8.2 InterScan Messaging

8.2  InterScan Messaging
TM
8.2
InterScan Messaging
Security Virtual Appliance
Hybrid SaaS Email Security
Installation Guide
m
Messaging
i S
Security
Trend Micro, Incorporated reserves the right to make changes to this document and to
the products described herein without notice. Before installing and using the software,
please review the readme files, release notes, and the latest version of the applicable user
documentation, which are available from the Trend Micro website at:
http://docs.trendmicro.com
Trend Micro, the Trend Micro t-ball logo, InterScan, and Control Manager are
trademarks or registered trademarks of Trend Micro, Incorporated. All other product or
company names may be trademarks or registered trademarks of their owners.
Copyright © 2003-2011 Trend Micro, Incorporated. All rights reserved.
Document Part No. MSEM84990/110727
Release Date: August 2011
Patents Pending
The user documentation for Trend Micro™ InterScan™ Messaging Security Virtual
Appliance is intended to introduce the main features of the software and installation
instructions for your production environment. Read it before installing or using the
software.
Detailed information about how to use specific features within the software are available
in the online help file and the online Knowledge Base at Trend Micro’s website.
Trend Micro is always seeking to improve its documentation. Your feedback is always
welcome. Please evaluate this documentation on the following site:
http://www.trendmicro.com/download/documentation/rating.asp
Contents
Contents
Preface
What’s New ......................................................................................................xxii
Audience ..........................................................................................................xxvi
InterScan Messaging Security Virtual Appliance Documentation .........xxvi
Document Conventions ..............................................................................xxvii
Chapter 1: Introducing InterScan Messaging Security Virtual
Appliance
About IMSVA ................................................................................................. 1-2
IMSVA Main Features and Benefits ............................................................ 1-2
About Cloud Pre-Filter ................................................................................ 1-11
About Email Encryption ............................................................................. 1-11
About Spyware and Other Types of Grayware ........................................ 1-12
About Web Reputation ................................................................................ 1-13
About Trend Micro Control Manager ....................................................... 1-13
Integrating with Control Manager ......................................................... 1-14
iii
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Chapter 2: Component Descriptions
About IMSVA Components ......................................................................... 2-2
Cloud Pre-Filter Service Overview .......................................................... 2-2
Sender Filtering ......................................................................................2-2
Reputation-Based Source Filtering ..................................................... 2-2
Virus and Spam Protection .................................................................. 2-2
About Spam Prevention Solution ............................................................ 2-3
Spam Prevention Solution Technology ............................................. 2-3
Using Spam Prevention Solution ........................................................ 2-3
IP Filtering .................................................................................................. 2-3
How IP Profiler Works ........................................................................ 2-4
Email Reputation ........................................................................................2-4
Types of Email Reputation ................................................................. 2-4
How Email Reputation Technology Works ...................................... 2-6
About End-User Quarantine (EUQ) ...........................................................2-7
About Centralized Reporting ........................................................................ 2-7
Chapter 3: Planning for Deployment
Deployment Checklist .................................................................................... 3-2
Network Topology Considerations .............................................................. 3-5
Deploying IMSVA with Cloud Pre-Filter ............................................... 3-5
Deploying at the Gateway or Behind the Gateway ............................... 3-6
Installing without a Firewall ...................................................................... 3-9
Installing in Front of a Firewall ................................................................ 3-9
Incoming Traffic ..................................................................................3-10
Outgoing Traffic ..................................................................................3-10
Installing Behind a Firewall .....................................................................3-10
Incoming Traffic ..................................................................................3-10
Outgoing Traffic ..................................................................................3-11
Installing in the De-Militarized Zone ....................................................3-11
Incoming Traffic ..................................................................................3-11
Outgoing Traffic ..................................................................................3-11
About Device Roles ......................................................................................3-12
About Device Services .................................................................................3-12
iv
Contents
Choosing Services .................................................................................... 3-13
Deploying IMSVA with IP Filtering ..................................................... 3-13
Understanding Internal Communication Port .................................... 3-13
Understanding POP3 Scanning .................................................................. 3-14
Requirements for POP3 Scanning ........................................................ 3-14
Configuring a POP3 Client that Receives Email Through IMSVA . 3-15
Opening the IMSVA Web Console ........................................................... 3-16
Setting Up a Single Parent Device .............................................................. 3-16
Step 1: Configuring System Settings ..................................................... 3-18
Step 2: Configuring Deployment Settings ............................................ 3-19
Step 3: Configuring SMTP Routing Settings ....................................... 3-20
Step 4: Configuring Notification Settings ............................................ 3-21
Step 5: Configuring the Update Source ................................................ 3-22
Step 6: Configuring LDAP Settings ...................................................... 3-23
Step 7: Configuring Internal Addresses ................................................ 3-26
Step 8: Configuring TMCM Server Settings ........................................ 3-27
Step 9: Activating the Product ............................................................... 3-28
Step 10: Reviewing the Settings ............................................................. 3-29
Setting Up a Child Device ........................................................................... 3-29
Verifying Successful Deployment .............................................................. 3-31
Chapter 4: Installing IMSVA 8.2
System Requirements ..................................................................................... 4-2
Additional Requirements and Tools ....................................................... 4-3
Installing IMSVA ............................................................................................ 4-5
v
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Chapter 5: Upgrading from Previous Versions
Upgrading from an Evaluation Version ...................................................... 5-2
Upgrading from IMSVA 8.0 .......................................................................... 5-5
Upgrading a Single IMSVA ....................................................................... 5-5
Upgrading a Distributed Environment ................................................... 5-7
Verify the Upgrade Using SSH ................................................................ 5-9
Rolling Back an Upgrade ........................................................................... 5-9
Migrating from Previous Versions ..............................................................5-10
Migration Process .....................................................................................5-10
Migrating From IMSS for Windows .....................................................5-12
IMSS 7.1 for Windows Settings that Change ..................................5-12
Migrating From IMSS for Linux ............................................................5-13
IMSS 7.1 for Linux Settings that Change ........................................5-13
Migrating From IMSVA 8.0 ...................................................................5-14
IMSVA 8.0 Settings that Change ......................................................5-14
Chapter 6: Troubleshooting, FAQ, and Support Information
Troubleshooting .............................................................................................. 6-2
Troubleshooting Utilities .......................................................................... 6-2
Using the Knowledge Base ............................................................................ 6-5
Contacting Support ......................................................................................... 6-6
Appendix A: Creating a New Virtual Machine Under VMware
ESX for IMSVA
Creating a New Virtual Machine .................................................................. A-2
vi
Contents
Appendix B: Creating a New Virtual Machine Under
Microsoft Hyper-V for IMSVA
Understanding Hyper-V Installation ...........................................................B-2
IMSVA Support for Hyper-V .................................................................B-2
Hyper-V Virtualization Modes ...............................................................B-2
Installing IMSVA on Microsoft Hyper-V ..................................................B-2
Creating a Virtual Network Assignment ................................................B-3
Creating a New Virtual Machine .............................................................B-7
Using Para-Virtualization Mode .................................................................B-18
Index
vii
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
viii
Preface
Preface
Welcome to the Trend Micro™ InterScan™ Messaging Security Virtual Appliance 8.2
Installation Guide. This manual contains information on InterScan Messaging Security
Virtual Appliance (IMSVA) features, system requirements, as well as instructions on
installation and upgrading.
Refer to the IMSVA 8.2 Administrator’s Guide for information on how to configure
IMSVA settings and the Online Help in the web management console for detailed
information on each field on the user interface.
Topics include:
•
What’s New on page P-xxii
•
Audience on page xxvi
•
InterScan Messaging Security Virtual Appliance Documentation on page xxvi
•
Document Conventions on page xxvii
xxi
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
What’s New
IMSVA 8.2 New Features
Table P-1 provides an overview of new features available in IMSVA 8.2.
TABLE P-1.
IMSVA 8.2 New Features
N EW F EATURE
Email encryption
D ESCRIPTION
Trend Micro Email Encryption integrates with IMSVA to protect sensitive email content by
encrypting inbound and outbound email messages according to specific policies.
IMSVA can also scan encrypted messages for
threats.
IMSVA provides reports and notifications to monitor encrypted email traffic.
Multiple LDAP server support
IMSVA supports using more than one LDAP
server and has support for more LDAP server
types.
Dashboard and widgets
Real-Time summaries have been replaced with a
dashboard and widgets. This will provide administrators with more flexibility when viewing IMSVA
data.
The System Summary has been renamed "System Status" and appears in the left menu.
Regulatory compliance
support
IMSVA provides support for regulatory compliance in policies.
Cloud Pre-Filter enhancements
Cloud Pre-Filter now supports protection against
directory harvest attacks (DHA).
Accounts other than the "admin" account can be
granted access to Cloud Pre-Filter
Expanded Control Manager support
xxii
IMSVA now supports registering to Control Manager 5.5.
Preface
TABLE P-1.
IMSVA 8.2 New Features (Continued)
N EW F EATURE
D ESCRIPTION
Microsoft Hyper-V support
IMSVA now supports installation on Microsoft
Hyper-V.
EUQ enhancement
EUQ now supports single sign-on with Kerberos
and synchronized messages with Cloud Pre-Filter.
IMSVA 8.0 New Features
Table P-2 provides an overview of new features available in IMSVA 8.0.
TABLE P-2.
IMSVA 8.0 New Features
N EW F EATURE
Cloud Pre-Filter
D ESCRIPTION
Cloud Pre-Filter is a hosted email security service that can filter all of your email messages
before they reach your network. Pre-filtering your
email messages can save you time and money.
For more information, see Understanding Cloud
Pre-Filter on page 6-2.
Smart Search Text Box
Allows users to quickly navigate to screens on
the web console by typing the name of the screen
or feature in the Smart Search text field.
Policy Objects
Several information objects that can be used by
policies have been removed from policy creation
and given their own areas for configuration:
•
•
•
•
•
•
Address Groups
Keywords & Expressions
Policy Notifications
Stamps
DKIM Approved List
Web Reputation Approved List
xxiii
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE P-2.
IMSVA 8.0 New Features (Continued)
N EW F EATURE
Web Reputation
D ESCRIPTION
Protect your clients from malicious URLs embedded in email messages with Web reputation.
For more information, see About Web Reputation
on page 1-13.
NRS Terminology Change
Network Reputation Service (NRS) has been
changed to Email reputation.
Detection Capability
Enhancement
Use DomainKeys Identified Mail (DKIM) enforcement, with the DKIM Approved List, in policies to
assist in phishing protection and to reduce the
number of false positives regarding domains.
X-Header Support
Insert X-Headers into email messages to track
and catalog the messages.
Expanded File Scanning
Support
IMSVA now supports scanning Microsoft® Office
2007 and Adobe® Acrobat® 8 documents.
Scan Exception Enhancement
IMSVA now supports configuring custom policy
settings for encrypted messages and password
protected attachments. Special actions can be
taken on encrypted messages or password protected files sent/received by specified users or
groups.
EUQ Enhancement
xxiv
IMSVA now allows users to review and delete or
approve messages that are quarantined by
administrator-created content filters and those
quarantined by the Spam Prevention Solution.
Preface
TABLE P-2.
IMSVA 8.0 New Features (Continued)
N EW F EATURE
EUQ Single Sign-on
(SSO)
D ESCRIPTION
IMSVA now allows users to log in once to their
domain and then to EUQ without re-entering their
domain name and password.
Note: IMSVA 8.0 only supports Internet Explorer
and Firefox with Windows Active Directory
as the LDAP server.
Antispoofing filter
With this filter, a message that has the sender
domain that is the same as the recipient(s)
domain, and the message does not come from an
internal IP address, IMSVA takes action on the
message.
xxv
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Audience
The InterScan Messaging Security Virtual Appliance documentation is written for IT
administrators in medium and large enterprises. The documentation assumes that the
reader has in-depth knowledge of email messaging networks, including details related to
the following:
•
SMTP and POP3 protocols
•
Message transfer agents (MTAs), such as Postfix or Microsoft™ Exchange
•
LDAP
•
Database management
The documentation does not assume the reader has any knowledge of antivirus or
antispam technology.
InterScan Messaging Security Virtual
Appliance Documentation
The InterScan Messaging Security Virtual Appliance (IMSVA) documentation consists
of the following:
•
Installation Guide: Contains introductions to IMSVA features, system
requirements, and provides instructions on how to deploy and upgrade IMSVA in
various network environments.
•
Administrator’s Guide: Helps you get IMSVA up and running with
post-installation instructions on how to configure and administer IMSVA.
•
Online Help: Provides detailed instructions on each field and how to configure all
features through the user interface. To access the online help, open the web
management console, then click the help icon (
•
).
Readme File: Contain late-breaking product information that might not be found
in the other documentation. Topics include a description of features, installation
tips, known issues, and product release history.
The Installation Guide, Administrator’s Guide and readme files are available at:
http://docs.trendmicro.com
xxvi
Preface
Document Conventions
To help you locate and interpret information easily, the IMSVA documentation uses the
following conventions.
CONVENTION
DESCRIPTION
ALL CAPITALS
Acronyms, abbreviations, and names of certain commands and keys on the keyboard
Bold
Menus and menu commands, command buttons,
tabs, options, and other user interface items
Italics
References to other documentation
Monospace
Examples, sample command lines, program code,
web URL, file name, and program output
Configuration notes
Note:
Recommendations
Tip:
WARNING!
Reminders on actions or configurations that must be
avoided
xxvii
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
xxviii
Chapter 1
Introducing InterScan Messaging
Security Virtual Appliance
This chapter introduces InterScan Messaging Security Virtual Appliance (IMSVA)
features, capabilities, and technology, and provides basic information on other Trend
Micro products that will enhance your anti-spam capabilities.
Topics include:
•
About IMSVA on page 1-2
•
IMSVA Main Features and Benefits on page 1-2
•
About Cloud Pre-Filter on page 1-11
•
About Spyware and Other Types of Grayware on page 1-12
•
About Web Reputation on page 1-13
•
About Trend Micro Control Manager on page 1-13
1-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
About IMSVA
InterScan Messaging Security Virtual Appliance (IMSVA) integrates multi-tiered spam
prevention and anti-phishing with award-winning antivirus and anti-spyware. Content
filtering enforces compliance and prevents data leakage. This easy-to-deploy appliance is
delivered on a highly scalable platform with centralized management, providing easy
administration. Optimized for high performance and continuous security, the appliance
provides comprehensive gateway email security.
IMSVA Main Features and Benefits
The following table outlines the main features and benefits that IMSVA can provide to
your network.
TABLE 1-1.
F EATURE
Main Features and Benefits
D ESCRIPTIONS
B ENEFITS
Cloud-based
pre-filtering of
messages
Cloud Pre-Filter integrates with
IMSVA to scan all email traffic
before it reaches your network.
Cloud Pre-Filter can stop significant amounts of spam and
malicious messages (upto
90% of your total message
traffic) from ever reaching
your network.
Email encryption
Trend Micro Email Encryption
integrates with IMSVA to encrypt
or decrypt all email traffic entering and leaving your network.
Trend Micro Email Encryption provides IMSVA the ability to encrypt all email
messages leaving your network. By encrypting all email
messages leaving a network
administrators can prevent
sensitive data from being
leaked.
1-2
Introducing InterScan Messaging Security Virtual Appliance
TABLE 1-1.
F EATURE
Main Features and Benefits (Continued)
D ESCRIPTIONS
B ENEFITS
Administrators can meet goverment regulatory requirements
using the new default policy
scanning conditions "Complaince templates".
Compliance templates provide administrators with regulatory compliance for the
following:
Real-time Statistics and
Monitor
Administrators can monitor the
scan performance and IP filtering
performance of all IMSVA
devices (within a group) on the
web management console.
IMSVA provides administrators with an overview of the
system that keeps administrators informed on the first sign
of mail processing issues.
Detailed logging helps administrators proactively manage
issues before they become a
problem.
Antivirus protection
IMSVA performs virus detection
using Trend Micro scan engine
and a technology called pattern
matching. The scan engine compares code in files passing
through your gateway with binary
patterns of known viruses that
reside in the pattern file. If the
scan engine detects a match, it
performs the actions as configured in the policy rules.
IMSVA’s enhanced virus/content scanner keeps your messaging system working at top
efficiency.
Regulatory
compliance
•
•
•
•
•
GLBA
HIPAA
PCI-DSS
SB-1386
US PII
1-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 1-1.
F EATURE
IntelliTrap
Main Features and Benefits (Continued)
D ESCRIPTIONS
Virus writers often attempt to circumvent virus filtering by using
different file compression
schemes. IntelliTrap provides
heuristic evaluation of these
compressed files.
B ENEFITS
IntelliTrap helps reduce the
risk that a virus compressed
using different file compression schemes will enter your
network through email.
Because there is the possibility
that IntelliTrap may identify a
non-threat file as a security risk,
Trend Micro recommends quarantining message attachments
that fall into this category when
IntelliTrap is enabled. In addition,
if your users regularly exchange
compressed files, you may want
to disable this feature.
By default, IntelliTrap is turned
on as one of the scanning conditions for an antivirus policy, and
is configured to quarantine message attachments that may be
classified as security risks.
Content management
1-4
IMSVA analyzes email messages
and their attachments, traveling
to and from your network, for
appropriate content.
Content that you deem inappropriate, such as personal
communication, large attachments, and so on, can be
blocked or deferred effectively using IMSVA.
Introducing InterScan Messaging Security Virtual Appliance
TABLE 1-1.
F EATURE
Main Features and Benefits (Continued)
D ESCRIPTIONS
B ENEFITS
Protection against other email threats
DoS attacks
By flooding a mail server with
large attachments, or sending
messages that contain multiple
viruses or recursively compressed files, individuals with
malicious intent can disrupt mail
processing.
IMSVA allows you to configure the characteristics of
messages that you want to
stop at the SMTP gateway,
thus reducing the chances of
a DoS attack.
Malicious
email content
Many types of file attachments,
such as executable programs and
documents with embedded macros, can harbor viruses. Messages with HTML script files,
HTML links, Java applets, or
ActiveX controls can also perform
harmful actions.
IMSVA allows you to configure the types of messages
that are allowed to pass
through the SMTP gateway.
Degradation
of services
Non-business-related email traffic has become a problem in
many organizations. Spam messages consume network bandwidth and affect employee
productivity. Some employees
use company messaging systems
to send personal messages,
transfer large multimedia files, or
conduct personal business during
working hours.
Most companies have acceptable usage policies for their
messaging system—IMSVA
provides tools to enforce and
ensure compliance with existing policies.
1-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 1-1.
Main Features and Benefits (Continued)
F EATURE
D ESCRIPTIONS
B ENEFITS
Legal liability
and business
integrity
Improper use of email can also
put a company at risk of legal liability. Employees may engage in
sexual or racial harassment, or
other illegal activity. Dishonest
employees can use a company
messaging system to leak confidential information. Inappropriate messages that originate from
a company’s mail server damage
the company’s reputation, even if
the opinions expressed in the
message are not those of the
company.
IMSVA provides tools for
monitoring and blocking content to help reduce the risk
that messages containing
inappropriate or confidential
material will be allowed
through your gateway.
1-6
Introducing InterScan Messaging Security Virtual Appliance
TABLE 1-1.
Main Features and Benefits (Continued)
F EATURE
D ESCRIPTIONS
Mass mailing
virus containment
Email-borne viruses that may
automatically spread bogus messages through a company’s messaging system can be expensive
to clean up and cause panic
among users.
When IMSVA detects a
mass-mailing virus, the action
performed against this virus can
be different from the actions
against other types of viruses.
For example, if IMSVA detects a
macro virus in a Microsoft Office
document with important information, you can configure the program to quarantine the message
instead of deleting the entire
message, to ensure that important information will not be lost.
However, if IMSVA detects a
mass-mailing virus, the program
can automatically delete the
entire message.
B ENEFITS
By auto-deleting messages
that contain mass-mailing
viruses, you avoid using
server resources to scan,
quarantine, or process messages and files that have no
redeeming value.
The identities of known
mass-mailing viruses are in
the Mass Mailing Pattern that
is updated using the TrendLabs SM ActiveUpdate Servers.
You can save resources,
avoid help desk calls from
concerned employees and
eliminate post-outbreak
cleanup work by choosing to
automatically delete these
types of viruses and their
email containers.
Protection from Spyware and other types of grayware
Spyware and
other types of
grayware
Other than viruses, your clients
are at risk from potential threats
such as spyware, adware and
dialers. For more information,
see About Spyware and Other Types
of Grayware on page 1-12
IMSVA’s ability to protect your
environment against spyware
and other types of grayware
enables you to significantly
reduce security, confidentiality, and legal risks to your
organization.
1-7
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 1-1.
F EATURE
Main Features and Benefits (Continued)
D ESCRIPTIONS
B ENEFITS
Spam Prevention Solution (SPS)
is a licensed product from Trend
Micro that provides spam detection services to other Trend Micro
products. To use SPS, obtain an
SPS Activation Code. For more
information, contact your sales
representative.
The detection technology
used by Spam Prevention
Solution (SPS) is based on
sophisticated content processing and statistical analysis. Unlike other approaches
to identifying spam, content
analysis provides high-performance, real-time detection
that is highly adaptable, even
as spam senders change their
techniques.
Integrated spam
Spam Prevention Solution
(SPS)
SPS works by using a built-in
spam filter that automatically
becomes active when you register and activate the SPS license.
Spam Filtering with IP
Profiler and
Email reputation
IP Profiler is a self-learning, fully
configurable feature that proactively blocks IP addresses of
computers that send spam and
other types of potential threats.
Email reputation blocks IP
addresses of known spam senders that Trend Micro maintains in
a central database.
Note: Activate SPS before you
configure IP Profiler and
Email reputation.
1-8
With the integration of IP Filtering, which includes IP Profiler and Email reputation,
IMSVA can block spammers
at the IP level.
Introducing InterScan Messaging Security Virtual Appliance
TABLE 1-1.
F EATURE
Main Features and Benefits (Continued)
D ESCRIPTIONS
B ENEFITS
You can configure LDAP settings
if you are using LDAP directory
services such as Lotus Domino TM or Microsoft TM Active Directory TM for user-group definition
and administrator privileges.
Using LDAP, you can define
multiple rules to enforce your
company’s email usage
guidelines. You can define
rules for individuals or
groups, based on the sender
and recipient addresses.
Others
LDAP and
domain-based
policies
Note: You must have LDAP to
use End-User Quarantine.
Web-based
management
console
The web-based management
console allows you to conveniently configure IMSVA policies
and settings.
The web-based console is
SSL-compatible. Being
SSL-compatible means
access to IMSVA is more
secure.
End-User
Quarantine
(EUQ)
IMSVA provides web-based EUQ
to improve spam management.
The web-based EUQ service
allows end-users to manage their
own spam quarantine. Spam Prevention Solution (SPS) quarantines messages that it determines
are spam. The EUQ indexes
these messages into a database.
The messages are then available
for end-users to review, delete, or
approve for delivery.
With the web-based EUQ
console, end-users can manage messages that IMSS
quarantines.
Delegated
administration
IMSVA offers the ability to create
different access rights to the web
management console. You can
choose which sections of the
console are accessible for different administrator logon accounts.
By delegating administrative
roles to different employees,
you can promote the sharing
of administrative duties.
1-9
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 1-1.
F EATURE
Main Features and Benefits (Continued)
D ESCRIPTIONS
B ENEFITS
Centralized reporting gives you
the flexibility of generating one
time (on demand) reports or
scheduled reports.
Helps you analyze how
IMSVA is performing.
System availability monitor
A built-in agent monitors the
health of your IMSVA server and
delivers notifications through
email or SNMP trap when a fault
condition threatens to disrupt the
mail flow.
Email and SNMP notification
on detection of system failure
allows you to take immediate
corrective actions and minimize downtime.
POP3 scanning
You can choose to enable or disable POP3 scanning from the
web management console.
In addition to SMTP traffic,
IMSVA can also scan POP3
messages at the gateway as
messaging clients in your network retrieve them.
Centralized
reporting
1-10
One time (on demand) reports
allow you to specify the type
of report content as and when
required. Alternatively, you
can configure IMSVA to automatically generate reports
daily, weekly, and monthly.
Introducing InterScan Messaging Security Virtual Appliance
TABLE 1-1.
Main Features and Benefits (Continued)
F EATURE
D ESCRIPTIONS
B ENEFITS
Integration
with Trend
Micro Control
Manager™
Trend Micro Control Manager™
(TMCM) is a software management solution that gives you the
ability to control antivirus and
content security programs from a
central location regardless of the
program’s physical location or
platform. This application can
simplify the administration of a
corporate virus and content security policy.
Outbreak Prevention Services
delivered through Trend
Micro Control Manager™
reduces the risk of outbreaks.
When a Trend Micro product
detects a new email-borne
virus, TrendLabs issues a
policy that uses the advanced
content filters in IMSVA to
block messages by identifying
suspicious characteristics in
these messages. These rules
help minimize the window of
opportunity for an infection
before the updated pattern
file is available.
For details, see About Trend Micro
Control Manager on page 1-13.
About Cloud Pre-Filter
Cloud Pre-Filter is a cloud security solution that integrates with IMSVA to provide
proactive protection in the cloud with the privacy and control of an on-premise, virtual
appliance.
Cloud Pre-Filter reduces inbound email volume up to 90% by blocking spam and
malware outside your network. Cloud Pre-Filter is integrated with IMSVA at the gateway
allowing flexible control over sensitive information. And local quarantines ensure your
email stays private. No email is stored in the cloud. With Cloud Pre-Filter, you can
reduce complexity and overhead to realize significant cost savings.
About Email Encryption
Trend Micro Email Encryption provides IMSVA with the ability to perform encryption
and decryption of email. With Email Encryption, IMSVA has the ability to encrypt and
decrypt email regardless of the email client or platform from which it originated. The
1-11
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
encryption and decryption of email on Trend Micro Email Encryption is controlled by a
Policy Manager that enables an administrator to configure policies based on various
parameters, such as sender and recipient email addresses, keywords or where the email
(or attachments) contain credit card numbers. Trend Micro Email Encryption presents
itself as a simple mail transfer protocol (SMTP) interface and delivers email out over
SMTP to a configured outbound mail transport agent (MTA). This enables easy
integration with other email server-based products, be them content scanners, mail
servers or archiving solutions.
About Spyware and Other Types of Grayware
Your clients are at risk from threats other than viruses. Grayware can negatively affect
the performance of the computers on your network and introduce significant security,
confidentiality, and legal risks to your organization (see Table 1-2).
TABLE 1-2.
Types of spyware/grayware
TYPES OF
S PYWARE /G RAYWARE
1-12
D ESCRIPTIONS
Spyware/Grayware
Gathers data, such as account user names and
passwords, and transmits them to third parties.
Adware
Displays advertisements and gathers data, such as
user web surfing preferences, through a web
browser.
Dialers
Changes computer Internet settings and can force a
computer to dial pre-configured phone numbers
through a modem.
Joke Program
Causes abnormal computer behavior, such as closing and opening the DVD-ROM tray and displaying
numerous message boxes.
Hacking Tools
Helps hackers gain unauthorized access to computers.
Remote Access Tools
Helps hackers remotely access and control computers.
Password Cracking
Applications
Helps hackers decipher account user names and
passwords.
Introducing InterScan Messaging Security Virtual Appliance
TABLE 1-2.
Types of spyware/grayware (Continued)
TYPES OF
S PYWARE /G RAYWARE
Others
D ESCRIPTIONS
Other types not covered above.
About Web Reputation
Trend Micro Web reputation technology helps break the infection chain by assigning
web sites a “reputation” based on an assessment of the trustworthiness of an URL,
derived from an analysis of the domain. Web reputation protects against web-based
threats including zero-day attacks, before they reach the network. Trend Micro Web
reputation technology tracks the lifecycle of hundreds of millions of web domains,
extending proven Trend Micro antispam protection to the Internet.
About Trend Micro Control Manager
Trend Micro™ Control Manager™ is a software management solution that gives you
the ability to control antivirus and content security programs from a central location
regardless of the program’s physical location or platform. This application can simplify
the administration of a corporate virus and content security policy.
Control Manager consists of the following components:
•
Control Manager server—The Control Manager server is the computer to which
the Control Manager application installs. The web-based Control Manager
management console is hosted from this server.
•
Agent—The agent is an application installed on a managed product that allows
Control Manager to manage the product. The agent receives commands from the
Control Manager server, and then applies them to the managed product. The agent
also collects logs from the product and sends them to Control Manager.
Note:
You do not need to install the agent separately. The agent automatically installs
when you install IMSVA.
1-13
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
•
Entity—An entity is a representation of a managed product on the Product
Directory link. Each entity has an icon in the directory tree. The directory tree on
the Control Manager console displays all managed entities, and IMSVA can be one
of the entities.
When you install an IMSVA scanner, the Control Manager/MCP agent is also
installed automatically. After the agent is enabled, each scanner will register to the
Control Manager server and appear as separate entities.
Note:
Use Control Manager server version 5.5 or later when using Control Manager to
manage IMSVA. For more information on the latest version and the most recent
patches and updates, see the Trend Micro Update Center:
http://www.trendmicro.com/download/product.asp?productid=7
Integrating with Control Manager
Table 1-3 shows a list of Control Manager features that IMSVA supports.
TABLE 1-3.
Supported Control Manager features
F EATURES
D ESCRIPTIONS
2-way Communication
Using 2-way communication,
either IMSVA or Control Manager may initiate the communication process.
No.
Outbreak Prevention Policy
The Outbreak Prevention Policy (OPP) is a quick response
to an outbreak developed by
TrendLabs that contains a list
of actions IMSVA should perform to reduce the likelihood
of the IMSVA server or its clients from becoming infected.
Yes
Trend Micro ActiveUpdate
Server deploys this policy to
IMSVA through Control Manager.
1-14
S UPPORTED ?
Only IMSVA can initiate a
communication process with
Control Manager.
Introducing InterScan Messaging Security Virtual Appliance
TABLE 1-3.
Supported Control Manager features (Continued)
F EATURES
D ESCRIPTIONS
S UPPORTED ?
Log Upload
for Query
Uploads IMSVA virus logs,
Content Security logs, and
Email reputation logs to Control Manager for query purposes.
Yes
Single
Sign-On
Manage IMSVA from Control
Manager directly without first
logging on to the IMSVA web
management console.
No.
Configuration
Replication
Replicate configuration settings from an existing IMSVA
server to a new IMSVA server
from Control Manager.
Yes
Pattern
Update
Update pattern files used by
IMSVA from Control Manager
Yes
Engine
Update
Update engines used by
IMSVA from Control Manager.
Yes
Product Component
Update
Update IMSVA product components such as patches and
hot fixes from Control Manager.
No.
You need to first log on to
the IMSVA web management console before you
can manage IMSVA from
Control Manager.
Refer to the specific patch
or hot fix readme file for
instructions on how to
update the product components.
1-15
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 1-3.
Supported Control Manager features (Continued)
F EATURES
D ESCRIPTIONS
S UPPORTED ?
Configuration
By User Interface Redirect
Configure IMSVA through the
IMSVA web management
console accessible from Control Manager.
Yes
Renew Product Registration
Renew IMSVA product
license from Control Manager.
Yes
Customized
Reporting
from Control
Manager
Control Manager provides
customized reporting and log
queries for email-related
data.
Yes
Control Manager Agent
Installation
/Uninstallation
Install or uninstall IMSVA
Control Manager Agent from
Control Manager.
No.
IMSVA Control Manager
agent is automatically
installed when you install
IMSVA. To enable/disable
the agent, do the following
from the IMSVA web management console:
1. Choose Administration
> Connections from the
menu.
2. Click the TMCM Server
tab.
3. To enable/disable the
agent, select/clear the
check box next to
Enable MCP Agent .
1-16
Event Notification
Send IMSVA event notification from Control Manager.
Yes
Command
Tracking for
All Commands
Track the status of commands
that Control Manager issues
to IMSVA.
Yes
Chapter 2
Component Descriptions
This chapter explains the requirements necessary to manage IMSVA and the various
software components the product needs to function.
Topics include:
•
About IMSVA Components on page 2-2
•
Cloud Pre-Filter Service Overview on page 2-2
•
IP Filtering on page 2-3
•
Email Reputation on page 2-4
•
About End-User Quarantine (EUQ) on page 2-7
2-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
About IMSVA Components
The new architecture of IMSVA separates the product into distinct components that
each perform a particular task in message processing. The following sections provide an
overview of each component.
Cloud Pre-Filter Service Overview
Cloud Pre-Filter service is a managed email security service powered by the Trend Micro
Email Security Platform. By routing your inbound messages through the service, you
protect your domains against spam, phishing, malware, and other messaging threats
before the threats reach your network.
Sender Filtering
By approving senders, Cloud Pre-Filter Service subscribers automatically allow messages
from trusted mail servers or email addresses. Messages from approved senders are not
checked for spam or source reputation. Messages from approved senders are scanned
for viruses.
By blocking senders, subscribers automatically block messages from untrusted sources.
Reputation-Based Source Filtering
With Trend Micro Email Reputation, Cloud Pre-Filter service verifies email sources
against dynamic and self-updating reputation databases to block messages from the
latest botnets and other IP addresses controlled by spammers, phishers, and malware
distributors.
Virus and Spam Protection
With Trend Micro antivirus technology, Cloud Pre-Filter Service protects against
infectious messages from mass-mailing worms or manually crafted messages that
contain Trojans, spyware, or other malicious code.
Cloud Pre-Filter Service checks messages for spam characteristics to effectively reduce
the volume of unsolicited messages.
2-2
Component Descriptions
About Spam Prevention Solution
Spam Prevention Solution (SPS) is a licensed product from Trend Micro that provides
spam-detection services to other Trend Micro products. The SPS license is included in
the Trend Micro Antivirus and Content Filter license. For more information, contact
to your sales representative.
Spam Prevention Solution Technology
SPS uses detection technology based on sophisticated content processing and statistical
analysis. Unlike other approaches to identifying spam, content analysis provides high
performance, real-time detection that is highly adaptable, even as spammers change their
techniques.
Using Spam Prevention Solution
SPS works through a built-in spam filter that automatically becomes active when you
register and activate the Spam Prevention Solution license.
IP Filtering
IMSVA includes optional IP Filtering, which consists of two parts:
•
IP Profiler—Allows you to configure threshold settings used to analyze email
traffic. When traffic from an IP address violates the settings, IP Profiler adds the IP
address of the sender to its database and then blocks incoming connections from
the IP address.
IP profiler detects any of these four potential Internet threats:
•
Spam—Email with unwanted advertising content.
•
Viruses—Various virus threats, including Trojan programs.
•
Directory Harvest Attack (DHA)—A method used by spammers to collect
valid email addresses by generating random email addresses using a
combination of random email names with valid domain names. Emails are then
sent to these generated email addresses. If an email message is delivered, the
email address is determined to be genuine and thus added to the spam
databases.
2-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
•
•
Bounced Mail—An attack that uses your mail server to generate email
messages that have the target's email domain in the "From" field. Fictitious
addresses send email messages and when they return, they flood the target's
mail server.
Email Reputation—Blocks email from known spam senders at the IP-level.
How IP Profiler Works
IP Profiler proactively identifies IP addresses of computers that send email containing
threats mentioned in the section IP Filtering on page 2-3. You can customize several
criteria that determine when IMSVA will start taking a specified action on an IP address.
The criteria differ depending on the potential threat, but commonly include a duration
during which IMSVA monitors the IP address and a threshold.
To accomplish this, IP Profiler makes use of several components, the most important of
which is Foxproxy—a server that relays information about email traffic to IMSVA.
The following process takes place after IMSVA receives a connection request from a
sending mail server:
1.
FoxProxy queries the IP Profiler’s DNS server to see if the IP address is on the
blocked list.
2.
If the IP address is on the blocked list, IMSVA denies the connection request.
If the IP address is not on the blocked list, IMSVA analyzes the email traffic
according to the threshold criteria you specify for IP Profiler.
3.
If the email traffic violates the criteria, IMSVA adds the sender IP address to the
blocked list.
Email Reputation
Trend Micro designed Email reputation to identify and block spam before it enters a
computer network by routing Internet Protocol (IP) addresses of incoming mail
connections to Trend Micro Smart Protection Network for verification against an
extensive Reputation Database.
Types of Email Reputation
There are two types of Email reputation: Standard and Advanced.
2-4
Component Descriptions
Email Reputation: Standard
This service helps block spam by validating requested IP addresses against the Trend
Micro reputation database, powered by the Trend Micro Smart Protection Network.
This ever-expanding database currently contains over 1 billion IP addresses with
reputation ratings based on spamming activity. Trend Micro spam investigators
continuously review and update these ratings to ensure accuracy.
Email reputation: Standard is a DNS single-query-based service. Your designated email
server makes a DNS query to the standard reputation database server whenever an
incoming email message is received from an unknown host. If the host is listed in the
standard reputation database, Email reputation reports that email message as spam.
Email Reputation: Advanced
Email reputation: Advanced identifies and stops sources of spam while they are in the
process of sending millions of messages.
This is a dynamic, real-time antispam solution. To provide this service, Trend Micro
continuously monitors network and traffic patterns and immediately updates the
dynamic reputation database as new spam sources emerge, often within minutes of the
first sign of spam. As evidence of spam activity ceases, the dynamic reputation database
is updated accordingly.
Like Email reputation: Standard, Email reputation: Advanced is a DNS query-based
service, but two queries can be made to two different databases: the standard reputation
database and the dynamic reputation database (a database updated dynamically in real
time). These two databases have distinct entries (no overlapping IP addresses), allowing
Trend Micro to maintain a very efficient and effective database that can quickly respond
to highly dynamic sources of spam. Email reputation: Advanced has blocked more than
80% of total incoming connections (all were malicious) in customer networks. Results
will vary depending on how much of your incoming email stream is spam. The more
spam you receive, the higher the percentage of blocked connections you will see.
2-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
How Email Reputation Technology Works
Trend Micro Email reputation technology is a Domain Name Service (DNS)
query-based service. The following process takes place after IMSVA receives a
connection request from a sending mail server:
1.
IMSVA records the IP address of the computer requesting the connection.
2.
IMSVA forwards the IP address to the Trend Micro Email reputation DNS servers
and queries the Reputation Database. If the IP address had already been reported as
a source of spam, a record of the address will already exist in the database at the
time of the query.
3.
If a record exists, Email reputation instructs IMSVA to permanently or temporarily
block the connection request. The decision to block the request depends on the
type of spam source, its history, current activity level, and other observed
parameters.
Figure 2-1 illustrates how Email reputation works.
Email reputation database
Clients
Trend Micro Network
Incoming email
Spammers blocked
at the IP (layer 3) level
FIGURE 2-1.
2-6
IMSVA
How Email reputation works
Component Descriptions
For more information on the operation of Trend Micro Email reputation, visit
http://us.trendmicro.com/us/products/enterprise/network-reputation-services/index.
html
About End-User Quarantine (EUQ)
IMSVA provides Web-based EUQ to improve spam management. The Web-based
EUQ service allows end users to manage their own spam quarantine. Messages that
Spam Prevention Solution (licensed separately from IMSVA), or administrator-created
content filters, determine to be spam, are placed into quarantine. These messages are
indexed into a database by the EUQ agent and are then available for end users to review
and delete or approve for delivery.
About Centralized Reporting
To help you analyze how IMSVA is performing, use the centralized reporting feature.
You can configure one time (on demand) reports or automatically generate reports
(daily, weekly, and monthly).
2-7
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
2-8
Chapter 3
Planning for Deployment
This chapter explains how to plan for IMSVA deployment. For instructions on
performing initial configuration, see the Administrator’s Guide.Topics include:
•
Deployment Checklist on page 3-2
•
Network Topology Considerations on page 3-5
•
About Device Services on page 3-12
•
Understanding POP3 Scanning on page 3-14
•
Opening the IMSVA Web Console on page 3-16
•
Setting Up a Single Parent Device on page 3-16
•
Setting Up a Child Device on page 3-29
•
Verifying Successful Deployment on page 3-31
3-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Deployment Checklist
The deployment checklist provides step-by-step instructions on the pre-installation and
post-installation tasks for deploying IMSVA.
TABLE 3-1.
Deployment Checklist
T ICK
WHEN
COMPLETED
TASKS
O PTIONAL
R EFERENCE
Step 1 - Deploy IMSVA with Cloud Pre-Filter
• Deploy with Cloud Pre-Filter
Yes
Deploying IMSVA
with Cloud Pre-Filter on page 3-5
Step 2 - Identify the location of IMSVA
Choose one of the following locations on your network where you
would like to install IMSVA.
3-2
• At the gateway
Deploying at the
Gateway or Behind
the Gateway on
page 3-6
• Behind the gateway
Deploying at the
Gateway or Behind
the Gateway on
page 3-6
• Without a firewall
Installing without a
Firewall on page
3-9
• In front of a firewall
Installing in Front of
a Firewall on page
3-9
• Behind a firewall
Installing Behind a
Firewall on page
3-10
Planning for Deployment
TABLE 3-1.
Deployment Checklist (Continued)
T ICK
WHEN
COMPLETED
TASKS
O PTIONAL
• In the De-Militarized Zone
R EFERENCE
Installing in the
De-Militarized Zone
on page 3-11
Step 3 - Plan the scope
Decide whether you would like to install a single IMSVA device or
multiple devices.
• Single device installation
About Device Roles
on page 3-12
• Multiple IMSVA devices
About Device Roles
on page 3-12
Step 4 - Deploy or Upgrade
Deploy a new IMSVA device or upgrade from a previous version.
• Upgrade from a previous
Upgrading from
IMSVA 8.0 on page
5-5
version
Step 5 - Start services
Activate IMSVA services to start protecting your network against
various threats.
• Scanner
• Policy
• EUQ
Yes
IMSVA Services
section of the
Administrator’s
Guide.
Step 6 - Configure other IMSVA settings
Configure various IMSVA settings to get IMSVA up and running.
3-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 3-1.
Deployment Checklist (Continued)
T ICK
WHEN
COMPLETED
TASKS
• IP Filtering Rules
O PTIONAL
R EFERENCE
Yes
IP Filtering Service section of the
Administrator’s
Guide.
• SMTP Routing
• POP3 Settings
• Policy and scanning
exceptions
• Perform a manual update of
components and configure
scheduled updates
• Log settings
Scanning SMTP
Messages section of the Administrator’s Guide.
Yes
Scanning POP3
Messages section of the Administrator’s Guide.
Managing Policies section of the
Administrator’s
Guide.
Updating Scan
Engine and Pattern Files section
of the Administrator’s Guide.
Configuring Log
Settings section
of the Administrator’s Guide.
Step 7 - Back up IMSVA
Perform a backup of IMSVA as a precaution against system failure
3-4
Planning for Deployment
TABLE 3-1.
Deployment Checklist (Continued)
T ICK
WHEN
COMPLETED
TASKS
O PTIONAL
Back up IMSVA settings
R EFERENCE
Backing Up
IMSVA section of
the Administrator’s Guide.
Network Topology Considerations
Decide how you want to use IMSVA in your existing email and network topology. The
following are common scenarios for handling SMTP traffic:
Deploying IMSVA with Cloud Pre-Filter
Cloud Pre-Filter has no impact on how IMSVA should be deployed.
Note:
Cloud Pre-Filter uses port 9000 as the web service listening port. This port must be
open on the firewall for IMSVA to connect to Cloud Pre-Filter.
However, when adding Cloud Pre-Filter policies you must change the MX records, of
the domain specified in the policy, to that of the Cloud Pre-Filter inbound addresses.
The address is provided on the bottom of Cloud Pre-Filter Policy List screen. Click
Cloud Pre-Filter in the IMSVA management console to display the Cloud Pre-Filter
Policy List screen.
Tip: Trend Micro recommends adding IMSVA’s address to the domain’s MX records, and
placing IMSVA at a lower priority than Cloud Pre-Filter. This allows IMSVA to provide
email service continuity as a backup to Cloud Pre-Filter.
3-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Deploying at the Gateway or Behind the Gateway
TABLE 3-2.
At the Gateway
Behind the
Gateway
Common scenarios for handling SMTP traffic
S INGLE D EVICE
M ULTIPLE D EVICES
The only setup if you plan to
use IP Filtering with the
device. IMSVA is deployed at
the gateway to provide antivirus, content filtering, spam
prevention and IP Filtering
services, which include Network Reputation Services
and IP Profiler. See Figure 3-1.
The only setup if you plan to
use IP Filtering with at least
one of the devices. You can
enable or disable services on
different devices. See the following:
The most common setup.
IMSVA is deployed between
upstream and downstream
MTAs to provide antivirus,
content filtering and spam
prevention services. See Figure 3-2
The most common group
setup. IMSVA devices are
deployed between upstream
and downstream MTAs to provide antivirus, content filtering
and spam prevention services.
You can enable or disable services on different devices. See
the following
• Figure 3-3
• Choosing Services on page
3-13.
• Figure 3-4
• Choosing Services on page
3-13.
TREND M ICRO C ONTROL M ANAGER SCENARIO
If you have multiple groups, you can use Trend Micro Control Manager
(TMCM) to manage the devices.
3-6
Planning for Deployment
FIGURE 3-1.
Single IMSVA device at the gateway
FIGURE 3-2.
Single IMSVA device behind the gateway
3-7
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
3-8
FIGURE 3-3.
IMSVA group at the gateway
FIGURE 3-4.
IMSVA group behind the gateway
Planning for Deployment
Installing without a Firewall
Figure 3-5 illustrates how to deploy IMSVA and Postfix when your network does not
have a firewall:
Internet
Mail Servers
InterScan Server
FIGURE 3-5.
Note:
Installation topology: no firewall
Trend Micro does not recommend installing IMSVA without a firewall. Placing the
server hosting IMSVA at the edge of the network may expose it to security threats.
Installing in Front of a Firewall
Figure 3-6 illustrates the installation topology when you install IMSVA in front of your
firewall:
Internet
Mail Server
FIGURE 3-6.
InterScanServer
Firewall
Installation topology: in front of the firewall
3-9
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Incoming Traffic
•
Postfix should receive incoming messages first, then transfers them to IMSVA.
Configure IMSVA to reference your SMTP server(s) or configure the firewall to
permit incoming traffic from the IMSVA server.
•
Configure the Relay Control settings to only allow relay for local domains.
Outgoing Traffic
•
•
Configure the firewall (proxy-based) to route all outbound messages to IMSVA, so
that:
•
Outgoing SMTP email goes to Postfix first and then to IMSVA.
•
Incoming SMTP email can only come from Postfix to IMSVA servers.
Configure IMSVA to allow internal SMTP gateways to relay, through Postfix, to any
domain through IMSVA.
Tip: For more information, see Configuring SMTP Routing section of the Administrator’s
Guide.
Installing Behind a Firewall
Figure 3-7 illustrates how to deploy IMSVA and Postfix behind your firewall:
Internet
Mail Server
FIGURE 3-7.
InterScan Server
Firewall
Installation scenario: behind a firewall
Incoming Traffic
•
3-10
Configure your proxy-based firewall, as follows:
Planning for Deployment
•
Outgoing SMTP email goes to Postfix first and then to the IMSVA.
•
Incoming SMTP email goes first to Postfix, then to IMSVA, and then to the
SMTP servers in the domain.
•
Configure IMSVA to route email destined to your local domain(s) to the SMTP
gateway or your internal mail server.
•
Configure relay restriction to only allow relay for local domain(s).
Outgoing Traffic
•
Configure all internal SMTP gateways to send outgoing mail to Postfix and then to
IMSVA.
•
If you are replacing your SMTP gateway with IMSVA, configure your internal mail
server to send outgoing email through Postfix and then to IMSVA.
•
Configure Postfix and IMSVA to route all outgoing email (to domains other than
local), to the firewall, or deliver the messages.
•
Configure IMSVA to allow internal SMTP gateways to relay to any domain using
IMSVA.
Tip: For more information, see Configuring SMTP Routing section of the Administrator’s
Guide.
Installing in the De-Militarized Zone
You can also install IMSVA and Postfix in the De-Militarized Zone (DMZ):
Incoming Traffic
•
Configure your packet-based firewall.
•
Configure IMSVA to route email destined to your local domain(s) to the SMTP
gateway or your internal mail server.
Outgoing Traffic
•
Configure Postfix to route all outgoing email (destined to other than the local
domains) to the firewall or deliver them using IMSVA.
3-11
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
•
Configure all internal SMTP gateways to forward outgoing mail to Postfix and then
to IMSVA.
•
Configure IMSVA to allow internal SMTP gateways to relay to any domain, through
Postfix and IMSVA.
Tip: For more information, see Configuring SMTP Routing section of the Administrator’s
Guide.
About Device Roles
IMSVA can act as a parent or child device. Parent and child devices compose a group,
where the parent provides central management services to the child devices registered to
it.
•
Parent—Manages child devices. If you are deploying a single IMSVA device, select
parent mode during setup so that all IMSVA components are deployed.
•
Child—Is managed by a single parent device and will use all global settings that you
configure through the parent device’s Web console.
A group refers to a parent device with at least one child device registered to it.
About Device Services
You can enable different kinds of services on IMSVA devices.
Parent-only services:
•
Admin user interface service (Web console)—Manages global settings.
Parent and child services:
•
Policy service—Manages the rules that you configure.
•
Scanner service—Scans email traffic.
•
EUQ service—Manages End-User Quarantine, which allows your users to view
their email messages that IMSVA determined were spam.
•
Command Line Interface (CLI) service—Provides access to CLI features.
A child device is functional only when it is registered to a parent.
3-12
Planning for Deployment
Choosing Services
You can enable different types of services on parent and child devices. For example, to
increase throughput, add more child devices, enable all their services and allow the child
devices to scan traffic and provide EUQ services.
You can deploy IMSVA devices in a parent/child group in either deployment scenario.
However, if you enable the scanner service on parent and child devices, you must use the
same type of deployment for all devices in a single group. You cannot deploy some child
devices at the gateway and others behind the gateway.
In addition to the above SMTP-scanning scenarios, you might want IMSVA to scan
POP3 traffic. See Understanding POP3 Scanning on page 3-14 for more information.
Deploying IMSVA with IP Filtering
The Trend Micro IP Filtering, which includes IP Profiler and Email Reputation blocks
connections at the IP level.
To use IP Filtering, any firewall between IMSVA and the edge of your network must not
modify the connecting IP address as IP Filtering is not compatible with networks using
network address translation (NAT). If IMSVA accepts SMTP connections from the
same source IP address, for instance, IP Filtering will not work, as this address would be
the same for every received message and the IP filtering software would be unable to
determine whether the original initiator of the SMTP session was a known sender of
spam.
Understanding Internal Communication Port
IMSVA supports multiple network interfaces. This means one IMSVA device may have
multiple IP addresses. This introduces challenges when devices try to communicate
using a unique IP address. IMSVA incorporates the use of an Internal Communication
Port to overcome this challenge.
•
Users must specify one network interface card (NIC) as an Internal Communication
Port to identify the IMSVA device during installation.
•
After installation, users can change the Internal Communication Port on the IMSVA
Web console through the Configuration Wizard or the command line interface
(CLI).
3-13
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
•
In a group scenario, parent devices and child devices must use their Internal
Communication Port to communicate with each other. When registering a child
device to parent device, the user must specify the IP address of the parent device’s
Internal Communication Port.
Tip: Trend Micro recommends configuring a host route entry on each IMSVA device of the
group to ensure that parent-child communication uses the Internal Communication
Port.
•
IMSVA devices use the Internal Communication Port’s IP address to register to
Control Manager servers. When users want to configure IMSVA devices from the
Control Manager Web console, the Web console service on the Internal
Communication Port needs to be enabled. By default, the Web console service is
enabled on all ports.
Understanding POP3 Scanning
In addition to SMTP traffic, IMSVA can scan POP3 messages at the gateway as your
clients retrieve them. Even if your company does not use POP3 email, your employees
might access personal, Web-based POP3 email accounts, which can create points of
vulnerability on your network if the messages from those accounts are not scanned.
The most common email scanning deployments will use IMSVA to scan SMTP traffic,
which it does by default. However, to scan POP3 traffic that your organization might
receive from a POP3 server over the Internet, enable POP3 scanning.
With POP3 scanning enabled, IMSVA acts as a proxy, positioned between mail clients
and POP3 servers, to scan messages as the clients retrieve them.
To scan POP3 traffic, configure your email clients to connect to the IMSVA server
POP3 proxy, which connects to POP3 servers to retrieve and scan messages.
Requirements for POP3 Scanning
For IMSVA to scan POP3 traffic, a firewall must be installed on the network and
configured to block POP3 requests from all computers except IMSVA. This
configuration ensures that all POP3 traffic passes through the firewall to IMSVA and
that only IMSVA scans the POP3 traffic.
3-14
Planning for Deployment
Note:
If you disable POP3 scanning, your clients cannot receive POP3 mail.
Configuring a POP3 Client that Receives Email Through
IMSVA
To configure a POP3 client using a generic POP3 connection, configure the following:
•
IP address/Domain name: The IMSVA IP address or domain name.
•
Port: IMSVA Generic POP3 port.
•
Account: account_name#POP3_Server_Domain-name
for example: user#10.18.125.168
To configure a POP3 client using dedicated POP3 connections, configure the following:
•
IP address: The IMSVA IP address.
•
Port: The IMSVA dedicated POP3 port.
•
Account: account_name
for example: user
3-15
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Opening the IMSVA Web Console
You can view the IMSVA management console with a Web browser from the server
where you deployed the program, or remotely across the network.
To view the console in a browser, go to the following URL:
https://{IMSVA}:8445
where {IMSVA} refers to the IP address or Fully Qualified Domain Name. For
example: https://196.168.10.1:8445 or https://IMSVA1:8445
An alternative to using the IP address is to use the target server’s fully qualified domain
name (FQDN). To view the management console using SSL, type “https://” before the
domain name and append the port number after it.
The default logon credentials are as follows:
•
Administrator user name: admin
•
Password: imsva
Type the logon credentials the first time you open the console and click the Log on
button. To prevent unauthorized changes to your policies, Trend Micro recommends
that you set a new logon password immediately following deployment.
Note:
If you are using Internet Explorer (IE) 7.0 to access the Web console, IE will block
the access and display a popup dialog box indicating that the certificate was issued
from a different Web address. Simply ignore this message and click Continue to this
Web site to proceed.
Tip: To prevent unauthorized changes to your policies, Trend Micro recommends changing
the password regularly.
Setting Up a Single Parent Device
IMSVA provides a configuration wizard to help you configure all the settings you need
to get IMSVA up and running.
3-16
Planning for Deployment
To set up a single parent device:
1.
Make sure that your management computer can ping IMSVA’s IP address that you
configured during installation.
2.
On the management computer, open Internet Explorer (version 6.0 or later) or
Firefox (version 3.5 or later).
3.
Type the following URL (accept the security certificate if necessary):
https://<IP address>:8445
The logon screen appears.
4.
Select the Open Configuration Wizard check box.
5.
Type the following default user name and password:
•
User name: admin
•
Password: imsva
The Configuration Wizard screen appears.
6.
Progress through the Wizard screens to configure the settings.
3-17
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Step 1: Configuring System Settings
1.
After you read the welcome screen, click Next. The Local System Settings screen
appears.
2.
Modify the device host name, IP address, and netmask if necessary. Also, configure
your network settings and set the device system time.
Note:
3-18
The local system settings take effect immediately when you click the Next>
button. If the IP address or time settings are changed, IMSVA will restart. Wait
until IMSVA is online and then log on again.
Planning for Deployment
Step 2: Configuring Deployment Settings
1.
Click Next. The Deployment Settings screen appears.
2.
Select Parent Device or Child Device. If this is the first device you are setting up,
you must select Parent Device. You can configure additional child devices at a later
time.
To deploy the device between upstream and downstream MTAs, clear the gateway
deployment check box.
Also, decide if you want to use EUQ or NTP services.
3-19
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Step 3: Configuring SMTP Routing Settings
3-20
1.
Click Next. The SMTP Routing Settings screen appears.
2.
Add all SMTP server domains and their corresponding SMTP server names to the
relay domain list. IMSVA needs this information to pass email to SMTP servers for
delivery.
Planning for Deployment
Step 4: Configuring Notification Settings
1.
Click Next. The Notification Settings screen appears.
2.
If you want to receive notifications for system and policy events, configure the
Email or SNMP trap notification settings.
3-21
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Step 5: Configuring the Update Source
3-22
1.
Click Next. The Update Source screen appears.
2.
Configure the following update settings, which will determine from where IMSVA
will receive its component updates and through which proxy (if any) IMSVA needs
to connect to access the Internet:
•
Source—Click Trend Micro ActiveUpdate (AU) server to receive updates
directly from Trend Micro. Alternatively, click Other Internet source and type
the URL of the update source that will check the Trend Micro AU server for
updates. You can specify an update source of your choice or type the URL of
your Control Manager server http://<TMCM server
address>/ControlManager/download/activeupdate/, if applicable.
•
Proxy Settings—Select the Use proxy server check box and configure the
proxy type, server name, port, user name, and password.
Planning for Deployment
Step 6: Configuring LDAP Settings
1.
Click Next. The LDAP Settings screen appears.
2.
Type a meaningful description for the LDAP server.
3-23
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
3.
Configure LDAP settings only if you will use LDAP for user-group definition,
administrator privileges, or Web quarantine authentication.
a.
For LDAP server type, select one of the following:
•
Domino
•
Microsoft Active Directory
•
Microsoft AD Global Catalog
•
OpenLDAP
•
Sun iPlanet Directory
b.
To enable one or both LDAP servers, select the check boxes next to Enable
LDAP 1 or Enable LDAP 2.
c.
Type the names of the LDAP servers and the port numbers they listen on.
d. Under LDAP Cache Expiration for Policy Services and EUQ services,
type a number that represents the time to live next to the Time To Live in
minutes field.
e.
Under LDAP Admin, type the administrator account, its corresponding
password, and the base-distinguished name. See Table 3-4 for a guide on what
to specify for the LDAP admin settings.
TABLE 3-3.
LDAP S ERVER
Active Directory
LDAP Server Types
LDAP A DMIN A CCOUNT
( EXAMPLES )
Without Kerberos:
user1@domain.com
(UPN) or domain\user1
With Kerberos:
user1@domain.com
3-24
B ASE
D ISTINGUISHED
N AME
( EXAMPLES )
dc=domain,
dc=com
A UTHENTICATION
M ETHOD
Simple
Advanced (with
Kerberos)
Planning for Deployment
TABLE 3-3.
LDAP Server Types
LDAP S ERVER
Active Directory
Global Catalog
LDAP A DMIN A CCOUNT
( EXAMPLES )
Without Kerberos:
user1@domain.com
(UPN) or domain\user1
B ASE
D ISTINGUISHED
N AME
( EXAMPLES )
dc=domain,
dc=com
A UTHENTICATION
M ETHOD
Simple
Advanced (with
Kerberos)
With Kerberos:
user1@domain.com
dc=domain1,dc
=com (if mutiple unique
domains exist)
OpenLDAP
cn=manager, dc=test1,
dc=com
dc=test1,
dc=com
Simple
Lotus Domino
user1/domain
Not applicable
Simple
Sun iPlanet
Directory
uid=user1, ou=people,
dc=domain, dc=com
dc=domain,
dc=com
Simple
TABLE 3-4.
f.
LDAP admin settings
For Authentication method, click Simple or Advanced authentication. For
Active Directory advanced authentication, configure the Kerberos
authentication default realm, Default domain, KDC and admin server, and
KDC port number.
Note:
Specify LDAP settings only if you will use LDAP for user-group definition,
administrator privileges, or Web quarantine authentication. You must enable
LDAP to use End-User Quarantine.
3-25
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Step 7: Configuring Internal Addresses
1.
Click Next. The Internal Addresses screen appears.
2.
IMSVA uses the internal addresses to determine whether a policy or an event is
inbound or outbound.
•
If you are configuring a rule for outgoing messages, the internal address list
applies to the senders.
•
If you are configuring a rule for incoming messages, the internal address list
applies to the recipients.
To define internal domains and user groups, do one of the following:
3-26
•
Select Enter domain from the drop-down list, type the domain in the text box,
and then click >>.
•
Select Search for LDAP groups from the drop-down list. A screen for
selecting the LDAP groups appears. Type an LDAP group name for which you
want to search in the text box and click Search. The search result appears in the
list box. To add it to the Selected list, click >>.
Planning for Deployment
Step 8: Configuring TMCM Server Settings
1.
Click Next. The TMCM Server Settings screen appears.
2.
If you will use Control Manager to manage IMSVA, do the following:
a.
Select Enable MCP Agent (included with IMSVA by default).
b.
Next to Server, type the TMCM IP address or FQDN.
c.
Next to Communication protocol, select HTTP or HTTPS and type the
corresponding port number. The default port number for HTTP access is 80,
and the default port number for HTTPS is 443.
d. Under Web server authentication, type the user name and password for the
Web server if it requires authentication.
e.
If a proxy server is between IMSVA and TMCM, select Enable proxy.
3-27
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
f.
Type the proxy server port number, user name, and password.
Step 9: Activating the Product
3-28
1.
Click Next. The Product Activation screen appears.
2.
Type the Activation Codes for the products or services you want to activate. If you
do not have an Activation Code, click Register Online and follow the directions at
the Trend Micro Registration Web site.
Planning for Deployment
Step 10: Reviewing the Settings
1.
Click Next. The Review Settings screen appears.
2.
If your settings are correct, click Finish.
To modify any of your settings, click Back and keep moving through the screens
until your settings are complete. IMSVA will be operational after you click Finish
and exit the Wizard.
Setting Up a Child Device
This section explains how to set up a child device and register it to the parent device.
To set up a child device:
1.
Determine the IP address of the child device.
2.
On the parent device, do the following:
a.
After you set up a parent device (see Setting Up a Single Parent Device on page
3-16), make sure the parent device is operational.
3-29
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
b.
Log on to the Web console. Make sure that you are logging on the parent
device Web console.
c.
Choose Administration > IMSVA Configuration > Connections > Child
IP.
d. Under Add IP Address, add the IP address for the Internal Communication
Port of the child device.
3.
On the child device, do the following:
a.
Just as you did for the parent device, connect a management computer to the
child device and log on to the Web console. All IMSVA devices have the same
default Web console login credentials.
b.
In the Setup Wizard, configure the local system settings and then click Next>.
c.
On the Deployment Settings screen, select Child Server and add the IP
address for the Internal Communication Port of the parent device.
d. Click Finish.
4.
On the parent device, do the following:
a.
Choose System Status from the menu.
b.
Verify that the child device appears under Managed Services and that a green
appears under Connection. You can start or stop Scanner,
check mark
Policy, or EUQ services.
Note:
5.
3-30
If you enabled EUQ on the parent, it will also be enabled on the child.
If you want to use EUQ on the child device, redistribute the data across the EUQ
databases:
a.
On the parent device, choose Administration > End-User Quarantine. The
EUQ Management tab appears by default.
b.
Choose Redistribute all or Only redistribute approved senders. Trend
Micro recommends choosing Redistribute all.
c.
Click Redistribute.
Planning for Deployment
Note:
If you registered an EUQ-enabled child device to its parent device, add senders
to the approved senders list, and then re-distribute EUQ data, some of the newly
added approved senders might not appear.
Trend Micro recommends the following:
- After redistributing EUQ, the administrator informs all end users to verify that
the newly added approved senders are still available.
- That the administrator notifies all end users not to add EUQ approved senders
list when the administrator is adding a child device and redistributing EUQ.
Verifying Successful Deployment
After you have set up the IMSVA devices, the services should start automatically.
To verify that IMSVA services are active:
1.
Click System Status from the menu.
2.
Under Managed Services, ensure that the scanner and policy services are active.
Otherwise, click the Start button to activate them.
Note:
You can choose to enable or disable the EUQ services.
3-31
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
3-32
Chapter 4
Installing IMSVA 8.2
This chapter explains how to install IMSVA under different scenarios.
Topics include:
•
System Requirements on page 4-2
•
Installing IMSVA on page 4-5
4-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
System Requirements
Table 4-1 provides the recommended and minimum system requirements for running
IMSVA.
TABLE 4-1.
System Requirements
H ARDWARE /S OFTWARE
Operating System
D ESCRIPTION
IMSVA provides a self-contained installation
that provides a purpose-built, hardened, and
performance tuned CentOS Linux operating
system. This dedicated operating system
installs with IMSVA to provide a turnkey solution. A separate operating system, such as
Linux, Windows, or Solaris, is not required.
Note: IMSVA uses a 64-bit operating system.
When installing a 64-bit OS on
ESX/ESXi, you need to enter the BIOS
and enable VT (Virtualization
Technology).
Recommended CPU
Four Intel™ Xeon™ processors
Minimum CPU
Two Intel™ Xeon processors
Recommended Memory
8GB RAM
Minimum Memory
4GB RAM
Recommended Disk Space
250GB
Note: IMSVA automatically partitions the
detected disk space as per
recommended Linux practices
Minimum Disk Space
120GB
IMSVA automatically partitions the detected
disk space as per recommended Linux practices
4-2
Installing IMSVA 8.2
TABLE 4-1.
System Requirements (Continued)
H ARDWARE /S OFTWARE
D ESCRIPTION
Monitor
Monitor that supports 800 x 600 resolution
with 256 colors or higher
Server Platform Compatibility
IMSVA should install and operate without
issues on many brands of “off-the-shelf ”
server platforms. However, Trend Micro cannot guarantee 100% compatibility with all
brands and models of server platforms.
To obtain a list of Trend Micro certified servers
that are guaranteed compatible with IMSVA,
access the following URL:
http://www.trendmicro.com/go/certified
To obtain a general list of available platforms
that should operate with IMSVA, access the
following URL:
http://wiki.centos.org/HardwareList
Trend Micro cannot guarantee full compatibility with the hardware components from this
general list.
Additional Requirements and Tools
Table 4-2 lists the minimum application requirements to access the CLI and web console
interfaces and to manage IMSVA with Control Manager.
TABLE 4-2.
Minimum Software Requirements
A PPLICATION
S YSTEM
R EQUIREMENT
D ETAILS
SSH communications
application
SSH protocol
version 2
To adequately view the IMSVA CLI
through an SSH connection, set the terminal window size to 80 columns and 24
rows.
VMware™
ESX server
Version 4.0/4.1
If you want to install IMSVA as virtual
machine, install IMSVA on a VMware
ESX server 4.0/4.1.
4-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 4-2.
Minimum Software Requirements
A PPLICATION
Hyper-V
S YSTEM
R EQUIREMENT
Windows Server
2008 R2
D ETAILS
IMSVA only supports Hyper-V on Windows Server 2008 R2 and Windows
Server 2008 R2 with SP1 or later.
Windows Server
2008 R2 with SP1
or later
Internet
Explorer©
Version 8.0
Version 7.0
Version 6.0 SP2
Mozilla Firefox©
Version 5.0
Version 4.0
Version 3.6
To access the web console, which
allows you to configure all IMSVA settings, use Internet Explorer 6.0 SP 2 or
above or Firefox 3.5 or above. Using the
data port IP address you set during initial configuration, enter the following
URL:
https://[IP Address]:8445
Note: When accessing the Dashboard
using Internet Explorer 9.0,
Compatibility Mode must be
used to correctly render the
screen.
To Compatibility Mode for the
Dashboard when using Internet
Explorer 9.0, in Internet Explorer
click Page > Compatibility View
Settings, and add IMSVA to the
list.
4-4
Java™ Virtual
Machine
Version 5.0 or
later or SUN JRE
1.4+
To view certain items in the web console, the computer must have JVM.
Trend Micro
Control Manager
Version 5.5
Use Trend Micro Control Manager 5.5 to
manage IMSVA.
Installing IMSVA 8.2
Installing IMSVA
IMSVA only supports upgrading from IMSVA 8.0. IMSVA supports migrating existing
configuration and policy data from previous InterScan messaging products.
The IMSVA installation process formats your existing system to install IMSVA. The
installation procedure is basically the same for both a Bare Metal and a VMware ESX
virtual machine platform. The Bare Metal installation boots off of the IMSVA
installation DVD to begin the procedure and the VMware installation requires the
creation of a virtual machine before installation.
WARNING! Any existing data or partitions are removed during the installation process. Back up any existing data on the system (if any) before installing
IMSVA.
To install IMSVA:
1.
Start the IMSVA installation:
On a Bare Metal Server
a.
Insert the IMSVA Installation DVD into the DVD drive of the desired server.
b.
Power on the Bare Metal server.
On a VMware ESX Virtual Machine
WARNING!
If you install IMSVA on an ESX server, disable the snapshot feature
for the virtual machine because the snapshot will exhaust hard disk
space.
a.
Create a virtual machine on your VMware ESX server.
b.
Start the virtual machine.
c.
Insert the IMSVA Installation DVD into the virtual DVD drive with any one
of the following methods.
•
Insert the IMSVA Installation DVD into physical DVD drive of the ESX
server, and then connect the virtual DVD drive of the virtual machine to
the physical DVD drive.
4-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
•
Connect the virtual DVD drive of the virtual machine to
IMSVA-8.2.xxxx-86_64.iso file. The
IMSVA-8.2.xxxx-86_64.iso file is available at:
http://www.trendmicro.com/download
d. Restart the virtual machine by clicking VM > Send Ctrl+Alt+Del on the
VMware web console.
For both a VMware ESX Virtual Machine and a Bare Metal Server installations
a page appears displaying IMSVA Installation Menu with the following options:
4-6
•
Install IMSVA: Select this option to install IMSVA onto the new hardware or
virtual machine
•
System Recovery: Select this option to recover an IMSVA system in the event
that the administrative passwords cannot be recovered.
•
System Memory Test: Select this option to perform memory diagnostic tests
to rule out any memory issues
•
Exit Installation: Select this option to exit the installation process and to boot
from the local disk.
Installing IMSVA 8.2
2.
Select Install IMSVA. The license acceptance page appears. From this page, you
can access the readme (Readme button).
4-7
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
3.
4-8
Click Accept to continue. A page appears where you choose the keyboard language.
Installing IMSVA 8.2
4.
Select the keyboard language for the system and then click Next.
5.
Specify the drive or drives IMSVA uses for installation and normal operation and
then click Next.
4-9
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
The IMSVA installer scans your hardware to determine if the minimum
specifications have been met and displays the results as illustrated below. If the host
hardware contains any components that do not meet the minimum specifications,
the installation program will highlight the non-conforming components and the
installation will stop.
4-10
Installing IMSVA 8.2
6.
Click Next. The IMSVA installer detects hard disk drives and displays all available
hard disk drives. At least one drive must be selected for IMSVA installation.
7.
Select the drive(s) for IMSVA installation and then click Next. The Network
Settings screen appears.
4-11
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Note:
4-12
During installation only the default network device (eth0) can be selected. To
use a different ethernet card, use the Configuration Wizard to specify the
ethernet card you want to use, after IMSVA installs.
Installing IMSVA 8.2
The table below describes the information required.
TABLE 4-3.
Network Device Settings
C ONFIGURATION
P ARAMETER
8.
D ESCRIPTION
IPv4 Address
This is the IP address of the IMSVA management
interface. Type in the IP address and appropriate
subnet mask to complete the configuration.
Hostname
Type in the applicable FQDN hostname for this
IMSVA host.
Gateway
Type in the applicable IP address to be used as the
gateway for this IMSVA installation.
Primary DNS
Type in the applicable IP address to be used as the
primary DNS server for this IMSVA installation.
Secondary DNS
Type in the applicable IP address to be used as the
secondary DNS server for this IMSVA installation.
Provide all the information to install IMSVA, and click Next. The NTP settings
screen appears.
4-13
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
9.
Specify the IMSVA server’s time and clock settings
a.
Select the location of the IMSVA server.
b.
Specify whether the server’s system clock uses UTC or GMT by selecting or
clearing the System clock uses UTC checkbox.
10. Click Next. The Account Settings screen appears.
4-14
Installing IMSVA 8.2
11. Specify passwords for the root and enable accounts.
IMSVA uses two different levels of administrator types to secure the system.
The password must be a minimum of 6 characters and a maximum of 32 characters.
Tip:
For the best security, create a highly unique password only known to you. You
can use both upper and lower case alphabetic characters, numerals, and any
special characters found on your keyboard to create your passwords.
•
Root Account: Used to gain access to the operating system shell and has all
rights to the server. This is the most powerful user on the system.
•
Enable Account: Used to gain access to the command line interface's privilege
mode. This account has all rights to execute any CLI command.
4-15
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
•
Admin Account: The default administration account used to access the
IMSVA web and CLI management interfaces. It has all rights to the IMSVA
application, but no access rights to the operating system shell.
As you type the passwords, the password strength meter on the right indicates how
strong the selected password is.
12. Click Next. The Review Settings screen appears.
13. Confirm that the selected values are correct and then click Next. The installation
process prompts you to begin the installation.
Selecting Continue erases any data on the hard disk partition and formats the hard
disk. If you have data on the hard disk that you would like to keep, cancel the
installation and back up the information before proceeding.
14. Click Continue. A screen appears that provides the formatting status of the local
drive for the IMSVA installation. When formatting completes, the IMSVA
installation begins.
4-16
Installing IMSVA 8.2
Once the installation is complete a summary screen appears. The installation log is
saved in the /root/install.log file for reference.
4-17
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
15. Click Reboot to restart the system.
Bare Metal installation:
The DVD automatically ejects. Remove the DVD from the drive to prevent
reinstallation.
Virtual machine installation:
Trend Micro recommends disconnecting the DVD-ROM device from the virtual
machine now that IMSVA is installed.
After IMSVA reboots, the initial CLI login screen appears.
4-18
Installing IMSVA 8.2
FIGURE 4-1.
Note:
The initial CLI login screen
During installation, you may receive the following messages:
for crash kernel (0x0 to 0x0) notwhitin permissible range
powernow-k8: bios error -no psb or acpi_pss objects
Both of these messages are normal. The latter message indicates that the system BIOS
is not reporting or presenting any PSB or ACPI objects or hooks to the Linux kernel.
Either the CPU or BIOS does not support PSB or ACPI objects or hooks, or they are
simply disabled.
16. Log on either in the CLI or in the IMSVA web console to launch IMSVA.
Log on to the CLI shell if you need to perform additional configuration,
troubleshooting, or housekeeping tasks.
4-19
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
4-20
Chapter 5
Upgrading from Previous Versions
This chapter provides instructions on upgrading from previous versions of IMSVA.
Topics include:
•
Upgrading from an Evaluation Version on page 5-2
•
Upgrading from IMSVA 8.0 on page 5-5
•
Migrating From IMSS for Windows on page 5-12
•
Migrating From IMSS for Linux on page 5-13
•
Migrating From IMSVA 8.0 on page 5-14
5-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Upgrading from an Evaluation Version
If you provided an evaluation Activation Code to activate IMSVA previously, you have
started an evaluation period that allows you to try the full functionality of the product.
The evaluation period varies depending on the type of Activation Code used.
Fourteen (14) days prior to the expiry of the evaluation period, IMSVA will display a
warning message on the web management console alerting you of the impending
expiration.
To continue using IMSVA, purchase the full version license for the product. You will
then be provided a new Activation Code.
5-2
Upgrading from Previous Versions
To upgrade from the evaluation version:
1.
Choose Administration > Product Licenses from the menu.
5-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
2.
Click the Enter a new code hyperlink in section for the product or service you
want to activate. The Enter A New Code screen appears.
3.
Type the new Activation Code in the box provided.
Note:
5-4
When you purchase the full licensed version of IMSVA, Trend Micro will send
the new Activation Code to you by email. To prevent mistakes when typing the
Activation Code (in the format xx-xxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx), you
can copy the Activation Code from the email and paste it in the box provided.
4.
Click Activate.
5.
Repeat steps 2 to 5 for all the products or services you want to activate.
Upgrading from Previous Versions
Upgrading from IMSVA 8.0
IMSVA 8.0 can be upgraded as a single device or an entire distributed enviroment can be
upgraded.
Upgrading a Single IMSVA
This upgrade scenario upgrade a single IMSVA 8.0 to version 8.2.
To upgrade a single IMSVA 8.0 to version 8.2:
1.
Backup IMSVA 8.0 to safeguard against any issues that may occur during the
upgrade.
Tip:
IMSVA 8.0 backsup the configuration settings and performs an auto-rollback if
the upgrade is not successful. However Trend Micro recommends backing up
IMSVA 8.0 in one of the following ways, before attempting to upgrade to
IMSVA 8.2:
- Ghost the entire computer where IMSVA 8.0 is installed.
- Clone IMSVA 8.0, if it is installed on a virtual machine.
- Backup the IMSVA 8.0 app_data partition. To perform this task, open the
operating system shell console and run the following commands:
/opt/trend/imss/script/imssctl.sh stop
service crond stop
/opt/trend/imss/script/imssstop.sh
cp –rf -–preserve /var/app_data/*
/var/udisk/app_data_backup/
2.
Download the IMSVA 8.2 upgrade package. For exmaple, IMSVA__1144.tar.gz
and run.sh.
3.
Use the following command in the CLI console to verify theno email messages in
the Postfix queue:
5-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Postqueue –p
4.
Stop all IMSVA services, except the database, using the following commands:
/opt/trend/imss/script/imssctl.sh stop
/opt/trend/imss/script/dbctl.sh start
5.
Navigate to the directory where the upgrade package is stored and type the
following command:
./run.sh
The upgrade script launches and performs a pre-installation check. If the
pre-installation check is not sucessful, installation stops.
The upgrade package reboots IMSVA automatically after it finishes the
pre-installation check.
After rebooting IMSVA, the upgrade package installs IMSVA 8.2.
6.
Once IMSVA 8.2 installation completes, restart IMSVA services from the CLI
console with the following command:
/mnt/backup/upgrade/dry_run.sh
7.
Verify that IMSVA is working correctly after the upgrade.
8.
To roll back to IMSVA 8.0, use the following commands:
/mnt/backup/upgrade/confirm.sh
“no”
9.
If the IMSVA is working correctly after the upgrade, use the following commands
to complete the upgrade:
/mnt/backup/upgrade/confirm.sh
“yes”
If you do not roll back to IMSVA 8.0 within 2 hours, all IMSVA services will stop
automatically. You must then decide to roll back to IMSVA 8.0, or to complete the
upgrade, using the following commands:
/mnt/backup/upgrade/confirm.sh
Type “yes” to compltete the upgrade. Or “no” to roll back.
5-6
Upgrading from Previous Versions
Upgrading a Distributed Environment
IMSVA now supports upgrading an entire distributed deployment. For example, in a
network where IMSVA is being used in a parent-child deployment.
1.
Backup IMSVA 8.0 to safeguard against any issues that may occur during the
upgrade.
Tip:
IMSVA 8.0 backsup the configuration settings and performs an auto-rollback if
the upgrade is not successful. However Trend Micro recommends backing up
IMSVA 8.0 in one of the following ways, before attempting to upgrade to
IMSVA 8.2:
- Ghost the entire computer where IMSVA 8.0 is installed.
- Clone IMSVA 8.0, if it is installed on a virtual machine.
- Backup the IMSVA 8.0 app_data partition. To perform this task, open the
operating system shell console and run the following commands:
/opt/trend/imss/script/imssctl.sh stop
service crond stop
/opt/trend/imss/script/imssstop.sh
cp –rf -–preserve /var/app_data/*
/var/udisk/app_data_backup/
2.
Download the IMSVA 8.2 upgrade package. For exmaple, IMSVA__1144.tar.gz
and run.sh.
3.
Use the following command in the CLI console to verify theno email messages in
the Postfix queue:
Postqueue –p
4.
Stop all IMSVA services, except the database, using the following commands:
/opt/trend/imss/script/imssctl.sh stop
/opt/trend/imss/script/dbctl.sh start
5-7
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
5.
On the Parent IMSVA, navigate to the directory where the upgrade package is
stored and type the following command:
./run.sh
The upgrade script launches and performs a pre-installation check. If the
pre-installation check is not sucessful, installation stops.
The upgrade package reboots IMSVA automatically after it finishes the
pre-installation check.
After rebooting IMSVA, the upgrade package installs IMSVA 8.2.
WARNING! Do not restart IMSVA services after upgrading the Parent IMSVA.
6.
Upgrade all the Child IMSVA one at a time, a few at a time, or all at once.
WARNING! Do not restart IMSVA services until all IMSVA have been upgraded.
If one of the Child IMSVA encounters issues while upgrading, you can unregister
the Child using the CLI, or if you are able to resolve the issue, you can retry the
upgrade.
7.
After upgrading all IMSVA, restart IMSVA services, for each IMSVA, from the CLI
console with the following command:
/mnt/backup/upgrade/dry_run.sh
8.
Verify that each IMSVA is working correctly after the upgrade.
9.
To roll back to IMSVA 8.0, first roll back all Child IMSVA and then the Parent with
the following commands:
/mnt/backup/upgrade/confirm.sh
“no”
10. If the IMSVA is working correctly after the upgrade, use the following commands
to complete the upgrade:
/mnt/backup/upgrade/confirm.sh
“yes”
5-8
Upgrading from Previous Versions
If you do not roll back to IMSVA 8.0 within 2 hours, all IMSVA services will stop
automatically. You must then decide to roll back to IMSVA 8.0, or to complete the
upgrade, using the following commands:
/mnt/backup/upgrade/confirm.sh
Type “yes” to compltete the upgrade. Or “no” to roll back.
Verify the Upgrade Using SSH
To verify the upgrade using SSH:
1.
Use the following command to check the upgrade status:
grep "\[IMSVA Upgrade\]"
/mnt/backup/upgrade_log/imsva-upgrade.log; tail -f --lines=0
/mnt/backup/upgrade_log/imsva-upgrade.log | grep "\[IMSVA
Upgrade\]"
Rolling Back an Upgrade
IMSVA rolls back automatically if there are problems during the upgrade process.
However, if the automatic rollback encounters issues, you need to perform a manual
rollback.
To roll back IMSVA manually:
1.
If you created a ghost image or have a virtual machine image of your original
IMSVA, replace the upgraded image with the original image.
2.
If you backed up the data using "backup app_data":
a.
Start the manual rollback with the following command:
/mnt/backup/upgrade/manual_rollback.sh
b.
Remove the data under /var/app_data.
c.
Copy your backup data to IMSVA, using the following commands:
cp –rf -–preserve /var/udisk/App_data_backup/*
/var/app_data/
d. Reboot IMSVA.
5-9
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Migrating from Previous Versions
IMSVA 8.2 supports migration from previous versions.
Table 5-1 lists the minimum versions that support migration to IMSVA 8.2:
TABLE 5-1. Supported Migration Platform and Versions
P LATFORM
VERSION
IMSS for Linux
• 7.1 Patch 1
IMSS for Windows
• 7.1 Patch 1
IMSVA
• 8.0
Migration Process
The migration process requires the following tasks:
Step 1.
Exporting the settings from previous versions of IMSS or IMSVA
Step 2.
Importing the settings to IMSVA 8.2
To export the settings from previous versions of IMSS or IMSVA:
The following settings do not migrate:
5-10
Upgrading from Previous Versions
TABLE 5-1.
Settings that cannot migrate
S ETTING
S ETTINGS NOT M IGRATED
MTA Settings
IP address of SMTP Interface
Configuration Settings
Database settings (example: Internal file path)
web console password
TMCM settings
Activation Codes
Note: IMSVA 8.0 will migrate the Cloud Pre-Filter
Activation Code to IMSVA 8.2
1.
Click Administration > Import/Export from the IMSS servers or IMSVA to
migrate from. The Import/Export screen appears.
2.
Click Export. The configuration settings export to a package that IMSVA can
import.
To import the settings to IMSVA 8.2:
1.
Perform a fresh installation of IMSVA 8.2.
Tip:
Trend Micro recommends importing configuration packages to a fresh
installation of IMSVA 8.2, because the imported configuration settings
overwrite all existing settings.
2.
Retrieve the configuration package from the IMSS server or IMSVA from which to
migrate.
3.
Click Administration > Import/Export on the IMSVA 8.2 web console. The
Import/Export screen appears.
4.
Import the configuration package.
5-11
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Migrating From IMSS for Windows
For the process to migrate to IMSVA 8.2, see Migration Process on page 5-10.
IMSS 7.1 for Windows Settings that Change
Table 5-2 provides information on all settings for IMSS 7.1 for Windows that change
during migration.
TABLE 5-2. IMSS 7.1 for Windows settings that change
S ETTING
Email Reputation
C HANGE
• During migration IMSVA 8.2 changes all
customized actions to Default intelligent action,
unless the customized action is Connection
rejected with in which case the setting remains
unchanged.
Transport Layer
Security (TLS)
• Enable TLS on messages entering IMSS
changes to the following in IMSVA 8.2:
Enable incoming Transport Layer Security
• Server Certificate settings are contained in the
Private key key.pem and SMTP server
certifcation cert.pem in IMSVA 8.2
• Trusted CA Certificate settings do not migrate.
The settings must be retrieved from the IMSS 7.1
for Windows console and applied manually to the
postfix settings.
• The TLS IP Address/Domain List does not
migrate.
• All TLS Messages Exiting IMSS settings, except
for the status, do not migrate. The status migrates
to Enable outgoing Transport Layer Security.
5-12
Upgrading from Previous Versions
TABLE 5-2. IMSS 7.1 for Windows settings that change
S ETTING
C HANGE
Domain-Based Delivery
• Default Delivery with Smart Host set, changes
to * smtp:[IP]:port
• If several Smart Hosts of a Domain were set,
only the first Smart Host in the list migrates to
IMSVA 8.2
Message Rule settings
The maximum date size/messages per connection
settings are reduced.
Other settings
The following Administration > Connections >
Components internal ports do not migrate:
• IMSS manager port
• Policy service port
Notifications
• Free disk space on any scanner less than
changes to the following in IMSVA 8.2:
Data partition on free space on any host less
than
Policy migration
The BATV rule and all related settings do not migrate.
Migrating From IMSS for Linux
For the process to migrate to IMSVA 8.2, see Migration Process on page 5-10.
IMSS 7.1 for Linux Settings that Change
Table 5-3 provides information on all settings for IMSS 7.1 for Linux that change during
migration.
5-13
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 5-3. IMSS 7.1 for Linux settings that change
S ETTING
Notifications
C HANGE
The Administration > Notifications > Events notification:
Free disk space on any scanner less than
changes to:
Data partition free space on any host is less than
Migrating From IMSVA 8.0
For the process to migrate to IMSVA 8.2, see Migration Process on page 5-10.
IMSVA 8.0 Settings that Change
All IMSVA 8.0 settings migrate to IMSVA 8.2.
5-14
Chapter 6
Troubleshooting, FAQ, and Support
Information
This chapter explains how to troubleshoot common IMSVA issues, search the Trend
Micro Knowledge Base, and contact support.
Topics include:
•
Troubleshooting on page 6-2
•
Using the Knowledge Base on page 6-5
•
Contacting Support on page 6-6
6-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Troubleshooting
Table 6-1 shows common issues that you might encounter when installing IMSVA. If
you have additional problems, check the Trend Micro Knowledge Base.
For troubleshooting and FAQ information pertaining to the administration or
maintenance of IMSVA, refer to the IMSVA Administrator’s Guide.
Troubleshooting Utilities
Use the following troubleshooting-related utilities and commands with caution. Trend
Micro recommends contacting your support provider before modifying any internal
IMSVA files.
•
Firewall setting check:
iptables -nvxL
•
PostgreSQL command line tool:
/opt/trend/imss/PostgreSQL/bin/psql -U sa -d imss
•
•
6-2
cdt (password: “trend”)—Collect the following information:
•
Configuration information
•
Logs
•
Core dumps
Other utilities:
•
pstack—shows the callstack of the process, including all threads
•
ipcs—lists all IPCs in the current system
•
gdb—the debugger
•
tcpdump—sniffs network packages
•
netstat—lists current network connection
Troubleshooting, FAQ, and Support Information
TABLE 6-1.
Installation Troubleshooting issues
I SSUE
S UGGESTED R ESOLUTION
Devices in a group
cannot communicate
If several IMSVA devices are deployed in a group, they
must communicate with each other. Verify that the following ports are accessible on all devices:
•
•
•
•
•
•
5060: Policy service
15505: IMSVA control service
53 UDP/TCP: IP Profiler
5432: Database service
8009: EUQ internal service
389: LDAP local cache service
Also, verify the following:
• The current firewall settings in “iptables”.
• The firewall configuration files in /etc/conf/fw.rules.
• The table “tb_trusted_ip_list” in the database has the
IP addresses of the correct devices. The IP address
of any other devices trying to access this device must
be in this list.
Also, verify that all the necessary port IMSVA uses are
accessible for the relevant services.
6-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
TABLE 6-1.
Installation Troubleshooting issues
I SSUE
S UGGESTED R ESOLUTION
Child device has
trouble registering to a parent
Do the following:
1. Open the parent device’s Web console and choose
Administration > IMSVA Configuration >
Connections > Child IP.
2. Verify that the IP address of the child is on the Child
IP Address List.
3. In the Configuration Wizard, verify that Child is
selected for the device role.
4. Verify that the Admin Database is accessible.
5. Unregister the MCP agent (if MCP agent is enabled).
6. Verify that no other child device registered to the
parent has the same IP address as the device you are
trying to register.
7. Remove all the logs and quarantined messages.
8. Change the configuration and restart the services.
The parent device Web console (in the Configuration
Wizard) makes the initial request. If you encounter any
registration issues, run the following command to get the
error message from the console:
/opt/trend/imss/script/cfgtool.sh reg IPADDR sa
postgreSQL
6-4
Troubleshooting, FAQ, and Support Information
TABLE 6-1.
Installation Troubleshooting issues
I SSUE
S UGGESTED R ESOLUTION
Child device has
trouble unregistering from the parent
Do the following:
1. Connect to the child device through the command line
interface.
2. Check whether the Admin Database is accessible. If
yes, remove the child device from the Child IP list on
the parent Web console and update the trusted child
list.
3. Rescue the device, which will forcibly unregister it
from the parent.
4. Update the patches.
To verify that a child is unregistered from its parent, try to
access the Web console on the child device. If the console is accessible, the device is successfully unregistered.
You can also run the following command:
/opt/trend/imss/script/cfgtool.sh dereg
Using the Knowledge Base
The Trend Micro Knowledge Base, maintained at the Trend Micro website, has the most
up-to-date answers to product questions. You can also use the Knowledge Base to
submit a question if you cannot find the answer in the product documentation. Access
the Knowledge Base at:
http://esupport.trendmicro.com
The contents of the Knowledge Base are being continuously updated, and new solutions
are added daily. If you are unable to find an answer, however, you can describe the
problem in an email and send it directly to a Trend Micro support engineer who will
investigate the issue and respond as soon as possible.
6-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Contacting Support
Trend Micro provides technical support, virus pattern downloads, and program updates
for one year to all registered users, after which you must purchase renewal maintenance.
If you need help or just have a question, feel free to contact us. We also welcome your
comments.
Trend Micro Incorporated provides worldwide support to all of our registered users.
Get a list of the worldwide support offices:
http://www.trendmicro.com/support
Get the latest Trend Micro product documentation:
http://docs.trendmicro.com
In the United States, you can reach the Trend Micro representatives by phone, fax, or
email:
Trend Micro, Inc.
10101 North De Anza Blvd.
Cupertino, CA 95014
Toll free: +1 (800) 228-5651 (sales)
Voice: +1 (408) 257-1500 (main)
Fax: +1 (408) 257-2003
Web address: www.trendmicro.com
Email address: support@trendmicro.com
6-6
Appendix A
Creating a New Virtual Machine Under
VMware ESX for IMSVA
This appendix describes how to create a new virtual machine for IMSVA.
Topics include:
•
Creating a New Virtual Machine on page A-2
A-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Creating a New Virtual Machine
The actual installation of ESX 4.1/4.0 is not covered in this document. Please refer to
VMware's product documentation to install this product.
The steps outlined below detail the process to create a new virtual machine under
VMware ESX to install IMSVA. Please use the following steps as a guideline for creating
the virtual machine for your environment. The number of CPUs, NIC cards, memory
and hard disk space selected should reflect the requirements for your deployment. The
values entered here are for instructional purposes.
To create the virtual machine:
1.
From the menu bar, select File > New > Virtual Machine. The New Virtual
Machine Wizard appears.
FIGURE A-1.
A-2
Virtual Machine Configuration
2.
Under Virtual Machine Configuration, leave the Typical radio button selected.
3.
Click Next. The Name and Location screen appears.
Creating a New Virtual Machine Under VMware ESX for IMSVA
FIGURE A-2.
4.
Select a Name and Location for this Virtual Machine
In the Name field, type an appropriate machine name and then click Next. The
Datastore screen appears.
A-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
FIGURE A-3.
A-4
Virtual Machine Datastore
5.
Select the datastore where the virtual machine will reside.
6.
Click Next. The Virtual Machine Version screen appears.
Creating a New Virtual Machine Under VMware ESX for IMSVA
7.
Specify the virtual machine version to use.
8.
Click Next. The Guest Operating System screen appears.
A-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
FIGURE A-4.
9.
Virtual Machine Guest Operating System
For the guest operating system, select Linux > Other Linux (64-bit).
10. Click Next. The CPUs screen appears.
A-6
Creating a New Virtual Machine Under VMware ESX for IMSVA
FIGURE A-5.
Virtual Machine CPU
11. Select the number of processors for the virtual machine. IMSVA takes advantage of
the Virtual SMP, so select the maximum number of virtual processors available .
12. Click Next. The Memory screen appears.
A-7
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
FIGURE A-6.
Virtual Machine Memory
13. Allocate 4096MB of memory as a minimum for IMSVA.
Tip:
For improved performance, Trend Micro recommends at least 8192MB of
RAM.
14. Click Next. The Network screen appears.
A-8
Creating a New Virtual Machine Under VMware ESX for IMSVA
FIGURE A-7.
Virtual Machine Network
15. Accept the default network settings.
16. Click Next. The SCSI Controller screen appears.
A-9
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
17. Select LSI Logic Parallel.
18. Click Next. The Select a Disk screen appears.
A-10
Creating a New Virtual Machine Under VMware ESX for IMSVA
19. Select Create a new virtual disk.
20. Click Next. The Create a Disk screen appears.
A-11
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
FIGURE A-8.
Virtual Disk Capacity
21. Specify at least 120GB of disk space. IMSVA requires at least 120GB disk space.
See System Requirements on page 4-2 for more information on disk space
allocation.
Tip: Trend Micro recommends 250GB or more of disk space for message quarantine and
logging purposes.
22. Click Next. The Advanced Options screen appears.
A-12
Creating a New Virtual Machine Under VMware ESX for IMSVA
23. Specify the advanced options if required. Usually these options do not need to be
changed.
24. Click Next. The Ready to Complete screen appears.
A-13
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
FIGURE A-9.
Ready to Complete
25. Click Continue. If you want to modify the system component settings, check the
Edit the virtual machine settings before submitting check box and then click
Continue.
26. Verify your settings and then click Finish. The new Virtual Machine is now ready
and configured to be powered on and begin the installation process.
A-14
Appendix B
Creating a New Virtual Machine Under
Microsoft Hyper-V for IMSVA
This appendix describes how to create a new virtual machine for IMSVA under
Microsoft Hyper-V.
Topics include:
•
Understanding Hyper-V Installation on page B-2
•
Installing IMSVA on Microsoft Hyper-V on page B-2
•
Using Para-Virtualization Mode on page B-18
B-1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Understanding Hyper-V Installation
IMSVA supports installation on Microsoft Hyper-V based virtual platforms. This
appendix provides step-by-step instructions to install IMSVA on Hyper-V based virtual
machines. The actual installation of Hyper-V is not covered in this document. Refer to
Microsoft product documentation to install Hyper-V. The procedure outlined in this
appendix describes how to install IMSVA on a Windows 2008 Server R2 Hyper-V
server.
IMSVA Support for Hyper-V
IMSVA only supports Hyper-V on Windows Server 2008 R2 and Windows Server 2008
R2 with SP1 or later.
Hyper-V Virtualization Modes
Hyper-V provides two virtualization modes that support IMSVA:
•
Full-virtualization
•
Para-virtualization
Tip: Trend Micro recommends installing IMSVA in para-virtualization mode. This allows
IMSVA to achieve much higher throughput performance and supports enterprise
networking environments. IMSVA provides the necessary integrated Hyper-V drivers to
support the installation under Hyper-V as a para-virtualization virtual machine.
Installing IMSVA on Microsoft Hyper-V
Use the following steps as a guideline for creating a virtual machine for your
environment. The number of CPUs, NIC cards, memory, and hard disk space selected
should reflect the requirements for your deployment. The values provided are for
instructional purposes.
B-2
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
Note:
Creating a New Virtual Machine on page B-7 only covers installing IMSVA on
Hyper-V in full-virtualization mode. Using Para-Virtualization Mode on page B-18
describes how to convert full-virtualization to para-virtualization.
Creating a Virtual Network Assignment
To create a virtual network assignment:
1.
From the Hyper-V Server Manager menu, right-click Hyper-V Manager. A menu
appears.
FIGURE B-1.
Connect to Server
B-3
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
2.
Select Connect to Server. A dialog box appears prompting you to select the
location of the virtualization server that you want to connect to.
FIGURE B-2.
3.
Specify the location of the virtualization server and click OK.
4.
Right-click the Windows 2008 R2 server and select Virtual Network Manager.
FIGURE B-3.
B-4
Location of Virtualization Server
Select Virtual Network Manager
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
5.
Create a new virtual network by select ing External from the list of options and
clicking Add.
FIGURE B-4.
6.
Adding the “External” Virtual Network
From the External drop-down menu, select the physical network adaptor you want
to connect to.
B-5
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
Note:
The physical adaptor must be connected to the network and have access to the
corporate network and the Internet.
FIGURE B-5.
B-6
Physical Network Adaptor Selection
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
Creating a New Virtual Machine
To create a new virtual machine:
1.
From the Hyper-V Server Manager menu, right-click the Windows 2008 R2
server, and select New > Virtual Machine. The New Virtual Machine Wizard
appears.
FIGURE B-6.
New Virtual Machine Wizard
B-7
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
2.
Click Next. The Specify Name and Location screen appears.
FIGURE B-7.
3.
B-8
Specify Name and Location
In the Name field, type a meaningful machine name. If you plan to store the virtual
machine to another folder, select Store the virtual machine in a different
location and provide the correct location.
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
4.
Click Next. The Assign Memory screen appears.
FIGURE B-8.
5.
Assign Memory
Allocate at least 4096MB of memory for IMSVA.
Tip:
Trend Micro recommends allocating 8192MB of RAM.
B-9
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
6.
Click Next. The Configure Networking screen appears.
FIGURE B-9.
7.
B-10
Configure Networking
Keep the default network settings Not Connected.
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
8.
Click Next. The Connect Virtual Hard Disk screen appears.
FIGURE B-10. Connect the Virtual Hard Disk
9.
Specify at least 120GB disk space for IMSVA.
Tip:
Trend Micro recommends 250GB or more of disk space for message quarantine
and logging purposes.
B-11
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
10. Specify a location to store the virtual hard disk, and click Next. The Installation
Options screen appears.
FIGURE B-11. Installation Options
B-12
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
11. Keep the default setting Install an operating system later, and click Next. The
Completing the New Virtual Machine Wizard screen appears.
FIGURE B-12. Completing the New Virtual Machine Wizard
12. Verify your settings and click Finish. Some manual configuration is still required.
13. Right-click your new Virtual Machine, and select Settings. The Settings for test
screen appears.
B-13
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
14. Click Add Hardware, and select Legacy Network Adapter.
FIGURE B-13. Add Hardware: Legacy Network Adapter
15. Choose the correct virtual network adapter.
B-14
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
16. Click OK.
FIGURE B-14. Configure Legacy Network Adapter
17. Remove the Network Adapter from the Hardware list.
B-15
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
18. Click OK.
FIGURE B-15. Remove Network Adapter
19. Select the image file for IMSVA from the DVD Drive in the Hardware list.
B-16
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
20. Click OK.
FIGURE B-16. Add Image file into DVD Drive
B-17
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
The virtual machine is now ready to be powered on to begin the installation
process.
FIGURE B-17. IMSVA installed on a Hyper-V virtual machine
Using Para-Virtualization Mode
If IMSVA has been installed on a Hyper-V virtual machine with Full-Virtualization
Mode, you can enable the appropriate drivers to make IMSVA enter Para-Virtualization
Mode.
Tip: Trend Micro recommends using IMSVA in Para-Virtualization Mode. This allows
IMSVA to achieve much higher throughput performance and supports enterprise
networking environments. IMSVA provides the necessary integrated Hyper-V drivers to
support the installation under Hyper-V as a para-virtualization virtual machine.
B-18
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
To enter Para-Virtualization Mode:
1.
Open the CLI console and backup your current network configuration.
2.
Enable Hyper-V Para-Virtualization drivers using the following commands:
[root@imsva8 ~]# enable-hyperv.sh
Backing up /boot/initrd-2.6.18-128.1.OpenVA.2.0.1020.img to
/boot/initrd-2.6.18-128.1.OpenVA.2.0.1020.img.backup0
Done. Updated /boot/initrd-2.6.18-128.1.OpenVA.2.0.1020.img
Done.
Checking for new synthetic nics…
Hyper-V Driver Installation finished.
FIGURE B-18. Move to Para-Virtualization Mode
B-19
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
3.
Shut down IMSVA:
[root@imsva82 ~]# poweroff
4.
Reconfigure the Virtual Network Adapter on the Virtual Machine Settings screen.
•
Remove the Network Adapter
•
Add a network adapter with the correct virtual network adapter.
FIGURE B-19. Change Network Adapter
B-20
Creating a New Virtual Machine Under Microsoft Hyper-V for IMSVA
5.
Power on the virtual machine. Open the CLI console and reconfigure the network
configuration. The virtual machine is now in Para-Virtualization Mode.
B-21
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
B-22
Index
Index
A
about IMSVA 1-2
agent
Control Manager MCP 1-13
audience xxvi
C
contact
support 6-6
Control Manager
about 1-13
Control Manager MCP agent 1-13
CPU requirements 4-2
D
disk space requirements 4-2
documentation
IMSVA related xxvi
E
Email reputation
about 2-4
how it works 2-6
types 2-4
email threats
spam 1-5
unproductive messages 1-5
before a firewall 3-9
behind a firewall 3-10
in the DMZ 3-11
no firewall 3-9
Internal Communication Port 3-13
IP Filtering
about 2-3
IP Profiler
about 2-3
detects 2-3
how it works 2-4
K
Knowledge Base 6-5
M
mass mailing viruses
pattern 1-7
memory requirements 4-2
migrate
from IMSA or IMSVA 5-14
from IMSS for Linux 5-13
from IMSS for Windows 5-12
migration process 5-10
minimum requirements 4-2
N
new features P-xxii
O
online help xxvi
F
P
filtering, how it works 1-8
pattern matching 1-3
POP3
deployment planning 3-14
Pre-Filter P-xxiii
Pre-Filter Service 2-2
H
hardware requirements 4-3
I
IMSVA
about 1-2
install 4-5
installing
R
readme file xxvi
requirements 4-2
1
Trend Micro™ InterScan™ Messaging Security Virtual Appliance Installation Guide
S
spyware and grayware 1-12
support 6-6
system requirements 4-2
T
TMCM
about 1-13
Trend Micro Knowledge Base 6-5
troubleshooting 6-2
V
virtual machine
create A-2
W
what’s new P-xxii
2
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising