing the Backup storage ................................................................................................................................... 59
Viewing properties of a Backed-up object............................................................................................................... 61
Filtering of Backup .................................................................................................................................................. 62
Restoring objects from the Backup ......................................................................................................................... 63
Sending objects for analysis ................................................................................................................................... 63
Deleting objects from Backup. ................................................................................................................................ 64
Configuring the Backup storage settings ................................................................................................................ 64
NOTIFICATIONS ......................................................................................................................................................... 65
Configuring notification settings. ............................................................................................................................. 65
Configuring notification delivery settings. ............................................................................................................... 66
REPORTS .................................................................................................................................................................... 67
Configuring Quick reports settings .......................................................................................................................... 67
Configuring Anti-Virus reports settings ................................................................................................................... 68
Configuring Anti-Spam reports settings .................................................................................................................. 69
View the Ready reports .......................................................................................................................................... 69
Delivery of reports via e-mail .................................................................................................................................. 72
T ABLE O F C O N T E N T S
5
APPLICATION EVENT LOGS ...................................................................................................................................... 73
Configuring the diagnostics level ............................................................................................................................ 73
Configuration of the logs settings ........................................................................................................................... 74
FREQUENTLY ASKED QUESTIONS .......................................................................................................................... 75
CONTACTING THE TECHNICAL SUPPORT SERVICE ............................................................................................. 77
INFORMATION ABOUT THIRD-PARTY CODE .......................................................................................................... 78
Software code ......................................................................................................................................................... 78
BOOST 1.30.0, 1.36 ......................................................................................................................................... 79
BZIP2/LIBBZIP2 1.0.5 ...................................................................................................................................... 80
EXPAT 1.2, 2.0.1 .............................................................................................................................................. 80
FREEBSD LIBC 2.3-2.6 .................................................................................................................................... 80
GECKO SDK 1.8 ............................................................................................................................................... 81
ICU 4.0.1 ........................................................................................................................................................... 87
INFO-ZIP 5.51 .................................................................................................................................................. 87
LIBJPEG 6B ...................................................................................................................................................... 88
LIBNKFM 2.0.5 ................................................................................................................................................. 90
LIBPNG 1.2.29 .................................................................................................................................................. 90
LIBSPF2 1.2.9 ................................................................................................................................................... 90
LIBUNGIF 3.0 ................................................................................................................................................... 90
LIBXDR ............................................................................................................................................................. 91
LOKI 0.1.3 ......................................................................................................................................................... 91
LZMA SDK 4.43 ................................................................................................................................................ 92
MICROSOFT ENTERPRISE LIBRARY 4.1 ...................................................................................................... 92
MICROSOFT VISUAL STUDIO 2008 (MSVCP80.DLL, MSVCR80.DLL) ......................................................... 92
OPENSSL 0.9.8D ............................................................................................................................................. 92
PCRE 7.4, 7.7 ................................................................................................................................................... 95
RFC1321-BASED (RSA-FREE) MD5 LIBRARY ............................................................................................... 96
SPRING.NET 1.2.0 ........................................................................................................................................... 96
SQLITE 3.6.18 .................................................................................................................................................. 98
WPF TOOLKIT 3.5.40128.1 .............................................................................................................................. 99
ZLIB 1.2, 1.2.3 .................................................................................................................................................. 99
Other information .................................................................................................................................................... 99
GLOSSARY ............................................................................................................................................................... 100
KASPERSKY LAB ...................................................................................................................................................... 104
KASPERSKY LAB END USER LICENSE AGREEMENT .......................................................................................... 105
INDEX ........................................................................................................................................................................ 110
6
ABOUT THIS GUIDE
IN THIS SECTION
In this document ................................................................................................................................................................ 6
Document conventions ...................................................................................................................................................... 7
Greetings from the team of Kaspersky Lab CJSC (hereinafter referred to as Kaspersky Lab)! We hope that this Administrator's Guide will help you understand basic working principles of Kaspersky Security 8.0 for Microsoft Exchange Servers (hereinafter referred to as KS 8.0 for Exchange Servers or Kaspersky Security). The document is intended for administrators of mail servers using Microsoft Exchange Server 2007 or 2010 (further - Microsoft Exchange Server), who have chosen Kaspersky Security as the protection solution for the mail servers.
The aim of the document:
assist Microsoft Exchange Server administrators in installing the application components on server, activating
the server protection and ensuring its optimal configuration considering the current tasks;
provide quickly searchable information about installation-related issues;
provide alternate sources of information about the application and the ways of getting technical support.
IN THIS DOCUMENT
Administrator's Guide for Kaspersky Security 8.0 for Microsoft Exchange Servers consists of the following chapters:
About this Guide. The chapter outlines the structure of this Administrator's Guide.
Additional sources of information (on page 9). The section describes various sources of information pertaining to
the purchase, installation and operation of Kaspersky Security.
Kaspersky Security 8.0 for Microsoft Exchange Servers (on page 11). The chapter describes the main features
of the application.
Application architecture (on page 14). The chapter describes the application components and methods of their
interaction.
Typical deployment schemes (on page 16). The chapter describes the roles of a Microsoft Exchange server and
the schemes for deployment of server protection.
Application setup (on page 18). The chapter details the procedure of Kaspersky Security installation.
License management (see section "Managing Kaspersky Security licenses" on page 27). The chapter describes
the types of licenses and the procedure of license installation and removal.
Application interface (on page 31). The chapter describes the user interface of Kaspersky Security.
Application start and stop (on page 34). The chapter explains how to start and stop the application.
Default protection of Microsoft Exchange Server (on page 36). The chapter describes the peculiarities of
Kaspersky Security operation using the default settings.
Getting started (on page 37). The chapter explains how to begin using Kaspersky Security, enable the mail
server protection and create the list of protected servers.
A B O U T T H I S G U I D E
7
SAMPLE TEXT
DOCUMENT CONVENTIONS DESCRIPTION
Please note that...
Warnings are highlighted in red and framed. Warnings contain important information, for example, related to the actions which are critical for the computer security.
It is recommended to use...
Notes are framed. Notes contain additional and reference information.
Example:
...
Examples are given in sections with the yellow background under the header "Example".
Updating the Anti-Virus and Anti-Spam databases (on page 40). The chapter describes configuring of the
update settings for the databases of Kaspersky Security.
Anti-virus protection (on page 44). The chapter is devoted to the configuration of anti-virus protection of mail
servers.
Anti-Spam protection (on page 50). The chapter describes the opportunities for anti-spam protection of mail
servers.
Backup (on page 58). The chapter explains the Backup functionality, the methods used to restore objects from
Backup as well as Backup configuration.
Notifications (on page 65). The chapter describes the methods used to receive notifications about the events
occurring in Kaspersky Security.
Reports (on page 67). The chapter contains information on creation of reports, their reviewing and delivery via
e-mail.
Event logs (see section "Application event logs" on page 73). The chapter describes configuration of the
settings for reporting of the Anti-Virus and Anti-Spam activity, and other Kaspersky Security events.
Frequently asked questions (on page 75). The chapter is devoted to the questions that users ask most often.
Contacting the technical support service (on page 77). The chapter describes available technical support
options for the application users.
Glossary. This section contains the list of terms used in the program and their definitions.
Kaspersky lab (on page 104). The chapter contains a brief description of the company.
Information about third-party code (on page 78). The chapter contains information about software code and
tools of other vendors used in the application development.
DOCUMENT CONVENTIONS
Document conventions described in the table below are used in this Document.
Table 1. Document conventions
A D M I N I S T R A T O R ' S G U I D E
8
SAMPLE TEXT
DOCUMENT CONVENTIONS DESCRIPTION
Update is...
New terms are printed in italics.
ALT+F4
Names of the keyboard keys are capitalized and printed in bold type. Names of the keys linked with the "plus" sign mean key combinations.
Enable
UI elements, for example, names of entry fields, menu options, buttons are in bold.
To configure a task schedule,
perform the following steps:
Introductory phrase on an instruction is printed in italics.
help
Commands entered in the command line, or messages displayed on the screen are highlighted with special font.
<IP address of your computer>
The variables are put in angle brackets. You should replace a variable with the corresponding value in each case; angle brackets are omitted.
9
ADDITIONAL SOURCES OF INFORMATION
IN THIS SECTION
Data sources for independent search ............................................................................................................................... 9
Discussing Kaspersky Lab applications on the web forum .............................................................................................. 10
Contacting the Technical documentation development group ......................................................................................... 10
If you have any questions regarding selection, purchasing, installing or using Kaspersky Security, you can quickly find relevant answers.
Kaspersky Lab provides various sources of information about the application. You can select the most convenient source, depending on the urgency or importance of your question.
DATA SOURCES FOR INDEPENDENT SEARCH
You may refer to the following sources of information about the application:
application page at Kaspersky Lab's web site;
application page at the Technical Support web site (in the Knowledge Base);
online help system;
documentation.
Application page at Kaspersky Lab's web site
http://www.kaspersky.com/business
On this page you can find general information about Kaspersky Security, its features and peculiarities.
Application page at the Technical Support web site (in the Knowledge Base)
http://support.kaspersky.com/exchange
This page contains articles published by the Technical Support experts.
These articles contain useful information, guidelines, and answers to frequently asked questions pertaining to the operation of Kaspersky Security.
Online help system
The online help system contains information on setting up the program components, as well as directions and recommendations on program management.
To access the online help system, select Help in the Actions menu of the Administration Console.
If you have a question about a certain window or tab in Kaspersky Security, you can use the context help. To open the context help, open the window or the tab that interests you, and press the F1 key.
A D M I N I S T R A T O R ' S G U I D E
10
Documentation
Administrator's Guide for Kaspersky Security contains complete information necessary for work with an application and is included in the application package.
DISCUSSING KASPERSKY LAB APPLICATIONS ON THE
WEB FORUM
If your question does not require an urgent answer, you can discuss it with Kaspersky Lab's specialists and other users in our forum located at http://forum.kaspersky.com.
In this forum you can view existing topics, leave your comments, create new topics, and use the search engine.
CONTACTING THE TECHNICAL DOCUMENTATION
DEVELOPMENT GROUP
If you have any questions regarding documentation, have found an error or if you would like to provide feedback, you can contact the Technical documentation development group.
Click the Leave feedback link in the top right part of the Help window to open the default email client on your computer. The displayed window will contain automatically substituted address of the documentation development group (docfeedback@kaspersky.com) and the message subject (Kaspersky Help Feedback: Kaspersky Security). Write your feedback and send the email without changing the subject.
11
KASPERSKY SECURITY 8.0 FOR
IN THIS SECTION
Basic functionality ........................................................................................................................................................... 11
Distribution Kit ................................................................................................................................................................. 12
Services for registered users ........................................................................................................................................... 12
License agreement .......................................................................................................................................................... 12
Hardware and software requirements ............................................................................................................................. 13
MICROSOFT EXCHANGE SERVER 2007
Kaspersky Security 8.0 for Microsoft Exchange Servers is an application designed for protection of mail servers based on Microsoft Exchange Server against viruses, Trojan software and other types of threats that may be transmitted via email.
Malware can cause serious damage; these programs are designed specifically to steal, block, modify or destroy data disrupting the operation of computers and computer networks. Massive virus mailing can quickly spread infection in corporate networks paralyzing both running servers and workstations and resulting in unwanted downtime and damages. Moreover, virus attacks may also cause data losses which can negatively affect your business and the business of your partners.
Kaspersky Security provides for anti-spam protection on the level of your corporate mail server saving your employees the trouble of deleting unwanted mail manually.
BASIC FUNCTIONALITY
Kaspersky Security protects mailboxes, public folders and relayed mail traffic passing a Microsoft Exchange Server against malware and spam. The application scans all email traffic passing through the protected Microsoft Exchange Server.
Kaspersky Security can perform the following operations:
Scan incoming, outgoing mail and the messages stored on a Microsoft Exchange Server (including public
folders) checking them for malware presence. While scanning, the application processes the whole message and all its attached objects. Depending upon the selected settings, the application disinfects, removes detected harmful objects and provides to users complete information about such accidents.
Filter mail traffic screening out unsolicited mail (spam). The Anti-Spam component scans mail traffic checking it
for spam content. In addition, Anti-Spam allows creation of white and black lists of sender addresses and supports flexible configuration of anti-spam analysis intensity.
Save backup copies of objects (attachments or message bodies) and spam messages prior to their disinfection
or deletion to enable subsequent restoration, if required, thus preventing the risk of data losses. Configurable filters allow easy location of individual stored objects.
Notifying the sender, the recipient and the system administrator about messages that contain malicious objects.
Maintain event logs, collect statistics and create regular reports on the application activity. The application can
create reports automatically according to the schedule or by request.
A D M I N I S T R A T O R ' S G U I D E
12
Configure the application settings to match the volume and type of relayed traffic, in particular, define the
connection timeout to optimize scanning.
Update the databases of Kaspersky Security automatically or in manual mode. Updates can be downloaded
from the FTP or HTTP servers of Kaspersky Lab, from a local / network folder that contains the latest set of updates, or from user-defined FTP or HTTP servers.
Re-scanning messages for the presence of new viruses, using a schedule. This task is performed as a
background scan, and has only a small effect on the mail server’s performance.
Manage anti-virus protection on the storage level and create the list of protected storages.
Managing licenses. A license is provided for a certain number of mailboxes, not user accounts.
DISTRIBUTION KIT
You can purchase Kaspersky Security from our partners, or purchase it online from Internet shops, such as the eStore section of http://www.kaspersky.com. Kaspersky Security is supplied as a part of Kaspersky Security for Mail Server (http://www.kaspersky.com/kaspersky_security_mail_server) or of the Kaspersky Open Space Security products (http://www.kaspersky.com/open_space_security) included into the Kaspersky Enterprise Space Security and Kaspersky Total Space Security solutions. After purchasing a license for Kaspersky Security, you will receive an e-mail containing a link to download the application from the web site of Kaspersky Lab and a key file for license activation, or an installation CD containing the distribution package of the product. Before breaking the seal on the installation disk envelope, carefully read through the EULA.
SERVICES FOR REGISTERED USERS
Kaspersky Lab Ltd. offers an extensive service package to all legally registered users of Kaspersky Security, enabling them to boost the application's performance.
After purchasing a license, you become a registered user and, during the period of your license, you will be provided with these services:
regular updates to the application databases and updates to the software package;
support on issues related to the installation, configuration and use of the purchased software product. Services
will be provided by phone or via email;
information about new Kaspersky Lab products and about new viruses appearing worldwide. This service is
available to users who subscribe to Kaspersky Lab's newsletter on the Technical Support Service web site (http://support.kaspersky.com/subscribe/).
Support on issues related to the performance and the use of operating systems, or other non-Kaspersky technologies, is not provided.
LICENSE AGREEMENT
The End-User License Agreement is a legal agreement between you and Kaspersky Lab that specifies the terms on which you may use the software you have purchased.
Read the EULA through carefully!
If you do not accept the terms and conditions of the license agreement, you can decline the product offer and receive a refund. Please note that the envelope with the installation CD should remain sealed.
By opening the sealed installation disk, you accept all the terms of the EULA.
K A S P E R S K Y S E C U R I T Y 8 . 0 F O R M I C R O S O F T E X C H A N G E S E R V E R 2 0 0 7
13
HARDWARE AND SOFTWARE REQUIREMENTS
Hardware requirements
The hardware requirements of Kaspersky Security are identical to the requirements of Microsoft Exchange Server. Depending upon the application settings and its mode of operation, considerable disk space may be required for Backup storage and other service folders (the default size of the Backup storage folder can be up to 5120 MB).
Hardware requirements of the Administration Console installed with application include:
Intel Pentium 400 MHz or faster processor (1000 MHz recommended);
256 MB free RAM;
500 MB disk space for the application files.
Software requirements
Installation of Kaspersky Security requires one of the following operating systems:
Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 x64 R2 Enterprise Edition / Microsoft Windows Server 2008 x64 R2 Standard Edition / Microsoft Windows Server 2008 x64 Enterprise Edition Service Pack 1 / Microsoft Windows Server 2008 x64 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2008 x64 Standard Edition Service Pack 1 / Microsoft Windows Server 2008 x64 Standard Edition Service Pack 2 / Microsoft Windows Server 2003 x64 R2 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2003 x64 R2 Standard Edition Service Pack 2 / Microsoft Windows Server 2003 x64 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2003 x64 Standard Edition Service Pack 2.
The following components are required for installation:
Microsoft Exchange Server 2007 x64 Service Pack 1 or Microsoft Exchange Server 2010 deployed in at least
one of the roles: Hub Transport or Mailbox;
MS SQL Server 2005 Express Edition, MS SQL Server 2005 Standard Edition, MS SQL Server 2005 Enterprise
Edition, MS SQL Server 2008 Express Edition, MS SQL Server 2008 Standard Edition, MS SQL Server 2008 Enterprise Edition;
Microsoft .NET Framework 3.5 Service Pack 1.
Installation of the Administration Console requires one of the following operating systems:
Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 / Microsoft Windows Server 2003 x64 (with Service Pack 2 installed) / Microsoft Windows Server 2003 x64 R2 Standard Edition / Microsoft Windows Server 2003 x64 R2 Enterprise Edition / Microsoft Windows XP x64 (with Service Pack 2 installed) / Microsoft Windows Vista x64 / Microsoft Windows Server 2003 R2 Standard Edition / Microsoft Windows Server 2003 R2 Enterprise Edition / Microsoft Windows Vista / Microsoft Windows Server 2003 (with Service Pack 2 installed) / Microsoft Windows XP (with Service Pack 3 installed) / Windows 7 Professional / Windows 7 Enterprise / Windows 7 Ultimate.
The following components are required for installation:
Microsoft Management Console 3.0;
Microsoft .NET Framework 3.5 Service Pack 1.
14
APPLICATION ARCHITECTURE
IN THIS SECTION
Application components and their purpose ..................................................................................................................... 14
Security Server architecture ............................................................................................................................................ 14
Kaspersky Security performs anti-virus scanning of all incoming, outgoing mail and messages stored on server, and filters spam. The application analyzes the message body and attached files in any format. The detection of malicious programs is based on records contained in Kaspersky Security's databases. Databases are regularly updated by Kaspersky Lab, and uploaded to Kaspersky Lab's update servers.
Additionally, the application uses a special analysis facility called a heuristic analyzer which can detect previously unknown viruses. Spam checks are performed by the Anti-Spam component, which employs a combination of several methods to fight spam. The application scans objects received by the server in real time. The user cannot open and view a new message before it is scanned. The application processes each object using the rules specified by the administrator for different types of object. You can create rules for processing of malicious objects (see section "Creating rules for object processing" on page 46) and spam (see section "Configuring the anti-spam analysis" on page 52).
Prior to modifying an object, the application can save a copy of it in a special Backup storage to allow subsequent restoration, or for forwarding to Kaspersky Lab for analysis. The application can send notifications about events as they occur to the anti-virus security administrator, the recipient, and the sender of the infected message, and also places a record of the event in the application log file and in the Microsoft Windows event log.
APPLICATION COMPONENTS AND THEIR PURPOSE
The application consists of two basic components:
Security Server The component is installed on the protected Microsoft Exchange server, it carries out actual
anti-spam filtering of mail traffic and its anti-virus protection. Security Server intercepts the messages arriving on the Microsoft Exchange Server and uses its internal Anti-Virus and Anti-Spam modules to perform anti-virus scanning and anti-spam filtration of that traffic respectively. If infection or spam is detected in a message, it can be saved in Backup or deleted depending upon the Anti-Virus and Anti-Spam settings.
Administration Console is a dedicated isolated snap-in integrated into MMC 3.0. Administration Console can
be installed locally on the protected Microsoft Exchange server or on a different computer for remote management of the server protection. You can use the Administration Console to create and edit the list of protected Microsoft Exchange servers and manage the Security Server.
SECURITY SERVER ARCHITECTURE
The server component of the application, the Security Server, consists of the following main subsystems:
The E-mail Interceptor intercepts objects arriving at the Microsoft Exchange Server and forwards them to the
anti-virus scan subsystem. It is integrated into the Microsoft Exchange Server processes using either VSAPI 2.6 or Transport Agents, according to the configuration selected during Microsoft Exchange Server deployment.
The Anti-Virus performs anti-virus scans of objects. The component is essentially the anti-virus engine running
within the program process of Kaspersky Security 8.0 for Microsoft Exchange Servers. The anti-virus scan subsystem also includes storage for temporary objects while scanning objects in RAM. The storage is located in the working folder Store.
A P P L I C A T I O N A R C H I T E C T U R E
15
Store folder is a subfolder within the application folder, which must be excluded from the scan scope of any anti­virus programs installed in the corporate network. Otherwise the application may function incorrectly.
The Anti-Spam component filters unwanted mail. The component is essentially the anti-spam engine running
within the program process of Kaspersky Security 8.0 for Microsoft Exchange Servers. Once a message is intercepted, it is transferred to the Anti-Spam engine for analysis. Depending upon the analysis result and the produced verdict, the message will be allowed to pass or deleted in accordance with the spam handling settings. Copies of deleted messages can be stored in Backup.
The Internal Application Management and Integrity Control Module is launched in a separate process and
is a Microsoft Windows service. The service is called Kaspersky Security 8.0 for Microsoft Exchange Servers, and is launched automatically when either the first message is being transferred, when the Management Console attempts to connect to the Security Server and after the initial configuration wizard has completed. This service does not depend on the state of the Microsoft Exchange Server (that is, whether it is started or stopped), so that the application can be configured even if the Microsoft Exchange Server is stopped. When background scan mode is enabled, the Internal Application Management Module will receive all email messages located in public folders and protected storage areas from the Microsoft Exchange server, in accordance with the current settings. If a message has not been analyzed using the latest anti-virus database, it will be sent to the anti-virus component for processing. Objects are processed in background mode in the same way as in traffic scan mode. For correct operation of the application, the Internal Application Management Module must always be running; stopping this service manually is not recommended.
16
TYPICAL DEPLOYMENT SCHEMES
IN THIS SECTION
Microsoft Exchange Server roles and corresponding configurations ............................................................................... 16
Server protection deployment ......................................................................................................................................... 16
Application deployment on a server cluster ..................................................................................................................... 17
Kaspersky Security should be installed on a Microsoft Exchange server. The application components, which you can install depends upon the role that the Microsoft Exchange Server performs. Kaspersky Security also supports deployment on a server cluster. You are advised to read through this chapter to select the most suitable deployment scheme.
MICROSOFT EXCHANGE SERVER ROLES AND
CORRESPONDING CONFIGURATIONS
Successful operation of Kaspersky Security requires that the protected Microsoft Exchange Server should be deployed at least in one of the following roles:
Mailbox.
Hub Transport.
Edge Transport.
If Microsoft Exchange Server is deployed as a Mailbox, Kaspersky Security interacts with it using the VSAPI 2.6 standard. In other cases the Transport Agents technology is used. Please note that in the Hub Transport role, objects are first scanned by Kaspersky Security and then processed by Microsoft Exchange Transport Agents. In the Edge Transport role, the procedure is reversed - the objects are first processed by Microsoft Exchange Transport Agents and then by Kaspersky Security.
SERVER PROTECTION DEPLOYMENT
The following procedure should be used to deploy the protection system for mail servers:
1. The Security Server component has to be installed on all protected Microsoft Exchange servers within the network. The installation must be performed from the distribution kit individually for each server.
2. Management console is installed together with Security server. It provides centralized access to all Security servers of Kaspersky Security from the single administrator's workplace. If necessary, Administration Console can be installed separately on a computer within the corporate network. If several administrators are working jointly, the Administration Console can be installed on each administrator's computer.
3. Create the list of managed servers (see section "Creating the list of protected Microsoft Exchange servers" on page 37).
4. Administration Console connects to the Security Server (see section "Connecting the Administration Console to the Security Server" on page 39).
T Y P I C A L D E P L O Y M E N T S C H E M E S
17
APPLICATION DEPLOYMENT ON A SERVER CLUSTER
Kaspersky Security supports the following cluster types:
single copy cluster (SCC);
cluster continuous replication (CCR).
During setup the application recognizes a server cluster automatically. This means that the order in which the application is installed to different cluster nodes does not matter. The procedure for installing Kaspersky Security on a cluster of servers differs from the usual procedure in that:
Before installation of Kaspersky Security is completed on all cluster nodes, the clustered mailbox servers (CMS)
must not be moved between different cluster nodes.
In the course of installation of Kaspersky Security to all cluster nodes, all installation folders must have the same
location.
The account used to perform the installation procedure must be authorized to write to the Active Directory
configuration section.
After installation to a cluster of servers, all application settings are stored in the Active Directory, and all cluster nodes use those parameters. However, parameters which refer to the physical server are set for each cluster node manually. Kaspersky Security automatically defines active cluster nodes, and applies the Active Directory settings to them. The scan results for each cluster node will be displayed only for those messages which were forwarded by the Microsoft Exchange virtual server to this cluster node. The scan results include:
the Backup storage content;
information presented in reports;
the set of events registered in the application logs;
The procedure for uninstalling Kaspersky Security from a cluster of servers differs from the usual procedure in that:
Clustered mailbox servers (CMS) must not be moved between nodes before application removal is completed.
In the process of uninstalling the application from the active cluster node, the cluster resource of the Microsoft
Exchange Information Store, and all resources of the Microsoft Exchange Database Instance which depend upon it, are stopped. Once the removal procedure is complete, the original status of these services will be automatically restored.
18
APPLICATION SETUP
IN THIS SECTION
Preparing installation ................................ ................................ ....................................................................................... 18
Upgrading an earlier version ........................................................................................................................................... 19
Application setup procedure ............................................................................................................................................ 19
Getting started. Application configuration wizard ............................................................................................................ 22
Restoring the application ................................................................................................................................................. 25
Removing the application ................................................................................................................................................ 25
Kaspersky Security consists of two main components: the Security Server and Administration Console. Security Server is always installed together with the Administration Console. Administration Console can be installed separately on another computer for remote management of a Security Server. Depending upon your corporate server architecture, you can select one of three available installation variants:
Security Server will be installed on the computer running Microsoft Exchange Server. Administration Console
will be installed to the same host.
Security Server and Administration Console will be installed on the computer running Microsoft Exchange
Server. Administration Console can be installed on any computer within your corporate network for remote management of the Security Server.
Security Server will be installed on a cluster of servers running Microsoft Exchange Server. In that case the
Security Server and Administration Console should be installed together on each node of the cluster.
Some services of Microsoft Exchange Server have to be restarted after Kaspersky Security installation.
PREPARING INSTALLATION
To install Kaspersky Security, you will need domain administrator privileges. Besides, an Internet connection is necessary for installation of the following required components:
.NET Framework 3.5 SP1;
Microsoft Management Console 3.0;
Microsoft SQL Server 2005 / 2008 (Standard, Express, Enterprise).
To create a database on the SQL server, you will need the local access rights for the computer where Kaspersky Security will be installed and administrator privileges on the SQL server. If SQL server is running on a domain controller, you must be a member of the Enterprise Admins and / or Domain Admins group.
A P P L I C A T I O N SETUP
19
IN THIS SECTION
Step 1. Installing the required components ..................................................................................................................... 19
Step 2. Greeting and License Agreement ....................................................................................................................... 20
Step 3. Selecting the type of the installation.................................................................................................................... 20
Step 4. Selecting the application components ................................................................................................................. 20
Step 5. Configuring connection to Microsoft SQL Server ................................................................................................ 21
Step 6. Copying files ....................................................................................................................................................... 21
UPGRADING AN EARLIER VERSION
Kaspersky Security does not support upgrading of earlier versions. An earlier application version installed on the computer must be removed before Kaspersky Security setup. The data and settings of the earlier version will not be preserved.
APPLICATION SETUP PROCEDURE
Kaspersky Security installer is designed as a wizard providing information about the operations, which you have to perform during each step of the procedure. The Back and Next buttons can be used to navigate between the installation screens (steps) at any time. The Exit and Cancel buttons allow you to exit the installer. The Finish button completes the installation procedure. The installation procedure begins with starting the setup_en.exe file. Further we shall discuss in detail the steps performed by the Setup Wizard.
STEP 1. INSTALLING THE REQUIRED COMPONENTS
During this step you have to make sure that the following required components are installed on your computer:
.NET Framework 3.5 SP1. You can install the component by clicking the button Download and install .NET
Framework 3.5 SP 1. The computer must be restarted after .NET Framework 3.5 SP1 installation! If you continue setup without restart, it may cause problems in the operation of Kaspersky Security.
Microsoft Windows Installer (MSI) 4.5. This component is required to install Microsoft SQL Server 2008 Express
Edition. You can install the component by clicking the button Download and install Microsoft Windows Installer 4.5.
Microsoft SQL Server 2008 Express Edition or another SQL server. To install the component, click the button
Install Microsoft SQL Server 2008 Express Edition. For working with Kaspersky Security, a fresh installation of SQL Server is recommended.
Microsoft Management Console 3.0 (MMC 3.0). Microsoft Management Console 3.0 (MMC 3.0) is a part of the
operating system in Microsoft Windows Server 2003 R2 and later versions. To install the program in earlier versions of Microsoft Windows Server, you need to upgrade MMC to version 3.0. To do that, click the button Download and install MMC 3.0.
You can proceed to the next setup step by clicking the link Kaspersky Security 8.0 for Microsoft Exchange Servers.
In addition, you can click the Installation guide button to download and install an installation guide.
A D M I N I S T R A T O R ' S G U I D E
20
STEP 2. GREETING AND LICENSE AGREEMENT
The welcome screen informs you that Kaspersky Security installation to your computer has been started. Clicking the Next button opens the License Agreement window.
License Agreement is an agreement between the application user and Kaspersky Lab. Checking the box I accept the terms and conditions of this Agreement means that you have read the License Agreement and accepted its terms and conditions.
STEP 3. SELECTING THE TYPE OF THE INSTALLATION
The installation type selection screen contains two buttons:
Standard. Clicking the button will continue the procedure installing the standard set of components, which suits
most users. Please see Step 5 for further instructions.
Custom. Clicking this button allows you to select manually the application components, which you would like to
install. Custom installation mode is recommended for experienced users.
Once the installation type is selected, the Setup Wizard proceeds to the next step.
STEP 4. SELECTING THE APPLICATION COMPONENTS
If you have selected the Custom setup type, the installer will offer you to select the components which you would like to install. The set of components available for installation will differ depending on whether Microsoft Exchange Server is installed, and how it is configured. If Microsoft Exchange Server is deployed to act both as a Mailbox and Hub Transport, the following components will be available for selection and installation:
Management Console;
Anti-Spam protection component;
Anti-Virus for the Mailbox role;
Anti-Virus for the Hub Transport and Edge Transport roles.
If Microsoft Exchange Server is deployed to act just as an Edge Transport or Hub Transport only, the following components will be available for selection and installation:
Management Console;
Anti-Spam protection component;
Anti-Virus for the Hub Transport and Edge Transport roles.
If Microsoft Exchange Server is deployed to act as a Mailbox only, the following components will be available for selection and installation:
Management Console;
Anti-Virus for the Mailbox role;
In all other cases, only the Management Console is available for installation.
The full name for the default installation folder is displayed in the lower part of the window. To change the installation folder, click the Browse button and specify another location. The data storage folder is displayed below. The data folder contains the following items:
A P P L I C A T I O N S E T U P
21
Anti-Virus database;
Anti-Spam database;
quarantined objects.
If you suppose that the folder will occupy more space than the selected drive has available, you can click the Browse button to change the data folder location.
Clicking the Reset button cancels the user-defined selection of components and restores the default selection.
Clicking the Disk usage button opens the dialog containing information about free space available on local drives and required for installation of the selected components.
STEP 5. CONFIGURING CONNECTION TO MICROSOFT SQL SERVER
The purpose of this step is to configure a connection to an SQL server. To create a database on the SQL server, you will need the local access rights for the computer where Kaspersky Security will be installed and administrator privileges on the SQL server. If SQL server is running on a domain controller, you must be a member of the Enterprise Admins and / or Domain Admins group. If you are using a remote connection to the SQL server, make sure that TCP/IP support is enabled in SQL Server Configuration Manager.
Configuring connection to Microsoft SQL Server
In the Name of SQL server field specify the name (or IP address) of the computer and the SQL server instance. Clicking the Browse button next to that field allows you to select an SQL server within the current network segment.
To create a database on the SQL server, you will have to choose an account that will be used to create the SQL database. The following options are available:
Active account. Current user account will be used then.
Other account. In that case you should enter the name and password for the specified user account. You can
click the Browse button to select an account.
SQL server browser must be started on the computer running the SQL server. Otherwise you will be unable to see the instance of the SQL server that you need. If Kaspersky Security is installed on an Edge Transport while the SQL server is running within a domain, there will be no way to establish a connection to the SQL server. In that case a local SQL server instance should be used.
Select an account for the operation of application service
In the next window you will see an offer to choose the account that will be used to connect to the SQL server. The window contains two options:
Local System Account. In that case the local system account will be used to establish a connection to the SQL
server.
Account. In that case you will have to specify the name and password for an account with the privileges
sufficient to connect to the SQL server and start the application service.
STEP 6. COPYING FILES
To proceed with the installation, press the Install button in the Setup Wizard window. It will initiate copying of the application files to the computer, registration of the components in the system, creation of the corresponding database on the SQL server and restarting some services of Microsoft Exchange Server.
A D M I N I S T R A T O R ' S G U I D E
22
GETTING STARTED. APPLICATION CONFIGURATION
IN THIS SECTION
Configuring updates ........................................................................................................................................................ 22
Installing a license key .................................................................................................................................................... 22
Notification settings ......................................................................................................................................................... 23
Configuring server protection .......................................................................................................................................... 23
Testing the application functionality ................................................................................................................................ 23
WIZARD
Once the files are copied and the components are registered in the system, the Setup Wizard will display a notification informing about completion of the application setup. Clicking the Next button in the Setup Wizard will start the Application Configuration Wizard. Application Configuration Wizard will assist you in configuring the update settings, installing the license, and testing the application functionality. To start product configuration in the Application Configuration Wizard, click Next.
CONFIGURING UPDATES
You can use the Update settings window of the Application Configuration Wizard to configure the updating settings of Kaspersky Security.
To define the update settings, perform the following steps:
1. Leave the box Enable automatic update checked, if you wish the application to update automatically according to the specified schedule.
2. To connect to an update server of Kaspersky Lab through a proxy server, enable the option to Use proxy server and specify the corporate proxy address in the Proxy server address line.
3. Define the proxy server port in the entry field. By default, port 8080 is used.
4. To enable authentication with the proxy server, check the box Use authentication and enter in the Account and Password fields relevant information about the user account selected for that purpose.
5. If you wish to download updates from a local corporate server directly, check the box Bypass proxy server for local addresses.
INSTALLING A LICENSE KEY
In the Licenses window you can install a license for Kaspersky Security.
To install a license, perform the following steps:
1. Press the Add button.
2. In the displayed File name dialog specify path to the key file (file with the *.key extension) and click Open.
A license will be installed that allows you to use Kaspersky Security with unlimited functionality for specified period. Over the entire period when the license is active, you can download Antivirus and Anti-spam database updates and contact Kaspersky Lab on all the issues related to the use of the application.
A P P L I C A T I O N S E T U P
23
Removing a license key
To remove a license, click the Remove button.
NOTIFICATION SETTINGS
The Notification settings window allows you to configure the notifications sent by email. Using notifications, you will always know in time of all the Kaspersky Security events.
To define the notification settings, perform the following steps:
1. In the Web-service address field specify the address of the web service that will be used to mail messages via Microsoft Exchange Server.
By default, in the Microsoft Exchange Server it is the following address:
https://<client_access_server>/ews/exchange.asmx
2. Specify in the Account field any account registered on the Microsoft Exchange Server.
To do that, click Browse or enter the account name manually.
3. Type in the Password field the password for the selected account.
4. In the Administrator address field specify the mail recipient's address.
5. Click the Test button to send a test message.
If the test message arrives in the specified mailbox, it means that delivery of notifications is configured properly.
CONFIGURING SERVER PROTECTION
In the Protection settings window, you can configure the anti-virus and anti-spam protection.Anti-virus and anti-spam protection is enabled by default.
To define the protection settings, perform the following steps:
1. Leave the box Enable Anti-Virus protection to start the anti-virus protection.
2. Leave the box Enable Anti-Spam protection to start the anti-spam protection.
If you do not want anti-virus and anti-spam protection to start functioning immediately, uncheck the corresponding boxes. You can enable protection later using the Administration Console.
3. Click Next to finish setting up the application options.
4. Click the Finish button in the final window of Application Setup Wizard to quit the wizard..
If the Start Administration Console after Application Configuration Wizard completion flag is left checked, the Administration Console will start automatically.
TESTING THE APPLICATION FUNCTIONALITY
After Kaspersky Security is installed and configured, you are advised to verify its settings and operation using a test "virus" and its modification.
A D M I N I S T R A T O R ' S G U I D E
24
The test "virus" was specifically designed by EICAR (The European Institute for Computer Antivirus Research) to test anti-virus products. The test "virus" is not a malicious program and it contains no code that can harm your computer. However, most anti-virus products identify it as a virus.
You can download the test "virus" from the official web site of EICAR at: http://www.eicar.org/anti_virus_test_file.htm.
Testing the Anti-Virus functionality
To send a message with the test "virus", perform the following steps:
1. Create an email message with an attached EICAR test "virus".
2. Send the message via Microsoft Exchange Server with installed Kaspersky Security and connected Security Server.
3. Check to make sure that the delivered message contains no virus. If a virus is detected on a server functioning as a Mailbox, the deleted virus will be replaced with a text file. When a virus is detected on a server functioning as a Hub Transport, the application adds to the message subject the prefix: Malicious object deleted.
After virus detection the mailbox that you have specified in the Notification Settings (see section "Configuring notifications" on page 23) window of the Initial Configuration Wizard should receive a notification about the intercepted virus.
To view the application report about the detected virus, perform the following steps:
1. Launch Kaspersky Security using the menu Start Programs Kaspersky Security 8.0 for Microsoft Exchange Servers Administration Console.
2. In the console tree to the left, select and open the node corresponding to the server which was supposed to process the message containing the "virus".
3. Select the Reports node.
4. In the details window to the right, click the Generate report button in the Quick reports and / or Anti-Virus report section.
5. View the created report in the Ready reports section. To do that, double-click the necessary report to open it.
If the report contains information about EICAR infection, the application is properly configured.
To receive the reports to an email address, perform the following steps:
1. In the details window, use the Quick reports and / or Anti-Virus report sections to check the box Administrator to enable sending notifications to the address, which you have specified in the Notification Settings (see section "Configuring notifications" on page 23) window of the Application Configuration Wizard.
If you have not specified the e-mail address in the Initial Configuration Wizard, click the link E-mail sending settings to set up notifications (see section "Configuring notifications" on page 23).
2. To make sure that reports arrive in the specified mailbox, click the Test button to send a test message.
By default, the application saves a copy of an infected object in Backup.
To check, whether a copy of an infected object has been saved in Backup, perform the following steps:
1. In the console tree, select the node Backup.
2. Check to make sure that the infected object (message with attached "virus") appears in the details window.
A P P L I C A T I O N S E T U P
25
Testing the Anti-Spam functionality
To test normal functioning of the Anti-Spam, perform the following steps:
1. Launch Kaspersky Security using the menu Start Programs Kaspersky Security 8.0 for Microsoft Exchange Servers Administration Console.
2. In the console tree to the left, select and open the node corresponding to the server which will be used to transfer the test message.
3. Select the Server protection node.
4. Select the Anti-Spam protection tab in the details window.
5. Open the White and black list settings section.
6. Check the box Add sender's address to black list.
7. Type the sender's e-mail address in the entry line.
8. Click the addition button to the right of the field.
9. Open the Scan settings section.
10. In the Blacklisted field, select Allow.
11. In the same field check the box Add label.
12. Send a message to the administrator's address through the protected mail server. If the message arrives with the [Blacklisted] label in the header, the Anti-Spam component functions correctly.
RESTORING THE APPLICATION
If the application encounters a failure while running (for example, if its binary modules get damaged), you can use the restoration functionality provided in the installer. During restoration the installer will preserve the selected settings and user configuration including notifications, paths to the application databases, Quarantine, etc.
To restore Kaspersky Security, perform the following steps:
1. Start the setup_en.exe file.
2. Click the link Kaspersky Security 8.0 for Microsoft Exchange Servers.
3. Click the Next button in the welcome screen of the Initial Configuration Wizard.
4. In the Change, Repair or Remove the application window click the Restore button.
5. In the Restoring window, click the Repair button.
Restoration of the application will be impossible, if its configuration files are damaged. Removing and reinstalling the application is recommended then.
REMOVING THE APPLICATION
To remove Kaspersky Security from a computer, perform the following steps:
1. Start the setup_en.exe file.
A D M I N I S T R A T O R ' S G U I D E
26
2. Click the link Kaspersky Security 8.0 for Microsoft Exchange Servers to start the Setup Wizard and click Next.
3. In the Change, Repair or Remove the application window click the Remove button.
4. In the Remove window click the Remove button.
You can also uninstall the application using the standard software management tools in Microsoft Windows.
During Kaspersky Security removal some services of Microsoft Exchange Server will need a restart.
27
MANAGING KASPERSKY SECURITY LICENSES
When you purchase Kaspersky Security, you enter into a license agreement with Kaspersky Lab. This agreement grants you the right to use the software you purchased to protect the specified number of mailboxes, and to have access to the attendant services, for a defined period. The anti-virus protection covers both mailboxes and public folders. Therefore, no additional license is needed to protect public folders when working in the Microsoft Exchange environment. When using the application on a cluster of servers, the license is valid for the whole cluster.
The following features will be available to you during the license period:
use the anti-virus functionality of the application;
anti-spam functionality of the application;
regular updates for the anti-virus and anti-spam databases;
application updates;
support on issues related to the installation, configuration and the use of the purchased software product,
provided 24 hours a day, by phone or email.
The application verifies the validity of the license agreement through the Kaspersky Security license key file, which is an integral part of any Kaspersky Lab product.
Kaspersky Security will not work without a license key!
Active license
The application can use only one active license key. This license key contains restrictions imposed on the use of Kaspersky Security, which the application verifies using its internal algorithms. If a violation of the terms and conditions of the license agreement is detected:
the application functionality will be restricted;
a record of the detected violation will be entered into the event logs;
if the notification settings are configured, a notification about the violation will be issued and sent by email.
You can manage the number of protected mailboxes excluding from the scan scope certain storages (see section "Creating a list of protected mailboxes and storages" on page 30) containing e-mail accounts that the application will not scan. You are advised to purchase a license able to protect all your mailboxes, as any unprotected storage areas increase the possibility of penetration and propagation of viruses via the email system. Once a commercial license expires, the application functionality will remain available, i. e. the application will continue anti-virus and anti-spam traffic scanning; however, database updates and application upgrades will no longer be provided as well as the opportunity to contact the Technical Support service for assistance. The application will continue anti-virus scanning of email traffic, and background scanning of storage areas, but will use outdated database versions. In this case, it is difficult to guarantee comprehensive protection against new viruses and spam, which may appear after the license expires.
By default, a notification is sent when the application is running, fifteen days prior to the license expiration date. This message indicates when the currently installed license key will expire, and gives information about renewing a license. The date of the notification and its e-mail destination address can be changed (see section "Notification about license expiry" on page 29).
A D M I N I S T R A T O R ' S G U I D E
28
Additional license
IN THIS SECTION
Viewing information about installed licenses ................................................................................................................... 28
Installing a license key .................................................................................................................................................... 29
Removing a license key .................................................................................................................................................. 29
Notification about license expiry ...................................................................................................................................... 29
Creating the list of protected mailboxes and storages ..................................................................................................... 30
Once you have installed a commercial license, you can purchase an additional license for the product (see section "Distribution Kit" on page 12) including Kaspersky Security and install it. After the current license expires, the additional license becomes active and the application continues to function without changes. Thus you can ensure uninterrupted protection of your corporate mail servers. Kaspersky Security supports only one additional license.
Trial license
You may use a trial license to evaluate the benefits of Kaspersky Security. If a trial license key has been used, upon its expiration the anti-virus functionality of the application will also be disabled in addition to the above limitations. Note that the validity period of a trial key starts from the moment when the first trial key is added. The validity period of all the subsequent trial keys will be adjusted in accordance with the validity period of the first key.
License restrictions
In some cases (for example, if the sales contract was terminated or if the license agreement restrictions were changed), Kaspersky Lab terminates the license agreement with the user. In this case, the serial number of the license key will be added to the list of cancelled licenses, the so-called black list. If your active license is found in the black list, the reserve license will not be activated and the application will be disabled except for the management and anti-virus database updating services. If your license has been accidentally blacklisted, you are advised to update your databases and, if the error persists, contact the Technical Support Service.
VIEWING INFORMATION ABOUT INSTALLED LICENSES
To view information on installed licenses, perform the following steps:
1. Start the Administration Console of the application.
2. In the Administration Console tree select the necessary server node and then the Licenses node.
The details window will display information about installed licenses. The following information is displayed:
Type - Describes the license key type.
Owner. Identifies the license owner.
Restrictions. Defines the number of user accounts (mailboxes) supported in the license.
Expiration date. Indicates the date of license expiry.
License key serial number. Displays the license serial number.
Status. Displays the status of the current license.
M A N A G I N G K A S P E R S K Y S E C U R I T Y L I C E N S E S
29
INSTALLING A LICENSE KEY
To install a license for Kaspersky Security, perform the following steps:
1. In the Management Console, select the node Licenses.
2. Click the Add button in the details window.
3. In the displayed File name dialog specify path to the key file (file with the *.key extension) and click Open.
Once you have installed a commercial license, you can install an additional license.
To install a reserve license, perform the following steps:
1. Select the Licensing node in the Administration Console.
2. In the details window, click the Add button in the Additional license section.
3. In the displayed File name dialog specify path to the key file (file with the *.key extension) and click Open.
REMOVING A LICENSE KEY
To remove a license for Kaspersky Security, perform the following steps:
1. In the Management Console, select the node Licenses.
2. In the details window, click the Remove button in the Active license or Additional license section.
NOTIFICATION ABOUT LICENSE EXPIRY
The application verifies compliance with the license agreement after every database update. The check may return one of the following results:
the active key expires within the next few days;
the license has expired;
the active license was found in the black list;
In these cases the application logs an appropriate record and, provided that notifications are configured (see section "Configuring notification settings" on page 65), e-mails the information to the address specified in the settings. By default, a notification will be issued 15 days prior to the expiration of your license period. You can set up an earlier or a later notification date.
To configure notifications about expiry of the license to use Kaspersky Security, perform the following steps:
1. In the Management Console, select the node Licenses.
2. In the details window, specify in the field Notify about license expiry in the number of days remaining until a license expires when you should be notified about the forthcoming expiry.
3. Click the Save button.
A D M I N I S T R A T O R ' S G U I D E
30
CREATING THE LIST OF PROTECTED MAILBOXES AND
STORAGES
The application will protect the number of mail boxes specified in the active license. If this number is not sufficient, you must decide which mailboxes should be left unprotected and moved into storage areas not covered by anti-virus protection. By default, the application protects all public folders created on the protected mail server. You can remove protection from public folders if you think that their scan would be redundant.
To remove protection from the mailbox storage or public folders storage:
1. In the Administration Console select the Server protection node.
2. On the Anti-Virus protection tab, open the Protection for mailboxes configuration section.
3. In the Protected mailbox storages section check the boxes corresponding to the mailbox storages, which you wish to protect.
4. In the Protected public folder storages section check the boxes corresponding to the public folder storages, which you wish to protect.
5. To apply the changes, click the Save button.
The list includes all mailbox storage areas created on the protected Microsoft Exchange server. By default, the application protects the storages that already existed when the application was installed and all new storage areas.
Loading...
+ 81 hidden pages