ESET MAIL SECURITY 4 - V4.2 FOR MICROSOFT EXCHANGE SERVER Manuel d'installation Page 1

ESET MAIL SECURITY FOR MICROSOFT EXCHANGE SERVER Installation Manual and User Guide Microsoft® Windows® Server 2000 / 2003 / 2008 / 2008 R2Click he

10After entering your username and password, click Next to proceed to Configure your Internet connection.If you use a proxy server, it must be correct

100Below is a detailed description of the available options:Compare – Allows you to compare two existing logs. It is suitable if you want to track cha

1014.7.3 Target selectionIn addition to CD/DVD/USB, you can choose to save ESET SysRescue in an ISO file. Later on, you can burn the ISOimage on CD/

102Security solution installed on the computer on which the ESET SysRescue CD is run.4.7.4.3 Advanced settingsThe Advanced tab lets you optimize the

1034.7.5 Working with ESET SysRescueFor the rescue CD/DVD/USB to work effectively, you must start your computer from the ESET SysRescue bootmedia. B

104The User interface features also include the option to password-protect the ESET Mail Security setup parameters.This option is located in the Setti

1054.8.1 Alerts and notificationsThe Alerts and notifications setup section under User interface allows you to configure how threat alerts andsystem

1064.8.2 Disable GUI on Terminal ServerThis chapter describes how to disable GUI of ESET Mail Security running on Windows Terminal Server for userse

107– no-maildo not scan email files– sfxscan self-extracting archives– no-sfxdo not scan self-extracting archives– rtpscan runtime packers– no-rtpdo n

108Possible exit codes of the scan:0– no threat found1– threat found but not cleaned10– some infected files remained101– archive error102– access erro

109The ThreatSense.Net setup is accessible from the Advanced Setup tree, under Tools > ThreatSense.Net. Select theEnable ThreatSense Early Warning

11NOTE: After a program component update, a restart is usually required. We recommend selecting the Neverrestart computer option. The latest component

110files for analysis does not affect submission of statistical information which is configured in its own setup (seesection Statistics ).When to subm

1114.11.3 SubmissionYou can select how files and statistical information will be submitted to ESET. Select the By means of RemoteAdministrator or di

1124.12 Remote administrationESET Remote Administrator (ERA) is a powerful tool to manage security policy and to obtain an overview of theoverall se

1134.13 LicensesThe Licenses branch allows you to manage the license keys for ESET Mail Security and other ESET products such asESET Mail Security,

1145. Glossary5.1 Types of infiltrationAn Infiltration is a piece of malicious software trying to enter and/or damage a user’s computer.5.1.1 Viru

115Backdoor – An application which communicates with remote attackers, allowing them to gain access to asystem and to take control of itKeylogger – (k

116If a file is detected as spyware on your computer, it is advisable to delete it, since there is a high probability that itcontains malicious code.5

1175.2.1 AdvertisementsInternet advertising is one of the most rapidly growing forms of advertising. Its main marketing advantages areminimal costs

1185.2.4.1 RulesIn the context of Antispam solutions and email clients, rules are tools for manipulating email functions. Theyconsist of two logical

1195.2.4.5 Server-side controlServer-side control is a technique for identifying mass spam based on the number of received messages and thereactions

12a) Open Advanced setup tree by pressing F5 key, navigate to Server protection > Antispam protection >Antispam engine and click on Clicking on

134) Now that the installation package is ready, you can initiate the remote installation on the nodes within a cluster.In the ERA > Remote Install

142.6 LicenseA very important step is to enter the license file for ESET Mail Security for Microsoft Exchange Server. Without it,email protection on

15If the number of mailboxes in your active directory exceeds your license count a message will be entered into yourMicrosoft Exchange Server log read

162.7 Post-Installation ConfigurationThere are several options that have to be configured after the product installation.Antispam protection setupTh

17Before starting full operation, we recommend that you manually configure the lists of restricted and allowed IPaddresses. To do so:1) Open the Advan

18Let's say you have a server with 4 physical CPUs. For the best performance, according to formula above, you shouldhave 9 scan threads and 9 sca

193. ESET Mail Security - Microsoft Exchange Server protectionESET Mail Security provides significant protection for your Microsoft Exchange Server. T

ESET MAIL SECURITYCopyright ©2012 by ESET, spol. s r.o.ESET Mail Security was developed by ESET, spol. s r.o.For more information visit www.eset.com.A

20normalized value assigned to a message that indicates the likelihood of the message being spam (based on thecharacteristics of the message header, i

21Add... - adds a new ruleEdit... - modifies an existing ruleRemove - removes a selected ruleClear - clears the rule counter (the Number column)Move u

22By email recipient:“J.Smith” or “[email protected]”By email subject:“ ”By attachment name:“.com” OR “.exe”By email body:(“free” OR “lottery”) AND (“win

233.1.3 Log filesLog files settings let you choose how the log file will be assembled. More detailed protocol can contain moreinformation, but it ma

243.1.4 Message quarantineThe Message quarantine is a special mailbox defined by the system administrator to store potentially infectedmessages and

25Message quarantine by recipient - by using this option, you can define message quarantine mailboxes formultiple recipients. Every quarantine rule ca

263.2 Antivirus and antispyware settingsYou can enable antivirus and antispyware mail server protection by selecting the Enable antivirus andantispy

273.2.1.1 Virus-Scanning Application Programming Interface (VSAPI)Microsoft Exchange Server provides a mechanism to make sure that every message com

28Server decides whether a background scan will run or not, based on various factors, such as the current systemload, the number of active users, etc.

293.2.1.1.3 Microsoft Exchange Server 2003 (VSAPI 2.5)This version of Microsoft Exchange Server includes VSAPI version 2.5.If you uncheck the Enable

Contents...5Introduction1...5What

30You can set Attachment deletion method to:Truncate file to zero length – ESET Mail Security truncates the attachment to zero size and lets the recip

31Enabling the Scan RTF message bodies option activates scanning of RTF message bodies. RTF message bodiesmay contain macro viruses.NOTE: Plain text e

323.2.1.1.5 Transport AgentIn this section you can enable or disable antivirus and antispyware protection by the transport agent. For MicrosoftExcha

333.2.2 ActionsIn this section you can choose to append a scan task ID and/or scan result information to the header of scannedmessages.3.2.3 Alert

34Add to the body of scanned messages: offers three options:Do not append to messagesAppend to infected messages onlyAppend to all scanned messagesBy

353.3 Antispam protectionIn the Antispam protection section, you can enable or disable spam protection for the installed mail server,configure antis

363.3.1 Microsoft Exchange Server3.3.1.1 Transport AgentIn this section you can set up options for spam protection using the transport agent.NOTE:

37Example of SMTP response message:Primary response codeComplementary status codeDescription4514.7.1Requested action aborted: local error in processin

383.3.2.1 Antispam engine parameter setupAntispam engine parameter setupYou can select a profile from a set of pre-configured profiles (Recommended,

39In the Allowed IP addresses tab you can specify IPs that should be approved, i.e., if the first non-ignored IP inReceived headers matches any addres

...90User Interface and application usage4.6.2...

40Microsoft Exchange 2007/2010- list of allowed and ignored IP addresses in the ESET Mail Security settings- list of Safe-senders for a given recipien

41ignored_ip_list List of ignored IP addresses. There's no need to add the list to the spamcatcher.conf file. You candefine it in the GUI of the

42of the program (see chapter Antispam engine parameter setup ).dnsbl_listList of DNSBL servers to be used in checks of domains and IP adrresses in th

43Type - can have the following values: SPAM, PHISH, BOUNCE, ADULT, FRAUD. If you enter othervalue that those listed above, the SPAM value will be use

44negatively influence the performance (delays during message evaluation).spf_listThis option allows you to assign importance to a specific SPF entry,

453.4 FAQQ: After installing EMSX with Antispam, emails stopped being delivered into mailboxes.A: If Greylisting is enabled, this is normal behavior

46Q: Is ESET Mail Security 4 for Microsoft Exchange Server compatible with Intelligent Message Filter?A: Yes, ESET Mail Security 4 for Microsoft Excha

47Q: Users download messages to their email clients via POP3 (bypassing Microsoft Exchange server), but themailboxes are stored on Microsoft Exchange

484. ESET Mail Security - Server protectionWhile providing Microsoft Exchange Server protection, ESET Mail Security has all of the necessary tools to

494.1.1.1.1 Media to scanBy default, all types of media are scanned for potential threats.Local drives – Controls all system hard drivesRemovable me

51. IntroductionESET Mail Security 4 for Microsoft Exchange Server is an integrated solution that protects mailboxes from varioustypes of malware cont

504.1.1.3 When to modify real-time protection configurationReal-time protection is the most essential component of maintaining a secure system. Ther

51If Real-time protection does not detect and clean infiltrationsMake sure that no other antivirus programs are installed on your computer. If two rea

524.1.2.1.1 CompatibilityCertain email programs may experience problems with POP3 filtering (e.g., if receiving messages with a slowInternet connect

534.1.2.2 Integration with email clientsIntegration of ESET Mail Security with email clients increases the level of active protection against malici

544.1.2.2.1 Appending tag messages to email bodyEach email scanned by ESET Mail Security can be marked by appending a tag message to the subject or

554.1.3 Web access protectionInternet connectivity is a standard feature in a personal computer. Unfortunately, it has also become the mainmedium fo

564.1.3.1.1 Address managementThis section enables you to specify HTTP addresses to block, allow or exclude from checking. The buttons Add...,Edit..

574.1.3.1.2 Active modeESET Mail Security also contains the Web browsers feature, which allows you to define whether the givenapplication is a brows

58Active mode is useful because it examines transferred data as a whole. If it is not enabled, communication ofapplications is monitored gradually in

594.1.4.1 Type of scanTwo types of On-demand computer scan are available. Smart scan quickly scans the system with no need forfurther configuration

61.3 Methods usedTwo independent methods are used to scan email messages:Mailbox scanning via VSAPIMessage filtering on the SMTP server level1.3.1

604.1.4.2 Scan targetsThe Scan targets drop-down menu allows you to select files, folders and devices (disks) to be scanned for viruses.By profile s

614.1.5 PerformanceIn this section, you can set the number of ThreatSense scan engines that will be used for virus scanning. MoreThreatSense scan en

62Block communication that uses the certificate – Terminates connection to the site that uses the certificate.4.1.6.1.1 Trusted certificatesIn addit

634.1.7.1 Objects setupThe Objects section allows you to define which computer components and files will be scanned for infiltrations.Operating memo

64Potentially unsafe applications – Potentially unsafe applications is the classification used for commercial,legitimate software. It includes program

654.1.7.4 ExtensionsAn extension is part of the file name delimited by a period. The extension defines the type and content of the file.This section

664.1.7.6 OtherScan alternate data streams (ADS) – Alternate data streams (ADS) used by the NTFS file system are file and folderassociations which a

67If an infected file is “locked“ or in use by a system process, it will usually only be deleted after it is released (normallyafter a system restart)

68NOTE: The username and password are provided by ESET after purchasing ESET Mail Security.

694.2.1 Update setupThe update setup section specifies update source information such as the update servers and authentication datafor these servers

71.4.3 Application of user-defined rulesProtection based on user-defined rules is available for scanning with both the VSAPI and the transport agent

704.2.1.1 Update profilesUpdate profiles can be created for various update configurations and tasks. Creating update profiles is especiallyuseful fo

714.2.1.2.1 Update modeThe Update mode tab contains options related to the program component update.In the Program component update section, three o

724.2.1.2.2 Proxy serverIn ESET Mail Security, proxy server setup is available in two different sections within the Advanced Setup tree.First, proxy

73Select the Do not use proxy server option to specify that no proxy server will be used to update ESET Mail Security.The Connection through a proxy s

744.2.1.2.3 Connecting to the LANWhen updating from a local server with an NT-based operating system, authentication for each networkconnection is r

754.2.1.2.4 Creating update copies - MirrorESET Mail Security allows you to create copies of update files which can be used to update other workstat

764.2.1.2.4.1 Updating from the MirrorThere are two basic methods of configuring the Mirror – the folder with update files can be presented as a sha

77the other computer. To specify authentication data, open ESET Mail Security Advanced Setup (F5) and click the Update branch. Click the Setup... butt

784.3 SchedulerScheduler is available if Advanced mode in ESET Mail Security is activated. Scheduler can be found in the ESET MailSecurity main menu

794.3.2 Creating new tasksTo create a new task in Scheduler, click the Add... button or right-click and select Add... from the context menu.Five typ

82. InstallationAfter purchasing ESET Mail Security, the installer can be downloaded from ESET’s website (www.eset.com) as an .msi package.Please note

804.4 QuarantineThe main task of quarantine is to safely store infected files. Files should be quarantined if they cannot be cleaned, ifit is not sa

814.4.3 Submitting file from QuarantineIf you have quarantined a suspicious file that was not detected by the program, or if a file was incorrectly

824.5 Log filesLogs store information about important events: detected infiltrations, logs from the on-demand scanner, logs fromthe resident scanner

83AntispamAll messages categorized by the ESET Mail Security as spam or probable spam are recorded here.Columns description:Time – time of entry into

84HTML Image Type spamSpam messages often take the form of pictures as another evasivestrategy applied against antispam detection methods. Such pictur

85GreylistingAll messages that have been evaluated using the greylisting method are recorded in this log.Columns description:Time – time of entry into

86Detected threatsThreat log offers detailed information about infiltrations detected by ESET Mail Security modules. The informationincludes the time

87Look in columns: - Select what columns will be taken into account when filtering. You can check one or morecolumns to be used for filtering. By defa

88What: - Type in a string (word, or part of a word). Only records that contain this string will be found. The rest of therecords will be omitted.Look

894.5.3 Log maintenanceThe Logging configuration of ESET Mail Security is accessible from the main program window. Click Setup > Enterentire adva

9from the program at a later time.In the next step - License Manager - Add the license file that was delivered via email after you purchased yourprodu

90Security .Please allow some time while ESET SysInspector scans your computer. It may take anywhere from 10 seconds up toa few minutes depending on y

914.6.2.1 Program ControlsThis section contains the description of all program controls available in ESET SysInspector.FileBy clicking File you can

924.6.2.2 Navigating in ESET SysInspectorESET SysInspector divides various types of information into several basic sections called nodes. If availab

93be found in the Description and Details windows.AboutInformation about version of ESET SysInspector and the list of program modules.4.6.2.2.1 Keyb

94ComparingCtrl+Alt+Oopens original / comparative logCtrl+Alt+Rcancels comparisonCtrl+Alt+1displays all itemsCtrl+Alt+2displays only added items, log

95Any comparative log can be saved to a file and opened at a later time.ExampleGenerate and save a log, recording original information about the syste

964.6.4.1 Generating Service scriptTo generate a script, right-click any item from the menu tree (in the left pane) in the ESET SysInspector mainwin

97Example:04) UDP endpoints:- 0.0.0.0, port 123 (ntp)+ 0.0.0.0, port 3702- 0.0.0.0, port 4500 (ipsec-msft)- 0.0.0.0, port 500 (isakmp)[...]When the sc

98Example:09) Critical files:* File: win.ini- [fonts]- [extensions]- [files]- MAPI=1[...]* File: system.ini- [386Enh]- woafont=dosapp.fon- EGA80WOA.FO

99How does ESET SysInspector evaluate the risk posed by a particular object ?In most cases, ESET SysInspector assigns risk levels to objects (files, p