Symantec Mail Security for Microsoft Exchange Getting Started Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 6.5.5 Legal Notice Copyright 2011 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be "commercial computer software" and "commercial computer software documentation" as defined in FAR Sections 12.212 and DFARS Section 227.7202. Symantec Corporation 350 Ellis Street Mountain View CA 94043 USA http://www.symantec.com
Contents Getting Started... 5 Introducing Symantec Mail Security for Microsoft Exchange... 5 What's new in Mail Security... 5 Components of Mail Security... 10 Before you install... 12 System requirements... 14 Server system requirements... 15 Console system requirements... 17 Installation options... 17 Migrating to version 6.5... 18 Where to get more information about Mail Security... 20
4 Contents
Getting Started Introducing Symantec Mail Security for Microsoft Exchange Symantec Mail Security for Microsoft Exchange Serverversion (a member of the Symantec Information Foundation product family) is a complete, customizable, and scalable solution that scans email that passes through or resides on the Microsoft Exchange server. Mail Security protects your Exchange server from the following: Threats (such as viruses, Trojan horses, worms, and denial-of-service attacks) Security risks (such as adware and spyware) Unwanted file attachments Unsolicited email messages (spam) Mail Security also lets you manage the protection of one or more Exchange servers from a single console. The Exchange environment is only one avenue by which a threat or security risk can penetrate a network. For complete protection, ensure that every computer and workstation is protected by an antivirus solution. What's new in Mail Security Table 1 lists the new and enhanced features in Mail Security.
6 Getting Started What's new in Mail Security Table 1 Feature New and enhanced features Description Enhanced Premium AntiSpam for better spam protection Improved Defences Against Targeted Attacks A new antispam module applies machine learning to better target distributed low volume attacks such as 419 spam (scams) and phishing attacks. Real Time Updates New streaming architecture that lets you download antispam rule micro updates as frequently as every second, to better defend against new threats and improve overall effectiveness. Content filtering - match highlighting Symantec Protection Center 2.0 ready for Exchange Server 2007/2010 Mail Security version 6.5.5 lets you determine the content that triggered content filtering policy. It identifies violating terms and the match lists that these violating terms belong to. It highlights them in the event log and in the Admin notification, which reports content filtering violation. Also, for files enclosed in a container, the event log and Admin notification highlights the name of the file within the container. Symantec Protection Center (SPC) is an appliance that simplifies security management by centralizing security reporting and management across Symantec and other third-party products. SPC aggregates security data from multiple products and makes this data available on a dashboard and in cross-product reports. From version 6.5.5 onward, Symantec Mail Security for Microsoft Exchange is ready for integration with Symantec Protection Center 2.0. Mail Security version 6.5.5 includes the Symantec Mail Security Management Service. This service remains dormant until SPC 2.0 is deployed in the Exchange environment. Once SPC 2.0 is deployed, this service is used to make Mail Security version 6.5.5 available to integrate with SPC.
Getting Started What's new in Mail Security 7 Table 1 Feature New and enhanced features (continued) Description Background Scan status logs Support for in-memory scanning during transport Mail Security version 6.5.5 provides improved logs with status of the background scan. It generates an event when background scan is either halted or is complete. In this event, it also provides the count of number of items that were scanned so far during this scan. In the background scan completion event, it provides the total time that is taken for completing the scan. Mail Security leverages in-memory scanning to accelerate email scans during transport and reduce disk I/O. By default, the in-memory scanning feature is enabled. The default size of attachments or message body that can be scanned using memory-based scanning is 5 MB. You can use the registry key SharedMemBufSizeInMB to change the default size of attachments or message body for memory-based scanning. If you set the value of the registry key SharedMemBufSizeInMB to zero, the in-memory scanning feature is disabled. To specify a value for the registry key SharedMemBufSizeInMB, you must first create this registry key at the following location in the Registry Editor window: HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Symantec\SMSMSE\6.5\ Server\Components\SMTP\ Support for alert notifications for out-of-date virus definitions Mail Security sends notifications when virus definitions are older than the configured number of days. You can specify the frequency of sending notifications when old definitions are found. Yoiu can also configure the number of days an outdated virus definition can remain on the system after which a notification is sent. This configuration is done using registry settings.
8 Getting Started What's new in Mail Security Table 1 Feature New and enhanced features (continued) Description Support for Exchange Server 2010 Mail Security supports Exchange Server 2010 on the following roles: Edge Transport Hub Transport Mailbox Addition of a Global Group for Exchange Server 2010 Support for Manual and Scheduled Scan in Exchange Server 2010 Support for Filtering contents in Exchange Server 2010 Global Group consists of all the servers that are managed through Mail Security console. When you configure and apply Global Group settings, the changes are propagated to all the servers in all the groups. Changes that are made at the Global Group level overwrites group settings of all individual and user-defined servers. Manual scans run on-demand and scan public folders and mailboxes. Scheduled scans run unattended usually at off-peak periods. All policies apply to manual and to scheduled scans, except antispam. You can specify which file folders and mailboxes to scan during a manual or scheduled scan. You can also specify the content filtering rules that you want to enable for the manual or scheduled scan. Mail Security provides comprehensive content filtering for messages and attachment content. It supports more than 300 attachment types. Mail Security lets you create content filtering rules that apply to SMTP inbound and outbound mails and the Exchange Information Store. Content filtering rules let you filter messages for attachment names, attachment content, specific words, phrases, subject lines, and senders or recipients. It provides pre-cooked match list and let you define your own match list. You can also set content filtering rules for attachment size.
Getting Started What's new in Mail Security 9 Table 1 Feature New and enhanced features (continued) Description Troubleshooting installation issues with common error dialog Web links are provided in the product installer that assist and guide you to troubleshoot the failures that are encountered during installation. These links provide more information about the failure or a similar failure and the resolution steps and recommendations. Performance improvements Through AntiSpam processing Mail Security version 6.5 has a provision to reduce the processing time that is required for AntiSpam processing. The Fastpass feature conserves resources by providing a temporary exemption from spam scanning for senders with a demonstrated history of sending no spam messages. Thus senders with the best local reputation are exempted from spam scanning. Mail Security automatically collects local sender reputation data to support Fastpass determinations and regularly re-evaluates the senders that are granted a pass. By turning off performance counters for logging Mail Security version 6.5 lets you configure performance counters for logging. By default, this counter is enabled. However, to improve Mail Security's scanning performance, these performance counters for logging can be turned off by adding following registry key and setting its value to 1. Registry key for 32-bit platform: HKEY_LOCAL_MACHINE\SOFTWARE\ Symantec\SMSMSE\6.5 \Server\TurnOffPerfCounters Registry key for 64-bit platform: HKEY_LOCAL_MACHINE\SOFTWARE \Wow6432Node\Symantec\SMSMSE\6.5\ Server\TurnOffPerfCounters Restart Mail Security service after setting this registry key.
10 Getting Started Components of Mail Security Note: Mail Security version 6.5 does not support Windows 2000 and Exchange Server 2000. Note: By default, Mail Security version 6.5.5 does not re-scan the items that are quarantined due to antivirus and file filtering violations, once they are released. However, if the items were quarantined due to content filtering violations, then Mail Security version 6.5.5 scans these items only for virus policies and file filtering conditions. This behavior is configurable through registry. Components of Mail Security Table 2 lists the components of Mail Security. Table 2 Component Product components Description Location on the product CD Symantec Mail Security for Microsoft Exchange This software protects your Exchange servers from threats (such as viruses and denial-of-service attacks) and security risks (such as adware and spyware). It also detects spam email messages and unwanted content. This software protects your Exchange servers from threats (such as viruses and denial-of-service attacks), security risks (such as adware and spyware). It also detects spam email messages and unwanted email attachments. \SMSMSE\Install\
Getting Started Components of Mail Security 11 Table 2 Component Product components (continued) Description Location on the product CD LiveUpdate Administration Utility Symantec Central Quarantine This utility lets you configure one or more intranet FTP, HTTP, or LAN servers to act as internal LiveUpdate servers. LiveUpdate lets Symantec products download program and definition file updates directly from Symantec or from a LiveUpdate server. For more information, see the LiveUpdate Administrator documentation on the Mail Security product CD in the following location: \DOCS\LUA\ This utility lets Mail Security forward infected messages and messages that contain certain types of violations from the local quarantine to the Central Quarantine, which acts as a central repository. For more information, see the Symantec Central Quarantine Administrator's Guide on the Mail Security product CD in the following location: \DOCS\DIS\CentQuar.pdf \ADMTOOLS\LUA\ \ADMTOOLS\DIS
12 Getting Started Before you install Table 2 Component Product components (continued) Description Location on the product CD Mail Security for Microsoft Exchange Management Pack This component lets you integrate Symantec Mail Security for Microsoft Exchange events with Microsoft Operations Manager 2005 (MOM). If you use Microsoft Exchange 2003, this component also lets you integrate Mail Security events with Microsoft System Center Operations Manager 2007 (SCOM). Pre-configured Computer Groups, Rule Groups/Rules, and Providers are automatically created when you import the management pack. These rules monitor specific Symantec Mail Security for Microsoft Exchange events in the Windows Event Log and the Windows Performance Monitor. \ADMTOOLS\Mgmt_Pack For more information, see the Symantec Mail Security for Microsoft Exchange Management Pack. Before you install Ensure that you meet all system requirements before you install Mail Security. Select the installation plan that best matches your organization's needs, and ensure that you have met the pre-installation requirements. See System requirements on page 14. See Installation options on page 17. Mail Security supports upgrades from Mail Security 4.6x and higher. If Mail Security detects an older version of the product on your computer, the installer
Getting Started Before you install 13 automatically uninstalls the prior version. The installer then continues with the installation. If you want to uninstall the previous version manually, do so before installing the current version of Mail Security. If you are installing Mail Security on an Exchange Server 2007 or Server 2010, install the product on all of the following server roles in your organization: Edge Transport servers, if available Hub Transport servers Mailbox servers You must uninstall and reinstall the product if you change the server role on which Mail Security is installed. Mail Security automatically installs custom transport agents when you install the product on Hub Transport or Edge Transport servers. The Mail Security transport agents consist of an antispam transport agent and an antivirus transport agent. By default, the Mail Security transport agents are installed with a lower priority than the Exchange transport agents. If you modify your transport agent priorities, ensure that the Mail Security transport agents remain a lower priority than the Exchange transport agents. Do the following before you install the product: If you are running Symantec Brightmail AntiSpam on the same server on which you want to install Mail Security, you must uninstall Symantec Brightmail AntiSpam before you install Mail Security. It is recommended that you not run Mail Security on the same server as Symantec Brightmail AntiSpam. If you are using the email tools feature of Symantec AntiVirus Corporate Edition, you must uninstall the feature before you install Mail Security. The email tools feature of Symantec AntiVirus is not compatible with Mail Security or Microsoft Exchange. If you are running any antivirus software that is on the server on which you want to install Mail Security, you must disable it before you install Mail Security. After installation but before you re-enable the antivirus protection, configure your other antivirus programs to exclude certain folders from scanning. Log on as a Windows domain administrator to install Mail Security components correctly. Modify your screen resolution to a minimum of 1024 x 768. Mail Security does not support a resolution less than 1024 x 768.
14 Getting Started System requirements Configure the default receive connector for the Exchange Hub Transport server to permit connections from anonymous users. Before you install Mail Security on Exchange 2010 mailbox role, you must specify a domain user account. The domain user account must fulfill the following criteria. Mail Security uses the domain user account as a service account and this account must have a mailbox. The user must be a member of Organization Management group under the Microsoft Exchange Security Groups Organizational Unit. By default, Organization Management group is a member of the local Administrators group on all the exchange servers in the organization. If not, then add the user to the local Administrators group. You may use different user account for installations of Mail Security on other Exchange 2010 mailbox servers within that domain for better performance. When the user updates the password, the same password must be provided to the Mail Security Service on all Exchange 2010 mailbox role servers. Note: While installing Mail Security on local Exchange 2010 Mailbox server, in the Logon Information screen, specify the domain user credentials in the User name and Password fields. Mail Security provides this user account Application Impersonation and Logon as service rights. Ensure that the following IIS Role Service components are installed when you install Mail Security on Windows Server 2008 for Exchange 2010 and 2007 servers. This installation is applicable for both remote installation and local installation. Application Development - ASP.NET Security - Windows Authentication Management Tools - IIS management console, IIS 6 Scripting Tools System requirements Ensure that you meet the appropriate system requirements for the type of installation that you are performing. If you do not have Internet connection on your system, then installing Mail Security may take a long time to complete. Mail Security tries to examine the certificate revocation list (CRL) to verify the code signing certificate each time that Mail Security compiles an assembly into managed code. When Mail Security
Getting Started System requirements 15 is not connected to the Internet, each CRL request may time out before the installation can continue and increases the installation time. To reduce installation time 1 Start Internet Explorer. 2 On the Tools menu, click Internet Options. 3 Click the Advanced tab, and then locate the Security section. 4 Uncheck Check for publisher s certificate revocation and then click OK. 5 After the installation is complete, check Check for publisher s certificate revocation. Note: The Check for publisher's certificate revocation option is set on a per-account basis. See Installation options on page 17. Server system requirements You must have domain administrator-level privileges to install Mail Security. The server system requirements are as follows: Operating system The operating system requirements for Microsoft Exchange 2010 are as follows: Windows Server 2008 with SP2 (64-bit) Standard or Enterprise Edition Windows Server 2008 R2 (64-bit) Standard or Enterprise Edition The operating system requirements for Microsoft Exchange 2007 are as follows: Windows Server 2008 with SP1or later (64-bit) Standard or Enterprise Edition Windows Server 2003 with SP2 (64-bit) Standard or Enterprise Edition Windows Server 2003 R2 (64-bit) Standard or Enterprise Edition The operating system requirements for Microsoft Exchange 2003 are as follows: Windows Server 2003 SP1/SP2/R2 Standard or Enterprise or Data Center Edition
16 Getting Started System requirements Exchange platform The Exchange platform requirements for Microsoft Exchange 2007/2010 are as follows: Exchange Server 2007 SP1/SP2 Exchange Server 2010 The Exchange platform requirements for Microsoft Exchange 2003 are as follows: Exchange Server 2003 SP1/SP2 Minimum system requirements Intel(TM) Pentium II 266 MHz or higher processor; recommended Intel Pentium or compatible 733MHz processor Requirement for Exchange Server 2003 only x64 architecture-based processor that supports Intel Extended Memory 64 Technology (Intel EM64T) x64 architecture-based computer with AMD 64-bit processor that supports AMD64 platform Requirement for Exchange Server 2007/Server 2010 only Only for Exchange 2007 Mailbox server role, Exchange Server MAPI client and Collaboration Data Objects 1.2.1 Requirement for mailbox role of Exchange Server 2007 only 1 GB of memory for Mail Security besides the minimum requirements for the operating system and Exchange. Approximately 4GB or more of memory is required. 500-MB disk space is required for Mail Security. This space does not include disk space required for items such as quarantined messages and attachments, reports, and log data..net Framework version 2.0 MDAC 2.8 or higher DirectX 9 or higher Microsoft Internet Information Services (IIS) Manager Requirement for Exchange Server 2007 only Only for Exchange Server 2010, Microsoft.NET Framework 3.5 and Microsoft Windows Powershell 2.0 Ensure that the components.net Framework, MDAC, and DirectX are installed before you install Mail Security. Adobe Acrobat Reader is not a requirement to install and run Mail Security. However, it is required to view the reports that are generated in.pdf format. You can download Adobe Acrobat Reader from www.adobe.com. For more information, see the Symantec Mail Security for Microsoft Exchange Implementation Guide.
Getting Started Installation options 17 Console system requirements You can install the Mail Security console on a computer on which Mail Security is not installed. The console system requirements are as follows: Table 3 Console system requirements Operating system 32-bit 64-bit Minimum system requirements Windows Server 2003 Windows Server 2003 R2 32-bit processor Requirement for Exchange Server 2003 only 512 MB RAM 162 MB available disk space Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 No This does not include the space required for items such as quarantined messages and attachments, reports, and log data..net Framework version 2.0 Ensure that.net Framework is installed before you install Mail Security. Microsoft Internet Information Services (IIS) Manager is required only to install Mail Security Console on a 64-bit operating system. Adobe Acrobat Reader is not a requirement to install and run the Mail Security Console. However, it is required to view the reports that are generated in.pdf format. You can download Adobe Acrobat Reader from www.adobe.com. Installation options Use any of the following installation procedures, depending on the type of installation that you want to perform: Local server You can install or upgrade Mail Security on a local computer that is running the Microsoft Exchange server. Remote server You can install Mail Security on remote servers through the product console. Console You can install the product console on a computer that is not running Mail Security. This lets you manage your servers from any computer that has access to your Exchange servers.
18 Getting Started Migrating to version 6.5 Silent/automated installation You can install Mail Security using automated installation tools. Microsoft cluster server You can install Mail Security in a Microsoft Cluster environment. Veritas cluster server You can install Mail Security in a Veritas cluster environment. For more information about installation procedures, see the Symantec Mail Security for Microsoft Exchange Implementation Guide. Migrating to version 6.5 Mail Security supports upgrades from Mail Security 4.6x and higher. Table 4 lists the settings that do not migrate from version 5.x to the new version. Table 4 Setting Version 5.x migration settings Description Heuristic antispam This feature is no longer supported. Enable and configure Symantec Premium AntiSpam for spam detection. Save to folder option The Save to folder option is no longer supported. If Save to folder was a disposition for a content filtering rule, the disposition is set to Log Only. The Add X-header settings associated with the Save to folder disposition has been removed. In the Symantec Premium AntiSpam settings, the Save to folder settings and the Add X-header settings associated with them have been removed. The Add X-header settings that are not associated with the Save to folder settings migrate as is. Report templates and the report database SESA Alerts Background scanning These items do not migrate. This feature is no longer supported. These settings do not migrate. Re-enable and schedule background scanning.
Getting Started Migrating to version 6.5 19 Table 4 Setting Version 5.x migration settings (continued) Description Veritas Cluster Server configurations Mail Security does not support upgrades from 5.0 on Veritas Cluster Server configurations. If you are upgrading from 4.6x, the policy settings are incorporated into the applicable policy on the new installation. Mail Security 5.x and higher does not contain a separate multiserver console. Single and multiple servers are administered from the same console. Multiserver console settings do not migrate to the new version. Custom policies, heuristic antispam settings, content filtering rules, and report templates do not migrate to the new version. Table 5 lists the migrations from version 4.6x to the new version. Table 5 Setting Auto-protect Version 4.6x migration settings Description Migrates to the new version as the standard policy. Heuristic antispam This feature is no longer supported. Enable and configure Symantec Premium AntiSpam for spam detection. Macro Virus Rule Bloodhound Virus Rule Mass-Mailer Virus Rule HeartBeat Filtering subpolicy Messenger Service Alerts AMS Alerts SESA Alerts Scheduled scans Manual scans Attachment Blocking rule Outbreak settings These settings are no longer supported. These settings are no longer supported. These settings do not migrate. This feature is no longer supported. These settings do not migrate. This feature is no longer supported. This feature is no longer supported. This feature is no longer supported. These settings do not migrate. These settings do not migrate. This rule is migrated to a new rule File Name Rule. These settings do not migrate.
20 Getting Started Where to get more information about Mail Security Table 5 Setting Version 4.6x migration settings (continued) Description Content Dictionary Generated reports This feature is no longer supported. Reports cannot be viewed through the console. Reports that you generated in version 4.6x are copied to the following directory: <Installation directory>\server\reports\4.6 You can view a report by opening it from this directory. Report templates and the report database Background scanning These features and documents do not migrate. These settings do not migrate. Re-enable and schedule background scanning. Where to get more information about Mail Security Mail Security includes a comprehensive help system that contains conceptual, procedural, and context-sensitive information. Press F1 to access information about the page on which you are working. If you want more information about features that are associated with the page, select a More Information link in the Help page, or use the Table of Contents, Index, or Search tabs in the Help viewer to locate a topic. The Symantec Mail Security for Microsoft Exchange Implementation Guide provides information about using this product and is found on the product CD in the following location: \DOCS\SMSMSE\ You can visit the Symantec Web site for more information about your product; the following online resources are available: Provides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions www.symantec.com/techsupp/ent/enterprise.html Provides information about registration, frequently asked questions, how to respond to error messages, and how to contact Symantec License Administration www.symantec.com /licensing/els/help/en/help.html Provides product news and updates
Getting Started Where to get more information about Mail Security 21 www.symantec.com/enterprise/index.jsp Provides access to the Threat Explorer, which contains information about all known threats www.symantec.com/enterprise/security_response/threatexplorer/azlisting.jsp
22 Getting Started Where to get more information about Mail Security