F-Secure Anti-Virus for Microsoft Exchange

Transcription

F-Secure Anti-Virus for Microsoft Exchange
F-Secure E-mail and
Server Security
Deployment Guide
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure
product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation.
All product names referenced herein are trademarks or registered trademarks of their respective companies.
F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure
Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be
liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify
specifications cited in this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No part of this
document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of F-Secure Corporation.
Copyright © 1993-2012 F-Secure® Corporation. All rights reserved.
Portions:
Copyright © 2004 BackWeb Technologies Inc.
Copyright © 1991-2010 Commtouch® Software Ltd.
Copyright © 1997-2009 BitDefender.
Copyright © Yooichi Tagawa, Nobutaka Watazaki, Masaru Oki, Tsugio Okamoto
Copyright © 1990-2002 ARJ Software, Inc.
Copyright © 1990-2003 Info-ZIP
Copyright © 1996-2000 Julian R Seward
Copyright © 1996-2009, Daniel Stenberg, [email protected]
This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
Copyright © 2000-2004 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www.php.net/.
Copyright © 1999-2010 The PHP Group. All rights reserved.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://
www.openssl.org/).
Copyright © 1998-2011 The OpenSSL Project. All rights reserved.
This product includes cryptographic software written by Eric Young ([email protected]).
Copyright © 1995-1998 Eric Young ([email protected]). All rights reserved.
This product includes software written by Tim Hudson ([email protected]).
Copyright © 1994-2010 Lua.org, PUC-Rio.
Copyright © Reuben Thomas 2000-2010.
Copyright © 2005 Malete Partner, Berlin, [email protected]
This software is copyrighted by the Regents of the University of California, Sun Microsystems, Inc., Scriptics
Corporation, ActiveState Corporation and other parties.
Copyright © 1996-2001 Intel Corporation (http://www.intel.com)
Copyright © 2004, 2005 Metaparadigm Pte Ltd
This product includes code from SpamAssassin. The code in the files of the SpamAssassin distribution are
Copyright © 2000-2002 Justin Mason and others, unless specified otherwise in that particular file. All files in
the SpamAssassin distribution fall under the same terms as Perl itself, as described in the "Artistic License".
This product includes optional Microsoft SQL Server 2008 R2 Express Edition.
Copyright © 2010 Microsoft Corporation. All rights reserved.
This product may be covered by one or more F-Secure patents, including the following:
GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233, GB2374260.
Contents
About This Guide
4
How This Guide Is Organized .............................................................................................. 5
Conventions Used in F-Secure Guides ................................................................................ 6
Chapter 1
Introduction
8
1.1
Overview ...................................................................................................................... 9
1.2
How the Product Works ............................................................................................. 10
1.3
Key Features.............................................................................................................. 13
1.4
Scanning Methods ..................................................................................................... 16
Chapter 2
Deployment
17
2.1
Installation Modes ...................................................................................................... 18
2.2
Deployment Scenarios ............................................................................................... 19
2.2.1 Deploying F-Secure E-mail and Server Security to a stand-alone server ...... 19
2.2.2 Deploying F-Secure E-mail and Server Security with Policy Manager........... 20
2.2.3 Single File, Terminal or Exchange Server ...................................................... 21
2.2.4 Multiple Exchange 2003 Servers.................................................................... 22
2.2.5 Multiple Exchange Server 2007/2010 Roles .................................................. 23
2.2.6 Large organization using Exchange 2007/2010 ............................................. 24
2.2.7 Centralized Quarantine Management............................................................. 26
Chapter 3
System Requirements
30
3.1
System Requirements for Installation without Anti-Virus for Microsoft Exchange...... 31
3.2
System Requirements for Installation with Anti-Virus for Microsoft Exchange........... 32
1
3.2.1
3.2.2
3.2.3
3.2.4
Installation on Microsoft Exchange Server 2003 ............................................ 32
Installation on Microsoft Exchange Server 2007 ............................................ 34
Installation on Microsoft Exchange Server 2010 ............................................ 37
Network Requirements for E-mail and Server Security .................................. 39
3.3
Centralized Management Requirements.................................................................... 40
3.4
Other System Component Requirements .................................................................. 40
3.4.1 SQL Server Requirements ............................................................................. 40
3.4.2 Additional Windows Components................................................................... 42
3.4.3 Web Browser Software Requirements ........................................................... 42
Chapter 4
Installation
44
4.1
Installing F-Secure E-mail and Server Security from Policy Manager .......................45
4.2
Installing F-Secure E-mail and Server Security to Microsoft Exchange Server ......... 59
4.3
Upgrading from previous product versions ................................................................ 78
4.3.1 Upgrading from the centralized installation of F-Secure Anti-Virus for Windows
Server with Policy Manager 10.0178
4.3.2 Upgrading from F-Secure Anti-Virus for Microsoft Exchange with Policy
Manager 10.0178
4.3.3 Upgrading from F-Secure Anti-Virus for Microsoft Exchange......................... 79
4.4
Registering the Evaluation Version ............................................................................ 80
4.5
Uninstalling the Product ............................................................................................. 81
Chapter 5
Configuring the Product
82
5.1
Configuring the Product ............................................................................................. 83
5.2
Network Configuration................................................................................................ 84
5.3
Configuring F-Secure Spam Control .......................................................................... 86
5.3.1 Realtime Blackhole List Configuration............................................................ 86
5.3.2 Optimizing F-Secure Spam Control Performance .......................................... 89
Appendix A Deploying the Product on a Cluster
90
A.1
Installation Overview ................................................................................................. 91
A.2
Creating Quarantine Storage ..................................................................................... 93
A.2.1 Quarantine Storage in Active-Passive Cluster ............................................... 93
A.2.2 Quarantine Storage in Active-Active Cluster .................................................. 98
A.2.3 Creating the Quarantine Storage for a Single Copy Cluster Environment ...101
2
A.3
A.2.4 Creating the Quarantine Storage for a Continuous
Cluster Replication Environment ..................................................................108
A.2.5 Creating the Quarantine Storage for a Database
Availability Group Environment ....................................................................112
Installing the Product................................................................................................116
A.3.1 Installing on Clusters with Quarantine as Cluster Resource ........................116
A.3.2 Installing on Clusters with Quarantine on a Dedicated Computer ................119
A.4
Administering the Cluster Installation with F-Secure Policy Manager......................123
A.5
Using the Quarantine in the Cluster Installation.......................................................124
A.6
Using the Product with High Availability
Architecture in Microsoft Exchange Server 2010125
A.7
Uninstallation............................................................................................................126
A.8
Troubleshooting .......................................................................................................127
Appendix B Services and Processes
B.1
128
List of Services and Processes ............................................................................... 129
Technical Support
133
F-Secure Online Support Resources ............................................................................... 134
Software Downloads ........................................................................................................136
Virus Descriptions on the Web .........................................................................................136
About F-Secure Corporation
3
ABOUT THIS GUIDE
How This Guide Is Organized...................................................... 5
Conventions Used in F-Secure Guides ....................................... 6
4
5
How This Guide Is Organized
F-Secure E-mail and Server Security Deployment Guide is divided into
the following chapters:
Chapter 1. Introduction. General information about F-Secure E-mail
and Server Security and other F-Secure Anti-Virus Mail Server and
Gateway products.
Chapter 2. Deployment. Instructions and examples how to set up your
network environment before you can install the product.
Chapter 3. System Requirements. System and network requirements
for product components.
Chapter 4. Installation. Instructions how to install and set up the
product.
Chapter 5. Configuring the Product. Instructions on how to configure
the product to take it into use.
Appendix A. Deploying the Product on a Cluster. Instructions how to
deploy and use the product on a cluster.
Appendix B. Services and Processes. Describes services, devices and
processes of the product.
Technical Support. Contains the contact information for assistance.
About F-Secure Corporation. Describes the company background and
products.
See the F-Secure Policy Manager Administrator's Guide for detailed
information about installing and using the F-Secure Policy Manager
components:

F-Secure Policy Manager Console, the tool for remote
administration of the product.

F-Secure Policy Manager Server, which enables communication
between F-Secure Policy Manager Console and the managed
systems.
CHAPTER 2
Conventions Used in F-Secure Guides
This section describes the symbols, fonts, and terminology used in this
manual.
Symbols
WARNING: The warning symbol indicates a situation with a
risk of irreversible destruction to data.
IMPORTANT: An exclamation mark provides important information
that you need to consider.
REFERENCE - A book refers you to related information on the
topic available in another document.
NOTE - A note provides additional information that you should
consider.
l
TIP - A tip provides information that can help you perform a task
more quickly or easily.
Fonts
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals.
Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names.
Courier New is used for messages on your computer screen.
Courier New bold is used for information that you must type.
SMALL CAPS (BLACK)
keyboard.
is used for a key or key combination on your
6
7
Arial underlined (blue) is used for user interface links.
Arial italics is used for window and dialog box names.
PDF Document
This manual is provided in PDF (Portable Document Format). The PDF
document can be used for online viewing and printing using Adobe®
Acrobat® Reader. When printing the manual, please print the entire
manual, including the copyright and disclaimer statements.
For More Information
Visit F-Secure at http://www.f-secure.com for documentation, training
courses, downloads, and service and support contacts.
In our constant attempts to improve our documentation, we would
welcome your feedback. If you have any questions, comments, or
suggestions about this or any other F-Secure document, please contact
us at [email protected].
1
INTRODUCTION
Overview....................................................................................... 9
How the Product Works.............................................................. 10
Key Features .............................................................................. 13
Scanning Methods...................................................................... 16
8
9
1.1
Overview
Malicious code, such as computer viruses, is one of the main threats for
companies today. In the past, malicious code spread mainly via disks and
the most common viruses were the ones that infected disk boot sectors.
When users began to use office applications with macro capabilities such as Microsoft Office - to write documents and distribute them via mail
and groupware servers, macro viruses started spreading rapidly.
Nowadays the most common spreading mechanism for viruses is Web.
Even fraudulent e-mails usually contain a link to a browser exploit or a
phishing web site. F-Secure E-mail and Server Security includes
Browsing Protection, which protects the Internet browsing for all users of
the server.
F-Secure Anti-Virus Mail Server and Gateway products are designed to
protect your company's mail and groupware servers and to shield the
company network from any malicious code that travels in HTTP or SMTP
traffic. In addition, they protect your company network against spam. The
protection can be implemented on the gateway level to screen all
incoming and outgoing e-mail (SMTP), web surfing (HTTP and
FTP-over-HTTP) and file transfer (FTP) traffic. Furthermore, it can be
implemented on the mail server level so that it does not only protect
inbound and outbound traffic but also internal mail traffic and public
sources, such as public folders on Microsoft Exchange servers.
Providing the protection already on the gateway level has plenty of
advantages. The protection is easy and fast to set up and install,
compared to rolling out antivirus protection on hundreds or thousands of
workstations. The protection is also invisible to the end users which
ensures that the system cannot be by-passed and makes it easy to
maintain. Of course, protecting the gateway level alone is not enough to
provide a complete antivirus solution; file server and workstation level
protection is needed, also.
Why clean 1000 workstations when you can clean one attachment at the
gateway level?
CHAPTER 1
Introduction
1.2
How the Product Works
The product is designed to detect and disinfect viruses and other
malicious code from e-mail transmissions through Microsoft Exchange
Server. Scanning is done in real time as the mail passes through
Microsoft Exchange Server. On-demand scanning of user mailboxes and
public folders is also available.
Scanning
Attachments and
Message Bodies
The product scans attachments and message bodies for malicious code.
It can also be instructed to remove particular attachments according to
the file name or the file extension.
If the intercepted mail contains malicious code, the product can be
configured to disinfect or drop the content. Any malicious code found
during the scan process can be placed in the Quarantine, where it can be
further examined. Stripped attachments can also be placed in the
Quarantine for further examination.
Flexible and Scalable
Anti-Virus Protection
The product is installed on Microsoft Exchange Server and it intercepts
mail traveling to and from mailboxes and public folders. The messages
and documents are scanned with the scanning component, F-Secure
Content Scanner Server, which also disinfects the infected messages.
Alerting
The product has extensive alerting functions, which means that the
system administrator can specify a recipient, such as the network
administrator, to be notified about the infection found in the data content.
Powerful and Always
Up-to-date
The product uses the award-winning F-Secure Anti-Virus techniques and
scanning engines to ensure the highest possible detection rate and
disinfection capability. The F-Secure Anti-Virus definition databases are
updated typically multiple times a day and they provide an always
up-to-date protection capability.
F-Secure Anti-Virus scanner consistently ranks at the top when compared
to competing products. Our team of dedicated virus researchers is on call
24-hours a day responding to new and emerging threats. In fact,
F-Secure is one of the only companies to release tested virus definition
updates continuously, to make sure our customers are receiving the
highest quality service and protection.
10
11
Real-time
Protection
Network
F-Secure's Real-time Protection Network is an online service which
provides rapid response against Internet-based threats.
The Real-time Protection Network uses reputation services to obtain
information about the latest Internet threats. When Real-time Protection
Network finds a suspicious application on the server, you benefit from the
analysis results when the same application has been found on other
devices already. Real-time Protection Network improves the overall
performance, as the product does not need to scan any applications that
Real-time Protection Network has already analyzed and found clean.
Similarly, information about malicious websites and unsolicited bulk
messages is shared through Real-time Protection Network, and we are
able to provide you with more accurate protection against web site
exploits and spam messages.
Virus and Spam
Outbreak Detection
Massive spam and virus outbreaks consist of millions of messages which
share at least one identifiable pattern that can be used to distinguish the
outbreak. Any message that contains one or more of these patterns can
be assumed to be a part of the same spam or virus outbreak.
The product can identify these patterns from the message envelope,
headers and body, in any language, message format and encoding type.
It can detect spam messages and new viruses during the first minutes of
the outbreak.
Stand-alone and
Centralized
Administration Modes
The product can be installed either in stand-alone or centrally
administered mode. Depending on how the product has been installed, it
is managed either with the Web Console or F-Secure Policy Manager.
Scalability and
Reliability
F-Secure Policy Manager provides a scalable way to manage the security
of multiple applications on multiple operating systems, from one central
location. F-Secure Policy Manager is comprised of two components,
F-Secure Policy Manager Console and F-Secure Policy Manager Server,
which are used to administer applications. They are seamlessly
integrated with the F-Secure Management Agents that handle all
management functions on local hosts.
Easy to
Administer
If the product is installed in stand-alone mode it can be managed with the
web-based user interface.
CHAPTER 1
Introduction
If the product is installed in centrally administered configuration, it is
managed with F-Secure Policy Manager. With its graphical user interface,
F-Secure Policy Manager Console provides a centralized view of the
domains and hosts in your network, lets you configure the security
policies for all F-Secure components and set up scheduled scans and run
manual scanning operations. F-Secure Policy Manager receives status
information from the product.
F-Secure Policy Manager Server is the server side component that
handles communication between the product and F-Secure Policy
Manager Console. It exchanges security policies, software updates,
status information, statistics, alerts, and other information between
F-Secure Policy Manager Console and all managed systems.
Figure 1-1 (1) E-mail arrives from the Internet to F-Secure E-mail and Server
Security, which (2) filters malicious content from mails and attachments, and (3)
delivers cleaned files forward.
12
13
1.3
Key Features
The product provides the following features and capabilities.
Superior
Protection
Virus
Outbreak
Detection

Stops all malware at the server and protects e-mails, file sharing,
web browsing, critical system processes, and system
configuration.

Superior detection rate with multiple scanning engines.

Scanning engines updated automatically with the latest versions.

Automatic malicious code detection and disinfection.

The grayware scan detects spyware, adware, dialers, joke
programs, remote access tools, and any other unwelcome files
and programs.

Heuristic scanning detects also unknown Windows and macro
viruses.

Recursive scanning of ARJ, BZ2, CAB, GZ, JAR, LZH, MSI,
RAR, TAR, TGZ, Z and ZIP archive files.

Automatic and consistent virus definition database updates.

Suspicious and unsafe attachments can be stripped away from
e-mails.

Password protected archives can be treated as unsafe.

Intelligent file type recognition.

Message filtering based on keywords in message subjects and
text.

The virus outbreak detection is an additional active layer of
protection that automatically detects virus outbreaks and
quarantines suspicious messages.

Virus outbreaks are transparently detected and infected
messages are quarantined before the outbreak becomes
widespread.

Quarantined unsafe messages can be reprocessed
automatically.
CHAPTER 1
Introduction
Transparency
and Scalability
Management
Protection
against
Spam

Viruses are intercepted before they can enter the network and
spread out on workstations and servers.

Real-time scanning of internal, inbound and outbound mail
messages and public folder notes.

Automatic protection of new mailboxes and public folders.

Total transparency to end-users. Users cannot bypass the
system, which means that messages and documents cannot be
exchanged without scanning.

Controlling and monitoring the behavior of the products remotely.

Starting predefined operations remotely.

Monitoring statistics provided by the products remotely with
F-Secure Policy Manager or the Web Console.

Possibility to configure and manage stand-alone installations with
the convenient the Web Console.

You can manage and search quarantined content with the Web
Console.

Spam messages are transparently detected before they become
widespread.

Efficient spam detection based on different analyses on the
e-mail content.

Multiple filtering mechanisms guarantee the high accuracy of
spam detection.

Spam messages can be separated from legitimate messages and
processed using the Spam Confidence Levels.

Spam detection works in every language and message format.
14
15
DeepGuard
Browsing
Protection

DeepGuard protects your server in real-time from new and
unknown treats and attacks.

Combines enhanced system monitoring, executable file behavior
and reputation analysis and intrusion prevention features.

Uses in-the-cloud protection techniques to provide fast reaction
times against the latest threats.

DeepGuard can be configured to handle and block suspicious
files automatically without requiring any user interaction.

Browsing Protection protects you from web sites that may steal
your personal information, including credit card numbers, user
account information, and passwords.

Blocks access to malicious, undesired, and suspicious sites
based on web site reputation and analysis.
CHAPTER 1
Introduction
1.4
Scanning Methods
Virus Scanning
The virus scan uses virus definition databases to detect and disinfect
viruses. Virus definition databases are updated typically multiple times a
day and they provide an always up-to-date protection capability.
Heuristic Scanning
The heuristic scan analyzes files for suspicious code behavior so that the
product can detect unknown malware.
Proactive Virus Threat Detection
The proactive virus threat detection analyzes e-mail messages for
possible virus patterns and security threats. All possibly harmful
messages are quarantined as unsafe. The proactive virus threat detection
can detect new viruses during the first minutes of the outbreak.
Grayware Scanning
The grayware scan detects applications that have annoying or
undesirable behavior that can reduce the performance of computers on
the network and introduce significant security risks to your organization.
Grayware includes spyware, adware, dialers, joke programs, remote
access tools, and any other unwelcome files and programs that can
perform a variety of undesired and threatening actions, such as irritating
users with pop-up windows, logging user key strokes, and exposing the
computer to vulnerabilities.
16
2
DEPLOYMENT
Installation Modes....................................................................... 18
Deployment Scenarios ............................................................... 19
17
CHAPTER 2
Deployment
2.1
Installation Modes
The product can be installed locally at the server, or remotely to one or
more servers with F-Secure Policy Manager.
E-mail Security components can be installed only locally.
Administration Modes
The product can be installed either in stand-alone or centrally
administered mode. In stand-alone installation, the product is managed
with Web Console. In centrally administered mode, it is managed
centrally with F-Secure Policy Manager.
To administer the product in the centrally administered mode, you have to
install F-Secure Policy Manager on a dedicated computer.
For up-to-date information on supported platforms, see F-Secure
Policy Manager Release Notes.
18
19
2.2
Deployment Scenarios
Depending on how the Microsoft Exchange Server roles are deployed in
your environment, you might consider various scenarios of deploying the
product. There are various ways to deploy the product that are suitable to
different environments:
2.2.1

If you have just a single file, terminal or Microsoft Exchange
Server, see “Single File, Terminal or Exchange Server”, 21.

If you have multiple Microsoft Exchange Servers, see “Multiple
Exchange 2003 Servers”, 22.

If you have multiple Microsoft Exchange Servers with Exchange
Edge and Mailbox Server roles, see “Multiple Exchange Server
2007/2010 Roles”, 23.

If you have multiple Microsoft Exchange Servers deployed on
dedicated servers with server roles and possibly clustered
mailbox servers, see “Large organization using Exchange 2007/
2010”, 24.

If you have multiple Microsoft Exchange Server installations and
you want to configure the product to use one SQL server and
database for the quarantine management, see “Centralized
Quarantine Management”, 26.
Deploying F-Secure E-mail and Server Security to a
stand-alone server
In corporations with one or two servers (Microsoft Exchange Server 2003/
2007/2010 or Microsoft Small Business Server 2003/2008/2011) that hold
all mailboxes, public folders and send and receive all inbound and
outbound messages over SMTP. You can administer each server in
stand-alone mode.
This is a typical scenario in companies that run Microsoft Small Business
Server. Make sure that your hardware and the system configuration meet
the system and network requirements.
CHAPTER 2
Deployment
Installing F-Secure Anti-Virus for Microsoft Exchange
To install the product, login to the server with local administrative
privileges and run the setup. For more information, see “Installing
F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59.
Administration Modes
After you have installed the product, use the product Web Console to
configure your product. For more information, see “Configuring the
Product”, 82.
2.2.2
Deploying F-Secure E-mail and Server Security with
Policy Manager
In corporations with multiple servers and workstations, we recommend
that you use F-Secure Policy Manager to centrally manage the product.
Make sure that servers where you install the product meet the system and
network requirements.
To install the product to servers:
1. Download the remote installation package (jar file) of the product and
import it to F-Secure Policy Manager Console.
If you have F-Secure E-mail and Server Security license, use
F-Secure E-mail and Server Security remote installation
package with the filename ess_9.20-rtm.jar.
If you have F-Secure Server Security license, use F-Secure
Server Security remote installation package with the filename
ss_9.20-rtm.jar.
2. Install F-Secure E-mail and Server Security to the target servers.
If target servers are in the policy domain already, use the
policy-based installation. Otherwise, use the push-installation.
3. After the installation is complete, import new hosts to the Policy
Manager domain.
4. Install E-mail Security components locally to servers running
Microsoft Exchange Server. Use the centralized administration mode
and connect the product to the same Policy Manager.
20
21
2.2.3
Single File, Terminal or Exchange Server
Your organization has a single server (Microsoft Exchange Server 2003/
2007/2010 or Microsoft Small Business Server 2003/2008/2011) that
holds all mailboxes, public folders and sends and receives all inbound
and outbound messages over SMTP. Usually, the server is located behind
the firewall or router.
Installing F-Secure Anti-Virus for Microsoft Exchange
Install the product to the server running Microsoft Exchange Server or
Microsoft Small Business Server.
Administration Modes
You can install the product in stand-alone mode and administer it with the
Web Console.
The product receives anti-virus and spam database updates from
F-Secure Update Server.
CHAPTER 2
Deployment
2.2.4
Multiple Exchange 2003 Servers
Your organization has multiple Microsoft Exchange Server 2003
installations. Usually, the front-end server is located in the perimeter
network and receives inbound mail using SMTP and forwards all
messages to the back-end server. The back-end Exchange server holds
all mailboxes and public folders. In a larger organization, back-end
servers may be clustered.
Installing F-Secure Anti-Virus for Microsoft Exchange
Install the product to both front-end and back-end Exchange servers. In
addition, the front-end server can be protected with F-Secure Spam
Control.
Administration Modes
Install F-Secure Policy Manager Server on a dedicated server or on the
same server with one of Exchange servers. You can administer the
product with F-Secure Policy Manager Console.
When you install the product, configure each installation to connect to the
same F-Secure Policy Manager Server.
The product installations receive anti-virus and spam database updates
from F-Secure Policy Manager Server, which receives updates from
F-Secure Update Server.
22
23
2.2.5
Multiple Exchange Server 2007/2010 Roles
Your organization has multiple Microsoft Exchange Server 2007/2010
installations. Exchange Edge and Mailbox Server roles are deployed to
separate servers and the Hub Server is deployed either on a separate
server or on the same server with the Mailbox Server. The Edge Server
handles incoming and outgoing messages using SMTP and Mailbox
Server holds all mailboxes and public folders and Hub Server routes mail
traffic between Exchange servers.
Installing F-Secure Anti-Virus for Microsoft Exchange
Install the product to all servers where Exchange Edge, Hub and Mailbox
Server roles are deployed. In addition, the Edge server can be protected
with F-Secure Spam Control.
If the Exchange role is changed later, the product has to be
reinstalled.
Administration Modes
Install F-Secure Policy Manager Server on a dedicated server or on the
same server with one of Exchange servers. You can administer the
product with F-Secure Policy Manager Console.
CHAPTER 2
Deployment
When you install the product, configure each installation to connect to the
same F-Secure Policy Manager Server.
The product installations receive anti-virus and spam database updates
from F-Secure Policy Manager Server, which receives updates from
F-Secure Update Server.
2.2.6
Large organization using Exchange 2007/2010
Your organization has multiple Microsoft Exchange Server 2007/2010
installations. All Exchange roles are deployed on dedicated servers.
Mailbox servers are possibly clustered.
24
25
Installing F-Secure Anti-Virus for Microsoft Exchange
Install the product to the server where Exchange Edge, Hub and Mailbox
Server roles are deployed. In addition, the Edge server can be protected
with F-Secure Spam Control.
Do not install the product to Client Access or Unified Messaging Server
roles.
Installing F-Secure Spam Control
F-Secure Spam Control can be installed on the Edge server.
Administration Modes
Install F-Secure Policy Manager Server on a dedicated server. You can
administer the product with F-Secure Policy Manager Console.
When you install the product, configure each installation to connect to the
same F-Secure Policy Manager Server.
The product installations receive anti-virus and spam database updates
from F-Secure Policy Manager Server, which receives updates from
F-Secure Update Server.
CHAPTER 2
Deployment
2.2.7
Centralized Quarantine Management
Your organization has multiple Microsoft Exchange Server installations.
For example, you have front-end and back-end servers running
Exchange Server 2003, or a network configuration with Edge and Mailbox
roles running Exchange Server 2007/2010.
Microsoft SQL Server is installed on a dedicated server or on the server
running F-Secure Policy Manager Server.
26
27
Installing the product
When you install the product, configure each installation to use the same
SQL server and database.

Make sure that the SQL server, the database name, user name
and password are identical in the quarantine configuration for all
F-Secure Anti-Virus for Microsoft Exchange installations.

Make sure that all the servers are allowed to communicate with
the SQL server using mixed mode authentication. For more
information, see “Enabling the mixed mode authentication in the
Microsoft SQL Server”, 27.

In environments with heavy e-mail traffic, it is recommended to
use a Microsoft SQL server installed on a separate server. When
using the free Microsoft SQL Server 2008 R2 included with the
product, the Quarantine database size is limited to 10 GB.

You can use the Web Console to manage and search
quarantined content.
Enabling the mixed mode authentication in the Microsoft SQL
Server
If you install Microsoft SQL Server 2005/2008 separately, it supports
Windows Authentication only by default. You have to change the
authentication to mixed mode during the setup or configure it later with
Microsoft SQL Server user interface.
The mixed mode authentication allows you to log into the SQL server with
either your Windows or SQL username and password.
Make sure that the sa password is strong when you change the
authentication mode from the Windows authentication to the mixed
authentication mode.
Follow these steps to change the authentication mode:
1. Open Microsoft SQL Server Management Studio or Microsoft SQL
Server Management Studio Express.
If you do not have Microsoft SQL Server Management Studio
installed, you can freely download Management Studio Express from
the Microsoft web site.
CHAPTER 2
Deployment
2.
3.
4.
5.
Connect to the SQL server.
In Object Explorer, go to Security > Logins.
Right-click on sa and select Properties.
Open the General page and change the password. Confirm the new
password that you entered.
6. Open the Status page and select Enabled in the Login section.
7. Click OK.
8. In Object Explorer, right-click on the server name and select
Properties.
9. On the Security page, select SQL Server and Windows
Authentication mode under Server authentication.
10. Click OK.
11. Right-click on the server name and select Restart.
Wait for a moment for the service to restart before you continue.
12. Use Management Studio to test the connection to the SQL server with
the sa account and the new password you set.
28
29
3
SYSTEM REQUIREMENTS
System Requirements for Installation without Anti-Virus for
Microsoft Exchange.................................................................... 31
System Requirements for Installation with Anti-Virus for Microsoft
Exchange.................................................................................... 32
Centralized Management Requirements.................................... 40
Other System Component Requirements................................... 40
30
31
3.1
System Requirements for Installation without
Anti-Virus for Microsoft Exchange
The minimum and recommended requirements for installing and using the
product on the server that does not have Microsoft Exchange Server are:
Processor:
Operating system:
Any processor based on Intel x86 (I386) or
AMD x64 / Intel EM64T architecture that can
run the corresponding Microsoft Windows
Server (Intel Pentium 4 2GHz or higher
recommended)

Microsoft® Windows Server 2003 with
the latest service pack

Microsoft® Windows Server 2003 R2

Microsoft® Windows Server 2008

Microsoft® Windows Server 2008 R2

Microsoft® Small Business Server
2003

Microsoft® Small Business Server
2003 R2

Microsoft® Small Business Server
2008

Microsoft® Small Business Server
2011, Standard edition
Memory:
512MB (1GB or more recommended)
Disk space:
1,1 GB for installation and updates
CHAPTER 3
System Requirements
3.2
Display:
At least 8-bit [256 colors] (16-bit or more
[65000 colors] recommended)
Internet connection:
Required to receive updates and to use the
real-time protection network
Web browser:
Required to administer the product

Microsoft Internet Explorer 6.0 or later

Mozilla Firefox 3.0 or later

Any other web browser that supports
HTTP 1.0, SSL, JavaScript and
cookies may be used as well.
System Requirements for Installation with
Anti-Virus for Microsoft Exchange
The product is installed on the computer running Microsoft Exchange
Server.
The release notes document contains the latest information about
the product and might have changes to system requirements and
the installation procedure. It is highly recommended to read the
release notes before you proceed with the installation.
3.2.1
Installation on Microsoft Exchange Server 2003
The product can be installed on a computer running Microsoft® Exchange
Server 2003 with the latest service pack
Processor:
Any processor based on Intel x86 (I386) or
AMD x64 / Intel EM64T architecture that can
run the corresponding 32-bit Microsoft
Windows Server
Intel Pentium 4 2GHz or higher
32
33
Operating system:

Microsoft® Windows Server 2003
Standard Edition with the latest
service pack

Microsoft® Windows Server 2003
Enterprise Edition with the latest
service pack

Microsoft® Windows Server 2003 R2
Standard Edition

Microsoft® Windows Server 2003 R2
Enterprise Edition

Microsoft® Small Business Server
2003

Microsoft® Small Business Server
2003 R2
Memory:
1 GB minimum
Disk space to install:
2 GB for installation and updates
Disk space for
processing:
10 GB or more. The required disk space
depends on the number of mailboxes, amount
of data traffic and the size of the Information
Store.
Internet connection:
Required to receive updates and to use the
real-time protection network
Web browser:
Required to administer the product

Microsoft Internet Explorer 6.0 or later

Mozilla Firefox 3.0 or later

Any other web browser that supports
HTTP 1.0, SSL, JavaScript and
cookies may be used as well.
CHAPTER 3
System Requirements
Cluster Environment
The product supports the following cluster models of Microsoft Exchange
Server 2003:

Active - Active Cluster

Active - Passive Cluster
For detailed instructions how to deploy and install the product on a
cluster, see “Deploying the Product on a Cluster”, 90.
3.2.2
Installation on Microsoft Exchange Server 2007
The product can be installed on a computer running one of the following
Microsoft Exchange Server versions:

Microsoft® Exchange Server 2007 (64-bit version) with the latest
service pack

Microsoft® Small Business Server 2008
The 32-bit evaluation version of Microsoft Exchange Server 2007 is
not supported.
34
35
Processor:
Operating system:
Any processor based on AMD x64 / Intel
EM64T architecture that can run the
corresponding 64-bit Microsoft Windows
Server
Intel Pentium 4 2GHz or higher

Microsoft® Windows Server 2003,
Standard x64 Edition with the latest
service pack

Microsoft® Windows Server 2003,
Enterprise x64 Edition with the latest
service pack

Microsoft® Windows Server 2003 R2,
Standard x64 Edition

Microsoft® Windows Server 2003 R2,
Enterprise x64 Edition

Microsoft® Windows Server 2008,
Standard Edition (x64)

Microsoft® Windows Server 2008,
Enterprise Edition (x64)

Microsoft® Small Business Server
2008
Memory:
2 GB minimum
Disk space to install:
2 GB for installation and updates
CHAPTER 3
System Requirements
Disk space for
processing:
10 GB or more. The required disk space
depends on the number of mailboxes, amount
of data traffic and the size of the Information
Store.
Internet connection:
Required to receive updates and to use the
real-time protection network
Web browser:
Required to administer the product

Microsoft Internet Explorer 6.0 or later

Mozilla Firefox 3.0 or later

Any other web browser that supports
HTTP 1.0, SSL, JavaScript and
cookies may be used as well.
Microsoft Exchange Server Roles
The product supports the following roles of Microsoft Exchange Server
2007:

Edge Server role

Hub Server role

Mailbox Server role

Combo Server (Mailbox Server and Hub Server roles)
Cluster Environment
The product supports the following cluster models of Microsoft Exchange
Server 2007:

Cluster Continuous Replication (CCR)

Single Copy Cluster (SCC)
For detailed instructions how to deploy and install the product on a
cluster, see “Deploying the Product on a Cluster”, 90.
36
37
3.2.3
Installation on Microsoft Exchange Server 2010
The product can be installed on a computer running the following
Microsoft Exchange Server version:

Microsoft® Exchange Server 2010

Microsoft® Exchange Server 2010 (without service pack or with
service pack 1 or 2)

Microsoft® Small Business Server 2011
Processor:
Operating system:
Any processor based on AMD x64 / Intel
EM64T architecture that can run the
corresponding 64-bit Microsoft Windows
Server

Microsoft® Windows Server 2008,
Standard Edition (x64)

Microsoft® Windows Server 2008,
Enterprise Edition (x64)

Microsoft® Windows Server 2008 R2,
Standard Edition

Microsoft® Windows Server 2008 R2,
Enterprise Edition

Microsoft® Small Business Server
2008

Microsoft® Small Business Server
2011, Standard edition
Memory:
4 GB minimum
Disk space to install:
2 GB for installation and updates
CHAPTER 3
System Requirements
Disk space for
processing:
10 GB or more. The required disk space
depends on the number of mailboxes, amount
of data traffic and the size of the Information
Store.
Internet connection:
Required to receive updates and to use the
real-time protection network
Web browser:
Required to administer the product

Microsoft Internet Explorer 6.0 or later

Mozilla Firefox 3.0 or later

Any other web browser that supports
HTTP 1.0, SSL, JavaScript and
cookies may be used as well.
Microsoft Exchange Server Roles
The product supports the following roles of Microsoft Exchange Server
2010:

Edge Server role

Hub Server role

Mailbox Server role

Combo Server (Mailbox Server and Hub Server roles)
Cluster Environment
The current version of the product supports Microsoft Exchange Server
2010 high-availability solutions based on Database Availability Groups
(DAG).
38
39
3.2.4
Network Requirements for E-mail and Server Security
This network configuration is valid for all scenarios described in this
chapter. Make sure that the following network traffic can pass through:
Service
Process
Inbound ports
Outbound ports
F-Secure Content Scanner
Server
%ProgramFiles%\F-Secure\Cont
ent Scanner Server\fsavsd.exe
18971 (TCP) (on
localhost only)
DNS (53, UDP/TCP),
HTTP (80) or another
known port used for
HTTP proxy
F-Secure E-mail and
Server Security WebUI
Daemon
%ProgramFiles%\F-Secure\Web
User Interface\bin\fswebuid.exe
25023
DNS (53, UDP and TCP),
1433 (TCP), only with the
dedicated SQL server
F-Secure Automatic
Update Agent
%ProgramFiles%\F-Secure\FSA
UA\program\fsaua.exe
-
DNS (53, UDP and TCP),
HTTP (80) and/or another
port used to connect to
F-Secure Policy Manager
Server
F-Secure Network Request
Broker
%ProgramFiles%\F-Secure\Com
mon\fnrb32.exe
-
DNS (53, UDP/TCP),
HTTP (80) or another port
used to connect to
F-Secure Policy Manager
Server
F-Secure Management
Agent
%ProgramFiles%\F-Secure\Com
mon\fameh32.exe
-
DNS (53, UDP/TCP),
SMTP (25)
F-Secure Quarantine
Manager
%ProgramFiles%\F-Secure\Quar
antine Manager\fqm.exe
-
DNS (53, UDP/TCP),
1433 (TCP), only with the
dedicated SQL server
F-Secure ORSP Client
%ProgramFiles%\F-Secure\ORS
P Client\fsorsp.exe
-
DNS (53, UDP/TCP),
HTTP (80, or the port
used for HTTP proxy)
CHAPTER 3
System Requirements
3.3
Centralized Management Requirements
F-Secure Policy Manager 9.00 or later is required if you plan to install the
product in the centralized administration mode and manage it with
F-Secure Policy Manager Console.
We recommend that you use F-Secure Policy Manager 10.01 to
administer all the features in the product.
If you are using a previous version of F-Secure Policy Manager,
upgrade it to the latest version before you install F-Secure E-mail
and Server Security 9.20.
3.4
Other System Component Requirements
When you install the product with Anti-Virus for Microsoft Exchange, it
requires Microsoft SQL Server for the e-mail quarantine management.
Depending on the selected deployment and administration method, you
may need have some additional software as well.
3.4.1
SQL Server Requirements
The product requires Microsoft® SQL Server for the quarantine
management. The following versions of Microsoft SQL Server are
recommended to use:

Microsoft SQL Server 2005 (Enterprise, Standard, Workgroup or
Express edition) with the latest service pack

Microsoft SQL Server 2008 (Enterprise, Standard, Workgroup or
Express edition)
Microsoft SQL Server 2008 R2 Express Edition SP1 is distributed with the
product and can be installed during F-Secure E-Mail and Server Security
setup.
When centralized quarantine management is used, the SQL server
must be reachable from the network and file sharing must be
enabled.
40
41
The product supports also Microsoft SQL Server 2000 with Service Pack
4 and Microsoft SQL Server 2000 Desktop Engine (MSDE) with Service
Pack 4.
Which SQL Server to Use for the Quarantine Database?
As a minimum requirement, the Quarantine database should have the
capacity to store information about all inbound and outbound mail to and
from your organization that would normally be sent during 2-3 days.
The upgrade installation does not upgrade the SQL server if you
choose to use the existing database and the remote upgrade
installation does not install or upgrade SQL Server and change the
Quarantine database.
If you want to upgrade the SQL Server version that you use, follow
the recommendations on the Microsoft web site:
http://www.microsoft.com/sqlserver/en/us/default.aspx
Take the following SQL server specific considerations into account when
deciding which SQL server to use:
Microsoft SQL Server
2005/2008 Express
Edition

When using Microsoft SQL Server 2005/2008 R2 Express
Edition, the Quarantine database size is limited to 4 GB (2005
version) or 10 GB (2008 R2 version).

Microsoft SQL Server 2005/2008 Express Edition supports
Microsoft Windows Server 2008.

It is not recommended to use Microsoft SQL Server 2005/2008
Express Edition if you are planning to use centralized quarantine
management with multiple product installations.
Microsoft SQL Server 2008 R2 Express Edition is delivered
with F-Secure E-mail and Server Security, and you can install it
during the setup.
CHAPTER 3
System Requirements
Microsoft SQL
Server 2000, 2005
and 2008

If your organization sends a large amount of e-mails, it is
recommended to use Microsoft SQL Server 2000, 2005 or 2008.

It is recommended to use Microsoft SQL Server if you are
planning to use centralized quarantine management with multiple
product installations.

Note that the product does not support Windows Authentication
when connecting to Microsoft SQL Server. The Microsoft SQL
Server that the product will use for the Quarantine database
should be configured to use Mixed Mode authentication.
If you plan to use Microsoft SQL Server 2000, 2005 or 2008,
you must purchase it and obtain your own license before you
start to deploy the product. To purchase Microsoft SQL Server,
contact your Microsoft reseller.
3.4.2
Additional Windows Components
Depending on how you deploy the product to your network system, the
following Windows components may be required:
3.4.3

Microsoft .NET Framework version 3.5 SP1 and Windows
Installer 4.5 are required to install Microsoft SQL Server 2008 R2
Express Edition.

If you plan to have Microsoft SQL Server on the same server,
Microsoft .NET Framework must be installed before installing
F-Secure E-mail and Server Security. Microsoft .NET Framework
can be downloaded from the Microsoft Download Center.
Web Browser Software Requirements
In order to administer the product with the Web Console, one of the
following web browsers is required:

Microsoft Internet Explorer 6.0 or later

Mozilla Firefox 3.0 or later
42
43
Any other web browser supporting HTTP 1.0, SSL, javascripts and
cookies may be used as well. Microsoft Internet Explorer 5.5 or earlier
cannot be used to administer the product.
4
INSTALLATION
Installing F-Secure E-mail and Server Security from Policy
Manager ..................................................................................... 45
Installing F-Secure E-mail and Server Security to Microsoft
Exchange Server........................................................................ 59
Upgrading from previous product versions................................. 78
Registering the Evaluation Version............................................. 80
Uninstalling the Product.............................................................. 81
44
45
4.1
Installing F-Secure E-mail and Server Security
from Policy Manager
Before you begin the installation, download the remote installation
package from the F-Secure web site.
If you have F-Secure E-mail and Server Security license, use
F-Secure E-mail and Server Security remote installation package
with the filename ess_9.20-rtm.jar.
If you have F-Secure Server Security license, use F-Secure Server
Security remote installation package with the filename
ss_9.20-rtm.jar.
To install the product with F-Secure Policy Manager, follow these
instructions.
Step 1.
Open Policy Manager Console
Log in to Policy Manager Console with your user name and password.
CHAPTER 4
Installation
Step 2.
Import the Product Installation Package
1. In Policy Manager Console, open the Installation tab.
2. Click Installation packages.
3. Click Import.
4. Select the product installation package file that you have
downloaded.
Click Import.
46
47
Policy Manager imports the installation package and the product
information so that it can be used to administer the product. You do
not need to import the package again when you install the product to
other hosts.
Step 3.
Install the Product to Hosts
1. Click Push install to Windows hosts in the Installation tab to start
the installation wizard.
2. Enter either the WINS name or IP address of the target host. You can
specify a list of hosts where you want to install the product.
All target hosts must be accessible from the Policy Manager
Server with the address you enter.
CHAPTER 4
Installation
Click Next.
3. Select the product installation package that you imported from the list
of available packages.
Click Next.
4. In the policy selection dialog, leave Only default policy included
selected.
48
49
Click Next.
5. In the account selection dialog, specify the account that has
administrative rights to target hosts. If you are using an account that
is a Domain administrator, you can usually select This account.
Otherwise specify the administrative account and its password.
Click Next.
CHAPTER 4
Installation
6. The installation wizard shows you the summary of selected options.
Click Start.
Step 4.
Select Installation Options
1. The product-specific installation wizard opens.
Click Next to start the installation.
50
51
2. In the keycode dialog, enter your product keycode.
Click Next.
3. Select components to install.
Virus and Spyware protection is always installed, and Anti-Virus for
Microsoft Exchange cannot be installed from Policy Manager.
CHAPTER 4
Installation
To install Anti-Virus for Microsoft Exchange, see “Installing F-Secure
E-mail and Server Security to Microsoft Exchange Server”, 59.
If you have F-Secure Server Security license and use
F-Secure Server Security remote installation package,
Browsing protection and Anti-Virus for Microsoft Exchange
components are not available.
Click Next.
4. Choose the product language.
Select Select automatically during installation to install the product in
the default system language of the target host.
Click Next.
52
53
5. Choose the Installation type.
Select Centrally managed installation and click Next.
6. Specify the Policy Manager Server address.
CHAPTER 4
Installation
Enter the server address as it is visible to hosts, typically http://
protocol and IP or DNS.
By default, Policy Manager Server uses port 80 for
communication with hosts. If you have assigned some other
port, specify it in the URL.
Select the host identification mode.
Click Next.
7. Enter any custom properties that a host may require.
Click Next.
8. Choose the action to take if a conflicting software is installed on the
host.
54
55

Choose Uninstall conflicting software to uninstall the conflicting
software automatically and then continue the installation, or

Choose Install the product only if no conflicting software is
detected to stop the installation completely if any conflicting
software is detected on the host.
Click Next.
9. Select restart options.
CHAPTER 4
Installation
Usually, the first-time installation of the product does not require a
restart. However, if it does, the installation is not completed until the
computer is restarted.
As the server where you are installing the product may have a
large number of active users, be careful which option you
select.
Click Finish.
10. Policy Manager prepares and pushes the installation to target hosts.
11. When the installation is complete, click Finish.
56
57
Step 5.
Import New Hosts
1. Click Import new hosts in the Installation tab.
2. In the New hosts table, select hosts where you installed the product.
CHAPTER 4
Installation
If you have a policy tree with several domains, choose the target
domain in the Import hosts to selection.
Click Import.
3. Click Close to close the New hosts table.
4. New hosts appear at the Policy domains tree.
Select a host to view information related to the host, for example,
installed product versions and their installation status.
58
59
4.2
Installing F-Secure E-mail and Server Security to
Microsoft Exchange Server
Follow these instructions to install the product.
Step 1.
1. Download the installation file (ess920-rtm.exe) from the F-Secure
web site.
2. Run the installation file to start the installation.
3. Click Install.
If you plan to install Microsoft SQL Server 2008 R2 Express
Edition SP1 that is included in the package, and you want to
control the installation, click the link under Extras to start the
SQL Server installation before you install the product.
Depending on your system configuration, Microsoft SQL
Server installation may require that you restart the server. In
this case, install the product after the restart.
CHAPTER 4
Installation
Step 2.
Read the information in the Welcome screen.
Click Next to continue.
60
61
Step 3.
Read the license agreement.
If you accept the agreement, check the I accept this agreement
checkbox and click Next to continue.
CHAPTER 4
Installation
Step 4.
Enter the product keycode.
This step is skipped if you install the evaluation version of the
product.
Click Next to continue.
62
63
Step 5.
Choose the components to install.
If you do not have Microsoft Exchange Server installed on the computer,
Anti-Virus for Microsoft Exchange and Spam control components are not
present in the list.
If you use F-Secure Server Security keycode to install the product,
only Virus and spyware protection and DeepGuard components
are present.
Click Next to continue.
CHAPTER 4
Installation
Step 6.
Choose the destination folder for the installation.
Click Next to continue.
Step 7.
Choose the administration method.
64
65
If you install the product in stand-alone mode, you cannot configure
settings and receive alerts and status information in F-Secure Policy
Manager Console.
Click Next to continue.
If you selected the stand-alone installation, continue to Step 10., 67.
If you select the stand-alone mode, use the Web Console to
change product settings and to view statistics.
Step 8.
The centrally managed administration mode requires the public
management key. Enter the path to the public management key file
admin.pub that was created during F-Secure Policy Manager setup.
You can retrieve the admin.pub file directly from Policy Manager Server.
1. Open your web browser.
2. Go to the Policy Manager Server address, for example:
http://fspm.example.local
3. At the page that opens, find the following text:
F-Secure Policy Manager Server's management public key used by
clients to verify validity of distributed policies can be downloaded from
here.
CHAPTER 4
Installation
4. Click the link and save the file that opens.
5. Return to the setup and click Browse.
Browse to the admin.pub file that you saved.
You can also transfer the public key other ways (use a shared folder on
the file server, a USB device, or send the key as an attachment in an
e-mail message).
Click Next to continue.
Step 9.
In the centrally managed administration mode, enter the IP address or
URL of the F-Secure Policy Manager Server you installed earlier.
If you do not use the default port (80) for the host communication,
specify the port that you use here.
Click Next to continue.
66
67
Step 10.
Enter an SMTP address that will be used by the product to send warning
and informational messages to end-users.
The SMTP address should be a valid, existing address that is allowed to
send messages. Click Next to continue.
CHAPTER 4
Installation
Step 11.
Specify the Quarantine management method.
If you want to manage the Quarantine database locally, select Local
quarantine management. Select Centralized quarantine management if
you install the product on multiple servers.
Click Next to continue.
68
69
Step 12.
Specify Microsoft SQL Server instance that you use to store the
Quarantine database.
If you want to install Microsoft SQL Server 2008 R2 Express Edition and
the Quarantine database on the same server as the product installation,
select (a) Install and use Microsoft SQL Server 2008 R2 Express Edition.
If you are using Microsoft SQL Server already, select (b) Use an existing
installation of Microsoft SQL Server.
Click Next to continue to either (a) or (b) based on your selection.
CHAPTER 4
Installation
a
Specify the installation and the database directory for Microsoft
SQL Server 2008 R2 Express Edition.
Enter the password for the database server administrator account
(sa) that will be used to create the new database. Click Next to
continue.
70
71
b
Specify the computer name and instance of the SQL Server
where you want to create the Quarantine database.
Enter the password for the sa account that you use to log on to
the server. Click Next to continue.
CHAPTER 4
Installation
Step 13.
Specify the name for the SQL database that stores information
about the quarantined content.
Enter the user name and the password that you want to use to
connect to the quarantine database.
•
•
Use a different account than the server administrator
account. If the new account does not exist, the product
creates it during the installation.
The password should be strong enough to comply with your
current Windows password security policy.
Click Next to continue.
72
73
If the server has a database with the same name, you can either
use the existing database, remove the existing database and
create a new one or keep the existing database and create a new
one with a new name.
Click Next to continue.
CHAPTER 4
Installation
Step 14.
The list of components that will be installed is displayed, based on the
keycode you use and the components that you selected in Step 5., 63.
Click Start to install listed components. The installation will take a while.
74
75
Step 15.
The installation status of the components is displayed.
Click Next to continue.
CHAPTER 4
Installation
Step 16.
The installation is complete.
76
77
Click Finish to close the Setup wizard.
In some cases, you may need to restart the computer to complete
the installation.
You can choose Restart later to close the Setup wizard, but we
recommend that you restart the server as soon as possible, as the
product does not protect the server before the restart.
CHAPTER 4
Installation
4.3
Upgrading from previous product versions
Follow these instructions to install the product if you have a previous
version of F-Secure Anti-Virus for Windows Servers or F-Secure
Anti-Virus for Microsoft Exchange installed.
4.3.1
Upgrading from the centralized installation of F-Secure
Anti-Virus for Windows Server with Policy Manager
10.01
If you have F-Secure Anti-Virus for Windows Servers installed in your
domain and you want to upgrade, we recommend that you upgrade to
F-Secure Policy Manager to version 10.01 before installing E-mail and
Server Security.
With F-Secure Policy Manager version 10.01, you can use Upgrade
command at F-Secure Policy Manager Console to deploy and upgrade
the product. You can view information about the product both in antivirus
mode and in advanced mode.
4.3.2
Upgrading from F-Secure Anti-Virus for Microsoft
Exchange with Policy Manager 10.01
If you have F-Secure Anti-Virus for Microsoft Exchange installed in your
domain and you want to upgrade, we recommend that you upgrade to
F-Secure Policy Manager to version 10.01 before installing E-mail and
Server Security.
78
79
With F-Secure Policy Manager version 10.01, you can use Upgrade
command at F-Secure Policy Manager Console to deploy and upgrade
the product. You can view information about the product both in antivirus
mode and in advanced mode.
F-Secure Anti-Virus for Microsoft Exchange is updated only if it is
installed on the host already. You cannot add F-Secure Anti-Virus
for Microsoft Exchange component, but you can add or upgrade
other components during the upgrade installation.
4.3.3
Upgrading from F-Secure Anti-Virus for Microsoft
Exchange
If you have F-Secure Anti-Virus for Microsoft Exchange version 9.00 9.10, follow the standard installation instructions. When the installation
asks for the Policy Manager settings, select Keep current.
CHAPTER 4
Installation
4.4
Registering the Evaluation Version
If you want to use the product after your evaluation period expires, you
need a new keycode. Contact your software vendor or renew your license
online.
After you have received the new keycode, you can either reinstall the
product with your new keycode (see “Installing F-Secure E-mail and
Server Security to Microsoft Exchange Server”, 59) or register the new
keycode.
To register the new keycode:
1. Log in to the Web Console. The evaluation screen is opened.
2. Enter the new keycode you have received and click Register
Keycode.
If you do not want to continue to use the product after your evaluation
license expires, you should uninstall the software.
80
81
When the license expires, the product stops receiving anti-virus database
updates, and processing e-mails and messages posted to public folders.
However, the messages are still delivered to the recipients.
If you use F-Secure E-mail and Server Security keycode to register
the product, but you have installed only the Server Security
evaluation version, you need to run the installation again to add the
missing components.
If you have installed F-Secure E-mail and Server Security
evaluation version, you cannot use the Server Security keycode to
register the product. Uninstall the evaluation version before you
install the full Server Security product.
4.5
Uninstalling the Product
To uninstall the product, select Add/Remove Programs from the Windows
Control Panel. Uninstall the components in the following order:
1. F-Secure E-mail and Server Security - Spam control
2. F-Secure E-mail and Server Security - Anti-Virus for Microsoft
Exchange
3. F-Secure E-mail and Server Security - Browsing protection
4. F-Secure E-mail and Server Security - DeepGuard
5. F-Secure E-mail and Server Security - Virus and spyware protection
Restart the server after you have uninstalled all components.
Some files and directories may remain after the uninstallation and
can be removed manually.
5
CONFIGURING THE
PRODUCT
Configuring the Product.............................................................. 83
Network Configuration................................................................ 84
Configuring F-Secure Spam Control .......................................... 86
82
83
5.1
Configuring the Product
The product is fully functional only after it receives the first automatic
update. The first update can take longer time than the following updates.
The product uses mostly default settings after the installation and the first
update. We recommend that you go through all the settings of the
installed components.

Configure the product.
If the product has been installed in the centralized administration
mode, use F-Secure Policy Manager Console to configure the
settings and distribute the policy.
If the product has been installed in stand-alone mode, use the
Web Console to configure the settings.

To make sure that the Real-time Protection Network is enabled,
go to the Privacy page in the Web Console and select Yes, I want
to participate in the Real-time Protection Network.
With Real-time Protection Network, you benefit from the
cloud-based F-Secure technology of exchanging information
about threats with other participants all over the world.
To change the setting with Policy Manager Console, go to:
F-Secure Real-time Protection Network Client / Settings /
Participate in the Real-time Protection Network.

Specify the IP addresses of hosts that belong to your
organization. For more information, see “Network Configuration”,
84.

Verify that the product is able to retrieve the virus and spam
definition database updates.
CHAPTER 5
Configuring the Product
If necessary, reconfigure your firewalls or other devices that may
block the database downloads. For more information, see
“Network Requirements for E-mail and Server Security”, 39.
5.2

If the product is installed on the same computer with Microsoft
Exchange Server 2010, which is in the Mailbox server role,
specify the primary SMTP address for the account which is used
to scan items in public folders. The user account must have
permissions to access and modify items in the public folders.

If the organization has multiple Microsoft Exchange Server
installations and Mailbox servers are deployed on dedicated
servers, you have to configure the Hub Transport Role and
Mailbox Role Servers so that quarantined messages can be
delivered: For more information, see “Configuring Mailbox Role
Servers”, 124.
Network Configuration
The mail direction is based on the Internal Domains and Internal SMTP
senders settings and it is determined as follows:
1. E-mail messages are considered internal if they come from internal
SMTP sender hosts and mail recipients belong to one of the specified
internal domains (internal recipients).
a. Specify Internal Domains and separate each domain name with a
space. You can use an asterisk (*) as a wildcard. For example,
*example.com internal.example.net
b. Specify all hosts within the organization that send messages to
Exchange Edge or Hub servers via SMTP as Internal SMTP
Senders.
Separate each IP address with a space. An IP address range can
be defined as:
•
a network/netmask pair (for example, 10.1.0.0/255.255.0.0),
or
•
a network/nnn CIDR specification (for example, 10.1.0.0/16).
84
85
You can use an asterisk (*) to match any number or dash (-) to
define a range of numbers. For example,
172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.*
If end-users in the organization use other than Microsoft
Outlook e-mail client to send and receive e-mail, it is
recommended to specify all end-user workstations as
Internal SMTP Senders.
If the organization has Exchange Edge and Hub servers,
the server with the Hub role installed should be added to
the Internal SMTP Sender on the server where the Edge
role is installed.
Do not specify the server where the Edge role is installed
as Internal SMTP Sender.
2. E-mail messages are considered outbound if they come from
internal SMTP sender hosts and mail recipients do not belong to the
specified internal domains (external recipients).
3. E-mail messages that come from hosts that are not defined as
internal SMTP sender hosts are considered inbound.
4. E-mail messages submitted via MAPI or Pickup Folder are treated as
if they are sent from the internal SMTP sender host.
If e-mail messages come from internal SMTP sender hosts and
contain both internal and external recipients, messages are split
and processed as internal and outbound respectively.
If the product has been installed in the centralized administration mode,
configure the mail direction with F-Secure Policy Manager Console.
If the product has been installed in stand-alone mode, configure the mail
direction with the Web Console.
CHAPTER 5
Configuring the Product
5.3
Configuring F-Secure Spam Control
When F-Secure Spam Control is enabled, incoming messages that are
considered as spam can be marked as spam automatically. The product
can add an X-header with the spam flag or predefined text in the
message header and end users can then create filtering rules that direct
the messages marked with the spam flag header into a junk mail folder.
When the product stays connected to F-Secure Update Server, F-Secure
Spam Control is always up-to-date. F-Secure Spam Control is fully
functional only after it receives the first automatic update.
In Microsoft Exchange 2007 and 2010 environments, the Microsoft
Exchange server can move messages to the Junk mail folder based on
the spam confidence level value. This feature is available immediately
after the product has been installed, if the end user has activated this
functionality. For more information on how to configure this functionality at
the end-user’s workstations, consult the documentation of the used e-mail
client.
5.3.1
Realtime Blackhole List Configuration
This section describes how to enable and disable Realtime Blackhole
Lists, how to optimize F-Secure Spam Control performance, and how to
specify blocked and safe recipients and senders by using black- and
whitelisting.
Configuring Realtime Blackhole Lists
The product supports DNS Blackhole List (DNSBL), also known as
Realtime Blackhole List (RBL), functionality in spam filtering. The
functionality is enabled by default.
86
87
To test DNSBL/RBL:
1. Make sure you have a working DNS server configured in Windows
Server networking. The primary DNS server should be configured to
allow recursive DNS queries. DNS protocol is used to make the
DNSBL/RBL queries.
2. Make sure you do not have a firewall preventing DNS access from
the host where F-Secure Spam Control is running.
3. Test the DNS functionality by running the nslookup command at
Microsoft Windows command prompt on the host running F-Secure
Spam Control.
An example:
C:\>nslookup 2.0.0.127.sbl-xbl.spamhaus.org.
Server: <your primary DNS server's name should appear
here>
Address: <your primary DNS server's IP address should
appear here>
Non-authoritative answer:
Name:
2.0.0.127.sbl-xbl.spamhaus.org
Addresses: 127.0.0.2, 127.0.0.4, 127.0.0.6
4. If the test is successful, continue with these instructions. If the test is
not successful, you should double-check your DNS and firewall
configuration.
5. Find the sample configuration file fssc_example.cfg in F-Secure
Spam Control installation directory:
<Product installation directory>\Spam Control\fssc_example.cfg
6. Copy the file to the same directory with the name fssc.cfg
7. Open fssc.cfg in a text editor (like Windows Notepad).
8. The configuration file has instructions inside. For typical use, you can
leave the settings like they are. However, it is recommended to
configure at least the trusted_networks setting to identify the public
IP address(es) of your network. For more information, see the
instructions in fssc_example.cfg.
9. When the configuration file is ready, restart F-Secure Content
Scanner Server through the Web Console.
CHAPTER 5
Configuring the Product
To verify that DNSBL/RBL is working correctly:
1. If DNSBL/RBL is operating correctly, you should see this kind of
headers in messages classified as spam:
X-Spam-Status: YES, database-version=2005-04-06_1 hits=9
required=5 tests=RCVD_IN_DSBL, RCVD_IN_NJABL_PROXY,
RCVD_IN_SORBS_DUL
Tests like RCVD_IN_DSBL, RCVD_IN_NJABL, RCVD_IN_SORBS,
RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DSBL, RCVD_IN_XBL indicate that
DNSBL/RBL was successfully used to classify the mail.
2. If DNS functionality is not operating correctly, you may see a
significant decrease in the product throughput. In that case, disable
the DNSBL/RBL functionality by changing the dns_available setting
in fssc.cfg to:
dns_available no
and restarting F-Secure Content Scanner Server through the Web
Console.
You can force F-Secure Spam Control to use a specific DNS server (not
necessarily configured in Microsoft Windows networking) by adding a new
system environment variable as described in the instructions below.
However, this should be needed only in troubleshooting situations.
Normally it is best to use the Windows networking settings.
To force F-Secure Spam Control to use a specific DNS server, do the
following:
1. Right-click the My Computer icon and select Properties.
2. Select Advanced and click the Environment Variables. button.
3. In the System variables panel click New.
4. In the New System Variable dialog specify the new variable as
follows:
Variable Name: RES_NAMESERVERS
Variable Value: <the IP address of the desired DNS server>
5. Click OK.
6. Restart the computer to take the new system environment variable
into use.
88
89
5.3.2
Optimizing F-Secure Spam Control Performance
To optimize the performance, the heuristic spam analysis is off by default.
If you need additional level of Spam protection, use the following setting
to turn it on:

Web Console: Transport Protection / Spam Control / Settings /
Heuristic spam analysis

Policy Manager Console: F-Secure Anti-Virus for Microsoft
Exchange Server / Settings / Transport Protection / Inbound Mail /
Spam Control / Heuristic Spam Analysis
Due to the nature of DNSBL/RBL, processing time for each mail
increases when DNS queries are made. If needed, the performance can
be improved by increasing the number of mails being processed
concurrently by F-Secure Spam Control.
By default, the product processes a maximum of three e-mails at the
same time, because there can be three Spam Scanner engine instances
running simultaneously. The number of Spam Scanner instances can be
controlled with the product settings or by using a command-line switch for
F-Secure Content Scanner Server:

Policy Manager Console: F-Secure Content Scanner Server /
Settings / Spam Filtering / Number of Spam Scanner instances

Stand-alone installation: Use the command-line switch.
To change the value to 5, so that a maximum five mails can be
processed at the same time, type:
fsavsd.exe --spam-scanner-instances=5
where 5 is the value that you want to take in use.
To take the new setting into use, restart F-Secure Content
Scanner Server.
IMPORTANT: Each additional instance of the Spam Scanner takes
approximately 25Mb of memory (process fsavsd.exe). Typically
you should not need more than 5 instances.
A
APPENDIX:
Deploying the Product
on a Cluster
Installation Overview .................................................................. 91
Creating Quarantine Storage...................................................... 93
Administering the Cluster Installation with F-Secure Policy
Manager ................................................................................... 123
Using the Quarantine in the Cluster Installation ....................... 124
Using the Product with High Availability Architecture in Microsoft
Exchange Server 2010............................................................. 125
Uninstallation............................................................................ 126
Troubleshooting........................................................................ 127
90
91
A.1
Installation Overview
Follow these steps to deploy and use the product on a cluster.
1. Install F-Secure Policy Manager on a dedicated server. If you already
have F-Secure Policy Manager installed in the network, you can use it
to administer the product. For more information, see F-Secure Policy
Manager Administrator’s Guide.
2. Install Microsoft SQL Server 2000, 2005 or 2008 on a dedicated
server. Microsoft SQL Server must be installed with the mixed
authentication mode (Windows Authentication and SQL Server
Authentication). After the installation, make sure that Named Pipes
and TCP/IP protocols are enabled in SQL Server network
configuration.
3. Create the quarantine storage where the product will place
quarantined e-mail messages and attachments.

In the active-passive cluster environment, continue to “Quarantine
Storage in Active-Passive Cluster”, 93.

In the active-active cluster environment, continue to “Quarantine
Storage in Active-Active Cluster”, 98.

In the Single Copy Cluster (SCC) environment, continue to
“Creating the Quarantine Storage for a Single Copy Cluster
Environment”, 101.

In the Continuous Cluster Replication (CCR) environment,
continue to “Creating the Quarantine Storage for a Continuous Cluster
Replication Environment”, 108.

In the Database Availability Group (DAG) environment continue
to “Creating the Quarantine Storage for a Database Availability Group
Environment”, 112.
APPENDIX A
Deploying the Product on a Cluster
4. Install the product locally on one node at the time in the centralized
administration mode, starting from the active node. Make sure the
product is fully up and running before starting the installation on the
passive node.
Do not move cluster resources to the passive node before you
install all passive nodes first.

In the environment with Quarantine as cluster resource, see more
information on “Installing on Clusters with Quarantine as Cluster
Resource”, 116.

In the environment with Quarantine on dedicated computer, see
more information on “Installing on Clusters with Quarantine on a
Dedicated Computer”, 119.
5. Create a policy domain for the cluster in F-Secure Policy Manager
and import cluster nodes there. See “Administering the Cluster
Installation with F-Secure Policy Manager”, 123.
6. Log on each node and configure the Web Console to accept
connections from authorized hosts.
92
93
A.2
Creating Quarantine Storage
Follow instructions in this section to create the Quarantine Storage in the
cluster environment.
A.2.1
Quarantine Storage in Active-Passive Cluster
For active-passive cluster, the Quarantine Storage can be created on a
dedicated computer or as a cluster resource. For more information on
how to install the Quarantine Storage on a dedicated computer, see
“Quarantine Storage in Active-Active Cluster”, 98.
To install Quarantine as a cluster resource, follow these instructions:
1. Log on to the active node of the cluster with the domain administrator
account.
2. Create a directory for the quarantine storage on the physical disk
shared by the cluster nodes. You can create it on the same disk with
Microsoft Exchange Server storage and log files. For example, create
Quarantine directory on disk D:.
3. Go to Windows Start menu > All Programs > Administrative Tools and
select Cluster Administrator.
4. Under Groups, right-click Exchange Virtual Server and select New >
Resource.
APPENDIX A
Deploying the Product on a Cluster
Enter the following information:

Name: F-Secure Quarantine Storage

Resource Type: File Share

Group: make sure that your Exchange Virtual Server is selected.
Click Next.
5. Possible Owners dialog opens.
94
95
6. Verify that all nodes that are running Exchange Server are listed
under Possible owners and click Next.
7. Dependencies dialog opens.
APPENDIX A
Deploying the Product on a Cluster
In Available resources, select the Exchange Server Network Name
and the disk with the quarantine storage directory and click Add to
add them to Resource dependencies. Click Next.
8. File Share Parameters dialog opens.

Type FSAVMSEQS$ as Share name. (Note: the dollar ($)
character at the end of the share name makes the share hidden
when you view network resources of the cluster with Windows
Explorer.)

Enter the directory name you created on step 2 as Path (for
example, D:\Quarantine).

In the Comment box, type F-Secure Quarantine Storage.

Make sure that User limit is set to Maximum allowed.
Click Permissions
9. Permissions dialog opens.
96
97
Add Administrator, Exchange Domain Servers and SYSTEM to the
Group or user names. Remove Everyone account. Grant Change and
Read permissions for Exchange Domain Servers and SYSTEM, and
Full Control, Change and Read permissions for Administrator
account. Click OK.
10. In File Share Parameters dialog, click Advanced.
Make sure that Normal share is selected in Advanced File Share
Properties. Click OK.
11. In File Share Parameters dialog, click Finish to create F-Secure
Quarantine Storage resource.
APPENDIX A
Deploying the Product on a Cluster
12. Right-click the F-Secure Quarantine Storage resource and click Bring
Online.
A.2.2
Quarantine Storage in Active-Active Cluster
For an active-active cluster installation, the quarantine storage must be
set on a dedicated computer. This computer should be the member of the
same domain as your Exchange Servers.
1. Log on to the server where you plan to create the quarantine storage
(for example, APPSERVER) with a domain administrator account.
2. Create a directory (for example, C:\Quarantine) for the quarantine
storage on the local hard disk.
3. Right-click the directory in the Windows Explorer and select Sharing
and Security.
4. The Sharing tab opens.
98
99
Type FSAVMSEQS$ as Share name and make sure that User limit is
set to Maximum Allowed.
Click Permissions
5. Permissions dialog opens.
Add Administrator, Exchange Domain Servers and SYSTEM to the
Group or user names. Remove Everyone account. Grant Change and
Read permissions for Exchange Domain Servers and SYSTEM, and
Full Control, Change and Read permissions for Administrator
account. Click OK.
6. In the directory properties dialog, go to the Security tab.
APPENDIX A
Deploying the Product on a Cluster
Remove all existing groups and users and add Administrator,
Exchange Domain Servers and SYSTEM to the Group or user
names. Grant all except Full Control permissions for Exchange
Domain Servers and SYSTEM. Grant all permissions for
Administrator. Click OK.
7. To verify that the quarantine storage is accessible, log on as the
domain administrator to any node in the cluster and try to open
\\<Server>\FSAVMSEQS$\ with Windows Explorer, where <Server>
is the name of the server where you created the quarantine storage
share.
100
101
A.2.3
Creating the Quarantine Storage for a Single Copy
Cluster Environment
For single copy cluster, the Quarantine Storage can be created on a
dedicated computer or as a cluster resource. For more information on
how to install the Quarantine Storage on a dedicated computer, see
“Creating the Quarantine Storage for a Continuous Cluster Replication
Environment”, 108.
To install Quarantine as a cluster resource, follow the instructions for
either “Windows 2003 Based Cluster”, 101, or “Windows 2008 based cluster”,
106.
Windows 2003 Based Cluster
1. Log on to the active node of the cluster with the domain administrator
account.
2. Create a directory for the quarantine storage on the physical disk
shared by the cluster nodes.
You can create it on the same disk where the Exchange Server
storage and logs are located. For example, create Quarantine
directory on disk D:.
3. Go to Start menu > All Programs > Administrative Tools > Cluster
Administrator.
4. Right-click the Exchange Virtual Server under the Groups and select
New > Resource.
5. The New Resource wizard opens.
APPENDIX A
Deploying the Product on a Cluster
a. Type F-Secure Quarantine Storage as the name of the new
resource.
b. In the Resource Type list, select File Share.
c.
In the Group list, make sure that your Exchange Virtual Server is
selected.
Click Next to continue.
6. Make sure that all nodes that are running Exchange Server are listed
in the Possible owners list.
Click Next to continue.
102
103
7. Select the Exchange Server Network Name and the Physical Disk
under Available resources and click Add to move them to the
Resource dependencies list.
Click Next to continue.
8. Use the following settings as the File Share parameters.
a. Type FSAVMSEQS$ as the share name and F-Secure
Quarantine Storage as comment.
The dollar ($) character at the end of the share name
makes the share hidden when you view the network
resources of the cluster with Windows Explorer.
b. Make sure that User Limit is set to Maximum allowed.
APPENDIX A
Deploying the Product on a Cluster
Click Permissions to change permissions.
9. Change permissions as follows:
a. Add Administrator, Exchange Domain Servers and SYSTEM to
the Group or user names list.
b. Remove the Everyone account.
c.
Grant Change and Read permissions for Exchange Domain
Servers and SYSTEM.
d. Grant Full Control, Change and Read permissions for the
Administrator account.
104
105
Click OK to continue.
10. Click Advanced to open Advanced File Share Properties.
Make sure that Normal share is selected.
Click OK to continue.
11. Click Finish to create the F-Secure Quarantine Storage resource.
APPENDIX A
Deploying the Product on a Cluster
12. Right-click the F-Secure Quarantine Storage resource and select
Bring Online.
Windows 2008 based cluster
1. Log on to the active node of the cluster with the domain administrator
account.
2. Create a directory for the quarantine storage on the physical disk
shared by the cluster nodes.
You can create it on the same disk where the Exchange Server
storage and logs are located.
3. After the quarantine directory is created, it has to be shared. When
you share the quarantine directory, it becomes visible in the Failover
Cluster Manager. To share the directory, right-click the quarantine
folder and select Share.
106
107
Add Administrators, Exchange Servers and SYSTEM with Contributor
permission levels. Press Share to close the window and enable the
share.
4. Check that everything is configured correctly. The Failover Cluster
Manager view should look like this:
APPENDIX A
Deploying the Product on a Cluster
5. During the product installation, select the quarantine share you just
created when the installation asks for the quarantine path.
Use the UNC path in form of \\CLUSTERNAME\QUARANTINE. (In
the example above, \\LHCLUMB\Quarantine.)
A.2.4
Creating the Quarantine Storage for a Continuous
Cluster Replication Environment
For a Continuous Cluster Replication (CCR) cluster installation, the
quarantine storage must be set on a dedicated computer. This computer
has to be a member in the same domain with Exchange Servers.
1. Log on to the server where you plan to create the quarantine storage
(for example, APPSERVER) with the domain administrator account.
2. Open Windows Explorer and create a directory (for example,
C:\Quarantine) for the quarantine storage on the physical disk.
3. Right-click the directory and select Sharing and Security.
108
109
4. Go to the Sharing tab.
a. Type FSAVMSEQS$ as the share name and F-Secure
Quarantine Storage as comment.
The dollar ($) character at the end of the share name
makes the share hidden when you view the network
resources of the cluster with Windows Explorer.
b. Make sure that User Limit is set to Maximum allowed.
Click Permissions to set permissions.
APPENDIX A
Deploying the Product on a Cluster
5. Change permissions as follows:
a. Remove all existing groups and users.
a. Add Administrator, Exchange Domain Servers and SYSTEM to
the Group or user names list.
b. Grant Change and Read permissions for Exchange Domain
Servers and SYSTEM.
c.
Grant Full Control, Change and Read permissions for the
Administrator account.
Click OK to continue.
110
111
6. Go to the Security tab.
a. Remove all existing groups and users.
a. Add Administrator, Exchange Domain Servers and SYSTEM to
the Group or user names list.
b. Grant all except Full Control permissions for Exchange Domain
Servers and SYSTEM.
c.
Grant all permissions for the Administrator account.
Click OK to finish.
To make sure that the quarantine storage is accessible, follow these
instructions:
1. Log on as the domain administrator to any node of the cluster.
2. Try to open \\<Server>\FSAVMSEQS$\ with Windows Explorer,
where <Server> is the name of the server where you just created the
quarantine storage share.
APPENDIX A
Deploying the Product on a Cluster
A.2.5
Creating the Quarantine Storage for a Database
Availability Group Environment
For the Database Availability Group (DAG) installation, the quarantine
storage must be set on a dedicated computer. This computer has to be a
member in the same domain with Exchange Servers.
1. Log on to the server where you will create the quarantine storage (for
example, APPSERVER) with the domain administrator account.
2. Open Windows Explorer and create a directory (for example,
C:\Quarantine) for the quarantine storage.
3. Right-click the directory and select Properties from the menu.
4. Go to the Sharing tab.
5. Click Advanced Sharing to share the directory.
6. Select Share this folder.
112
113
a. Type FSAVMSEQS$ as the share name and F-Secure Quarantine
Storage as a comment.
The dollar ($) character at the end of the share name hides
the share when you view the network resources of the
cluster with Windows Explorer.
b. Make sure that User Limit is set to Maximum that is allowed
(16777216).
7. Click Permissions to set permissions for the share.
8. Change permissions as follows:
a. Remove all existing groups and users.
b. Add Administrator, Exchange Servers and SYSTEM to the Group
or user names list.
c.
Grant Change and Read permissions for Exchange Servers and
SYSTEM.
d. Grant Full Control, Change and Read permissions for the
Administrator account.
APPENDIX A
Deploying the Product on a Cluster
9. Click OK to continue.
10. Go to the Security tab and click Edit.
a. Remove all existing groups and users.
b. Add Administrator, Exchange Servers and SYSTEM to the Group
or user names list.
c.
Grant all except Full Control permissions for Exchange Servers
and SYSTEM.
d. Grant all permissions for the Administrator account.
114
115
11. Click OK to continue.
After you have configured the quarantine storage, make sure that it is
accessible. Follow these instructions:
1. Log on as the domain administrator to any node of the cluster.
2. Open \\<Server>\FSAVMSEQS$\ with Windows Explorer, where
<Server> is the name of the server where you created the quarantine
storage share.
APPENDIX A
Deploying the Product on a Cluster
A.3
Installing the Product
Follow the instructions in this section to install the product on the
active-passive and active-active clusters, CCR, SCC and DAG
installations.
A.3.1
Installing on Clusters with Quarantine as Cluster
Resource
This section describes how to install the product on clusters where
Quarantine is configured as cluster resource in Exchange Virtual Server.
1. Log on to the active node of the cluster using a domain administrator
account.
2. Run F-Secure E-mail and Server Security setup wizard.
a. Install the product in the centralized management mode.
b. Specify the IP address of F-Secure Policy Manager Server and
admin.pub that you created during the F-Secure Policy Manager
installation.
For more information, see “Installing F-Secure E-mail and Server Security
to Microsoft Exchange Server”, 59.
3. The setup wizard asks for the location of the quarantine directory.
116
117
Specify the UNC path to the Quarantine Storage share that you
created before the installation as the Quarantine Directory. For
example, \\<EVSName>\FSAVMSEQS$, where <EVSName> is the
network name of your Exchange Virtual Server.
Click Next to continue.
4. The setup program asks to specify the SQL Server to use for the
quarantine database.
APPENDIX A
Deploying the Product on a Cluster
Select the server running Microsoft SQL Server and click Next to
continue.
5. The setup program asks to specify the database name where
quarantined items are stored.
Specify the name for the database and enter user name and
password that will be used to access the database.
Click Next to continue.
6. Complete the installation on the active node.
7. Log on to the passive node of the cluster using a domain
administrator account. Repeat steps 2-4.
118
119
8. After you specify the SQL Server to use, the setup wizard asks you to
specify the quarantine database.
Select Use the existing database and click Next to continue.
9. Complete the installation on the passive node.
A.3.2
Installing on Clusters with Quarantine on a Dedicated
Computer
This section describes how to install the product on clusters where
Quarantine is installed on a dedicated computer.
1. Log on to the first node of the cluster using a domain administrator
account.
2. Run F-Secure E-mail and Server Security setup wizard.
a. Install the product in the centralized management mode.
b. Specify the IP address of F-Secure Policy Manager Server and
admin.pub that you created during the F-Secure Policy Manager
installation.
For more information, see “Installing F-Secure E-mail and Server Security
to Microsoft Exchange Server”, 59.
APPENDIX A
Deploying the Product on a Cluster
3. The setup wizard asks for the location of the quarantine directory.
Specify the UNC path to the Quarantine Storage share that you
created before the installation as the Quarantine Directory. For
example, \\<Server>\FSAVMSEQS$, where <Server> is the name of
the server where you created the quarantine storage share.
Click Next to continue.
120
121
4. The setup program asks to specify the SQL Server to use for the
quarantine database.
Select the server running Microsoft SQL Server and click Next to
continue.
APPENDIX A
Deploying the Product on a Cluster
5. The setup program asks to specify the database name where
quarantined items are stored.
Specify the name for the database and enter user name and
password that will be used to access the database.
Click Next to continue.
6. Complete the installation on the first active node.
7. Log on to the second node of the cluster using a domain
administrator account and repeat steps 2-4.
122
123
8. After you specify the SQL Server to use, the setup wizard asks you to
specify the quarantine database.
Select Use the existing database and click Next to continue.
9. Complete the installation on the second node.
A.4
Administering the Cluster Installation with
F-Secure Policy Manager
To administer the product installed on a cluster, create a new subdomain
under your organization or network domain. Import all cluster nodes to
this subdomain.
To change product configuration on all cluster nodes, follow these
instructions:
1. Select the cluster subdomain in the Policy Domains tree.
2. Change required settings.
3. Distribute the policy.
4. All nodes receive new settings next time they poll the F-Secure Policy
Manager Server.
APPENDIX A
Deploying the Product on a Cluster
If you need to change settings on a particular node, follow these
instructions:
1. Select the corresponding host in the Policy Domains.
2. Change required settings.
3. Distribute the policy.
4. All nodes will receive new settings the next time they poll F-Secure
Policy Manager Server.
A.5
Using the Quarantine in the Cluster Installation
You can manage quarantined items with the Web Console by connecting
to any node of the cluster.
You need to configure the Web Console to accept connections
from authorized hosts. By default, the Web Console accepts
connections from the local host only.
You can release, reprocess and download quarantined messages and
attachments when at least one node of the cluster is currently online.
Configuring
Mailbox Role
Servers
However, as the clustered Exchange 2007 can have the mailbox role only
and not all members of Exchange 2010 Database Availability Group may
have Hub Transport Role, you need to configure the hub transport role
and mailbox role servers so that quarantined messages can be delivered:
Hub Transport Role Server:
1. Share the Pickup folder on the Exchange Hub Server. By default, the
Pickup folder is located at %Program Files%\Microsoft\Exchange
Server\TransportRoles\Pickup.
Use the default name (Pickup) for the share so that it can be
accessed at \\HubServerName\Pickup.
2. Right-click the Pickup folder and select Properties > Sharing and click
Permissions. Assign Read and Change permissions to the Pickup
folder for the Exchange Servers group or for the Mailbox Role
Servers directly.
124
125
3. Go to the Security tab and assign all the permissions except
FullControl and Special for the Pickup Folder for the Exchange
Servers group or directly for the Mailbox Role Servers.
Mailbox Role Server
1. Open the Windows Registry Editor and go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FS
AVMSED\Parameters subkey.
If the Parameters subkey does not exist, create it.
2. Under the Parameters subkey, create PickupFolderPath string value
that points to the Pickup Folder share of the hub server that has been
created earlier (\\HubServerName\Pickup).
The registry value has to be changed on all cluster nodes.
After these steps have been completed, the quarantine works properly on
the Mailbox Role only servers as well.
You do not have to reboot or restart the server, the product takes
the new settings into use automatically.
Even though the Exchange organization may contain more than
one Hub Transport Role server, F-Secure Anti-Virus for Microsoft
Exchange supports only one Pickup folder. After you have
specified one Hub Transport Role Server with a Pickup folder,
make sure that the folder is available or change Pickup folder path
to another one if the current Hub Transport Role Server goes
offline.
A.6
Using the Product with High Availability
Architecture in Microsoft Exchange Server 2010
New high-availability solutions in Microsoft Exchange Server 2010
support online mailbox moves. As it takes some time for the product to
enumerate mailbox changes on nodes, manual and scheduled scans
APPENDIX A
Deploying the Product on a Cluster
might not scan the moved mailbox but the mailbox copy on the former
node instead, if the scan is started right after the move. However, the
real-time scan works without these limitations.
To scan Public Folders manually or with scheduled scanning, you have to
specify an administrator’s mailbox if the product settings. Manual and
scheduled scans scan all Public Folders that the specified administrator
account can access.
Once you start the manual scan of Public Folders on one node, the scan
goes through all Public Folders the account can access, including those
Public Folder Databases that are located on other nodes. To avoid
collisions where one item would be edited by several on-demand
scanners simultaneously, make sure that manual and scheduled Public
Folders scans are started only on one node at a time.
The real-time Public Folder scan scans only Public Folders that are
located together with the product on the same node.
If Public Folders in Microsoft Exchange 2010 are replicated, the
attachment replacement text file is added only to the Public Folder
Database replica that is located on the same node, but infections are
detected and quarantined if needed from all replicas.
If an infected item was edited (an infection was disinfected or
quarantined) during the manual or scheduled Public Folder scan, the
edited item is marked as "read" for the administrator's mailbox which is
specified in the product settings.
A.7
Uninstallation
Follow these instructions to uninstall the product in the cluster
environment.
1. Uninstall the product from the active node with Add/Remove
Programs in Windows 2003 or Programs and Features in Windows
2008 and 2008 R2. The uninstallation removes the cluster resource
automatically.
2. After the uninstallation in the active node is finished, uninstall the
product from passive nodes.
126
127
3. After the product has been uninstalled from every node, reboot
computers one at the time.
A.8
Troubleshooting

If the product fails to quarantine a message or attachment or
reports that the e-mail quarantine storage is not accessible, make
sure that directory sharing and security permissions are set as
follows: change, write and read operations are allowed for
SYSTEM and Exchange Domain Servers, and full control is
allowed for Administrator.

To change the location of the e-mail quarantine storage from
F-Secure Policy Manager Console, use the Final flag to override
the setting set during product installation on the host.
B
APPENDIX:
Services and
Processes
List of Services and Processes ................................................ 129
128
129
B.1
List of Services and Processes
The following tables list the services and processes that are running on
the system after the installation:
Service/Application
Process
Description
F-Secure
Gatekeeper driver
fsgk.sys
File filter driver, provides
interception of file
operations.
F-Secure HIPS
driver
fships.sys
Provides intrusion
prevention and system
protection.
F-Secure
Gatekeeper Handler
Starter
fsgk32st.exe
Provides activation of
Gatekeeper driver.
Gatekeeper Handler
fsgk32.exe
File filter handler.
F-Secure Anti-Virus
Handler
fsav32.exe
Provides handling system
interfaces, policy
management and low-level
drivers and scan services.
F-Secure Scanner
Manager
fssm32.exe
Provides anti-virus scanning
for all FPI agents (file
system).
F-Secure ORSP
Client
fsorsp.exe
Provides client-side
connection to F-Secure
Object Reputation Service
Platform to support
Cloud-based protection,
AKA Real-time Protection
Network.
APPENDIX B
Services and Processes
Service/Application
Process
Description
F-Secure Anti-Virus
for Microsoft
Exchange Daemon
fshkmngr.exe
(with Microsoft
Exchange
2003)
fsavmsed.exe
(with Microsoft
Exchange
2007/2010)
This is the main service that
takes care of other product
components and
implements/exposes
COM-based interfaces for
reading and writing policy
settings/statistics, and
sending alerts.
F-Secure Automatic
Update Agent
fsaua.exe
This service takes care of
fetching updates from FSPM
or FS Update server.
F-Secure Content
Scanner Server
Daemon
fsavsd.exe
Provides anti-virus scanning
service for Simple Content
Inspection Protocol (SCIP)
compliant agents.
F-Secure Database
Update Handler
fsdbuh.exe
The Database Update
Handler process verifies and
checks the integrity of virus
definition and spam control
database updates.
F-Secure Quarantine
Manager
fqm.exe
Provides the quarantine
interface and takes care of
reprocessing, release and
cleaning items from the
quarantine database/
storage.
F-Secure WebUI
Daemon
fswebuid.exe
HTTP server that hosts the
Web Console. Supports
HTTP/1.0, HTTP/1.1 and
HTTPS.
130
131
Service/Application
Process
Description
F-Secure
Management Agent
(FSMA)
fsma32.exe
Provides all other product
services with policy
(configuration) management
and communications,
monitors and controls
starting and stopping the
product services.
F-Secure Network
Request Broker
fnrb32.exe
The service handles the
communication with
F-Secure Policy Manager via
HTTP interface.
fsdll32.exe,
fsdll64.exe
Provides hosting services for
a number of F-Secure
services, including Message
Broker and Configuration
Handler.
F-Secure Settings
and Statistics
fsm32.exe
The product user interface
(the product icon in the
Windows system tray). The
process is not running
unless the user is logged in
to the system.
F-Secure Installation
Handler
fih32.exe
F-Secure Installation
Handler enables the remote
installation and updating of
integrated F-Secure
products.
APPENDIX B
Services and Processes
132
Technical Support
F-Secure Online Support Resources........................................ 134
Software Downloads................................................................. 136
Virus Descriptions on the Web ................................................. 136
133
Technical Support
F-Secure Online Support Resources
F-Secure Technical Support is available through F-Secure support web
pages, e-mail and by phone. Support requests can be submitted through
a form on F-Secure support web pages directly to F-Secure support.
F-Secure support web pages for any F-Secure product can be accessed
at http://support.f-secure.com/. All support issues, frequently asked
questions and hotfixes can be found under the support pages.
If you have questions about the product that are not covered in this
manual or on the F-Secure support web pages, you can contact your local
F-Secure distributor or F-Secure Corporation directly.
For technical assistance, please contact your local F-Secure Business
Partner. Send your e-mail to:
Anti-Virus-<country>@f-secure.com
Example: [email protected]
If there is no authorized F-Secure Anti-Virus Business Partner in your
country, you can submit a support request directly to F-Secure. There is
an online "Request Support form" accessible through F-Secure support
web pages under the "Contact Support" page. Fill in all the fields and
describe the problem as accurately as possible. Please include the
FSDiag report taken from the problematic server with the support request.
F-Secure
Support
Tool
Before contacting support, please run the F-Secure Support Tool
FSDiag.exe on each of the hosts running the product. This utility gathers
basic information about hardware, operating system, network
configuration and installed F-Secure and third-party software. You can run
the F-Secure Support Tool from the Web Console as follows:
1. Log in to the Web Console.
2. Type https://127.0.0.1:25023/fsdiag/ in the browser’s address field or
or click F-Secure support tool on General Server Properties page.
134
135
3. The F-Secure Support Tool starts and the dialog window displays the
progress of the data collection.
Note that in some web browsers, the window may appear
behind the main browser window.
4. When the tool has finished collecting the data, click Report to
download and save the collected data.
You can also find and run the FSDiag.exe utility in the Common directory
under the product installation directory, or run F-Secure E-mail and
Server Security > Support Tool in the Windows Start menu. The tool
generates a file called FSDiag.tar.gz.
Please include the following information with your support request:

Product and component version numbers. Include the build
number if available.

Description how F-Secure components are configured.

The name and the version number of the operating system on
which F-Secure products and protected systems are running. For
Windows, include the build number and Service Pack number.

The version number and the configuration of your Microsoft
Exchange Server, if you use F-Secure Anti-Virus for Microsoft
Exchange component. If possible, describe your network
configuration and topology.

A detailed description of the problem, including any error
messages displayed by the program, and any other details that
could help us replicate the problem.

Logfile.log from the machines running F-Secure products. This
file can be found under Program Files\F-Secure\Common. If you
are sending the FSDiag report you do not need to send the
Logfile.log separately, because it is already included in the
FSDiag report.

If the whole product or a component crashed, include the
drwtsn32.log file from the Windows NT directory and the latest
records from the Windows Application Log.
Technical Support
Software Downloads
The F-Secure web site provides assistance and updated versions of the
F-Secure products.
In order to maximize your security level we strongly encourage you to
always use the latest versions of our products. You can find the latest
product version, hotfixes and all related downloadable materials in:
http://www.f-secure.com/en_EMEA/downloads/product-updates/.
Virus Descriptions on the Web
F-Secure Corporation maintains a comprehensive collection of
virus-related information on its Web site. To view the Virus Information
Database, connect to: http://www.f-secure.com/security_center/.
136
About F-Secure Corporation
F-Secure Corporation protects consumers and businesses against computer
viruses and other online threats from the Internet and mobile networks. We
want to be the most reliable provider of internet security services in the
market. One way to demonstrate this is the speed of our response.
F-Secure’s award-winning solutions for real-time virus protection are available
as a service subscription through more than 170 Internet service providers
and mobile operator partners around the world, making F-Secure the global
leader in the market of internet and computer security. The solutions are also
available as licensed products through thousands of resellers globally.
F-Secure aspires to be the most reliable mobile and computer security
provider, helping make computer and smartphone users' networked lives safe
and easy. This is substantiated by the company’s independently proven ability
to respond faster to new threats than its main competitors. Founded in 1988
and headquartered in Finland, F-Secure has been listed on the OMX Nordic
Exchange Helsinki since 1999. The company has consistently been one of
the fastest growing publicly listed companies in the industry.
The latest news on real-time virus threat scenarios is available at the
http://www.f-secure.com/weblog/