Trend Micro InterScan Messaging Security Suite Certification Training Course Student Textbook
Information in this document is subject to change without notice, The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. Copyright 2003 Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior written consent of Trend Micro Incorporated. All other brand and product names are trademarks or registered trademarks of their respective companies or organizations. Program Manager: Tom Brandon Editorial: Niche Associates, Inc. Released: October 2003 v01
Table of Contents InterScan Messaging Security Suite...5 Course Objectives... 5 Prerequisites... 6 Chapter 1: Overview of InterScan Messaging Security Suite...7 Product Features... 14 New Feature: Spam Prevention Service... 18 Enterprise Protection Strategy... 18 Chapter 2: Setup, Installation, and Registration...23 Preparing to Install InterScan MSS... 37 Upgrading from InterScan MSS 5.15... 41 Installing InterScan MSS 5.5... 41 Registering InterScan MSS... 45 Upgrading From the Evaluation Period... 46 Update Settings... 47 Chapter 3: Configuring SMTP Routing Settings...55 SMTP Routing... 60 Delivery Settings... 65 Message Settings... 69 Testing the InterScan MSS Installation... 72 Chapter 4: Configuring POP3 Email Scanning Settings...75 POP3 Email Scanning... 79 Chapter 5: Configuring General and Security Settings...87 General Settings... 94 Security... 100 Chapter 6: Understanding and Configuring Policies...107 Policy Overview... 117 Two Types of Policies... 118 Editing Global Policy Filters... 124 Creating a Sub-Policy... 128 Creating New Filter Actions... 135 Chapter 7: Understanding Filters...143 Filters... 159 The Antivirus Filter... 159 Configuring the Advanced Content Filter... 164 Configuring a Message-Attachment Filter... 179 Configuring General Content Filter... 184 Configuring Message-Size Filters... 185 Configuring Disclaimer Manager Filter... 186 Configuring the emanager Anti-Spam Filter... 188 Spam Prevention Service (SPS)... 188 Managing the Quarantine Area... 200
Chapter 8: Configuring System Monitor and Log Maintenance Settings...207 System Monitor Settings... 212 Log Maintenance Settings... 214 Chapter 9: Troubleshooting...219 Troubleshooting Common Problems... 225 Troubleshooting the Installation Process... 225 Getting Support from Trend Micro... 226 SolutionBank... 226 Changes to the ISNTSmtp.ini File... 226 Appendix A: Using Trend Micro Online Resources...231 Contacting Trend Micro... 231 Trend Micro Virus Doctors... 231 Client Scans with HouseCall... 231 Trend Micro Security Information Center... 232 Appendix B: Adding Entries to DNS and Excluding Files From Scanning...233 Adding Entries to DNS... 233 Excluding Certain Types of Text Files from Scanning... 234 Appendix C: Uninstalling and Reinstalling InterScan Messaging Security Suite...235 Appendix D: Example Logs...237 Appendix E: Interpreting Header Information...243 Appendix F: Answers to Review Questions...245
InterScan Messaging Security Suite InterScan Messaging Security Suite Course Objectives After studying this course as part of an ATC Training Program, you should be able to: Knowledge Describe the main features of InterScan Messaging Security Suite (InterScan MSS) Explain how InterScan MSS protects your email system from viruses and other malware Describe the main features of emanager Explain how emanager controls the content entering your email system Describe how heuristic scan engine works and how Spam Prevention Service (SPS) uses it to filter spam. Skills Install InterScan MSS Use the Management Console to configure InterScan MSS for varying network conditions and preferences Test the capabilities of InterScan MSS Monitor the performance of InterScan MSS Update the virus pattern, scan-engine, and program files of InterScan MSS How to Use This Material To help you understand how to use InterScan MSS, this course is based on a learning model comprised of the following: Chapters Each chapter focuses on one aspect of using InterScan MSS to protect your network from viruses in the wild. In addition to defining important concepts and terms, each chapter outlines the various administration tasks you need to perform. For example, you will learn how to install, configure, and troubleshoot InterScan MSS. The PowerPoint slides your instructor uses to teach the course appear at the beginning of each chapter. The rest of the chapter contains detailed information that you can read or refer to after class. 2003 Trend Micro Incorporated 5
Trend Micro InterScan Messaging Security Suite Student Textbook Chapter Objectives Each chapter starts with a list of objectives so you can see how the chapter fits into the overall course goal. After reading the chapter, you should be able to fulfill the chapter objectives. Summary Each chapter ends with a summary, listing the important information explained in the chapter. The summary mirrors the chapter objectives. Review Questions To help you fulfill the chapter objectives, each chapter includes review questions that test your understanding of the chapter material. After reading the chapter, you should be able to answer the questions easily and quickly. If you cannot answer a question, you should review the chapter material. The answers to the review questions are provided in Appendix F: Answers to Review Questions. Prerequisites This course is designed for end users and resellers who need to install and set up InterScan MSS and for those who seek Trend Micro antivirus suite certification. The following professionals benefit most from this course: System administrators Network engineers Before you take this course, Trend Micro recommends that you have the following knowledgebase: A general knowledge of TCP/IP A working knowledge of Microsoft Windows 2000 and Windows 2000 Advanced Server A working knowledge of Simple Mail Transfer Protocol (SMTP) A working knowledge of Microsoft Internet Information Server (IIS) A working knowledge of Microsoft Exchange and Microsoft Outlook Express Familiarity with the physical aspects of networking (such as network interface boards, cables, jacks, hubs, routers and so on) 6 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite Chapter 1: Overview of InterScan Messaging Security Suite Chapter Objectives After completing this chapter, you should be able to Describe the main features of InterScan Messaging Security Suite (InterScan MSS) 2003 Trend Micro Incorporated 7
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 8 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite Notes 2003 Trend Micro Incorporated 9
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 10 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite Notes 2003 Trend Micro Incorporated 11
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 12 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite Notes 2003 Trend Micro Incorporated 13
Trend Micro InterScan Messaging Security Suite Student Textbook Product Features InterScan MSS is a high-performance, policy-based antivirus and content-security Simple Mail Transfer Protocol (SMTP) and Post Office Protocol 3 (POP3) server. InterScan MSS performs the following functions: Protects enterprise messaging systems from Internet-borne malware Blocks the transmission and receipt of spam and other non-business-related content InterScan MSS can be deployed into an existing SMTP messaging environment and protects networks from virus infection through the SMTP gateway. In addition to SMTP traffic, InterScan MSS can scan Post Office Protocol 3 (POP3) messages. POP3 scanning is performed using the InterScan MSS POP3 proxy that runs on the same server as the SMTP scanning function (using a different port). InterScan MSS emanager filters messages for spam and non-business-related content such as profanity, sexually offensive content, and racially offensive content. emanager includes filters that you can configure to block any type of content from your email system. You can also configure the Spam Prevention Service (SPS) filters to block unwanted content from your network. AMON Support InterScan MSS 5.5 supports Application Monitoring (AMON ) from Check Point Software Technologies, LTD. InterScan MSS uses AMON to report scanning statistics to Check Point System Status Viewer. Automatic Detection of Multiple Network Interface Card If you install InterScan MSS on a server that has multiple network interface cards, the setup program automatically detects the IP address of each card. You can then select the IP address that you want the program to use. Best-Match Algorithm The best-match algorithm is the method that InterScan MSS uses to determine which policy to apply to an email. InterScan MSS applies the policy with the route that most closely matches the addresses of the incoming email. Cluster Servers InterScan MSS supports cluster servers for increased performance. When you install multiple instances of InterScan MSS on clustered servers, you can save your customized settings, which are stored in INI, DAT files, and registry entries. You can then apply these settings to each instance of InterScan MSS running on the cluster servers. 14 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite Content Management You can use InterScan MSS to inspect email messages and attachments and stop unwanted content at the gateway. Email is an indispensable business tool, but it must be managed properly to ensure it is used productively. You can create filters that use keyword expressions to eliminate anything from violent, sexually offensive, or racially offensive content to personal communications. Domain-Based Message Routing With InterScan MSS, email routing is based on the recipient domain. This domain-based routing capability provides flexible message delivery through multiple smarthosts or specific Domain Name System (DNS) servers. Early Detection of Mass-Emailing Viruses InterScan MSS detects mass-emailing viruses such as the Melissa, Loveletter, and AnnaKournikova viruses. These email-aware viruses use the infected computer s email client and address book to spread themselves. Trend Micro publishes a list of these auto-spamming viruses in the antispam pattern file, which InterScan MSS updates from the Trend Micro ActiveUpdate server. InterScan MSS also protects your network from new mass-emailing viruses before they are added to the antispam pattern file. InterScan MSS recognizes the symptoms of infected messages and blocks them. For example, the file attachment name or extension and the text that appears in the message body or header typically remain the same as the virus spreads. InterScan MSS can recognize these identifying characteristics and determine that a mass-mailing virus is spreading the file. Because email-aware viruses can be so damaging, InterScan MSS may take different actions when it detects mass-emailing viruses than the actions it takes against other viruses. For example, if InterScan MSS detects a macro virus in a Microsoft Office document, it can quarantine the document, in case it contains important information that has to be retrieved. If InterScan MSS detects a mass-emailing virus, however, the program can automatically delete the infected file. Deleting the file saves resources that would be used to scan, quarantine, or otherwise process a file that has no value. In addition to saving resources, deleting the file can prevent help-desk calls from concerned employees and eliminate post-outbreak cleanup. Enhanced Performance InterScan MSS includes an enhanced built-in email transfer agent (MTA), email delivery agent (MDA), and virus/content scanner to ensure that your messaging system runs efficiently. In addition, InterScan MSS has a multithreaded design that takes full advantage of multiprocessor systems. 2003 Trend Micro Incorporated 15
Trend Micro InterScan Messaging Security Suite Student Textbook Policy-Based Management InterScan MSS provides policy-based management, which makes it easier to regulate content and filter for viruses. To enforce email usage guidelines, you can create multiple virus and content-filtering policies on a single InterScan MSS server. You can also set up different policies for individuals or groups, based on sender and recipient addresses. A policy consists of the following three attributes: Who What Action To whose messages the policy applies What message or attachment characteristics, such as addresses, keyword expressions, file types and sizes are to be filtered The action to take with email that triggers the filters Quarantine Manager You can use the Quarantine Manager to manage messages in the quarantine area. The Quarantine Manager is part of the InterScan MSS Web console. You can view the messages in the quarantine area and decide what action you want to take with them. The Quarantine Manager has a query feature that you can use to retrieve information about the messages in the quarantine area, including the reason the message was quarantined. Secure, Web-Based Management Console InterScan MSS includes a Secure Sockets Layer (SSL)-compatible, Web-based Management Console. Using this Management Console, you can control access to InterScan MSS servers and sessions from any Web-enabled workstation on your network. Server Access Control You can set connection and relay restrictions that prevent unauthorized use of your InterScan MSS server. Such restrictions can prevent spammers from using your email servers to relay email messages. To ensure that InterScan MSS processes only messages you deem acceptable, you can also set limits on inbound connections, message sizes, and other parameters. Single-Server, Multiple-Policy Support A single InterScan MSS server can enforce company rules on email use. You can set up different policies for individuals or groups based on the sender and recipient addresses. You can create a maximum of 3,000 sub-policies within a single InterScan MSS installation. However, each sub-policy can have an unlimited number of filters. 16 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite SMTP Load Balancing to Downstream Email Servers InterScan MSS has an enhanced domain-based delivery mechanism and delivers email to downstream SMTP servers in round-robin fashion. This delivery mechanism balances the email load for all downstream SMTP servers (see Figure 1-1). InterScan MSS forwards email to the first available server. 1 SMTP 4 IMSS 5 2 SMTP Internet 6 3 SMTP Figure 1-1: InterScan MSS uses a round-robin method to forward email to downstream SMTP servers. Support for POP3 Email InterScan MSS can scan POP3 email traffic. The POP3 proxy runs on the same server as the SMTP scanning function, but it uses a different port. InterScan MSS also includes a POP3 Client Tool, which is an ActiveX control for configuring email clients. You can use the POP3 Client Tool to automate the configuration of several common email clients. Note: The ActiveX configuration tool only works with Outlook Express. All other clients require manual configuration. System Monitor InterScan MSS includes a built-in agent, called the System Monitor, which monitors the status of the InterScan MSS server. The System Monitor can notify you by email or Simple Network Management Protocol (SNMP) trap when fault conditions, such as a virus, threaten to disrupt the email flow. Detailed logging helps you take a proactive approach to these issues and eliminate them before they become a problem. Event monitoring helps you identify potential trouble spots and provides notifications so that you can correct problems and keep the system running smoothly. 2003 Trend Micro Incorporated 17
Trend Micro InterScan Messaging Security Suite Student Textbook Some events are handled automatically. For example, if the InterScan MSS service stops, it restarts automatically to ensure email flow is not interrupted. New Feature: Spam Prevention Service The addition of Spam Prevention Service (SPS) 2.0 provides InterScan MSS with heuristic spam filtering capabilities. Heuristic technology calculates the probability that a particular message is spam. Unlike other methods used to identify spam, heuristic technology is capable of identifying first-time spam, or spam that has not been previously documented. Because spammers frequently change the techniques they use, heuristic scanning is an important layer of defense against new spam. Enterprise Protection Strategy InterScan MSS protects your network at the SMTP gateway, which is one of the main entry points to your network. However, you must also protect the other entry points to your network. For example, when users browse the Internet or download files from Web sites, their workstations might be attacked by malware. When mobile users plug their laptops into public networks, home networks, or networks at other companies, their laptops might be attacked by malware. When these users reconnect to your network, malware on their computers can spread to your network. Once the malware enters your network, it can quickly spread to all vulnerable devices. To help you protect all the entry points to your network, Trend Micro offers variety of products that you can use to protect all the entry points to your network (see Table 1-1). Product Protection Platform InterScan Web Security Suite HTTP and FTP Windows and Solaris InterScan VirusWall SMTP, HTTP, and FTP Windows, Solaris, HP-UX, Linux, and IBM AIX InterScan Messaging Security Suite SMTP and POP3 Windows and UNIX InterScan Web Manager HTTP Windows ScanMail for Microsoft Exchange SMTP Microsoft Exchange on Windows ScanMail for Lotus Notes SMTP IBM Lotus Domino on Windows, IBM AIX, IBM S/390, IBM AS/400, Linux, Solaris, and SUSE 18 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite Product Protection Platform ScanMail for OpenMail SMTP OpenMail on HP-UX ServerProtect File system Windows, NetWare, Network Appliance Filers, EMC Celerra, and Linux PortalProtect File system Microsoft SharePoint Portal Server on Windows Damage Cleanup Server PC-cillin OfficeScan Corporate Edition Cleaning templates that repair damage to device, including changes made to registry, files, and open ports File system, network shares, POP3 File system, TCP/IP, Outlook client, PDAs, and wireless devices Client: Windows Server: Windows Windows Client: Windows Server: Windows Table 1-1: Trend Micro products that you can use to protect the different entry points on your network. Note: To help you protect your network against the latest malware threats, Trend Micro is constantly updating its products. For up-todate information, visit http://www.trendmicro.com. Protecting individual devices and systems is only the first layer of defense. To prevent malware from damaging your network and causing downtime, you need an integrated solution that coordinates all virus-protection products, mitigates damage caused by malware attacks, and cleans damaged systems. The Trend Micro Enterprise Protection Strategy (EPS) combines products, services, and support to protect network entry points. To rebuff a malware attack, the Enterprise Protection Strategy delivers a coordinated defense that begins when a new virus is discovered and ends when the threat is eliminated. 2003 Trend Micro Incorporated 19
Trend Micro InterScan Messaging Security Suite Student Textbook Relying on a broad offering of specific products and resources, the Trend Micro EPS includes these basic components (see Figure 1-1): Trend Micro Control Manager Outbreak Prevention Services Virus Response Services Damage Cleanup Services CENTRALIZED MANAGEMENT Trend Micro Control Manager (outbreak lifecycle management, deployment, and reporting) OUTBREAK LIFECYCLE PHASES OUTBREAK PREVENTION VIRUS RESPONSE ASSESSMENT & RESTORATION STAGES Threat Information Attack Prevention Notification & Assurance Pattern File Scan & Eliminate Assess & Clean up Restore & Post-Mortem TREND MICRO SERVICES OUTBREAK PREVENTION SERVICES VIRUS RESPONSE SERVICES DAMAGE CLEANUP SERVICES Figure 1-1: Using Trend Micro Enterprise Protection Strategy to manage the outbreak lifecycle Trend Micro Control Manager Trend Micro Control Manager provides centralized management and enterprise-wide coordination of all Trend Micro antivirus and content-security products and services. Using Trend Micro Control Manager, you can monitor virus activity on your network from a central location. You can ensure that virus pattern files are always updated, and you can deploy and enforce virus-protection policies across the entire network. You can also respond quickly to virus outbreaks. Outbreak Prevention Services Outbreak Prevention Services (OPS) provides proactive attack updates, outbreak prevention policies, and system-wide status reports. Coupled with Trend Micro products that reside at critical points across the network, OPS accelerates response times in protecting networks against new malware. By applying information and prevention policies that focus on a specific threat, you can deflect, isolate, and restrict attacks before they spread. These early prevention measures help reduce system damage and prevent costly shutdowns that affect business operations. Virus Response Services Virus Response Services includes the Virus Response Service Level Agreement (SLA) and threat-based scanning. The SLA is a penalty-backed guarantee to deliver a virus pattern file within two hours from the time the customer submits a virus case. If Trend Micro fails to meet this promise, it will pay the customer an amount of money agreed to in the SLA. 20 2003 Trend Micro Incorporated
Chapter 1: Overview of InterScan Messaging Security Suite The virus pattern file provided with Virus Response Services includes threat-based scanning. This feature increases the efficiency of virus scanning by focusing the search in areas where the threat is most likely to be found. Damage Cleanup Services The Damage Cleanup Services provides cleaning templates that scan the system and assess the damage incurred during the outbreak. The template analyzes changes that were made to the files, system settings, and network protocols. These changes include hidden guest accounts, registry entries, or memory-resident payloads. For more information about the EPS, visit Trend Micro s Web site at http://www.trendmicro.com. 2003 Trend Micro Incorporated 21
Trend Micro InterScan Messaging Security Suite Student Textbook Chapter 1 Summary and Review Questions Summary InterScan MSS analyzes email messages and attachments for content that you want to block from your network. Because InterScan MSS supports both SMTP and POP3 traffic, it can scan all messages entering or leaving your company s email system. With InterScan MSS, you can block viruses at the gateway before they enter your company s messaging system or network. In addition, you can block non-business-related email, including violent, sexually offensive, or racially offensive email. To enforce your company s email usage rules, you can create virus and content-filtering policies. You can also set up different policies for individuals or groups, based on sender and recipient addresses. Review Questions 1. Which feature allows you to control the level of antivirus and content management that is applied to members of your organization? a. Domain-based message routing b. Quarantine manager c. Policy-based management d. Single-server, multiple policy support 2. Which feature can you use to filter unwanted email, such as sexually or racially insensitive material? a. Domain-based message routing b. Content management c. Policy-based management d. Single-server, multiple policy support 3. Which feature notifies you when a fault condition threatens to disrupt email flow? a. Content management b. Enhanced server access control c. Quarantine manager d. System Monitor 22 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Chapter 2: Setup, Installation, and Registration Chapter Objectives After completing this chapter, you should be able to: List the options for incorporating InterScan Messaging Security Suite (InterScan MSS) into your current firewall setup Choose an installation server, based on the requirements of your company s network Install InterScan MSS Register InterScan MSS Configure InterScan MSS Upgrade InterScan MSS from trial to full version Update InterScan MSS 2003 Trend Micro Incorporated 23
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 24 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Notes 2003 Trend Micro Incorporated 25
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 26 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Notes 2003 Trend Micro Incorporated 27
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 28 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Notes 2003 Trend Micro Incorporated 29
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 30 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Notes 2003 Trend Micro Incorporated 31
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 32 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Notes 2003 Trend Micro Incorporated 33
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 34 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Notes 2003 Trend Micro Incorporated 35
Trend Micro InterScan Messaging Security Suite Student Textbook Notes 36 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Preparing to Install InterScan MSS Before you install InterScan MSS, consider the following: Location You must decide how to incorporate InterScan MSS with your firewall. Installation server You must decide whether to install InterScan MSS on the Simple Mail Transfer Protocol (SMTP) server or on a dedicated server. Hardware requirements You must ensure that the server meets the minimum hardware requirements for running InterScan MSS. Incorporating InterScan MSS with Your Firewall Trend Micro recommends the following two options for incorporating InterScan MSS into your current firewall setup: Behind the firewall In the Demilitarized Zone (DMZ) Behind the Firewall You should always install InterScan MSS behind a firewall. In this configuration, the firewall can continue to protect your network against intrusion while InterScan MSS provides content scanning and filtering (see Figure 2-1). Note: You should never install InterScan MSS in front of your company s firewall. InterScan MSS is a content-security product, not a firewall. IMSS SMTP Server Internet Firewall domain2.com Figure 2-1: Installing InterScan MSS behind the firewall. 2003 Trend Micro Incorporated 37
Trend Micro InterScan Messaging Security Suite Student Textbook In the DMZ You can install InterScan MSS in a DMZ, which further protects your company s network from Internet-based attacks. A DMZ isolates traffic that is coming from the Internet, preventing this traffic from directly accessing your network. You can create a DMZ by installing two firewalls to separate your network from the Internet. The area between the two firewalls is the DMZ, which is where you would place your InterScan MSS server (see Figure 2-2). DMZ Incoming (port 25) Outgoing (port 25) IMSS SMTP Server Internet External Firewall Internal Firewall Figure 2-2: Installing InterScan MSS on a dedicated server in the DMZ. You can also create a DMZ using just one firewall. In such a configuration, email passes through the firewall when entering the network. After InterScan MSS has scanned the email, it sends it back through the firewall and to the receiving client. (see Figure 2-3). Firewall SMTP Server Internet Receiving Client Email passes through the firewall on the way to the InterScan MSS server. After InterScan MSS completes the scanning, it routes the email back through the firewall and to the SMTP server. IMSS Figure 2-3: Installing InterScan MSS in a one-firewall DMZ. 38 2003 Trend Micro Incorporated
Chapter 2: Setup, Installation, and Registration Choosing the InterScan MSS Server You can either install InterScan MSS on your SMTP server or on a dedicated server. Installing InterScan MSS on a server that runs other applications can decrease efficiency. Trend Micro recommends that you install InterScan MSS on a dedicated server. The decision of where to install InterScan MSS, however, is based primarily on resource availability and SMTP traffic. Installing InterScan MSS on a dedicated server is ideal for networks with heavy email traffic because the overhead on the email server does not increase. If your email server has antivirus products from other vendors, installing InterScan MSS on a dedicated server prevents problems that might arise as a result of conflicting applications. Installing InterScan MSS on your email server does not require any additional servers. This configuration also uses less network bandwidth, and you do not have to make any changes to your network s DNS configuration (see Figure 2-4). IMSS Existing SMTP Gateway Client Internet Firewall Figure 2-4: Installing IMSS on the original SMTP server. If you install InterScan MSS on your email server, you must configure the InterScan MSS server exactly as your existing SMTP server is configured. Matching the configuration ensures that the email server and InterScan MSS both process the all email. When you install InterScan MSS on the same computer as the email server, ensure that the SMTP and InterScan MSS ports do not conflict. InterScan MSS binds to port 25 by default, so the port on the existing SMTP server must be changed prior to installing InterScan MSS. If you are using POP3, the POP3 port numbers should also be changed because InterScan MSS tries to bind to port 110. After you reassign these ports, you can run the InterScan MSS setup program. Configuring Email Flow Through Your Network Regardless of where you install InterScan MSS, you must configure your email flow in the same fashion. Incoming email must pass through InterScan MSS first. After InterScan MSS scans email, it passes it to the network email server, which then passes it to the receiving clients. Outgoing email must pass through the network email server first, which then passes it to InterScan MSS (see Figure 2-5). 2003 Trend Micro Incorporated 39