Best Practices Guide. McAfee Security for Microsoft Exchange Software

(1)

Best Practices Guide

McAfee Security for Microsoft Exchange

7.6.0 Software

(2)

COPYRIGHT

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

(3)

Preface

Contents

About this guide

Finding product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for:

• Users — People who use the computer where the software is running and can access some or all of its features.

Conventions

This guide uses the following typographical conventions and icons.

Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.

Bold Text that is strongly emphasized.

User input or Path Commands and other text that the user types; the path of a folder or program.

Code A code sample.

User interface Words in the user interface including options, menus, buttons, and dialog boxes.

Hypertext blue A live link to a topic or to a website.

Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,

software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware

(6)

Finding product documentation

McAfee provides the information you need during each phase of product implementation, from

installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

Task

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation _{1 Click Product Documentation.}

2 Select a product, then select a version. 3 Select a product document.

KnowledgeBase _{• Click Search the KnowledgeBase for answers to your product questions.} • Click Browse the KnowledgeBase for articles listed by product and version. Preface

(7)

1

Introduction

McAfee Security for Microsoft Exchange version 7.6 provides protection against Viruses, Trojans, Malware, Spyware, Mass Mailers, Packers, and potentially unwanted programs (PUP). It also contains filters for non-virus contents like Spam, Phish, Banned Content, Banned File Types, Signed Content, and invalid MIME types.

McAfee Security for Microsoft Exchange protects Microsoft Exchange Server 2010 with the following roles:

• Mailbox • Hub transport

• Mailbox + Hub transport • Edge transport

Contents Features

What's new in McAfee Security for Microsoft Exchange 7.6 Global Threat Intelligence

Features

McAfee Security for Microsoft Exchange protects your Microsoft Exchange server from various threats that could adversely affect the computers, network, or employees.

Some important features of McAfee Security for Microsoft Exchange are mentioned in this section. • Integration with Anti-virus Engine version 5400.

• Integration with McAfee Agent (MA) version 4.5 Patch3 or Version 4.6. • Centralized quarantine management using McAfee Quarantine Manager 7.0. • All new Anti-Spam Engine version 2.2.

• 24/7 Rules update for Anti-spam.

• Enhanced Reporting - Status reports, Configuration reports, Detection reports. • Integration with McAfee ePolicy Orchestrator 4.5 or 4.6.

• Protection from viruses, spam and phishing.

• Capability to detect packers and potentially unwanted programs. • Content filtering.

(8)

• File filtering.

• Background scanning.

• Centralized scanner, filter rules, and enhanced alert settings. • On-demand or time-based scanning and actions.

• Multipurpose Internet Mail Extensions (MIME) scanning. • Quarantine management.

• Auto-update of virus definitions, extra DATs, anti-virus and anti-spam engine. • Retention and purging of old DATs.

• Support for Site List editor.

• Support for Small Business Server. • Denial-of-service attacks detection. • Product health alerts.

What's new in McAfee Security for Microsoft Exchange 7.6

The following table is a list of new features and their brief description.

Feature Description Benefit

Support for ePolicy

Orchestrator 4.6. Integrates with ePolicy Orchestrator4.5 or 4.6 to provide a centralized method for administering and updating McAfee Security for Microsoft

Exchange across your Exchange servers.

This reduces the complexity of, and the time required to, administer and update various systems.

Support for Silent

Installation. Installation and configuration havebeen simplified and includes customized silent installs.

Installs only the components needed on the particular server role, and two built-in configuration profiles. Exchange Server

Role based Installation and Modification.

The modify installation feature allows you to add or remove new features to an existing McAfee Security for

Microsoft Exchange installation without reinstalling the application. You can also modify the role of an existing McAfee Security for Microsoft Exchange installation depending on the requirement.

You can modify the existing McAfee Security for Microsoft Exchange

installation and include new capabilities of the application. You can modify the installation on the server with one role to additionally execute an additional role or remove a role, without uninstalling and reinstalling the application.

Global Threat Intelligence for file and mail

reputation.

A global threat correlation engine and intelligence base of global messaging and communication behavior, that significantly increases spam detection. It is an Always-on real-time protection that safeguards and secures you from emerging threats.

Global Threat Intelligence prevents damage and data theft even before a signature update is available. It provides the most up-to-date malware detection for a number of

Windows-based McAfee anti-virus products.

Content filtering based on regular expressions (Regex).

Scans content and text in the subject line or body of an email message and an email attachment. If enabled, the rule is triggered for specified text that is a regular expression.

This is a precise and concise method for matching strings of text, such as words, characters or patterns of characters.

1

Introduction

(9)

Feature Description Benefit Automated Product Health Alert notifications using ePolicy Orchestrator

Product Health Alerts send

notifications on the product's status. You can configure these alerts as required.

If your McAfee Security for Microsoft Exchange is managed by ePolicy Orchestrator then you can send a notification to ePolicy Orchestrator, or you can send a notification to the administrator.

Support for Volume

Mount Point. You can add volumes to systemswithout adding separate drive letters for each new volume.

The local administrator can easily extend the storage capacity of any particular volume on a Windows system. Users on the local system or connecting to it over a network can continue to use the same drive letter to access the volume, but multiple

volumes can be in use simultaneously from that drive letter.

Improved

notifications with enhanced

templates.

You can configure the content and SMTP address for the administrator to send email notifications.

Configure and send separate notifications for individual types of events.

UI support for importing black and whitelists from a file (.csv or .txt).

Import a blacklist or a whitelist from another McAfee Security for Microsoft Exchange server or export blacklists and whitelists to another McAfee Security for Microsoft Exchange server.

Reduces time and effort in configuring the McAfee Security for Microsoft Exchange servers.

Enhanced reporting Reports display content phrase which triggered the content scanning rule. You can also view and forward quarantined items.

You can exactly know which content or phrase triggered a particular content scanning rule.

Improved handling

of signed mails. Capability to remove malicious contentfrom within a signed mail. You can stop malicious content fromreaching the user's mailbox. Support for HTML

disclaimer. A disclaimer is a piece of text, typicallya legal statement that is added to an email message and are applicable only to outbound email messages.

The disclaimer can be entered in plain text and displayed as a HTML file according to the configuration. Mailbox scanning

exclusion. You can configure mailboxes to beexcluded from a VSAPI scan. This gives you the option to excludeselected mailboxes from a VSAPI scan according to your requirements

Global Threat Intelligence

Global Threat Intelligence is a global threat correlation engine and intelligence base of global messaging and communication behavior, that significantly increases spam detection.

It is an Always-on real-time protection that safeguards and secures you from emerging threats. Global Threat Intelligence prevents damage and data theft even before a signature update is available. It provides the most up-to-date malware detection for a number of Windows-based McAfee anti-virus products.

We recommend that you enable this feature only on the Edge transport server. If the Edge transport server is absent, then enable it on the hub server.

Introduction

(10)

(11)

2

Installing McAfee Security for Microsoft

Exchange

This section gives an overview of the various versions of Microsoft Exchange that are supported, what's included in the package, components installed by the application and various roles of Microsoft Exchange that can be installed with McAfee Security for Microsoft Exchange.

Contents

Minimum privileges for a fresh installation Supported Exchange Server versions and roles Installation and options

Configuration

Upgrading the software

Minimum privileges for a fresh installation

For a smooth installation, review the information which highlights the minimum requirements.

Table 2-1 Minimum privileges required for a fresh installation

Microsoft Exchange version Minimum privileges

Microsoft Exchange Server 2003 with Service Pack 2 Domain admin

Microsoft Exchange Server 2007 SP2 Domain admin

Supported Exchange Server versions and roles

McAfee Security for Microsoft Exchange 7.6 is compatible with different supported versions of Microsoft Exchange. Based on the Exchange version and role, the behavior, features, recommended settings, and configuration of McAfee Security for Microsoft Exchange varies accordingly.

McAfee Security for Microsoft Exchange 7.6 supports the following versions of Microsoft Exchange server:

(12)

• Microsoft Exchange Server 2003 with SP2 • Microsoft Exchange Server 2007 SP2 and SP3 • Microsoft Exchange Server 2010 SP1

Microsoft Exchange Server 2007 and 2010 can be installed in the following roles: • Mailbox Server

• Mailbox + HUB server • Hub Server

• Edge Transport Server

Microsoft Exchange Server 2003 can be installed in the following roles: • Front-end server

• Back-end server • Both

Installation and options

McAfee Security for Microsoft Exchange can be installed with different versions of Microsoft Exchange Server. Components and services available with McAfee Security for Microsoft Exchange are installed according to the roles selected.

This section briefly describes the installation process and the options available with the package. McAfee Security for Microsoft Exchange safeguards the following Microsoft Exchange products. They are: • Microsoft Exchange Server 2003 SP2

• Microsoft Exchange Server 2007 SP2, SP3 • Microsoft Exchange Server 2010 SP1

McAfee Security for Microsoft Exchange 7.6 includes the following components. • McAfee Anti-Spam for McAfee Security for Microsoft Exchange 7.6

• McAfee Agent 4.6

What's included in the package

The McAfee Security for Microsoft Exchange package contains the following folders:

• Setup — Contains the setup.exe file, which is required for the standard installation, and the respective config.xml files for all the languages.

• setup_x86.exe — Installs McAfee Security for Microsoft Exchange on a 32-bit system. • setup_x64.exe — Installs McAfee Security for Microsoft Exchange on a 64-bit system. • ASAddon_x86.exe — Installs the Anti-Spam component on a 32-bit system.

• ASAddon_x64.exe — Installs the Anti-Spam component on a 64-bit system.

• MSMEePOUpgrade.exe — Migrates policies from GroupShield for Exchange 7.0.X to McAfee Security for Microsoft Exchange 7.6. in an upgrade using ePolicy Orchestrator.

• Readme — Contains the release notes for the product.

2

Installing McAfee Security for Microsoft Exchange

(13)

• Manuals — Contains the installation guide, configuration guide and product guide in PDF format. • ePOExtension — Contains the extension that needs to be checked in to the ePolicy Orchestrator

server for managing the product using ePolicy Orchestrator.

Components installed by the software

McAfee Security for Microsoft Exchange installs several components on your Exchange server.

• McAfee Anti-Spam for McAfee Security for Microsoft Exchange — Detects spam and phishing content.

• Access Control — Allows or denies access to the McAfee Security for Microsoft Exchange user interface for specific users or groups.

• Product Configuration — Launches McAfee Security for Microsoft Exchange standalone version or through a web interface.

• Sitelist Editor — Specifies the location from where automatic updates (including DATs and scanning engines) are downloaded.

• Cluster Replication Setup — Replicates the quarantine database, policy configurations and product updates (Microsoft Exchange Server 2010 only). This is dependent upon the replication setting across a Data Availability Group (DAG), recognized by a McAfee Security for Microsoft Exchange installation.

Depending on the type of installation you select, the features installed are:

• Typical — Commonly used features are installed. Buffer Overflow Protection and Anti-Spam Add-On components are not installed. You will not be protected against spam and phish emails. Buffer Overflow Protection is applicable for a 32-bit operating system and only if VirusScan Enterprise is installed. Web based Product Configuration (Web user interface) is installed in all three types of installation.

• Complete — (Recommended) Web based Product Configuration, Buffer Overflow Protection and Anti-Spam Add-On are installed. The product is configured for maximum performance with protection against spam and phishing attacks.

• Custom — Select the application features you want to install and where to install them. This is recommended for advanced users. If you select Custom, a dialog box displays the features you can install with an option to change the installation folder.

If the Mailbox role has been installed in Microsoft Exchange Server 2007 or 2010, the service Cluster Replication Setup is installed (only for Microsoft Exchange Server 2010).

Services available

• McAfee Framework Service — Prerequisite for installing and using ePolicy Orchestrator. For more details on this service, refer the ePolicy Orchestrator product documentation.

• McAfee Security for Microsoft Exchange — Protects your Microsoft Exchange Server (versions 2003, 2007, 2010) from viruses, unwanted content, potentially unwanted programs, and banned file types/ messages.

• McAfee Anti-Spam rules updater — Required to update the anti-spam rules.

• McAfee Security for Microsoft Exchange Replication service — This service is applicable for Microsoft Exchange Server 2010 only.

(14)

Installing McAfee Security for Microsoft Exchange

McAfee Security for Microsoft Exchange can be installed on a standalone server as well as be deployed using ePolicy Orchestrator. See Managing using ePolicy Orchestrator 4.5. and 4.6 for deployment using ePolicy Orchestrator.

Going forward with the installation, you can select the type of installation (typical or complete or custom). When the installation is complete, the installation wizard Completed screen appears. Select the options as required.

• Launch product User Interface — To launch the McAfee Security for Microsoft Exchange user interface after you exit the installation wizard.

• Show the readme file — To view the Release Notes of the product (Readme.txt) for information on any last minute additions or changes to the product, known issues or resolved issues.

• Update DAT and Engines — To update McAfee Security for Microsoft Exchange with the latest DAT files, engine, and anti-spam updates. It is a best practice to update the DATs immediately. • Register at McAfee Business Community to stay up to date — To receive information

regarding the product, new releases, updates and other relevant information.

Configuration

Important components like VSAPI scan, proactive scanning, and background scanning have to be configured correctly during installation to get the best performance of McAfee Security for Microsoft Exchange.

VSAPI scan settings

Microsoft Exchange Server 2010 uses VSAPI (Virus Scanning API) version 2.6. It is a virus scanning API provided by Microsoft to enable third-party Anti-Virus vendors to write virus scanning applications for Microsoft Exchange. When a new message reaches the Information Store, VSAPI will notify McAfee Security for Microsoft Exchange to scan this message. The email message (MIME) will be split into different MIME parts (Header, Subject, Mail body and Attachment) and handed over to McAfee Security for Microsoft Exchange for scanning. Unlike McAfee Transport where McAfee Security for Microsoft Exchange acts on the entire MIME message, VSAPI scanning is done on each MIME parts or item. VSAPI gives more useful scanning options like proactive scanning and background scanning. It can also scan the outbound messages in Outbox and Sent Items folders.

Proactive Scanning

It is a VSAPI feature that places the unscanned and modified messages in the scanning queues based on a priority. Message attachment is put in the priority 1 queue and message body in the priority 2 queue.

Background Scanning

It is a VSAPI feature that scans the messages in the user Mailbox and public folders whenever there is a new version of DATs (virus definitions) updated on McAfee Security for Microsoft Exchange and whenever exchange information store is dismounted and mounted. For McAfee Security for Microsoft Exchange, there is an additional option given in the user interface to start and stop the background scanning at a scheduled time and date using the option Enable At and Disable At. Background Scan should be scheduled during the non-peak hours of the day or during weekends. Do not run the background scan unless it is absolutely necessary since it uses large amounts of system resources.

2

(15)

Upgrading the software

You can upgrade a standalone product to McAfee Security for Microsoft Exchange 7.6 or you can also upgrade your product using ePolicy Orchestrator. Earlier versions of GroupShield for Exchange can be upgraded to McAfee Security for Microsoft Exchange version 7.6.

The product upgrades supported are:

• GroupShield for Exchange version 7.0.1 Patch 1 and later • GroupShield for Exchange version 7.0.2 Rollup 2 and later

Upgrading a standalone product

McAfee Security for Microsoft Exchange version 7.6 supports upgrading your configuration settings from the previous version of the product. When upgrading to a new version of McAfee Security for Microsoft Exchange, you do not need to uninstall the existing version. The installation program updates your installation to the new version.

Note the following:

• When upgrading, the dialog box for language options is not displayed.

• In the case of Exchange Server 2007 and 2010, the Exchange Server Role Detection screen appears. • If you are upgrading, don't choose to import an existing configuration. Instead, select Next and

make sure that the option Import existing configuration is selected. We recommend that you restart your computer after the installation process is complete.

The option Import existing configuration is useful if you are installing McAfee Security for Microsoft Exchange on a new system and would like to retain the configuration from an existing installation on another system. You can also import existing configurations from versions of GroupShield for Exchange 7.0.x that are supported by McAfee Security for Microsoft Exchange.

During the installation process, Exchange services could stop or restart. This includes all services related to Exchange Database and Exchange Transport.

ePolicy Orchestrator upgrade

If your existing product is managed by ePolicy Orchestrator and you upgrade it to McAfee Security for Microsoft Exchange version 7.6, then the policies present in ePolicy Orchestrator also need to be upgraded to McAfee Security for Microsoft Exchange version 7.6.

Existing GroupShield for Exchange 7.0.x policies are not be upgraded if you use ePolicy Orchestrator to upgrade McAfee Security for Microsoft Exchange. To migrate policies from GroupShield for Exchange 7.0.x to McAfee Security for Microsoft Exchange 7.6. in an upgrade using ePolicy Orchestrator, run the tool MSMEePOUpgrade.exe. See Upgrading the software for supported versions.

Make sure you have ePolicy Orchestrator version 4.5 or 4.6, which are the versions supported by McAfee Security for Microsoft Exchange version 7.6.

After the policies are upgraded, you can continue to manage earlier versions of GroupShield for Exchange and McAfee Security for Microsoft Exchange from the same ePolicy Orchestrator server with their existing policies. These older policies are not overwritten during the upgrade.

In the case of ePolicy Orchestrator 4.6, you will be prompted for the ePolicy Orchestrator user password and the SQL user password. If the ePolicy Orchestrator database is installed with a SQL Named

Instance, you will be prompted for the name of the Named instance.

(16)

Make sure that all instances of GroupShield for Exchange and McAfee Security for Microsoft Exchange are closed before starting the upgrade.

2

(17)

3

Microsoft Exchange Server roles

Microsoft Exchange can be installed in various roles along with McAfee Security for Microsoft Exchange. Each role or combination of roles have corresponding components and services that are installed by McAfee Security for Microsoft Exchange.

Contents

Microsoft Exchange Server 2003 Microsoft Exchange Server 2007

Microsoft Exchange Server 2010 - Edge Server role Microsoft Exchange Server 2010 with Hub Transport role

Microsoft Exchange Server 2010 with Mailbox + Hub role (Typical setup) Microsoft Exchange Server 2010 with Mailbox role

Microsoft Exchange Server 2003

Microsoft Exchange Server is the messaging platform that provides e-mail and scheduling functions and can be installed to execute various roles.

Microsoft Exchange Server 2003 can be installed with the following roles:

• Mailbox — Setup configures McAfee Security for Microsoft Exchange for the Mailbox role and installs the relevant component - VirusScan API.

• Gateway — Setup configures McAfee Security for Microsoft Exchange for the Gateway role and installs the relevant components —Transport Scan ( Anti-Spam and Anti-VirusScan API). • Both — Setup configures McAfee Security for Microsoft Exchange for both Mailbox and Gateway

roles and install the relevant components: On-Demand Scan and Transport Scan ( Anti-Spam and Anti-VirusScan API).

The option Enable User Junk folder Routing allows the scanner to route your spam emails to the client's junk folder. This option is not available with Microsoft Exchange Server 2007 and 2010. See Chapter 7 - Common Settings applicable to all roles.

This is applicable only for the Mailbox role, and if you have installed the McAfee Anti-Spam Add-on on your server.

(18)

Microsoft Exchange Server 2007

McAfee Security for Microsoft Exchange can be installed with Microsoft Exchange Server 2007 that has been configured with the Edge transport role, or Hub transport role, or Mailbox role.

Depending on the role with which Microsoft Exchange Server has been installed, the corresponding components and services are installed.

McAfee Security for Microsoft Exchange will execute Transport Scanning for the Edge transport and Hub transport roles, and VirusScan API for the Mailbox role.

McAfee Security for Microsoft Exchange automatically detects the roles selected during the installation of Microsoft Exchange Server 2007 or 2010.

If the Mailbox role has been installed in Microsoft Exchange Server 2007 or 2010, the service Cluster Replication Setup is installed (only for Microsoft Exchange Server 2010). Cluster Replication Setup is applicable only for a Microsoft Exchange Server 2010 installation.

Microsoft Exchange Server 2010 - Edge Server role

The Edge server runs in the perimeter and provides message hygiene and security over the network. It is installed on a standalone server that is not a member of the Active Directory domain.

The edge server is a standalone server in a workgroup with a dummy DNS suffix name (Domain Name.Com). Since this resides outside the Active Directory domain, it does not contain any AD user information of the domain, to which this server is going to route (send) and receive the messages. To enable Edge server to perform required mail transferring, you have to configure a Send connector to the Hub Transport server and a Receive connector from the same Hub Transport server.

If there is an Edge Subscription between Edge and Hub servers, then you need not configure a separate send/receive connector.

Microsoft Exchange Server 2010 installed with the Edge role contains only SMTP Transport agents and hence McAfee Security for Microsoft Exchange installed with this role performs only Transport

Scanning using the McAfee Transport Scanner.

We recommend that you enable the Transport scanning option.

We recommend that you have the Anti-Spam add-on installed only on Edge transport servers, also on the Hub server if an Edge transport server is absent. Deselect this option if you already have any vendor's appliance running anti-spam.

Microsoft Exchange Server 2010 with Hub Transport role

The Hub transport role is responsible for all internal mail flow and is installed on a member server(s) in an Active Directory domain.

In the Hub Transport role, Microsoft Exchange will have only the SMTP Transport agents registered due to which the Information Store service will not function. You can use only the McAfee Transport

scanner to scan messages at the Hub Transport level. None of the VSAPI scanner settings are used in this role.

You should make sure that McAfee Transport Scanner and its sub-options to scan Inbound, Outbound and Internal Messages are Enabled and Anti-virus scanning is Disabled.

3

Microsoft Exchange Server roles

(19)

We recommend that you disable the Anti-Spam policy, if you have a McAfee Appliance installed on the Edge server.

Microsoft Exchange Server 2010 with Mailbox + Hub role

(Typical setup)

The Hub transport role is responsible for all internal mail flow and is installed on a member server(s) in an Active Directory domain.

Microsoft Exchange 2010 has been developed stressing security and performance of the Exchange server. It can be installed with six different roles. McAfee Security for Microsoft Exchange supports the following roles:

• Mailbox role • HUB role

• Mailbox + HUB role • Edge role

The Client Access Server (CAS) can be combined with the Mailbox role, HUB role or the Mailbox + HUB role. McAfee Security for Microsoft Exchange is supported on all these combinations.

In Microsoft Exchange Server 2010, SMTP protocol comes along with Exchange server installation and does not use the SMTP protocol from IIS server. Therefore, when McAfee Security for Microsoft Exchange is installed on Microsoft Exchange Server 2010, Mailbox+Hub role registers McAfee Transport agents with Microsoft Exchange Server 2010 SMTP transport events.

In Exchange 2010 Mailbox + Hub role, both VSAPI and McAfee Transport scanner are available for scanning. You can disable McAfee Transport scanning, if your organization has more than one Hub server and/or an Edge server with McAfee Security for Microsoft Exchange installed.

In Exchange 2010, any mail (inbound, outbound and internal) has to pass through a Hub Transport server. An organization should have at least one Hub Transport server and can have multiple Hub Transport servers based on the number of Mailbox servers.

Select the Anti-Spam add-on, so that McAfee Security for Microsoft Exchange blocks unsolicited mails and phish attacks at the Gateway to avoid unwanted messages reaching the user’s Mailbox.

Select this option if you do not have another Hub server or Edge server configured and there is no McAfee Security for Microsoft Exchange installed on it.

Select the installation type Complete for this role. This will install all the features of McAfee Security for Microsoft Exchange along with two user interfaces, the Standalone UI and Web UI.

Transport Scan settings

You can enable or disable the whole Transport Scanning feature by deselecting the checkbox under the Settings and Diagnostics page.

Transport Scan should be turned off on McAfee Security for Microsoft Exchange if it is already running on any McAfee Gateway appliance.

Direction Based Scanning — This is a McAfee Transport scanning feature. Administrator can choose

to scan Inbound and/or Outbound and/or Internal messages.

(20)

VSAPI Scanner settings

Microsoft Exchange 2010 comes with VSAPI 2.6 to scan messages at the Information Store level. This has more granular control and options for the background scanning feature. It also includes an option to scan the Outbox.

Proactive Scanning — It is used to scan the unread and modified messages in the user inbox with

its own priority queue. By default, this option is Disabled.

Outbox Scanning — This option enables McAfee Security for Microsoft Exchange to scan in the

outbox folder. By default this option is enabled for both enhanced and default configurations. To use this feature, you need to enable Proactive Scanning along with Outbox scanning option. We recommend that you have this option enabled if you don't have McAfee Security for Microsoft Exchange installed on Hub or Edge servers.

This feature is not present in Microsoft Exchange Server 2003.

Background Scanning — By default, Background Scanning is disabled in Exchange 2010. You need

to enable this option or enable Background Scanning On/Off Tasks, and schedule it to start and stop at a specified time using Enable At and Disable At options.

We recommend that you schedule Background Scan to run during non-peak hours, so that the performance of the Mailbox Server does not degrade.

VSAPI 2.6 gives the following options for Background Scanning: • To scan only unscanned messages

• To scan messages only with attachments • To scan all messages

You can also specify upper and lower age limits for background scanning to scan messages based on the time stamp of the message.

We recommend that you do not select the option To scan all messages, because this will use more memory.

Microsoft Exchange Server 2010 with Mailbox role

The Mailbox server role hosts mailbox and public folder databases and provides scheduling services for Microsoft Office Outlook users.

This section describes the best practices to be implemented while installing McAfee Security for Microsoft Exchange in a Microsoft Exchange Server 2010 environment with only the Mailbox role. Microsoft Exchange Server 2010 with only the Mailbox role contains only VSAPI scanning abilities. So, any scanning done on this server role will be at the Exchange Information Store level.

While installing McAfee Security for Microsoft Exchange with this role, there is no need to select the Anti-Spam component. The Administrator can use the Typical or the Complete type of installation. The Administrator should make sure that VSAPI scanning is always Enabled under the Settings &

Diagnostics page of McAfee Security for Microsoft Exchange.

Other VSAPI version 2.6 features (like Proactive Scanning and Background Scanning) and its recommended settings will remain same as given in the Mailbox + Hub server role.

3

(21)

None of the VSAPI scanner settings are used in this role. Make sure that McAfee Transport Scanner and its sub-options to scan Inbound, Outbound, and Internal Messages are Disabled and Anti-virus scanning is Enabled.

For better performance, disable Proactive Scanning on the Mailbox role and make sure that McAfee Security for Microsoft Exchange is installed and configured with the HubTransport role.

(22)

(23)

4

Cluster support

Depending on the configuration settings, this utility replicates quarantined items from one server to the other, and makes them highly accessible. This utility is available only for a McAfee Security for Microsoft Exchange installation that is recognized by a Data Availability Group (DAG), in which case the McAfee Security for Microsoft Exchange Replication Service is also available.

Database Availability Group (DAG) on Microsoft Exchange Server 2010

Cluster Replication Setup utility replicates the quarantine database, policy configurations and product updates, depending upon the replication settings across Data Availability Group (DAG) aware McAfee Security for Microsoft Exchange installation.

This utility will make sure that quarantined items are readily available, by replicating the quarantined items from one server to another server depending up on the configuration. This utility is required only in a DAG-aware McAfee Security for Microsoft Exchange installation.

We recommend that you disable the Anti-spam add-on in a cluster setup having a Mailbox role.

This utility is available only if McAfee Security for Microsoft Exchange 7.6 is installed on a 64-bit system with Microsoft Exchange Server 2010 in the Mailbox role. If the Mailbox role is installed in Microsoft Exchange Server 2010, the service Cluster Replication Setup is automatically installed in all three types of setup (Typical, Complete and Custom).

Types of cluster installation

McAfee Security for Microsoft Exchange 7.6 can be installed as a cluster aware application in different configurations depending on the Microsoft Exchange Server version.

Cluster Continuous Replication (CCR) on Microsoft Exchange Server 2007

McAfee Security for Microsoft Exchange 7.6 will not be a cluster aware application on Microsoft Exchange Server 2007 CCR cluster. Both the nodes have to be managed independently and will work as standalone instances.

Single Copy Cluster (SCC) on Microsoft Exchange Server 2007

For clean installations, we recommend that you install McAfee Security for Microsoft Exchange on the Active node first, then on the Passive node. McAfee Security for Microsoft Exchange 7.6 should be added to the cluster groups where the Exchange virtual server is present after the installation on the nodes of the cluster. In case of an upgrade, make sure that the Active node is upgraded first.

(24)

Cluster installation on Microsoft Exchange Server 2003

In Microsoft Exchange Server 2003, there are two types of nodes:

• Active node — The cluster server that currently owns cluster group resources and responds to network requests made to those services.

• Passive node — The cluster server that does not currently own cluster group resources, but is available if the active node fails.

These nodes form two types of server clusters:

• Active/Passive cluster — The cluster includes active and passive nodes. The passive nodes are used only if an active node fails.

• Active/Active cluster — All nodes are active. In the event of a failover of an active node, the remaining active nodes take on the additional processing operations.

We recommend that you install McAfee Security for Microsoft Exchange as a standalone node on an Active/ Active cluster.

Adding McAfee Security for Microsoft Exchange as a resource to the cluster group

on Windows 2003 (32-bit or 64-bit)

You can add McAfee Security for Microsoft Exchange as a resource to a cluster group, so that McAfee Security for Microsoft Exchange can behave as a cluster application.

Make sure that the McAfee Security for Microsoft Exchange cluster resource is created in the same cluster group where you have Microsoft Exchange resources configured.

After the cluster resource is successfully created, in Cluster administrator, right-click the newly created resource and from the context menu, select Bring Online. This starts the McAfee Security for Microsoft Exchange service on the active node and the quarantine database is created in the designated drive. Multiple instances of the Postgress.exe*32 process appear under the Processes tab of the Task Manager along with RPCServ.exe*32, and SAFeService.exe*32.

In a Windows 2003 (32-bit) environment, you will have Postgress.exe, RPCServ.exe, and SAFeService.exe running, because these are native 32-bit processes.

See Cluster Replication in the Installation Guide for steps on how to create a cluster resource.

Adding McAfee Security for Microsoft Exchange as a resource to the cluster group

on Windows 2008 (64-bit)

You can add McAfee Security for Microsoft Exchange as a resource to a cluster group in a Windows 2008 (64-bit) environment. To do so, make sure that you have logged in as the administrator.

Refer McAfee KB-53396 on steps to follow before you create a cluster resource. Perform the following steps to create and configure a GroupShield cluster resource.

4

Cluster support

(25)

After the cluster resource is successfully created, in Cluster administrator, right-click the newly created resource and select Bring Online. This starts the McAfee Security for Microsoft Exchange service on the active node and the quarantine database is created in the designated drive. Multiple instances of the Postgress.exe*32 process appears under the Processes tab of the Task Manager along with

RPCServ.exe*32, and SAFeService.exe*32.

Cluster support

(26)

(27)

5

Scheduling tasks

In McAfee Security for Microsoft Exchange, you can schedule important tasks like On-demand scanning, Auto-update, and optimization frequency according to your requirement.

You can schedule the following tasks:

• On-demand scanning • Configuration Reporting • Auto-update • Purge of old items frequency • Status Reporting • Optimization frequency

On-demand scanning is a feature, that you can use to schedule a scan on the users' mailboxes. This scan ensures that old and existing messages in the public folders and user mailboxes are not scanned by McAfee Security for Microsoft Exchange. By default McAfee Security for Microsoft Exchange has one On-demand scan in the Not Scheduled status. This is configured to scan all mailboxes and public folders of the server and uses On-demand default policy settings given under Policy Manager. You can schedule any number of on-demand scans and schedule multiple scans to run at the same time. However, it is recommended to run only one On-demand scan at the given time per user Mailbox. Running an on-demand scan will execute RunScheduled.exe process in the Task Manager. This process will get terminated once the on-demand scan is completed. It is designed to utilize the maximum available resources on the server and complete the task as quick as it can. So, on-demand scan using 60 to 80% of CPU is considered as normal behavior while running on huge mailboxes. We recommend that you run the on-demand scan during non-peak hours of the day or during the weekends.

If the server is managed through ePolicy Orchestrator, then we recommend that you do not to have any local update task running.

McAfee Security for Microsoft Exchange has six on-demand scan policies having pre-configured settings and are used for different purposes as stated in the policy name.

• On-demand Default • On-demand Remove Banned Content

• On-demand Full Scan • On-demand Find Viruses

• On-demand Find Banned Content • On-demand Remove Viruses

Auto-update task is used to get the latest DATs, AV Engine, Spam Rules, and Spam Engine updates from the master repository. If McAfee Security for Microsoft Exchange is not managed by ePolicy Orchestrator, by default McAfee Security for Microsoft Exchange will get product updates from the NAIHttp website. There is a Fallback NAIFTP repository as well which the user can utilize if required. This repository information will be present in SITELIST.XML under the \doc settings\all users\app data \McAfee\Common Framework folder.

By default, the auto-update task is scheduled at 12:00 AM every night. You can change the update frequency through the Edit Schedule option given in the Dashboard. We recommend that you

(28)

A status report is a scheduled report sent to an administrator at a specific time. The report contains detection statistics within that specified time frame. You can choose a time, recipient email address/ distribution list to send the report to, and a subject for the email. Reports are sent in HTML or CSV format.

A configuration report is a scheduled report sent to an administrator at a specific time. The configuration report will have a summary of product configurations such as: server information, version information, license status and type, product information, debug logging information, on-access settings, on-access policies, and gateway policies.

The Purging of Old Items Frequency task is scheduled by default. You can edit the schedule of this task and configure it to delete old records from the detected items database, leaving only the recent detections.

The Optimization frequency task is scheduled by default. This task can be scheduled and configured to improve the database performance by recovering the empty spaces created due to deletion of records.

(29)

6

Policy Manager

Policy Manager is a product feature that allows you to configure or manage different policies and actions in the product. It determines how different types of threats are treated when detected.

Each policy specifies the settings and actions that are used by the policy and the actions taken when a detection is triggered for the data in the Exchange environment. The settings are given names ad can be used by many policies at the same time. However, the actions are specific to a particular policy. For example, you can create anti-virus policies and create multiple child policies from it. However, you can have a different action for each policy.

Contents On-Access policy Content scanning File filter Gateway policy Anti-phish scanner Mail size filter Disclaimers

On-Access policy

Create policies for email messages every time they are opened, copied or saved to determine if they contain a virus or other potentially unwanted code. On-access scanning is also called real-time scanning.

Anti-Virus scanner

Anti-Virus scanner settings are used by both VSAPI (at store level) and McAfee Transport scanner (at postcat level). McAfee Security for Microsoft Exchange 7.6 uses the new virus scanning Engine,

version 5400 and hence has the capability to detect Viruses, Trojans, Malwares, PUPs, and Packers and take different actions.

By default, McAfee Security for Microsoft Exchange is configured to clean every infected message. If cleaning fails, then the infected item will be replaced with an alert “Warning.txt” and the original infected item is quarantined in the Postgres database.

We recommend that you use the default settings in McAfee Security for Microsoft Exchange 7.6 for the Anti-Virus scanner. If needed, the administrator can select the secondary action Notify Administrator to get an email notification about the infected email detection.

(30)

Content scanning

The content scanning filter blocks unwanted bad content from reaching the user’s mailbox. By default Content scanning is disabled. We recommend that you enable content scanning by assigning default or custom (newly created) content rules, assigned to the content scanner.

Under Content Scanning page, you can select “Include documents and database formats” and “Extend scan to all attachments” to make McAfee Security for Microsoft Exchange scan for banned content in all types of attachments including documents, PDF files, databases and excel files.

While assigning a content rule to the scanner, you have the option to apply the content rule to “Everything” or to selected file formats. It is recommended to assign the content rule to scan only “Documents, Messages and HTML Files”.

File filter

The file filter detects a harmful file within an email and blocks the unwanted files from entering the users’ Mailboxes.

This filter is disabled by default. You need to create new file filter rules and apply the rule to the filter. File Filter rules can be created based on Filename or Extensions, True File Type detection, and File Size. There are no recommended settings for this filter. However it is used mostly to block

executables; packed files and archives based on extensions; and true type file filtering.

For other filters (Corrupted Content, Encrypted Content, Password Protected Files, Protected Content, Signed Content,

HTML Files, MIME Settings and Scanner Control) under On-Access settings, the administrator can configure

specific actions based on the company’s requirements or can use the default settings.

Gateway policy

Gateway policies are applied to email messages every time they are opened, copied or saved to determine if it is a spam, phish, MIME files or HTML files. All scanners and filters under Gateway Policy are applied at the initial Transport level (at SMTP submit level).

Anti-Spam Settings

We recommend that you block unwanted bulk messages, phish messages at the Gateway level. This scanner blocks unsolicited email from entering the organization. McAfee Security for Microsoft Exchange with Anti-Spam add-on applies rules and respective scores to each MIME component of the message and takes action, based on the total Spam score. By default, McAfee Security for Microsoft Exchange has three levels of Spam scores. The messages having scores between 5 and 10 are called Low, messages with scores between 10 and 15 are called Medium and messages with score 16 and above are called High.

McAfee Security for Microsoft Exchange blocks (delete message) the High and Medium level Spam messages by default and allows the message with ****SPAM**** as the prefix in the subject line for messages with a lower spam score. It is recommended to have the default settings for Spam

messages. This scanner is only applicable to Inbound messages.

6

Policy Manager

(31)

Anti-phish scanner

The Anti-Phish scanner is used to block the phish messages at the Gateway.

Using the spam rules and Engine, McAfee Security for Microsoft Exchange detects and takes action on phish messages. By default, phish messages are deleted and quarantined and this is the

recommended configuration. This is applicable only to Inbound messages.

Mail size filter

This is a very useful filter, using which you can block the entire message based on the message size, attachment size and number of attachments.

Blocking the message at the gateway level is recommended and preferred by many organizations. Based on the organization policy, you can filter the unwanted messages using this filter. This filter is applicable to both Inbound and Outbound messages.

Disclaimers

Using this feature you can attach the company’s disclaimer text to all outbound messages.

This is not enabled by default. You have to configure this with the legal content text that needs to be attached to all the messages with the following three options; attach disclaimer Before the Message, After the message or As an attachment.

Policy Manager

(32)

(33)

7

Common settings applicable to all roles

Common settings are settings that are applicable to any role in which the Microsoft Exchange server is installed.

Contents Notifications Anti-Spam Detected items

User interface preferences Diagnostics

DAT settings

Import and Export configuration

Notifications

Under Notifications, enter the correct SMTP email address of the administrator. Select Enable Task Results

Notifications. This allows the administrator to get notification email about the Scheduled Tasks status (for

example, on-demand scan).

Anti-Spam

This is an add-on component to McAfee Security for Microsoft Exchange that protects you from spam and phishing email. The Anti-Spam component scans the email messages and provides the result to McAfee Security for Microsoft Exchange before the content is written to the file system or read by Microsoft Exchange users.

Type the SMTP email address of the Mailbox that is by default identified as the System Junk Folder. To move the bulk and spam emails to a different Mailbox, use Route to System Junk Folder primary action for Anti-Spam scanner.

User Junk Folder Routing — the Enable routing to the user junk folders on this server option, which was available in McAfee Security for Microsoft Exchange with Microsoft Exchange Server 2003 and in earlier versions of GroupShield for Exchange, is no longer available in McAfee Security for Microsoft Exchange. This is because, email routing to user's Junk E-mail folder now occurs on a Hub server role.

If the SCL Junk threshold value of the Exchange server is changed, the Junk e-mail Routing feature works only after 8 hours or after restarting McAfee Security for Microsoft Exchange services. These settings are only required on a McAfee Security for Microsoft Exchange server containing the Anti-Spam feature. These settings can be ignored on servers where there is no Anti-Spam add-on installed.

(34)

Detected items

On the detected Items page you can configure various settings or rules that would trigger a corresponding policy and take remedial action.

If you are using McAfee Quarantine Manager (McAfee Quarantine Manager) for quarantining detected items, then you need to select Enabled under the McAfee Quarantine Manager heading and enter the correct IP Address of the McAfee Quarantine Manager server. After these settings, when McAfee Security for Microsoft Exchange detects and quarantines the first message item, the quarantined item will be stored in the McAfee Quarantine Manager server.

If you intend to store the quarantined message locally, then do not select any option under the McAfee

Quarantine Manager heading.

Under Local Databases, select the path and folder name for the database, if you intend to change the DB location. If not, it is good to have the database at the default location. Maximum item size (MB) is the maximum size of the quarantine item that is allowed to get quarantined and logged into the database by GroupShield. The default value is 100MB and this can be changed as per the requirement/policy of an organization.

Maximum query size (records) — This is the number of records (view) that is displayed in the

Detected Items page. By default it is set to 1000 and can be increased up to 20,000 records. That means, whatever the total detections in your database, McAfee Security for Microsoft Exchange can display only 20,000 records in one view.

Maximum Item Age (days) — This is the number of days McAfee Security for Microsoft Exchange

retains the detected items in the database. The default value is 14, and the detected items older than 14 days will be deleted from the database. Maximum value allowed is 365.

Purge of old items frequency — This task can be scheduled to setup the purge task that removes

items marked for deletion from the database. On the specified time and date, McAfee Security for Microsoft Exchange purges the old detected items older than the number of days mentioned in Maximum Item Age (days). By default this schedule is set to Monthly.

Optimization Frequency — This task can be scheduled to optimize the database at a specified date

and time. This task recovers disk space taken up by the deleted records in the database. By default this schedule is set to "Monthly".

User interface preferences

Options on this page apply only to Dashboard and Graph settings and these can be changed according to your choice.

Diagnostics

This page helps you to enable the required diagnostics option when there is any issue found in the scanning behavior of McAfee Security for Microsoft Exchange.

We recommend that you change these settings only if you need any diagnostics information for your analysis or if asked by the technical support representative for troubleshooting.

Debug Logging — This can be enabled and set to High, Medium or Low, based on the requirement. By

default, the value is None where Debug Logging option is disabled.

7

Common settings applicable to all roles

(35)

Error Reporting service — This is a built-in functionality by the McAfee supportability tool. This

enables a Talkback process to keeps monitoring McAfee Security for Microsoft Exchange specific services. By default this tool is available with McAfee Security for Microsoft Exchange and it catches the exceptions and crashes found in McAfee Security for Microsoft Exchange services, and reports them with a dump file to McAfee website for further troubleshooting.

We recommend that you do not change any settings under this.

Event Logging — Option for the administrator to log information, warnings, and error events to Event

Log and Product Log. By default, all options are selected, and we recommend that you do not change these settings.

Product Log — On this page you can change the Location, Filename, Size Limits, and Time-out values

for McAfee Security for Microsoft Exchange to log events to the product log. These settings can be changed according to your requirements and available disk space.

DAT settings

The DAT Settings page specifies the number of DAT folders that needs to be retained by the

administrator. The maximum value is 10 and the minimum value is 3. This can be changed according to your requirements.

Import and Export configuration

Under the Configuration tab, you can import the Config.XML file (McAfeeConfig.xml) from a different McAfee Security for Microsoft Exchange server to retain the same settings on the newly installed McAfee Security for Microsoft Exchange server. You can also export the current settings and keep it as a backup or use the exported XML on the other McAfee Security for Microsoft Exchange server. Use the Restore Default option to go back to the default settings of McAfee Security for Microsoft Exchange. In the SiteList tab, you can import or export the Sitelist.xml file from Common Framework folder and use the same update repository settings on another McAfee Security for Microsoft Exchange server. The SiteList.xml file has information about the product update repositories that McAfee Security for Microsoft Exchange can contact during product updates.

Common settings applicable to all roles

(36)

(37)

8

Whitelists and Blacklists

Whitelist is a list of email addresses from trusted sources such as business partners, from whom you want to receive messages. Blacklist is a list of email addresses from which you do not want to receive spam or unsolicited email messages. The email address of every email message is verified against the whitelist or blacklist before it reaches your mailbox.

How to add an email address to a whitelist or blacklist

On the Anti-Spam Settings page, you can add an email address to the whitelist or blacklist.

Before you begin

The Anti-Spam component musts be installed. Make sure that the Microsoft Exchange Server is installed with the Transport server role (Edge and Hub server roles in the case of Microsoft Exchange Server 2007 and 2010; Front-end role in the case of Microsoft

Exchange Server 2003).

Follow these steps to include an email address either in the whitelist or the blacklist.

Task

1 In the McAfee Security for Microsoft Exchange user interface, click Policy Manager | Gateway. The Gateway Policies page appears.

2 Click Master Policy.

3 On the List All Scanners tab, under Core Scanners, click Anti-Spam. The View Settings page appears.

4 In Options, select Core Anti-Spam Settings, then click Edit. The Anti-Spam Settings page appears.

5 On the Mail Lists tab, select one of these options: • Blacklisted senders

• Whitelisted senders • Blacklisted recipients • Whitelisted recipients

6 Enter the required email address in the text box, then click Add.

7 Click Save, then click Apply.

(38)

(39)

9

Error messages

Some inconsistencies in the configuration or normal functioning of the application would generate corresponding error messages. The following tables are a list of these error messages with their hexadecimal codes.

Table 9-1 Error messages

Event ID Hexadecimal code

McEFAIL 0x80004005 McEOUTOFMEMORY 0x80040200 McEINVALIDTYPE 0x80040201 McENOENUMINPROGRESS 0x80040202 McESECTIONNOTFOUND 0x80040203 McECOMPONENTNOTFOUND 0x80040204 McEFACTORYFUNCTIONNOTFOUND 0x80040205 McESTREAMNOTOPEN 0x80040206 McESTREAMSEEK 0x80040208 McEINVALIDPARAM 0x80040209 McESTREAMREAD 0x8004020a McESTREAMWRITE 0x8004020b McESETSTREAMSIZE 0x8004020c McEFILEALREADYEXISTS 0x8004020d McEINCONSISTENTPERSISTENCEMETHOD 0x8004020e McESUBSYSTEMNOTSUPPORTED 0x8004020f McEINVALIDSTATE 0x80040210 McEOBJECTNOTFOUND 0x80040211 McEFAILEDTOCREATESYSTEMOBJECT 0x80040212 McEXMLPARSERROR 0x80040213 McEPOSTFIXEVALERROR 0x80040214 McEINCOMPATIBLETYPES 0x80040215 McENOTSUPPORTED 0x80040216 McESUBSYSTEMDOESNOTEXIST 0x80040217 McEPROPNOTFOUND 0x80040218 McERECORDSETNOTOPEN 0x80040219 McECONNECTFAILED 0x8004021a

9

(40)

Table 9-1 Error messages (continued)

McESTORELOCATIONNOTFOUND 0x8004021c McEFAILEDAUTHENTICATION 0x8004021d McESTRINGNOTFOUND 0x8004021e McEXMLPARSEERROR 0x8004021f McEXSDPARSEERROR 0x80040220 McEFAILEDTOPENFILE 0x80040221 McEUNRECOGNISEDFILETYPE 0x80040222 McECORRUPTFILE 0x80040223 McECOUNTERNAMENOTFOUND 0x80040224 McERECORDEXCEEDSMAXFILESIZE 0x80040225 McENOMORERECORDS 0x80040226 McEINVALIDQUERY 0x80040227 McENOSUCHQUERYRECORD 0x80040228 McECOMNOTINITIALISED 0x80040229 McECANNOTCONNECTTOWEBSERVER 0x8004022a McEINVALIDQUERYSYNTAX 0x8004022b McESCANNERFAILEDTOLOADFACTORY 0x8004022c McESCANNERFAILEDTOINITLOADER 0x8004022d McESCANNERFAILEDTOLOADPOLICY 0x8004022e McESCANNERFAILEDTOSCAN 0x8004022f McEFILEIOERROR 0x80040230 McEFILENOTFOUND 0x80040231 McETOOMANYOPENFILES 0x80040232 McEDISKFULL 0x80040233 McEACCESSDENIED 0x80040234 McEPERFCOUNTERSNOTSTARTED 0x80040235 McENORPCSERVER 0x80040236 McESERVERFAILED 0x80040237 McESQLQUERYFAILED 0x80040238 McETIMEOUT 0x80040239 McEFAILEDTOLOADPOLICYXML 0x8004023a McETASKNOTFOUND 0x8004023b McENORECORDS 0x8004023c McENOPOLICYID 0x8004023d McENOSUCHRECORD 0x8004023e McETIMEDOUT 0x8004023f McEUNREADCALENDARITEM 0x80040240 McFAILEDCREATESYSOBJECT 0x80040241 McECASTROPHICESERVICESFAILURE 0x80040242

9

Error messages

(41)

Table 9-1 Error messages (continued)

McEFIREWALLCOMMSFAILURE 0x80040243 McEFIREWALLILLEGALIPADDRESS 0x80040244 McESYSTEMREAPERNOTSTARTED 0x80040245 McEUNKNOWNSYSCOUNTER 0x80040246 McEFAILEDOPENMETRICSQUERY 0x80040247 McEFAILEDADDCOUNTER 0x80040248 McEFAILEDINITAILIZETHREAD 0x80040249 McEFAILEDOPENSOCKET 0x80040250 McEFAILEDBINDTOSOCKET 0x80040251 MCEFAILEDTOLISTENTOSOCKET 0x80040252 MCEFAILEDTOGETPORTNUMBER 0x80040253 McEFUNCTIONNOTFOUND 0x80040254 McENOTSUPPORTEDONPLATFORM 0x80040255 McEINVALIDCODEPOINT 0x80040256 McEINVALIDUTF8CODEUNIT 0x80040257 McEINVALIDUTF16CODEUNIT 0x80040258 McEINVALIDUTF32CODEUNIT 0x80040259 McEENDOFBUFFER 0x8004025a McESAFENOTINITIALIZED 0x8004025b McFAILEDGETHOSTINFO 0x8004025c McEINVALIDCLIENTADDRESS 0x8004025d McESTORECOMPACTING 0x8004025e McEINVALIDPINGCMD 0x8004025f McEFAILEDSENDPINGREQ 0x80040260 McEFAILEDTOCREATECMAWRAPPER 0x80040261 McEINVALIDIMPORTEXPORTFILE 0x80040262 McENOSTOREDITEM 0x80040263 McEINVALIDPASSWORD 0x80040264 McEEXCEEDSIZELIMIT 0x80040265 McEINTERNAL 0x80040266 McEOLDERDATS 0x80040267 McESUBMITTEDALREADY 0x80040268 McEWINSERVICENOTRUNNING 0x80040269 McEMQMTRAININGDISABLED 0x80041009 McENULLPOINTEREXCEPTION 0x80042000 McEDUPLICATEENTRY 0x80042001 Error messages

9

(42)

Table 9-2 Javascript error messages

McUIBASE 0xA0010106 McERELEASENOTSUPPORTED McUIBASE + 1 McEDOWNLOADNOTSUPPORTED McUIBASE + 2 McRPTNOTFOUND McUIBASE + 3 McINVALIDSERVER McUIBASE + 4 McEFORWARDNOTSUPPORTED McUIBASE + 5 McEVIEWNOTSUPPORTED McUIBASE + 6 McEFORWARDRPTNOTFOUND McUIBASE + 7

9

Error messages

(43)

10

Frequently asked questions

Here are answers to frequently asked questions.

Where can I find out more about the effect of a virus?

Visit our website. See the Virus Information Library at http://vil.nai.com.

What should I do if I find a new virus?

If you suspect you have a file that contains a virus and the anti-virus software engine does not recognize it, please send us a sample. For information, see WebImmune at https://

www.webimmune.net/default.asp.

How do I contact Technical Support?

Visit http://www.mcafee.com/us/support/ for details. Before calling the technical support, have the following information ready:

• The version of the operating system.

• The type of computer on which McAfee Security for Microsoft Exchange is installed — manufacturer and model.

• Any additional hardware that is installed. • The browser being used and its version. • A diagnostic report.

What is the recommended installation type for McAfee Security for Microsoft Exchange and why?

During the McAfee Security for Microsoft Exchange installation, select the installation type as

Complete. This will install McAfee Security for Microsoft Exchange with the web user interface,

Buffer Overflow Protection and the AntiSpam Add-On. (The AntiSpam Add-On evaluation version will be installed. You need to buy the Licensed AntiSpam Add-On component separately.)

Can I upgrade from GroupShield for Exchange 7.0 to McAfee Security for Microsoft Exchange?

Yes. You can upgrade to McAfee Security for Microsoft Exchange from GroupShield for Exchange 7.0.1 Patch 1 and later, and GroupShield for Exchange 7.0.2 Rollup2 and later.

How can I upgrade the GroupShield for Exchange 7.0.1 in a cluster environment to McAfee Security for Microsoft Exchange 7.6?

In Single Copy Cluster setup (for Microsoft Exchange 2003 & 2007), install McAfee Security for Microsoft Exchange 7.6 on the active node. If you are upgrading from GroupShield for Exchange 7.0.1 Patch1, the Configuration and Database will be upgraded in the shared drive, provided there is a cluster resource for GroupShield for Exchange.

How do I install McAfee Security for Microsoft Exchange 7.6 on Microsoft Exchange 2010 DAG servers?

There is no separate process for installing McAfee Security for Microsoft Exchange on DAG servers. You need to follow the steps for a standalone installation. If you want to copy the configuration file, quarantine database and DATs from a McAfee Security for Microsoft Exchange installation on one DAG node to another DAG node, use the Cluster Replication Setup program.