Symantec™ Mail Security for
Microsoft® Exchange
Getting Started Guide
Symantec™ Mail Security for Microsoft® Exchange
Getting Started Guide
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Documentation version 7.0.2
Legal Notice
Copyright © 2013 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
Symantec Corporation 350 Ellis Street
Mountain View, CA 94043
Getting Started
... 7Introducing Symantec™ Mail Security for Microsoft® Exchange ... 7
What's new in Mail Security ... 7
Components of Mail Security ... 10
Before you install ... 13
System requirements ... 15
Server system requirements ... 15
Console system requirements ... 16
Installing Symantec Mail Security for Microsoft Exchange ... 17
Where to get more information about Mail Security ... 18
Getting Started
Introducing Symantec™ Mail Security for Microsoft®
Exchange
Symantec™ Mail Security for Microsoft® Exchange Server 2007/Server 2010 (Mail Security) provides a complete, customizable, and scalable solution that scans the emails that transit or reside on the Microsoft Exchange Server.
Mail Security protects your Exchange server from the following:
■ Threats (such as viruses, Trojan horses, worms, and denial-of-service attacks)
■ Security risks (such as adware and spyware)
■ Unwanted content
■ Unwanted file attachments
■ Unsolicited email messages (spam)
Mail Security also lets you manage the protection of one or more Exchange servers from a single console.
The Exchange environment is only one avenue by which a threat or a security risk can penetrate a network. For complete protection, ensure that you protect every computer and workstation by an antivirus solution.
What's new in Mail Security
Table 1 New and enhanced features Description Feature
Mail Security for Microsoft Exchange Management Pack lets you integrate Symantec Mail Security for Microsoft Exchange events with SCOM 2007 R2/2012. Preconfigured Computer Groups, Rule Groups, and Providers are automatically created when you import the management pack. These rules monitor specific Symantec Mail Security for Microsoft Exchange events in the Windows event log and the Windows Performance Monitor.
For more information, see the Symantec Mail
Security for Microsoft Exchange Management Pack.
Support for Microsoft System Center Operations Manager (SCOM) 2007 R2/2012
Remote installation of Mail Security on Windows Server 2012 is now supported. Remote installation of Mail Security on
Windows Server 2012
In earlier versions of Mail Security, reopening of the Mail Security console would display the default server or server group (Global Group - Exchange 2007).
Reopening of the Mail Security console now displays the last-selected server or server group.
The Mail Security console now displays the last-selected server or server group when the console is reopened
Mail Security provides some predefined content filtering policy templates that you can use to create enhanced content filtering rules. These templates are a combination of match lists.
Content filtering policy templates Getting Started
Table 1 New and enhanced features (continued) Description Feature
Mail Security provides the Quarantine entire
message and replace with text option for
processing the messages that trigger any policy rule violation. However, Mail Security does not support the Quarantine entire
message and replace with text action for
Auto-Protect, Manual, Scheduled, or Background scanning. If a violation is detected during these scans, Mail Security quarantines the message by parts although you specify the action as Quarantine entire
message and replace with text for a policy.
Quarantine entire message and replace with text
Mail Security sends an email notification to an administrator when manual or scheduled scan failure occurs.
From Mail Security 7.0 onwards, email notifications will be sent to an administrator 60, 30, and 10 days before expiration of Antivirus and Symantec Premium AntiSpam licenses. In earlier version of Mail Security, an administrator would receive an email notification from Mail Security only once i.e. 60 days before license expiration.
Enhancement in Alert and Notification
The manual or scheduled scan performance is improved with the implementation of multithreaded scanning. The scanning time that is required for manual or scheduled scan is now reduced.
Performance improvement in manual or scheduled scans
From Mail Security 7.0 onwards, you do not need to create multiple content filtering rules to scan different parts in a message. You can create a single content filtering rule to scan all message parts.
Enhancement in content filtering
The content filtering performance is improved in terms of CPU utilization and the overall response time that is required to run the requested commands. This improvement is visible for all types of content scanning. Performance improvement in content
filtering
Table 1 New and enhanced features (continued) Description Feature
This feature is applicable only for Exchange Server 2013.
VSAPI is removed from Exchange Server 2013. Therefore, Mail Security provides an alternate solution for continuous protection in the form of a scheduled scan.
Continuous protection scheduled scan
Mail Security provides an advanced heuristics-based detection for enhanced antivirus effectiveness.
Advanced heuristics
Global Group consists of all the servers that are managed through Mail Security console. When you configure and apply Global Group settings, the changes are propagated to all the servers in all the groups. Changes that are made at the Global Group level overwrite group settings of all individual and user-defined servers.
Addition of a Global Group for Exchange Server 2013
Note:Mail Security version 7.0 does not support Windows 2000/2003 (32-bit),
Exchange Server 2000, and Exchange Server 2003.
Components of Mail Security
Table 2lists the components of Mail Security.
Getting Started
Table 2 Product components
Location on the product CD
Description Component
\SMSMSE\Install\ This software protects your
Exchange servers from threats (such as viruses and denial-of-service attacks) and security risks (such as adware and spyware). It also detects spam email messages and unwanted content. This software protects your Exchange servers from threats (such as viruses and denial-of-service attacks), security risks (such as adware and spyware). It also detects spam email messages and unwanted email attachments. Symantec Mail Security for
Microsoft Exchange
\ADMTOOLS\LUA\ This utility lets you configure
one or more intranet FTP, HTTP, or LAN servers to act as internal LiveUpdate servers. LiveUpdate lets Symantec products download program and definition file updates directly from Symantec or from a LiveUpdate server. For more information, see the LiveUpdate
Administrator
Table 2 Product components (continued)
Location on the product CD
Description Component
\ADMTOOLS\DIS This utility lets Mail Security
forward infected messages and the messages that contain certain types of violations from the local quarantine to the Central Quarantine. This utility acts as a central repository. For more information, see the Symantec Central
Quarantine Administrator's Guide on the Mail Security
product CD in the following location:
\DOCS\DIS\CentQuar.pdf Symantec Central
Quarantine
\ADMTOOLS\Mgmt_Pack This component lets you
integrate Symantec Mail Security for Microsoft Exchange events with Microsoft System Center Operations Manager (SCOM) 2007 R2/2012.
Pre-configured Computer Groups, Rule Groups/Rules, and Providers are
automatically created when you import the management pack. These rules monitor specific Symantec Mail Security for Microsoft Exchange events in the Windows Event Log and the Windows Performance Monitor.
For more information, see the Symantec Mail Security
for Microsoft Exchange Management Pack.
Mail Security for Microsoft Exchange Management Pack Getting Started
Before you install
Ensure that you meet all system requirements before you install Mail Security. Select the installation plan that best matches your organization's needs, and ensure that you have met the pre-installation requirements.
See“System requirements”on page 15.
See“Installing Symantec Mail Security for Microsoft Exchange”on page 17. Mail Security supports upgrades from Mail Security 6.x or later. If Mail Security detects an older version of the product on your computer, the installer
automatically uninstalls the prior version. The installer then continues with the installation. If you want to uninstall the previous version manually, do so before installing the current version of Mail Security.
If you want to install Mail Security on Exchange Server 2007/2010, then install the product on all of the following server roles in your organization:
■ Edge Transport servers, if available
■ Hub Transport servers
■ Mailbox servers
If you want to install Mail Security on Exchange Server 2013, then install the product on Mailbox servers in your organization.
You must uninstall and reinstall the product if you change the server role on which Mail Security is installed.
Mail Security automatically installs custom transport agents when you install the product on Hub Transport or Edge Transport servers. The Mail Security transport agents consist of an antispam transport agent and an antivirus transport agent. By default, the Mail Security transport agents are installed with a lower priority than the Exchange transport agents. If you modify your transport agent priorities, ensure that the Mail Security transport agents remain a lower priority than the Exchange transport agents.
Do the following before you install the product:
■ If you are running Symantec Brightmail™ AntiSpam on the same server on which you want to install Mail Security, you must uninstall Symantec Brightmail AntiSpam before you install Mail Security. It is recommended that you not run Mail Security on the same server as Symantec Brightmail AntiSpam.
■ If you are using the email tools feature of Symantec AntiVirus™ Corporate Edition, you must uninstall the feature before you install Mail Security. The email tools feature of Symantec AntiVirus™ is not compatible with Mail Security or Microsoft Exchange.
■ If you are running any antivirus software that is on the server on which you want to install Mail Security, you must disable it before you install Mail Security.
After installation but before you re-enable the antivirus protection, configure your other antivirus programs to exclude certain folders from scanning.
■ Log on as a Windows domain administrator to install Mail Security components correctly.
■ Modify your screen resolution to a minimum of 1024 x 768. Mail Security does not support a resolution less than 1024 x 768.
■ Configure the default receive connector for the Exchange Hub Transport server to permit connections from anonymous users.
Before you install Mail Security on Exchange 2010 mailbox role, you must specify a domain user account. The domain user account must fulfill the following criteria.
■ Mail Security uses the domain user account as a service account and this account must have a mailbox.
■ The user must be a member of Organization Management group under the Microsoft Exchange Security Groups Organizational Unit.
■ By default, Organization Management group is a member of the local
Administrators group on all the exchange servers in the organization. If not,
then add the user to the local Administrators group.
■ You may use different user account for installations of Mail Security on other Exchange 2010 mailbox servers within that domain for better performance.
■ When the user updates the password, the same password must be provided to the Mail Security Service on all Exchange 2010 mailbox role servers.
Note:While installing Mail Security on local Exchange 2010/2013 Mailbox server, in the Logon Information screen, specify the domain user credentials in the User
name and Password fields. Mail Security provides this user account Application Impersonation and Logon as service rights.
Ensure that the following IIS Role Service components are installed when you install Mail Security on Windows Server 2008. This installation is applicable for both remote and local installation.
■ Application Development - ASP.NET
■ Security - Windows Authentication
■ Management Tools - IIS management console , IIS 6 Scripting Tools
System requirements
Ensure that you meet the appropriate system requirements for the type of installation that you want to perform.
See“Server system requirements”on page 15. See“Console system requirements”on page 16.
Mail Security supports various platforms of Microsoft Small Business Server. For the support matrix information, go to the following Symantec Knowledge Base article:
http://www.symantec.com/business/support/index?page=content&id=TECH97861
Server system requirements
You must have domain administrator-level privileges to install Mail Security. The server system requirements are as follows:
The minimum operating system requirements for Microsoft Exchange 2010 are as follows:
■ Windows Server 2008 with SP2 (64-bit) Standard or Enterprise Edition
■ Windows Server 2008 R2 (64-bit) Standard or Enterprise Edition The minimum operating system requirements for Microsoft Exchange 2013 are as follows:
■ Windows Server 2008 R2 with SP1 (64-bit) Standard or Enterprise Edition
■ Windows Server 2012
The minimum operating system requirements for Microsoft Exchange 2007 are as follows:
■ Windows Server 2008 with SP1or later (64-bit) Standard or Enterprise Edition
■ Windows Server 2003 with SP2 (64-bit) Standard or Enterprise Edition
■ Windows Server 2003 R2 (64-bit) Standard or Enterprise Edition Operating
system
The Exchange platform requirements for Microsoft Exchange 2007/2010 are as follows:
■ Exchange Server 2007 SP1/SP2
■ Exchange Server 2010
■ x64 architecture-based processor that supports Intel Extended Memory 64 Technology (Intel EM64T)
x64 architecture-based computer with AMD 64-bit processor that supports AMD64 platform
■ 1 GB of memory for Mail Security besides the minimum requirements for the operating system and Exchange.
Approximately 4GB or more of memory is required.
■ 1-GB disk space is required for Mail Security. This space does not include the disk space that is required for items such as quarantined messages and attachments, reports, and log data.
■ .NET Framework version 3.5
■ MDAC 2.8 or higher
■ DirectX 9 or higher
■ Microsoft Internet Information Services (IIS) Manager
■ Microsoft .NET Framework 3.5 and Microsoft Windows PowerShell 2.0 Requirement for Exchange Server 2010 only
Minimum system requirements
Ensure that the components.NET Framework, MDAC, and DirectX are installed before you install Mail Security.
Adobe Acrobat Reader is not a requirement to install and run Mail Security. However, it is required to view the reports that are generated in .pdf format. You can download Adobe Acrobat Reader fromwww.adobe.com. You must also have Internet Explorer 8.0 or later to view the reports.
For more information, see the Symantec Mail Security for Microsoft Exchange
Implementation Guide.
Console system requirements
You can install the Mail Security console on a computer on which Mail Security is not installed.
Table 3describes the Mail Security console system requirements.
Table 3 Console system requirements Description Requirement
Mail Security supports the following operating systems:
■ Windows Server 2003 ■ Windows Server 2003 R2 ■ Windows XP ■ Windows Vista ■ Windows Server 2008 ■ Windows Server 2008 R2 ■ Windows 7
Mail Security supports 32-bit processors on all supported operating systems. Mail Security supports 64-bit processors on all supported operating systems except Windows XP. Mail Security console is no longer supported on Exchange Server 2003.
Operating system
1 GB Memory
1 GB
This requirement does not include the space that Mail Security requires for items such as quarantined messages and attachments, reports, and log data.
Available disk space
Version 2.0
Ensure that .NET Framework is installed before you install Mail Security.
.NET Framework
Version 6 or later
You only need IIS if you install Mail Security console on a 64-bit operating system.
Microsoft Internet Information Services (IIS) Manager
Adobe Acrobat Reader is not a requirement to install and run the Mail Security console. However, it is required to view the reports that are generated in .pdf format. You can download Adobe Acrobat Reader fromwww.adobe.com. You must also have Internet Explorer 8.0 or later to view the reports.
Installing Symantec Mail Security for Microsoft
Exchange
Use any of the following installation procedures based on the type of installation that you want to perform:
You can install or upgrade Mail Security on a local computer that is running the Microsoft Exchange Server.
Local server
You can install Mail Security on remote servers through the product console.
Remote server
You can install the product console on a computer that is not running Mail Security. This way you can manage your servers from any computer that has access to your Exchange servers. Console
You can install Mail Security using automated installation tools.
Silent/automated installation
You can install Mail Security in a Microsoft Cluster environment.
Microsoft Cluster Server
You can install Mail Security in a Veritas Cluster environment. Veritas Cluster Server
For more information about installation procedures, see the Symantec Mail Security
for Microsoft Exchange Implementation Guide.
Where to get more information about Mail Security
Mail Security includes a comprehensive Help system that contains conceptual, procedural, and context-sensitive information.Press F1 to access information about the page on which you work.
If you want more information about the features that are associated with the page, perform any of the following tasks:
■ Click the More Information link in the Help page.
■ Access the Table of Contents, Index, or Search tabs in the Help viewer to locate a topic.
The Symantec Mail Security for Microsoft Exchange Implementation Guide provides information about using this product and is found on the product CD in the following location:
\DOCS\SMSMSE\
You can visit the Symantec website for more information about your product; the following online resources are available:
■ Provides an access to the technical support knowledge base, newsgroups, contact information, downloads, and mailing list subscriptions
Getting Started
www.symantec.com/techsupp/ent/enterprise.html
■ Provides the information about registration, frequently asked questions, how to respond to error messages, and how to contact Symantec License
Administration
www.symantec.com/products-solutions/licensing/
■ Provides product news and updates www.symantec.com/enterprise/index.jsp
■ Provides an access to the Threat Explorer, which contains information about all known threats
www.symantec.com/enterprise/security_response/threatexplorer/azlisting.jsp
Getting Started
