Microsoft Antigen for SMTP Gateways Quick Start Guide

Microsoft Antigen for SMTP Gateways Version 9

Microsoft Corporation

Published: February 2008

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft Corporation may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft Corporation, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2007 Microsoft Corporation. All rights reserved.

Microsoft, Outlook, SharePoint, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

Review the "Microsoft Antigen Privacy Statement" at the Microsoft Antigen Web site.

Contents

Introducing Microsoft Antigen for SMTP Gateways

Installing Microsoft Antigen for SMTP Gateways

System requirements

Installing on a local server

Other installations

Antigen Services

AntigenService

Securing AntigenService from unauthorized use

Antigen Administrator

Connecting to a local server

Antigen Administrator overview

General Options

Configuring scanner updates

Scheduling an update

SMTP Scan Job

Configuring the SMTP Scan Job

Configuring antivirus settings for the SMTP Scan Job

Controlling the SMTP Scan Job

Additional features

Introducing Microsoft Antigen for SMTP Gateways

Microsoft® Antigen for SMTP Gateways Version 9 provides complete protection for Microsoft Simple Mail Transfer Protocol (SMTP) services running on the Windows Server® 2003 or Microsoft Windows® 2000 Server operating system. It is designed to eliminate the infiltration of viruses into your environment as well as provide file and content filtering to control unwanted message traffic and proactively block viruses before they have been identified by virus labs.

Antigen for SMTP Gateways provides keyword message body filtering, mailhost filtering with real-time block list (RBL) integration, and enhanced file and content filtering that includes filter lists to help administrators manage large groups of filters.

Antigen for SMTP Gateways also supports the optional Antigen Spam Manager. This add-in module helps administrators minimize the number of spam e-mail messages that enter their messaging environments.

The Antigen Spam Manager enhances Antigen for SMTP Gateways content filtering by providing:

Support for the Mail-Filters SpamCure anti-spam engine.

Support for Microsoft Exchange Server 2003 anti-spam features.

Identify: Tag Message options for suspected spam message tracking and identification.

Keyword filter options.

Junk Mail folders for Microsoft Outlook® users.

Antigen for SMTP Gateways also integrates with the Antigen Enterprise Manager. The Antigen Enterprise Manager provides administrators with central installation and reporting functionality and central administration of Antigen for SMTP Gateways on all servers in their environment.

This Quick Start Guide will help you install and start using Antigen for SMTP Gateways in a basic environment. For more detailed information about the included topics, and for additional topics not covered in this guide, see the "Microsoft Antigen for SMTP Gateways User Guide" at the Microsoft Antigen TechNet Library.

Installing Microsoft Antigen for SMTP Gateways

Installing Antigen for SMTP Gateways is a straightforward process. Antigen for SMTP Gateways supports local and remote installations on computers running the Windows Server 2003 and Windows 2000 Server operating systems.

Antigen for SMTP Gateways Setup wizards can be used to install the product to a local SMTP server, to a remote SMTP server, or as an Administrator Only installation to a local workstation. You must have administrator rights to the computer on which you are installing Antigen for SMTP Gateways.

System requirements

The following are the minimum server and workstation requirements for Antigen for SMTP Gateways.

Minimum server requirements

The following are minimum server requirements:

Windows 2000 Server Service Pack 4 (SP4) Update Rollup 1 or Windows 2000 Advanced Server SP4 Update Rollup 1

Note:

Windows Server 2003 is also supported. Antigen for SMTP Gateways is supported only on 32-bit environments.

1gigabyte (GB) of free memory

Note:

With each additional licensed scan engine, more memory is needed for each scanning process.

2 GB of available disk space

Intel processor, 1 gigahertz (GHz)

Microsoft Data Access Components (MDAC) 2.7

Microsoft Jet 4.0 Service Pack 3 (SP3)

Microsoft XML Core Services (MSXML) 6.0

Internet Information Services (IIS) 5.0 with SMTP Service installed

Windows messaging

Note:

Windows messaging provides the MAPI interface to ensure the proper parsing of message bodies in .msg files or TNEF-encoded messages. (You may install Outlook on the server to provide the required functionality.)

Minimum workstation requirements

The following are minimum workstation requirements:

Windows 2000 Professional or Windows XP

Note:

Windows Server 2003 and Windows Vista® are also supported.

6 MB of available memory

10 MB of available disk space

Intel processor

Installing on a local server

To locally install Antigen for SMTP Gateways on an SMTP server, you must log on to the local computer using an account that has administrator rights. This step is necessary for Setup to perform service registration.

To install Antigen for SMTP Gateways on a local server

1.Run Setup.exe from the directory containing the Antigen for SMTP Gateways installation files.
2.Follow the initial setup dialog boxes until you are prompted by the Installation Location dialog box. Select Local Installation and click Next.
3.In the Installation Type dialog box, select Server - Admin console and scanner components and click Next.
4.Setup checks whether you have the correct version of the Windows Update Agent:
If you do not have the correct version, at the end of the installation, you are directed to the Microsoft Update Web site to upgrade manually.
If you have the correct version, Setup then checks if Microsoft Update is enabled. If Microsoft Update is not enabled, the Use Microsoft Update dialog box appears where you can enable it.
5.In the Quarantine Security Settings dialog box, select the desired setting and click Next. Select one of the following:
Secure Mode is the default and when the value is set to this mode, all messages and attachments delivered from Quarantine will be scanned again for viruses and filter matches.
Compatibility Mode allows messages and attachments to be delivered from Quarantine without being scanned for filter matches. (Messages and attachments are always scanned for viruses.) Antigen for SMTP Gateways identifies these messages by placing special tag text in the subject line of all messages that are delivered from Quarantine.
6.In the Engine Updates Required dialog box, read the warning about engine updates and proxy information, and then click Next.
7.In the Choose Destination Location dialog box, either accept the default destination folder for the product, or click Browse to select a different one. The default location is:
Program Files\Microsoft Antigen for SMTP
8.In the Select Program Folder dialog box, choose a program folder for Antigen for SMTP Gateways. The default location is:
Microsoft Antigen for SMTP
9.In the Start Copying Files dialog box, review the data. If any changes have to be made, use the Back button to navigate to the page to be changed. Otherwise, click Next to begin the installation. You will see a progress bar indicating that the files are being copied.
10.After installation is complete, you can start or restart the SMTP services, depending on whether they were stopped or running when the installation began. For a clean installation, the services were probably still running and need to be recycled. If you are reinstalling the product, the services had to be stopped before Antigen for SMTP Gateways could be uninstalled. In the Start SMTP Services dialog box, you can start the SMTP services automatically so that Antigen for SMTP Gateways can become active. Click Next to have Setup perform this step, or click Skip to manually perform this step at a later time. Until the SMTP services have been started or restarted, Antigen for SMTP Gateways cannot scan mail.
11.Depending on whether the SMTP services are being started or restarted (that is, you clicked Next in the prior dialog box), the Starting SMTP Services dialog box appears. Wait until the status changes to All services started before clicking Next to continue.
12.In the InstallShield Wizard Complete dialog box, you can optionally select to View the README file before clicking Finish. If you do not have the correct version of the Windows Update Agent, you are directed to a site to obtain it.

Notes:

As in most installations, Setup updates shared Microsoft files on your computer. If you are requested to restart your computer, you do not have to do that immediately, but it may be necessary for certain Antigen for SMTP Gateways features to work correctly.

The Antigen Administrator installed with SMTP scanning for Windows Server 2003 or Windows 2000 Server may also be used to connect to Antigen for Exchange or Antigen for SharePoint® servers. The registry for Antigen services remains: HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\ Antigen for SMTP.

Other installations

If you are installing on a remote server or performing an Administrator Only installation, follow the instructions in the "Microsoft Antigen for SMTP Gateways User Guide" available at the Microsoft Antigen TechNet Library.

Antigen Services

The Antigen Services are the components that run on the SMTP server and control all back-end functionality of Antigen for SMTP Gateways. They service requests from the Antigen Administrator, control the scanning processes, generate e-mail notifications, and store virus incident data to disk (which can be viewed using the Antigen Administrator). When an Administrator Only installation of Antigen for SMTP Gateways is performed, the Antigen Services are not installed.

AntigenService

AntigenService acts as the agent on the server that the Antigen Administrator connects to for configuration and monitoring. AntigenService coordinates all SMTP scanning activities.

Note:

When you install Antigen for SMTP Gateways, it is configured to allow everyone access to AntigenService. To change the security settings to restrict access to AntigenService, you will need to use DCOMCNFG to modify the security settings.

Securing AntigenService from unauthorized use

AntigenService utilizes DCOM to launch and authenticate Antigen Administrator connections. You can build an access list of authorized users who can connect to AntigenService utilizing the Antigen Administrator.

To build an access list of authorized users

1.Open a Command Prompt window.
2.Type DCOMCNFG and press ENTER. The Component Services dialog box appears.
3.In the Console Root section, expand Component Services, expand Computers, expand My Computer, expand DCOM Config, right-click AntigenService, and then select Properties. The AntigenServices Properties dialog box opens.
4.Click the Identity tab and configure your user accounts.
5.Click the Security tab and use the permissions lists to control which user accounts have rights to launch AntigenService, access AntigenService, or change the DCOM configuration. Click OK to exit the AntigenServices Properties dialog box.

To learn more about services, see the "Antigen Services" chapter in the "Microsoft Antigen for SMTP Gateways User Guide" at the Microsoft Antigen TechNet Library.

Antigen Administrator

The Antigen Administrator is used by the administrator to configure and run Antigen for SMTP Gateways. For the Antigen Administrator to launch successfully, AntigenService must be running on the computer to which the Antigen Administrator is connecting. Because the Antigen Administrator is the front end of the Antigen for SMTP Gateways software, it can be launched and closed without affecting the back-end processes that are being performed by the Antigen Services. The Antigen Administrator may also be run in a read-only mode to provide access to users who do not have permission to change settings or run jobs, but who may need to view information provided through the user interface.

To run the Antigen Administrator, on the Start menu, point to All Programs, point to Microsoft Antigen for SMTP, and then click Antigen Administrator.

Important:

Due to default security settings in Windows XP SP2, the Antigen Administrator will not run properly when first installed. For details about how to enable the Antigen Administrator to run on Windows XP SP2, see the "Antigen Administrator" chapter in the "Microsoft Antigen for SMTP Gateways User Guide" at the Microsoft Antigen TechNet Library.

Connecting to a local server

The first time the Antigen Administrator is launched, it will prompt you to connect to the SMTP services running on the local computer. You can use the server name or local alias to connect to the local server.

Note:

For information about connecting to a remote server, see the "Microsoft Antigen for SMTP Gateways User Guide" at the Microsoft Antigen TechNet Library.

Antigen Administrator overview

The Antigen Administrator user interface contains the Shuttle Navigator on the left and the work panes on the right. The Shuttle Navigator is divided into several areas, as shown in the following table.

Area / Description
SETTINGS / The SETTINGS area includes icons for accessing the work panes to configure scan jobs, antivirus settings, scanner updates, templates, General Options, and the Anti-Spam Job when the Antigen Spam Manager is enabled.
FILTERING / The FILTERING area includes icons for accessing the work panes to configure content filtering, file filtering, mailhost filtering, keyword filtering, allowed senders, and filter lists.
OPERATE / The OPERATE area includes icons for accessing the work panes to control virus scanning, spam scanning, and filter options, and perform quick scans.
REPORT / The REPORT area includes icons for accessing the work panes for notification configuration, the incidents view, and the quarantine area.

For detailed information about the areas of the Shuttle Navigator and their various configuration settings, see the "Microsoft Antigen for SMTP Gateways User Guide" at the Microsoft Antigen TechNet Library.

General Options

General Options, accessed from the SETTINGS shuttle of the Antigen Administrator, provide access to a variety of system-level settings for Antigen for SMTP Gateways. These options are stored in the registry. The General Options pane eliminates the need to directly access the registry when changing these settings.

Although there are many options that can be controlled through the General Options pane, each of them has a default (enabled, disabled, or a value) that can be used for most situations. However, there are several options that you may want to modify while configuring Antigen for SMTP Gateways for the first time. These options are described in the following table.

Option / Description
Critical Notification List / Enter the e-mail addresses of administrators and others who should be notified in the event that the SMTP service starts and Antigen for SMTP Gateways is not connected or if the Antigen store shuts down. Multiple e-mail addresses should be separated by semicolons. For example: ;
Internal Address / Antigen for SMTP Gateways can be configured to send different notifications to internal and external senders and recipients. If your list of internal names is small, enter the domain names in the Internal Address box, to show who should be sent internal notifications. Domains should be entered as a semicolon delimited list (for example: microsoft.com;microsoft.net;company.com) with no spaces. Any change to this value is immediately reflected in virus notifications.
When entering a domain name in the Internal Address box, be aware that subdomains are covered by the entry.
For example: domain.com will include subdomain.domain.com and subdomain2.domain.com.
Alternate domains such as domain.net or domain.org must be entered individually.
Values entered in the Internal Address box are used as a substring match of the end of an e-mail address. For example, "soft.com" would consider "" and "" to be internal addresses.
If you have a large number of domains to be used as internal addresses, you can enter them in an external text file (leaving the Internal Address box blank). Enter all your internal domains, each on a separate line. Be aware that all subdomains must be entered individually. To use the external file, you must manually create the registry key DomainDatFilename and set its value to the full path of the external text file. For more information about this key, see the "Microsoft Antigen for SMTP Gateways User Guide" at the Microsoft Antigen TechNet Library.

Configuring scanner updates