User Manual Avira AntiVir Exchange 7 Avira AntiVir Exchange 2000/2003 Avira AntiVir Exchange 2007 www.avira.
Avira AntiVir Exchange 7 Contents 1 Getting Started ...................................................................................................................................... 6 1.1 Installation on an Exchange Server ................................................................................................. 6 1.2 Starting AntiVir Exchange Management Console .......................................................................... 6 1.
Avira AntiVir Exchange 7 4.4.2 By Message Size ...........................................................................................................................94 4.4.3 By Type and/or Attachment Size ................................................................................................. 94 4.4.4 Configuring Fingerprints ............................................................................................................. 94 4.4.5 Denying File Attachments by Type - Example .......
Avira AntiVir Exchange 7 5
Avira AntiVir Exchange 7 1 Getting Started 1.1 Installation on an Exchange Server 1. To install Avira AntiVir Exchange, double-click the file antivir_exchange_server_2k_en.exe or antivir_exchange_server_2k7_64bit_en.exe in the installation package. 2. Follow the Installation instructions. Unless you specify a different installation directory, Avira AntiVir Exchange is installed in the default directory, i.e.
Avira AntiVir Exchange 7 After the installation, use the AntiVir Exchange Management Console to make the required and recommended settings. 1.3.1 Required Basic Configuration Steps Basic Configuration is used to define the valid server, e-mail addresses, shared templates and utility settings. 1. Under Basic Configuration - General Settings - AntiVir Servers Settings in the Address Settings tab, check the entries for the Administrator(s) and the Internal domains. Refer to 3.3.1.3 AntiVir Servers Settings .
Avira AntiVir Exchange 7 Processing Sequence ). 4. Save your changes. Also refer to 1.2 Starting AntiVir Exchange Management Console . 1.3.3 Recommended Basic Configuration Steps In the Basic Configuration, it is recommended to define individual settings for address lists, templates, etc. However, this is not necessary for simply testing the system. 1. Configure the Address lists (for selections in job rules) under General Settings. 2. Where required, change the Templates under General Settings. 3.
Avira AntiVir Exchange 7 2 Installation 2.1 System Requirements To install Avira AntiVir Exchange, your system must meet the following requirements: • • • • • CD-ROM drive or network access RAM: Exchange recommendation plus additional 64 MB Hard disk: at least 400 MB for installation Microsoft .NET Framework 2.x Operating systems: • Windows 2000 Server from Service Pack 4 • Windows 2000 Advanced Server from Service Pack 4 • Windows Server 2003 • Windows Server 2008.
Avira AntiVir Exchange 7 3. In the next window, accept the License Agreement and click Next to continue. 4. In the next dialogue, select the features to be installed. This selection includes all server components and the AntiVir Exchange Management Console. In case another Information Store Scan application, apart from Avira AntiVir Exchange, is already running on the server, the feature will be disabled. If you wish to use Information Store Scan, the other application has to be uninstalled first.
Avira AntiVir Exchange 7 5. Click Next. 6. In the next screen, you have to specify the path of the configuration file: 7. If you do not operate Avira AntiVir Exchange on several servers and want to work with a central configuration file for administration purposes, confirm the default setting and click Next. 8.
Avira AntiVir Exchange 7 9. If you are using a proxy server for updates, you can make the settings in the next window. Passwords are stored in clear text! All of the settings can later be changed in the configuration files of AntiVir. 10.
Avira AntiVir Exchange 7 11. Now disable the on-access scanners for the ...\AntiVirData directory, unless you have already done so. 12. Check your configuration settings. These settings will be added as standard entries to the configuration of the Avira AntiVir Exchange Server. For details refer to Avira AntiVir Exchange Server settings . 13. Follow the instructions on screen and click Install. Avira AntiVir Exchange is installed to the following directory: :\
Avira AntiVir Exchange 7 registry data checkbox first.
Avira AntiVir Exchange 7 3 General 3.1 The Architecture of Avira AntiVir Exchange Avira AntiVir Exchange consists of three main components: AntiVir Exchange Management Console, Avira AntiVir Exchange Server and Avira AntiVir Exchange configuration. 3.1.1 AntiVir Exchange Management Console The AntiVir Exchange Management Console is the "cockpit" from where Avira AntiVir Exchange is configured and administered. It is a so-called "Snap-In" for the MMC.
Avira AntiVir Exchange 7 • • • • Windows 2003 Windows XP Professional Windows 2008 Windows Vista Remote administration is suited for central administration in multi-server environments, with the AntiVir Exchange Management Console accessing one or more Exchange servers to configure and administer Avira AntiVir Exchange. 3.1.2 Avira AntiVir Exchange Server The term Avira AntiVir Exchange Server refers to the Avira AntiVir Exchange functions and processes that are run on the Exchange server only.
Avira AntiVir Exchange 7 • • the Active Directory, the Avira AntiVir Exchange Quarantine Using this information, it scans messages for viruses, identifies and quarantines spam and adds legal liability disclaimers. After processing is complete, the Avira AntiVir Exchange service returns the e-mails to the Exchange server. 3.1.2.3 Avira AntiVir Exchange Quarantine Virus-infected or other undesirable messages can optionally be stopped on the server to prevent them from reaching their intended recipients.
Avira AntiVir Exchange 7 package. 3.1.2.4 Active Directory / LDIF Avira AntiVir Exchange does not make any changes or additions to the Active Directory. However, Avira AntiVir Exchange does read various information from the Active Directory. When started, the Avira AntiVir Exchange service determines the available Global Catalog server, which is used, for example, for resolving addresses in distribution lists during e-mail processing.
Avira AntiVir Exchange 7 All information required to run Avira AntiVir Exchange is saved in the Avira AntiVir Exchange configuration file, an XML file named ConfigData.xml. The structure of the ConfigData.xml file is similar to that of a database: various entries exist for each configuration area. Since all configuration settings are stored in a single file, the configuration can be easily distributed and backed up. If you have a problem with the configuration, you can simply send the ConfigData.
Avira AntiVir Exchange 7 3. To view the Online Help, click on the Help from the Action menu. 3.2.
Avira AntiVir Exchange 7 Save Move up one position Move down one position Enable job Disable job New item Set filter in Quarantine/ badmail Disable filter in Quarantine/ badmail 3.2.2 Icons Avira AntiVir Exchange Start console and logo. Basic Configuration for general settings for all modules. Node for Global Settings. The Address lists folder. An individual Avira AntiVir Exchange address list (red collar). Included by default in Avira AntiVir Exchange, cannot be edited.
Avira AntiVir Exchange 7 dictionaries. The Quarantine folder structure, which contains all Quarantine folders. An individual Quarantine folder; to be configured under Properties. The Fingerprints folder. A logically linked fingerprint group. An individual fingerprint; to be configured under Properties. The folder for the Dictionaries used for content filtering. An individual dictionary; to be configured under Properties. The AntiVir scan engine; to be configured under Properties.
Avira AntiVir Exchange 7 Configuration, Policy Configuration and Avira AntiVir Exchange Monitor. 3.3.1 Basic Configuration The Basic Configuration is used for general settings and the essential basic settings of the modules. • General settings, such as: • address lists • templates • Avira AntiVir Exchange servers • Folders (such as Quarantines) • Utilities: • dictionaries for content checking • fingerprints for blocking attachments • AntiVir Engine 3.3.1.
Avira AntiVir Exchange 7 3. Click on Display report: The report is opened as HTML file in the browser. 4. Click Preview Report 5. Click Save Report for a preview of the printed report. to save the selected report as HTML file. 3.3.1.2 Import Configuration Attention: Before you update a Basic Configuration object, make a backup copy of the existing object. The new version replaces the old one, overwriting any user-defined settings.
Avira AntiVir Exchange 7 AntiVir Exchange servers. Additionally, each server can be configured individually; for details refer to 3.3.1.4 Settings for an Individual AntiVir Server . 1. Select Basic Configuration - General Settings 2. To open the Properties: a. In the right window, right-click on AntiVir Servers Settings and select Properties. b. Or open the Properties with a double-click on AntiVir Servers Settings. c.
Avira AntiVir Exchange 7 In this context, also read the description on allocating rights and security settings under 3.3.3 AntiVir Monitor . Collective Notification As a general rule, each job can be configured so that when a specific event occurs, the recipients, senders and/or administrators are informed of this event (Actions tab). If several events occur for an e-mail, the Avira AntiVir Exchange servers are not configured (by default) to send separate notifications for each event.
Avira AntiVir Exchange 7 disable the Create collective notifications option. Central Whitelists In multi-server environments each server involved creates its own user whitelists. Thus, without server synchronization, each user is provided with a separate whitelist for each of the servers, which all need to be maintained individually.
Avira AntiVir Exchange 7 • • • • Administrator(s): The Avira AntiVir Exchange Administrator addresses entered in this field will receive important status notifications on the installation as well as the configured Administrator notifications. As default, the installation enters the Administrator address prompted for. Notification sender: The sender shown in the Avira AntiVir Exchange notifications.
Avira AntiVir Exchange 7 Multiple domains are separated by Carriage Return. Subdomains are automatically included, when the main domain is preceded by a "*" wildcard, e.g. *.domain.com. As default, the installation enters the mail domain of the Administrator address prompted for. These entries apply to all Avira AntiVir Exchange servers. The settings can be changed at any time in the same window. 3.3.1.
Avira AntiVir Exchange 7 1. Enter the Name of the Exchange server. During the installation, the current Exchange server is automatically entered as the internal domain. 2. Set the maximum number of e-mails processed simultaneously by Avira AntiVir Exchange in the Number of threads field. A reasonable maximum depends on the capacity and performance of your server. 3. Select the Event logging level for the Event Log. You can view this log with the Event Viewer (Windows Event Log).
Avira AntiVir Exchange 7 view in the Monitor (right-click on AntiVir Monitor - Refresh or click on the Refresh icon in the toolbar). Individual E-mail Addresses for an AntiVir Server Both the user-defined and default installation settings in the Properties for all Avira AntiVir Exchange Servers are copied to each individual server. These are the AntiVir Servers default settings.
Avira AntiVir Exchange 7 This function is especially useful for spam filtering, i.e. for the spam quarantines. It also helps to reduce the administrator’s workload by allowing users to forward quarantined messages to their inboxes. For each server you can specify whether and how users can access their quarantined mail. The user receives a summary report on quarantined mails, clicks on the corresponding action for the selected mail and, by doing so, sends a request.
Avira AntiVir Exchange 7 entered in the Mailbox field on this tab. A precondition is that the e-mail address exists and that the mail is sent through the server on which Avira AntiVir Exchange (and the applicable quarantines!) are installed. We recommend that you set up the mailbox on the same server. The message content is read out, thereby triggering the action requested by the user. Avira AntiVir Exchange recognizes request messages through: 1. the e-mail address (specified in the Mailbox field), 2.
Avira AntiVir Exchange 7 Tip: If necessary, you can also purge quarantines manually. To do so, right-click on the quarantine under AntiVir Monitor - Servers - server_name - Quarantine Areas and select All Tasks - Compress Quarantine. View a List of All Jobs The AntiVir Jobs tab provides a list of all jobs defined on this server. To edit a job on the server, select the job properties. 3.3.1.5 Address Lists Under Address lists, you can create your own address lists to be selected for individual jobs.
Avira AntiVir Exchange 7 2. 3. 4. 5. Click Address lists. Right-click and select New - Address list from the context menu. Enter a meaningful name for the address list. Click the Select members icon: . 6. In the window that opens, select the addresses to be added and click Add. To add your own addresses to the address list, enter them in the input field. You can use the * (asterisk) and ? (question mark) wildcards. It is also possible to enter formally invalid e-mail addresses such as info@domain.
Avira AntiVir Exchange 7 8. Allow adding addresses from quarantine Use this option to specify whether or not addresses from quarantined messages can be directly added to this address list. When checked, you can add the quarantined mail’s sender address to various address lists with the Add button in 3.3.3 AntiVir Monitor .
Avira AntiVir Exchange 7 Set whether the job is to be valid for all users or restricted to internal or external users. This selection is available for senders and recipients. Note: Both conditions in the Message from and Addressed to fields must come true for an action to be triggered (logical AND!).
Avira AntiVir Exchange 7 performed regardless of the sender and recipient address. Implementation: The action is executed for Message from: and Addressed to: . There are no exceptions. Each mail from each sender to each recipient is checked for viruses. The following are the address settings for the job: The Advanced window of the Addresses tab provides options for an easy implementation of more complex corporate policies .
Avira AntiVir Exchange 7 • And where addressed to checks the recipient(s). So does the exception Except where addressed to. Implementation: The address settings in the job should look as follows: The specified job action (i.e. blocking files with video attachments) is performed for the specified under Run this job when a message arrives from and is not performed for the specified under And where addressed to.
Avira AntiVir Exchange 7 To specify the addresses for a specific condition, click Internal Senders/Recipients, No addresses selected or a corresponding entry in the exceptions.
Avira AntiVir Exchange 7 installation or which you have configured manually. Also refer to Avira AntiVir Exchange Server settings . Tip: User defined address lists and AntiVir address lists are available only when you select addresses for a job. User defined address lists can be edited at any time; AntiVir address lists cannot be edited at all. 3.3.1.
Avira AntiVir Exchange 7 Category: variable type Variable Description General: Job Name [VAR]Jobname[/VAR] Name of the job that started an action General: Non-applicable recipients [VAR]UnrestrictedRecipients [/VAR] Recipients of the message that triggered the action who were not defined in the (inbound) address conditions. General: Quarantine folder [VAR]Quarantine[/VAR] The Quarantine in which a message was placed.
Avira AntiVir Exchange 7 Category: variable type Variable Description IS-Scan: Database [VAR]VSAPI_Database[/VAR] Name of the Information Store in which the message was located at the time of the virus scan IS-Scan: Database URL [VAR]VSAPI_Url[/VAR] URL of the Information Store, in which the message was located at the time of the virus scan IS-Scan: Error description [VAR]VSAPI_ErrorText[/VAR] Further description in the event of an error through the Information Store job IS-Scan: Submit time [
Avira AntiVir Exchange 7 Category: variable type Variable Description checked the mail for spam Wall: Spam analysis details [VAR]SpamReportHTML[/VAR] Detailed information on each spam criterion Wall: Spam probability [VAR]SpamValue[/VAR] Calculated spam probability value (from 0 to 100). This value is compared with the individually defined threshold values in the advanced spam filtering job.
Avira AntiVir Exchange 7 Category: variable type Variable Description Summary: Subject [VAR]Subject[/VAR] Subject of the summary report Summary: Current summary report date [VAR]Nowdate[/VAR] Date at which the current summary report was generated Summary: Last summary report date [VAR]Lastdate[/VAR] Date at which the previous summary report was generated Summary: Current summary report date and time [VAR]Now[/VAR] Date and time at which the current summary report was generated Summary: Last
Avira AntiVir Exchange 7 Category: variable type Variable Description Whitelist: Whitelist entries [VAR]HtmlList[/VAR] Complete list of all entries for a recipient with HTML formatting (compulsory field in the whitelist summary report) Whitelist: Fully qualified domain name [VAR]FQDN[/VAR] Full domain name of the server on which the whitelist for which a notifications to be generated is located Whitelist: HTTP port [VAR]HTTPPort[/VAR] Port of the HTTP server Whitelist: HTTP server [VAR]HTTPSer
Avira AntiVir Exchange 7 is also possible to use a Microsoft SQL server, which stores Avira AntiVir Exchange data in an SQL database. The supported databases include MS SQL Server 2000 and MS SQL Server 2005; in addition, MS SQL Server 2005 Express can be used with restricted CPU/memory capacity.
Avira AntiVir Exchange 7 The example below illustrates one of many possible configuration possibilities for the ADO string. For more detailed information on this and other options and configurations of the MS SQL ADO string please refer to the applicable documentation from Microsoft. Sample connection string: Provider=SQLOLEDB;User ID=[ADOUser];Password=[ADOPwd];Trusted_Connection=No;Initial Catalog=[DBCatalog];Data Source=LOCALHOST\SQLEXPRESS; a.
Avira AntiVir Exchange 7 the Folder name field. On the other hand, if using the SQL server for a central whitelist, the variable [DBCatalog] will be replaced with the fixed name ’Whitelist’. You can use the [DBCatalog] variable to use a database connection for multiple databases within a MS SQL Server. Please note that the databases need to be created exactly under that name. Otherwise any connection attempts will fail! e.
Avira AntiVir Exchange 7 Setting up a Quarantine Database Besides using the Microsoft SQL server for whitelists, it can also be used locally for Quarantine databases. Normally, the index of a quarantine is maintained in the local database (Microsoft Jet Engine). In case the capacity of a Jet database is insufficient, these entries can also be written to a locally installed SQL server. This requires having installed MS SQL on the mail server.
Avira AntiVir Exchange 7 • After configuration is complete, the SQL Server service has to be restarted. Tip: Also refer to the Quarantine configuration options (Quarantine is mission critical) in case of a database service failure described in the preceding section. 3.3.1.8 Folder Settings Quarantines Configuration A Quarantine is a directory in which all messages are placed that meet the criteria defined for the Copy to Quarantine action.
Avira AntiVir Exchange 7 3. Under Name, enter a descriptive name for the Quarantine. The Quarantine’s Folder Name remains the same. This option is only available when you create a new Quarantine. 4. Set after how many days a quarantined mail is to be automatically deleted. 5. Use the Size of body excerpts field to set whether or not and how much text from the body of the mail (message text) is to be stored in the database.
Avira AntiVir Exchange 7 Regardless of the actual ’mission critical’ setting, the Avira AntiVir Exchange administrators are informed by e-mail of recurring Quarantine or job errors. 8. Under the Summary Reports tab, you can now configure a summary notification for the selected Quarantine. Note: In case you allow the users to access and modify whitelists, press Add and select Quarantine Summary Report with Whitelist Support under Template. 1. Right-click Quarantines and select New - Quarantine. 2.
Avira AntiVir Exchange 7 Summary reports are especially useful for spam quarantines and the recipients of spam. Users will normally receive a list of all new spam messages that were addressed to them and have been placed in a particular Spam Quarantine. Set up reporting for this scenario as follows: 1. 2. 3. 4. 5. Open Basic Configuration - Folders - Quarantines. In the right window section, double-click the spam Quarantine Spam: Middle to open it. Select the Summary Reports tab. Click Add.
Avira AntiVir Exchange 7 6. 7. 8. 9. In the Recipients field, select All Recipients. The original recipients of the quarantined messages will receive the summary report. Select Userdefined Recipients when you want to limit the group of recipients of a summary report. The selected recipients, senders, groups or other address patterns are listed in the text field under the Recipients field.
Avira AntiVir Exchange 7 10. In the Fields tab, select the message fields to be listed in the quarantined messages summary report. If, for example, you check Subject here, the subject of the quarantined messages is listed in the summary report. A default selection is already preselected. Users can click the links in the summary report to perform actions with the selected messages.
Avira AntiVir Exchange 7 11. 12. 13. 14. In the Whitelist Fields tab select the message fields to be listed in the whitelist notification. Select the Schedule tab and click Add. A Schedule Settings dialog opens in which you can specify the time at which summary reports will be generated. In the example below, a summary report is sent to the recipient of the spam mail daily at 12 o'clock (12:00 AM hours). Click OK. The new Quarantine summary report now appears in the Schedule tab.
Avira AntiVir Exchange 7 Summary reports will be sent at 12:00 AM to the recipients of spam mail quarantined in Spam Middle. Note: You can create several different summary reports with differing contents for a single Quarantine. For each report, the messages are compiled separately from the Quarantine, even if the reports are scheduled for the same time. Tip: A list of all quarantines is available under Folders - Quarantines.
Avira AntiVir Exchange 7 For the Quarantine Summary Report, select the template with Whitelist Support, so that the recipient of the Quarantine summary report can manage the entries in his whitelist and request a whitelist summary report. Select the message fields to be listed in the Whitelist Summary Report. Use the Whitelist template field to edit any existing whitelist template or create a new one. Configure the Whitelist template with the variables as described under List of Notification Variables .
Avira AntiVir Exchange 7 Dictionaries Here, you can create dictionaries of text strings that you want AntiVir Wall content and spam filtering to block. We have already created a few dictionary categories that you can customize to your requirements. Refer to Setting up Dictionaries . AntiVir Engine For details on the configuration of the virus scanner, refer to Configuring and Enabling the AntiVir Scanner . 3.3.
Avira AntiVir Exchange 7 Note: The content conditions and the address conditions set in the Addresses tab must simultaneously come true, for a job to be run (logical AND). The value of X-headers allows to control e-mail processing so that, for instance, the results can be evaluated by open source tools. Moreover, with the condition ...with following headers and values, it is possible to select all e-mails that do not include headers or do not have the defined value.
Avira AntiVir Exchange 7 Job Type Function AntiVir E-Mail Size Filtering Checks messages for size and denies files that are larger than the allowed maximum size (per message size). AntiVir Attachment Filtering Checks messages for denied file attachments The various file formats are identified with fingerprints. AntiVir Attachment/Size Filtering Checks messages for denied file attachments and for file size, and denies files larger than the specified size.
Avira AntiVir Exchange 7 from the server. Add a subject extension A configurable supplement is added to the Subject line to indicate that the message has been processed. Send notifications to Notifications can be sent to the following groups and individuals: • • • • Administrators Sender Recipients Other persons Run external Program Runs an external program. Add X-header field A field is added to the message header, which can be filled with a value from one of the variables.
Avira AntiVir Exchange 7 access.acl file in the folder ...\Avira\Avira AntiVir Exchange\AppData\ Select the Security tab and provide the desired users at least with write access. To observe data in the Monitor: 1. Click on the desired server. 2. Authenticate yourself with a user name and a password with sufficient rights to access the Avira AntiVir Exchange data on the server’s file system. 3. Click the area you wish to view, e.g. Default Quarantine or BADMAIL.
Avira AntiVir Exchange 7 You can reset the options in one of three ways: 1. Under Filter options, select No Filter. 2. Right-click View - Show all objects. 3. Use the icon in the toolbar: . The AntiVir Monitor view displays a maximum of 10.000 e-mails at a time (the most recent ones). To view older e-mails, select appropriate filter options to restrict the e-mails displayed.
Avira AntiVir Exchange 7 Icons used on these tabs: Send message from Quarantine Delete message in Quarantine Create, edit or delete message label Save message as Open Online Help Next message in Quarantine/badmail Previous message in Quarantine/badmail To add the message sender to an address list, click the Add to button. The address lists shown with this button are set individually. For further information refer to Address Lists .
Avira AntiVir Exchange 7 The Processing Log tab shows the name of the job that has quarantined the message, the job type, the server, the reason for quarantining the message as well as other processing details: The Details tab displays Resent information (details on the resend process): 67
Avira AntiVir Exchange 7 A Mail in the Information Store Quarantine To view this information, double-click the message in the Information Store quarantine or right-click and select Properties.
Avira AntiVir Exchange 7 Icons used on these tabs: Delete item in quarantine Create, edit or delete item label Save item in the file system Next item in quarantine Previous item in quarantine To copy the item to another quarantine on this server, right-click the item and selectAll Tasks - Copy to.
Avira AntiVir Exchange 7 Sending From Quarantine If you want to send a quarantined message to its original recipient or another user, you can resend it directly from the Quarantine without having it rechecked by the AntiVir Exchange job: 1. In the AntiVir Monitor, open a list of quarantined messages. 2. Right-click the desired message and select All Tasks - Resend quarantine item Tip: As an alternative, you can send the message directly from the Properties dialog by clicking the icon.
Avira AntiVir Exchange 7 The From field of the message contains the original sender (i.e. not a forwarded mail). 3. To change the recipient, enable the Change e-mail recipients option and then click the Select Address icon: . Note: No address lists are available to select an address for resending from quarantine. Refer to Address Lists . 4. If you do not want any jobs to process the message, select the option Deliver the email bypassing any AntiVir jobs on this server.
Avira AntiVir Exchange 7 Adding Senders to an Address List If the e-mail of a specific sender has been quarantined, but you wish future mails from this sender to be accepted, you can add the sender to one of your address lists, e.g. Anti-Spam: Whitelist 1. In Avira AntiVir Exchange Monitor, open the Quarantine where the desired mail is located. 2. Right-click the mail and enable All tasks - Add sender to addresslist. 3. Select the address list to which the sender is to be added.
Avira AntiVir Exchange 7 4 AntiVir 4.1 Overview AntiVir checks messages for viruses, for the type and size of their attachments and for the total message size. In that context, a distinction is made between scanning on the transport level (inbound/outbound messages) and scanning in the MS Exchange database (public and private Information Store).
Avira AntiVir Exchange 7 folder and the original is deleted without being forwarded. 3. Notifications with the relevant information from the scan engine and the AntiVir job are then sent to the Administrator, sender and recipient.
Avira AntiVir Exchange 7 be deleted, however. • replace with You can replace infected elements with an information text. The infected element is then deleted. • mark as not infected In exceptional cases, you may decide that an infected element is not to be flagged infected. Subsequent virus scans will then find the virus again. This action is intended for testing only, as it provides no protection for users and the system.
Avira AntiVir Exchange 7 You can change the properties of the scan engine under Basic Configuration - Utility Settings - AntiVir Engine - Properties. • • The name of the Avira antivirus interface DLL must be entered in the Avira AV Interface field. This DLL file represents the link between Avira AntiVir Exchange and the virus scanner. This entry is pre-configured for all scan engines and must not be changed! In the Parameter field, enter the parameter to be used by the virus scanner for scanning.
Avira AntiVir Exchange 7 • Update timeout: Enter the number of seconds after which an unsuccessful attempt to connect to the server is aborted. Take into account the performance of your server. The minimum value is 60 seconds. We recommend a value of 60 to 120 seconds. • Allow multiple concurrent calls: Sets that the scan engine can process several e-mails at the same time. The specific number of calls is set under Basic Configuration - AntiVir Server Properties - General tab: Number of threads.
Avira AntiVir Exchange 7 Password for proxy server (proxy authentication) Use this parameter to set the password to be used by the update service along with the user name to connect to the proxy server. This value is used only when “ProxyEnabled” is enabled. Example: ProxyPassword=passwort Search interval for new updates This value specifies the number of minutes after which the update service searches for new versions on the server entered under UpdateURL. The default value is 120 minutes (2 hours).
Avira AntiVir Exchange 7 By default, the Subject extension is pre-set to AntiVir checked. This text is added to the subject of each mail checked by the job. This job also processes Quarantined emails. The processing action for sending from quarantine applies to all jobs and has priority. Therefore, if you select an email in the AntiVir Monitor and use the Resend item command, with activated option Deliver the email bypassing any AntiVir jobs on this server, the email is not processed by any job.
Avira AntiVir Exchange 7 A job is not mission-critical when any processing errors are to be ignored for the corresponding e-mail, in which case it is passed to the next job for further processing. All processing errors are recorded in the Windows Event Log. If the same processing error occurs five times in succession, the job is disabled and automatically restarted after 15 minutes. Do not enable this option for company-critical jobs. For most of the jobs, the default setting is not mission-critical.
Avira AntiVir Exchange 7 This job scans e-mails for viruses but does not attempt to clean infected e-mails and attachments. Although the virus scanner is capable of cleaning infected objects, it is advisable to quarantine infected attachments immediately, as, in practice, viruses are usually received in spam and rarely by accident from known communication partners. Note: As the job is to perform a virus scan only, you need to configure the scan engine accordingly.
Avira AntiVir Exchange 7 In this example, a copy of the e-mail is placed in Quarantine and the infected attachments are deleted. The message is delivered to its recipient only if the message body is virus-free and the attachment could be deleted. A notification on the virus is sent to the Administrator. You can select this notification from the list menu of available notification templates, which you can format using the HTML toolbar or by directly entering appropriate HTML code.
Avira AntiVir Exchange 7 • Notification: Select the recipient of the notification from the address book. • Start external program: Define a new application to perform actions of this application. To start an external application enter the path and, where required, any necessary parameters. • Add Avira tag and value: Mail header tags can be inserted by Avira AntiVir Exchange during the process in order to perform special Avira AntiVir Exchange actions.
Avira AntiVir Exchange 7 Click the address book icon to select further recipients or define own addresses. If the e-mail is also to be delivered to the original recipient or original sender, enable the corresponding checkbox. After having entered the recipient click Finish. Selecting Servers Under the Server tab, select the server or servers on which the job is to be enabled.
Avira AntiVir Exchange 7 Click Select. A dialog similar to the one for selecting scan engines appears. Note: If a server is not listed, it may not be correctly configured. For further information about configuring Avira AntiVir Exchange servers refer to Settings for an Individual Avira AntiVir Exchange Server . Entering Job Details Use the Details tab to add a job description. Save the configuration of the AntiVir Exchange Management Console each time you have modified the settings.
Avira AntiVir Exchange 7 Under Policy Configuration in the Information Store jobs area, you will find an Information Store scan job for each server. Double-click this job to open it. Attention: When you enable or disable the Information Store scan job, it takes up to two minutes for the Exchange Store to register the change. 4.3.1 General Settings Under the General tab you can enable on-demand scanning for both the private and the public Information Store.
Avira AntiVir Exchange 7 4.3.2 Scheduling Use the Schedule tab to define a schedule for restarting the scan. When scanning is restarted, all elements in the Information Store are checked one more time. This applies to all three scan modes. If you have enabled background scanning, this scan may take a long time and use a lot of processor capacity. It is therefore advisable to restart scanning during periods of low system usage and following pattern file updates. To create a schedule entry click Add.
Avira AntiVir Exchange 7 Three different actions are possible: 1. Virus found/Removing not successful: Specifies the actions if virus was found and the file could not be cleaned.
Avira AntiVir Exchange 7 a. b. c. d. 2. Specify whether a copy of the object is to be quarantined and labeled. A separate default quarantine is available for the Information Store. With the second option, the object can be blocked, replaced or just marked as not infected. Also refer to Scanning in the Information Store . The final option defines whether a notification is sent to the administrator(s).
Avira AntiVir Exchange 7 The following actions are available: a. b. 3. Use the first option to specify whether a copy of the object is to be quarantined and labeled. The copy is created before cleaning so that the object is quarantined in its original state. In addition you can define whether a notification is sent to the administrator(s). Object unscannable: This option allows to control the behavior of Avira AntiVir Exchange when it finds encrypted objects, which cannot be opened for scanning.
Avira AntiVir Exchange 7 Two options are available. In the Information Store scan field, select one of two settings: a. b. abort scanning: The object will be rescanned with the next scan. If previous scans have not treated the object as uninfected, access is denied. mark as not infected: The object is treated as if it were virus-free. It is not rescanned before virus scanning is restarted. You can also notify the administrator and add further actions by clicking on the Add button. 4.3.
Avira AntiVir Exchange 7 The General tab shows information about Server, Configuration, License and IS (Information Store) Scan: • • • The status of the scanner DLL for the Information Store scan. When the DLL indicates Loaded, the Information Store scan is enabled. The Information Store scan version. This number is incremented with every restart. The date of the last version update and the time and date of the last restart.
Avira AntiVir Exchange 7 When scanning is restarted, all elements in the Information Store are checked one more time. This applies to all three scan modes. If you have enabled background scanning, this scan may take a long time and use a lot of processor capacity. It is therefore advisable to restart scanning during periods of low system usage. 4.
Avira AntiVir Exchange 7 The result of this scan is compared with the denied/ allowed fingerprints under Fingerprint conditions (set in the job properties) and blocked or delivered accordingly. For denied files, the job actions are performed, for instance for a mail with a denied attachment: • The denied attachment is copied to the Quarantine folder. • The message text is delivered to the recipient. • Notifications are sent to the Administrator and the sender.
Avira AntiVir Exchange 7 Malicious users can manipulate filenames by simply changing the extension to a different file type. To prevent file type filtering being fooled by this type of manipulation, you can use the binary pattern which uniquely identifies file formats. The binary pattern is therefore the most reliable method for identifying file types.
Avira AntiVir Exchange 7 and categories (with a Microsoft fingerprint in the example below): The fingerprint is called Microsoft Access Project and belongs to the Microsoft Office category. 2. Select the Pattern Settings tab.
Avira AntiVir Exchange 7 3. In the Name pattern field, enter the file extension for this name pattern. Note: You can define several filename patterns for each fingerprint. Multiple entries must be separated with a semicolon (;). You can use the “*” wildcard for multiple characters, for instance to define a fingerprint with the filename pattern “*.vbs”. You can also specify complete filenames in this field. If you enter, for instance, “Att01.
Avira AntiVir Exchange 7 • • • 1. Start position End position Hexadecimal values Start position: The position within a file from which a pattern search is performed. The following values are possible: 1 Start at the first byte of the file 1, 2, ... Start at the first byte, second byte, etc. of the file -1 ... Start at the last byte of the file -6 ... Start at the sixth byte from the end of the file 2. End position: The position within a file up to which the pattern search is performed.
Avira AntiVir Exchange 7 The start position is the point in the file from which the specified binary pattern will be searched for. The position of the first byte in the file, i.e. the beginning of the file, is offset 1. The second byte then has an offset of 2, etc. The end position is the offset up to which the pattern is searched for. If the number in one or both of these fields is prefixed with a minus sign (“-”), the bytes are counted in reverse. The entry -1, for example, is the last byte of the file.
Avira AntiVir Exchange 7 For details on the Check Binary and Name Pattern option, refer to Configuring Fingerprints . 4. Now click Edit to open the first entry.
Avira AntiVir Exchange 7 The start position is “1”, the end position “3”. This means that the file is searched for the binary pattern “42 4D” between the first and the third byte, i.e. between offset 1 and offset 3. The binary pattern is entered as a hexadecimal number in the lower field. The pattern in this example corresponds to the letters “BM”. This is part of the ID of a Windows/OS2 bitmap file. This is still not a complete pattern. 5.
Avira AntiVir Exchange 7 Here, a search is performed for the pattern “00000000” between offsets 7 and 11. Only when both binary patterns have been found in a file, does the file match the pattern and can be identified as a bitmap. 6. For each additional search pattern, click Add. Note: If you want to identify fingerprint binary patterns that are not included in the supplied list of file patterns, please contact the publisher of the software to which the file type applies, e.g. Adobe for Acrobat (*.
Avira AntiVir Exchange 7 4.4.5 Denying File Attachments by Type - Example Under Policy Configuration - Job Templates, you will find various jobs for blocking different file formats. • Block all archives except ZIP-files Blocks all compressed formats except ZIP files • Block suspicious attachments Blocks known malicious attachments such as Nimda.
Avira AntiVir Exchange 7 By default, the Subject extension is pre-set to AntiVir checked. If enabled, this text is added to the subject of each mail checked by the job. This job does not process mails that are being resent from Quarantine (AntiVir Monitor -
Avira AntiVir Exchange 7 you have modified the settings. The configuration is saved in the ConfigData.xml file located in the Avira\AntiVir Exchange\Config\ folder. Pending changes are indicated by an asterisk (*) next to the top node. Setting up Content Conditions Under the Conditions tab you can set the requirements as to which mails or documents a job is to be run for.
Avira AntiVir Exchange 7 Scan inside compressed attachments means that the internal unpacker opens archives and checks the files it contains for the fingerprints specified. If this option is disabled, only the archive is checked and identified as compressed format. 2. Fingerprint conditions: Click Video or No fingerprints selected to select a fingerprint category or an individual fingerprint from the list. The following view appears: 3.
Avira AntiVir Exchange 7 In this example, a copy of the e-mail is placed in Quarantine and the infected attachments are deleted. The message is delivered to its recipient, but the denied attachments are removed. A notification about the denied fingerprint is sent to the Administrator. You can select this notification from the list menu of available notification templates, which you can format using the HTML toolbar or by directly entering appropriate HTML code. 2.
Avira AntiVir Exchange 7 Under the General tab, enter a name for the job. An active (enabled) job has a checkmark in the job symbol. Set the job to Enabled: Yes. Once you have saved your settings with Apply and closed the job, the job is active. By default, the Subject extension is pre-set to AntiVir checked. If enabled, this text is added to the subject of each mail checked by the job.
Avira AntiVir Exchange 7 You can select addresses from existing lists or from your own ones. For details on how to make the best use of address lists and details, refer to the description under Address Lists . Setting up Content Conditions Under the Conditions tab you can set the requirements as to which mails or documents a job is to be run for. For the use and settings of conditions refer to Conditions .
Avira AntiVir Exchange 7 With the setting above, the maximum allowed size of each incoming and outgoing e-mail is 100.000 kilobytes. Defining Actions Under the Actions tab, specify the actions to be taken when the job finds an e-mail that exceeds the maximum size. In this example, a copy of the message is placed in Quarantine and the message is deleted without being delivered to its recipient. A notification about the excessive message size is sent to the Administrator.
Avira AntiVir Exchange 7 Enabling Virus Scanning - Example, "Defining Actions" . Selecting Servers / Job Details To select servers and specify job details proceed as described under Selecting Servers and Entering Job Details . Save the configuration of the AntiVir Exchange Management Console each time you have modified the settings. Click on the Save button . The configuration is saved in the ConfigData.xml file located in the Avira\AntiVir Exchange\Config\ folder.
Avira AntiVir Exchange 7 By default, the Subject extension is pre-set to AntiVir checked. If enabled, this text is added to the subject of each mail checked by the job. This job does not process mails that are being resent from Quarantine (AntiVir Monitor -
Avira AntiVir Exchange 7 For details on how to make the best use of address lists and details, refer to the description under Address Lists . Setting up Content Conditions Under the Conditions tab you can set the requirements as to which mails or documents a job is to be run for. For the use and settings of conditions refer to Conditions . Note: The content conditions and the address conditions set in the Addresses tab must simultaneously come true, for a job to be run (logical AND).
Avira AntiVir Exchange 7 With the Add and Remove buttons, you can assign entire categories or individual fingerprints to the list of denied and/or allowed fingerprints. To do so, double-click the category in the left pane or click the + sign to open it. Tip: You can enter a category such as “Microsoft Office” under Selected Fingerprints and define one or more fingerprints from that category as exception under Exceptions. To keep a clear overview, do not use the same job for too many categories.
Avira AntiVir Exchange 7 In this example, a copy of the message is placed in Quarantine, the infected attachments are deleted, and the message is delivered without its attachment. A notification on the restriction is sent to the Administrator. You can select this notification from the list menu of available notification templates, which you can format using the HTML toolbar or by entering appropriate HTML code yourself. To define further actions, click the Add button.
Avira AntiVir Exchange 7 5 AntiVir Wall 5.1 Overview AntiVir Wall is used to filter e-mails or attachments according to their text content, check images for offensive contents, classify e-mails according to their content, to restrict inbound or outbound e-mail addresses and to limit the number of recipients per e-mail.
Avira AntiVir Exchange 7 For address filtering, you can normally use the following wildcards: • Asterisk (*) The asterisk is the wildcard for one or more letters and digits. It can be used several times within a word or expression. • Question mark (?) The question mark represents a single character. It can also be used several times within a word or expression. To specify a denied sender, you can enter something like “tom*@*.*” as a disallowed sender instead of individual e-mail addresses.
Avira AntiVir Exchange 7 Under Policy Configuration - Job Templates, you will find a configured address filtering job. Double-click the job Anti spam regarding sender address, to open it. General Settings Under the General tab, enter a name for the job. An active (enabled) job has a checkmark in the icon symbol. Set the job to Enabled: Yes. Once you have saved your settings with Apply and closed the job, the job is enabled. By default, the Subject extension is pre-set to AntiVir Wall checked.
Avira AntiVir Exchange 7 Resubmit the email to all AntiVir jobs has been enabled. The Ignore emails resent from quarantine option means that this job is systematically skipped when a mail is resent from Quarantine. Save the configuration of the AntiVir Exchange Management Console each time you have modified the settings. Click on the Save button . The configuration is saved in the ConfigData.xml file located in the Avira\AntiVir Exchange\Config\ folder.
Avira AntiVir Exchange 7 To define further actions, click the Add button. For a description of the procedure, refer to the description in the AntiVir chapter under Enabling Virus Scanning – Example, "Defining Actions" . Selecting Servers / Job Details To select servers and specify job details proceed as described under Selecting Servers and Entering Job Details . 5.3 Content Filtering With Dictionaries AntiVir Wall uses predefined dictionaries to look for undesirable text content.
Avira AntiVir Exchange 7 Content filtering can be limited to specific senders or recipients. You can specify, for example, that only external mail is scanned for pornography, racism, etc., while own-domain mail to external recipients can be checked for internal or confidential information. Messages are scanned and compared against the specified dictionaries.
Avira AntiVir Exchange 7 The asterisk must be placed at the beginning or end of a word or phrase. • Plus symbol (+) The plus symbol has the same function as the asterisk, but indicates that the search term is part of a word or phrase. Examples: +check+ will find “checkpoint”, “intercheck” and “intercheckpoint”, but not “check” on its own. check+ finds only “checkpoint”. The plus symbol must also be placed at the start or end of a word or phrase.
Avira AntiVir Exchange 7 Note: To use dictionaries in a job, select a Content Filtering job under Policy Configuration, enable the required dictionary and specify an overall threshold value (from 1 to 10.000). As soon as this threshold value is reached when all weighting factors (identified words/phrases) of the active dictionaries are added, the specified actions are performed. For further information, refer to Checking and Denying Text Contents - Example Searching for Text in Dictionaries 1.
Avira AntiVir Exchange 7 If you do not specify any additional options, the function looks for the entered character string everywhere, i.e. also within words and phrases. • Find whole word only: You can separate words with any non-alphanumeric character including paragraph marks and manual line breaks. • Case sensitive: Makes the search case-sensitive. • Count matches only: Only the number of matches is displayed, not the matches themselves: 2.
Avira AntiVir Exchange 7 You can also use the text search and replace function for your own addresses. Also refer to Address Lists . 5.3.2 Checking and Denying Text Contents - Example The Policy Configuration - Job Templates contains various jobs for content filtering with dictionaries.
Avira AntiVir Exchange 7 By default, the Subject extension is pre-set to AntiVir Wall checked. If enabled, this text is added to the subject of each mail checked by the job. This job does not process mails that are being resent from Quarantine (AntiVir Monitor -
Avira AntiVir Exchange 7 description under Address Lists . Setting up Content Conditions Under the Conditions tab you can set the requirements as to which mails or documents a job is to be run for. For the use and settings of conditions refer to Conditions . Note: The content conditions and the address conditions set in the Addresses tab must simultaneously come true, for a job to be run (logical AND).
Avira AntiVir Exchange 7 Calculation: Every word or phrase in the Offensive Language list has a value of 10. In this example, the threshold of 50 is reached when at least five words from these lists are found in the message. Explanation: Every word or phrase in the Offensive Language list has a weighting of 10. Each word or phrase from this list found is counted and multiplied with the weighting and finally compared to the threshold value.
Avira AntiVir Exchange 7 In this example, a copy of the message is placed in Quarantine and the message is deleted without being delivered to its recipient. A notification that the corporate policy was breached is sent to the Administrator. You can select this notification from the pull-down menu of available notification templates, which you can format using the HTML toolbar or by entering appropriate HTML code yourself.
Avira AntiVir Exchange 7 Any spam filtering job therefore has to take into account that e-mails may not be definitely identifiable as spam. The spam filtering job works with a range of different criteria for identifying spam. These criteria are split into definite and combined criteria. Using the definite criteria, the job scans mail for unique spam characteristics and classifies them into spam and non-spam.
Avira AntiVir Exchange 7 - Redirect mail The individual thresholds are: 1. 2. 3. 4. Spam Probability: None. Default: 0. Spam Probability: Low. Default: 0 - 9. Spam Probability: Medium. Default: 10 - 49. Spam Probability: High. Default: 50 -100. The Low, Medium and High ranges can be adjusted with sliders and linked to corresponding actions, which are then performed on all e-mails in that range. For spam probability None, you can specify a subject extension.
Avira AntiVir Exchange 7 Criterion Description enter a threshold value here. Example: Minimum number = 2 means that all messages with two or more file attachments are delivered without spam checking. Emails with minimum size of Spam e-mails are generally small, and large e-mails are therefore unlikely to be spam. Here, you can enter a size above which message are no longer checked for spam. Emails in TNEF format TNEF E-Mails. This Exchange-specific format is not being used by spammers yet.
Avira AntiVir Exchange 7 1. 2. 3. 4. 5. If the affected e-mails all exceed the spam probability threshold by only a small amount, increase the threshold value to avoid false positives. If e-mails from a particular sender are regularly classified incorrectly as spam, add this sender to the Active Directory or the whitelist (under Definite Criteria - No Spam), so that these e-mails are no longer checked for spam.
Avira AntiVir Exchange 7 This job does not process mails that are being resent from Quarantine (AntiVir Monitor -
Avira AntiVir Exchange 7 Setting up Content Conditions Under the Conditions tab you can set the requirements as to which mails or documents a job is to be run for. For the use and settings of conditions refer to Conditions . Note: The content conditions and the address conditions set in the Addresses tab must simultaneously come true, for a job to be run (logical AND). Defining Actions Under the Actions tab, specify the spam probabilities and the action to be taken on identified spam e-mails.
Avira AntiVir Exchange 7 performed. The only possible action in this probability range is to add a Subject extension, which you can define on this tab. You could, for example, enter Checked for spam. • In the Spam Probability: Low (here: 30 to 69) range, the actions are defined on a separate tab. Click the Low button. The following dialog appears: The only action defined in this example is to add the probability as subject extension.
Avira AntiVir Exchange 7 The actions defined here are: place a copy of the message into Quarantine, notify the Administrator, deliver the original message to its recipient, adding a subject extension to notify the recipient of the spam probability of this message (e.g. Spam probability = 75). The higher this value, the greater the likelihood that this is not a high-priority message. The Spam probability Medium is for those mails that may or may not be spam.
Avira AntiVir Exchange 7 moving message to the user's Outlook junk mail folder. In the Exchange System Manager, you can centrally define what is to be done with e-mails with SCL values above a set threshold. You do not have to specify the action on the same system that assigns the SCL. As the IMF assigns the e-mails' SCL value, any defined actions can be only be performed on the target system. To that end, the e-mail gateway must also run Exchange 2003.
Avira AntiVir Exchange 7 The Spam probability High is intended for those e-mails that are probably spam and should not be delivered. In this example, the original message is deleted immediately without being forwarded to its recipient. A copy of the message is placed in the Quarantine. Because of today's large numbers of junk mail, the Administrator is not notified. Note: A high volume of junk mail can result in large quarantines, which can reduce system performance.
Avira AntiVir Exchange 7 On the Actions tab you can adjust the spam criteria. Click Definite Criteria. The following dialog appears: If you want to systematically allow e-mails from specific senders, click Antispam: Whitelist and Antispam: Newsletter Whitelist in the criterion Emails from these trusted senders (Whitelist).
Avira AntiVir Exchange 7 Select or enter the addresses that are to be always allowed as sender. You can use the asterisk (*) and question mark (?) as wildcard. Alternatively, you can specify entire domains in the form *.domain.com. After having entered all addresses, click OK. In the Definite “No Spam” Criteria dialog, you can now customize the next criterion, Email subject containing these words. Click Antispam: Content Whitelist.
Avira AntiVir Exchange 7 Use the and arrow keys to add and remove dictionaries in the list. The double arrows add or remove all existing dictionaries. In the right field, double-click Antispam: Content Whitelist or click the Edit button.
Avira AntiVir Exchange 7 For further information on setting up dictionaries refer to Setting up Dictionaries . For a detailed description of the remaining criteria refer to Definite No-Spam Criteria .
Avira AntiVir Exchange 7 In the Emails from the following senders (Blacklist) field, click Antispam: Blacklist and Antispam: Newsletter Blacklist. An address selection dialog appears, in which you can enter e-mail addresses or domain names. Note: Make sure you keep both the whitelist and the blacklist up-to-date. In addition, by selecting a particular character set, you can declare e-mails from specific regions as spam by default.
Avira AntiVir Exchange 7 character set. Note: This function checks only the "charset" e-mail header. Make sure that you have selected only character set list(s) for this option, and not any other dictionary. Selecting Servers / Job Details To select servers and specify job details proceed as described under Selecting Servers and Entering Job Details . Save the configuration of the AntiVir Exchange Management Console each time you have modified the settings. Click on the Save button .
Avira AntiVir Exchange 7 In the combined criterion Emails containing these phrases under the Spam (Body) tab, you are using the Anti-spam: Frequently Used Spam Phrases dictionary to check the e-mail bodies of all inbound e-mails for spam. This dictionary has a weighting value of 5. If a word or phrase from this dictionary is found in an e-mail, for instance “check it out”, it receives a score of 5.
Avira AntiVir Exchange 7 criterion will be taken into account accordingly for the overall value. Combination of Values to Overall Spam Probability The individual values of all combined criteria are weighted according to their defined relevance to establish a final evaluation. The job compares this overall value (the spam probability of the message) with the three threshold values and allocates the e-mail accordingly to one of the four spam probability ranges (None to High).
Avira AntiVir Exchange 7 Criterion Avira SPACE results Description Avira SPACE checks incoming mail against known spam patterns. Combined Header Criteria Criterion Description Suspicious sender properties Checks whether the message has a “From” header and whether this header is completed and corresponds with the sender in the SMTP protocol.
Avira AntiVir Exchange 7 Criterion Description Recipient address in body Checks whether the part before the @ of a recipient address is found in the message body of the e-mail. Junk sequence in subject Checks whether the e-mail body contains long strings of spaces or meaningless character strings. Emails containing these phrases Checks whether the e-mail body contains words typically found in spam mail.
Avira AntiVir Exchange 7 The result of this analysis is a value that is used to calculate the spam probability within the advanced spam filtering job. 5.5.1 SPACE Engine Configuration If you plan to use SPACE for fighting spam, first configure the SPACE Engine for periodical updates. The configured engine is automatically used whenever a spam filtering jon with SPACE enabled is called. Open the Basic Configuration --> Utility Settings and select SPACE Engine.
Avira AntiVir Exchange 7 This field specifies the directory where the update patterns are stored. only change this setting if you have selected another directory during the SPACE setup. • Update interval Interval in minutes at which the program checks for pattern updates. The minimum value is 15 minutes. • Update timeout Timeout (in seconds) for accessing the server. If unsuccessful, the update is aborted after this time has elapsed.
Avira AntiVir Exchange 7 • Relevance of this criteria: Set the relevance (weighting) for the entire criterion (ranging from Low - Very high). The values for the relevance and the coefficient are multiplied and yield the result for this criterion. 3. Once this job is active, the configured SPACE Engine is automatically enabled. 5.6 Blocking Images This job type is used to block images with offensive or pornographic content.
Avira AntiVir Exchange 7 double-click. General Settings Under the General tab, enter a name for the job. An active (enabled) job has a checkmark in the job symbol. Set the job to Enabled: Yes. Once you have saved your settings with Apply and closed the job, the job is enabled. By default, the Subject extension is pre-set to WALL checked. If enabled, this text is added to the subject of each e-mail checked by the job.
Avira AntiVir Exchange 7 For details on the Mission Critical option, refer to This job is mission-critical in the "AntiVir" Chapter. Setting up Address Conditions Under the Addresses tab, specify the senders or recipients to which this job is to apply. You can select addresses from existing lists or from your own ones. For details on how to make the best use of address lists and details, refer to the description under Address Lists .
Avira AntiVir Exchange 7 Whether or not an image is classified as offensive depends on the threshold set here. Possible values range from 0 to 100. Theoretically, "genuine" pornographic or hardcore images can reach a value of 100. In practice however, these values lie between 35 and 65. More than 80 % of all images reach values between 45 and 50. We therefore recommend to set the threshold to 51. This value will identify images with "a lot of naked skin" such as pin-ups.
Avira AntiVir Exchange 7 Defining Actions Under the Actions tab, define the actions to be performed when the job finds an e-mail with one or more offensive images. In this example, a copy of the message is placed in Quarantine and the message is deleted without being delivered to its recipient. A notification warning of the denied address is sent to the Administrator.
Avira AntiVir Exchange 7 5.7 Limiting the Number of Recipients With this job type, you can limit the number of recipients for each e-mail. When this job is enabled, users cannot send bulk mail to all users in your company. Limiting Number of Recipients - Example Under Policy Configuration - Job Templates you will find the Block emails with more than 50 recipients job. Drag this job to the Mail Transport Jobs folder and open it there with a double-click.
Avira AntiVir Exchange 7 By default, the Subject extension is pre-set to AntiVir Wall checked. If enabled, this text is added to the subject of each mail checked by the job. This job does not process mails that are being resent from Quarantine (AntiVir Monitor -
Avira AntiVir Exchange 7 In this example, each incoming or outgoing e-mail can be addressed to no more than 50 recipients. As soon as an e-mail contains 51 recipients, the specified action is triggered. Note: If an e-mail is addressed to a group of recipients with a single address, the Exchange server must be able to resolve the list into its individual recipients to identify the actual number of recipients.
Avira AntiVir Exchange 7 In this example, a copy of the message is placed in Quarantine and the message is deleted without being delivered to its recipients. A notification about the number of recipients is sent to the Administrator. You can select this notification from the pull-down menu of available notification templates, which you can format using the HTML toolbar or by entering appropriate HTML code yourself. To define further actions, click the Add button.
Avira AntiVir Exchange 7 Avira AntiVir Exchange 2000/2003 Avira AntiVir Exchange 2007 Avira GmbH Lindauer Str. 21 88069 Tettnang Germany Telephone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-525 10 Internet: http://www.avira.com © Avira GmbH. All rights reserved. This manual was created with great care. However, errors in design and contents cannot be excluded. The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira GmbH.