sms imp guide

Symantec Mail Security for Microsoft Exchange Implementation Guide

Symantec Mail Security for Microsoft Exchange Implementation Guide

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Documentation version 5.0.3

Legal Notice

Copyright 2006 Symantec Corporation.

All rights reserved.

Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions.

Symantec, the Symantec Logo, and Symantec AntiVirus Corporate Edition are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.Windows is a trademark of Microsoft Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THIS DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID, SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be "commercial computer software" and "commercial computer software documentation" as defined in FAR Sections 12.212 and DFARS Section 227.7202.

Symantec Corporation20330 Stevens Creek Blvd.Cupertino, CA 95014 USA

www.symantec.com

3Technical Support

Symantec Technical Support maintains support centers globally. Technical Supports primary role is to respond to specific queries about product feature and function, installation, and configuration. The Technical Support group also authors content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantecs maintenance offerings include the following:

A range of support options that give you the flexibility to select the right amount of service for any size organization

Telephone and Web-based support that provides rapid response and up-to-the-minute information

Upgrade insurance that delivers automatic software upgrade protection

Global support that is available 24 hours a day, 7 days a week worldwide. Support is provided in a variety of languages for those customers that are enrolled in the Platinum Support program

Advanced features, including Technical Account Management

For information about Symantecs Maintenance Programs, you can visit our Web site at the following URL:

http://www.symantec.com/techsupp/enterprise/

Select your country or language under Global Support. The specific features that are available may vary based on the level of maintenance that was purchased and the specific product that you use.

Contacting Technical SupportCustomers with a current maintenance agreement may access Technical Support information at the following URL:


Select your region or language under Global Support.

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to

recreate the problem.

4When you contact Technical Support, please have the following information available:

Product release level

Hardware information

Available memory, disk space, NIC information

Operating system

Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access our technical support Web page at the following URL:


Select your region or language under Global Support, and then select the Licensing and Registration page.

Customer serviceCustomer service information is available at the following URL:


Select your country or language under Global Support.

Customer Service is available to assist with the following types of issues:

Questions regarding product licensing or serialization

Product registration updates such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade insurance and maintenance contracts

Information about Symantec Value License Program Advice about Symantec's technical support options

5 Nontechnical presales questions

Issues that are related to CD-ROMs or manuals

Maintenance agreement resourcesIf you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows:

Asia-Pacific and Japan: [email protected]

Europe, Middle-East, and Africa: [email protected]

North America and Latin America: [email protected]

Additional enterprise servicesSymantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Additional services that are available include the following:

To access more information about Enterprise Services, please visit our Web site at the following URL:

www.symantec.com

Symantec Early Warning Solutions

These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur.

Managed Security Services

These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats.

Consulting services Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources.

Educational Services These services provide a full array of technical training, security education, security certification, and awareness communication programs.Select your country or language from the site index.

purposes, or copy the Software onto the hard disk of your computer and retain the original for archival purposes;

Software to you. Your sole remedy in the event of a breach of this warranty will be that Symantec will, at its option, replace any defective media returned to Symantec within the warranty period or refund the Symantec Software License AgreementSymantec Mail Security for Microsoft ExchangeSYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES (SYMANTEC) IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE (REFERENCED BELOW AS YOU OR YOUR) ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT. READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE. THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND THE LICENSOR. BY OPENING THIS PACKAGE, BREAKING THE SEAL, CLICKING ON THE AGREE OR YES BUTTON OR OTHERWISE INDICATING ASSENT ELECTRONICALLY, OR LOADING THE SOFTWARE, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, CLICK ON THE I DO NOT AGREE, NO BUTTON, OR OTHERWISE INDICATE REFUSAL AND MAKE NO FURTHER USE OF THE SOFTWARE.

1. License:The software which accompanies this license (collectively the Software) is the property of Symantec or its licensors and is protected by copyright law. While Symantec continues to own the Software, you will have certain rights to use the Software after your acceptance of this license. This license governs any releases, revisions, or enhancements to the Software that the Licensor may furnish to you. Except as may be modified by a Symantec license certificate, license coupon, or license key (each a License Module) which accompanies, precedes, or follows this license, your rights and obligations with respect to the use of this Software are as follows:

You may:A. use that number of copies of the Software as have been licensed to you by Symantec under a License Module, provided that if the Software is part of a suite of Symantec software licensed to you, the number of copies you may use of all titles of the software in the suite, including the Software, may not exceed the total number of copies so indicated in the License Module in the aggregate, as calculated by any combination of licensed suite products. Your License Module shall constitute proof of your right to make such copies. If no License Module accompanies, precedes, or follows this license, you may make one copy of the Software you are authorized to use on a single computer. B. make one copy of the Software for archival

C. use the Software on a network, provided that you have a licensed copy of the Software for each computer that can access the Software over that network; andD. after written notice to Symantec, transfer the Software on a permanent basis to another person or entity, provided that you retain no copies of the Software and the transferee agrees to the terms of this license.

You may not:A. copy the printed documentation which accompanies the Software; B. sublicense, rent or lease any portion of the Software; reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of the Software, or create derivative works from the Software; C. use a previous version or copy of the Software after you have received a disk replacement set or an upgraded version. Upon upgrading the Software, all copies of the prior version must be destroyed; D. use a later version of the Software than is provided herewith unless you have purchased upgrade insurance or have otherwise separately acquired the right to use such later version;E. use, if you received the software distributed on media containing multiple Symantec products, any Symantec software on the media for which you have not received a permission in a License Module; or F. use the Software in any manner not authorized by this license.

2. Content Updates:Certain Symantec software products utilize content that is updated from time to time (antivirus products utilize updated virus definitions; content filtering products utilize updated URL lists; firewall products utilize updated firewall rules; vulnerability assessment products utilize updated vulnerability data, etc.; collectively, these are referred to as Content Updates). You may obtain Content Updates for any period for which you have purchased upgrade insurance for the product, entered into a maintenance agreement that includes Content Updates, or otherwise separately acquired the right to obtain Content Updates. This license does not otherwise permit you to obtain and use Content Updates.

3. Limited Warranty:Symantec warrants that the media on which the Software is distributed will be free from defects for a period of sixty (60) days from the date of delivery of the

money you paid for the Software. Symantec does not warrant that the Software will meet your requirements or that operation of the Software will be uninterrupted or that the Software will be error-free.THE ABOVE WARRANTY IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHER RIGHTS, WHICH VARY FROM STATE TO STATE.

4. Disclaimer of Damages:REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC BE LIABLE TO YOU FOR ANY SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING ANY LOST PROFITS OR LOST DATA ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE EVEN IF SYMANTEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. IN NO CASE SHALL SYMANTEC'S LIABILITY EXCEED THE PURCHASE PRICE FOR THE SOFTWARE. The disclaimers and limitations set forth above will apply regardless of whether you accept the Software.

5. U.S. Government Restricted Rights:RESTRICTED RIGHTS LEGEND. All Symantec products and documentation are commercial in nature. The software and software documentation are Commercial Items, as that term is defined in 48 C.F.R. section 2.101, consisting of Commercial Computer Software and Commercial Computer Software Documentation, as such terms are defined in 48 C.F.R. section 252.227-7014(a)(5) and 48 C.F.R. section 252.227-7014(a)(1), and used in 48 C.F.R. section 12.212 and 48 C.F.R. section 227.7202, as applicable. Consistent with 48 C.F.R. section 12.212, 48 C.F.R. section 252.227-7015, 48 C.F.R. section 227.7202 through 227.7202-4, 48 C.F.R. section 52.227-14, and other relevant sections of the Code of Federal Regulations, as applicable, Symantec's computer software and computer software documentation are licensed to United States Government end users with only those rights as granted to all other end users, according to the terms and conditions contained in this license agreement. Manufacturer is Symantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA

6. General:This Agreement will be governed by the laws of the State of California. This Agreement may only be modified by a License Module which accompanies this license or by a written document which has been signed by both you and Symantec. Should you have any questions concerning this Agreement, or if you desire to contact Symantec for any reason, please write: Symantec Customer Service, 555 International Way, Springfield. OR 97477. 95014.

System requirements ..........................................................................................33Server system requirements ......................................................................33Console only system requirements ...........................................................34

About installing Symantec Mail Security ........................................................34Installing Symantec Mail Security on a local server ..............................35

ers ...............40......................43luster .........45About installing Symantec Mail Security on remote servInstalling the Symantec Mail Security console only ........About installing Symantec Mail Security in a Microsoft CContents

Technical Support

Chapter 1 Introducing Symantec Mail Security for Microsoft ExchangeAbout Symantec Mail Security for Microsoft Exchange ................................15Whats new in Symantec Mail Security ............................................................16Components of Symantec Mail Security ..........................................................18How Symantec Mail Security works .................................................................20What you can do with Symantec Mail Security ..............................................20

Manage your Exchange environment using policies ..............................21Scan your Exchange server for risks and violations ..............................22Protect against threats ................................................................................22Keep your protection up-to-date ...............................................................22Identify spam email .....................................................................................23Filter undesirable message content ..........................................................24Save messages to a folder for archiving ...................................................24Manage outbreaks ........................................................................................25Quarantine infected message bodies and attachments .........................25Monitor Symantec Mail Security events ..................................................26Generate reports ..........................................................................................26Send notifications when a threat or violation is detected .....................27Manage single and multiple Exchange servers .......................................27

Where to get more information about Symantec Mail Security ..................27

Chapter 2 Installing Symantec Mail Security for Microsoft ExchangeBefore you install .................................................................................................29

Software component locations ..................................................................30About security and access permissions ....................................................32

10 Contents

Post-installation tasks ........................................................................................ 50About setting up impersonation privileges on the IWAM account ..... 51Restarting the IIS ......................................................................................... 51Implementing SSL communications ......................................................... 51Accessing the Symantec Mail Security console ...................................... 52About using Symantec Mail Security with other antivirus

products ................................................................................................. 57Setting scanning threads and number of scan processes ..................... 58

Migrating to version 5.0.3 .................................................................................. 59Uninstalling Symantec Mail Security .............................................................. 60

Chapter 3 Activating licensesAbout licensing .................................................................................................... 63How to activate a license .................................................................................... 64

If you do not have a serial number ............................................................ 65Obtaining a license file ............................................................................... 65About the Symantec Premium AntiSpam license file ............................ 67Installing license files ................................................................................. 68Checking the license status of a server .................................................... 69

If you want to renew a license ........................................................................... 69

Chapter 4 Managing your Exchange serversAbout managing your Exchange servers ......................................................... 71Deploying settings to a server or group ........................................................... 72How to manage servers and server groups ...................................................... 74

Modifying or viewing server or server group settings .......................... 74Viewing the status of a server ................................................................... 75Creating a server group .............................................................................. 76Adding servers to a group .......................................................................... 77Moving a server to another group ............................................................. 78Synchronizing group settings to a server ................................................ 80Restoring default settings to a server or group ...................................... 80Removing a server from group management .......................................... 81Removing a server group ............................................................................ 81Importing and exporting settings ............................................................. 82Modifying the port and communication properties of a server ........... 83

Chapter 5 Quarantining messages and attachmentsAbout the quarantine .......................................................................................... 85Forwarding quarantined items to the Quarantine Server ............................ 86

Establishing local quarantine thresholds ........................................................ 87Viewing the contents of the local quarantine ................................................. 88

11Contents

Release messages from the quarantine ............................................................90Releasing messages from the quarantine by email ................................90Releasing messages from the quarantine to a file ..................................92

Deleting an item from the quarantine ..............................................................93

Chapter 6 Protecting your server from risksAbout protecting your server from risks .........................................................95

How Symantec Mail Security detects risks ..............................................97Configuring threat detection .............................................................................98Configuring security risk detection ................................................................100Configuring file scanning limits ......................................................................102Configuring rules to address unscannable container files ..........................104

Chapter 7 Identifying spamAbout spam detection .......................................................................................107

How Symantec Mail Security detects and processes spam .................109About spam confidence level (SCL) values .............................................110

Blocking spam using real-time blacklists ......................................................112Configuring whitelists .......................................................................................113How to detect spam using Symantec Premium AntiSpam ..........................114

How the Symantec Premium AntiSpam service works ........................115About spam foldering ................................................................................117About registering Symantec Premium AntiSpam through an

ISA server ............................................................................................117Configuring your proxy server to download spam definition

updates .................................................................................................118About the Symantec Spam Folder Agent for Exchange .......................119About the Symantec Spam Plug-in for Outlook ....................................124Configuring Symantec Premium AntiSpam to identify spam ............130What you can do with spam and suspected spam messages ...............132

Configuring heuristic antispam protection ...................................................141

Chapter 8 Filtering content using content filtering rulesAbout filtering content .....................................................................................145

About default content filtering rules ......................................................147About content evaluation .........................................................................147Elements of a content filtering rule ........................................................149

Working with match lists .................................................................................154

12 Contents

Working with content filtering rules .............................................................157Specifying inbound SMTP domains ........................................................157Enabling or disabling content filtering for auto-protect scanning ...158Creating a new rule ....................................................................................159Editing an existing rule .............................................................................159About configuring a content filtering rule ............................................160Prioritizing content filtering rules .........................................................168Deleting a content filtering rule ..............................................................169Refreshing the Active Directory groups cache .....................................169

How to enforce email attachment policies ....................................................170Blocking attachments by file name .........................................................170Configuring multimedia file detection ...................................................172Configuring executable file detection ....................................................175

Chapter 9 Scanning your Exchange servers for threats and violationsAbout the scanning process .............................................................................178Configuring auto-protect scanning ................................................................179About manual scans ..........................................................................................180

Configuring the manual scan parameters .............................................180Running a manual scan ............................................................................182Viewing manual scan results ...................................................................183

About scheduling a scan ...................................................................................183Creating a scheduled scan ........................................................................183Editing a scheduled scan ..........................................................................184Configuring scheduled scan options .......................................................184Enabling a scheduled scan ........................................................................187Deleting a scheduled scan ........................................................................187

Configuring notification settings for scan violations ..................................188

Chapter 10 Managing outbreaksAbout outbreak management ..........................................................................189

What defines an outbreak ........................................................................190About outbreak triggers ...........................................................................191

Enabling outbreak management .....................................................................192Configuring outbreak triggers .........................................................................193Configuring outbreak notifications ................................................................194Clearing outbreak notifications .......................................................................195

13Contents

Chapter 11 Logging events and generating reportsAbout logging events .........................................................................................197

Viewing the Symantec Mail Security Event log ....................................198Specifying the duration for storing data in the Reports database .....200Purging the Reports database ..................................................................201

About report templates .....................................................................................201About report output formats ....................................................................202Creating or modifying a Summary report template .............................203Creating or modifying a Detailed report template ...............................208Deleting a report template .......................................................................211

What you can do with reports ..........................................................................211Generating a report on demand ...............................................................211Accessing a report ......................................................................................212Printing a report ........................................................................................214Saving report data .....................................................................................214Deleting a report ........................................................................................215Resetting statistics ....................................................................................216

Chapter 12 Updating your protectionAbout keeping your server protected .............................................................217

Configuring a proxy server to permit LiveUpdate definitions ...........218About setting up your own LiveUpdate server ......................................220

How to update definitions ................................................................................220Updating definitions on demand .............................................................220Scheduling definition updates .................................................................221

Distributing definitions to multiple servers ..................................................222

Appendix A Using variables to customize alerts and notificationsAbout alert and notification variables ............................................................225

Appendix B Integrating Symantec Mail Security with SESAAbout SESA .........................................................................................................227Interpreting Symantec Mail Security events in SESA .................................229Configuring logging to SESA ............................................................................230

Configuring SESA 2.1 to recognize Symantec Mail Security ..............231Configuring SESA 2.5 to recognize Symantec Mail Security ..............232Installing the local SESA Agent ...............................................................235Updating the Windows hosts file to log events to SESA 2.5 ...............235Configuring Symantec Mail Security to log events to SESA ...............236

14 Contents

About uninstalling SESA ..................................................................................236About uninstalling the SIP .......................................................................236About uninstalling the SESA Agent ........................................................237

Index

and scalable solution that scans email messages that pass through the Microsoft Exchange server.

Symantec Mail Security protects your Exchange server from the following:

Threats (such as viruses, Trojan horses, worms, and denial-of-service attacks) Security risks (such as adware and spyware) Chapter 1

Introducing Symantec Mail Security for Microsoft Exchange

This chapter includes the following topics:

About Symantec Mail Security for Microsoft Exchange

Whats new in Symantec Mail Security

Components of Symantec Mail Security

How Symantec Mail Security works

What you can do with Symantec Mail Security

Where to get more information about Symantec Mail Security

About Symantec Mail Security for Microsoft Exchange

Symantec Mail Security for Microsoft Exchange is a complete, customizable,

16 Introducing Symantec Mail Security for Microsoft ExchangeWhats new in Symantec Mail Security

Unwanted content

Unsolicited email messages (spam)

Symantec Mail Security also lets you manage the protection of one or multiple Exchange servers from a single console.

See What you can do with Symantec Mail Security on page 20.

The Exchange environment is only one avenue by which a threat can penetrate a network. For complete protection, ensure that every computer and workstation is protected by an antivirus solution.

See About using Symantec Mail Security with other antivirus products on page 57.

Whats new in Symantec Mail SecurityTable 1-1 lists the new and enhanced features in Symantec Mail Security 5.0.3 for Microsoft Exchange.

Table 1-1 New and enhanced features

Feature Description

Protection from mail-based security risks

Symantec Mail Security protects your mail environment from security risks, such as spyware and adware.

See Configuring security risk detection on page 100.

Redesigned console You can manage a single mail server or a group of servers from the same console. The new console lets you view summary information about the activities on an individual mail server or a group of servers.

See Accessing the Symantec Mail Security console on page 52.

Improved support for cluster environments

Symantec Mail Security is Microsoft cluster-aware. In a clustering environment, multiple nodes on the network operate like a single system to ensure high availability.

Symantec Mail Security is installed as a cluster resource on an active/passive cluster. It is designed to interact with and detect the nodes that are within the cluster environment.

See About installing Symantec Mail Security in a Microsoft Cluster on page 45.

Automatic server discovery

Symantec Mail Security can automatically detect the Exchange servers that are within your organization using Active Directory.

17Introducing Symantec Mail Security for Microsoft ExchangeWhats new in Symantec Mail Security

User-based and group-based policies

You can select the users or groups for which a content filtering policy applies.

You can configure the rule to apply to all Active Directory groups or to only the users or Active Directory groups that you select. You can also specify users or groups who are exceptions to the rule.

See About configuring a content filtering rule on page 160.

File attachment content scanning

You can scan for content violations within file attachments.

Symantec Mail Security supports over 300 file attachment types and common file types, such as Microsoft Office documents, Adobe Acrobat PDF files, text files, RTF files, and database files.


Multimedia and executable file detection based on true file type

Symantec Mail Security can detect multimedia and executable files based on an analysis of their true file type instead of relying on their file extensions.

See Configuring multimedia file detection on page 172.

See Configuring executable file detection on page 175.

Summary and Detailed reports

You can generate a report that contains statistics about the scanning activities that occurred on one or more mail servers. You can configure Symantec Mail Security to send the report to the email addresses that you specify.

See What you can do with reports on page 211.

Automatically save messages to a folder

You can save messages that are identified as spam or suspected spam, or messages that trigger content filtering violations, to a specified folder. This lets you use an archiving program to automatically archive messages in the folder.

See Save messages to a folder for archiving on page 24.

Table 1-1 New and enhanced features (Continued)

Feature Description

18 Introducing Symantec Mail Security for Microsoft ExchangeComponents of Symantec Mail Security

Components of Symantec Mail SecurityTable 1-2 lists the components of Symantec Mail Security.

Table 1-2 Product components

Component Description Location on the product CD

Symantec Mail Security for Microsoft Exchange

This is the software that you install to protect your Exchange servers. It protects your servers from threats (such as viruses and denial-of-service attacks), security risks (such as adware and spyware). It also detects spam email messages and unwanted content.

\SMSMSE\Install\

LiveUpdate Administration Utility

This is the utility that lets you configure one or more intranet FTP, HTTP, or LAN servers to act as internal LiveUpdate servers. LiveUpdate lets Symantec products download program and definition file updates directly from Symantec or from a LiveUpdate server.

For more information, see the LiveUpdate Administrators Guide on the Symantec Mail Security product CD in the following location:

\DOCS\LUA\Luadmin.pdf

\ADMTOOLS\LUA\

Symantec Spam Folder Agent for Exchange

This is the program that lets you install a spam foldering agent. The foldering agent works with the Symantec Premium AntiSpam service. It lets you automatically route spam and suspected spam messages to a spam folder in each users inbox.

The Symantec Spam Folder Agent is recommended for Exchange 2000 servers only.

\ADMTOOLS\SPA\BSFA\

19Introducing Symantec Mail Security for Microsoft ExchangeComponents of Symantec Mail Security

Outlook Plug-in This is the software that lets you submit missed spam and false positives to Symantec. It also lets users administer allowed senders and blocked senders lists and block email messages based on language identification.

The Outlook Plug-in is used with the Symantec Premium AntiSpam service.

The Outlook Plug-in can be used on Exchange 2000 and Exchange 2003 servers.

\ADMTOOLS\SPA\BMOP\

Symantec Enterprise Security Administration (SESA) Integration Package (SIP)

This is the software configuration package that you must install on each computer that runs a SESA Manager. The SIP extends SESA functionality to include Symantec Mail Security event data.

\ADMTOOLS\SIPI\

Adobe Acrobat Reader 6.0

This is the software that makes it possible to read electronic documentation in Portable Document Format (PDF).

\DOCS\ar60enu.exe

Symantec Central Quarantine

Symantec Mail Security can forward infected messages and messages that contain violations from the local quarantine to the Central Quarantine, which acts as a central repository.

For more information, see the Symantec Central Quarantine Administrators Guide on the Symantec Mail Security product CD in the following location:

\DOCS\DIS\CentQuar.pdf

\ADMTOOLS\DIS

Table 1-2 Product components (Continued)

Component Description Location on the product CD

20 Introducing Symantec Mail Security for Microsoft ExchangeHow Symantec Mail Security works

How Symantec Mail Security worksIn a typical configuration, Symantec Mail Security scans items (message headers, bodies, and attachments) that are sent to Exchange servers by SMTP or directly to the store (mailboxes and public folders) by MAPI.

Symantec Mail Security can scan messages and their attachments to detect the following:

Risks

Such as viruses, worms, Trojan horses, adware, and spyware

See About protecting your server from risks on page 95.

Spam

See About spam detection on page 107.

Content filtering rule violations

See About filtering content on page 145.

See About the scanning process on page 178.

When spam, a risk, or a content filtering rule violation is detected, Symantec Mail Security takes the actions that you specify in the respective polices.

See Manage your Exchange environment using policies on page 21.

Symantec Mail Security contains a decomposer that extracts container files so that they can be scanned for risks and content filtering violations. The decomposer continues to extract container files until it reaches the base file. When a container file reaches a set limit, the scanning process stops, the violation is logged to the specified logging destinations, and the file is handled according to Unscannable File Rule.

See Configuring rules to address unscannable container files on page 104.

What you can do with Symantec Mail SecurityYou can use Symantec Mail Security to do the following:

Manage your Exchange environment using policies

Scan your Exchange server for risks and violations

Protect against threats

Keep your protection up-to-date

Identify spam email Filter undesirable message content

Save messages to a folder for archiving

21Introducing Symantec Mail Security for Microsoft ExchangeWhat you can do with Symantec Mail Security

Manage outbreaks

Quarantine infected message bodies and attachments

Monitor Symantec Mail Security events

Generate reports

Send notifications when a threat or violation is detected

Manage single and multiple Exchange servers

Manage your Exchange environment using policiesSymantec Mail Security scans email messages and their attachments for violations to polices. A policy is a set of rules designed to detect potential risks to your Microsoft Exchange mail system or content policy violations.

Symantec Mail Security contains the following policies:

General Contains rules controlling scanning limits, exceptions, and outbreak management

Antivirus Contains rules for detecting threats in messages and attachments with viruses, virus-like characteristics, or security risks, such as adware or spyware

Antispam Contains rules for the following:

Allowed senders

Recipients whose email messages are not scanned for spam

Real-time blacklist domains

Also lets you enable and configure the heuristic antispam engine or the Symantec Premium AntiSpam service

Content Enforcement

Contains rules for filtering inappropriate content in message bodies and attachments

22 Introducing Symantec Mail Security for Microsoft ExchangeWhat you can do with Symantec Mail Security

Scan your Exchange server for risks and violationsYou can keep your server protected by performing any of the following types of scans:

See About the scanning process on page 178.

Protect against threatsSymantec engineers track reported outbreaks of threats (such as viruses, Trojan horses, and worms) to identify new risks. After a threat is identified, information about the threat (a signature) is stored in a definition file. This file contains information to detect and eliminate the threat. When Symantec Mail Security scans for threats, it searches for these signatures.

Symantec Mail Security also uses Symantec Bloodhound heuristics technology to scan for threats for which no known definitions exist. Bloodhound heuristics technology scans for unusual behaviors, such as self-replication, to target potentially infected message bodies and attachments.

See Configuring threat detection on page 98.

Keep your protection up-to-dateSymantec Mail Security relies on up-to-date information to detect and eliminate risks. One of the most common reasons computers are vulnerable to attacks is that definition files are out-of-date. Symantec regularly supplies updated definition files.

Using LiveUpdate, Symantec Mail Security connects to a Symantec server over the Internet and automatically determines if definitions need to be updated. If they do, the definition files are downloaded to the proper location and installed. If you need a quicker response for emerging threats, you can use Rapid Release to get the most current definitions that are available.

Auto-protect scanning

Auto-protect scanning detects risks, spam, and content filtering rule violations in real-time as email messages are routed through the Exchange server to the information store.

Manual scans Manual scans are on-demand scans of local mailbox and public folder items.

Scheduled scans These are scans that run according to the schedule that you specify.


If your organization has both front-end and back-end Exchange servers, you might want to consider using Rapid Release definitions on the front-end for the fastest response to new threats and certified Live Update definitions on the back-end mailbox servers.

See About keeping your server protected on page 217.


Note: To update definitions, you must have a valid content license.

See About licensing on page 63.

Identify spam emailSpam is unsolicited bulk email, most often advertising messages for a product or service. It wastes productivity, time, and network bandwidth.

You can use one of the following features to identify spam:

You can enhance heuristic or premium antispam detection by specifying domains that are allowed to bypass antispam scanning or that are automatically blocked. You can also specify email addresses to which inbound emails are permitted to bypass real-time blacklist blocking and antispam scanning.

See Blocking spam using real-time blacklists on page 112.

Symantec Premium AntiSpam

Symantec Premium AntiSpam is a subscription service that provides enhanced spam detection. Continuous updates to the premium antispam filters ensure that your Exchange server has the most current spam detection filters that are available. You must have a valid Symantec Premium AntiSpam license to enable Symantec Premium AntiSpam.

See How to detect spam using Symantec Premium AntiSpam on page 114.

See About the Symantec Premium AntiSpam license file on page 67.

Heuristic antispam The heuristic antispam feature uses a pattern-matching, heuristics engine to compare the contents of email messages to a list of spam characteristics. You can select the antispam engine sensitivity level.

See Configuring heuristic antispam protection on page 141.See Configuring whitelists on page 113.


Filter undesirable message contentSymantec Mail Security lets you filter undesirable content using the following features:

Save messages to a folder for archivingYou can configure Symantec Mail Security to automatically save email messages that trigger violations (such as spam and content filtering violations) to a folder location that you specify. This lets you configure your mail archiving solution to archive the messages in this folder. Maintaining archives of files can help your organization comply with regulatory requirements, such as the Sarbanes-Oxley Act of 2002 (SOX).

See Configuring heuristic antispam protection on page 141.

See Processing spam messages on page 133.


Match lists To filter content that applies to a specific situation, you can create a match list that includes words and phrases that are standard for or particular to your company or industry and for which you want to filter content.

After you create a match list, you can define a content filtering rule that uses the match list. A content filtering rule can refer to one or more match list. Match lists can consist of literal strings, regular expressions, or DOS wildcard expressions.

See Working with match lists on page 154.

Content filtering rules

You can create content filtering rules that apply to SMTP inbound and SMTP outbound mail and the Exchange information store. Content filtering rules let you filter messages for attachments names, attachment content, specific words, phrases, subject lines, and senders. Symantec Mail Security takes the action that you specify in the rule when it detects a violation.

Symantec Mail Security also provides File Filtering Rules. File Filtering Rules let you filter email messages based on attached files names or file types, such as multimedia or executable files.

See Working with content filtering rules on page 157.


If you specify an absolute path (with ':'; for example, C:\Program Files\Archive), Symantec Mail Security creates the folder, if one does not already exist. If you specify a relative path (without ':'; for example, Archive), Symantec Mail Security creates a subfolder underneath the SavedMessages folder in the server installation directory, if one does not already exist.

The mail foldering option is only available for inbound and outbound SMTP traffic.

Manage outbreaksAn outbreak occurs when the number of threats to the Microsoft Exchange system that are detected over a period of time exceeds a specified limit.

Symantec Mail Security lets you manage outbreaks quickly and effectively by setting outbreak rules and sending notifications when an outbreak is detected. You can also select an action to take when an outbreak is detected, such as deleting the entire message, deleting the attachment or message body, quarantining the attachment or message body, or logging the event.

You can set rules to define an outbreak based on event. For example, the same threat occurs a specified number of times within a specified time period. You can also configure Symantec Mail Security to send notifications and alerts in the case of an outbreak.

See About outbreak management on page 189.

Quarantine infected message bodies and attachmentsSymantec Mail Security for Microsoft Exchange includes a local quarantine that can store infected message bodies and attachments that are detected during scans. You can configure Symantec Mail Security to quarantine threats, security risks, content filtering violations, and file filtering violations in the local quarantine.

Quarantined items that contain threats can be forwarded to the Symantec Central Quarantine, if it is installed. The Symantec Central Quarantine program is available on the Symantec Mail Security product CD.

See About the quarantine on page 85.


Monitor Symantec Mail Security eventsSymantec Mail Security logs events to the Windows Application Event Log. You can view events that are logged to the Windows Application Event Log from the console.

See Viewing the Symantec Mail Security Event log on page 198.

Symantec Mail Security logs extensive report data on threats, security risks, content violations, spam, and server information to a reports database. You can use this data to generate summary or detailed reports based on different subsets of the data.

See About logging events on page 197.

You can also configure Symantec Mail Security to post events to Symantec Enterprise Security Architecture (SESA). SESA is an event management system that compiles data for events that Symantec and supported third-party products generate.

Symantec Mail Security sends a subset of security and application events to SESA. The events that Symantec Mail Security generates include failed definition updates, threat detections, unscannable files, and spam events.

See Configuring Symantec Mail Security to log events to SESA on page 236.

Generate reportsSymantec Mail Security collects and saves scan data on your Exchange servers. You can create reports from the data, which gives you a history of risk detection activity and rule violations.

Report templates let you define a subset of the raw report data that is collected by Symantec Mail Security for a single server. Report templates can include different categories or combinations of security-related statistics.

You can create different report templates to describe different subsets of the raw report data. Once you create a report template, you use it to generate reports.

Symantec Mail Security provides two pre-configured report templates that you can modify. You can also create your own report templates. When you create or modify a report template, Symantec Mail Security provides a wizard to guide you through the configuration process.

27Introducing Symantec Mail Security for Microsoft ExchangeWhere to get more information about Symantec Mail Security

The types of report templates that you can create are as follows:

Summary

See Creating or modifying a Summary report template on page 203.

Detailed

See Creating or modifying a Detailed report template on page 208.

Send notifications when a threat or violation is detectedSymantec Mail Security provides several options for notifying administrators and email recipients of risks and violations.

You define the conditions in which to send an alert. You can also customize the alert message text for each alert condition that you define.

See Configuring notification settings for scan violations on page 188.

Manage single and multiple Exchange serversSymantec Mail Security can protect one or more Exchange servers. If your organization has multiple Exchange servers, you can manage all of the servers from the same console that you use to manage a single server. By switching between server view and group view, you can manage the configuration settings for individual servers, a logical grouping of servers (such as all front-end servers), or all servers in a specific location.

See About managing your Exchange servers on page 71.

Where to get more information about Symantec Mail Security

Symantec Mail Security includes a comprehensive help system that contains conceptual, procedural, and context-sensitive information.

Press F1 to access information about the page in which you are working. If you want more information about features that are associated with the page, select a More Information link in the Help page, or use the Table of Contents, Index, or Search tabs in the Help viewer to locate a topic.

The About folder in the Help page provides information about the feature or topic. If there are procedures that are associated with a feature or topic, a How to folder for the Help topic is enabled. Click that folder to display the procedures.

28 Introducing Symantec Mail Security for Microsoft ExchangeWhere to get more information about Symantec Mail Security

You can visit the Symantec Web site for more information about your product. The following online resources are available:

Provides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions

www.symantec.com/techsupp/ent/enterprise.html

Provides information about registration, frequently asked questions, how to respond to error messages, and how to contact Symantec License Administration

www.symantec.com/licensing/els/help/en/help.html

Provides product news and updates www.enterprisesecurity.symantec.com

Provides access to the Virus Encyclopedia, which contains information about all known threats; information about hoaxes; and access to white papers about threats

www.securityresponse.symantec.com

See System requirements on page 33.

Symantec Mail Security supports upgrades from Symantec Mail Security 4.x. If you are upgrading from a prior version, you should review the migration information. See Migrating to version 5.0.3 on page 59.Chapter 2

Installing Symantec Mail Security for Microsoft Exchange

This chapter includes the following topics:

Before you install

System requirements

About installing Symantec Mail Security

Post-installation tasks

Migrating to version 5.0.3

Uninstalling Symantec Mail Security

Before you installBefore you install Symantec Mail Security, ensure that all pre-installation and system requirements are met. You also should ensure that you have an installation plan that best matches your organizations needs.

30 Installing Symantec Mail Security for Microsoft ExchangeBefore you install

Before you install the product, you should do the following:

If you are running Symantec Brightmail AntiSpam on the same server on which you want to install Symantec Mail Security, you must uninstall Symantec Brightmail AntiSpam before you install Symantec Mail Security.

The email tools feature of Symantec AntiVirus Corporate Edition is not compatible with Microsoft Exchange or Symantec Mail Security for Microsoft Exchange. You must uninstall the feature before you install Symantec Mail Security.

You must disable any antivirus software that is on the server in which you want to install Symantec Mail Security. After installation, you should re-enable the antivirus protection.


To install Symantec Mail Security components correctly, log on as a Windows domain administrator.

See Software component locations on page 30.

For optimal visibility, modify your screen resolution to 1024 x 768.

Software component locationsTable 2-1 lists the default locations in which Symantec Mail Security installs software components.

Table 2-1 Software component locations

Component Location

Symantec Mail Security program files

C:\Program Files\Symantec\SMSMSE\5.0\Server

Quarantined items in encrypted format

Note: You should configure all antivirus file system scanners to exclude the quarantine directory from scanning. The system scanners might try to scan and delete Symantec Mail Security files that are placed in the quarantine directory.

C:\Program Files\Symantec\SMSMSE\5.0\Server\Quarantine

Reporting data C:\Program Files\Symantec\SMSMSE\5.0\Server

\Reports

31Installing Symantec Mail Security for Microsoft ExchangeBefore you install

Data files for reports that are generated

C:\Program Files\Symantec\SMSMSE\5.0\Server\Reports\

File type can be .csv, .html, xml, or image file

Report templates C:\Program Files\Symantec\SMSMSE\5.0\Server\Reports\Templates

Match list files C:\Program Files\Symantec\SMSMSE\5.0\Server\MatchLists

Heuristic antispam configuration files, allowed senders files, and Symantec Premium AntiSpam configuration files

C:\Program Files\Symantec\SMSMSE\5.0\Server\SpamPrevention

Location where Symantec Mail Security scans items

Note: You should configure all antivirus products that scan files to exclude the Temp directory from scanning. The system scanners might try to scan and delete Symantec Mail Security files that are placed in the Temp directory during the scanning process.

C:\Program Files\Symantec\SMSMSE\5.0\Server\Temp

Dynamic-link libraries for Symantec Premium AntiSpam

C:\Program Files\Symantec\SMSMSE\5.0\Server\bin

Manual scan configuration data

C:\Program Files\Symantec\SMSMSE\5.0\Server\Config

Configuration files for allowed and blocked senders for Symantec Premium AntiSpam

C:\Program Files\Symantec\SMSMSE\5.0\Server\etc

Component logs for Symantec Premium AntiSpam

C:\Program Files\Symantec\SMSMSE\5.0\Server\logs

Statistical information on the effectiveness of Symantec Premium AntiSpam rules

C:\Program Files\Symantec\SMSMSE\5.0\Server\stats

Table 2-1 Software component locations (Continued)

Component LocationConsole files C:\Program Files\Symantec\SMSMSE\5.0\UI

32 Installing Symantec Mail Security for Microsoft ExchangeBefore you install

About security and access permissionsUsers must have System Administrator privileges to configure or modify Symantec Mail Security settings.

When you install the product, Symantec Mail Security automatically creates the SMSMSE viewers group in Active Directory and assigns the group read-only access to Symantec Mail Security components and features. Users in this group cannot change settings for Symantec Mail Security. Users can run reports, view event logs, and view settings through the console.

The SMSMSE viewers group is domain-wide for Active Directory. You can use the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in to change membership in this group.

During the security set-up process, security is also set for the Symantec Mail Security registry key and file folders. You must have administrator access to the local servers and domain administrator rights for the security set-up to proceed.

Component to update virus definitions

C:\Program Files\Symantec\LiveUpdate

Definitions C:\Program Files\Common Files\SymantecShared\VirusDefs

License files C:\Program Files\Common Files\SymantecShared\Licenses

Verity content extraction component

C:\Program Files\Symantec\SMSMSE\5.0\Server\Verity\bin

Symantec Mail Security Web service components

C:\Program Files\Symantec\SMSMSE\5.0\Server\DExLService\bin

.NET Framework 1.1 service pack 1.1

C:\Windows\Microsoft.NET\Framework

SESA agent installation files C:\Program Files\Server\AgtInst

Symantec rulesets C:\Program Files\Server\

Table 2-1 Software component locations (Continued)

Component Location

33Installing Symantec Mail Security for Microsoft ExchangeSystem requirements

System requirementsEnsure that you meet the appropriate system requirements for the type of installation that you are performing.

See About installing Symantec Mail Security on page 34.

Server system requirementsYou must have domain administrator-level privileges to install Symantec Mail Security.

The server system requirements are as follows:

See Installing Symantec Mail Security on a local server on page 35.

See About installing Symantec Mail Security on remote servers on page 40.


Operating system Windows 2000 Server/Advanced Server/Data Center SP4

Windows Server 2003 Standard/Enterprise/Data Center SP1

Exchange platform Exchange 2000 Server SP3/Enterprise Server

Exchange Server 2003/Enterprise Server

Minimum system requirements Intel Server class 32-bit processor

1 GB RAM

775 MB available disk spaceRequired available disk space for Symantec Mail Security and required third-party components. This does not include the space required for items such as quarantined messages and attachments, reports, and log data.

.NET Framework version 1.1 SP1 (is automatically installed if not detected)

MDAC 2.6 or higher (is automatically installed if not detected)

DirectX 8.01 or higher (automatically installs DirectX 9 DirectX 8.01 or higher if not detected)

34 Installing Symantec Mail Security for Microsoft ExchangeAbout installing Symantec Mail Security

If you install Symantec Mail Security on a Windows 2000 Server Domain Controller that does not allow impersonation, you might have difficulty changing settings in a group view or from a remote console. You should run Microsoft Exchange on a computer that is not a Domain Controller. If this is not feasible, set the computer to allow impersonation by configuring the Impersonate a client after authentication policy for the IWAM account.

See About setting up impersonation privileges on the IWAM account on page 51.

Console only system requirementsYou can install the Symantec Mail Security console only. The console only system requirements are as follows:

See Installing the Symantec Mail Security console only on page 43.

About installing Symantec Mail Security Use any of the following installation procedures, depending on the type of installation that you want to perform:

Operating system Windows 2000 Server SP4

Windows Server 2003 SP1

Windows XP SP1

Minimum system requirements Intel Server class 32-bit processor

512 MB RAM 162 MB available disk space

This does not include the space required for items such as quarantined messages and attachments, reports, and log data.

.NET Framework version 1.1 SP1 (is automatically installed if not detected)

Local server installation

You can install or upgrade Symantec Mail Security on a local computer that is running Microsoft Exchange Server.


35Installing Symantec Mail Security for Microsoft ExchangeAbout installing Symantec Mail Security

See Migrating to version 5.0.3 on page 59.

Installing Symantec Mail Security on a local serverYou can install Symantec Mail Security on a local Microsoft Exchange Server. You must install the product on a local server before you can perform the remote server or console installations.

Before you begin the installation process, ensure that you have met the system requirements.


You must be logged on as a member of the administrator group on the local computer and have domain administrator privileges on the computer on which you want to install Symantec Mail Security.

If you do not have .NET Framework version 1.1 SP1, MDAC 2.6 or higher, or DirectX 8.01 or higher installed, Symantec Mail Security automatically installs these components during installation. If Symantec Mail Security installs any of these components, you are prompted to restart your computer after installation is complete.

When installation is complete, a Symantec Mail Security icon is placed on the computer desktop.

Remote server installation

If you have multiple servers on which you want to install or upgrade Symantec Mail Security, after you install Symantec Mail Security to a local server, you can use the Asset Management tool in the console to install the product to remote servers.

See About installing Symantec Mail Security on remote servers on page 40.

Console only installation

You can install the product console on a computer that is not running Symantec Mail Security. This lets you manage your servers from any computer that has access to your Exchange servers.

See Installing the Symantec Mail Security console only on page 43.

Microsoft Clustering service installation

If you are installing Symantec Mail Security with the Microsoft Clustering service, follow the instructions for clustering service installation.



To install Symantec Mail Security on a local server, do the following:

To begin the installation process

1 Insert the Symantec Mail Security product CD in the CD-ROM drive.

The installation program launches automatically. If it does not, you should run cdstart.exe from the product CD.

2 Click Install Symantec Mail Security for Microsoft Exchange.

3 In the InstallShield welcome panel, click Next.

4 Click Next until you reach the Software License Agreement panel.

Begin the installation process

The installation wizard guides you through the installation process of selecting upgrade configurations (if applicable), the product installation folder location, and the type of installation that you want to perform.

Configure additional setup options and confirm settings

You can specify if you want to stop IIS during installation, specify the Web service set-up values, designate an email notification address, install the SESA agent, and review your setup configurations.

See Installing the local SESA Agent on page 235.

Install licenses You can install your licenses during installation.


If you install a valid content license, Symantec Mail Security lets you perform a LiveUpdate to obtain the most current definitions.

See About keeping your server protected on page 217.


5 In the License Agreement panel, click I accept the terms in the license agreement, and then click Next.

You must accept the terms of the license agreement for the installation to continue.

6 In the Existing Settings panel, select one of the following, and then click Next:

This panel only appears if you are upgrading.

7 In the Destination Folder panel, do one of the following:

To install the product in the default location, click Next.

The default directory is as follows:


To install the product in a different location, click Change, select the location of the installation folder, click OK, and then click Next.

Symantec Mail Security does not support directory names that contain multi-byte characters. If you intend to use the Symantec Premium AntiSpam service, you cannot install the product to a directory that contains high ASCII characters.

8 In the Setup Type panel, click Complete, and then click Next.

9 In the Setup Preview panel, click Next.

This panel only appears if Symantec Mail Security must install a third-party component (such as .NET Framework).

See Server system requirements on page 33.

10 In the information dialog box, click OK.

Restore default settings

Applies the default settings of the version that you are installing.

Retain existing settings

Retains your existing settings.


To configure additional setup options

1 In the IIS Reset Options panel, select whether to stop IIS during installation, and then click Next.

2 In the Web Service Setup panel, do one of the following:

Click Next if you want to accept the default values.

Modify the following settings, and then click Next:

3 In the Notification Email Address panel, do one of the following to specify the administrator to notify of violations and outbreaks:

Click Next if you want to accept the default value.

Modify the originator email address, and then click Next.

4 In the Symantec Enterprise Security Architecture panel, select one of the following:

See Integrating Symantec Mail Security with SESA on page 227.

5 Click Next.

IP/Name By default, the computer name resolves to the primary external network identification card (NIC). You can also use an IP address.

The IP address validates the availability of the port.

Port # Port 8081 is the default port number for the Web service that is used by Symantec Mail Security. If port 8081 is being used by another application, a different default port number appears.

If you change the port number, use a port number that is not used by another application. You should not use port 80. Port 80 is the port number that is used by the default Web service, which is hosted by Microsoft Internet Information Services (IIS).

No Select this option if you do not have a SESA server or do not want to install the SESA agent at this time.

Yes Select this option if you have a SESA server and want to install the SESA agent.

In the IP Address of SESA Server box, type the SESA IP address.


6 In the Setup Summary panel, review the information, and then click Next.

If you need to make any modifications, click Back to return to the appropriate panel.

7 In the Ready to Install the Program panel, click Install.

To install a license and update definitions

1 In the Install Content License File panel, do one of the following:

2 In the LiveUpdate panel, do one of the following:

This panel only appears if you installed a valid license.

3 Click Finish.

The option Show the readme file is checked by default. The Readme file contains information that is not available in the product documentation.

4 Click Yes to restart your computer.

This option only appears if Symantec Mail Security installed .NET Framework, MDAC, or DirectX during the installation process. You must restart your computer for the necessary changes to take affect.

To install a license file

Do the following:

Click Browse, locate the license file, and then click Open.

Click Install, and in the confirmation dialog box, click OK. Repeat this process for each license that you have to install.

Click Next.

To install a license file later through the console

Click Skip, and then click Next.


To perform a LiveUpdate

Click Yes, and then click Next.

In the LiveUpdate Options window, click Start.

When LiveUpdate is complete, click Close.

To perform a LiveUpdate at a later time

Click No, and then click Next.

See About keeping your server protected on page 217.See Post-installation tasks on page 50.


About installing Symantec Mail Security on remote serversAfter you install Symantec Mail Security on a local server or install the console, you can install the Symantec Mail Security server component on remote servers. You can also upgrade from versions 4.x.

See Migrating to version 5.0.3 on page 59.

Before you install the product on remote servers, you should review the pre-installation information and system requirements.

See Before you install on page 29.


If you do not have .NET Framework version 1.1 SP1, MDAC 2.6 or higher, or DirectX 8.01 or higher installed, Symantec Mail Security automatically installs these components during installation. If Symantec Mail Security installs any of these components, after installation is complete, the remote computer is automatically restarted.

To install Symantec Mail Security on remote servers, do the following:

Customize installation settings, if needed.

Remote servers are installed with default installation settings. If you want to customize the installation settings and apply them to a remote server, you can add the custom features to the vpremote.dat file.

See Customizing remote server installation settings on page 40.

Install Symantec Mail Security on remote servers.

See Installing the product on a remote server on page 42.

Customizing remote server installation settings There may be cases in which you want to customize the installation of Symantec Mail Security on a remote Exchange server. For example, you might want to change the following settings:

Installation location

Default email address for notifications

Stop/start of IIS


Table 2-2 lists the remote customization options that you can modify.

Table 2-2 Remote customization options

Property Description Default value Optional value

EMAILADDRESS= Address of the domain administrator for the Address of sender and Administrator and others to notify Notification/Alert settings

N/A (Email address of domain administrator)

EXISTINGSETTINGGROUP= Controls whether to retain a previous versions settings or apply the default settings of the new version

Retain Restore

IIS_RESET= Controls whether to stop and restart IIS

Yes No

INSTALL_SESA= Determines whether to install SESA

No Yes

INSTALLDIR= The default product installation directory

[drive]:\ Program Files\Symantec\SMSMSE\5.0\

(Any valid path)

PORTNUMBER= The port that is used by the product for Web services

8081 (Any valid port)

REMOTEINSTALL Controls whether the console appears during installation

0 1 to hide consoles

Set to 1 if you are performing a silent installation

SESAIP= The IP address of the SESA server

N/A (A valid SESA IP number)


Warning: The following entry should not be changed: {setup.exe /s /v"/qn NOT_FROM_ARP=1}. You can append the entry. For example, {setup.exe /s /v"/qn NOT_FROM_ARP=1 REMOTEINSTALL=1}

To customize remote server installation settings

1 Locate the folder that contains the Symantec Mail Security console files. The default location is as follows:

\Program Files\Symantec\SMSMSE\5.0\UI\

2 Using WordPad or a similar tool, open the following file:

vpremote.dat

3 Insert one or more properties by doing the following:

Type a space after the previous or existing entry inside the quotation marks.

Type the new property.

The property portion of each entry is case sensitive.

Type the value immediately after the = sign with no space.

The values are not case sensitive.

For example, to specify a silent installation, the entry would appear as follows:{setup.exe /s /v"/qn NOT_FROM_ARP=1 REMOTEINSTALL=1}

Installing the product on a remote serverYou must be logged on as a member of the administrator group on the local computer and have domain administrator privileges on all remote computers on which you want to install Symantec Mail Security.


Note: You should not use the remote installation procedures if you are installing the product on cluster server nodes.



To install the product on a remote server

1 In the console on the menu bar, click Tasks > Manage Assets.

2 In the Asset Management window, in the sidebar under Tasks, click Install/Upgrade server(s).

3 In the Select Server(s) window, in the Servers and server groups list, highlight one or more servers and click the >> command icon.

4 Under Server options, check Keep installation files on server(s) to maintain the installation files on the server.

5 Check Send group settings to apply group settings.

If unchecked, existing server settings are retained. Future changes that are made to the server group are applied to the server.

6 Click OK, and then click Close.

See Post-installation tasks on page 50.

Installing the Symantec Mail Security console onlyThe Symantec Mail Security console is a Windows application. The console lets you manage local and remote installations of Symantec Mail Security from a single computer. You can install and use the console on a computer in which Symantec Mail Security is not installed. This lets you manage Symantec Mail Security from a convenient location.

Before you install the console, you must first install Symantec Mail Security on a local Exchange server. You should also review the console installation system requirements.


See Console only system requirements on page 34.

Symantec Mail Security automatically installs .NET Framework version 1.1 SP1 if it is not detected during installation. If Symantec Mail Security installs .NET Framework, after installation is complete, you are prompted to restart the computer.



To install the Symantec Mail Security console only

1 Insert the Symantec Mail Security product CD in the CD-ROM drive.

The installation program launches automatically. If it does not, you should run cdstart.exe from the Symantec Mail Security product CD.

2 Click Install Multiserver Console.

If the installation program detects that you have Windows XP or that there is no version of the Exchange server installed, the installation program defaults to console only installation options.

3 Click Next until you reach the Software License Agreement panel.

4 In the License Agreement panel, check I accept the Terms in the license agreement, and then click Next.

5 In the Destination Folder panel, do one of the following:

To install the product in the default location, click Next.

The default destination directory is as follows:


To install the product in a different location, click Change, select the location of the installation folder, click OK, and then click Next.

Symantec Mail Security does not support directory names that contain multi-byte characters. If you intend to use the Symantec Premium AntiSpam service, you cannot install the product to a directory that contains high ASCII characters.

6 Click Next until you reach the Ready to Install the Program panel.

7 In the Ready to Install the Program panel, click Install.

The installation may take several minutes.

8 Click Finish.

9 Click Yes to restart your computer.

This option only appears if Symantec Mail Security installed .NET Framework during the installation process. You must restart your computer for the necessary changes to take affect.



About installing Symantec Mail Security in a Microsoft ClusterYou can install Symantec Mail Security in a Microsoft Cluster. Symantec Mail Security supports active/active configurations, but recommends configurations with one or more passive nodes. The two configuration types have different installation considerations.

When you install Symantec Mail Security in a cluster environment, you should install the product individually on each node of the cluster. The remote installation feature should not be used.

To install Symantec Mail Security in a cluster environment, do the following:

Ensure that your environment meets the pre-installation requirements.

See Considerations before you install on a Microsoft Exchange cluster on page 46.

Install Symantec Mail Security using the procedures for your cluster configuration.

See About installing Symantec Mail Security on a cluster with one or more passive nodes on page 47.

See About installing Symantec Mail Security on a Veritas cluster server on page 50.

Configure the cluster resource if you are using an active/passive configuration only.

See Configuring the cluster resource on page 48.


Considerations before you install on a Microsoft Exchange clusterTable 2-3 describes the items that you should consider before you install Symantec Mail Security in a cluster environment.

Table 2-3 Cluster installation considerations

Configuration Considerations

One or more passive nodes

Symantec Mail Security must be installed on all active and passive nodes of a cluster.

Only one Exchange Virtual Server (EVS) can run on any cluster node at any time. If two EVSs try to run on the same node, the results are undefined.

Before you install Symantec Mail Security on an Exchange cluster with one or more passive nodes, ensure that the following requirements are met:

There must be an available passive node to fail to. Multiple failovers are supported only if multiple passive nodes are available.

Symantec Mail Security must be installed with the same configuration and in the same locations on all nodes of the cluster.

During installation, Symantec Mail Security checks for presence of a cluster environment. If the installation is running in a cluster environment, you are prompted to register a cluster resource DLL (SMSMSEClusterResource.dll). This DLL must be registered on only one of the cluster nodes.

Symantec Mail Security runs on all the nodes (even passive) immediately after installation. After the first instance of the cluster resource is configured, the service runs on only the active node or nodes.

Active/active Before you install Symantec Mail Security on an active/active Exchange 2000 or 2003 cluster, ensure that the following requirements are met:

The cluster is a group of identical servers containing two nodes. An active/active cluster can contain only two nodes.

At least two Exchange Virtual Servers exist and are capable of running on either node in the cluster.


About installing Symantec Mail Security on a cluster with one or more passive nodesYou can install Symantec Mail Security on Exchange servers that are running Microsoft Clustering Service with one or more passive nodes.

Symantec Mail Security settings are stored in the registry and local hard drive of each individual server. Each time settings are changed, the settings are duplicated on the hard drive of the shared storage that is used as a dependency for the Symantec Mail Security resource. Any time the active node goes down and control transfers to the passive node, the passive node checks for settings on the shared hard disk storage. The settings are then downloaded to the passive node (which is now active) and applied.

Symantec Mail Security is Microsoft cluster aware and does not require any specific settings prior to installing the product on a cluster with one or more passive nodes. Symantec Mail Security requires its own cluster resource.

You must use IP addresses or names of the Exchange Virtual Server nodes instead of the actual server IP addresses or names for managing Symantec Mail Security through the console.

When the EVS group and Symantec Mail Security cluster resource move from one node to another, the following items are not transferred:

Quarantine contents

Virus definitions and spam rules

Report database and generated reports

Spam statistics

Mailbox and public folder lists

In a cluster environment, you should manage Symantec Mail Security with a console that is installed on a computer that is not a part of the cluster rather than from one of the cluster nodes. This lets you maintain independent Symantec Mail Security settings for each Exchange Virtual Server.

See Configuring the cluster resource on page 48.



Configuring the cluster resource

After Symantec Mail Securit

sms imp guide

Documents

symantec logo

technical support group

symantec security response

support centers

webbased support

range of support options

licensed software

documentation version