McAfee GSSCDE-AA-DA, GroupShield 7.0 User Manual

User Guide

revision 1.0

McAfee® GroupShield

™

version 7.0

For Microsoft® Exchange

COPYRIGHT

Copyright © 2007 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system or translated into any language in any form or by any means

without the written permission of McAfee, Inc. or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N),
ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION
PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS,
NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS
DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are
registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION
License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE
ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD or A FILE
AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH
IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR
A FULL REFUND.

Attributions

This product includes or may include:

• Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). • Cryptographic software written by Eric A. Young and
software written by Tim J. Hudson. • Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other
similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs or portions thereof, and have access to
the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source
code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software
licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights
shall take precedence over the rights and restrictions herein. • Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer.

• Software originally written by Robert Nordier, Copyright © 1996-7 Robert Nordier. • Software written by Douglas W. Sauder. • Software developed by the Apache
Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt.

• International Components for Unicode ("ICU") Copyright ©1995-2002 International Business Machines Corporation and others. • Software developed by
CrystalClear Software, Inc., Copyright ©2000 CrystalClear Software, Inc. • FEAD® Optimizer® technology, Copyright Netopsystems AG, Berlin, Germany. • Outside
In® Viewer Technology ©1992-2001 Stellent Chicago, Inc. and/or Outside In® HTML Export, © 2001 Stellent Chicago, Inc. • Software copyrighted by Thai Open
Source Software Center Ltd. and Clark Cooper, © 1998, 1999, 2000. • Software copyrighted by Expat maintainers. • Software copyrighted by The Regents of the
University of California, © 1996, 1989, 1998-2000. • Software copyrighted by Gunnar Ritter. • Software copyrighted by Sun Microsystems, Inc., 4150 Network
Circle, Santa Clara, California 95054, U.S.A., © 2003. • Software copyrighted by Gisle Aas. © 1995-2003. • Software copyrighted by Michael A. Chase, © 1999-2000.

• Software copyrighted by Neil Winton, ©1995-1996. • Software copyrighted by RSA Data Security, Inc., © 1990-1992. • Software copyrighted by Sean M. Burke,
© 1999, 2000. • Software copyrighted by Martijn Koster, © 1995. • Software copyrighted by Brad Appleton, © 1996-1999. • Software copyrighted by Michael G.
Schwern, ©2001. • Software copyrighted by Graham Barr, © 1998. • Software copyrighted by Larry Wall and Clark Cooper, © 1998-2000. • Software copyrighted
by Frodo Looijaard, © 1997. • Software copyrighted by the Python Software Foundation, Copyright © 2001, 2002, 2003. A copy of the license agreement for this
software can be found at www.python.org. • Software copyrighted by Beman Dawes, © 1994-1999, 2002. • Software written by Andrew Lumsdaine, Lie-Quan
Lee, Jeremy G. Siek © 1997-2000 University of Notre Dame. • Software copyrighted by Simone Bordet & Marco Cravero, © 2002. • Software copyrighted by
Stephen Purcell, © 2001. • Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). • Software copyrighted by International
Business Machines Corporation and others, © 1995-2003. • Software developed by the University of California, Berkeley and its contributors. • Software developed
by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). • Software copyrighted by Kevlin Henney, © 2000-2002.

• Software copyrighted by Peter Dimov and Multi Media Ltd. © 2001, 2002. • Software copyrighted by David Abrahams, © 2001, 2002. See
http://www.boost.org/libs/bind/bind.html for documentation. • Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, © 2000.

• Software copyrighted by Boost.org, © 1999-2002. • Software copyrighted by Nicolai M. Josuttis, © 1999. • Software copyrighted by Jeremy Siek, © 1999-2001.

• Software copyrighted by Daryle Walker, © 2001. • Software copyrighted by Chuck Allison and Jeremy Siek, © 2001, 2002. • Software copyrighted by Samuel
Krempp, © 2001. See http://www.boost.org for updates, documentation, and revision history. • Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), © 2001,

2002. • Software copyrighted by Cadenza New Zealand Ltd., © 2000. • Software copyrighted by Jens Maurer, ©2000, 2001. • Software copyrighted by Jaakko
Järvi (jaakko.jarvi@cs.utu.fi), ©1999, 2000. • Software copyrighted by Ronald Garcia, © 2002. • Software copyrighted by David Abrahams, Jeremy Siek, and Daryle
Walker, ©1999-2001. • Software copyrighted by Stephen Cleary (shammah@voyager.net), ©2000. • Software copyrighted by Housemarque Oy
<http://www.housemarque.com>, © 2001. • Software copyrighted by Paul Moore, © 1999. • Software copyrighted by Dr. John Maddock, © 1998-2002.

• Software copyrighted by Greg Colvin and Beman Dawes, © 1998, 1999. • Software copyrighted by Peter Dimov, © 2001, 2002. • Software copyrighted by
Jeremy Siek and John R. Bandela, © 2001. • Software copyrighted by Joerg Walter and Mathias Koch, © 2000-2002. • Software copyrighted by Carnegie Mellon
University © 1989, 1991, 1992. • Software copyrighted by Cambridge Broadband Ltd., © 2001-2003. • Software copyrighted by Sparta, Inc., © 2003-2004.

• Software copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, © 2004. • Software copyrighted by
Simon Josefsson, © 2003. • Software copyrighted by Thomas Jacob, © 2003-2004. • Software copyrighted by Advanced Software Engineering Limited, © 2004.

• Software copyrighted by Todd C. Miller, © 1998. • Software copyrighted by The Regents of the University of California, © 1990, 1993, with code derived from
software contributed to Berkeley by Chris Torek.

Issued September 2007 / GroupShield™ software version 7.0

DBN-001-EN

3

Contents

1 Introduction 7

About GroupShield for Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

What is GroupShield? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

How does GroupShield work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

How GroupShield protects Exchange? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

How does scanning work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Other areas to protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

GroupShield Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

What is New? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Features not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Using this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Getting product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Standard documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Contact information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2 Pre-Installation 21

Pre-Installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Types of installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3 Installing the Software 25

Accessing the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

What is included with the software? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Installing GroupShield for Microsoft

®

Exchange Server 2003/2007 . . . . . . . . . . . 26

Installing additional components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Buffer Overflow Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Installing McAfee Anti-Spam for GroupShield . . . . . . . . . . . . . . . . . . . . . . . . 31

Silent installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Configuring GroupShield in a cluster environment . . . . . . . . . . . . . . . . . . . . . . . . 33

Upgrading GroupShield from v6.0.2 or higher . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

4 Post-Installation Tasks and Maintenance 39

Testing your GroupShield installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Testing the anti-virus component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Testing the McAfee Anti-Spam component . . . . . . . . . . . . . . . . . . . . . . . . . . 40

4

McAfee® GroupShield™ 7.0 User Guide Contents

Testing GroupShield installation using McAfee Virtual Technician . . . . . . . . . 40

Quarantining using McAfee Quarantine Manager 4.1 . . . . . . . . . . . . . . . . . . . . . 41

Upgrading Blacklists and Whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Maintaining your GroupShield application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Modifying the GroupShield installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Repairing the GroupShield installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Restoring original out-of-box configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Uninstalling GroupShield for Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5 Integrating with ePolicy Orchestrator 3.6 47

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Pre-requisites for using ePolicy Orchestrator 3.6 . . . . . . . . . . . . . . . . . . . . . . 47

Introducing ePolicy Orchestrator console . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Upgrading from GroupShield for Exchange version 6.0.x NAP settings . . . . . 52

Configuring GroupShield Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Managing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Scheduling tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Configuring reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6 Integrating with ePolicy Orchestrator 4.0 63

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Pre-requisites for installing ePolicy Orchestrator 4.0 . . . . . . . . . . . . . . . . . . . 63

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

ePolicy Orchestrator agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Checking-in the McAfee GroupShield for Microsoft Exchange Server 2003/2007

package to the ePolicy Orchestrator server . . . . . . . . . . . . . . . . . . . . . . . . 65

Installing GroupShield for Exchange on the client computer . . . . . . . . . . . . . 66

Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Introducing ePolicy Orchestrator 4.0 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . 68

Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

7 Integrating with ProtectionPilot 1.5 77

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Pre-requisites for using ProtectionPilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Introducing ProtectionPilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Configuring GroupShield policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Setting and enforcing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Scheduling tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

5

McAfee® GroupShield™ 7.0 User Guide Contents

Creating a new on-demand scan task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Creating a new AutoUpdate task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

8 Getting Started with the User Interface 87

Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Statistics & information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

On-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Status report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Graphical reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

9 Detected Items 97

Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Phish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Potentially unwanted programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Unwanted content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Banned file types/messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

All items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

10 Policy Manager 105

Policy manager views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Inheritance view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Advanced view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Creating a subpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

List all scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

View settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112

Specify users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112

Scanners and filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Core scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Shared resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Scanners and alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Filter rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Time slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

11 Settings & Diagnostics 163

On-access settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Anti spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Detected items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

McAfee Quarantine Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Local database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

User interface preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Dashboard settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Graph and chart settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

6

McAfee® GroupShield™ 7.0 User Guide Contents

Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Debug logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Error reporting service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Event logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Product log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Product log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

DAT settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174

Import and export configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174

Index 177

7

1

Introduction

About GroupShield for Exchange

This section introduces McAfee® GroupShield™ 7.0 and describes how it protects your
Microsoft

®

Exchange Server 2003 and Microsoft® Exchange Server 2007 from

potentially harmful, unwanted, and undesirable content.

Topics covered are:

 What is GroupShield?

 How does GroupShield work?

 How GroupShield protects Exchange?

 Where GroupShield sits on your network?

 Other areas to protect

 GroupShield Features

 What is New?

 Features not supported

What is GroupShield?

McAfee® GroupShield™ 7.0 software protects Microsoft

®

Exchange Server 2003 and

Microsoft

®

Exchange Server 2007 from virus, phish, spam, unwanted content,

potentially unwanted programs, and banned file types/messages. It also supports
content filtering within the email messages.

How does GroupShield work?

The GroupShield software integrates with Microsoft

®

Exchange Server 2003/2007 to

scan email messages for detections.

8

McAfee® GroupShield™ 7.0 User Guide Introduction

About GroupShield for Exchange

1

Each time, an email message is sent to or received from a source, GroupShield scans
it comparing it with a list of known viruses and suspected virus-like behavior.
GroupShield can also scan for content within the email message using rules and
policies defined within the GroupShield software.

How GroupShield protects Exchange?

GroupShield uses McAfee® Transport Scanner and Microsoft® Virus Scanning API
(VSAPI) to scan all email messages.

The anti-spam, anti-virus, and the content management engine scan the messages and
provide the result to GroupShield 7.0 before being written to the file system or being
read by the Microsoft

®

Exchange 2003/2007 users.

The anti-virus scanning engine and the anti-spam scanning engine compare the email
message with all the known signatures stored within the currently installed virus
definition (

DAT) files and anti-spam rules. The anti-virus engine also checks the message

using the selected heuristic detection methods.

The content management engine searches the email message for banned content as
specified in the content management policies running within the GroupShield
software.

If there are no viruses, banned/unwanted content in the email message, GroupShield
passes the information back to Microsoft

®

Exchange 2003/2007.

In case of a detection, GroupShield takes actions that are defined within its
configuration settings.

Email server protection — McAfee GroupShield

McAfee GroupShield 7.0 integrates with Microsoft

®

Exchange Server 2003/2007 to

protect against viruses that may be transmitted using your corporate email system.

Due to the close integration between your email server and GroupShield anti-virus
solution, GroupShield can do more than just protecting your email server from viruses.
It can:

Note

For Microsoft® Exchange Server 2003 (used as a Bridgehead Server) and Microsoft®
Exchange Server 2007 (with Edge Transport or Hub Transport-only role), GroupShield
uses McAfee

®

Transport Scanner (and not Microsoft® Transport Scanner) to protect the
server. However, for Exchange Server 2003 Mailbox Server and Exchange 2007
MailBox Role, GroupShield provides additional scanning option using Microsoft VSAPI.

Note

The default actions may differ, depending on the installed version of Microsoft

®

Exchange and, where applicable, the chosen scanning method.

9

McAfee® GroupShield™ 7.0 User Guide Introduction

About GroupShield for Exchange

1

 protect the email server from harmful scripts sent within the email system.

 block messages with specific attachments.

 block messages based on words that appear either within the subject line/body of

the message.

 block messages from specific addresses.

How does scanning work?

Central to your GroupShield software is the McAfee® Security scanning engine and the
virus definition (DAT) files. The engine is a complex data analyzer. The DAT files contain
a great deal of information including thousands of different drivers, each of which
contains detailed instructions on how to identify a virus or a type of virus.

The McAfee

®

Security scanning engine works with the DAT files. It identifies the type
of the item being scanned and decodes the contents of that object, so that it
understands what the item is. It then uses the information in the DAT files to search
and locate known viruses. Many viruses have a distinctive signature. There is a
sequence of characters unique to a virus and the engine searches for that signature.

The engine uses a technique called heuristic analysis to search for unknown viruses.
This involves analysis of the object’s program code and searching for distinctive
features typically found in viruses.

Once the engine has confirmed the identity of a virus, it cleans the object as far as
possible. For example, by removing an infected macro from the attachment in which it
is found or by deleting the virus code in an executable file. In some instances, if the
virus has destroyed data, the file cannot be fixed and the engine must make the file
safe so that it cannot be activated and infect other files.

Other areas to protect

The following key areas of your network can be protected by McAfee® Security
products as a part of your integrated virus defense solution:

 Internet gateway protection — Secure Content Management Appliances

The major source of threats to your corporate network comes from Internet traffic,
either through email or by connecting to websites that might contain potentially
harmful code. Secure Content Management Appliances protects the gateway
between your internal networks and the Internet. It prevents infected items from
entering your network through the Internet by scanning all inbound and outbound
traffic between your network and the Internet.

10

McAfee® GroupShield™ 7.0 User Guide Introduction

About GroupShield for Exchange

1

 Document repository protection — McAfee PortalShield

Using computers within corporate environment has made it easy to create
documents that might contain mission-critical information. Several software
vendors produce portal servers to store, index and control your critical documents
in a way that enables them to be easily located when needed. Because these portal
servers are set up to store your critical information, it is important that this
information is also protected. McAfee

®

PortalShield™ integrates with the stores of
these products to provide scanning of such documents each time they are accessed
from, or saved to the store.

 Desktop and file server protection — McAfee VirusScan Enterprise

Not all viruses are transmitted via email. Many can be spread by reading from
physical media, such as diskettes or CDs. Others can spread by using network
shares to copy themselves from one computer to another across your network.

From the viewpoint of somebody trying to attack your corporate network, your file
servers are a good target because many other computers connect to the file
servers. Infecting the file server is more likely to have serious consequences than
infecting a single desktop computer.

The McAfee

®

VirusScan products protect desktop computers and file servers within
your network. As part of your integrated response to virus threats, VirusScan can be
viewed as your last line of defense, protecting each desktop computer and file
server from viruses that might spread using network shares or physical media.

VirusScan is available in versions to protect Microsoft

®

Windows, Unix, Apple
Macintosh computers, as well as all the leading wireless devices that might connect
to your PCs and network.

 Management solution — McAfee

®

ePolicy Orchestrator

With ePolicy Orchestrator, you can manage and update all your McAfee anti-virus
solutions across your network from a single point, ensuring that the engines and the
virus definition (DAT) files are up-to-date and that the suitable policies are in place
to deal with any attacks to your network.

11

McAfee® GroupShield™ 7.0 User Guide Introduction

GroupShield Features

1

GroupShield Features

GroupShield includes these major features on Exchange Server 2003 and 2007:

 Anti-virus scanning — GroupShield provides the ability to scan for viruses contained

in email messages that are transmitted over Microsoft

®

Exchange SMTP or held

within the Microsoft

®

Exchange Server store.

 Anti-spam scanning — Spam is increasingly becoming an issue within the

workplace. Spam consumes system resources by taking up bandwidth and storage
within your corporate systems and distracts staff from their key job functions
because they have to deal with the unwanted email within their mailboxes.
GroupShield helps you save bandwidth and the storage required by your Microsoft

®

Exchange servers by assigning spam scores to each email messages while
scanning them and by taking the configured action on those messages.

 Anti-phishing — GroupShield is capable of detecting email messages containing

phish that fraudulently tries to obtain personal information. Typically such email
messages request the recipients to click on a link in the email to verify or update
contact details, credit card details or other personal information.

 Content filtering — GroupShield provides the ability to scan for content/text in an:

 email message subject line

 email message body

 email attachment

 File filtering — GroupShield scans an email attachment depending on the file name,

file type, and the file size of that attachment.

 Enterprise rollout, administration, updating and reporting using McAfee

®

ePolicy

Orchestrator and McAfee

®

ProtectionPilot — GroupShield integrates with McAfee®

ePolicy Orchestrator and McAfee

®

ProtectionPilot to provide a centralized method
for rolling out, administering and updating the GroupShield software across your
Microsoft

®

Exchange system. The ability to centrally manage an organization-wide
implementation of the GroupShield software reduces the time required to
administer and update the system.

12

McAfee® GroupShield™ 7.0 User Guide Introduction

GroupShield Features

1

What is New?

 New Web Based User Interface — GroupShield for Exchange provides a user

friendly web-based interface based on DHTML. To access this, click

Start | Programs

|

McAfee | GroupShield for Exchange | GroupShield for Exchange (Web).

 Policy Management — The Policy Manager menu option lists different policies that

you can set up/manage in GroupShield. You can specify various policies/actions that
determine how different types of threats are treated when detected. For detailed
information on the policy management, refer to the chapter Policy Manager on

page 105.

 Anti-Phishing Capability — GroupShield for Exchange is capable of detecting email

messages containing phish that fraudulently tries to obtain personal information.

 Capability to detect Packers and Potentially Unwanted Programs — GroupShield for

Exchange is capable of detecting packers that compresses and encrypts the original
code of an executable file.
It also detects Potentially Unwanted Programs that are software programs written
by legitimate companies which may alter the security state or the privacy posture
of a computer on which they are installed.

 Enhanced Anti-Spam Capability — GroupShield for Exchange is capable of detecting

spam or unsolicited bulk email messages sent to multiple recipients, who did not
ask to receive it. It assigns a “spam score” to every email message. You can then
choose to block those messages if they are above a certain score.

 Enhanced Background Scanning options — For Exchange Server 2007, GroupShield

provides enhanced background scanning options. During this type of scanning, not
all the email messages are scanned when accessed. This reduces the workload of
the scanner. For more information, refer to the sub topic For Exchange Server 2007

on page 165.

 Centralized Scanner, Filter Rules and Enhanced Alert Settings — Using Scanners,

you can configure the scanner-related settings that a policy can apply when
scanning items.
In File Filtering Rules, you can set up rules that apply to file name, file type, and file
size. You can use the alert editor to customize the text of an alert message using
the Style, Font, Size, and Token menus.

 Time based scanning and actions — GroupShield for Exchange enables scanning

emails at convenient times or at regular intervals. You can schedule regular scan
operations when the server activities are comparatively low and when they do not
interfere with your work.

 Content Scanning and True Type File Filtering of Microsoft® Office 2007 file

formats

13

McAfee® GroupShield™ 7.0 User Guide Introduction

GroupShield Features

1

 Filter for Password Protected ZIP Files — For more information about this filter,

refer to Password-protected files on page 140.

 Filter for Protected Content (Password protected Microsoft

®

Office files) — For

more information about this filter, refer to Protected content on page 137.

 Support for N+1 cluster — For more information, refer to Single Copy Cluster (SCC,

N+1 cluster configuration) on Exchange Server 2003 and 2007 on page 34.

 Enhanced MIME Scanning — MIME (Multipurpose Internet Mail Extensions) is a

communications standard that enables the transfer of non-ASCII formats over
protocols (like SMTP) that supports only 7-bit ASCII characters. GroupShield enables
you to specify how such MIME messages are handled.

 Buffer Overflow protection using VirusScan Enterprise version 8.5i — A buffer

overflow is an anomalous condition where a process attempts to store data beyond
the boundaries of a fixed-length buffer. This results in extra data, overwriting the
adjacent memory locations. Enabling Buffer Overflow Protection prevents this
condition. GroupShield has the provision of buffer overflow protection. For more
information, refer to Buffer Overflow Protection on page 30.

 Enhanced Quarantine Management

 Local Quarantine Management — Detected Items can be quarantined. You can

specify the local database to be used as a repository for quarantining email
messages. You can also configure maintenance settings for the local quarantine
database.

 Quarantining using McAfee Quarantine Manager version 4.1 or 4.1.1 — You can

specify McAfee Quarantine Manager in a different server as a repository for
quarantining infected email messages. This keeps your Exchange Server safe
from viruses.

 Integration with:

 McAfee ePolicy Orchestrator version 3.6 and 4.0 — to provide a single point of

control for your McAfee anti-virus products, to manage anti-virus policies and
view reports of anti-virus events and virus activity in an enterprise environment.
For more information, refer to the chapters Integrating with ePolicy Orchestrator

3.6 on page 47 and Integrating with ePolicy Orchestrator 4.0 on page 63.

Note

Buffer over flow protection is available only on 32 -bit platforms (and not on 64-bit
platforms) with Exchange Server 2003.

14

McAfee® GroupShield™ 7.0 User Guide Introduction

GroupShield Features

1

 McAfee ProtectionPilot version 1.5 and above — to provide security

management that simplifies anti-virus management tasks for network
administrators who manage up to 500 computers. Management consists of
deploying (sending and installing) anti-virus products, configuring product
settings, and keeping those products up-to-date. For more information, refer to
the chapter Integrating with ProtectionPilot 1.5 on page 77.

 Anti-virus Engine 5200 — to provide improved and latest detections like Packers

and Potentially Unwanted Programs, improved emulator with agile methodology.

 Co-existence with:

 McAfee VirusScan Enterprise v 8.0 and above.

 McAfee Host Intrusion Prevention Agent.

 Auto-update of Virus Definitions (V2API DATs), ExtraDATs, Anti-Virus engine, Spam

engine and Spam rules — McAfee Security regularly provides updated Virus
Definition (DAT) files and virus-scanning engine, spam engine and rules to detect
and clean the latest threats.

 Product Update using SuperDAT v 2.2 executable — GroupShield helps you keep

your server free from viruses, Trojans, spams, phish, PUPs by regularly updating the
product using SuperDAT executable.

 In-product Reports — GroupShield generates status reports and graphical reports to

view information about the detected items.

 Anti-Virus Stamping mechanism on a Microsoft® Exchange Server 2007 with Edge

or Hub server role — McAfee

®

Transport Scanner assigns a stamp to the header of
an email message after scanning. This prevents the message from being
re-scanned by VSAPI.

 Direction Based Scanning — GroupShield supports direction-based scanning. It

scans inbound, outbound, and internal email messages using McAfee

®

Transport

Scanner.

 User and Server level blacklist and whitelist using McAfee Quarantine Manager

version 4.1 — For more information, refer to Upgrading Blacklists and Whitelists on

page 42.

 Integration with SuperDAT Manager version 2.2 — SuperDAT Manager 2.2

supports updating of the DAT and Engine for the GroupShield software.

Note

GroupShield uses new version of anti-virus DATs and engine (V2API). This provides
improved detections of the latest viruses and threats.

15

McAfee® GroupShield™ 7.0 User Guide Introduction

GroupShield Features

1

 Integration with McAfee Common Management Agent (CMA) version 3.6 and

above — You can use the CMA component to manage GroupShield and perform
product updates, scheduled tasks, and events reporting as a part of the core
installation.

Features not supported

 Integration with black and whitelist server application installed along with

GroupShield for Exchange version 6.x.

 Integration with Outbreak Manager (OBM).

 Integration with Alert Manager (AM).

 Integration with ProtectionPilot 1.1.

 Integration with ePolicy Orchestrator 3.5.x.

 Integration with Exchange Server 2000.

 Integration with Common Management Agent 3.5.x.

 Integration with McAfee AutoUpdate Architect 1.x.

16

McAfee® GroupShield™ 7.0 User Guide Introduction

Using this Guide

1

Using this Guide

This guide describes the sequential process of installing McAfee GroupShield™ 7.0 for
Microsoft

®

Exchange 2003 and 2007. It also gives a detailed description of the software

usage. Topics covered are:

 Pre-Installation — Pre-installation scenarios and system requirements.

 Installing the Software — Accessing and installing GroupShield.

 Post-Installation Tasks and Maintenance — Testing the GroupShield installation,

anti-virus component, anti-spam component and testing using the McAfee Virtual
Technician. Quarantining using McAfee Quarantine Manager, modifying, repairing,
restoring and uninstalling the software.

 Integrating with ePolicy Orchestrator 3.6 — Testing the GroupShield integration

with ePolicy Orchestrator version 3.6.

 Integrating with ePolicy Orchestrator 4.0 — Testing the GroupShield integration

with ePolicy Orchestrator version 4.0.

 Integrating with ProtectionPilot 1.5 — Testing the GroupShield integration with

ProtectionPilot.

 Getting Started with the User Interface — Using GroupShield for Microsoft

®

Exchange Server 2003/2007, getting detailed information about the dashboard,
detected items, policy manager and settings & diagnostics.

Audience

This information is intended for network administrators who are responsible for their
company’s anti-virus and security program.

17

McAfee® GroupShield™ 7.0 User Guide Introduction

Using this Guide

1

Conventions

This guide uses the following conventions:

Bold
Condensed

All words from the interface, including options, menus, buttons, and dialog
box names.

Example:

Type the

User name and Password of the appropriate account.

Courier The path of a folder or program; text that represents something the user

types exactly (for example, a command at the system prompt).

Examples:

The default location for the program is:

C:\Program Files\McAfee\EPO\3.6.0

Run this command on the client computer:
scan --help

Italic For emphasis or when introducing a new term; for names of product

documentation and topics (headings) within the material.

Example:
Refer to the VirusScan Enterprise Product Guide for more information.

Blue A web address (

URL) and/or a live link.

Example:
Visit the McAfee web site at:

http://www.mcafee.com

<TERM> Angle brackets enclose a generic term.

Example:
In the console tree, right-click <

SERVER>.

Note

Note: Supplemental information; for example, another method of

executing the same command.

Tip

Tip: Suggestions for best practices and recommendations from McAfee for

threat prevention, performance and efficiency.

Caution

Caution: Important advice to protect your computer system, enterprise,

software installation or data.

Warning

Warning: Important advice to protect a user from bodily harm when using

a hardware product.

18

McAfee® GroupShield™ 7.0 User Guide Introduction

Getting product information

1

Getting product information

Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files,
available on the product CD or from the McAfee download site.

Standard documentation

User Guide — System requirements and instructions for installing and starting the

software. Getting started with the product and its features, detailed instructions for
configuring the software, information on deployment, recurring tasks, and operating
procedures.

Help — High-level and detailed information accessed from the software application:

Help menu and/or Help button for page-level help; right-click option for What’s This?

help.

Release Notes — ReadMe. Product information, resolved issues, any known issues,

and last-minute additions or changes to the product or its documentation.

19

McAfee® GroupShield™ 7.0 User Guide Introduction

Contact information

1

Contact information

Threat Center: McAfee Avert® Labs http://www.mcafee.com/us/threat_center/default.asp

Avert Labs Threat Library

http://vil.nai.com

Avert Labs WebImmune & Submit a Sample (Logon credentials required)

https://www.webimmune.net/default.asp

Avert Labs DAT Notification Service

http://vil.nai.com/vil/signup_DAT_notification.aspx

Download Site http://www.mcafee.com/us/downloads/

Product Upgrades (Valid grant number required)

Security Updates (DATs, engine)

HotFix and Patch Releases

 For Security Vulnerabilities (Available to the public)

 For Products (ServicePortal account and valid grant number required)

Product Evaluation

McAfee Beta Program

Technical Support http://www.mcafee.com/us/support/

KnowledgeBase Search

http://knowledge.mcafee.com/

McAfee Technical Support ServicePortal (Logon credentials required)

https://mysupport.mcafee.com/eservice_enu/start.swe

Customer Service

Web

http://www.mcafee.com/us/support/index.html
http://www.mcafee.com/us/about/contact/index.html

Phone

— US, Canada, and Latin America toll-free:

+1-888-VIRUS NO or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time

Professional Services

Enterprise: http://www.mcafee.com/us/enterprise/services/index.html

Small and Medium Business: http://www.mcafee.com/us/smb/services/index.html

20

McAfee® GroupShield™ 7.0 User Guide Introduction

Contact information

1

21

2

Pre-Installation

This chapter provides information that is important to consider before installing
GroupShield for Exchange 7.0. Topics covered are:

 Pre-Installation scenarios

 System requirements

Pre-Installation scenarios

You MUST log on to Microsoft® Windows as a domain administrator. This gives you
relevant rights and permissions to install GroupShield.

Before installing GroupShield:

 Make sure Microsoft

®

Exchange Server 2003/2007 is installed on the installation

server.

 Manually uninstall GroupShield software older than version 6.0.2.

 Uninstall SpamKilller for Exchange using the Windows Add/Remove Programs feature.

Note

GroupShield for Exchange 7.0 supports automatic upgrading of the software from
version 6.0.2 and above.

Caution

GroupShield for Exchange 7.0 does not support upgrading of SpamKiller software.

22

McAfee® GroupShield™ 7.0 User Guide Pre-Installation

Pre-Installation scenarios

2

Types of installation

GroupShield can be installed on Microsoft® Exchange Server 2003/2007 in these ways:

 Standard installation

 Silent installation

 Cluster installation

Standard installation

You can install McAfee® GroupShield software on Microsoft® Exchange Server
2003/2007. Refer to Installing GroupShield for Microsoft® Exchange Server 2003/2007

on page 26 for step-by-step instructions.

Silent installation

You can install McAfee® GroupShield software on Microsoft® Exchange Server
2003/2007 without user interaction. This is also known as unattended installation.
Refer to Silent installation on page 32 for step-by-step instructions.

Cluster installation

You can install McAfee® GroupShield software on Microsoft® Exchange Server
2003/2007 on a cluster environment. Refer to Configuring GroupShield in a cluster

environment on page 33 for step-by-step instructions.

23

McAfee® GroupShield™ 7.0 User Guide Pre-Installation

System requirements

2

System requirements

Before you install GroupShield, ensure that your server meets these requirements:

Table 2-1 System Requirements

Processor  Intel x64 architecture-based processor that supports Intel

Extended Memory 64 Technology (Intel EM64T)

 AMD x64 architecture-based processor with AMD 64-bit

technology

 Intel x86 architecture-based processor (only on Exchange Server

2003)

Memory

 Minimum: 512 MB

 Recommended: 1 GB

Available Hard disk
space

 Minimum: 740MB

Operating system

 Windows 2000 Advanced Server with Service Pack 4

 Windows 2003 Standard/Enterprise Server (32-bit)

 Windows 2003 Standard/Enterprise Server R2 (32-bit)

 Windows 2003 Standard/Enterprise Server (64-bit)

 Windows 2003 Small Business Server (32-bit)

 Windows 2003 Datacenter Server (32-bit)

 Windows 2003 Datacenter Server (64-bit)

Note: Refer Windows service pack requirements Release Notes for
Service Pack information.

Exchange Servers
Supported

 Microsoft

®

Exchange Server 2003 with Service Pack 2

 Microsoft

®

Exchange Server 2007

Browsers Supported

 Microsoft

®

Internet Explorer version 6 and above

 Netscape Navigator version 9.0

 Mozilla version 2.0

Screen Resolution 1024 x 768

For the best display, set the color resolution to 24-bit or higher

General A CD-ROM drive (if installing from a CD) or an Internet connection (if

installing from the McAfee download site)

24

McAfee® GroupShield™ 7.0 User Guide Pre-Installation

System requirements

2

25

3

Installing the Software

Installing GroupShield software consists of these topics:

 Accessing the software

 What is included with the software?

 Installing GroupShield for Microsoft

®

Exchange Server 2003/2007

 Installing additional components

 Silent installation

 Configuring GroupShield in a cluster environment

 Upgrading GroupShield from v6.0.2 or higher

Accessing the software

McAfee distributes GroupShield for Exchange in two ways:

 As an archived file that you download from the McAfee website or from other

electronic services.

 On the Total Virus Defense (TVD), the Active Virus Defense (AVD) or the suite CDs.

Once you have downloaded the archive file or placed the TVD or AVD installation CD in
your CD-ROM drive, the installation steps you follow are the same for each type of
distribution.

Note

To install, manage, remove or upgrade GroupShield for Microsoft® Exchange Server
2003/2007, you must have a user account with administrative rights.

26

McAfee® GroupShield™ 7.0 User Guide Installing the Software

Installing GroupShield for Microsoft® Exchange Server 2003/2007

3

What is included with the software?

GroupShield for Exchange has these components in the installer that you can install
separately.

 McAfee GroupShield for Exchange 7.0

 Buffer Overflow Protection

 McAfee Anti-Spam for GroupShield

The McAfee GroupShield for Exchange 7.0 option is selected by default. If you want to install
the additional software components, you must select them in the installer.

Installing GroupShield for Microsoft® Exchange Server
2003/2007

1 Using an administrative account, log on to the Microsoft® Exchange Server

2003/2007.

2 Create a temporary directory on the network or your local drive.

3 To install, do one of the following depending on how you obtained the software:

 Insert the CD into the computers drive and copy the installation files to the

temporary directory you created.

 Download the .ZIP archive and extract the files to the temporary directory.

Caution

McAfee® GroupShield™ for Microsoft® Exchange Server 2003/2007 does not upgrade
McAfee

®

SpamKiller for Exchange installation. You should uninstall McAfee® SpamKiller

for Exchange manually before installing GroupShield for Exchange 7.0.

27

McAfee® GroupShield™ 7.0 User Guide Installing the Software

Installing GroupShield for Microsoft® Exchange Server 2003/2007

3

4 Using Windows Explorer, navigate to the folder where you copied the installation

files and double-click

SETUP.EXE. The GroupShield for Exchange setup dialog box

appears.

5 Click

Next. The Component Selection dialog box displays the software components you

can install.

 McAfee GroupShield for Exchange 7.0 is selected by default.

 Buffer Overflow Protection provides buffer overflow protection through host

intrusion prevention using McAfee VirusScan Enterprise version 8.5i.

Figure 3-1 McAfee GroupShield for Exchange - Welcome

Figure 3-2 McAfee GroupShield for Exchange - Component selection

Note

Buffer overflow protection is not supported on 64-bit platforms.

28

McAfee® GroupShield™ 7.0 User Guide Installing the Software

Installing GroupShield for Microsoft® Exchange Server 2003/2007

3

 McAfee Anti-Spam for GroupShield (Evaluation) provides filters to block spam and phish

emails.

6 Select the software components to install and click

Next.

7 When the

End User License Agreement dialog box appears, select the License expiry type

and

Select country where purchased and used from the drop-down menus.

8 Click I accept the terms in the license agreement, then OK to display the Destination Folder

dialog box.

9 Click

Browse to select a different folder or Next to install the software in the default

directory. The

Select Installation type dialog box appears.

10 Select the desired installation type from these options:

 Typical - installs the most common application features and is recommended for

most users.

 Complete - installs all the application features.

 Custom - installs the application features you want and is recommended for

advanced users.

11 Click

Next. The Ready to Install the Application dialog box appears. Select Create Desktop

Shortcut

to create a shortcut icon on the desktop.

Note

Anti-Spam and Anti-Phish feature is available only if you install McAfee Anti-Spam for

GroupShield

component during installation. McAfee Anti-Spam for GroupShield requires

activation to enable it to work in licensed mode.

Note

When preparing your computer for installation, if the wizard finds any programs running
on your computer, an

Installation Wizard dialog box appears recommending you to exit

any programs running, before continuing with installation.

Figure 3-3 McAfee GroupShield for Exchange - Select Installation type

29

McAfee® GroupShield™ 7.0 User Guide Installing the Software

Installing GroupShield for Microsoft® Exchange Server 2003/2007

3

12 Click Next to display the Updating System dialog box. A progress bar indicates the

features being copied and installed. Once the installation process completes, click

Finish to complete the GroupShield for Exchange installation process.

13 Upon successful completion of the installation, these menus are available from the

Start | Programs | McAfee | GroupShield for Exchange menu:

 GroupShield for Exchange (Web)

 SiteList Editor

 GroupShield for Exchange

 GroupShield for Exchange Access Control

SiteList editor

This is a new functionality in the software, where you can see the list of sites
configured for update. The user interface is similar to that of McAfee VirusScan
Enterprise.

This application modifies the

sitelist.xml file of the current machine. EditSiteList.exe is the

tool used for editing the sitelist.xml file.

GroupShield for Exchange Access Control

Access control is used to restrict user access to the GroupShield software. You can
simplify the administration of access control by using one or more administrative user
groups and then setting the appropriate permissions to each group. Then simply add
individual users to the user group to grant them those permissions.

Note

The GroupShield for Exchange (Web) option appears in the menu, only if you choose the

Complete installation type.

Figure 3-4 SiteList Editor

30

McAfee® GroupShield™ 7.0 User Guide Installing the Software

Installing additional components

3

Permissions can be applied to any object in directory or on the local computer, but
majority of permissions should be applied to groups, rather than individual users. This
eases the task of managing permissions on the software.

Installing additional components

After the wizard completes the installation of GroupShield for Exchange, the installation
process continues if you had selected any of these additional components:

 Buffer Overflow Protection

 McAfee Anti-Spam for GroupShield

Buffer Overflow Protection

Buffer overflow is an attack technique that exploits a software design defect in an
application or process to force it to execute code on the computer. Applications have
fixed-size buffers that hold data. If an attacker sends too much data or code into one of
these buffers, the buffer overflows. The computer then executes the code that
overflowed as a program. As the code execution occurs in the security content of the
application (which is often at a highly-privileged or administrative level), intruders gain
access to execute commands not usually accessible to them. An attacker can use this
vulnerability to execute custom hacking code on the computer and compromise its
security and data integrity.

Figure 3-5 Access Control

Note

The McAfee GroupShield for Exchange 7.0 component is selected by default. If you want
to install additional software components, you must select them in the installer.
McAfee Anti-Spam for GroupShield component requires a license key for activation.