DIRECCIONAMIENTO ESTRATÉGICO Y DE RESPONSABILIDAD

Maintaining virus

protection

This chapter includes the following topics:

■ How Symantec Mail Security detects and prevents viruses

■ Configuring your Internet connection for virus definition updates

■ Keeping your virus protection current

■ Setting up your own LiveUpdate server

How Symantec Mail Security detects and prevents

viruses

If you are using the Symantec Central Quarantine Server, you have the benefit of the Symantec Digital Immune System. The Digital Immune System is Symantec’s unique technology for automatic detection and repair of security risks. The Digital Immune System lets a computer network instantly identify potentially harmful agents or abnormal conditions and take protective measures as needed. The Digital Immune System automates the submission of potential threats and automatically delivers repairs to the problem computer or the entire enterprise.

144 Maintaining virus protection

How Symantec Mail Security detects and prevents viruses

Symantec Mail Security works with the Digital Immune System to do the following:

■ Allow submission of unrepairable, new, and user-specified files to Symantec for analysis.

■ Automate and strip submitted messages of non-virus content (in the case of Microsoft Word and Excel).

■ Track submissions in real time using HTTPS communications between the Quarantine Server and the Digital Immune System.

■ Automatically distribute repairs (new virus definitions) to the Quarantine Server as soon as possible.

The Quarantine Server is available with Symantec Mail Security and is installed separately. If installed, virus quarantined messages can be forwarded to the central Quarantine Server for use with the Digital Immune System.

For more information, see the Symantec Quarantine Server documentation.

Note: Messages that do not contain a virus but violate policies or rules are not sent to Central Quarantine.

About virus definition files

Symantec Mail Security relies on up-to-date information to detect and eliminate viruses. One of the most common reasons that virus problems occur is that virus definition files are not updated after installation. Symantec regularly supplies updated virus definition files that contain the necessary information about all newly discovered viruses. Regular updates of that information maximize security and guard your organization’s Exchange mail system against virus infections and the downtime that is associated with a virus outbreak. Symantec Mail Security provides two types of virus definitions as follows:

■ Rapid Release definitions provide the fastest response to emerging threats and are updated approximately every hour. Rapid Release definitions are delivered by FTP and provide reliable first-line protection.

■ LiveUpdate certified definitions are updated less frequently as the certified definitions undergo more stringent testing.

If your organization has both front-end and back-end Exchange Servers, you may want to consider using Rapid Release definitions on the front-end for the fastest response to new threats and leverage certified Live Update definitions on the Exchange back-end mailbox servers.

145 Maintaining virus protection Configuring your Internet connection for virus definition updates

Configuring your Internet connection for virus

definition updates

LiveUpdate operation requires an Internet connection. If you need to configure an Internet connection for LiveUpdate, use the Symantec LiveUpdate option in the Windows 2000 or 2003 Control Panel. This will be necessary, for example, if you are using a proxy server.

To configure your Internet connection for virus definition updates 1 In the Windows 2000 or 2003 Control Panel, double-click Symantec

LiveUpdate.

2 Modify your Internet connection settings, if necessary.

Keeping your virus protection current

Symantec Mail Security supports virus definition updates through LiveUpdate and Rapid Release.

If Symantec Mail Security is installed on only one Microsoft Exchange Server, use the single-server user interface to update virus definitions.

If Symantec Mail Security is installed on several Exchange Servers, you can use the UI in Group view to enable Rapid Release downloads on individual servers. However, the UI will download only LiveUpdate updates and will distribute only the LiveUpdate updates to the servers.

If you have Symantec AntiVirus Corporate Edition installed, you must disable LiveUpdate/Rapid Release and allow Symantec AntiVirus to update definitions.

Updating virus definitions for a single server

The following options are available through the single-server user interface for updating virus definitions on a single server:

Manually start a LiveUpdate or Rapid Release session

Download the virus updates when the session is started.

Schedule automatic LiveUpdates for the Exchange Server

Schedule days of the week and a time to run LiveUpdate. During installation of Symantec Mail Security, a default LiveUpdate schedule is set. You can reconfigure the LiveUpdate schedule. Once this option is saved, LiveUpdate sessions take place automatically, at the specified times, without administrator intervention.

146 Maintaining virus protection Keeping your virus protection current

To manually update virus definitions for a single server

1 At the top of the window, click Change next to the Server/group panel.

2 In the Select Asset window, in the content area, select the server whose virus definitions you intend to update, and then click Select.

3 On the primary navigation bar, click Admin.

4 On the sidebar, under Views, click LiveUpdate/Rapid Release Status.

5 Under Tasks, click Run LiveUpdate and/or Run Rapid Release.

To schedule virus definition updates

1 At the top of the window, click Change next to the Server/group panel.

2 In the Select Asset window, in the content area, select the server whose virus definitions you intend to update, and then click Select.

3 On the primary navigation bar, click Admin.

4 On the sidebar, under Views, click LiveUpdate/Rapid Release Schedule.

5 In the content area, check Enable automatic virus definition updates.

6 Click one of the following:

■ Use Rapid Release definitions

■ Use Certified LiveUpdate definitions

7 If you have Auto-Protect enabled and also select Rapid Release updates, you should disable at least one of the following features on servers that have a message store:

■ Enable background scanning

■ On virus definition update, force rescan before allowing access to information store

When both of these options are enabled, the message store is rescanned each time the virus definitions are updated. Because Rapid Release virus definitions are updated every hour, this can impact overall mail throughput.

Enable Rapid Release for the Exchange Server

Configure and save the Rapid Release option.

Updates will occur without administrator intervention. The default interval is hourly, but you can vary the interval to up to 12 hours.

147 Maintaining virus protection Keeping your virus protection current

8 Additionally, if you have selected Rapid Release updates, you should disable the “On virus definition update, force rescan before allowing access to information store” feature for all scheduled scans. If this option is enabled in a scheduled scan, the scheduled scan will run when virus definitions are updated. Because definitions are delivered more frequently with Rapid Release definitions, the scan may not complete before new definitions are available. This can impact overall mail throughput.

Rapid Release automatically runs once every hour.

9 For LiveUpdate, under Schedule Settings, select one of the following:

■ Run every [ ] hours: Select the interval in hours that you want to run

LiveUpdate.

■ Run at a Specific Time: If you select this option, type the time of day (in 24-hour format) and check the day or days of the week that you want LiveUpdate to run.

10 Click Deploy changes/Deploy all or proceed to your next task.

Updating virus definitions for multiple servers

The UI lets you update virus definitions across all of your Exchange Servers. You can run LiveUpdate immediately from the Home page if you are between scheduled LiveUpdate sessions. For example, you may learn of a new virus that attacks mail servers and want to manually distribute the latest virus definitions as soon as possible.

When virus definitions are distributed from the UI to servers, the virus definitions are always copied to the server. The server selects the latest definitions, whether they are distributed from the UI or whether they already exist on the server.

See“Keeping your protection updated automatically” on page 71.

You can use the Symantec Mail Security UI to update virus definitions across all managed servers as follows:

Configure the scheduling of LiveUpdates for all managed servers or only for servers in a specific

administrative group.

When configuring the schedule for multiple Exchange Servers, LiveUpdate will run at the specified time in the local time zone of each server. For example, if you schedule a LiveUpdate session for every Saturday at 10 P.M. and push that setting from a site in Sydney to an Exchange Server in Manila and to one in San Francisco, LiveUpdate will run for the Manila server every Saturday at 10 P.M., their local time, and LiveUpdate will run for the San Francisco server every Saturday at 10 P.M., their local time.

148 Maintaining virus protection Keeping your virus protection current

To schedule virus definition updates for all servers or servers in a group 1 At the top of the window, click Change next to the Server/group panel.

2 In the Select Asset window, in the content area, select the server whose virus definitions you intend to update, and then click Select.

3 On the primary navigation bar, click Admin.

4 On the sidebar, under Views, click LiveUpdate/Rapid Release.

5 In the content area, check Enable automatic virus definition updates.

6 Click Use Certified LiveUpdate definitions.

7 Under Schedule Settings, select one of the following:

8 Click Deploy changes/Deploy all or proceed to your next task.

To manually update virus definitions for a group of managed servers 1 On the menu bar, select Tasks > Manage Assets.

2 In the Asset Management window, in the content area, select the server group whose virus definitions you intend to update, and then click Close.

3 On the primary navigation bar, click Admin.

4 On the sidebar, click LiveUpdate Status. This option is not available in single server view.

5 On the sidebar, under Tasks, click Run LiveUpdate. Manually update

virus definitions on the managed servers.

You can download the latest definitions to the home server, and then distribute those updates to a server group.

Note: When pushing out definitions to managed servers, the license file must be current or the definitions will not be applied to the servers.

See“Installing on multiple servers” on page 44.

Run every [ ] hours Select the interval in hours that you want to run LiveUpdate. Run at a Specific

Time

If you select this option, type the time of day (in 24-hour format) and check the day or days of the week that you want LiveUpdate to run.

149 Maintaining virus protection Setting up your own LiveUpdate server

Setting up your own LiveUpdate server

The LiveUpdate Administration Utility, which is available on the Symantec Mail Security CD, lets you set up an intranet HTTP, FTP, or LAN server, or a directory on a standard file server to handle LiveUpdate operations for your network. For more information, see the LiveUpdate Administrator’s Guide on the Symantec Mail Security CD.

If you set up your own LiveUpdate server, you must edit the LiveUpdate configuration for Symantec Mail Security to point to the local LiveUpdate server.

150 Maintaining virus protection