User manual KASPERSKY LAB KASPERSKY SECURITY 5.5 FOR MICROSOFT EXCHANGE SERVER 2003 - ADMINISTRATOR GUIDE

KASPERSKY LAB Kaspersky Security® 5.5 for Microsoft Exchange Server 2003 ADMINISTRATOR'S GUIDE KASPERSKY SECURITY 5.5 FOR MICROSOFT EXCHANGE SERVER 2003 Administrator's Guide © Kaspersky Lab http://www.kaspersky.com Revision date: November 2006 Table of Contents CHAPTER 1. INTRODUCTION ...................................................................................... 7 1.1. Threats to the computer security .......................................................................... 7 1.2. The purpose and major functionality of the application...................................... 10 1.3. Hardware system requirements.......................................................................... 12 1.4. Software system requirements ........................................................................... 12 1.5. Distribution kit ...................................................................................................... 12 1.6. Services provided for registered users ............................................................... 13 1.7. Conventions......................................................................................................... 14 CHAPTER 2. OPERATION OF THE APPLICATION .................................................. 15 2.1. Security Server architecture................................................................................ 16 2.2. Server protection deployment ............................................................................. 17 2.3. Server protection system maintenance .............................................................. 18 2.4. Application's operation on a cluster of servers ................................................... 18 CHAPTER 3. INSTALLING, UPDATING AND REMOVING THE APPLICATION..... 20 3.1. Installing the application ...................................................................................... 20 3.1.1. First-time installation ..................................................................................... 21 3.1.2. Reinstalling the application........................................................................... 24 3.2. Removing the application.................................................................................... 25 3.3. Upgrading from a previous version..................................................................... 25 CHAPTER 4. STARTING USING THE APPLICATION............................................... 26 4.1. Starting the application........................................................................................ 26 4.2. Application interface ............................................................................................ 26 4.2.1. Main application window .............................................................................. 26 4.2.2. Shortcut menu .............................................................................................. 28 4.3. Creating the list of managed servers .................................................................. 30 4.4. Connecting the Management Console to the server ......................................... 31 4.5. Minimum required configuration.......................................................................... 32 4.6. Mail server protection without additional configuration....................................... 33 4.7. Verifying the application performance ................................................................ 35 4 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 4.7.1. Testing the anti-virus protection system ...................................................... 35 4.7.2. Testing the anti-spam protection system ..................................................... 36 CHAPTER 5. UPDATING THE ANTI-VIRUS AND THE CONTENT FILTRATION DATABASES.............................................................................................................. 38 5.1. Manual updating.................................................................................................. 39 5.2. Automatic updates............................................................................................... 40 5.3. Selecting the updates source.............................................................................. 41 5.4. Configuring the connection settings.................................................................... 43 5.5. Running updates under a different user account ............................................... 45 CHAPTER 6. ANTI-VIRUS PROTECTION .................................................................. 47 6.1. Anti-virus protection levels................................................................................... 49 6.2. Enabling and disabling the anti-virus server protection. Selecting anti-virus protection level ................................................................................................... 51 6.3. Scanning attachments......................................................................................... 53 6.4. Scanning of routed e-mail traffic ......................................................................... 56 6.5. Selecting actions to be performed with objects .................................................. 57 6.6. Background scan................................................................................................. 62 CHAPTER 7. ANTI-SPAM PROTECTION................................................................... 65 7.1. Enabling/disabling anti-spam protection............................................................. 66 7.2. Selecting the action to be performed with the message .................................... 67 7.3. Configuring TCP/IP settings................................................................................ 70 7.4. Configuring e-mail filtration.................................................................................. 70 CHAPTER 8. APPLICATION'S OPERATION EFFICIENCY....................................... 72 8.1. Anti-virus protection efficiency............................................................................. 72 8.2. Anti-spam protection efficiency ........................................................................... 73 CHAPTER 9. BACKUP COPYING ............................................................................... 74 9.1. Viewing backup storage...................................................................................... 75 9.2. Backup storage filter............................................................................................ 77 9.3. Restoring objects from the backup storage........................................................ 80 9.4. Sending e-mails to addressees .......................................................................... 81 9.5. Sending objects for analysis ............................................................................... 81 9.6. Deleting objects from the backup storage .......................................................... 82 9.7. Configuring the backup storage settings ............................................................ 83 Table of Contents 5r CHAPTER 10. NOTIFICATIONS .................................................................................. 86 10.1. Creating a notification template......................................................................... 87 10.2. Viewing and editing notification parameters..................................................... 91 10.3. Customizing general notification settings ......................................................... 91 CHAPTER 11. PREVENTING VIRUS OUTBREAKS.................................................. 93 11.1. Creating a new virus outbreak counter............................................................. 95 11.2. Viewing and modifying virus outbreak notification settings.............................. 99 CHAPTER 12. REPORTS........................................................................................... 100 12.1. Receiving reports............................................................................................. 102 12.1.1. Creating a report template........................................................................ 104 12.1.2. Viewing and fine-tuning the report templates .......................................... 107 12.2. Viewing reports................................................................................................ 108 CHAPTER 13. APPLICATION'S EVENT LOGS........................................................ 111 13.1. Configuring the diagnostics level .................................................................... 112 13.2. Configuring log settings................................................................................... 114 CHAPTER 14. LICENSE KEYS.................................................................................. 115 14.1. License information ......................................................................................... 117 14.2. Installing the license key ................................................................................. 119 14.3. Removing a license key .................................................................................. 121 14.4. License-related notifications............................................................................ 121 14.5. Unprotected storage areas ............................................................................. 122 CHAPTER 15. APPLICATION MANAGEMENT USING KASPERSKY ADMINISTRATION KIT............................................................................................ 124 15.1. Managing policies............................................................................................ 126 15.1.1. Creating a policy ....................................................................................... 126 15.1.2. Viewing and editing policy settings .......................................................... 130 15.1.2.1. Viewing information about the application ........................................ 131 15.1.2.2. Enabling / disabling server protection ............................................... 132 15.1.2.3. Scanning of attachments................................................................... 133 15.1.2.4. Scanning of routed mail..................................................................... 134 15.1.2.5. The choice of actions over objects.................................................... 135 15.1.2.6. The choice of actions over spam messages .................................... 136 15.1.2.7. Configuring the server protection productivity................................... 137 15.1.2.8. Updating the anti-virus and content filtration databases................... 138 6 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 15.1.2.9. Notifications on detected objects....................................................... 139 15.1.2.10. Virus outbreak notification ............................................................... 140 15.1.2.11. General notification settings ............................................................ 140 15.1.2.12. Additional settings............................................................................ 141 15.1.2.13. Registration of events on program operation on Administration Server.................................................................................................... 142 15.1.2.14. Reviewing the results of policy application ..................................... 144 15.2. Management of application settings ............................................................... 145 15.2.1. Reviewing the information about application........................................... 147 15.2.2. Reviewing the license key information..................................................... 148 15.2.3. Start background scan ............................................................................. 148 15.2.4. Selection of protected storage ................................................................. 149 15.2.5. Viewing reports ......................................................................................... 150 15.3. Task management .......................................................................................... 152 15.3.1. Running and stopping tasks..................................................................... 154 15.3.2. Configuring task parameters.................................................................... 155 CHAPTER 16. FREQUENTLY ASKED QUESTIONS............................................... 156 APPENDIX A. TABLE OF SUBSTITUTION MACROS ............................................. 160 APPENDIX B. CONTACTING THE TECHNICAL SUPPORT SERVICE ................. 163 APPENDIX C. GLOSSARY......................................................................................... 165 APPENDIX D. KASPERSKY LAB............................................................................... 170 D.1. Other Kaspersky Lab Products ........................................................................ 171 D.2. Contact Us ........................................................................................................ 179 APPENDIX E. LICENSE AGREEMENT..................................................................... 180 CHAPTER 1. INTRODUCTION The main source of viruses today is the global Internet. Most virus infections happen via e-mail. The facts that almost every computer has e-mail client applications installed and that malicious programs are able to take a full advantage of software address book in order to find new victims are favorable factors for the distribution of malware. Without even suspecting it, the user of an infected computer is sending infected e-mail messages to his or her contacts, who, in turn, send new waves of infected messages and so on. It is not uncommon when infected files, due to someone's negligence, enter commercial mailing lists of large companies. In this case, the virus will affect not just five, but hundreds or even thousands recipients of such mailings who then will send infected files to dozens thousands of their contacts. Apart from the threat of virus or malware infection, there is a problem of unsolicited e-mail messages (SPAM) and misuse of the Internet resources. Although not a direct threat, unsolicited e-mail messages increase the load on the mail servers, fill mailboxes with unwanted messages, cause the loss of working time and inflict serious financial losses. Additionally, it is to be noted that the newest malicious programs use the socalled spamming technologies for efficient mass distribution and the methods of social psychology to make the user open the message, etc. Therefore, SPAM filtering is important not only for convenience, but also in order to protect your computer against some new types of viruses. It is now acknowledged that information has become an important asset. At the same time, in order to gain profit through the use of the information, it has to be available to the company's employees, clients and partners. This raises the issue of data security and, as its important element, the issue of protection of the corporate mail servers against the external threats, preventing virus outbreaks within the corporate networks and filtering out the unsolicited correspondence. 1.1. Threats to the computer security There are a vast number of threats that could affect your computer today. Reading this chapter will give you a general understanding of them. Worms This malicious program category largely exploits operating system vulnerabilities to spread itself. The class was named for the way the worms 8 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 crawl from computer to computer, using networks, e-mail, and other data channels. This feature gives many worms a rather high speed in spreading themselves. Worms penetrate a computer, calculate the network addresses of other computers, and send a burst of self-made copies to these addresses. In addition to network addresses, worms often utilize data from e-mail client address books. Some of these malicious programs occasionally create working files on system disks, but they can run without any system resources at all (with the exception of RAM). Viruses Programs that infect other programs, adding their own code to them to gain control of the infected files when they are opened. This simple definition explains the fundamental action performed by a virus ­ infection. Trojans Programs that carry out unauthorized actions on computers, such as deleting information on drives, making the system hang, stealing confidential information, etc. These malicious programs are not viruses in the traditional sense of the term, since they do not infect other programs or data; Trojans are not capable of independently penetrating computers. Their users spread them under the guise of useful software. The damage that they incur can exceed that done by traditional virus attacks by several fold. Recently, worms have become the most widespread type of malware, followed by viruses and Trojans. Some malicious computer programs have characteristics of two or even all three of the above categories. Henceforth in the text of this Administrator's Guide the term "virus" will be used to refer collectively to viruses, Trojan Horses, and worms. A particular type of malware will be mentioned only when it is required. The following potentially dangerous types of malware have also become widespread: Adware Program code included in software, unbeknownst to the user, designed to display advertisements. Adware is usually built into software that is distributed for free. The advertisement is situated in the program interface. These programs often also collect personal data on the user and send it back to their developer, change browser settings (start page and search pages, security levels, etc.) and also create traffic that the user cannot control. All this can lead to breach of the security policy and to direct financial losses. Introduction 9 Riskware Potentially dangerous software that does not have a malicious function but can be used by hackers as an auxiliary component for a malicious code, since it contains holes and errors. Under certain conditions, having such programs on your computer can put your data at risk. These programs include, for instance, some remote administration utilities, keyboard layout togglers, IRC clients, FTP servers, and all-purpose utilities for stopping processes or hiding their operation. Spyware Software that collects information about a particular user or organization without their knowledge. You might never guess that you have spyware installed on your computer. In general, the goal of spyware is to: · · trace user actions on a computer; gather information on the contents of the hard drive; in such cases, this more often than not involves scanning several directories and the system registry in order to compile a list of the software installed on the computer; gather information on the quality of the connection, bandwidth, modem speed, etc. · Jokes Software that does not do any direct damage but displays messages stating that damage has already been done or will be done under certain conditions. These programs often warn the user of dangers that do not exist, such as messages that pop up about formatting the hard drive (although no formatting actually takes place) or detecting viruses in uninfected files. PornWare Programs that make modem connections with various pay-per-use websites, generally pornographic in nature. Hack Tools Software used by hackers to penetrate your computer for their own ends. They include various illegal vulnerability scanners, password cracking programs, and other types of programs for cracking network resources or penetrating a system. Other dangerous programs Programs created to set up DoS attacks on remote servers, hacking into other computers, and programs that are part of the development environment for malicious programs. These programs include hack tools, virus 10 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 builders, vulnerability scanners, password cracking programs, and other types of programs for cracking network resources or penetrating a system. Although malicious programs are distributed mainly via email and the Internet, a floppy disk or a CD can also be a source of infection. Therefore, the task of comprehensive protection from potential threats now extends far beyond simple regular scans for viruses, and includes the more complex task of real-time antivirus protection. Another threat that e-mail users face daily is spam. Spam is anonymous junk email. Spam includes mailings that are marketing, political and provocative in nature and e-mails asking for assistance. Another category of spam includes emails that ask one to invest large amounts of money or to get involve in pyramid schemes, e-mails aimed at stealing passwords and credit card numbers, and emails that ask to be sent to friends (chain letters), etc. Spam significantly increases the load on mail services and increases the risk of losing information that is important for the user. Spam can be roughly divided into four categories: · Formal messages ­ messages that are automatically generated and sent to recipients by automated mail program functions (as, for example, notifications of undeliverable messages or confirmation of the user's registration at some Internet website); Probable SPAM - messages that can not be unambiguously identified as SPAM, but that raise suspicions when checked (for example, some types of mass mailing and advertising messages); Obscene messages­ messages that contain obscene language; SPAM messages ­ message that definitely contain SPAM. · · · 1.2. The purpose and major functionality of the application Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (hereinafter referred to as Kaspersky Security) is designed to ensure protection of mailboxes and public folders located on Microsoft Exchange Server 2003 (hereinafter Microsoft Exchange Server) against malicious programs and unsolicited e-mail messages (SPAM). Kaspersky Security performs the following functions: · scanning and analyzing incoming and outgoing e-mail messages for the presence of malicious objects. This analysis processes the bodies and attachments of e-mail messages. Depending on the settings configured, the application will disinfect or delete a malicious object or will add a warning message to such objects; Introduction 11 · scanning e-mail messages received by the Exchange server via SMTP protocol for SPAM including the analysis of all attributes and attachments of the message. Depending on the settings, the application will deliver the message to the Inbox folder, move the message to the Junk E-mail folder, block the message or delete it. In addition to the first two actions, special markers can be added to the subject line of the message; saving backup copies of the message's objects before an attempt to disinfect or delete such object (during an anti-virus scan) and copies of messages before they are blocked or deleted (during an anti-spam scan); copies are saved to a special storage for the consequent restoring which prevents the loss of data. Configurable filters allow to easily locate the original copies of objects; notifying the sender, the recipient and the system administrator about messages that contain malicious objects or may contain SPAM. maintaining the event log and creating regular reports about the operation of the application, the status of the anti-virus protection and anti-spam protection. The application allows generation of reports using templates with a preset level of detail and at a required interval; detecting virus outbreaks as they emerge and notifying about such events. The application identifies attempts of mass-mailing infected messages both from the Internet and from the computers within the corporate network; configuring application settings depending on the intensity and the nature of the traffic as well as the characteristics of the hardware installed (amount of RAM, speed, number of processors, etc.); updating the anti-virus database and content filtration database automatically or manually. The databases can be updated from the Kaspersky Lab's FTP and HTTP web servers or from a local/network folder that contains the latest set of updates; scanning old (previously scanned) messages for the presence of new viruses each time your anti-virus database is updated or according to the schedule. This task is performed as a background scan and does not have any considerable effect on the performance of the mail server; creating the list of protected storage areas, which offers additional flexibility in regards with license restrictions on the number of protected mailboxes; managing license keys. · · · · · · · · · Kaspersky Security 5.5 for Microsoft Exchange Server 2003 includes the following components: 12 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 · Security Server performs the scan of the mail traffic for viruses and spam, updates the anti-virus database and content filtration database, provides administrative services for remote management, configuring and ensuring the integrity of the application and of the data stored. Management Console that provides the user interface for managing the administrative services of the application and enables you to configure settings and manage the server component. The management module is implemented as the extension of the Microsoft Management Console. · 1.3. Hardware system requirements · · · Intel Pentium 300 MHz or higher; about 256 MB free RAM (recommended); 50 MB free disk space for the application files (in addition to the size of the backup storage and other service folders). 1.4. Software system requirements Requirements to protected server: · Microsoft Windows Server 2000 with Service Pack 4 installed or higher / Microsoft Windows 2000 Advanced Server with Service Pack 4 and higher installed or higher / Microsoft Windows Server 2003 Standard Edition and higher / Microsoft Windows Server 2003 Enterprise Edition and higher; Microsoft Exchange Server 2003 Enterprise Edition / Standard Edition. · Requirements to the computer from which the application management will be performed: · · Microsoft Windows 2000 with Service Pack 4 installed or higher / Microsoft Windows XP / Microsoft Windows 2003; Microsoft Management Console () version 1.2 or higher. 1.5. Distribution kit You can purchase the product from our dealers (retail box) or online (for example, you may visit www.kaspersky.com and follow the E-Store link). The retail box package includes: · · · a sealed envelope with the installation CD containing the application files; User's Guide a license key written on a special disk; Introduction 13 · License Agreement Before you open the envelope with the CD make sure that you have carefully read the license agreement. If you buy Kaspersky Security online, you will download the application from the Kaspersky Lab's website. In this case, the distribution kit will include this Guide along with the application. The license key will be e-mailed to you upon the receipt of your payment. License Agreement is a legal contract between you and Kaspersky Lab Ltd. that contains the terms and conditions on which you may use the anti-virus product that you have purchased. Read the License Agreement carefully! If you do not agree with the terms of this License Agreement, you can return the box with the software product to the dealer you purchased it from for a full refund provided that the envelope with the installation CD remained sealed. By opening the envelope containing the installation CD or by installing the product on your computer you accept all terms and conditions of the License Agreement. 1.6. Services provided for registered users Kaspersky Lab Ltd. offers to all legally registered users an extensive service package enabling them to boost the performance of Kaspersky Security 5.5 for Microsoft Exchange Server 2003. After purchasing a subscription, you become a registered user and, during the period of your subscription, you will be provided with the following services: · · you will be receiving new versions of the purchased software product; support on issues related to the installation, configuration and use of the purchased software product. Services will be provided by phone or via email; information about new Kaspersky Lab products and about new viruses appearing worldwide (this service is provided to users who subscribe to the Kaspersky Lab's newsletter). · 14 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Support on issues related to the performance and the use of operating systems or other technologies is not provided. 1.7. Conventions Various formatting features and icons are used throughout this document depending on the purpose and the meaning of the text. The table below lists adopted conventions used in the text. Format feature Bold font Meaning/Usage Titles of menus, menu items, windows, dialog boxes and their elements, etc. Note. Additional information, notes Attention! Information requiring special attention In order to perform..., 1. 2. Step 1. ... Task, example Description of the successive user's steps and possible actions Statement of a problem, example of the demonstration of the application's capabilities Command line modifier Text of configuration files, information messages and command line [key] ­ modifier name Information messages and command line text CHAPTER 2. OPERATION OF THE APPLICATION Kaspersky Security 5.5 for Microsoft Exchange Server 2003 scans and, if it is possible, disinfects all incoming and outgoing e-mail messages as well as messages stored at the server. The application analyzes the body of the message and attached files of any format. Additionally, Kaspersky Security performs an anti-spam scan of all messages received by Exchange server via SMTP protocol. The detection of malicious programs, disinfection of infected objects and detection of messages that contain any type of SPAM is performed based on the records contained in the anti-virus and the content filtration databases. These databases are updated by Kaspersky Lab on a regular basis and the updated versions are uploaded to the Kaspersky Lab's website. Additionally, the application uses a special analysis facility called a heuristic analyzer that allows detecting new viruses that are not even known at the moment. The application scans objects received by the server in the real-time format. The user cannot open and view a new message before it is scanned. E-mail messages stored at the server and the content of all public folders are scanned each time the anti-virus database is updated or according to the schedule. The scan may identify new viruses that were not described in the antivirus database at the time when previous scans were performed. This task is performed in the background mode and does not have any effect on the performance of the mail server. If the user requests a message that has not been scanned with the updated database, such message will be re-scanned prior to the delivery to the user. Thus, the user will always receive e-mail messages that have been analyzed using the latest version of the database, no matter when a particular message arrived to the server. The application processes each object applying actions specified by the administrator to objects of a particular type. For instance, an infected object can be disinfected, deleted or replaced with a notification. The administrator may select a mode in which the application will deliver messages with infected objects to the user, although it will change the object's name (by adding information about the virus) and the object's extension. Before processing an object, the application can save a copy of this object to a special backup storage for the consequent restoring or sending to Kaspersky Lab for analysis. 16 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 The application sends notifications about events occurred to the administrator, the recipient and the sender of the infected message and also places a record about this event into the Kaspersky Security application log file and into the Microsoft Windows event log. If the virus outbreaks detection facility is enabled, the application will register the virus activity level and will send a notification about the virus outbreak threat or place a corresponding record into the Microsoft Windows event log and into the Kaspersky Security application log file. 2.1. Security Server architecture The server component of the application, Security Server, consists of the following subsystems: · E-mail VSAPI Interceptor intercepts objects arriving to Microsoft Exchange Server and forwards them to the anti-virus scan subsystem. It is integrated into the Microsoft Exchange Server processes using VSAPI 2.5 technology. SMTP E-mail Interceptor intercepts objects arriving to Microsoft Exchange Server via SMTP protocol and forwards them to the anti-spam scan subsystem. Anti-spam Scan Subsystem scans e-mail messages for spam. This feature is implemented as a Microsoft Windows service, which starts automatically when a message that must be scanned arrives. Anti-virus Scan Subsystem performs anti-virus scan of objects. This component includes several processes with one anti-virus kernel per process. The anti-virus scan subsystem also includes storage of temporary objects for scanning objects in RAM. The storage is located in working folder Store that is created in the installation folder and must be excluded from the scan scope of any anti-virus applications installed in the corporate network. The Internal Application Management and Integrity Control Module is launched in a separate process and is a Microsoft Windows service. This service is launched automatically and does not depend on the state of Microsoft Exchange Server (started, stopped) which allows configuring the application even if Microsoft Exchange Server is stopped. For the correct operation of the application, the Internal Application Management Module must always be running; stopping this service manually is not recommended. · · · · Operation of the application 17 2.2. Server protection deployment In order to create the system of mail servers protection against malicious programs and SPAM using Kaspersky Security 5.5 for Microsoft Exchange Server 2003: 1. Install the Security Server component on all protected Exchange servers. The installation shall be performed from the distribution kit individually for each server. Install the Management Console on a computer within the corporate network. The Management Console provides a centralized access to all network resources from a single administrator's workstation; therefore, it can be installed on one computer only. However, if several administrators are working together, the Management Console can be installed to each administrator's computer. If the Management Console is not installed, the application will function within the default limitations and using the default settings (see section 4.6, page 33). The server protection against malicious programs and SPAM will be enabled automatically when Microsoft Exchange Server is started. 3. 4. 5. Create the list of managed servers (see section 4.3, page 30) Connect the Management Console to the servers (see section 4.4, page 31). Configure the protection system for each server: · · Configure the anti-virus database and content filtration database updating settings (details see Chapter 5, page 38). Verify the correctness of the settings and of the application's operation o o 2. using a test "virus" EICAR (see section 4.7.1, page 35). using a test message that contains spam attributes (see section 4.7.2, page 36). · Configure the notification system that issues notifications about events registered during the application's operation (see Chapter 10, page 86) Configure the event logs and reports (Chapter 12, page 100, Chapter 13, page 111). · 18 Kaspersky Security 5.5 for Microsoft Exchange Server 2003 · Configure the settings for detecting virus outbreaks and notification about such events. (Chapter 11, page 93). 2.3. Server protection system maintenance Maintaining the server protection system in the up-to-date state involves: · · · · periodic updating of the anti-virus and the content filtration databases; receiving and processing notifications about detection of objects containing malware or SPAM and about threats of virus outbreaks; regular review of reports about the application operation and about the state of the mail server protection; processing and cleaning of the backup storage. 2.4. Application's operation on a cluster of servers Kaspersky Security 5.5 for Microsoft Exchange Server 2003 does not fully support the cluster technology; however, it will function correctly on a cluster of servers treating each node as a separate physical Exchange server. A message arriving at a virtual Exchange server will be forwarded to one of the cluster's nodes. Streams of e-mail messages for each node may not intersect. The application will process a message at the node to which this message had been forwarded by the virtual Exchange server. The scan results for each node of the cluster, namely, · · · · backup storage contents; information included into the reports; the group of events registered in the Microsoft Windows event log and in the application's log files; values of virus outbreak counters will be provided only for those messages that had been forwarded to this node of the cluster by the virtual Exchange server. Operation of the application 19 In order to create protection of Microsoft Exchange Server, installed on the cluster, against malware and SPAM: 1. Install the Security Server component on each node of the cluster. The installation shall be performed from the distribution kit individually for each server. Specify a folder on a local disk of the server file system as the installation folder. Shared disks should not be used for this purpose as when the Microsoft Exchange Server application is moved to a different node of the cluster, the shared disk will be moved along with the application. 2. 3. Install the Management Console on a computer within the corporate network. Create the list of managed servers by adding all cluster nodes as servers (see section 4.3, page 30). When adding managed servers and configuring connection of Management Console to the Server, use the names of physical servers on which the Security Server is installed. The use of a virtual Exchange server name may cause an addressing error when the Microsoft Exchange Server is moved to a different node of the cluster. 4. 5. Connect the Management Console to the servers (see section 4.4, page 31). Configure the anti-virus protection system for each server using identical settings values taking into consideration the following: · As the backup storage folder, select a folder located on the physical server where the Security Server component is installed (see section 9.7, page 83). As a folder to be used to store reports and logs, select folders located on the physical server where the Security Server component is installed (see section 12.1.2, page 107 and section 13.2, page 114). The list of unprotected storage areas on all servers must match (see section 14.5, page 122). · · CHAPTER 3. INSTALLING, UPDATING AND REMOVING THE APPLICATION Before starting installation of the application, make sure that the software and hardware of your computer meet the installation requirements (details see section 1.4, page 12). In order to install, update the version or remove Kaspersky Security 5.5 for Microsoft Exchange Server 2003 from your computer, you will need administrator privileges on the domain. 3.1. Installing the application The installer is a Microsoft Windows setup wizard, which will guide you through several dialogs (steps), which can be navigated using the Back and Next buttons. The setup wizard will complete its work after clicking the Finish button. The Cancel button can be used at any moment to exit the wizard. The wizard will offer you to install the application components of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (Security Server and Management Console). This configuration is recommended at the initial stage of creating the Exchange servers anti-virus protection system. You can select either complete or custom installation of the application or repair an incorrect installation of Kaspersky Security. After the Management Console is installed, a group Kaspersky Security 5.5 for Microsoft Exchange Server 2003 and an application icon will appear in Run/Programs menu in your computer. The Security Server will be installed on your computer as a service with a set of attributes as follows: · · · name ­ Kaspersky Security 5.5 for Microsoft Exchange Server 2003; startup type ­ automatic; account ­ Local system. The properties of the Security Server can be viewed and its operation can be monitored using standard Microsoft Windows administration tools - Computer Management/Services. Information about the operation of the Security Server