ESET MAIL SECURITY 4 - FOR MICROSOFT EXCHANGE SERVER 2000-2003-2008 Manual de instalación

ESET MAIL SECURITY FOR MICROSOFT EXCHANGE SERVER Installation Manual and User Guide Microsoft® Windows® Server 2000 / 2003 / 2008 / 2008 R2 / 2012C

10After entering your Username and Password, click Next to proceed to Configure your Internet connection.If you use a proxy server, it must be correct

1004.6.2 User Interface and application usageFor clarity the Main window is divided into four major sections – Program Controls located on the top o

101DetailThis setting influences the information displayed in the Main window to make the information easier to work with.In "Basic" mode, y

102Network connectionsThe Description window contains a list of processes and applications communicating over the network using theprotocol selected i

1036unknown, risk level 6-9 items are displayed7, Brisky, risk level 7-9 items are displayed8risky, risk level 8-9 items are displayed9risky, risk lev

1044.6.2.3 CompareThe Compare feature allows the user to compare two existing logs. The outcome of this feature is a set of items notcommon to both

1054.6.3 Command line parametersESET SysInspector supports generating reports from the command line using these parameters:/gengenerate a log direct

1064.6.4.2 Structure of the Service scriptIn the first line of the script’s header, you can find information about the Engine version (ev), GUI vers

10705) DNS server entriesThis section contains information about the current DNS server configuration.Example:05) DNS server entries:+ 204.74.105.85-

108Example:09) Critical files:* File: win.ini- [fonts]- [extensions]- [files]- MAPI=1[...]* File: system.ini- [386Enh]- woafont=dosapp.fon- EGA80WOA.F

109How does ESET SysInspector evaluate the risk posed by a particular object ?In most cases, ESET SysInspector assigns risk levels to objects (files,

11NOTE: After a program component update, a restart is usually required. We recommend selecting the Neverrestart computer option. The latest component

110Below is a detailed description of the available options:Compare – Allows you to compare two existing logs. It is suitable if you want to track cha

1114.7.3 Target selectionIn addition to CD/DVD/USB, you can choose to save ESET SysRescue in an ISO file. Later on, you can burn the ISOimage on CD/

112Security solution installed on the computer on which the ESET SysRescue CD is run.4.7.4.3 Advanced settingsThe Advanced tab lets you optimize the

1134.7.5 Working with ESET SysRescueFor the rescue CD/DVD/USB to work effectively, you must start your computer from the ESET SysRescue bootmedia. B

114The User interface features also include the option to password-protect the ESET Mail Security setup parameters.This option is located in the Setti

1154.8.1 Alerts and notificationsThe Alerts and notifications setup section under User interface allows you to configure how threat alerts andsystem

1164.8.2 Disable GUI on Terminal ServerThis chapter describes how to disable GUI of ESET Mail Security running on Windows Terminal Server for userse

117It shows you some basic examples how to use eShell with Syntax, Prefix, Command path, Abbreviated forms,Aliases, etc. This is basically a quick gui

118These are the prefixes that eShell lets you use. A command may or may not support any of the prefixes: GET - returns current setting/status

119ArgumentAn argument an action which is performed for a particular command. For example, command CLEANLEVEL can beused with following arguments:

12installed).To perform a manual upgrade:1. In-place upgrade: Install the latest version over your existing version of ESET Mail Security by following

120will display SYNTAX, OPERATIONS, ARGUMENTS and ALIASES for the command with a short description for each.Command historyeShell keeps history of pre

121PASSWORDNormally, to execute password-protected commands, you are prompted to type in a password for security reasons.This applies to commands such

122 get - Show antivirus protection status set - Disable/Enable antivirus protection restore - Restores default settingsARGUMENTS

123newly-detected threats. This information may include a sample or copy of the file in which the threat appeared, thepath to that file, the filename,

1244.11.1 Suspicious filesThe Suspicious files tab allows you to configure the manner in which threats are submitted to ESET‘s Threat Lab foranalysi

1254.11.2 StatisticsThe ThreatSense.Net Early Warning System collects anonymous information about your computer related to newlydetected threats. Th

1264.11.3 SubmissionYou can select how files and statistical information will be submitted to ESET. Select the By means of RemoteAdministrator or di

1274.12 Remote administrationESET Remote Administrator (ERA) is a powerful tool to manage security policy and to obtain an overview of theoverall se

1284.13 LicensesThe Licenses branch allows you to manage the license keys for ESET Mail Security and other ESET products such asESET Mail Security,

1295. Glossary5.1 Types of infiltrationAn Infiltration is a piece of malicious software trying to enter and/or damage a user’s computer.5.1.1 Viru

132.6 Exchange Server 2013 RolesThe architecture of Exchange Server 2013 is different from previous versions of Microsoft Exchange. In Exchange2013

130Backdoor – An application which communicates with remote attackers, allowing them to gain access to asystem and to take control of itKeylogger – (k

131If a file is detected as spyware on your computer, it is advisable to delete it, since there is a high probability that itcontains malicious code.5

1325.2.1 AdvertisementsInternet advertising is one of the most rapidly growing forms of advertising. Its main marketing advantages areminimal costs

1335.2.4.1 RulesIn the context of Antispam solutions and email clients, rules are tools for manipulating email functions. Theyconsist of two logical

1345.2.4.5 Server-side controlServer-side control is a technique for identifying mass spam based on the number of received messages and thereactions

14products within a cluster. You can avoid this by using a policy in ERA. A policy is very similar to a standardConfiguration Task – it sends the con

152.8 LicenseA very important step is to enter the license file for ESET Mail Security for Microsoft Exchange Server. Without it,email protection on

16If the number of mailboxes in your active directory exceeds your license count a message will be entered into yourMicrosoft Exchange Server log read

172.9 Post-Installation ConfigurationThere are several options that have to be configured after the product installation.Antispam protection setupTh

18When evaluating the message source, the method takes into account the configurations of the Approved IPaddresses list, the Ignored IP addresses list

193. ESET Mail Security - Microsoft Exchange Server protectionESET Mail Security provides significant protection for your Microsoft Exchange Server. T

ESET MAIL SECURITYCopyright ©2013 by ESET, spol. s r.o.ESET Mail Security was developed by ESET, spol. s r.o.For more information visit www.eset.com.A

20normalized value assigned to a message that indicates the likelihood of the message being spam (based on thecharacteristics of the message header, i

21Add... - adds a new ruleEdit... - modifies an existing ruleRemove - removes selected ruleClear - clears the rule counter (the Hits column)Move up -

22Examples of entering conditions:By target mailbox:smithBy email sender: [email protected] email recipient:“J.Smith” or “[email protected]”By email subje

23The last step in the new rule creation wizard is to name each created rule. You can also add a Rule comment. Thisinformation will be stored in the M

243.1.4 Message quarantineThe Message quarantine is a special mailbox defined by the system administrator to store potentially infectedmessages and

25Message quarantine by recipient - by using this option, you can define message quarantine mailboxes formultiple recipients. Every quarantine rule ca

263.2 Antivirus and antispyware settingsYou can enable antivirus and antispyware mail server protection by selecting the Enable antivirus andantispy

273.2.1.1 Virus-Scanning Application Programming Interface (VSAPI)Microsoft Exchange Server provides a mechanism to make sure that every message com

28Server decides whether a background scan will run or not, based on various factors, such as the current systemload, the number of active users, etc.

293.2.1.1.3 Microsoft Exchange Server 2003 (VSAPI 2.5)This version of Microsoft Exchange Server includes VSAPI version 2.5.If you uncheck the Enable

Contents...5Introduction1...5What

30You can set Attachment deletion method to:Truncate file to zero length – ESET Mail Security truncates the attachment to zero size and lets the recip

31Enabling the Scan RTF message bodies option activates scanning of RTF message bodies. RTF message bodiesmay contain macro viruses.NOTE: Plain text e

323.2.1.1.5 Transport AgentIn this section you can enable or disable antivirus and antispyware protection by the transport agent. For MicrosoftExcha

333.2.2 ActionsIn this section you can choose to append a scan task ID and/or scan result information to the header of scannedmessages.3.2.3 Alert

34Add to the body of scanned messages: offers three options:Do not append to messagesAppend to infected messages onlyAppend to all scanned messages (t

353.3 Antispam protectionIn the Antispam protection section, you can enable or disable spam protection for the installed mail server,configure antis

363.3.1 Microsoft Exchange Server3.3.1.1 Transport AgentIn this section you can set up options for spam protection using the transport agent.NOTE:

37that is not from a recognized sender. A legitimate server will try to resend the message after a delay. Spam serverswill typically not attempt to re

383.3.2 Antispam engineIn here, you can configure Antispam engine parameters. You can do so by clicking on Setup... button. A windowwill open where

393.3.2.1.1.1 SamplesUse cache memory - Enables usage of a fingerprint cache (Enabled by default).Turn on MSF - Allows for use of an alternate finge

...66On-demand computer scan4.1.4...

40Number of scanned messages before writing them to disk: - While training, the antispam engine will process aconfigurable amount of messages before w

41Specify Index: and Weight: values.3.3.2.1.3.2 List of downloaded rule filesSet rule file indexes which should be downloaded to disk. Use Add, Edit

423.3.2.1.4.1 Allowed sendersWhitelisted senders and domains can contain an email address or a domain. Addresses are entered in the format"mail

433.3.2.1.4.7 Ignored domainsThis option allows you to specify body domains which should always be excluded from the DNSBL checks andignored.3.3.2.1

443.3.2.1.5.2 LBL (Last Blackhole List)LBL servers: - The Last Connecting IP is queried against the LBL server. You can specify a different DNS look

453.3.2.1.7 ScoreTurn on score history - Enables tracking of historical scores for repeat senders.Stop analysis when SPAM score threshold has been r

46engine's internal LiveFeed cache. The option is specified in seconds. For those LiveFeed responses whose TTL valueis less than specified minimu

47ArabicarByelorussianbeBulgarianbgCatalancaCzechcsWelshcyDanishdaGermandeGreekelEnglishenEsperantoeoSpanishesEstonianetBasqueeuPersianfaFinnishfiFren

483.3.2.1.11.2 List of home countriesSet countries which you consider as home countries and from which you prefer to receive messages. To add a home

49CÔTE D’IVOIRECICROATIAHRCUBACUCYPRUSCYCZECH REPUBLICCZDENMARKDKDJIBOUTIDJDOMINICADMDOMINICAN REPUBLICDOECUADORECEGYPTEGEL SALVADORSVEQUATORIAL GUINE

51. IntroductionESET Mail Security 4 for Microsoft Exchange Server is an integrated solution that protects mailboxes from varioustypes of malware cont

50KUWAITKWKYRGYZSTANKGLAO PEOPLE’S DEMOCRATIC REPUBLICLALATVIALVLEBANONLBLESOTHOLSLIBERIALRLIBYAN ARAB JAMAHIRIYALYLIECHTENSTEINLILITHUANIALTLUXEMBOUR

51RÉUNIONREROMANIARORUSSIAN FEDERATIONRURWANDARWSAINT HELENASHSAINT KITTS AND NEVISKNSAINT LUCIALCSAINT PIERRE AND MIQUELONPMSAINT VINCENT AND THE GRE

52VIRGIN ISLANDS, USVIWALLIS AND FUTUNAWFWESTERN SAHARAEHYEMENYEZAIRE (CONGO, THE DEMOCRATICREPUBLIC OF THE)CDZAMBIAZMZIMBABWEZW3.3.2.1.11.3 List of

533.3.3 Alerts and notificationsEach email scanned by ESET Mail Security and marked as spam can be flagged by appending a notification tag tothe ema

54Q: Is it possible to add a notification tag text via VSAPI to each scanned message, in the same manner as theTransport agent?A: Adding text to messa

55- deselect the check box Write spam score to the header of scanned messages- navigate to Alerts and notifications under Antispam protection- define

564. ESET Mail Security - Server protectionWhile providing Microsoft Exchange Server protection, ESET Mail Security has all of the necessary tools to

574.1.1.1.1 Media to scanBy default, all types of media are scanned for potential threats.Local drives – Controls all system hard drivesRemovable me

584.1.1.3 When to modify real-time protection configurationReal-time protection is the most essential component of maintaining a secure system. Ther

59If Real-time protection does not detect and clean infiltrationsMake sure that no other antivirus programs are installed on your computer. If two rea

61.3 Methods usedTwo independent methods are used to scan email messages:Mailbox scanning via VSAPIMessage filtering on the SMTP server level1.3.1

604.1.2.1.1 CompatibilityCertain email programs may experience problems with POP3 filtering (e.g., if receiving messages with a slowInternet connect

614.1.2.2 Integration with email clientsIntegration of ESET Mail Security with email clients increases the level of active protection against malici

624.1.2.2.1 Appending tag messages to email bodyEach email scanned by ESET Mail Security can be marked by appending a tag message to the subject or

634.1.3 Web access protectionInternet connectivity is a standard feature in a personal computer. Unfortunately, it has also become the mainmedium fo

644.1.3.1.1 Address managementThis section enables you to specify HTTP addresses to block, allow or exclude from checking. The buttons Add...,Edit..

654.1.3.1.2 Active modeESET Mail Security also contains the Web browsers feature, which allows you to define whether the givenapplication is a brows

66Active mode is useful because it examines transferred data as a whole. If it is not enabled, communication ofapplications is monitored gradually in

674.1.4.1 Type of scanTwo types of On-demand computer scan are available. Smart scan quickly scans the system with no need forfurther configuration

684.1.4.2 Scan targetsThe Scan targets drop-down menu allows you to select files, folders and devices (disks) to be scanned for viruses.By profile s

694.1.4.4 Command LineESET Mail Security’s antivirus module can be launched via the command line – manually (with the “ecls” command)or with a batch

71.4.3 Application of user-defined rulesProtection based on user-defined rules is available for scanning with both the VSAPI and the transport agent

70Methods:– adwarescan for Adware/Spyware/Riskware– no-adwaredo not scan for Adware/Spyware/Riskware– unsafescan for potentially unsafe applications–

714.1.5 PerformanceIn this section, you can set the number of ThreatSense scan engines that will be used for virus scanning. MoreThreatSense scan en

72Block communication that uses the certificate – Terminates connection to the site that uses the certificate.4.1.6.1.1 Trusted certificatesIn addit

734.1.7.1 Objects setupThe Objects section allows you to define which computer components and files will be scanned for infiltrations.Operating memo

74consent for installation. If they are present on your computer, your system behaves differently (compared to thestate before their installation). Th

75to select the correct action automatically, the program will offer a choice of follow up actions. The choice offollow-up actions will also be displa

764.1.7.5 LimitsThe Limits section allows you to specify the maximum size of objects and levels of nested archives to be scanned:Maximum object size

774.1.8 An infiltration is detectedInfiltrations can reach the system from various entry points; webpages, shared folders, via email or from removab

784.2 Updating the programRegular updating of ESET Mail Security is the basic premise for obtaining the maximum level of security. TheUpdate module

794.2.1 Update setupThe update setup section specifies update source information such as the update servers and authentication datafor these servers

82. InstallationAfter purchasing ESET Mail Security, the installer can be downloaded from ESET’s website (www.eset.com) as an .msi package.Please note

804.2.1.1 Update profilesUpdate profiles can be created for various update configurations and tasks. Creating update profiles is especiallyuseful fo

814.2.1.2.1 Update modeThe Update mode tab contains options related to the program component update.In the Program component update section, three o

824.2.1.2.2 Proxy serverIn ESET Mail Security, proxy server setup is available in two different sections within the Advanced Setup tree.First, proxy

83Select the Do not use proxy server option to specify that no proxy server will be used to update ESET Mail Security.The Connection through a proxy s

844.2.1.2.3 Connecting to the LANWhen updating from a local server with an NT-based operating system, authentication for each networkconnection is r

854.2.1.2.4 Creating update copies - MirrorESET Mail Security allows you to create copies of update files which can be used to update other workstat

864.2.1.2.4.1 Updating from the MirrorThere are two basic methods of configuring the Mirror – the folder with update files can be presented as a sha

87the other computer. To specify authentication data, open ESET Mail Security Advanced Setup (F5) and click the Update branch. Click the Setup... butt

884.3 SchedulerScheduler is available if Advanced mode in ESET Mail Security is activated. Scheduler can be found in the ESET MailSecurity main menu

894.3.2 Creating new tasksTo create a new task in Scheduler, click the Add... button or right-click and select Add... from the context menu.Five typ

9Enter the Username and Password, which you received after the purchase or registration of the product, into thecorresponding fields. If you do not cu

904.4 QuarantineThe main task of quarantine is to safely store infected files. Files should be quarantined if they cannot be cleaned, ifit is not sa

914.4.3 Submitting file from QuarantineIf you have quarantined a suspicious file that was not detected by the program, or if a file was incorrectly

924.5 Log filesLogs store information about important events: detected infiltrations, logs from the on-demand scanner, logs fromthe resident scanner

93AntispamAll messages categorized by the ESET Mail Security as spam or probable spam are recorded here.Columns description:Time – time of entry into

94PhishMessage contains text that is typical to phishing messages.ReplicaMessage contains text that is typical for a category of spam oriented atoffer

95GreylistingAll messages that have been evaluated using the greylisting method are recorded in this log.Columns description:Time – time of entry into

96On-demand computer scanThe scanner log stores information about manual or planned scan results. Each line corresponds to a singlecomputer control. I

97Record types: - Lets you choose what type of records to show. You can choose one particular record type, multipletypes at the same time, or have all

98records will be omitted.Look in columns: - Select what columns will be taken into account when searching. You can check one or morecolumns to be use

994.6 ESET SysInspector4.6.1 Introduction to ESET SysInspectorESET SysInspector is an application that thoroughly inspects your computer and displ