ESET MAIL SECURITY 4 Bedienungsanleitung PDF herunterladen (Seite 3)

1. Introduction

ESET Mail Security 4 for Microsoft Exchange Server (EMSX) is an

integrated solution protecting user mailboxes from various types of

malware content (most often they are email attachments infected by

worms or trojans, documents containing harmful scripts, phishing,

spam etc.). EMSX ﬁlters the malicious content on the mailserver

level, before it arrives in the addressee’s email client inbox. The

administrator can set the following message ﬁltering criteria in EMSX:

target mail folder, recipient, sender, message subject, message body,

attachment name and size. An action to be performed on the ﬁltered

message can be set for each condition.

EMSX supports Microsoft Exchange versions 5.5 and later, in addition

to Microsoft Exchange in a cluster environment. In newer versions

(Microsoft Exchange 2007 and later), speciﬁc roles (mailbox, hub,

edge) are also supported.

You can remotely manage EMSX in larger networks with the help of

ESET Remote Administrator.

Where functionality is concerned, EMSX is almost identical to ESET

NOD32 Antivirus 4.0. It has all the tools necessary to ensure protection

of the server-as-client (resident shield, web-access protection, email

client protection and antispam), while providing Microsoft Exchange

Server protection. We will concentrate, however, on the Microsoft

Exchange Server protection in this manual., We recommend reading

the ESET NOD32 Antivirus manual for a comprehensive description

and guide to all other EMSX modules.

1.1 System requirements

Supported Operating Systems:

• Microsoft Windows 2000 Server

• Microsoft Windows 2003 Server (x86 and x64)

• Microsoft Windows 2008 Server (x86 and x64)

Supported Microsoft Exchange Server versions:

Microsoft Exchange

Server 5.5 SP3, SP4

Microsoft Exchange

Server 2000 SP1, SP2,

SP3

min. requirements: Windows 2000 Server,

Intel Pentium 166MHz or compatible,

128MB RAM, 700MB free disk space

Microsoft Exchange

Server 2003 SP1, SP2

min. requirements: Windows 2000 Server,

133MHz or higher processor, 256MB RAM,

700MB free disk space

Microsoft Exchange

Server 2007 SP1

min. requirements: Windows Server 2003,

Intel Pentium 800MHz or compatible,

2GB RAM, 1.9GB free disk space

Microsoft Exchange

Server 2010 Beta

min. requirements: Windows Server 2008,

Intel 64 architecture or AMD64 platform

processor, 4GB RAM, 1.9GB free disk space

Hardware requirements depend on the version of Microsoft Exchange

employed, as well as the operating system version used. We

recommend reading the Microsoft Exchange product documentation

for more detailed information on hardware requirements.

1.2 Methods Used

Two independent methods are used to scan email messages:

1.2.1 Mailbox scanning via VSAPI

The mailbox scanning process is triggered and controlled by the

Microsoft Exchange Server. Depending on the version of the Microsoft

Exchange Server (consequently, the VSAPI interface version) and on

the user-deﬁned settings, the scanning process can be triggered in any

of the following situations:

• When the user accesses email (e.g. in an email client)

• In the background, when use of the Microsoft Echange Server is

low

• Proactively (based on the Microsoft Exchange Server’s inner

algorithm)

The VSAPI interface is currently used for antivirus scan and rule-based

protection.

1.2.2 Message ﬁltering on the SMTP server level

SMTP server level ﬁltering is secured by a specialized plugin. In

Microsoft Exchange Server 2000 and 2003, the plugin in question

(Event Sink) is registered on the SMTP server as a part of Internet

Information Services (IIS). In Microsoft Exchange Server 2007, the

plugin is registered as a transport agent on the Edge or the Hub roles

of the Microsoft Exchange Server.

The ﬁltering plugin performs a scan during the processing of the

SMTP END_OF_DATA command on Microsoft Exchange Server 2000,

Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007

in the Edge role. The exception to this rule is the Greylisting technique

bound to the processing of the SMTP RCPT_TO command.

When Microsoft Exchange Server 2007 is in the Hub role, the transport

agent processes messages while they are queuing.

SMTP server-level ﬁltering by a transport agent provides protection in

the form of antivirus, antispam and user-deﬁned rules.

1.3 Types of protection

There are three types of protection:

1.3.1 Antivirus protection

Antivirus protection is one of the basic functions of the EMSX product.

The same properties and parameters apply to antivirus protection in

EMSX as antivirus protection in ESET Smart Security and ESET NOD32

Antivirus.

1.3.2 Antispam protection

Antispam protection integrates several technologies (SPF, RBL,

whitelisting, rules, etc.) to ensure maximum detection of email

threats. The antispam scanning core’s output is the spam probability

value of the given email message expressed as a percentage (0 to

100). Values of 90 and above are considered su cient for the EMSX to

classify an email as spam.

Another component of the antispam protection is the Greylisting

technique. The technique relies on the assumption that legitimate

mail agents will repeatedly attempt to deliver an email after

encountering a temporary delivery failure. A substantial part of spam

consists of one-time deliveries (using specialized tools) to a bulk

list of email addresses generated automatically. A server employing

Greylisting calculates a control value (hash) for the envelope sender

1 2 3 4 5 6 7 8 ... 14 15

Kommentare zu diesen Handbüchern

Keine Kommentare

ESET MAIL SECURITY 4 Bedienungsanleitung Seite 3

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Server ESET MAIL SECURITY 4