F-Secure Anti-Virus for Microsoft Exchange
Transcription
F-Secure Anti-Virus for Microsoft Exchange
F-Secure E-mail and Server Security Deployment Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice. Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation. Copyright © 1993-2012 F-Secure® Corporation. All rights reserved. Portions: Copyright © 2004 BackWeb Technologies Inc. Copyright © 1991-2010 Commtouch® Software Ltd. Copyright © 1997-2009 BitDefender. Copyright © Yooichi Tagawa, Nobutaka Watazaki, Masaru Oki, Tsugio Okamoto Copyright © 1990-2002 ARJ Software, Inc. Copyright © 1990-2003 Info-ZIP Copyright © 1996-2000 Julian R Seward Copyright © 1996-2009, Daniel Stenberg, [email protected] This product includes software developed by the Apache Software Foundation (http://www.apache.org/). Copyright © 2000-2004 The Apache Software Foundation. All rights reserved. This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2010 The PHP Group. All rights reserved. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:// www.openssl.org/). Copyright © 1998-2011 The OpenSSL Project. All rights reserved. This product includes cryptographic software written by Eric Young ([email protected]). Copyright © 1995-1998 Eric Young ([email protected]). All rights reserved. This product includes software written by Tim Hudson ([email protected]). Copyright © 1994-2010 Lua.org, PUC-Rio. Copyright © Reuben Thomas 2000-2010. Copyright © 2005 Malete Partner, Berlin, [email protected] This software is copyrighted by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, ActiveState Corporation and other parties. Copyright © 1996-2001 Intel Corporation (http://www.intel.com) Copyright © 2004, 2005 Metaparadigm Pte Ltd This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution are Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file. All files in the SpamAssassin distribution fall under the same terms as Perl itself, as described in the "Artistic License". This product includes optional Microsoft SQL Server 2008 R2 Express Edition. Copyright © 2010 Microsoft Corporation. All rights reserved. This product may be covered by one or more F-Secure patents, including the following: GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233, GB2374260. Contents About This Guide 4 How This Guide Is Organized .............................................................................................. 5 Conventions Used in F-Secure Guides ................................................................................ 6 Chapter 1 Introduction 8 1.1 Overview ...................................................................................................................... 9 1.2 How the Product Works ............................................................................................. 10 1.3 Key Features.............................................................................................................. 13 1.4 Scanning Methods ..................................................................................................... 16 Chapter 2 Deployment 17 2.1 Installation Modes ...................................................................................................... 18 2.2 Deployment Scenarios ............................................................................................... 19 2.2.1 Deploying F-Secure E-mail and Server Security to a stand-alone server ...... 19 2.2.2 Deploying F-Secure E-mail and Server Security with Policy Manager........... 20 2.2.3 Single File, Terminal or Exchange Server ...................................................... 21 2.2.4 Multiple Exchange 2003 Servers.................................................................... 22 2.2.5 Multiple Exchange Server 2007/2010 Roles .................................................. 23 2.2.6 Large organization using Exchange 2007/2010 ............................................. 24 2.2.7 Centralized Quarantine Management............................................................. 26 Chapter 3 System Requirements 30 3.1 System Requirements for Installation without Anti-Virus for Microsoft Exchange...... 31 3.2 System Requirements for Installation with Anti-Virus for Microsoft Exchange........... 32 1 3.2.1 3.2.2 3.2.3 3.2.4 Installation on Microsoft Exchange Server 2003 ............................................ 32 Installation on Microsoft Exchange Server 2007 ............................................ 34 Installation on Microsoft Exchange Server 2010 ............................................ 37 Network Requirements for E-mail and Server Security .................................. 39 3.3 Centralized Management Requirements.................................................................... 40 3.4 Other System Component Requirements .................................................................. 40 3.4.1 SQL Server Requirements ............................................................................. 40 3.4.2 Additional Windows Components................................................................... 42 3.4.3 Web Browser Software Requirements ........................................................... 42 Chapter 4 Installation 44 4.1 Installing F-Secure E-mail and Server Security from Policy Manager .......................45 4.2 Installing F-Secure E-mail and Server Security to Microsoft Exchange Server ......... 59 4.3 Upgrading from previous product versions ................................................................ 78 4.3.1 Upgrading from the centralized installation of F-Secure Anti-Virus for Windows Server with Policy Manager 10.0178 4.3.2 Upgrading from F-Secure Anti-Virus for Microsoft Exchange with Policy Manager 10.0178 4.3.3 Upgrading from F-Secure Anti-Virus for Microsoft Exchange......................... 79 4.4 Registering the Evaluation Version ............................................................................ 80 4.5 Uninstalling the Product ............................................................................................. 81 Chapter 5 Configuring the Product 82 5.1 Configuring the Product ............................................................................................. 83 5.2 Network Configuration................................................................................................ 84 5.3 Configuring F-Secure Spam Control .......................................................................... 86 5.3.1 Realtime Blackhole List Configuration............................................................ 86 5.3.2 Optimizing F-Secure Spam Control Performance .......................................... 89 Appendix A Deploying the Product on a Cluster 90 A.1 Installation Overview ................................................................................................. 91 A.2 Creating Quarantine Storage ..................................................................................... 93 A.2.1 Quarantine Storage in Active-Passive Cluster ............................................... 93 A.2.2 Quarantine Storage in Active-Active Cluster .................................................. 98 A.2.3 Creating the Quarantine Storage for a Single Copy Cluster Environment ...101 2 A.3 A.2.4 Creating the Quarantine Storage for a Continuous Cluster Replication Environment ..................................................................108 A.2.5 Creating the Quarantine Storage for a Database Availability Group Environment ....................................................................112 Installing the Product................................................................................................116 A.3.1 Installing on Clusters with Quarantine as Cluster Resource ........................116 A.3.2 Installing on Clusters with Quarantine on a Dedicated Computer ................119 A.4 Administering the Cluster Installation with F-Secure Policy Manager......................123 A.5 Using the Quarantine in the Cluster Installation.......................................................124 A.6 Using the Product with High Availability Architecture in Microsoft Exchange Server 2010125 A.7 Uninstallation............................................................................................................126 A.8 Troubleshooting .......................................................................................................127 Appendix B Services and Processes B.1 128 List of Services and Processes ............................................................................... 129 Technical Support 133 F-Secure Online Support Resources ............................................................................... 134 Software Downloads ........................................................................................................136 Virus Descriptions on the Web .........................................................................................136 About F-Secure Corporation 3 ABOUT THIS GUIDE How This Guide Is Organized...................................................... 5 Conventions Used in F-Secure Guides ....................................... 6 4 5 How This Guide Is Organized F-Secure E-mail and Server Security Deployment Guide is divided into the following chapters: Chapter 1. Introduction. General information about F-Secure E-mail and Server Security and other F-Secure Anti-Virus Mail Server and Gateway products. Chapter 2. Deployment. Instructions and examples how to set up your network environment before you can install the product. Chapter 3. System Requirements. System and network requirements for product components. Chapter 4. Installation. Instructions how to install and set up the product. Chapter 5. Configuring the Product. Instructions on how to configure the product to take it into use. Appendix A. Deploying the Product on a Cluster. Instructions how to deploy and use the product on a cluster. Appendix B. Services and Processes. Describes services, devices and processes of the product. Technical Support. Contains the contact information for assistance. About F-Secure Corporation. Describes the company background and products. See the F-Secure Policy Manager Administrator's Guide for detailed information about installing and using the F-Secure Policy Manager components: F-Secure Policy Manager Console, the tool for remote administration of the product. F-Secure Policy Manager Server, which enables communication between F-Secure Policy Manager Console and the managed systems. CHAPTER 2 Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider. REFERENCE - A book refers you to related information on the topic available in another document. NOTE - A note provides additional information that you should consider. l TIP - A tip provides information that can help you perform a task more quickly or easily. Fonts Arial bold (blue) is used to refer to menu names and commands, to buttons and other items in a dialog box. Arial Italics (blue) is used to refer to other chapters in the manual, book titles, and titles of other manuals. Arial Italics (black) is used for file and folder names, for figure and table captions, and for directory tree names. Courier New is used for messages on your computer screen. Courier New bold is used for information that you must type. SMALL CAPS (BLACK) keyboard. is used for a key or key combination on your 6 7 Arial underlined (blue) is used for user interface links. Arial italics is used for window and dialog box names. PDF Document This manual is provided in PDF (Portable Document Format). The PDF document can be used for online viewing and printing using Adobe® Acrobat® Reader. When printing the manual, please print the entire manual, including the copyright and disclaimer statements. For More Information Visit F-Secure at http://www.f-secure.com for documentation, training courses, downloads, and service and support contacts. In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at [email protected]. 1 INTRODUCTION Overview....................................................................................... 9 How the Product Works.............................................................. 10 Key Features .............................................................................. 13 Scanning Methods...................................................................... 16 8 9 1.1 Overview Malicious code, such as computer viruses, is one of the main threats for companies today. In the past, malicious code spread mainly via disks and the most common viruses were the ones that infected disk boot sectors. When users began to use office applications with macro capabilities such as Microsoft Office - to write documents and distribute them via mail and groupware servers, macro viruses started spreading rapidly. Nowadays the most common spreading mechanism for viruses is Web. Even fraudulent e-mails usually contain a link to a browser exploit or a phishing web site. F-Secure E-mail and Server Security includes Browsing Protection, which protects the Internet browsing for all users of the server. F-Secure Anti-Virus Mail Server and Gateway products are designed to protect your company's mail and groupware servers and to shield the company network from any malicious code that travels in HTTP or SMTP traffic. In addition, they protect your company network against spam. The protection can be implemented on the gateway level to screen all incoming and outgoing e-mail (SMTP), web surfing (HTTP and FTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can be implemented on the mail server level so that it does not only protect inbound and outbound traffic but also internal mail traffic and public sources, such as public folders on Microsoft Exchange servers. Providing the protection already on the gateway level has plenty of advantages. The protection is easy and fast to set up and install, compared to rolling out antivirus protection on hundreds or thousands of workstations. The protection is also invisible to the end users which ensures that the system cannot be by-passed and makes it easy to maintain. Of course, protecting the gateway level alone is not enough to provide a complete antivirus solution; file server and workstation level protection is needed, also. Why clean 1000 workstations when you can clean one attachment at the gateway level? CHAPTER 1 Introduction 1.2 How the Product Works The product is designed to detect and disinfect viruses and other malicious code from e-mail transmissions through Microsoft Exchange Server. Scanning is done in real time as the mail passes through Microsoft Exchange Server. On-demand scanning of user mailboxes and public folders is also available. Scanning Attachments and Message Bodies The product scans attachments and message bodies for malicious code. It can also be instructed to remove particular attachments according to the file name or the file extension. If the intercepted mail contains malicious code, the product can be configured to disinfect or drop the content. Any malicious code found during the scan process can be placed in the Quarantine, where it can be further examined. Stripped attachments can also be placed in the Quarantine for further examination. Flexible and Scalable Anti-Virus Protection The product is installed on Microsoft Exchange Server and it intercepts mail traveling to and from mailboxes and public folders. The messages and documents are scanned with the scanning component, F-Secure Content Scanner Server, which also disinfects the infected messages. Alerting The product has extensive alerting functions, which means that the system administrator can specify a recipient, such as the network administrator, to be notified about the infection found in the data content. Powerful and Always Up-to-date The product uses the award-winning F-Secure Anti-Virus techniques and scanning engines to ensure the highest possible detection rate and disinfection capability. The F-Secure Anti-Virus definition databases are updated typically multiple times a day and they provide an always up-to-date protection capability. F-Secure Anti-Virus scanner consistently ranks at the top when compared to competing products. Our team of dedicated virus researchers is on call 24-hours a day responding to new and emerging threats. In fact, F-Secure is one of the only companies to release tested virus definition updates continuously, to make sure our customers are receiving the highest quality service and protection. 10 11 Real-time Protection Network F-Secure's Real-time Protection Network is an online service which provides rapid response against Internet-based threats. The Real-time Protection Network uses reputation services to obtain information about the latest Internet threats. When Real-time Protection Network finds a suspicious application on the server, you benefit from the analysis results when the same application has been found on other devices already. Real-time Protection Network improves the overall performance, as the product does not need to scan any applications that Real-time Protection Network has already analyzed and found clean. Similarly, information about malicious websites and unsolicited bulk messages is shared through Real-time Protection Network, and we are able to provide you with more accurate protection against web site exploits and spam messages. Virus and Spam Outbreak Detection Massive spam and virus outbreaks consist of millions of messages which share at least one identifiable pattern that can be used to distinguish the outbreak. Any message that contains one or more of these patterns can be assumed to be a part of the same spam or virus outbreak. The product can identify these patterns from the message envelope, headers and body, in any language, message format and encoding type. It can detect spam messages and new viruses during the first minutes of the outbreak. Stand-alone and Centralized Administration Modes The product can be installed either in stand-alone or centrally administered mode. Depending on how the product has been installed, it is managed either with the Web Console or F-Secure Policy Manager. Scalability and Reliability F-Secure Policy Manager provides a scalable way to manage the security of multiple applications on multiple operating systems, from one central location. F-Secure Policy Manager is comprised of two components, F-Secure Policy Manager Console and F-Secure Policy Manager Server, which are used to administer applications. They are seamlessly integrated with the F-Secure Management Agents that handle all management functions on local hosts. Easy to Administer If the product is installed in stand-alone mode it can be managed with the web-based user interface. CHAPTER 1 Introduction If the product is installed in centrally administered configuration, it is managed with F-Secure Policy Manager. With its graphical user interface, F-Secure Policy Manager Console provides a centralized view of the domains and hosts in your network, lets you configure the security policies for all F-Secure components and set up scheduled scans and run manual scanning operations. F-Secure Policy Manager receives status information from the product. F-Secure Policy Manager Server is the server side component that handles communication between the product and F-Secure Policy Manager Console. It exchanges security policies, software updates, status information, statistics, alerts, and other information between F-Secure Policy Manager Console and all managed systems. Figure 1-1 (1) E-mail arrives from the Internet to F-Secure E-mail and Server Security, which (2) filters malicious content from mails and attachments, and (3) delivers cleaned files forward. 12 13 1.3 Key Features The product provides the following features and capabilities. Superior Protection Virus Outbreak Detection Stops all malware at the server and protects e-mails, file sharing, web browsing, critical system processes, and system configuration. Superior detection rate with multiple scanning engines. Scanning engines updated automatically with the latest versions. Automatic malicious code detection and disinfection. The grayware scan detects spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs. Heuristic scanning detects also unknown Windows and macro viruses. Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI, RAR, TAR, TGZ, Z and ZIP archive files. Automatic and consistent virus definition database updates. Suspicious and unsafe attachments can be stripped away from e-mails. Password protected archives can be treated as unsafe. Intelligent file type recognition. Message filtering based on keywords in message subjects and text. The virus outbreak detection is an additional active layer of protection that automatically detects virus outbreaks and quarantines suspicious messages. Virus outbreaks are transparently detected and infected messages are quarantined before the outbreak becomes widespread. Quarantined unsafe messages can be reprocessed automatically. CHAPTER 1 Introduction Transparency and Scalability Management Protection against Spam Viruses are intercepted before they can enter the network and spread out on workstations and servers. Real-time scanning of internal, inbound and outbound mail messages and public folder notes. Automatic protection of new mailboxes and public folders. Total transparency to end-users. Users cannot bypass the system, which means that messages and documents cannot be exchanged without scanning. Controlling and monitoring the behavior of the products remotely. Starting predefined operations remotely. Monitoring statistics provided by the products remotely with F-Secure Policy Manager or the Web Console. Possibility to configure and manage stand-alone installations with the convenient the Web Console. You can manage and search quarantined content with the Web Console. Spam messages are transparently detected before they become widespread. Efficient spam detection based on different analyses on the e-mail content. Multiple filtering mechanisms guarantee the high accuracy of spam detection. Spam messages can be separated from legitimate messages and processed using the Spam Confidence Levels. Spam detection works in every language and message format. 14 15 DeepGuard Browsing Protection DeepGuard protects your server in real-time from new and unknown treats and attacks. Combines enhanced system monitoring, executable file behavior and reputation analysis and intrusion prevention features. Uses in-the-cloud protection techniques to provide fast reaction times against the latest threats. DeepGuard can be configured to handle and block suspicious files automatically without requiring any user interaction. Browsing Protection protects you from web sites that may steal your personal information, including credit card numbers, user account information, and passwords. Blocks access to malicious, undesired, and suspicious sites based on web site reputation and analysis. CHAPTER 1 Introduction 1.4 Scanning Methods Virus Scanning The virus scan uses virus definition databases to detect and disinfect viruses. Virus definition databases are updated typically multiple times a day and they provide an always up-to-date protection capability. Heuristic Scanning The heuristic scan analyzes files for suspicious code behavior so that the product can detect unknown malware. Proactive Virus Threat Detection The proactive virus threat detection analyzes e-mail messages for possible virus patterns and security threats. All possibly harmful messages are quarantined as unsafe. The proactive virus threat detection can detect new viruses during the first minutes of the outbreak. Grayware Scanning The grayware scan detects applications that have annoying or undesirable behavior that can reduce the performance of computers on the network and introduce significant security risks to your organization. Grayware includes spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs that can perform a variety of undesired and threatening actions, such as irritating users with pop-up windows, logging user key strokes, and exposing the computer to vulnerabilities. 16 2 DEPLOYMENT Installation Modes....................................................................... 18 Deployment Scenarios ............................................................... 19 17 CHAPTER 2 Deployment 2.1 Installation Modes The product can be installed locally at the server, or remotely to one or more servers with F-Secure Policy Manager. E-mail Security components can be installed only locally. Administration Modes The product can be installed either in stand-alone or centrally administered mode. In stand-alone installation, the product is managed with Web Console. In centrally administered mode, it is managed centrally with F-Secure Policy Manager. To administer the product in the centrally administered mode, you have to install F-Secure Policy Manager on a dedicated computer. For up-to-date information on supported platforms, see F-Secure Policy Manager Release Notes. 18 19 2.2 Deployment Scenarios Depending on how the Microsoft Exchange Server roles are deployed in your environment, you might consider various scenarios of deploying the product. There are various ways to deploy the product that are suitable to different environments: 2.2.1 If you have just a single file, terminal or Microsoft Exchange Server, see “Single File, Terminal or Exchange Server”, 21. If you have multiple Microsoft Exchange Servers, see “Multiple Exchange 2003 Servers”, 22. If you have multiple Microsoft Exchange Servers with Exchange Edge and Mailbox Server roles, see “Multiple Exchange Server 2007/2010 Roles”, 23. If you have multiple Microsoft Exchange Servers deployed on dedicated servers with server roles and possibly clustered mailbox servers, see “Large organization using Exchange 2007/ 2010”, 24. If you have multiple Microsoft Exchange Server installations and you want to configure the product to use one SQL server and database for the quarantine management, see “Centralized Quarantine Management”, 26. Deploying F-Secure E-mail and Server Security to a stand-alone server In corporations with one or two servers (Microsoft Exchange Server 2003/ 2007/2010 or Microsoft Small Business Server 2003/2008/2011) that hold all mailboxes, public folders and send and receive all inbound and outbound messages over SMTP. You can administer each server in stand-alone mode. This is a typical scenario in companies that run Microsoft Small Business Server. Make sure that your hardware and the system configuration meet the system and network requirements. CHAPTER 2 Deployment Installing F-Secure Anti-Virus for Microsoft Exchange To install the product, login to the server with local administrative privileges and run the setup. For more information, see “Installing F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59. Administration Modes After you have installed the product, use the product Web Console to configure your product. For more information, see “Configuring the Product”, 82. 2.2.2 Deploying F-Secure E-mail and Server Security with Policy Manager In corporations with multiple servers and workstations, we recommend that you use F-Secure Policy Manager to centrally manage the product. Make sure that servers where you install the product meet the system and network requirements. To install the product to servers: 1. Download the remote installation package (jar file) of the product and import it to F-Secure Policy Manager Console. If you have F-Secure E-mail and Server Security license, use F-Secure E-mail and Server Security remote installation package with the filename ess_9.20-rtm.jar. If you have F-Secure Server Security license, use F-Secure Server Security remote installation package with the filename ss_9.20-rtm.jar. 2. Install F-Secure E-mail and Server Security to the target servers. If target servers are in the policy domain already, use the policy-based installation. Otherwise, use the push-installation. 3. After the installation is complete, import new hosts to the Policy Manager domain. 4. Install E-mail Security components locally to servers running Microsoft Exchange Server. Use the centralized administration mode and connect the product to the same Policy Manager. 20 21 2.2.3 Single File, Terminal or Exchange Server Your organization has a single server (Microsoft Exchange Server 2003/ 2007/2010 or Microsoft Small Business Server 2003/2008/2011) that holds all mailboxes, public folders and sends and receives all inbound and outbound messages over SMTP. Usually, the server is located behind the firewall or router. Installing F-Secure Anti-Virus for Microsoft Exchange Install the product to the server running Microsoft Exchange Server or Microsoft Small Business Server. Administration Modes You can install the product in stand-alone mode and administer it with the Web Console. The product receives anti-virus and spam database updates from F-Secure Update Server. CHAPTER 2 Deployment 2.2.4 Multiple Exchange 2003 Servers Your organization has multiple Microsoft Exchange Server 2003 installations. Usually, the front-end server is located in the perimeter network and receives inbound mail using SMTP and forwards all messages to the back-end server. The back-end Exchange server holds all mailboxes and public folders. In a larger organization, back-end servers may be clustered. Installing F-Secure Anti-Virus for Microsoft Exchange Install the product to both front-end and back-end Exchange servers. In addition, the front-end server can be protected with F-Secure Spam Control. Administration Modes Install F-Secure Policy Manager Server on a dedicated server or on the same server with one of Exchange servers. You can administer the product with F-Secure Policy Manager Console. When you install the product, configure each installation to connect to the same F-Secure Policy Manager Server. The product installations receive anti-virus and spam database updates from F-Secure Policy Manager Server, which receives updates from F-Secure Update Server. 22 23 2.2.5 Multiple Exchange Server 2007/2010 Roles Your organization has multiple Microsoft Exchange Server 2007/2010 installations. Exchange Edge and Mailbox Server roles are deployed to separate servers and the Hub Server is deployed either on a separate server or on the same server with the Mailbox Server. The Edge Server handles incoming and outgoing messages using SMTP and Mailbox Server holds all mailboxes and public folders and Hub Server routes mail traffic between Exchange servers. Installing F-Secure Anti-Virus for Microsoft Exchange Install the product to all servers where Exchange Edge, Hub and Mailbox Server roles are deployed. In addition, the Edge server can be protected with F-Secure Spam Control. If the Exchange role is changed later, the product has to be reinstalled. Administration Modes Install F-Secure Policy Manager Server on a dedicated server or on the same server with one of Exchange servers. You can administer the product with F-Secure Policy Manager Console. CHAPTER 2 Deployment When you install the product, configure each installation to connect to the same F-Secure Policy Manager Server. The product installations receive anti-virus and spam database updates from F-Secure Policy Manager Server, which receives updates from F-Secure Update Server. 2.2.6 Large organization using Exchange 2007/2010 Your organization has multiple Microsoft Exchange Server 2007/2010 installations. All Exchange roles are deployed on dedicated servers. Mailbox servers are possibly clustered. 24 25 Installing F-Secure Anti-Virus for Microsoft Exchange Install the product to the server where Exchange Edge, Hub and Mailbox Server roles are deployed. In addition, the Edge server can be protected with F-Secure Spam Control. Do not install the product to Client Access or Unified Messaging Server roles. Installing F-Secure Spam Control F-Secure Spam Control can be installed on the Edge server. Administration Modes Install F-Secure Policy Manager Server on a dedicated server. You can administer the product with F-Secure Policy Manager Console. When you install the product, configure each installation to connect to the same F-Secure Policy Manager Server. The product installations receive anti-virus and spam database updates from F-Secure Policy Manager Server, which receives updates from F-Secure Update Server. CHAPTER 2 Deployment 2.2.7 Centralized Quarantine Management Your organization has multiple Microsoft Exchange Server installations. For example, you have front-end and back-end servers running Exchange Server 2003, or a network configuration with Edge and Mailbox roles running Exchange Server 2007/2010. Microsoft SQL Server is installed on a dedicated server or on the server running F-Secure Policy Manager Server. 26 27 Installing the product When you install the product, configure each installation to use the same SQL server and database. Make sure that the SQL server, the database name, user name and password are identical in the quarantine configuration for all F-Secure Anti-Virus for Microsoft Exchange installations. Make sure that all the servers are allowed to communicate with the SQL server using mixed mode authentication. For more information, see “Enabling the mixed mode authentication in the Microsoft SQL Server”, 27. In environments with heavy e-mail traffic, it is recommended to use a Microsoft SQL server installed on a separate server. When using the free Microsoft SQL Server 2008 R2 included with the product, the Quarantine database size is limited to 10 GB. You can use the Web Console to manage and search quarantined content. Enabling the mixed mode authentication in the Microsoft SQL Server If you install Microsoft SQL Server 2005/2008 separately, it supports Windows Authentication only by default. You have to change the authentication to mixed mode during the setup or configure it later with Microsoft SQL Server user interface. The mixed mode authentication allows you to log into the SQL server with either your Windows or SQL username and password. Make sure that the sa password is strong when you change the authentication mode from the Windows authentication to the mixed authentication mode. Follow these steps to change the authentication mode: 1. Open Microsoft SQL Server Management Studio or Microsoft SQL Server Management Studio Express. If you do not have Microsoft SQL Server Management Studio installed, you can freely download Management Studio Express from the Microsoft web site. CHAPTER 2 Deployment 2. 3. 4. 5. Connect to the SQL server. In Object Explorer, go to Security > Logins. Right-click on sa and select Properties. Open the General page and change the password. Confirm the new password that you entered. 6. Open the Status page and select Enabled in the Login section. 7. Click OK. 8. In Object Explorer, right-click on the server name and select Properties. 9. On the Security page, select SQL Server and Windows Authentication mode under Server authentication. 10. Click OK. 11. Right-click on the server name and select Restart. Wait for a moment for the service to restart before you continue. 12. Use Management Studio to test the connection to the SQL server with the sa account and the new password you set. 28 29 3 SYSTEM REQUIREMENTS System Requirements for Installation without Anti-Virus for Microsoft Exchange.................................................................... 31 System Requirements for Installation with Anti-Virus for Microsoft Exchange.................................................................................... 32 Centralized Management Requirements.................................... 40 Other System Component Requirements................................... 40 30 31 3.1 System Requirements for Installation without Anti-Virus for Microsoft Exchange The minimum and recommended requirements for installing and using the product on the server that does not have Microsoft Exchange Server are: Processor: Operating system: Any processor based on Intel x86 (I386) or AMD x64 / Intel EM64T architecture that can run the corresponding Microsoft Windows Server (Intel Pentium 4 2GHz or higher recommended) Microsoft® Windows Server 2003 with the latest service pack Microsoft® Windows Server 2003 R2 Microsoft® Windows Server 2008 Microsoft® Windows Server 2008 R2 Microsoft® Small Business Server 2003 Microsoft® Small Business Server 2003 R2 Microsoft® Small Business Server 2008 Microsoft® Small Business Server 2011, Standard edition Memory: 512MB (1GB or more recommended) Disk space: 1,1 GB for installation and updates CHAPTER 3 System Requirements 3.2 Display: At least 8-bit [256 colors] (16-bit or more [65000 colors] recommended) Internet connection: Required to receive updates and to use the real-time protection network Web browser: Required to administer the product Microsoft Internet Explorer 6.0 or later Mozilla Firefox 3.0 or later Any other web browser that supports HTTP 1.0, SSL, JavaScript and cookies may be used as well. System Requirements for Installation with Anti-Virus for Microsoft Exchange The product is installed on the computer running Microsoft Exchange Server. The release notes document contains the latest information about the product and might have changes to system requirements and the installation procedure. It is highly recommended to read the release notes before you proceed with the installation. 3.2.1 Installation on Microsoft Exchange Server 2003 The product can be installed on a computer running Microsoft® Exchange Server 2003 with the latest service pack Processor: Any processor based on Intel x86 (I386) or AMD x64 / Intel EM64T architecture that can run the corresponding 32-bit Microsoft Windows Server Intel Pentium 4 2GHz or higher 32 33 Operating system: Microsoft® Windows Server 2003 Standard Edition with the latest service pack Microsoft® Windows Server 2003 Enterprise Edition with the latest service pack Microsoft® Windows Server 2003 R2 Standard Edition Microsoft® Windows Server 2003 R2 Enterprise Edition Microsoft® Small Business Server 2003 Microsoft® Small Business Server 2003 R2 Memory: 1 GB minimum Disk space to install: 2 GB for installation and updates Disk space for processing: 10 GB or more. The required disk space depends on the number of mailboxes, amount of data traffic and the size of the Information Store. Internet connection: Required to receive updates and to use the real-time protection network Web browser: Required to administer the product Microsoft Internet Explorer 6.0 or later Mozilla Firefox 3.0 or later Any other web browser that supports HTTP 1.0, SSL, JavaScript and cookies may be used as well. CHAPTER 3 System Requirements Cluster Environment The product supports the following cluster models of Microsoft Exchange Server 2003: Active - Active Cluster Active - Passive Cluster For detailed instructions how to deploy and install the product on a cluster, see “Deploying the Product on a Cluster”, 90. 3.2.2 Installation on Microsoft Exchange Server 2007 The product can be installed on a computer running one of the following Microsoft Exchange Server versions: Microsoft® Exchange Server 2007 (64-bit version) with the latest service pack Microsoft® Small Business Server 2008 The 32-bit evaluation version of Microsoft Exchange Server 2007 is not supported. 34 35 Processor: Operating system: Any processor based on AMD x64 / Intel EM64T architecture that can run the corresponding 64-bit Microsoft Windows Server Intel Pentium 4 2GHz or higher Microsoft® Windows Server 2003, Standard x64 Edition with the latest service pack Microsoft® Windows Server 2003, Enterprise x64 Edition with the latest service pack Microsoft® Windows Server 2003 R2, Standard x64 Edition Microsoft® Windows Server 2003 R2, Enterprise x64 Edition Microsoft® Windows Server 2008, Standard Edition (x64) Microsoft® Windows Server 2008, Enterprise Edition (x64) Microsoft® Small Business Server 2008 Memory: 2 GB minimum Disk space to install: 2 GB for installation and updates CHAPTER 3 System Requirements Disk space for processing: 10 GB or more. The required disk space depends on the number of mailboxes, amount of data traffic and the size of the Information Store. Internet connection: Required to receive updates and to use the real-time protection network Web browser: Required to administer the product Microsoft Internet Explorer 6.0 or later Mozilla Firefox 3.0 or later Any other web browser that supports HTTP 1.0, SSL, JavaScript and cookies may be used as well. Microsoft Exchange Server Roles The product supports the following roles of Microsoft Exchange Server 2007: Edge Server role Hub Server role Mailbox Server role Combo Server (Mailbox Server and Hub Server roles) Cluster Environment The product supports the following cluster models of Microsoft Exchange Server 2007: Cluster Continuous Replication (CCR) Single Copy Cluster (SCC) For detailed instructions how to deploy and install the product on a cluster, see “Deploying the Product on a Cluster”, 90. 36 37 3.2.3 Installation on Microsoft Exchange Server 2010 The product can be installed on a computer running the following Microsoft Exchange Server version: Microsoft® Exchange Server 2010 Microsoft® Exchange Server 2010 (without service pack or with service pack 1 or 2) Microsoft® Small Business Server 2011 Processor: Operating system: Any processor based on AMD x64 / Intel EM64T architecture that can run the corresponding 64-bit Microsoft Windows Server Microsoft® Windows Server 2008, Standard Edition (x64) Microsoft® Windows Server 2008, Enterprise Edition (x64) Microsoft® Windows Server 2008 R2, Standard Edition Microsoft® Windows Server 2008 R2, Enterprise Edition Microsoft® Small Business Server 2008 Microsoft® Small Business Server 2011, Standard edition Memory: 4 GB minimum Disk space to install: 2 GB for installation and updates CHAPTER 3 System Requirements Disk space for processing: 10 GB or more. The required disk space depends on the number of mailboxes, amount of data traffic and the size of the Information Store. Internet connection: Required to receive updates and to use the real-time protection network Web browser: Required to administer the product Microsoft Internet Explorer 6.0 or later Mozilla Firefox 3.0 or later Any other web browser that supports HTTP 1.0, SSL, JavaScript and cookies may be used as well. Microsoft Exchange Server Roles The product supports the following roles of Microsoft Exchange Server 2010: Edge Server role Hub Server role Mailbox Server role Combo Server (Mailbox Server and Hub Server roles) Cluster Environment The current version of the product supports Microsoft Exchange Server 2010 high-availability solutions based on Database Availability Groups (DAG). 38 39 3.2.4 Network Requirements for E-mail and Server Security This network configuration is valid for all scenarios described in this chapter. Make sure that the following network traffic can pass through: Service Process Inbound ports Outbound ports F-Secure Content Scanner Server %ProgramFiles%\F-Secure\Cont ent Scanner Server\fsavsd.exe 18971 (TCP) (on localhost only) DNS (53, UDP/TCP), HTTP (80) or another known port used for HTTP proxy F-Secure E-mail and Server Security WebUI Daemon %ProgramFiles%\F-Secure\Web User Interface\bin\fswebuid.exe 25023 DNS (53, UDP and TCP), 1433 (TCP), only with the dedicated SQL server F-Secure Automatic Update Agent %ProgramFiles%\F-Secure\FSA UA\program\fsaua.exe - DNS (53, UDP and TCP), HTTP (80) and/or another port used to connect to F-Secure Policy Manager Server F-Secure Network Request Broker %ProgramFiles%\F-Secure\Com mon\fnrb32.exe - DNS (53, UDP/TCP), HTTP (80) or another port used to connect to F-Secure Policy Manager Server F-Secure Management Agent %ProgramFiles%\F-Secure\Com mon\fameh32.exe - DNS (53, UDP/TCP), SMTP (25) F-Secure Quarantine Manager %ProgramFiles%\F-Secure\Quar antine Manager\fqm.exe - DNS (53, UDP/TCP), 1433 (TCP), only with the dedicated SQL server F-Secure ORSP Client %ProgramFiles%\F-Secure\ORS P Client\fsorsp.exe - DNS (53, UDP/TCP), HTTP (80, or the port used for HTTP proxy) CHAPTER 3 System Requirements 3.3 Centralized Management Requirements F-Secure Policy Manager 9.00 or later is required if you plan to install the product in the centralized administration mode and manage it with F-Secure Policy Manager Console. We recommend that you use F-Secure Policy Manager 10.01 to administer all the features in the product. If you are using a previous version of F-Secure Policy Manager, upgrade it to the latest version before you install F-Secure E-mail and Server Security 9.20. 3.4 Other System Component Requirements When you install the product with Anti-Virus for Microsoft Exchange, it requires Microsoft SQL Server for the e-mail quarantine management. Depending on the selected deployment and administration method, you may need have some additional software as well. 3.4.1 SQL Server Requirements The product requires Microsoft® SQL Server for the quarantine management. The following versions of Microsoft SQL Server are recommended to use: Microsoft SQL Server 2005 (Enterprise, Standard, Workgroup or Express edition) with the latest service pack Microsoft SQL Server 2008 (Enterprise, Standard, Workgroup or Express edition) Microsoft SQL Server 2008 R2 Express Edition SP1 is distributed with the product and can be installed during F-Secure E-Mail and Server Security setup. When centralized quarantine management is used, the SQL server must be reachable from the network and file sharing must be enabled. 40 41 The product supports also Microsoft SQL Server 2000 with Service Pack 4 and Microsoft SQL Server 2000 Desktop Engine (MSDE) with Service Pack 4. Which SQL Server to Use for the Quarantine Database? As a minimum requirement, the Quarantine database should have the capacity to store information about all inbound and outbound mail to and from your organization that would normally be sent during 2-3 days. The upgrade installation does not upgrade the SQL server if you choose to use the existing database and the remote upgrade installation does not install or upgrade SQL Server and change the Quarantine database. If you want to upgrade the SQL Server version that you use, follow the recommendations on the Microsoft web site: http://www.microsoft.com/sqlserver/en/us/default.aspx Take the following SQL server specific considerations into account when deciding which SQL server to use: Microsoft SQL Server 2005/2008 Express Edition When using Microsoft SQL Server 2005/2008 R2 Express Edition, the Quarantine database size is limited to 4 GB (2005 version) or 10 GB (2008 R2 version). Microsoft SQL Server 2005/2008 Express Edition supports Microsoft Windows Server 2008. It is not recommended to use Microsoft SQL Server 2005/2008 Express Edition if you are planning to use centralized quarantine management with multiple product installations. Microsoft SQL Server 2008 R2 Express Edition is delivered with F-Secure E-mail and Server Security, and you can install it during the setup. CHAPTER 3 System Requirements Microsoft SQL Server 2000, 2005 and 2008 If your organization sends a large amount of e-mails, it is recommended to use Microsoft SQL Server 2000, 2005 or 2008. It is recommended to use Microsoft SQL Server if you are planning to use centralized quarantine management with multiple product installations. Note that the product does not support Windows Authentication when connecting to Microsoft SQL Server. The Microsoft SQL Server that the product will use for the Quarantine database should be configured to use Mixed Mode authentication. If you plan to use Microsoft SQL Server 2000, 2005 or 2008, you must purchase it and obtain your own license before you start to deploy the product. To purchase Microsoft SQL Server, contact your Microsoft reseller. 3.4.2 Additional Windows Components Depending on how you deploy the product to your network system, the following Windows components may be required: 3.4.3 Microsoft .NET Framework version 3.5 SP1 and Windows Installer 4.5 are required to install Microsoft SQL Server 2008 R2 Express Edition. If you plan to have Microsoft SQL Server on the same server, Microsoft .NET Framework must be installed before installing F-Secure E-mail and Server Security. Microsoft .NET Framework can be downloaded from the Microsoft Download Center. Web Browser Software Requirements In order to administer the product with the Web Console, one of the following web browsers is required: Microsoft Internet Explorer 6.0 or later Mozilla Firefox 3.0 or later 42 43 Any other web browser supporting HTTP 1.0, SSL, javascripts and cookies may be used as well. Microsoft Internet Explorer 5.5 or earlier cannot be used to administer the product. 4 INSTALLATION Installing F-Secure E-mail and Server Security from Policy Manager ..................................................................................... 45 Installing F-Secure E-mail and Server Security to Microsoft Exchange Server........................................................................ 59 Upgrading from previous product versions................................. 78 Registering the Evaluation Version............................................. 80 Uninstalling the Product.............................................................. 81 44 45 4.1 Installing F-Secure E-mail and Server Security from Policy Manager Before you begin the installation, download the remote installation package from the F-Secure web site. If you have F-Secure E-mail and Server Security license, use F-Secure E-mail and Server Security remote installation package with the filename ess_9.20-rtm.jar. If you have F-Secure Server Security license, use F-Secure Server Security remote installation package with the filename ss_9.20-rtm.jar. To install the product with F-Secure Policy Manager, follow these instructions. Step 1. Open Policy Manager Console Log in to Policy Manager Console with your user name and password. CHAPTER 4 Installation Step 2. Import the Product Installation Package 1. In Policy Manager Console, open the Installation tab. 2. Click Installation packages. 3. Click Import. 4. Select the product installation package file that you have downloaded. Click Import. 46 47 Policy Manager imports the installation package and the product information so that it can be used to administer the product. You do not need to import the package again when you install the product to other hosts. Step 3. Install the Product to Hosts 1. Click Push install to Windows hosts in the Installation tab to start the installation wizard. 2. Enter either the WINS name or IP address of the target host. You can specify a list of hosts where you want to install the product. All target hosts must be accessible from the Policy Manager Server with the address you enter. CHAPTER 4 Installation Click Next. 3. Select the product installation package that you imported from the list of available packages. Click Next. 4. In the policy selection dialog, leave Only default policy included selected. 48 49 Click Next. 5. In the account selection dialog, specify the account that has administrative rights to target hosts. If you are using an account that is a Domain administrator, you can usually select This account. Otherwise specify the administrative account and its password. Click Next. CHAPTER 4 Installation 6. The installation wizard shows you the summary of selected options. Click Start. Step 4. Select Installation Options 1. The product-specific installation wizard opens. Click Next to start the installation. 50 51 2. In the keycode dialog, enter your product keycode. Click Next. 3. Select components to install. Virus and Spyware protection is always installed, and Anti-Virus for Microsoft Exchange cannot be installed from Policy Manager. CHAPTER 4 Installation To install Anti-Virus for Microsoft Exchange, see “Installing F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59. If you have F-Secure Server Security license and use F-Secure Server Security remote installation package, Browsing protection and Anti-Virus for Microsoft Exchange components are not available. Click Next. 4. Choose the product language. Select Select automatically during installation to install the product in the default system language of the target host. Click Next. 52 53 5. Choose the Installation type. Select Centrally managed installation and click Next. 6. Specify the Policy Manager Server address. CHAPTER 4 Installation Enter the server address as it is visible to hosts, typically http:// protocol and IP or DNS. By default, Policy Manager Server uses port 80 for communication with hosts. If you have assigned some other port, specify it in the URL. Select the host identification mode. Click Next. 7. Enter any custom properties that a host may require. Click Next. 8. Choose the action to take if a conflicting software is installed on the host. 54 55 Choose Uninstall conflicting software to uninstall the conflicting software automatically and then continue the installation, or Choose Install the product only if no conflicting software is detected to stop the installation completely if any conflicting software is detected on the host. Click Next. 9. Select restart options. CHAPTER 4 Installation Usually, the first-time installation of the product does not require a restart. However, if it does, the installation is not completed until the computer is restarted. As the server where you are installing the product may have a large number of active users, be careful which option you select. Click Finish. 10. Policy Manager prepares and pushes the installation to target hosts. 11. When the installation is complete, click Finish. 56 57 Step 5. Import New Hosts 1. Click Import new hosts in the Installation tab. 2. In the New hosts table, select hosts where you installed the product. CHAPTER 4 Installation If you have a policy tree with several domains, choose the target domain in the Import hosts to selection. Click Import. 3. Click Close to close the New hosts table. 4. New hosts appear at the Policy domains tree. Select a host to view information related to the host, for example, installed product versions and their installation status. 58 59 4.2 Installing F-Secure E-mail and Server Security to Microsoft Exchange Server Follow these instructions to install the product. Step 1. 1. Download the installation file (ess920-rtm.exe) from the F-Secure web site. 2. Run the installation file to start the installation. 3. Click Install. If you plan to install Microsoft SQL Server 2008 R2 Express Edition SP1 that is included in the package, and you want to control the installation, click the link under Extras to start the SQL Server installation before you install the product. Depending on your system configuration, Microsoft SQL Server installation may require that you restart the server. In this case, install the product after the restart. CHAPTER 4 Installation Step 2. Read the information in the Welcome screen. Click Next to continue. 60 61 Step 3. Read the license agreement. If you accept the agreement, check the I accept this agreement checkbox and click Next to continue. CHAPTER 4 Installation Step 4. Enter the product keycode. This step is skipped if you install the evaluation version of the product. Click Next to continue. 62 63 Step 5. Choose the components to install. If you do not have Microsoft Exchange Server installed on the computer, Anti-Virus for Microsoft Exchange and Spam control components are not present in the list. If you use F-Secure Server Security keycode to install the product, only Virus and spyware protection and DeepGuard components are present. Click Next to continue. CHAPTER 4 Installation Step 6. Choose the destination folder for the installation. Click Next to continue. Step 7. Choose the administration method. 64 65 If you install the product in stand-alone mode, you cannot configure settings and receive alerts and status information in F-Secure Policy Manager Console. Click Next to continue. If you selected the stand-alone installation, continue to Step 10., 67. If you select the stand-alone mode, use the Web Console to change product settings and to view statistics. Step 8. The centrally managed administration mode requires the public management key. Enter the path to the public management key file admin.pub that was created during F-Secure Policy Manager setup. You can retrieve the admin.pub file directly from Policy Manager Server. 1. Open your web browser. 2. Go to the Policy Manager Server address, for example: http://fspm.example.local 3. At the page that opens, find the following text: F-Secure Policy Manager Server's management public key used by clients to verify validity of distributed policies can be downloaded from here. CHAPTER 4 Installation 4. Click the link and save the file that opens. 5. Return to the setup and click Browse. Browse to the admin.pub file that you saved. You can also transfer the public key other ways (use a shared folder on the file server, a USB device, or send the key as an attachment in an e-mail message). Click Next to continue. Step 9. In the centrally managed administration mode, enter the IP address or URL of the F-Secure Policy Manager Server you installed earlier. If you do not use the default port (80) for the host communication, specify the port that you use here. Click Next to continue. 66 67 Step 10. Enter an SMTP address that will be used by the product to send warning and informational messages to end-users. The SMTP address should be a valid, existing address that is allowed to send messages. Click Next to continue. CHAPTER 4 Installation Step 11. Specify the Quarantine management method. If you want to manage the Quarantine database locally, select Local quarantine management. Select Centralized quarantine management if you install the product on multiple servers. Click Next to continue. 68 69 Step 12. Specify Microsoft SQL Server instance that you use to store the Quarantine database. If you want to install Microsoft SQL Server 2008 R2 Express Edition and the Quarantine database on the same server as the product installation, select (a) Install and use Microsoft SQL Server 2008 R2 Express Edition. If you are using Microsoft SQL Server already, select (b) Use an existing installation of Microsoft SQL Server. Click Next to continue to either (a) or (b) based on your selection. CHAPTER 4 Installation a Specify the installation and the database directory for Microsoft SQL Server 2008 R2 Express Edition. Enter the password for the database server administrator account (sa) that will be used to create the new database. Click Next to continue. 70 71 b Specify the computer name and instance of the SQL Server where you want to create the Quarantine database. Enter the password for the sa account that you use to log on to the server. Click Next to continue. CHAPTER 4 Installation Step 13. Specify the name for the SQL database that stores information about the quarantined content. Enter the user name and the password that you want to use to connect to the quarantine database. • • Use a different account than the server administrator account. If the new account does not exist, the product creates it during the installation. The password should be strong enough to comply with your current Windows password security policy. Click Next to continue. 72 73 If the server has a database with the same name, you can either use the existing database, remove the existing database and create a new one or keep the existing database and create a new one with a new name. Click Next to continue. CHAPTER 4 Installation Step 14. The list of components that will be installed is displayed, based on the keycode you use and the components that you selected in Step 5., 63. Click Start to install listed components. The installation will take a while. 74 75 Step 15. The installation status of the components is displayed. Click Next to continue. CHAPTER 4 Installation Step 16. The installation is complete. 76 77 Click Finish to close the Setup wizard. In some cases, you may need to restart the computer to complete the installation. You can choose Restart later to close the Setup wizard, but we recommend that you restart the server as soon as possible, as the product does not protect the server before the restart. CHAPTER 4 Installation 4.3 Upgrading from previous product versions Follow these instructions to install the product if you have a previous version of F-Secure Anti-Virus for Windows Servers or F-Secure Anti-Virus for Microsoft Exchange installed. 4.3.1 Upgrading from the centralized installation of F-Secure Anti-Virus for Windows Server with Policy Manager 10.01 If you have F-Secure Anti-Virus for Windows Servers installed in your domain and you want to upgrade, we recommend that you upgrade to F-Secure Policy Manager to version 10.01 before installing E-mail and Server Security. With F-Secure Policy Manager version 10.01, you can use Upgrade command at F-Secure Policy Manager Console to deploy and upgrade the product. You can view information about the product both in antivirus mode and in advanced mode. 4.3.2 Upgrading from F-Secure Anti-Virus for Microsoft Exchange with Policy Manager 10.01 If you have F-Secure Anti-Virus for Microsoft Exchange installed in your domain and you want to upgrade, we recommend that you upgrade to F-Secure Policy Manager to version 10.01 before installing E-mail and Server Security. 78 79 With F-Secure Policy Manager version 10.01, you can use Upgrade command at F-Secure Policy Manager Console to deploy and upgrade the product. You can view information about the product both in antivirus mode and in advanced mode. F-Secure Anti-Virus for Microsoft Exchange is updated only if it is installed on the host already. You cannot add F-Secure Anti-Virus for Microsoft Exchange component, but you can add or upgrade other components during the upgrade installation. 4.3.3 Upgrading from F-Secure Anti-Virus for Microsoft Exchange If you have F-Secure Anti-Virus for Microsoft Exchange version 9.00 9.10, follow the standard installation instructions. When the installation asks for the Policy Manager settings, select Keep current. CHAPTER 4 Installation 4.4 Registering the Evaluation Version If you want to use the product after your evaluation period expires, you need a new keycode. Contact your software vendor or renew your license online. After you have received the new keycode, you can either reinstall the product with your new keycode (see “Installing F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59) or register the new keycode. To register the new keycode: 1. Log in to the Web Console. The evaluation screen is opened. 2. Enter the new keycode you have received and click Register Keycode. If you do not want to continue to use the product after your evaluation license expires, you should uninstall the software. 80 81 When the license expires, the product stops receiving anti-virus database updates, and processing e-mails and messages posted to public folders. However, the messages are still delivered to the recipients. If you use F-Secure E-mail and Server Security keycode to register the product, but you have installed only the Server Security evaluation version, you need to run the installation again to add the missing components. If you have installed F-Secure E-mail and Server Security evaluation version, you cannot use the Server Security keycode to register the product. Uninstall the evaluation version before you install the full Server Security product. 4.5 Uninstalling the Product To uninstall the product, select Add/Remove Programs from the Windows Control Panel. Uninstall the components in the following order: 1. F-Secure E-mail and Server Security - Spam control 2. F-Secure E-mail and Server Security - Anti-Virus for Microsoft Exchange 3. F-Secure E-mail and Server Security - Browsing protection 4. F-Secure E-mail and Server Security - DeepGuard 5. F-Secure E-mail and Server Security - Virus and spyware protection Restart the server after you have uninstalled all components. Some files and directories may remain after the uninstallation and can be removed manually. 5 CONFIGURING THE PRODUCT Configuring the Product.............................................................. 83 Network Configuration................................................................ 84 Configuring F-Secure Spam Control .......................................... 86 82 83 5.1 Configuring the Product The product is fully functional only after it receives the first automatic update. The first update can take longer time than the following updates. The product uses mostly default settings after the installation and the first update. We recommend that you go through all the settings of the installed components. Configure the product. If the product has been installed in the centralized administration mode, use F-Secure Policy Manager Console to configure the settings and distribute the policy. If the product has been installed in stand-alone mode, use the Web Console to configure the settings. To make sure that the Real-time Protection Network is enabled, go to the Privacy page in the Web Console and select Yes, I want to participate in the Real-time Protection Network. With Real-time Protection Network, you benefit from the cloud-based F-Secure technology of exchanging information about threats with other participants all over the world. To change the setting with Policy Manager Console, go to: F-Secure Real-time Protection Network Client / Settings / Participate in the Real-time Protection Network. Specify the IP addresses of hosts that belong to your organization. For more information, see “Network Configuration”, 84. Verify that the product is able to retrieve the virus and spam definition database updates. CHAPTER 5 Configuring the Product If necessary, reconfigure your firewalls or other devices that may block the database downloads. For more information, see “Network Requirements for E-mail and Server Security”, 39. 5.2 If the product is installed on the same computer with Microsoft Exchange Server 2010, which is in the Mailbox server role, specify the primary SMTP address for the account which is used to scan items in public folders. The user account must have permissions to access and modify items in the public folders. If the organization has multiple Microsoft Exchange Server installations and Mailbox servers are deployed on dedicated servers, you have to configure the Hub Transport Role and Mailbox Role Servers so that quarantined messages can be delivered: For more information, see “Configuring Mailbox Role Servers”, 124. Network Configuration The mail direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows: 1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients). a. Specify Internal Domains and separate each domain name with a space. You can use an asterisk (*) as a wildcard. For example, *example.com internal.example.net b. Specify all hosts within the organization that send messages to Exchange Edge or Hub servers via SMTP as Internal SMTP Senders. Separate each IP address with a space. An IP address range can be defined as: • a network/netmask pair (for example, 10.1.0.0/255.255.0.0), or • a network/nnn CIDR specification (for example, 10.1.0.0/16). 84 85 You can use an asterisk (*) to match any number or dash (-) to define a range of numbers. For example, 172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.* If end-users in the organization use other than Microsoft Outlook e-mail client to send and receive e-mail, it is recommended to specify all end-user workstations as Internal SMTP Senders. If the organization has Exchange Edge and Hub servers, the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed. Do not specify the server where the Edge role is installed as Internal SMTP Sender. 2. E-mail messages are considered outbound if they come from internal SMTP sender hosts and mail recipients do not belong to the specified internal domains (external recipients). 3. E-mail messages that come from hosts that are not defined as internal SMTP sender hosts are considered inbound. 4. E-mail messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host. If e-mail messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outbound respectively. If the product has been installed in the centralized administration mode, configure the mail direction with F-Secure Policy Manager Console. If the product has been installed in stand-alone mode, configure the mail direction with the Web Console. CHAPTER 5 Configuring the Product 5.3 Configuring F-Secure Spam Control When F-Secure Spam Control is enabled, incoming messages that are considered as spam can be marked as spam automatically. The product can add an X-header with the spam flag or predefined text in the message header and end users can then create filtering rules that direct the messages marked with the spam flag header into a junk mail folder. When the product stays connected to F-Secure Update Server, F-Secure Spam Control is always up-to-date. F-Secure Spam Control is fully functional only after it receives the first automatic update. In Microsoft Exchange 2007 and 2010 environments, the Microsoft Exchange server can move messages to the Junk mail folder based on the spam confidence level value. This feature is available immediately after the product has been installed, if the end user has activated this functionality. For more information on how to configure this functionality at the end-user’s workstations, consult the documentation of the used e-mail client. 5.3.1 Realtime Blackhole List Configuration This section describes how to enable and disable Realtime Blackhole Lists, how to optimize F-Secure Spam Control performance, and how to specify blocked and safe recipients and senders by using black- and whitelisting. Configuring Realtime Blackhole Lists The product supports DNS Blackhole List (DNSBL), also known as Realtime Blackhole List (RBL), functionality in spam filtering. The functionality is enabled by default. 86 87 To test DNSBL/RBL: 1. Make sure you have a working DNS server configured in Windows Server networking. The primary DNS server should be configured to allow recursive DNS queries. DNS protocol is used to make the DNSBL/RBL queries. 2. Make sure you do not have a firewall preventing DNS access from the host where F-Secure Spam Control is running. 3. Test the DNS functionality by running the nslookup command at Microsoft Windows command prompt on the host running F-Secure Spam Control. An example: C:\>nslookup 2.0.0.127.sbl-xbl.spamhaus.org. Server: <your primary DNS server's name should appear here> Address: <your primary DNS server's IP address should appear here> Non-authoritative answer: Name: 2.0.0.127.sbl-xbl.spamhaus.org Addresses: 127.0.0.2, 127.0.0.4, 127.0.0.6 4. If the test is successful, continue with these instructions. If the test is not successful, you should double-check your DNS and firewall configuration. 5. Find the sample configuration file fssc_example.cfg in F-Secure Spam Control installation directory: <Product installation directory>\Spam Control\fssc_example.cfg 6. Copy the file to the same directory with the name fssc.cfg 7. Open fssc.cfg in a text editor (like Windows Notepad). 8. The configuration file has instructions inside. For typical use, you can leave the settings like they are. However, it is recommended to configure at least the trusted_networks setting to identify the public IP address(es) of your network. For more information, see the instructions in fssc_example.cfg. 9. When the configuration file is ready, restart F-Secure Content Scanner Server through the Web Console. CHAPTER 5 Configuring the Product To verify that DNSBL/RBL is working correctly: 1. If DNSBL/RBL is operating correctly, you should see this kind of headers in messages classified as spam: X-Spam-Status: YES, database-version=2005-04-06_1 hits=9 required=5 tests=RCVD_IN_DSBL, RCVD_IN_NJABL_PROXY, RCVD_IN_SORBS_DUL Tests like RCVD_IN_DSBL, RCVD_IN_NJABL, RCVD_IN_SORBS, RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DSBL, RCVD_IN_XBL indicate that DNSBL/RBL was successfully used to classify the mail. 2. If DNS functionality is not operating correctly, you may see a significant decrease in the product throughput. In that case, disable the DNSBL/RBL functionality by changing the dns_available setting in fssc.cfg to: dns_available no and restarting F-Secure Content Scanner Server through the Web Console. You can force F-Secure Spam Control to use a specific DNS server (not necessarily configured in Microsoft Windows networking) by adding a new system environment variable as described in the instructions below. However, this should be needed only in troubleshooting situations. Normally it is best to use the Windows networking settings. To force F-Secure Spam Control to use a specific DNS server, do the following: 1. Right-click the My Computer icon and select Properties. 2. Select Advanced and click the Environment Variables. button. 3. In the System variables panel click New. 4. In the New System Variable dialog specify the new variable as follows: Variable Name: RES_NAMESERVERS Variable Value: <the IP address of the desired DNS server> 5. Click OK. 6. Restart the computer to take the new system environment variable into use. 88 89 5.3.2 Optimizing F-Secure Spam Control Performance To optimize the performance, the heuristic spam analysis is off by default. If you need additional level of Spam protection, use the following setting to turn it on: Web Console: Transport Protection / Spam Control / Settings / Heuristic spam analysis Policy Manager Console: F-Secure Anti-Virus for Microsoft Exchange Server / Settings / Transport Protection / Inbound Mail / Spam Control / Heuristic Spam Analysis Due to the nature of DNSBL/RBL, processing time for each mail increases when DNS queries are made. If needed, the performance can be improved by increasing the number of mails being processed concurrently by F-Secure Spam Control. By default, the product processes a maximum of three e-mails at the same time, because there can be three Spam Scanner engine instances running simultaneously. The number of Spam Scanner instances can be controlled with the product settings or by using a command-line switch for F-Secure Content Scanner Server: Policy Manager Console: F-Secure Content Scanner Server / Settings / Spam Filtering / Number of Spam Scanner instances Stand-alone installation: Use the command-line switch. To change the value to 5, so that a maximum five mails can be processed at the same time, type: fsavsd.exe --spam-scanner-instances=5 where 5 is the value that you want to take in use. To take the new setting into use, restart F-Secure Content Scanner Server. IMPORTANT: Each additional instance of the Spam Scanner takes approximately 25Mb of memory (process fsavsd.exe). Typically you should not need more than 5 instances. A APPENDIX: Deploying the Product on a Cluster Installation Overview .................................................................. 91 Creating Quarantine Storage...................................................... 93 Administering the Cluster Installation with F-Secure Policy Manager ................................................................................... 123 Using the Quarantine in the Cluster Installation ....................... 124 Using the Product with High Availability Architecture in Microsoft Exchange Server 2010............................................................. 125 Uninstallation............................................................................ 126 Troubleshooting........................................................................ 127 90 91 A.1 Installation Overview Follow these steps to deploy and use the product on a cluster. 1. Install F-Secure Policy Manager on a dedicated server. If you already have F-Secure Policy Manager installed in the network, you can use it to administer the product. For more information, see F-Secure Policy Manager Administrator’s Guide. 2. Install Microsoft SQL Server 2000, 2005 or 2008 on a dedicated server. Microsoft SQL Server must be installed with the mixed authentication mode (Windows Authentication and SQL Server Authentication). After the installation, make sure that Named Pipes and TCP/IP protocols are enabled in SQL Server network configuration. 3. Create the quarantine storage where the product will place quarantined e-mail messages and attachments. In the active-passive cluster environment, continue to “Quarantine Storage in Active-Passive Cluster”, 93. In the active-active cluster environment, continue to “Quarantine Storage in Active-Active Cluster”, 98. In the Single Copy Cluster (SCC) environment, continue to “Creating the Quarantine Storage for a Single Copy Cluster Environment”, 101. In the Continuous Cluster Replication (CCR) environment, continue to “Creating the Quarantine Storage for a Continuous Cluster Replication Environment”, 108. In the Database Availability Group (DAG) environment continue to “Creating the Quarantine Storage for a Database Availability Group Environment”, 112. APPENDIX A Deploying the Product on a Cluster 4. Install the product locally on one node at the time in the centralized administration mode, starting from the active node. Make sure the product is fully up and running before starting the installation on the passive node. Do not move cluster resources to the passive node before you install all passive nodes first. In the environment with Quarantine as cluster resource, see more information on “Installing on Clusters with Quarantine as Cluster Resource”, 116. In the environment with Quarantine on dedicated computer, see more information on “Installing on Clusters with Quarantine on a Dedicated Computer”, 119. 5. Create a policy domain for the cluster in F-Secure Policy Manager and import cluster nodes there. See “Administering the Cluster Installation with F-Secure Policy Manager”, 123. 6. Log on each node and configure the Web Console to accept connections from authorized hosts. 92 93 A.2 Creating Quarantine Storage Follow instructions in this section to create the Quarantine Storage in the cluster environment. A.2.1 Quarantine Storage in Active-Passive Cluster For active-passive cluster, the Quarantine Storage can be created on a dedicated computer or as a cluster resource. For more information on how to install the Quarantine Storage on a dedicated computer, see “Quarantine Storage in Active-Active Cluster”, 98. To install Quarantine as a cluster resource, follow these instructions: 1. Log on to the active node of the cluster with the domain administrator account. 2. Create a directory for the quarantine storage on the physical disk shared by the cluster nodes. You can create it on the same disk with Microsoft Exchange Server storage and log files. For example, create Quarantine directory on disk D:. 3. Go to Windows Start menu > All Programs > Administrative Tools and select Cluster Administrator. 4. Under Groups, right-click Exchange Virtual Server and select New > Resource. APPENDIX A Deploying the Product on a Cluster Enter the following information: Name: F-Secure Quarantine Storage Resource Type: File Share Group: make sure that your Exchange Virtual Server is selected. Click Next. 5. Possible Owners dialog opens. 94 95 6. Verify that all nodes that are running Exchange Server are listed under Possible owners and click Next. 7. Dependencies dialog opens. APPENDIX A Deploying the Product on a Cluster In Available resources, select the Exchange Server Network Name and the disk with the quarantine storage directory and click Add to add them to Resource dependencies. Click Next. 8. File Share Parameters dialog opens. Type FSAVMSEQS$ as Share name. (Note: the dollar ($) character at the end of the share name makes the share hidden when you view network resources of the cluster with Windows Explorer.) Enter the directory name you created on step 2 as Path (for example, D:\Quarantine). In the Comment box, type F-Secure Quarantine Storage. Make sure that User limit is set to Maximum allowed. Click Permissions 9. Permissions dialog opens. 96 97 Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names. Remove Everyone account. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM, and Full Control, Change and Read permissions for Administrator account. Click OK. 10. In File Share Parameters dialog, click Advanced. Make sure that Normal share is selected in Advanced File Share Properties. Click OK. 11. In File Share Parameters dialog, click Finish to create F-Secure Quarantine Storage resource. APPENDIX A Deploying the Product on a Cluster 12. Right-click the F-Secure Quarantine Storage resource and click Bring Online. A.2.2 Quarantine Storage in Active-Active Cluster For an active-active cluster installation, the quarantine storage must be set on a dedicated computer. This computer should be the member of the same domain as your Exchange Servers. 1. Log on to the server where you plan to create the quarantine storage (for example, APPSERVER) with a domain administrator account. 2. Create a directory (for example, C:\Quarantine) for the quarantine storage on the local hard disk. 3. Right-click the directory in the Windows Explorer and select Sharing and Security. 4. The Sharing tab opens. 98 99 Type FSAVMSEQS$ as Share name and make sure that User limit is set to Maximum Allowed. Click Permissions 5. Permissions dialog opens. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names. Remove Everyone account. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM, and Full Control, Change and Read permissions for Administrator account. Click OK. 6. In the directory properties dialog, go to the Security tab. APPENDIX A Deploying the Product on a Cluster Remove all existing groups and users and add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names. Grant all except Full Control permissions for Exchange Domain Servers and SYSTEM. Grant all permissions for Administrator. Click OK. 7. To verify that the quarantine storage is accessible, log on as the domain administrator to any node in the cluster and try to open \\<Server>\FSAVMSEQS$\ with Windows Explorer, where <Server> is the name of the server where you created the quarantine storage share. 100 101 A.2.3 Creating the Quarantine Storage for a Single Copy Cluster Environment For single copy cluster, the Quarantine Storage can be created on a dedicated computer or as a cluster resource. For more information on how to install the Quarantine Storage on a dedicated computer, see “Creating the Quarantine Storage for a Continuous Cluster Replication Environment”, 108. To install Quarantine as a cluster resource, follow the instructions for either “Windows 2003 Based Cluster”, 101, or “Windows 2008 based cluster”, 106. Windows 2003 Based Cluster 1. Log on to the active node of the cluster with the domain administrator account. 2. Create a directory for the quarantine storage on the physical disk shared by the cluster nodes. You can create it on the same disk where the Exchange Server storage and logs are located. For example, create Quarantine directory on disk D:. 3. Go to Start menu > All Programs > Administrative Tools > Cluster Administrator. 4. Right-click the Exchange Virtual Server under the Groups and select New > Resource. 5. The New Resource wizard opens. APPENDIX A Deploying the Product on a Cluster a. Type F-Secure Quarantine Storage as the name of the new resource. b. In the Resource Type list, select File Share. c. In the Group list, make sure that your Exchange Virtual Server is selected. Click Next to continue. 6. Make sure that all nodes that are running Exchange Server are listed in the Possible owners list. Click Next to continue. 102 103 7. Select the Exchange Server Network Name and the Physical Disk under Available resources and click Add to move them to the Resource dependencies list. Click Next to continue. 8. Use the following settings as the File Share parameters. a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine Storage as comment. The dollar ($) character at the end of the share name makes the share hidden when you view the network resources of the cluster with Windows Explorer. b. Make sure that User Limit is set to Maximum allowed. APPENDIX A Deploying the Product on a Cluster Click Permissions to change permissions. 9. Change permissions as follows: a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Remove the Everyone account. c. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM. d. Grant Full Control, Change and Read permissions for the Administrator account. 104 105 Click OK to continue. 10. Click Advanced to open Advanced File Share Properties. Make sure that Normal share is selected. Click OK to continue. 11. Click Finish to create the F-Secure Quarantine Storage resource. APPENDIX A Deploying the Product on a Cluster 12. Right-click the F-Secure Quarantine Storage resource and select Bring Online. Windows 2008 based cluster 1. Log on to the active node of the cluster with the domain administrator account. 2. Create a directory for the quarantine storage on the physical disk shared by the cluster nodes. You can create it on the same disk where the Exchange Server storage and logs are located. 3. After the quarantine directory is created, it has to be shared. When you share the quarantine directory, it becomes visible in the Failover Cluster Manager. To share the directory, right-click the quarantine folder and select Share. 106 107 Add Administrators, Exchange Servers and SYSTEM with Contributor permission levels. Press Share to close the window and enable the share. 4. Check that everything is configured correctly. The Failover Cluster Manager view should look like this: APPENDIX A Deploying the Product on a Cluster 5. During the product installation, select the quarantine share you just created when the installation asks for the quarantine path. Use the UNC path in form of \\CLUSTERNAME\QUARANTINE. (In the example above, \\LHCLUMB\Quarantine.) A.2.4 Creating the Quarantine Storage for a Continuous Cluster Replication Environment For a Continuous Cluster Replication (CCR) cluster installation, the quarantine storage must be set on a dedicated computer. This computer has to be a member in the same domain with Exchange Servers. 1. Log on to the server where you plan to create the quarantine storage (for example, APPSERVER) with the domain administrator account. 2. Open Windows Explorer and create a directory (for example, C:\Quarantine) for the quarantine storage on the physical disk. 3. Right-click the directory and select Sharing and Security. 108 109 4. Go to the Sharing tab. a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine Storage as comment. The dollar ($) character at the end of the share name makes the share hidden when you view the network resources of the cluster with Windows Explorer. b. Make sure that User Limit is set to Maximum allowed. Click Permissions to set permissions. APPENDIX A Deploying the Product on a Cluster 5. Change permissions as follows: a. Remove all existing groups and users. a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Grant Change and Read permissions for Exchange Domain Servers and SYSTEM. c. Grant Full Control, Change and Read permissions for the Administrator account. Click OK to continue. 110 111 6. Go to the Security tab. a. Remove all existing groups and users. a. Add Administrator, Exchange Domain Servers and SYSTEM to the Group or user names list. b. Grant all except Full Control permissions for Exchange Domain Servers and SYSTEM. c. Grant all permissions for the Administrator account. Click OK to finish. To make sure that the quarantine storage is accessible, follow these instructions: 1. Log on as the domain administrator to any node of the cluster. 2. Try to open \\<Server>\FSAVMSEQS$\ with Windows Explorer, where <Server> is the name of the server where you just created the quarantine storage share. APPENDIX A Deploying the Product on a Cluster A.2.5 Creating the Quarantine Storage for a Database Availability Group Environment For the Database Availability Group (DAG) installation, the quarantine storage must be set on a dedicated computer. This computer has to be a member in the same domain with Exchange Servers. 1. Log on to the server where you will create the quarantine storage (for example, APPSERVER) with the domain administrator account. 2. Open Windows Explorer and create a directory (for example, C:\Quarantine) for the quarantine storage. 3. Right-click the directory and select Properties from the menu. 4. Go to the Sharing tab. 5. Click Advanced Sharing to share the directory. 6. Select Share this folder. 112 113 a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine Storage as a comment. The dollar ($) character at the end of the share name hides the share when you view the network resources of the cluster with Windows Explorer. b. Make sure that User Limit is set to Maximum that is allowed (16777216). 7. Click Permissions to set permissions for the share. 8. Change permissions as follows: a. Remove all existing groups and users. b. Add Administrator, Exchange Servers and SYSTEM to the Group or user names list. c. Grant Change and Read permissions for Exchange Servers and SYSTEM. d. Grant Full Control, Change and Read permissions for the Administrator account. APPENDIX A Deploying the Product on a Cluster 9. Click OK to continue. 10. Go to the Security tab and click Edit. a. Remove all existing groups and users. b. Add Administrator, Exchange Servers and SYSTEM to the Group or user names list. c. Grant all except Full Control permissions for Exchange Servers and SYSTEM. d. Grant all permissions for the Administrator account. 114 115 11. Click OK to continue. After you have configured the quarantine storage, make sure that it is accessible. Follow these instructions: 1. Log on as the domain administrator to any node of the cluster. 2. Open \\<Server>\FSAVMSEQS$\ with Windows Explorer, where <Server> is the name of the server where you created the quarantine storage share. APPENDIX A Deploying the Product on a Cluster A.3 Installing the Product Follow the instructions in this section to install the product on the active-passive and active-active clusters, CCR, SCC and DAG installations. A.3.1 Installing on Clusters with Quarantine as Cluster Resource This section describes how to install the product on clusters where Quarantine is configured as cluster resource in Exchange Virtual Server. 1. Log on to the active node of the cluster using a domain administrator account. 2. Run F-Secure E-mail and Server Security setup wizard. a. Install the product in the centralized management mode. b. Specify the IP address of F-Secure Policy Manager Server and admin.pub that you created during the F-Secure Policy Manager installation. For more information, see “Installing F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59. 3. The setup wizard asks for the location of the quarantine directory. 116 117 Specify the UNC path to the Quarantine Storage share that you created before the installation as the Quarantine Directory. For example, \\<EVSName>\FSAVMSEQS$, where <EVSName> is the network name of your Exchange Virtual Server. Click Next to continue. 4. The setup program asks to specify the SQL Server to use for the quarantine database. APPENDIX A Deploying the Product on a Cluster Select the server running Microsoft SQL Server and click Next to continue. 5. The setup program asks to specify the database name where quarantined items are stored. Specify the name for the database and enter user name and password that will be used to access the database. Click Next to continue. 6. Complete the installation on the active node. 7. Log on to the passive node of the cluster using a domain administrator account. Repeat steps 2-4. 118 119 8. After you specify the SQL Server to use, the setup wizard asks you to specify the quarantine database. Select Use the existing database and click Next to continue. 9. Complete the installation on the passive node. A.3.2 Installing on Clusters with Quarantine on a Dedicated Computer This section describes how to install the product on clusters where Quarantine is installed on a dedicated computer. 1. Log on to the first node of the cluster using a domain administrator account. 2. Run F-Secure E-mail and Server Security setup wizard. a. Install the product in the centralized management mode. b. Specify the IP address of F-Secure Policy Manager Server and admin.pub that you created during the F-Secure Policy Manager installation. For more information, see “Installing F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59. APPENDIX A Deploying the Product on a Cluster 3. The setup wizard asks for the location of the quarantine directory. Specify the UNC path to the Quarantine Storage share that you created before the installation as the Quarantine Directory. For example, \\<Server>\FSAVMSEQS$, where <Server> is the name of the server where you created the quarantine storage share. Click Next to continue. 120 121 4. The setup program asks to specify the SQL Server to use for the quarantine database. Select the server running Microsoft SQL Server and click Next to continue. APPENDIX A Deploying the Product on a Cluster 5. The setup program asks to specify the database name where quarantined items are stored. Specify the name for the database and enter user name and password that will be used to access the database. Click Next to continue. 6. Complete the installation on the first active node. 7. Log on to the second node of the cluster using a domain administrator account and repeat steps 2-4. 122 123 8. After you specify the SQL Server to use, the setup wizard asks you to specify the quarantine database. Select Use the existing database and click Next to continue. 9. Complete the installation on the second node. A.4 Administering the Cluster Installation with F-Secure Policy Manager To administer the product installed on a cluster, create a new subdomain under your organization or network domain. Import all cluster nodes to this subdomain. To change product configuration on all cluster nodes, follow these instructions: 1. Select the cluster subdomain in the Policy Domains tree. 2. Change required settings. 3. Distribute the policy. 4. All nodes receive new settings next time they poll the F-Secure Policy Manager Server. APPENDIX A Deploying the Product on a Cluster If you need to change settings on a particular node, follow these instructions: 1. Select the corresponding host in the Policy Domains. 2. Change required settings. 3. Distribute the policy. 4. All nodes will receive new settings the next time they poll F-Secure Policy Manager Server. A.5 Using the Quarantine in the Cluster Installation You can manage quarantined items with the Web Console by connecting to any node of the cluster. You need to configure the Web Console to accept connections from authorized hosts. By default, the Web Console accepts connections from the local host only. You can release, reprocess and download quarantined messages and attachments when at least one node of the cluster is currently online. Configuring Mailbox Role Servers However, as the clustered Exchange 2007 can have the mailbox role only and not all members of Exchange 2010 Database Availability Group may have Hub Transport Role, you need to configure the hub transport role and mailbox role servers so that quarantined messages can be delivered: Hub Transport Role Server: 1. Share the Pickup folder on the Exchange Hub Server. By default, the Pickup folder is located at %Program Files%\Microsoft\Exchange Server\TransportRoles\Pickup. Use the default name (Pickup) for the share so that it can be accessed at \\HubServerName\Pickup. 2. Right-click the Pickup folder and select Properties > Sharing and click Permissions. Assign Read and Change permissions to the Pickup folder for the Exchange Servers group or for the Mailbox Role Servers directly. 124 125 3. Go to the Security tab and assign all the permissions except FullControl and Special for the Pickup Folder for the Exchange Servers group or directly for the Mailbox Role Servers. Mailbox Role Server 1. Open the Windows Registry Editor and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FS AVMSED\Parameters subkey. If the Parameters subkey does not exist, create it. 2. Under the Parameters subkey, create PickupFolderPath string value that points to the Pickup Folder share of the hub server that has been created earlier (\\HubServerName\Pickup). The registry value has to be changed on all cluster nodes. After these steps have been completed, the quarantine works properly on the Mailbox Role only servers as well. You do not have to reboot or restart the server, the product takes the new settings into use automatically. Even though the Exchange organization may contain more than one Hub Transport Role server, F-Secure Anti-Virus for Microsoft Exchange supports only one Pickup folder. After you have specified one Hub Transport Role Server with a Pickup folder, make sure that the folder is available or change Pickup folder path to another one if the current Hub Transport Role Server goes offline. A.6 Using the Product with High Availability Architecture in Microsoft Exchange Server 2010 New high-availability solutions in Microsoft Exchange Server 2010 support online mailbox moves. As it takes some time for the product to enumerate mailbox changes on nodes, manual and scheduled scans APPENDIX A Deploying the Product on a Cluster might not scan the moved mailbox but the mailbox copy on the former node instead, if the scan is started right after the move. However, the real-time scan works without these limitations. To scan Public Folders manually or with scheduled scanning, you have to specify an administrator’s mailbox if the product settings. Manual and scheduled scans scan all Public Folders that the specified administrator account can access. Once you start the manual scan of Public Folders on one node, the scan goes through all Public Folders the account can access, including those Public Folder Databases that are located on other nodes. To avoid collisions where one item would be edited by several on-demand scanners simultaneously, make sure that manual and scheduled Public Folders scans are started only on one node at a time. The real-time Public Folder scan scans only Public Folders that are located together with the product on the same node. If Public Folders in Microsoft Exchange 2010 are replicated, the attachment replacement text file is added only to the Public Folder Database replica that is located on the same node, but infections are detected and quarantined if needed from all replicas. If an infected item was edited (an infection was disinfected or quarantined) during the manual or scheduled Public Folder scan, the edited item is marked as "read" for the administrator's mailbox which is specified in the product settings. A.7 Uninstallation Follow these instructions to uninstall the product in the cluster environment. 1. Uninstall the product from the active node with Add/Remove Programs in Windows 2003 or Programs and Features in Windows 2008 and 2008 R2. The uninstallation removes the cluster resource automatically. 2. After the uninstallation in the active node is finished, uninstall the product from passive nodes. 126 127 3. After the product has been uninstalled from every node, reboot computers one at the time. A.8 Troubleshooting If the product fails to quarantine a message or attachment or reports that the e-mail quarantine storage is not accessible, make sure that directory sharing and security permissions are set as follows: change, write and read operations are allowed for SYSTEM and Exchange Domain Servers, and full control is allowed for Administrator. To change the location of the e-mail quarantine storage from F-Secure Policy Manager Console, use the Final flag to override the setting set during product installation on the host. B APPENDIX: Services and Processes List of Services and Processes ................................................ 129 128 129 B.1 List of Services and Processes The following tables list the services and processes that are running on the system after the installation: Service/Application Process Description F-Secure Gatekeeper driver fsgk.sys File filter driver, provides interception of file operations. F-Secure HIPS driver fships.sys Provides intrusion prevention and system protection. F-Secure Gatekeeper Handler Starter fsgk32st.exe Provides activation of Gatekeeper driver. Gatekeeper Handler fsgk32.exe File filter handler. F-Secure Anti-Virus Handler fsav32.exe Provides handling system interfaces, policy management and low-level drivers and scan services. F-Secure Scanner Manager fssm32.exe Provides anti-virus scanning for all FPI agents (file system). F-Secure ORSP Client fsorsp.exe Provides client-side connection to F-Secure Object Reputation Service Platform to support Cloud-based protection, AKA Real-time Protection Network. APPENDIX B Services and Processes Service/Application Process Description F-Secure Anti-Virus for Microsoft Exchange Daemon fshkmngr.exe (with Microsoft Exchange 2003) fsavmsed.exe (with Microsoft Exchange 2007/2010) This is the main service that takes care of other product components and implements/exposes COM-based interfaces for reading and writing policy settings/statistics, and sending alerts. F-Secure Automatic Update Agent fsaua.exe This service takes care of fetching updates from FSPM or FS Update server. F-Secure Content Scanner Server Daemon fsavsd.exe Provides anti-virus scanning service for Simple Content Inspection Protocol (SCIP) compliant agents. F-Secure Database Update Handler fsdbuh.exe The Database Update Handler process verifies and checks the integrity of virus definition and spam control database updates. F-Secure Quarantine Manager fqm.exe Provides the quarantine interface and takes care of reprocessing, release and cleaning items from the quarantine database/ storage. F-Secure WebUI Daemon fswebuid.exe HTTP server that hosts the Web Console. Supports HTTP/1.0, HTTP/1.1 and HTTPS. 130 131 Service/Application Process Description F-Secure Management Agent (FSMA) fsma32.exe Provides all other product services with policy (configuration) management and communications, monitors and controls starting and stopping the product services. F-Secure Network Request Broker fnrb32.exe The service handles the communication with F-Secure Policy Manager via HTTP interface. fsdll32.exe, fsdll64.exe Provides hosting services for a number of F-Secure services, including Message Broker and Configuration Handler. F-Secure Settings and Statistics fsm32.exe The product user interface (the product icon in the Windows system tray). The process is not running unless the user is logged in to the system. F-Secure Installation Handler fih32.exe F-Secure Installation Handler enables the remote installation and updating of integrated F-Secure products. APPENDIX B Services and Processes 132 Technical Support F-Secure Online Support Resources........................................ 134 Software Downloads................................................................. 136 Virus Descriptions on the Web ................................................. 136 133 Technical Support F-Secure Online Support Resources F-Secure Technical Support is available through F-Secure support web pages, e-mail and by phone. Support requests can be submitted through a form on F-Secure support web pages directly to F-Secure support. F-Secure support web pages for any F-Secure product can be accessed at http://support.f-secure.com/. All support issues, frequently asked questions and hotfixes can be found under the support pages. If you have questions about the product that are not covered in this manual or on the F-Secure support web pages, you can contact your local F-Secure distributor or F-Secure Corporation directly. For technical assistance, please contact your local F-Secure Business Partner. Send your e-mail to: Anti-Virus-<country>@f-secure.com Example: [email protected] If there is no authorized F-Secure Anti-Virus Business Partner in your country, you can submit a support request directly to F-Secure. There is an online "Request Support form" accessible through F-Secure support web pages under the "Contact Support" page. Fill in all the fields and describe the problem as accurately as possible. Please include the FSDiag report taken from the problematic server with the support request. F-Secure Support Tool Before contacting support, please run the F-Secure Support Tool FSDiag.exe on each of the hosts running the product. This utility gathers basic information about hardware, operating system, network configuration and installed F-Secure and third-party software. You can run the F-Secure Support Tool from the Web Console as follows: 1. Log in to the Web Console. 2. Type https://127.0.0.1:25023/fsdiag/ in the browser’s address field or or click F-Secure support tool on General Server Properties page. 134 135 3. The F-Secure Support Tool starts and the dialog window displays the progress of the data collection. Note that in some web browsers, the window may appear behind the main browser window. 4. When the tool has finished collecting the data, click Report to download and save the collected data. You can also find and run the FSDiag.exe utility in the Common directory under the product installation directory, or run F-Secure E-mail and Server Security > Support Tool in the Windows Start menu. The tool generates a file called FSDiag.tar.gz. Please include the following information with your support request: Product and component version numbers. Include the build number if available. Description how F-Secure components are configured. The name and the version number of the operating system on which F-Secure products and protected systems are running. For Windows, include the build number and Service Pack number. The version number and the configuration of your Microsoft Exchange Server, if you use F-Secure Anti-Virus for Microsoft Exchange component. If possible, describe your network configuration and topology. A detailed description of the problem, including any error messages displayed by the program, and any other details that could help us replicate the problem. Logfile.log from the machines running F-Secure products. This file can be found under Program Files\F-Secure\Common. If you are sending the FSDiag report you do not need to send the Logfile.log separately, because it is already included in the FSDiag report. If the whole product or a component crashed, include the drwtsn32.log file from the Windows NT directory and the latest records from the Windows Application Log. Technical Support Software Downloads The F-Secure web site provides assistance and updated versions of the F-Secure products. In order to maximize your security level we strongly encourage you to always use the latest versions of our products. You can find the latest product version, hotfixes and all related downloadable materials in: http://www.f-secure.com/en_EMEA/downloads/product-updates/. Virus Descriptions on the Web F-Secure Corporation maintains a comprehensive collection of virus-related information on its Web site. To view the Virus Information Database, connect to: http://www.f-secure.com/security_center/. 136 About F-Secure Corporation F-Secure Corporation protects consumers and businesses against computer viruses and other online threats from the Internet and mobile networks. We want to be the most reliable provider of internet security services in the market. One way to demonstrate this is the speed of our response. F-Secure’s award-winning solutions for real-time virus protection are available as a service subscription through more than 170 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in the market of internet and computer security. The solutions are also available as licensed products through thousands of resellers globally. F-Secure aspires to be the most reliable mobile and computer security provider, helping make computer and smartphone users' networked lives safe and easy. This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the http://www.f-secure.com/weblog/