ESET Mail Security 4 for Microsoft Exchange Server User Guide Microsoft® Windows® Server 2000 / 2003 / 2008
ESET Mail Security Copyright © 2010 by ESET, spol. s.r.o. ESET Mail Security was developed by ESET, spol. s r.o. For more information visit www.eset.com. All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without permission in writing from the author. ESET, spol. s r.o.
Contents ................................................4 1. Introduction 1.1 1.2 1.3 System ........................................................................4 requirements Methods ........................................................................4 used 1.2.1 Mailbox ..............................................................................4 scanning via VSAPI 1.2.2 Message ..............................................................................
1. Introduction 1.2.1 ESET Mail Security 4 for Microsoft Exchange Server is an integrated solution protecting user mailboxes from various types of malware content (most often they are email attachments infected by worms or trojans, documents containing harmful scripts, phishing, spam etc.). ESET Mail Security provides three types of protection: Antivirus, Antispam and application of userdefined rules.
is the Greylisting technique (disabled by default). The technique relies on the RFC 821 specification, which states that since SMTP is considered an unreliable transport, every message transfer agent (MTA) should repeatedly attempt to deliver an email after encountering a temporary delivery failure. A substantial part of spam consists of one-time deliveries (using specialized tools) to a bulk list of email addresses generated automatically.
2. Installation After purchase, the ESET Mail Security installer can be downloaded from ESET’s website as an .msi package. Once you launch the installer, the installation wizard will guide you through the basic setup. There are two types of installation available with different levels of setup details: Enter your Username and Password, i.e., the authentication data you received after the purchase or registration of the product, into the corresponding fields.
your operating system. These applications are often bundled with other programs and may be difficult to notice during the installation process. Although these applications usually display a notification during installation, they can easily be installed without your consent. Next, Enter your Username and Password. This step is the same as in Typical installation (see “Typical installation” 6 ). In the next step - License Manager - Add the license file delivered via email after the product purchase.
If you use a proxy server, it must be correctly configured for virus signature updates to work correctly. If you do not know whether you use a proxy server to connect to the Internet, select the default setting I am unsure if my Internet connection uses a proxy server. Use the same settings as Internet Explorer (Recommended) and click Next. If you do not use a proxy server, select the I do not use a proxy server option. To configure your proxy server settings, select I use a proxy server and click Next.
2.3 License A very important step is to enter the license file for ESET Mail Security for Microsoft Exchange Server. Without it, email protection on the Microsoft Exchange Server will not work properly. If you do not add the license file during installation, you can do so later in the advanced settings, under Miscellaneous > Licenses.
2. Quarantine This option excludes the risk of deleting legitimate email. Messages can be restored and resent to the original recipients immediately. The drawbacks of this method are higher consumption of system resources and additional time required for email quarantine maintenance. You can use two methods to quarantine email: A.
If the option to move messages into email quarantine is enabled, you need to configure the quarantine under the section Message quarantine in the Advanced settings window.
3. Update Updating the virus signature database and updating program components are an important part of providing complete protection against malicious code. Please pay attention to their configuration and operation. From the main menu, select Update and then click Update virus signature database in the primary window to check for a newer database update. Username and Password setup... displays a dialog box where the username and password received at the time of purchase should be entered. 3.
4. ESET Mail Security - Microsoft Exchange Server protection 4.1.1.1 Adding new rules This wizard guides you through adding user-specified rules with combined conditions. 4.1 General settings This section describes how to administer rules, log files, message quarantine and performance parameters. 4.1.1 Rules The Rules menu item allows administrators to manually define email filtering conditions and actions to take with filtered emails. The rules are applied according to a set of combined conditions.
Examples of entering conditions: By target mailbox: smith By email sender: smith@mail.com By email recipient: “J.Smith” or “smith@mail.com” By email subject: “” By attachment name:“.com” OR “.exe” By email body: (“free” OR “lottery”) AND (“win” OR “buy”) 4.1.1.2 Actions This section allows you to select actions to take with messages and/or attachments matching conditions defined in rules. You can take no action, mark the message as if it contained a threat/spam or delete the whole message.
4.1.4 Performance In this section, you can define a folder in which to store temporary files to improve program performance. If no folder is specified, ESET Mail Security will create temporary files in the system’s temporary folder. You can specify the message quarantine address in the Common message quarantine field (e.g. main_quarantine@company.com).
scanned messages based on spam score – SCL is a normalized value assigned to a message that indicates the likelihood of the message being spam (based on the characteristics of the message header, its subject, content, etc.). A rating of 0 indicates that the message is highly unlikely to be spam, while a rating of 9 indicates that the message is very likely spam. SCL values can be processed further by the Microsoft Exchange Server's Intelligent Message Filter (or Content Filter Agent).
4.2.3 Performance In this section, you can set the number of ThreatSense scan engines that should be used for virus scanning. More ThreatSense scan engines on multiprocessor machines can increase the scan rate. (scanning is performed after each virus signature database update), we recommend using scheduled scanning outside working hours. Scheduled background scanning can be configured via a special task in the Scheduler/Planner.
Enabling the Scan RTF email bodies option activates scanning of RTF message bodies. 4.2.4.2.1 Actions In this section you can specify the actions to be performed when a message and/or attachment is evaluated as infected. 4.2.4.2 2.0) Microsoft Exchange Server 2000 (VSAPI This version of Microsoft Exchange Server includes VSAPI version 2.0. The Actions to take if cleaning not possible field allows you to block infected content or delete the message.
Scheduler/Planner. When you schedule a Background scanning task you can set the launch time, the number of repetitions and other parameters available in the Scheduler/Planner. After the task has been scheduled, it will appear in the list of scheduled tasks and as with the other tasks, you can modify its parameters, delete it or temporarily deactivate the task. If you want to scan plain text messages, select the Scan plain text email bodies option.
4.2.4.3.2 Performance In this section you can set the number of independent scan threads used at a single time. More threads on multiprocessor machines can increase the scan rate. For the best program performance we advise using an equal number of ThreatSense scan engines and scan threads. The Response time limit (sec.) allows you to set the maximum amount of time a thread waits for a message scan to complete.
messages will be stored in the email server quarantine. Please note that this is the server's managed quarantine (not the client's quarantine or the quarantine mailbox). Infected messages stored in mail server quarantine are inaccessible until they are cleaned with the latest virus signature database. By activating Rescan, you can scan messages and files that have already been scanned again. 4.2.4.4.2 Performance In this section you can set the number of independent scan threads used at a single time.
4.3.2 Alerts and notifications Each email scanned by ESET Mail Security and marked as spam can be flagged by appending a notification tag to the email subject. By default, the tag is [SPAM], although it can be a user-defined string. NOTE: You can also use system variables when adding a template to the message subject. 4.3.3 In the Allowed IP addresses tab you can specify IPs that should be approved, i.e.
will typically not attempt to resend the message, as they usually go through thousands of email addresses and do not waste time resending. Greylisting is an additional layer of antispam protection and does not have any effect on the spam evaluation capabilities of the antispam module.
Exchange Server 5.5 SP3 or SP4, the value will be expressed in milliseconds and represents the period after which the client will retry to access the file that had been previously inaccessible due to scanning.. Q: How long can the list of file types be in one rule? A: The file extensions list can contain a maximum of 255 characters in a single rule. Q: I have enabled the Background scanning option in VSAPI.
