E-mail Scanner for MS Exchange Server 2007/2010. AVG 2011 Email Server Edition, EMAIL SERVER EDITION 2011 - REV 2011.01
Below you will find brief information for email server software 2011 Email Server Edition. This manual provides comprehensive documentation for AVG Email Server Edition 2011, and guides users on installation, configuration, and specific features. The manual covers various aspects, including system requirements, supported email servers, and hardware configurations. It provides detailed instructions on installing AVG on your computer and activating your license.
Advertisement
Advertisement
4. E-mail Scanner for MS Exchange Server 2007/2010
4.1. Overview
The AVG for MS Exchange Server 2007/2010 configuration options are fully integrated within the AVG Email Server Edition 2011 as server components.
Basic overview of the individual server components:
·
Anti-Spam - Anti-Spam Server for MS Exchange
Checks all incoming e-mail messages and marks unwanted e-mails as SPAM. It uses several analyzing methods to process each e-mail message, offering maximum possible protection against unwanted e-mail messages.
·
EMS (routing) - E-mail Scanner for MS Exchange (routing Transport Agent)
Checks all incoming, outgoing and internal e-mail messages going through the MS
Exchange HUB role.
Available for MS Exchange 2007/2010 and can be installed for HUB role only.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
1 3
·
EMS (SMTP) - E-mail Scanner for MS Exchange (SMTP Transport Agent)
Checks all e-mail messages coming through the MS Exchange SMTP interface.
Available for MS Exchange 2007/2010 only and can be installed for both EDGE and HUB roles.
EMS (VSAPI) - E-mail Scanner for MS Exchange (VSAPI)
·
Checks all e-mail messages stored in user mailboxes. If any viruses are detected, they are moved to the Virus Vault, or completely removed.
Important note: If you decided to install and use VSAPI in combination with routing
Transport agent on a Hub Exchange role, your e-mail messages will be scanned twice.
To avoid this, please review the
Technical notice chapter below for more details.
Double-click a required component to open its interface. With the exception of Anti-
Spam, all the components share the following common control buttons and links:
· Scan Results
Opens a new dialog where you can review scan results:
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
1 4
Here you can check messages divided into several tabs according to their severity. See configuration of individual components for amending the severity and reporting.
By default there are displayed only results for the last two days. You can change the displayed period by amending the following options: o Show last - insert preferred days and hours.
o o
Show selection - choose a custom time and date interval.
Show all - Displays results for the whole time period.
·
Use Refresh button to reload the results.
Refresh statistical values - updates stats displayed above.
· Reset statistical values - resets all the stats to zero.
The working buttons are as follows:
·
·
Settings - use this button to open settings of the component.
Back - press this button to return to the Server components overview.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
1 5
You will find more information on individual settings of all components in the chapters below.
4.2. E-mail Scanner for MS Exchange (routing TA)
To open the settings of E-mail Scanner for MS Exchange (routing transport agent)
, select the Settings button from the interface of the component.
From the Server components list select the E-mail Scanner for MS Exchange
(routing TA) item:
The Basic Settings section contains the following options:
· Enable component - uncheck to disable the whole component.
·
·
Language - select preferred component language.
Certify messages - check this if you wish to add a certification note to all scanned messages. You can customize the message in the next field.
The Logging settings section:
· Log file size - choose a preferred size of the log file. Default value: 100 MB.
The Scanning properties section:
· Use Heuristics - check this box to enable heuristic analysis method during
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
1 6
·
· scanning.
Report Potentially Unwanted Programs and Spyware threats - check this option to report the presence of potentially unwanted programs and spyware.
Report enhanced set of Potentially Unwanted Programs - check to detect extended package of spyware: programs that are perfectly ok and harmless when acquired from the manufacturer directly, but can be misused for malicious purposes later, or programs that always harmless but might be unwanted
(various toolbars etc.). This is an additional measure that increases your computer security and comfort even more, however it can possibly block legal programs, and is therefore switched off by default. Note: This detection feature is additional to the previous option, so if you want protection from the basic types of spyware, always keep the previous box checked.
· Scan inside archives - check this option to let the scanner look also inside archived files (zip, rar, etc.)
The E-mail attachments reporting section allows you to choose which items should be reported during scanning. If checked, each e-mail with such an item will contain
[INFORMATION] tag in the message subject. This is the default configuration which can be easily amended in the Detection actions section, part Information (see below).
The following options are available:
· Report password protected archives
·
·
Report password protected documents
Report files containing macro
· Report hidden extensions
There are also these sub-items available in the following tree structure:
·
·
4.3. E-mail Scanner for MS Exchange (SMTP TA)
The configuration for the E-mail Scanner for MS Exchange (SMTP Transport Agent) is exactly the same as in the case of routing transport agent. For more information please see the
E-mail Scanner for MS Exchange (routing TA)
chapter above.
There are also these sub-items available in the following tree structure:
·
·
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
1 7
4.4. E-mail Scanner for MS Exchange (VSAPI)
This item contains settings of the E-mail Scanner for MS Exchange (VSAPI).
The Basic Settings section contains the following options:
· Enable component - uncheck to disable the whole component.
· Language - select preferred component language.
The Logging settings section:
· Log file size - choose a preferred size of the log file. Default value: 100 MB.
The Scan settings section:
· Background Scan – you can enable or disable the background scanning process here. Background scanning is one of the features of the VSAPI 2.0/2.5
application interface. It provides threaded scanning of the Exchange Messaging
Databases. Whenever an item that has not been scanned with the latest AVG virus base update is encountered in the users’ mailbox folders, it is submitted to
AVG for Exchange Server to be scanned. Scanning and searching for the not examined objects runs in parallel.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
1 8
·
A specific low priority thread is used for each database, which guarantees other tasks (e.g. e-mail messages storage in the Microsoft Exchange database) are always carried out preferentially.
Proactive Scan (incoming messages)
You can enable or disable the proactive scanning function of VSAPI 2.0/2.5 here.
This scanning occurs when an item is delivered to a folder, but a request has not been made by a client.
As soon as messages are submitted to the Exchange store, they enter the global scanning queue as low priority (maximum of 30 items). They are scanned on the first in, first out (FIFO) basis. If an item is accessed while still in the queue, it is changed to high priority.
Note: Overflow messages will continue to the store unscanned.
Note: Even if you disable both Background Scan and Proactive Scan options, the on access scanner will be still active when an user will try to download a message with the MS Outlook client.
·
·
Scan RTF - you can specify here, whether the RTF file type should be scanned or not.
Number of Scanning Threads - the scanning process is threaded by default to increase the overall scanning performance by a certain level of parallelism. You can change the threads count here.
The default number of threads is computed as 2 times the
‘number_of_processors’ + 1.
The minimum number of threads is computed as ('number of processors'+1) divided by 2.
The maximum number of threads is computed as 'Number of Processors' multiplied by 5 + 1.
If the value is the minimum or lesser value or the maximum or greater, the default value is used.
· Scan Timeout - the maximum continuous interval (in seconds) for one thread to access the message that is being scanned (the default value is 180 seconds).
The Scanning properties section:
·
·
·
Use Heuristics - check this box to enable heuristic analysis method during scanning.
Report Potentially Unwanted Programs and Spyware threats - check this option to report the presence of potentially unwanted programs and spyware.
Report enhanced set of Potentially Unwanted Programs - check to detect extended package of spyware: programs that are perfectly ok and harmless
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
1 9
when acquired from the manufacturer directly, but can be misused for malicious purposes later, or programs that always harmless but might be unwanted
(various toolbars etc.). This is an additional measure that increases your computer security and comfort even more, however it can possibly block legal programs, and is therefore switched off by default. Note: This detection feature is additional to the previous option, so if you want protection from the basic types of spyware, always keep the previous box checked.
· Scan inside archives - check this option to let the scanner look also inside archived files (zip, rar, etc.)
The E-mail attachments reporting section allows you to choose which items should be reported during scanning. The default configuration can be easily amended in the
Detection actions section, part Information (see below).
The following options are available:
· Report password protected archives
·
·
Report password protected documents
Report files containing macro
· Report hidden extensions
Generally, some of these features are user extensions of the Microsoft VSAPI 2.0/2.5
application interface services. For the detailed information on the VSAPI 2.0/2.5 please refer to the following links (and also the links accessible from the referenced ones):
· http://support.microsoft.com/default.aspx?scid=kb;enus;328841&Product=exch2k - for information on Exchange and antivirus software interaction
· http://support.microsoft.com/default.aspx?scid=kb;en-us;823166 for information on additional VSAPI 2.5 features in Exchange 2003 Server application.
There are also these sub-items available in the following tree structure:
·
·
4.5. Technical Notice
This information relates to situation when you install and use both VSAPI and routing
Transport Agent on a Hub Exchange role. In such case, your e-mail messages will be scanned twice (first by the VSAPI on-access scanner and then by the routing
Transport Agent).
Due to the way the VSAPI interface works, there might occur some inconsistencies in scanning results as well as unnecessary load. Therefore, to avoid duplicated scanning,
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 0
we recommend a small fix (see below) to resolve this issue instantly.
Note: Adjusting registry is advised only to experienced users. We recommend that before you edit the registry, you back up the registry and understand how to restore it if a problem occurs.
Open the Registry editor (Windows menu Start/Run, type in regedit and press enter). Navigate to the following branch:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\Vi rusScan
Right-click in the right part of the window and from the context menu select New/
DWORD (32-bit) value. Name the new value TransportExclusion. Double click it once created and change its value to 1.
And finally, to apply the change to the MS Exchange server, you need to set
ReloadNow value to 1. Do so by double clicking it and changing its value.
This way you will disable the outgoing scanning by VSAPI On-access scanner. The change should be active within a few minutes.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 1
4.6. Detection Actions
In the Detection actions sub-item you can choose automatic actions that should take place during the scanning process.
The actions are available for the following items:
· Infections
·
·
PUP (Potentially Unwanted Programs)
Warnings
· Information
Use the roll-down menu to choose an action for each item:
·
·
·
None - no action will be taken.
Move to Vault - the given threat will be moved to Virus Vault.
Remove - the given threat will be removed.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 2
To select a custom subject text for messages that contain the given item/threat, check the Mark subject with... box and fill-in a preferred value.
Note: The last mentioned feature is not available for E-mail Scanner for MS Exchange
VSAPI.
4.7. Mail Filtering
In the Mail Filtering sub-item you can choose which attachments should be automatically removed, if any. The following options are available:
·
·
Remove attachments - check this box to enable the feature.
Remove all executable files - removes all executables.
·
·
Remove all documents - removes all document files.
Remove files with these comma separated extensions - fill the box with file extensions you wish to automatically remove. Separate the extensions with comma.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 3
Advertisement
Key features
- E-mail scanning
- Anti-Spam protection
- Virus detection
- Heuristic analysis
- Multiple server support
- Virus Vault
- Background scan
- Proactive scan