8/14/2019 Forefront installation on the Mailbox Server Role

1/28

2009

Spectrum Engineering

Consortium Ltd.

[INSTALLING FOREFRONT EXCHANGE

SECURITY IN MAILBOX SERVER]This document is for IT staff for smoothly installation FSE in a mailbox server also test its functionality.

8/14/2019 Forefront installation on the Mailbox Server Role

2/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 2

In this Scenario we are targeting placement of Forefront on the Mailbox Server Role. Forefront Security for Exchangeincludes both Realtime and Transport Layer Scanning Capabilities along with a Manual Scan capability. There isalso a rich, highly customizable Content Scanning capability for both Files by File Extension (Example: Quarantine allfiles with a .scr File Extension) and File Name (Example: Quarantine all files named zippo_virus.txt), restrictions byAllowed Sender, Filtering by Key Word (Example: Delete all files with the word 'tucan' in the Subject or MessageBody) and a Manual Scan capability that provides for Business specific combinations of the many variations availableabove. We will explorer the initial installation and then in separate Blog entries provide examples of using Filtering by

1) Content, 2) Keyword, 3) File, 4) Allowed Sender or 5) Filter Lists.

Finally, it is always worth mentioning that one of the primary reasons Businesses are selecting Forefront Security forExchange is it is a Product designed from the ground up to incorporate scanning through multiple Anti-Virus Engineswith the maximum 5 Engines (of 10 available) selected for any one Scan Type. The current Anti-Virus Vendorsincluded in Forefront Security for Exchange are:

Norman Virus Control

Microsoft Antimalware Engine

Sophos Virus Detection Engine

CA Inoculate IT

CA Vet

Authentium Command Antivirus Engine

AhnLab Antivirus Scan Engine Worm List

VirusBuster Antivirus Scan Technology

Kaspersky Antivirus Technology

Let's get this Product installed then explore its capabilities further!

8/14/2019 Forefront installation on the Mailbox Server Role

3/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 3

I begin by logging onto the Exchange 2007 Mailbox Server Role and identifying the Forefront Security for ExchangeSetup File.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0000.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

4/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 4

I initiate the Setup process using the Wizard Based dialogue windows.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0001.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

5/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 5

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0002.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

6/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 6

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0003.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

7/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 7

The complexity of the Setup configuration is low. In this example I am completing a 'Local Installation'.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0004.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

8/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 8

Forefront Security for Exchange provides the ability to complete a 'Full Installation' or a separate 'Console OnlyInstallation.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0005.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

9/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 9

Once message are in 'Quarantine' there are several approaches to consider when 'handling' these QuarantinedMessages. 'Secure Mode' is recommended as rescanning of Messages is a better idea (in my opinion) than notapplying any of the unique Content or File Filtering capabilities a second time when viewing.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0006.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

10/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 10

I select default, randomly chosen Anti-Virus Engines (5 of a possible 10 Engines) understanding that once ForefrontSecurity for Exchange is in place we receive Anti-Virus Engine and Virus Definition Files from all 10 Vendors.Additionally, we can then 'selectively choose 5 Vendors' on a Per Server (and even Per Scan Type) basis.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0007.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

11/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 11

Here is a clear statement that all 10 Anti-Virus Engines and Anti-Virus Definition Files require downloadable updatesupon completion of the installation process. Typically this 'Engine' and 'AV Definition' update process takes under 30Minutes total.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0008.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

12/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 12

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0009.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

13/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 13

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0010.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

14/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 14

Final confirmation of the intended installation steps the Microsoft Intaller for Forefront Security for Exchange willexecute prior to execution.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0011.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

15/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 15

Since Forefront Security for Exchange incorporates 'Transport Level Anti-Virus Scanning' the Exchange 2007Transport Service must be Stopped, Forefront Security for Exchange installed, then the Exchange 2007 TransportService Started again.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0012.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

16/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 16

Confirmation that the Exchange 2007 Transport Service re-Started again successfully.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0013.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

17/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 17

Success! A quick scan of the 'Readme' File and we are ready to roll. Note: the 'Readme' file includes detail on howto generate a Test Virus File as prescribed by EICAR. It is not really a Virus, just a file with Content that all Anti-VirusVendors understand are 'test values'. http://www.eicar.org

http://www.eicar.org/http://www.eicar.org/http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0014.jpghttp://www.eicar.org/

8/14/2019 Forefront installation on the Mailbox Server Role

18/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 18

The Forefront Security for Exchange Administrator icon and Application are now in place and functionality.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0015.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

19/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 19

I have found the most logical 'first step' in configuring Forefront Security for Exchange is validating the 'Proxy Server'settings are correct. This allows the Application to go to the defined Microsoft Internet URL and download both Anti-Virus Engine Updates and Anti-Virus Definitions.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0016.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

20/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 20

Anti-Virus Engine and Anti-Virus Definition Updates begin downloading right away. The Download Schedule iscompletely customizable.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0017.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

21/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 21

Now I move to a Windows XP SP2 Workstation with Outlook 2007 installed. The intent of this Login is to use the'Test EICAR Virus File', send it in an e-mail to fellow employees and determine if Forefront Security for Exchange'catches' the Virus.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0018.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

22/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 22

I login as Ralph McGee - one of my fictitious e-mail users on Exchange 2007.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0019.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

23/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 23

I have placed the 'EICAR Virus Test File' on the Desktop of 'All Users' on this Worksation. I briefly rename this filefrom 'eicar.com' to 'eicar.pow' and send it to other Mailbox holders. Go Virus Test File Go!

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0020.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

24/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 24

Right away Forefront Security for Exchange picks up the 'EICAR Virus Test File' as witnessed in the QuarantineObject in the Forefront Security for Exchange Application. We can see who sent the Virus, the Virus Type, theRecipients, anyone marked as a Carbon Copy (CC) and the action taken by Forefront Security for Exchange. Most ofthese parameters are configurable based on the requirements of your Business.

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0021.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

25/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 25

http://www.itprosecure.com/filestorage/CommunityServer.Components.SiteFiles/Installs/ex2k7_forefront_on_mb/itps_ex2k7_forefront_on_mb-0022.jpg

8/14/2019 Forefront installation on the Mailbox Server Role

26/28

By- Md. Ashifuzzaman [MCSE, MCTS,MCITP] Page 26

Another valuable capability of Forefront Security for Exchange is that when an 'Event' occurs the Application Log onthe Local Server includes an Event by Event ID. There is complete integration with Microsoft Operations Manager2005 and System Center Operations Manager 2007 for compiling Performance Metrics along with detailed Alerting.

8/14/2019 Forefront installation on the Mailbox Server Role

27/28

8/14/2019 Forefront installation on the Mailbox Server Role

28/28

We can customize the 'Notification Message' as I have done in this example by indicating the line starting with '....Ifyou have