2009 Spectrum Engineering Consortium Ltd.
[INSTALLING FOREFRONT EXCHANGE SECURITY IN MAILBOX SERVER] This document is for IT staff for smoothly installation FSE in a mailbox server also test its functionality.
In this Scenario we are targeting placement of Forefront on the Mailbox Server Role. Forefront Security for Exchange includes both Realtime and Transport Layer Scanning Capabilities along with a Manual Scan capability. There is also a rich, highly customizable Content Scanning capability for both Files by File Extension (Example: Quarantine all files with a .scr File Extension) and File Name (Example: Quarantine all files named zippo_virus.txt), restrictions by Allowed Sender, Filtering by Key Word (Example: Delete all files with the word 'tucan' in the Subject or Message Body) and a Manual Scan capability that provides for Business specific combinations of the many variations available above. We will explorer the initial installation and then in separate Blog entries provide examples of using Filtering by 1) Content, 2) Keyword, 3) File, 4) Allowed Sender or 5) Filter Lists. Finally, it is always worth mentioning that one of the primary reasons Businesses are selecting Forefront Security for Exchange is it is a Product designed from the ground up to incorporate scanning through multiple Anti-Virus Engines with the maximum 5 Engines (of 10 available) selected for any one Scan Type. The current Anti-Virus Vendors included in Forefront Security for Exchange are:
Norman Virus Control Microsoft Antimalware Engine Sophos Virus Detection Engine CA Inoculate IT CA Vet Authentium Command Antivirus Engine AhnLab Antivirus Scan Engine Worm List VirusBuster Antivirus Scan Technology Kaspersky Antivirus Technology
Let's get this Product installed then explore its capabilities further!
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 2
I begin by logging onto the Exchange 2007 Mailbox Server Role and identifying the Forefront Security for Exchange Setup File.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 3
I initiate the Setup process using the Wizard Based dialogue windows.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 4
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 5
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 6
The complexity of the Setup configuration is low. In this example I am completing a 'Local Installation'.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 7
Forefront Security for Exchange provides the ability to complete a 'Full Installation' or a separate 'Console Only Installation.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 8
Once message are in 'Quarantine' there are several approaches to consider when 'handling' these Quarantined Messages. 'Secure Mode' is recommended as rescanning of Messages is a better idea (in my opinion) than not applying any of the unique Content or File Filtering capabilities a second time when viewing.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 9
I select default, randomly chosen Anti-Virus Engines (5 of a possible 10 Engines) understanding that once Forefront Security for Exchange is in place we receive Anti-Virus Engine and Virus Definition Files from all 10 Vendors. Additionally, we can then 'selectively choose 5 Vendors' on a Per Server (and even Per Scan Type) basis.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 10
Here is a clear statement that all 10 Anti-Virus Engines and Anti-Virus Definition Files require downloadable updates upon completion of the installation process. Typically this 'Engine' and 'AV Definition' update process takes under 30 Minutes total.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 11
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 12
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 13
Final confirmation of the intended installation steps the Microsoft Intaller for Forefront Security for Exchange will execute prior to execution.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 14
Since Forefront Security for Exchange incorporates 'Transport Level Anti-Virus Scanning' the Exchange 2007 Transport Service must be Stopped, Forefront Security for Exchange installed, then the Exchange 2007 Transport Service Started again.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 15
Confirmation that the Exchange 2007 Transport Service re-Started again successfully.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 16
Success! A quick scan of the 'Readme' File and we are ready to roll. Note: the 'Readme' file includes detail on how to generate a Test Virus File as prescribed by EICAR. It is not really a Virus, just a file with Content that all Anti-Virus Vendors understand are 'test values'. http://www.eicar.org
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 17
The Forefront Security for Exchange Administrator icon and Application are now in place and functionality.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 18
I have found the most logical 'first step' in configuring Forefront Security for Exchange is validating the 'Proxy Server' settings are correct. This allows the Application to go to the defined Microsoft Internet URL and download both AntiVirus Engine Updates and Anti-Virus Definitions.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 19
Anti-Virus Engine and Anti-Virus Definition Updates begin downloading right away. The Download Schedule is completely customizable.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 20
Now I move to a Windows XP SP2 Workstation with Outlook 2007 installed. The intent of this Login is to use the 'Test EICAR Virus File', send it in an e-mail to fellow employees and determine if Forefront Security for Exchange 'catches' the Virus.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 21
I login as Ralph McGee - one of my fictitious e-mail users on Exchange 2007.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 22
I have placed the 'EICAR Virus Test File' on the Desktop of 'All Users' on this Worksation. I briefly rename this file from 'eicar.com' to 'eicar.pow' and send it to other Mailbox holders. Go Virus Test File Go!
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 23
Right away Forefront Security for Exchange picks up the 'EICAR Virus Test File' as witnessed in the Quarantine Object in the Forefront Security for Exchange Application. We can see who sent the Virus, the Virus Type, the Recipients, anyone marked as a Carbon Copy (CC) and the action taken by Forefront Security for Exchange. Most of these parameters are configurable based on the requirements of your Business.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 24
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 25
Another valuable capability of Forefront Security for Exchange is that when an 'Event' occurs the Application Log on the Local Server includes an Event by Event ID. There is complete integration with Microsoft Operations Manager 2005 and System Center Operations Manager 2007 for compiling Performance Metrics along with detailed Alerting.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 26
I now move back to the Mailbox of Ralph McGee. Forefront Security for Exchange has sent the e-mail and replaced the Virus Payload with a Text File named 'eicar.txt'.
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 27
We can customize the 'Notification Message' as I have done in this example by indicating the line starting with '....If you have
By- Md. Ashifuzzaman [MCSE, MCTS,MCITP]
Page 28