AVG 8.5 Email Server Edition User Manual Document revision 85.4 (30.4.2009) Copyright AVG Technologies CZ, s.r.o. All rights reserved. All other trademarks are the property of their respective owners. This product uses RSA Data Security, Inc. MD5 Message-Digest Algorithm, Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. This product uses code from C-SaCzech library, Copyright (c) 1996-2001 Jaromir Dolecek (dolecek@ics.muni.cz).
Contents ........................................................................................................................ 4 1. Introduction 5 2. AVG........................................................................................................................ Installation Requirements ..................................................................................................................... 5 2.1 Operation Systems Supported .........................................................
..................................................................................................................... 21 5.2 Server Monitoring .......................................................................................................... 21 5.2.1 Online Monitoring ........................................................................................................................ 23 6. AVG For MS Exchange Server 2000/2003 .......................................................................
1. Introduction This user manual provides comprehensive documentation for AVG 8.5 Email Server Edition. Congratulations on your purchase of AVG 8.5 Email Server Edition! AVG 8.5 Email Server Edition is one of a range of award winning AVG products designed to provide you with peace of mind and total security for your PC. As with all AVG products AVG 8.
2. AVG Installation Requirements 2.1. Operation Systems Supported AVG 8.5 Email Server Edition is intended to protect e-mail servers running under the following operating systems: · Windows 2008 Server Edition (x86 and x64) · Windows 2003 Server (x86, x64 and Itanium) SP1 · Windows 2000 Server SP4 + Update Rollup 1 (and possibly higher service packs for specific email servers) 2.2.
2.4. Uninstall Previous Versions If you have an older version of AVG Email Server installed, you will need to uninstall it manually before installing AVG 8.5 Email Server Edition. You must manually perform the uninstallation of the previous version, using the standard windows functionality. · From the start menu Start/Settings/Control Panel/Add or Remove Programs select the correct program from the list of installed software. Be careful to select the correct AVG program for uninstallation.
3. AVG Installation Process To install AVG on your computer, you need to get the latest installation file. You can use the installation file from the CD that is a part of your box edition but this file might be out-of-date. Therefore we recommended getting the latest installation file online. You can download the file from the AVG website (at http://www.avg. com/download?prd=msw). During the installation process you will be asked for your license/sales number.
Attention: Here you are choosing the language for the installation process only. You are not selecting the language for the AVG application - that can be specified later on during the installation process! 3.2. License Agreement The License Agreement dialog provides the full wording of the AVG license agreement. Please read it carefully and confirm that you have read, understood and accept the agreement by pressing the Accept button.
that installs AVG in fully automatic mode with settings predefined by the program vendor. This configuration provides maximum security combined with the optimal use of resources. In the future, if the need arises to change the configuration, you will always have the possibility to do so directly in the AVG application. Custom installation should only be used by experienced users who have a valid reason to install AVG with non-standard settings. E.g. to fit specific system requirements. 3.5.
3.6. Custom Installation - Destination Folder The Destination folder dialog allows you to specify the location where AVG should be installed. By default, AVG will be installed to the program files folder located on drive C:. If you want to change this location, use the Browse button to display the drive structure, and select the respective folder. Press the Next button to confirm. AVG 8.5 Email Server Edition © 2009 Copyright AVG Technologies CZ, s.r.o. All rights reserved.
3.7. Custom Installation - Component Selection The Component Selection dialog displays an overview of all AVG components that can be installed. If the default settings do not suit you, you can remove/add specific components. However, you can only select from components that are included in your purchased AVG edition.
Continue by pressing the Next button. 3.8. Custom Installation - DataCenter If you selected the Remote Control Communication Library module during module selection, then in this screen you can define the connection string for connecting to your AVG DataCenter. AVG 8.5 Email Server Edition © 2009 Copyright AVG Technologies CZ, s.r.o. All rights reserved.
3.9. Setup Summary The Setup Summary dialog provides an overview of all parameters of the installation process. Please make sure all the information is correct. If so, press the Finish button to continue. Otherwise, you can use the Back button to return to the respective dialog and correct the information. 3.10.Installing The Installing dialog shows the progress of the installation process, and does not require any intervention.
4. AVG E-mail Servers Installation Options Once you successfully complete installation of AVG, the installation of individual e-mail servers will begin. Note: The anti-virus protection mechanism for Kerio MailServer is integrated directly in the Kerio application. More information to be found in the AVG for Kerio MailServer chapter. 4.1. Installation Launch The installation process starts with the Welcome window. Click on the Next button to continue to the next dialog. 4.2.
4.4. Start Copying Files Setup prompts you to trigger copying of the installation files before the installation will be completed. Accept it by clicking on the Next button. 4.5. Restarting the Store Service During the installation process, or after closing the setup dialog, you will be prompted to restart the Exchange Server Store service: Press the Yes button to restart the Store service with all AVG for MS Exchange components included.
4.6. Installation Finished Once the installation wizard has copied all necessary files to your hard drive, the installation will be completed. You can view the installation log file by pressing the Log button. You can also view the setup log later as the setup.log file in your system temporary folder. Press the OK button in the Installation Finished window to close the setup dialog.
5. AVG For MS Exchange Server 2007 5.1. Configuration When the Exchange 2007 Server Store service is restarted after AVG for MS Exchange 2007 Server has been installed, no further actions are needed to be taken to launch it. 5.1.1. Status To view the status or configuration of AVG, you need to launch the AVG for Exchange administration application first. It is located under the installation directory, by default: C:\AVG4ES2K Navigate to this directory and launch avg4es2kadm.exe.
restart. Also, items informing about anti-virus performance are displayed here (performance monitor counters). AVG for MS Exchange 2007 Server scans all messages in the databases of private and public folders. If a virus is found, AVG for MS Exchange 2007 Server writes a message into the AVG log file and also into the Event Log. 5.1.2. VSAPI 2.0 Virus Scanning API 2.5 (VSAPI 2.5 as provided in MS Exchange 2003 Server) allows deletion of infected messages.
· Enable – you can enable or disable mail scanning here. · Background Scanning – you can enable or disable the background scanning process here. Background scanning is one of the features of the VSAPI 2.0/2.5 application interface. It provides threaded scanning of the Exchange Messaging Databases. Whenever an item that has not been scanned before is encountered in the users’ mailbox folders, it is submitted to AVG for Exchange 2007 Server to be scanned.
· http://support.microsoft.com:80/support/kb/articles/Q285/6/67.ASP for general info on the VSAPI 2.0 in Exchange 2000 Server Service Pack 1 · http://support.microsoft.com/default.aspx?scid=kb;en-us;328841&Product=ex ch2k - for information on Exchange and antivirus software interaction · http://support.microsoft.com/default.aspx?scid=kb;en-us;823166 for information on additional VSAPI 2.5 features in Exchange 2003 Server application. Note: The scanning behavior is controlled from the AVG Application.
· Log file name – you can see the default log filename here. · Screen Refresh (secs) – you can specify how often the online monitoring screen (shown on the AVG for Exchange Server information window) should be refreshed. 5.2. Server Monitoring 5.2.1. Online Monitoring In the AVG for Exchange Server information window (Refer to the Configuration/Status section to see how to get there.
database · Uptime – total time since the last Exchange server restart The other items represent particular VSAPI 2.0/2.5 performance monitor counters related to virus scanning of Exchange 2007 Server.
6. AVG For MS Exchange Server 2000/2003 6.1. Configuration When the Exchange 2000/2003 Server Store service is restarted after AVG for MS Exchange 2000/2003 Server has been installed, no further actions are needed to be taken to launch it. 6.1.1. Status To view the status of AVG, launch the MS Exchange System Manager application. In the Servers branch of the control tree (on the left side of the main window) select the particular server. There is the AVG for Exchange branch in the server’s sub-tree.
6.1.2. VSAPI 2.0 Virus Scanning API 2.0 (VSAPI 2.0 as provided in MS Exchange 2000 Server) does not allow the deletion of infected e-mail files. Since the virus infected e-mail message attachment cannot be deleted, its filename is changed: AVG for Exchange 2000/2003 Server appends the .virusinfo.txt extension to the original filename. The file content is overwritten with a message about the known virus.
On the General tab you will find several preset options related to the AVG for MS Exchange 2000/2003 Server e-mail virus scanning performance: · Enable – you can enable or disable mail scanning here. · Background Scanning – you can enable or disable the background scanning process here. Background scanning is one of the features of the VSAPI 2.0/2.5 application interface. It provides threaded scanning of the Exchange Messaging Databases.
2.0/2.5 please refer to the following links (and also the links accessible from the referenced ones): · http://support.microsoft.com:80/support/kb/articles/Q285/6/67.ASP for general info on the VSAPI 2.0 in Exchange 2000 Server Service Pack 1 · http://support.microsoft.com/default.aspx?scid=kb;en-us;328841&Product=ex ch2k - for information on Exchange and antivirus software interaction · http://support.microsoft.com/default.aspx?scid=kb;en-us;823166 for information on additional VSAPI 2.
· Log file directory – you can change the default log file location here. · Log file name – you can see the default log filename here. · Screen Refresh (secs) – you can specify how often the online monitoring screen (shown on the AVG for Exchange 2000/2003 Server information window) should be refreshed. 6.2. Server Monitoring 6.2.1. Online Monitoring In the AVG for MS Exchange 2000/2003 Server information window (Refer to the Configuration/Status section to see how to get there.
· Waiting Files – count of files waiting to be scanned The other items represent particular VSAPI 2.0/2.5 performance monitor counters related to virus scanning of Exchange 2000/2003 Server and may not be visible all the time.
· Messages Deleted – total number of suspect messages deleted by virus scanner (available only in VSAPI 2.5) · Messages Deleted/sec – rate at which suspect messages are deleted by virus scanner (available only in VSAPI 2.5) · Queue Length – current number of outstanding requests that are queued for virus scanning 6.2.2. Event Log Except for the online monitoring of AVG for MS Exchange 2000/2003 Server you can also setup the virus scanner related events logging within the Event Log.
· The Properties window appears. · Switch to the Diagnostics Logging tab · From the Services tree select the MSExchangeIS / System folder · From the opened Categories list select the Virus Scanning item, and choose the desired logging level for the operating system Event Log component. The following levels are offered: o None o Minimum o Medium o Maximum Note: You will find the complete description of the VSAPI 2.0/2.5 events on this link: http://support.microsoft.com/default.
7. AVG for Kerio MailServer 7.1. Configuration The anti-virus protection mechanism is integrated directly into the Kerio MailServer application. In order to activate e-mail protection of Kerio MailServer by the AVG scanning engine, launch the Kerio Administration Console application.
7.1.1.
· If a part of message cannot be scanned (e.g. encrypted or corrupted file) This frame specifies the action to be taken when part of the message or attachment cannot be scanned: o Deliver the original message with a prepared warning — the message (or attachment) will be delivered unchecked. The user will be warned that the message may still contain viruses. o Reject the message as if it was virus — the system will react the same way as when a virus was detected (i.e.
7.1.2. Attachment Filter In the Attachment Filter menu there is a list of various attachment definitions: You can enable/disable filtering of mail attachments by selecting the Enable attachment filter checkbox. Optionally you can change the following settings: · Send a warning to sender that the attachment was not delivered The sender will receive a warning from Kerio MailServer, that he/she has sent a message with a virus or blocked attachment.
The message without its infected or prohibited attachment will be (apart from the actions selected below) forwarded to the specified e-mail address. This can be used to verify the correct functioning of the antivirus and/or attachment filter. In the list of extensions, each item has four fields: · Type – specification of the kind of attachment determined by the extension given in the Content field. Possible types are File name or MIME type.
be filtered. · In the If a mail message contains an attachment where field you can select the type of attachment (File name or MIME type). You can also choose a particular extension from the offered extensions list, or you can type the extension wildcard directly. In the Then field you can decide whether to block the defined attachment or accept it. AVG 8.5 Email Server Edition © 2009 Copyright AVG Technologies CZ, s.r.o. All rights reserved.
8. Anti-Spam Configuration 8.1. Anti-Spam Interface You will find the Anti-Spam server component's dialog in the Server Components section (left menu). It contains a brief information about the functionality of the server component, information on its current status (Anti-Spam Server for MS Exchange component is active.), and some statistics. You can reset the statistics by clicking on the Reset statistic values reference.
8.2. Anti-Spam Principles Spam refers to unsolicited e-mail, mostly advertising a product or service that is mass mailed to a huge number of e-mail addresses at a time, filling recipients’ mail boxes. Spam does not refer to legitimate commercial e-mail for which consumers have given their consent. Spam is not only annoying, but also can often be a source of scams, viruses or offensive content. Anti-Spam checks all incoming e-mail messages and marks unwanted e-mails as SPAM.
the Mark message as spam if the score is greater or equal to setting by either typing the value (0 to 100) or by moving the slider left or right (using the slider, the range of values is limited to 50-90). Generally we recommended setting the threshold between 50-90, or if you are really unsure, to 90. Here is a general review of the scoring threshold: · Value 90-99 - Most incoming e-mail messages will be delivered normally (without being marked as spam).
There are the following options to choose from: · A specific e-mail client - if you use one of the listed e-mail clients (MS Outlook, Outlook Express, The Bat!, Mozilla Thunderbird), simply select the respective option · Folder with EML files - if you use any other e-mail program, you should first save the messages to a specific folder (in .eml format), or make sure that you know the location of your e-mail client message folders.
In this dialog, please select the folder with the messages you want to use for training. Press the Add folder button to locate the folder with the .eml files (saved e-mail messages). The selected folder will then be displayed in the dialog. In the Folders contain drop-down menu, set one of the two options - whether the selected folder contains wanted (HAM), or unsolicited (SPAM) messages.
Note: In case of Microsoft Office Outlook, you will be prompted to select the MS Office Outlook profile first. In the Folders contain drop-down menu, set one of the two options - whether the selected folder contains wanted (HAM), or unsolicited (SPAM) messages. Please note that you will be able to filter the messages in the next step, so the folder does not have to contain only training e-mails. A navigation tree of the selected e-mail client is already displayed in the main section of the dialog.
8.3.3. Message filtering options In this dialog, you can set filtering of the e-mail messages. If you are sure that the selected folder contains only messages you want to use for training, select the All messages (no filtering) option. If you are unsure about the messages contained in the folder, and you want the wizard to ask you about every single message (so that you can determine whether to use it for training or not), select the Ask for each message option.
8.4. Performance The Engine performance settings dialog (linked to via the Performance item of the left navigation) offers the Anti-Spam component performance settings. Move the slider left or right to change the level of scanning performance ranging between Low memory / High performance modes. · Low memory - during the scanning process to identify spam, no rules will be used. Only training data will be used for identification.
them if you have a valid reason to do so. Any changes to this configuration should only be done by expert users! 8.5. RBL The RBL item open an editing dialog called Realtime Blackhole Lists: In this dialog you can switch on/off the Query RBL servers function. The RBL (Realtime Blackhole List) server is a DNS server with an extensive database of known spam senders.
unless you are an experienced user and really need to change these settings! Note: Enabling this feature may, on some systems and configurations, slow down the e-mail receiving process, as every single message must be verified against the RBL server database. No personal data is sent to the server! 8.6. Whitelist The Whitelist item opens a dialog with a global list of approved sender e-mail addresses and domain names whose messages will never be marked as spam.
· Edit - press this button to open a dialog, where you can manually enter a list of addresses (you can also use copy and paste). Insert one item (sender, domain name) per line. · Import - if you already have a text file of email addresses/domain names prepared, you can simply import it by selecting this button. The input file must be in plain text format, and the content must contain only one item (address, domain name) per line.
Once you have such a list of senders and/or domain names prepared, you can enter them by either of the following methods: by direct entry of each e-mail address or by importing the whole list of addresses at once. The following control buttons are available: · Edit - press this button to open a dialog, where you can manually enter a list of addresses (you can also use copy and paste). Insert one item (sender, domain name) per line.
9. E-mail Scanner The E-mail Scanner settings are configured from within the AVG E-mail Server Edition. From the application's main menu select Tools/Advanced Settings. Then from the left menu in the Advanced Settings dialog, select the E-Mail Scanner item.
· E-mail attachments reporting - specify whether you wish to be notified via e-mail about password protected archives, password protected documents, macro containing files and/or files with hidden extension detected as an attachment of the scanned e-mail message. If such a message is identified during scanning, define whether the detected infectious object should be moved to the Virus Vault. 9.1.
9.2. Mail Filtering The Attachment filter dialog allows you to set up parameters for e-mail messages attachment scanning. By default, the Remove attachments option is switched off. If you decide to activate it, all e-mail message attachments detected as infectious or potentially dangerous will be removed automatically. If you want to define specific types of attachments that should be removed, select the respective option: · Remove all executable files - all *.
10. FAQ and Technical Support Should you have any problems with your AVG, either business or technical, please refer to the FAQ section of the AVG website at www.avg.com. If you do not succeed in finding help this way, contact the technical support department by email. Please use the contact form accessible from the system menu via Help / Get help online. AVG 8.5 Email Server Edition © 2009 Copyright AVG Technologies CZ, s.r.o. All rights reserved.
