Kaspersky Lab KASPERSKY SECURITY 5.5 FOR MICROSOFT EXCHANGE SERVER ADMINISTRATOR GUIDE

KASPERSKY LAB

Kaspersky Security® 5.5 for Microsoft Exchange Server 2003

ADMINISTRATOR'S GUIDE

KASPERSKY SECURITY 5.5

FOR MICROSOFT EXCHANGE SERVER 2003

Administrator's

Guide

http://www.kaspersky.com

Revision date: November 2006

Table of Contents

CHAPTER 1. INTRODUCTION ...................................................................................... 7

1.1. Threats to the computer security .......................................................................... 7

1.2. The purpose and major functionality of the application...................................... 10

1.3. Hardware system requirements.......................................................................... 12

1.4. Software system requirements ...........................................................................12

1.5. Distribution kit ...................................................................................................... 12

1.6. Services provided for registered users ............................................................... 13

1.7. Conventions......................................................................................................... 14

CHAPTER 2. OPERATION OF THE APPLICATION .................................................. 15

2.1. Security Server architecture................................................................................ 16

2.2. Server protection deployment............................................................................. 17

2.3. Server protection system maintenance .............................................................. 18

2.4. Application’s operation on a cluster of servers................................................... 18

CHAPTER 3. INSTALLING, UPDATING AND REMOVING THE APPLICATION..... 20

3.1. Installing the application ......................................................................................20

3.1.1. First-time installation ..................................................................................... 21

3.1.2. Reinstalling the application........................................................................... 24

3.2. Removing the application.................................................................................... 25

3.3. Upgrading from a previous version..................................................................... 25

CHAPTER 4. STARTING USING THE APPLICATION............................................... 26

4.1. Starting the application........................................................................................ 26

4.2. Application interface ............................................................................................26

4.2.1. Main application window .............................................................................. 26

4.2.2. Shortcut menu .............................................................................................. 28

4.3. Creating the list of managed servers.................................................................. 30

4.4. Connecting the Management Console to the server ......................................... 31

4.5. Minimum required configuration.......................................................................... 32

4.6. Mail server protection without additional configuration....................................... 33

4.7. Verifying the application performance ................................................................ 35

4 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

4.7.1. Testing the anti-virus protection system ...................................................... 35

4.7.2. Testing the anti-spam protection system..................................................... 36

CHAPTER 5. UPDATING THE ANTI-VIRUS AND THE CONTENT FILTRATION

DATABASES.............................................................................................................. 38

5.1. Manual updating.................................................................................................. 39

5.2. Automatic updates............................................................................................... 40

5.3. Selecting the updates source.............................................................................. 41

5.4. Configuring the connection settings.................................................................... 43

5.5. Running updates under a different user account ............................................... 45

CHAPTER 6. ANTI-VIRUS PROTECTION .................................................................. 47

6.1. Anti-virus protection levels................................................................................... 49

6.2. Enabling and disabling the anti-virus server protection. Selecting anti-virus

protection level ................................................................................................... 51

6.3. Scanning attachments......................................................................................... 53

6.4. Scanning of routed e-mail traffic ......................................................................... 56

6.5. Selecting actions to be performed with objects.................................................. 57

6.6. Background scan................................................................................................. 62

CHAPTER 7. ANTI-SPAM PROTECTION................................................................... 65

7.1. Enabling/disabling anti-spam protection............................................................. 66

7.2. Selecting the action to be performed with the message.................................... 67

7.3. Configuring TCP/IP settings................................................................................ 70

7.4. Configuring e-mail filtration.................................................................................. 70

CHAPTER 8. APPLICATION'S OPERATION EFFICIENCY....................................... 72

8.1. Anti-virus protection efficiency............................................................................. 72

8.2. Anti-spam protection efficiency ........................................................................... 73

CHAPTER 9. BACKUP COPYING ............................................................................... 74

9.1. Viewing backup storage...................................................................................... 75

9.2. Backup storage filter............................................................................................ 77

9.3. Restoring objects from the backup storage........................................................ 80

9.4. Sending e-mails to addressees .......................................................................... 81

9.5. Sending objects for analysis ............................................................................... 81

9.6. Deleting objects from the backup storage .......................................................... 82

9.7. Configuring the backup storage settings ............................................................83

Table of Contents 5r

CHAPTER 10. NOTIFICATIONS.................................................................................. 86

10.1. Creating a notification template......................................................................... 87

10.2. Viewing and editing notification parameters..................................................... 91

10.3. Customizing general notification settings .........................................................91

CHAPTER 11. PREVENTING VIRUS OUTBREAKS.................................................. 93

11.1. Creating a new virus outbreak counter............................................................. 95

11.2. Viewing and modifying virus outbreak notification settings.............................. 99

CHAPTER 12. REPORTS........................................................................................... 100

12.1. Receiving reports............................................................................................. 102

12.1.1. Creating a report template........................................................................ 104

12.1.2. Viewing and fine-tuning the report templates .......................................... 107

12.2. Viewing reports................................................................................................ 108

CHAPTER 13. APPLICATION’S EVENT LOGS........................................................ 111

13.1. Configuring the diagnostics level ....................................................................112

13.2. Configuring log settings................................................................................... 114

CHAPTER 14. LICENSE KEYS.................................................................................. 115

14.1. License information .........................................................................................117

14.2. Installing the license key ................................................................................. 119

14.3. Removing a license key .................................................................................. 121

14.4. License-related notifications............................................................................ 121

14.5. Unprotected storage areas ............................................................................. 122

CHAPTER 15. APPLICATION MANAGEMENT USING KASPERSKY

ADMINISTRATION KIT............................................................................................ 124

15.1. Managing policies............................................................................................ 126

15.1.1. Creating a policy ....................................................................................... 126

15.1.2. Viewing and editing policy settings .......................................................... 130

15.1.2.1. Viewing information about the application ........................................ 131

15.1.2.2. Enabling / disabling server protection ............................................... 132

15.1.2.3. Scanning of attachments................................................................... 133

15.1.2.4. Scanning of routed mail..................................................................... 134

15.1.2.5. The choice of actions over objects.................................................... 135

15.1.2.6. The choice of actions over spam messages .................................... 136

15.1.2.7. Configuring the server protection productivity................................... 137

15.1.2.8. Updating the anti-virus and content filtration databases................... 138

6 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

15.1.2.9. Notifications on detected objects....................................................... 139

15.1.2.10. Virus outbreak notification ...............................................................140

15.1.2.11. General notification settings ............................................................140

15.1.2.12. Additional settings............................................................................ 141

15.1.2.13. Registration of events on program operation on Administration

Server.................................................................................................... 142

15.1.2.14. Reviewing the results of policy application ..................................... 144

15.2. Management of application settings ............................................................... 145

15.2.1. Reviewing the information about application........................................... 147

15.2.2. Reviewing the license key information..................................................... 148

15.2.3. Start background scan ............................................................................. 148

15.2.4. Selection of protected storage ................................................................. 149

15.2.5. Viewing reports......................................................................................... 150

15.3. Task management .......................................................................................... 152

15.3.1. Running and stopping tasks..................................................................... 154

15.3.2. Configuring task parameters .................................................................... 155

CHAPTER 16. FREQUENTLY ASKED QUESTIONS............................................... 156

APPENDIX A. TABLE OF SUBSTITUTION MACROS ............................................. 160

APPENDIX B. CONTACTING THE TECHNICAL SUPPORT SERVICE ................. 163

APPENDIX C. GLOSSARY......................................................................................... 165

APPENDIX D. KASPERSKY LAB............................................................................... 170

D.1. Other Kaspersky Lab Products ........................................................................ 171

D.2. Contact Us ........................................................................................................ 179

APPENDIX E. LICENSE AGREEMENT..................................................................... 180

CHAPTER 1. INTRODUCTION

The main source of viruses today is the global Internet. Most virus infections happen via e-mail. The facts that almost every computer has e-mail client applications installed and that malicious programs are able to take a full advantage of software address book in order to find new victims are favorable factors for the distribution of malware. Without even suspecting it, the user of an infected computer is sending infected e-mail messages to his or her contacts, who, in turn, send new waves of infected messages and so on. It is not uncommon when infected files, due to someone's negligence, enter commercial mailing lists of large companies. In this case, the virus will affect not just five, but hundreds or even thousands recipients of such mailings who then will send infected files to dozens thousands of their contacts.

Apart from the threat of virus or malware infection, there is a problem of unsolicited e-mail messages (SPAM) and misuse of the Internet resources. Although not a direct threat, unsolicited e-mail messages increase the load on the mail servers, fill mailboxes with unwanted messages, cause the loss of working time and inflict serious financial losses.

Additionally, it is to be noted that the newest malicious programs use the socalled spamming technologies for efficient mass distribution and the methods of social psychology to make the user open the message, etc. Therefore, SPAM filtering is important not only for convenience, but also in order to protect your computer against some new types of viruses.

It is now acknowledged that information has become an important asset. At the same time, in order to gain profit through the use of the information, it has to be available to the company's employees, clients and partners. This raises the issue of data security and, as its important element, the issue of protection of the corporate mail servers against the external threats, preventing virus outbreaks within the corporate networks and filtering out the unsolicited correspondence.

1.1. Threats to the computer security

There are a vast number of threats that could affect your computer today. Reading this chapter will give you a general understanding of them.

Worms

This malicious program category largely exploits operating system vulnerabilities to spread itself. The class was named for the way the worms

8 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

crawl from computer to computer, using networks, e-mail, and other data channels. This feature gives many worms a rather high speed in spreading themselves.

Worms penetrate a computer, calculate the network addresses of other computers, and send a burst of self-made copies to these addresses. In addition to network addresses, worms often utilize data from e-mail client address books. Some of these malicious programs occasionally create working files on system disks, but they can run without any system resources at all (with the exception of RAM).

Viruses

Programs that infect other programs, adding their own code to them to gain control of the infected files when they are opened. This simple definition explains the fundamental action performed by a virus – infection.

Trojans

Programs that carry out unauthorized actions on computers, such as deleting information on drives, making the system hang, stealing confidential information, etc. These malicious programs are not viruses in the traditional sense of the term, since they do not infect other programs or data; Trojans are not capable of independently penetrating computers. Their users spread them under the guise of useful software. The damage that they incur can exceed that done by traditional virus attacks by several fold.

Recently, worms have become the most widespread type of malware, followed by viruses and Trojans. Some malicious computer programs have characteristics of two or even all three of the above categories.

Henceforth in the text of this Administrator’s Guide the term "virus" will be used to refer collectively to viruses, Trojan Horses, and worms. A particular type of malware will be mentioned only when it is required.

The following potentially dangerous types of malware have also become widespread:

Adware

Program code included in software, unbeknownst to the user, designed to display advertisements. Adware is usually built into software that is distributed for free. The advertisement is situated in the program interface. These programs often also collect personal data on the user and send it back to their developer, change browser settings (start page and search pages, security levels, etc.) and also create traffic that the user cannot control. All this can lead to breach of the security policy and to direct financial losses.

Introduction 9

Riskware

Potentially dangerous software that does not have a malicious function but can be used by hackers as an auxiliary component for a malicious code, since it contains holes and errors. Under certain conditions, having such programs on your computer can put your data at risk. These programs include, for instance, some remote administration utilities, keyboard layout togglers, IRC clients, FTP servers, and all-purpose utilities for stopping processes or hiding their operation.

Spyware

Software that collects information about a particular user or organization without their knowledge. You might never guess that you have spyware installed on your computer. In general, the goal of spyware is to:

• trace user actions on a computer;

• gather information on the contents of the hard drive; in such

cases, this more often than not involves scanning several directories and the system registry in order to compile a list of the software installed on the computer;

• gather information on the quality of the connection, bandwidth, modem speed, etc.

Jokes

Software that does not do any direct damage but displays messages stating that damage has already been done or will be done under certain conditions. These programs often warn the user of dangers that do not exist, such as messages that pop up about formatting the hard drive (although no formatting actually takes place) or detecting viruses in uninfected files.

PornWare

Programs that make modem connections with various pay-per-use websites, generally pornographic in nature.

Hack Tools

Software used by hackers to penetrate your computer for their own ends. They include various illegal vulnerability scanners, password cracking programs, and other types of programs for cracking network resources or penetrating a system.

Other dangerous programs

Programs created to set up DoS attacks on remote servers, hacking into other computers, and programs that are part of the development environment for malicious programs. These programs include hack tools, virus

10 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

builders, vulnerability scanners, password cracking programs, and other types of programs for cracking network resources or penetrating a system.

Although malicious programs are distributed mainly via email and the Internet, a floppy disk or a CD can also be a source of infection. Therefore, the task of comprehensive protection from potential threats now extends far beyond simple regular scans for viruses, and includes the more complex task of real-time antivirus protection.

Another threat that e-mail users face daily is spam. Spam is anonymous junk email. Spam includes mailings that are marketing, political and provocative in nature and e-mails asking for assistance. Another category of spam includes emails that ask one to invest large amounts of money or to get involve in pyramid schemes, e-mails aimed at stealing passwords and credit card numbers, and emails that ask to be sent to friends (chain letters), etc. Spam significantly increases the load on mail services and increases the risk of losing information that is important for the user. Spam can be roughly divided into four categories:

• Formal messages – messages that are automatically generated and sent to recipients by automated mail program functions (as, for example, notifications of undeliverable messages or confirmation of the user's registration at some Internet website);

• Probable SPAM - messages that can not be unambiguously identified as SPAM, but that raise suspicions when checked (for example, some types of mass mailing and advertising messages);

• Obscene messages– messages that contain obscene language;

• SPAM messages – message that definitely contain SPAM.

1.2. The purpose and major functionality of the application

Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (hereinafter referred to as Kaspersky Security) is designed to ensure protection of mailboxes and public folders located on Microsoft Exchange Server 2003 (hereinafter Microsoft Exchange Server) against malicious programs and unsolicited e-mail messages (SPAM).

Kaspersky Security performs the following functions:

• scanning and analyzing incoming and outgoing e-mail messages for the presence of malicious objects. This analysis processes the bodies and attachments of e-mail messages. Depending on the settings configured, the application will disinfect or delete a malicious object or will add a warning message to such objects;

Introduction 11

• scanning e-mail messages received by the Exchange server via SMTP protocol for SPAM including the analysis of all attributes and attachments

of the message. Depending on the settings, the application will deliver the message to the Inbox folder, move the message to the Junk E-mail folder, block the message or delete it. In addition to the first two actions, special markers can be added to the subject line of the message;

• saving backup copies of the message's objects before an attempt to disinfect or delete such object (during an anti-virus scan) and copies of messages before they are blocked or deleted (during an anti-spam scan); copies are saved to a special storage for the consequent restoring which prevents the loss of data. Configurable filters allow to easily locate the original copies of objects;

• notifying the sender, the recipient and the system administrator about messages that contain malicious objects or may contain SPAM.

• maintaining the event log and creating regular reports about the operation of the application, the status of the anti-virus protection and anti-spam protection. The application allows generation of reports using templates with a preset level of detail and at a required interval;

• detecting virus outbreaks as they emerge and notifying about such events.

The application identifies attempts of mass-mailing infected messages both from the Internet and from the computers within the corporate network;

• configuring application settings depending on the intensity and the nature of the traffic as well as the characteristics of the hardware installed (amount of RAM, speed, number of processors, etc.);

• updating the anti-virus database and content filtration database

automatically or manually. The databases can be updated from the Kaspersky Lab's FTP and HTTP web servers or from a local/network folder that contains the latest set of updates;

• scanning old (previously scanned) messages for the presence of new viruses each time your anti-virus database is updated or according to the schedule. This task is performed as a background scan and does not have any considerable effect on the performance of the mail server;

• creating the list of protected storage areas, which offers additional flexibility in regards with license restrictions on the number of protected mailboxes;

• managing license keys.

Kaspersky Security 5.5 for Microsoft Exchange Server 2003 includes the following components:

12 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

• Security Server performs the scan of the mail traffic for viruses and spam, updates the anti-virus database and content filtration database, provides administrative services for remote management, configuring and ensuring the integrity of the application and of the data stored.

• Management Console that provides the user interface for managing the administrative services of the application and enables you to configure settings and manage the server component. The management module is implemented as the extension of the Microsoft Management Console.

1.3. Hardware system requirements

• Intel Pentium 300 MHz or higher;

• about 256 MB free RAM (recommended);

• 50 MB free disk space for the application files (in addition to the size of the

backup storage and other service folders).

1.4. Software system requirements

Requirements to protected server:

• Microsoft Windows Server 2000 with Service Pack 4 installed or higher / Microsoft Windows 2000 Advanced Server with Service Pack 4 and higher installed or higher / Microsoft Windows Server 2003 Standard Edition and higher / Microsoft Windows Server 2003 Enterprise Edition and higher;

• Microsoft Exchange Server 2003 Enterprise Edition / Standard Edition.

Requirements to the computer from which the application management will be performed:

• Microsoft Windows 2000 with Service Pack 4 installed or higher / Microsoft Windows XP / Microsoft Windows 2003;

• Microsoft Management Console (ММС) version 1.2 or higher.

1.5. Distribution kit

You can purchase the product from our dealers (retail box) or online (for example, you may visit www.kaspersky.com

The retail box package includes:

• a sealed envelope with the installation CD containing the application files;

• User's Guide

• a license key written on a special disk;

and follow the E-Store link).

Introduction 13

• License Agreement

Before you open the envelope with the CD make sure that you have carefully read the license agreement.

If you buy Kaspersky Security online, you will download the application from the Kaspersky Lab's website. In this case, the distribution kit will include this Guide along with the application. The license key will be e-mailed to you upon the receipt of your payment.

License Agreement is a legal contract between you and Kaspersky Lab Ltd. that contains the terms and conditions on which you may use the anti-virus product that you have purchased.

Read the License Agreement carefully!

If you do not agree with the terms of this License Agreement, you can return the box with the software product to the dealer you purchased it from for a full refund provided that the envelope with the installation CD remained sealed.

By opening the envelope containing the installation CD or by installing the product on your computer you accept all terms and conditions of the License Agreement.

1.6. Services provided for registered users

Kaspersky Lab Ltd. offers to all legally registered users an extensive service package enabling them to boost the performance of Kaspersky Security 5.5 for Microsoft Exchange Server 2003.

After purchasing a subscription, you become a registered user and, during the period of your subscription, you will be provided with the following services:

• you will be receiving new versions of the purchased software product;

• support on issues related to the installation, configuration and use of the

purchased software product. Services will be provided by phone or via email;

• information about new Kaspersky Lab products and about new viruses appearing worldwide (this service is provided to users who subscribe to the Kaspersky Lab's newsletter).

14 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

Support on issues related to the performance and the use of operating systems or other technologies is not provided.

1.7. Conventions

Various formatting features and icons are used throughout this document depending on the purpose and the meaning of the text. The table below lists adopted conventions used in the text.

Format feature Meaning/Usage

Bold font

Note.

Attention!

In order to perform...,

1. Step 1.

2. …

Task, example

[key] – modifier name

Information messages and command line text

Titles of menus, menu items, windows, dialog boxes and their elements, etc.

Additional information, notes

Information requiring special attention

Description of the successive user's steps and possible actions

Statement of a problem, example of the demonstration of the application's capabilities

Command line modifier

Text of configuration files, information messages and command line

CHAPTER 2. OPERATION OF THE

APPLICATION

Kaspersky Security 5.5 for Microsoft Exchange Server 2003 scans and, if it is possible, disinfects all incoming and outgoing e-mail messages as well as messages stored at the server. The application analyzes the body of the message and attached files of any format.

Additionally, Kaspersky Security performs an anti-spam scan of all messages received by Exchange server via SMTP protocol.

The detection of malicious programs, disinfection of infected objects and detection of messages that contain any type of SPAM is performed based on the records contained in the anti-virus and the content filtration databases. These databases are updated by Kaspersky Lab on a regular basis and the updated versions are uploaded to the Kaspersky Lab's website. Additionally, the application uses a special analysis facility called a heuristic analyzer that allows detecting new viruses that are not even known at the moment.

The application scans objects received by the server in the real-time format. The user cannot open and view a new message before it is scanned.

E-mail messages stored at the server and the content of all public folders are scanned each time the anti-virus database is updated or according to the schedule. The scan may identify new viruses that were not described in the antivirus database at the time when previous scans were performed. This task is performed in the background mode and does not have any effect on the performance of the mail server. If the user requests a message that has not been scanned with the updated database, such message will be re-scanned prior to the delivery to the user. Thus, the user will always receive e-mail messages that have been analyzed using the latest version of the database, no matter when a particular message arrived to the server.

The application processes each object applying actions specified by the administrator to objects of a particular type. For instance, an infected object can be disinfected, deleted or replaced with a notification. The administrator may select a mode in which the application will deliver messages with infected objects to the user, although it will change the object's name (by adding information about the virus) and the object's extension.

Before processing an object, the application can save a copy of this object to a special backup storage for the consequent restoring or sending to Kaspersky Lab for analysis.

16 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

The application sends notifications about events occurred to the administrator, the recipient and the sender of the infected message and also places a record about this event into the Kaspersky Security application log file and into the Microsoft Windows event log.

If the virus outbreaks detection facility is enabled, the application will register the virus activity level and will send a notification about the virus outbreak threat or place a corresponding record into the Microsoft Windows event log and into the Kaspersky Security application log file.

2.1. Security Server architecture

The server component of the application, Security Server, consists of the following subsystems:

• E-mail VSAPI Interceptor intercepts objects arriving to Microsoft Exchange Server and forwards them to the anti-virus scan subsystem. It is integrated into the Microsoft Exchange Server processes using VSAPI 2.5 technology.

• SMTP E-mail Interceptor intercepts objects arriving to Microsoft Exchange Server via SMTP protocol and forwards them to the anti-spam scan subsystem.

• Anti-spam Scan Subsystem scans e-mail messages for spam. This feature is implemented as a Microsoft Windows service, which starts automatically when a message that must be scanned arrives.

• Anti-virus Scan Subsystem performs anti-virus scan of objects. This component includes several processes with one anti-virus kernel per process. The anti-virus scan subsystem also includes storage of temporary objects for scanning objects in RAM. The storage is located in working folder Store that is created in the installation folder and must be excluded from the scan scope of any anti-virus applications installed in the corporate network.

• The Internal Application Management and Integrity Control Module is launched in a separate process and is a Microsoft Windows service. This service is launched automatically and does not depend on the state of Microsoft Exchange Server (started, stopped) which allows configuring the application even if Microsoft Exchange Server is stopped. For the correct operation of the application, the Internal Application Management Module must always be running; stopping this service manually is not recommended.

Operation of the application 17

2.2. Server protection deployment

In order to create the system of mail servers protection against malicious programs and SPAM using Kaspersky Security 5.5 for Microsoft Exchange Server 2003:

1. Install the Security Server component on all protected Exchange servers. The installation shall be performed from the distribution kit individually for each server.

2. Install the Management Console on a computer within the corporate network. The Management Console provides a centralized access to all network resources from a single administrator's workstation; therefore, it can be installed on one computer only. However, if several administrators are working together, the Management Console can be installed to each administrator's computer.

If the Management Console is not installed, the application will function within the default limitations and using the default settings (see section 4.6, page 33). The server protection against malicious programs and SPAM will be enabled automatically when Microsoft Exchange Server is started.

3. Create the list of managed servers (see section 4.3, page 30)

4. Connect the Management Console to the servers (see section 4.4, page 31).

5. Configure the protection system for each server:

• Configure the anti-virus database and content filtration

database updating settings (details see Chapter 5, page 38).

• Verify the correctness of the settings and of the application's

operation

o using a test "virus" EICAR (see section 4.7.1, page 35).

o using a test message that contains spam attributes (see

section 4.7.2, page 36).

• Configure the notification system that issues notifications about

events registered during the application's operation (see Chapter 10, page 86)

• Configure the event logs and reports (Chapter 12, page 100,

Chapter 13, page 111).

18 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

• Configure the settings for detecting virus outbreaks and

notification about such events. (Chapter 11, page 93).

2.3. Server protection system maintenance

Maintaining the server protection system in the up-to-date state involves:

• periodic updating of the anti-virus and the content filtration databases;

• receiving and processing notifications about detection of objects

containing malware or SPAM and about threats of virus outbreaks;

• regular review of reports about the application operation and about the state of the mail server protection;

• processing and cleaning of the backup storage.

2.4. Application’s operation on a cluster of servers

Kaspersky Security 5.5 for Microsoft Exchange Server 2003 does not fully support the cluster technology; however, it will function correctly on a cluster of servers treating each node as a separate physical Exchange server.

A message arriving at a virtual Exchange server will be forwarded to one of the cluster’s nodes. Streams of e-mail messages for each node may not intersect. The application will process a message at the node to which this message had been forwarded by the virtual Exchange server.

The scan results for each node of the cluster, namely,

• backup storage contents;

• information included into the reports;

• the group of events registered in the Microsoft Windows event log and in

the application’s log files;

• values of virus outbreak counters

will be provided only for those messages that had been forwarded to this node of the cluster by the virtual Exchange server.

Operation of the application 19

In order to create protection of Microsoft Exchange Server, installed on the cluster, against malware and SPAM:

1. Install the Security Server component on each node of the cluster. The installation shall be performed from the distribution kit individually for each server.

Specify a folder on a local disk of the server file system as the installation folder. Shared disks should not be used for this purpose as when the Microsoft Exchange Server application is moved to a different node of the cluster, the shared disk will be moved along with the application.

2. Install the Management Console on a computer within the corporate network.

3. Create the list of managed servers by adding all cluster nodes as servers (see section 4.3, page 30).

When adding managed servers and configuring connection of Management Console to the Server, use the names of physical servers on which the Security Server is installed. The use of a virtual Exchange server name may cause an addressing error when the Microsoft Exchange Server is moved to a different node of the cluster.

4. Connect the Management Console to the servers (see section 4.4, page 31).

5. Configure the anti-virus protection system for each server using identical settings values taking into consideration the following:

• As the backup storage folder, select a folder located on the physical server where the Security Server component is installed (see section 9.7, page 83).

• As a folder to be used to store reports and logs, select folders located on the physical server where the Security Server component is installed (see section 12.1.2, page 107 and section 13.2, page 114).

• The list of unprotected storage areas on all servers must match (see section 14.5, page 122).

CHAPTER 3. INSTALLING,

UPDATING AND REMOVING THE APPLICATION

Before starting installation of the application, make sure that the software and hardware of your computer meet the installation requirements (details see section 1.4, page 12).

In order to install, update the version or remove Kaspersky Security 5.5 for Microsoft Exchange Server 2003 from your computer, you will need administrator privileges on the domain.

3.1. Installing the application

The installer is a Microsoft Windows setup wizard, which will guide you through several dialogs (steps), which can be navigated using the Back and Next buttons. The setup wizard will complete its work after clicking the Finish button. The Cancel button can be used at any moment to exit the wizard.

The wizard will offer you to install the application components of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (Security Server and Management Console). This configuration is recommended at the initial stage of creating the Exchange servers anti-virus protection system. You can select either complete or custom installation of the application or repair an incorrect installation of Kaspersky Security.

After the Management Console is installed, a group Kaspersky Security 5.5 for

Microsoft Exchange Server 2003 and an application icon will appear in Run/Programs menu in your computer.

The Security Server will be installed on your computer as a service with a set of attributes as follows:

• name – Kaspersky Security 5.5 for Microsoft Exchange Server 2003;

• startup type – automatic;

• account – Local system.

The properties of the Security Server can be viewed and its operation can be monitored using standard Microsoft Windows administration tools - Computer Management/Services. Information about the operation of the Security Server

Installing, updating and removing the application 21

is registered and saved in the Microsoft Windows event log on the computer on which the Security Server is installed.

3.1.1. First-time installation

In order to install Kaspersky Security into your computer run the executable file on the installation CD included into the distribution package. The installation process will be facilitated by the setup wizard. Setup wizard will offer you to configure the installation parameters and start the installation. Following below is a detailed discussion of each step of the application installation.

The procedure used to install the application from the distribution kit downloaded from the internet is identical to the procedure used for application installation from the installation CD.

Step 1. Verifying the installed operating system version

Prior to the installation, a check will be performed to determine whether your operating system, mail application(s) and the Service Packs installed meet the software requirements of Kaspersky Security 5.5 for Microsoft Exchange Server

2003. If Microsoft Exchange Server is not installed on your computer or if its version

does not meet the software requirements, a warning will be displayed on your screen. In this case, you can proceed with the installation, but you will only be able to use one of the application components – the Management Console.

In order to install the full version of Kaspersky Security, abort the installation process, install or update your software as per the software requirements and reinstall Kaspersky Security.

Step 2. Searching for other anti-virus software

This step involves searching for other installed anti-virus products for Microsoft Exchange Server, which may conflict with Kaspersky Security.

• If an incorrect registration of an anti-virus application for Microsoft Exchange Server is detected, the installation program will display a warning message with a suggestion to remove the registration detected. In order to proceed with the installation of Kaspersky Security, agree to remove the incorrect registration.

• If other vendors' anti-virus software for Microsoft Exchange server is detected installed on your computer, a message will be displayed with a recommendation to remove such existing application before installing

22 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

Kaspersky Security. Remove the existing program and then run the installer of Kaspersky Security again.

• If the setup detects that Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (release version, MP1) is installed on the computer, it will suggest upgrading the application to Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP2 (see section 3.3, page 25).

• If the setup detects that Kaspersky Anti-Virus for Microsoft Exchange is installed, it will display a warning. Then you will have to remove the earlier version of Kaspersky Anti-Virus to install Kaspersky Security. Then run again the installer from the distribution package of Kaspersky Security.

Step 3. Greeting and License Agreement

As soon as the installer completes checking conformity of software requirements and searching for installed anti-virus applications, it will display a greeting window and a window containing the License Agreement.

Read the text of the License Agreement and accept the terms and conditions contained therein to proceed with the installation.

Step 4. Selecting the type of the installation

In the dialog for setup type selection, specify whether both application components (Security Server and Management Console) should be installed (complete installation) or just one of them (custom installation).

If you run installation from the Exchange server that needs to be protected and you plan to manage the application from this computer, select the complete installation option. The application will be installed into the default folder (…\Program files\Kaspersky Lab\Kaspersky Security for Microsoft Exchange Server).

If you wish to install only one component of the application (either the Security Server or the Management Console) or to change the default installation folder, use the custom type of the installation.

Step 5. Selecting application components to be installed

If you selected the custom installation at the previous step, you will have to specify which application components must be installed on your computer in the dialog box shown on Figure 1. You can also change the default destination folder.

If the computer, from which the installation is performed, is a protected Exchange server, select the Security Server component.

Installing, updating and removing the application 23

If this computer is the administrator's workstation and you plan to manage the protection of the Exchange servers from this computer, select the Management Console.

Note that the setup wizard will display reference information about the selected component and the disk space required for its installation.

By default, the application components will be installed to the Program files\Kaspersky Lab\Kaspersky Security for Microsoft Exchange Server folder. You can change the default installation folder using the Browse button.

Figure 1. Selecting components for the installation

Step 6. Enabling server protection

In the Server protection window, you will be offered to enable automatically the anti-virus protection and server protection against spam immediately after the wizard completes its work. You can do that manually using the application Management Console (see section 6.2, page 51).

If the application performance at the level and with the parameters applied by default (see section 4.6, page 33) meets the requirements of your server, we advise to accept the option of automatic anti-virus protection startup after completion of the setup wizard.

Please keep in mind that by default all mailbox storage areas created on the server will be selected as protected storage areas. If the maximum number of protected mail accounts quoted by the license you have purchased is less than

24 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

the number of storage areas created on the server, you must remove anti-virus protection from some of these areas before the protection is started (see section 14.5, page 122).

If you wish to adjust the application settings first, disable automatic activation of anti-virus and anti-spam protection in the respective checkboxes.

Step 7. Copying files

In order to proceed with the setup, press the Install button in the wizard window. This will start the process of copying the application files to your computer.

Step 8. Installing the license key

After the installation is complete, press the Finish button in the final window of the setup wizard.

If you installed the Security Server component, a window prompting you to add a license key will be displayed after the installation is complete.

The license key is your personal "key" that contains all service information required for the full-featured functionality of the application, namely:

• support information (who is providing support and how you can get help);

• restriction on the number of mailboxes;

• the license name, number and expiration date.

Install the key to ensure full functionality of the application. In order to do this, press the Add button and select the key file in the standard Microsoft Windows File Select dialog box.

If, at the time of the installation, you still do not have the license key (for example you ordered it from Kaspersky Lab via internet but have not received it yet), you can install it later when you run the application for the first time using the Management Console.

You can also install a backup license key that will be activated automatically upon the expiry of the current license key.

3.1.2. Reinstalling the application

Reinstallation of Kaspersky Security is performed if the initial installation of the application was incorrect or during program operation the integrity of executable files was broken.

Installing, updating and removing the application 25

In order to reinstall the application, run the executable file from its distribution package and select the Repair option in the wizard window. This will reinstall Kaspersky Security using the settings of the previous installation. For example, if the previous installation was a custom installation, then the reinstallation initiated by the Repair button will also be a custom type installation.

3.2. Removing the application

You can remove Kaspersky Security from your computer using standard Microsoft Windows Add/Remove Programs tool or the application distribution kit. This will remove all installed application's components (i.e. both the Security Server and the Management Console) from your computer.

During the uninstallation process, a prompt will be displayed asking you to confirm stopping the Microsoft Exchange Information Store and the Microsoft Internet Information services. Agree to stop these services to let the uninstallation process complete its work correctly. Once the uninstallation process is complete, the initial status of these services will be automatically restored.

3.3. Upgrading from a previous version

If the installer detects that your business is running Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (release version, MP1), you can upgrade it to Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP2.

You are advised to process objects in the Backup before upgrading.

In order to upgrade, run the setup executable file from the distribution package of Kaspersky Security. During the installation of Kaspersky Security, the wizard will ask you to confirm removal of previously installed application. It will be uninstalled automatically.

During an upgrade of the application, the installer will automatically preserve the current settings for further use.

CHAPTER 4. STARTING USING

THE APPLICATION

4.1. Starting the application

The server component of the application is started automatically at the operating system startup. If the anti-virus protection of the server and the anti-spam protection features are enabled, they will start functioning immediately after the Microsoft Exchange Server is launched.

The operation of the application is controlled from the administrator's workstation – a computer where the Management Console is installed.

In order to start the Management Console

select the Management Console item in the programs group Kaspersky Security 5.5 for Microsoft Exchange Server 2003 from the standard Start / Programs Microsoft Windows menu. This programs group is cre-

ated only on the administrator's workstations when the Management Console is installed.

4.2. Application interface

The user interface of the application is provided by the Management Console component. The Management Console is a dedicated isolated facility integrated into MMC.

4.2.1. Main application window

The main application window (see Figure 2) contains a menu, a toolbar, a view pane and a results pane. The menu provides the files and windows management functions as well as the access to the help system. The set of buttons on the toolbar ensures the direct access to some frequently used items of the main menu. The view pane displays the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 namespace in the form of the console tree, the results pane displays the list of all elements of the object chosen in the tree.

Starting using the application 27

The Kaspersky Security 5.5 for Microsoft Exchange Server 2003 namespace may contain several nodes with the names of the servers managed via the console. The namespace does not contain any elements immediately after the installation of the Management Console.

Figure 2. Main application window

After a new server is added (see section 4.3, page 30), it is displayed in the console tree as a node <Server Name>. When the server is selected in the console tree (see Figure 2) the results pane will display hyperlinks, which can be used for application control and configuration.

• General settings

– used for viewing general application's operation settings, license details and information about installed license keys, renewing the license and configuring the application operation diagnostics settings.

• Anti-virus protection

– used for viewing and configuring the managed

server's anti-virus protection settings

• Anti-Spam protection

– used for viewing and configuring the settings of

the server protection against unsolicited correspondence (SPAM).

• Updates

– used to configure settings for the anti-virus and content

filtration database update service, to set up an automatic update schedule and to update databases manually.

If the connection to the server has been established the node will include nested folders; each of these folders is intended for management of a specific application feature:

28 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

• Notification templates – for configuring notifications about infected or suspicious objects and messages containing spam detected during the scan.

• Backup storage – for working with the backup storage where backup copies of objects are stored; includes the list of objects stored in the backup storage.

• Report templates – for managing reports; contains a list of report templates used to create reports about the program operation and the status of the server protection.

• Virus outbreak counters – for configuring the criteria for identifying virus outbreaks and settings used in notification about detected outbreaks.

4.2.2. Shortcut menu

Each category of objects in the console tree has its own shortcut menu that opens after right-clicking an object with the mouse.

In addition to standard MMC commands, this shortcut menu contains commands used for handling a particular object. The list of objects and the corresponding set of commands accessible via the context menu are provided in the table below.

Object Command Purpose

Kaspersky Security 5.5 for Microsoft Exchange Server 2003

Add a new Exchange server with the

Add server

Disconnect from the server

Connect to the server

Remove the server from the console tree

Security server installed to be managed via the console.

Disconnect from the currently selected server.

Establish a connection with the currently selected server.

Remove the selected server from the view pane.

Starting using the application 29

Create and configure a new notification

Notification templates

Backup storage

New notification

New filter

Properties

template about infected and suspicious objects revealed by a scan and about messages containing spam.

Create and configure a new filter used to search for objects located in the backup storage.

Configure general Backup parameters.

New report

Report templates

Virus outbreak counters

Additional shortcut menu commands are also provided for report templates and for the backup storage objects.

Using the Create a report command you can create a report based on the selected template.

The Get file command allows you to obtain the original copy of the object that had been saved before it was processed by the application. Send file for analysis – send an object from the Backup storage to Kaspersky Lab for analysis (the action is possible for infected or suspicious objects only).

Send message to recipients – send the message that was deleted or rejected by the spam scan to recipients.

Properties

Clear report statistics

New counter

Create a new report template.

Configure general parameters of report generation.

Delete contents of the statistical database on program operation used for creating reports.

Create and configure a new criterion to be used for identifying a virus outbreak and settings to be used for notification about such outbreak.

30 Kaspersky Security 5.5 for Microsoft Exchange Server 2003

4.3. Creating the list of managed servers

In order to be able to control the application via the console, the Exchange server, where the Security Server component is installed, must be added to the list of managed servers. You can add either a local computer or any Exchange server within the network to this list. Adding a server may be accompanied by establishing a connection between the Management Console and the Kaspersky Security application.

In order to add a server to the list of managed servers:

1. Select Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open the shortcut menu and select

the Add server command or a similar item from the Action menu. This will open the Add server window (see Figure 3).

Figure 3. The Add server dialog box

2. Specify a computer with the Security Server component installed. If the server component is installed on the same computer as the Management Console, select Local computer. In order to add an Exchange server from the computers installed in the network, select Remote computer and specify the computer name in the entry field. You can enter the name manually; to do this, specify one of the following:

• IP address;

• full domain name (FQDN in the following format <Computer

name>.<DNS-domain name>);

• computer's name in the Microsoft Windows network (NetBIOS name);

+ 155 hidden pages

Kaspersky Lab KASPERSKY SECURITY 5.5 FOR MICROSOFT EXCHANGE SERVER ADMINISTRATOR GUIDE

Specifications and Main Features

Frequently Asked Questions

User Manual