schedule. This task is performed as a background scan and does not have any considerable effect on the performance of the mail server. creating the list of protected storage areas, which offers additional flexibility in regards with license restrictions on the number of protected mail boxes. managing license keys.
Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server includes the following components: Security server that provides the anti-virus functionality and updating of the anti-virus database and includes administrative services for remote management, configuring and ensuring the integrity of the application and of the data stored. Management Console that provides the user interface for managing the administrative services of the application and allows to install the application, configure settings and manage the server component. The management module is implemented as the extension of the Microsoft Management Console (MMC).
1.3. What's new in version 5.5?
Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server has the following distinctions from the previous version: Completely revised intuitive graphical interface implemented according to the MMC (Microsoft Management Console) standards. Using the new interface, the administrator can start using the application without the need to configure any preliminary settings; this interface also offers a wide range of options for configuring the customized application management environment that can be adapted to the conditions of any particular corporate network to the maximum possible extent. The use of extended anti-virus database allows protecting your mail server not only against malicious software, but also against potentially dangerous software, such as adware, automatic dialing programs that connect the user's computer to commercial internet sites, hacking programs or joke programs. An option of selecting the anti-virus protection level has been implemented to enable the administrator to adjust the e-mail flow security level and the load on the server during the scan. Saving backup copies of objects before disinfection, deletion or renaming allows to restore objects or to send them to Kaspersky Lab for analysis. The possibility to create and use customized filters simplifies the search for information you need.

1.7. Services provided for registered users
Kaspersky Lab Ltd. offers to all legally registered users an extensive service package enabling them to use Kaspersky Anti-Virus more efficiently. After purchasing a subscription, you become a registered user and, during the period of your subscription, you will be provided with the following services: you will be receiving new versions of the purchased software product;
support on issues related to the installation, configuration and use of the purchased software product. Services will be provided by phone or via email; information about new Kaspersky Lab products and about new viruses appearing worldwide (this service is provided to users who subscribe to the Kaspersky Lab's newsletter). Support on issues related to the performance and the use of operating systems or other technologies is not provided.
CHAPTER 2. OPERATION OF KASPERSKY ANTI-VIRUS
Kaspersky Anti-Virus scans and, if it is possible, disinfects all incoming, outgoing e-mail messages as well as messages stored at the server. The application analyzes the body of the message and attached files of any format. The scan for the viruses and the disinfection of infected objects are performed based on the records in the anti-virus database that is updated by Kaspersky Lab on a regular basis and contains description and the methods of disinfection of all currently known malicious programs, joke programs, potentially dangerous software and programs that are not potentially dangerous, but may be a part of the software used for development of such software. The application performs a real-time scan of all e-mail messages arriving to the server. Before the message is scanned it cannot be viewed. E-mail messages stored at the server and the content of all public folders are scanned each time the anti-virus database is updated or according to the schedule. The scan may identify new viruses that were not described in the antivirus database at the time when previous scans were performed. This task is performed as a background scan and does not have any effect on the performance of the mail server. If the user requests a message that has not been scanned with the updated anti-virus database, such message will be scanned prior to the delivery to the user. Thus, the user will always receive e-mail messages that have been analyzed using the latest version of the anti-virus database, no matter when a particular message arrived to the server. The application processes each object according to its current settings: it disinfects or deletes the infected object from the message, replacing it with the corresponding notification. The administrator may select a mode in which the application will deliver messages with infected objects to the user, although it will modify the object's name by adding information about the virus to it and change the object's extension. Before processing an object, the application can save a copy of this object in a special backup storage for the consequent restoring or sending to Kaspersky Labs for analysis. The program sends notifications about detected viruses to the administrator, to the recipient and to the sender of the infected message and enters corresponding records into the Windows application log and into the application's internal logs. If the virus outbreaks detection tool is enabled, the application registers the virus activity level and sends notifications about a new virus outbreak threat or enters

CHAPTER 3. INSTALLING, UPDATING AND REMOVING THE APPLICATION
Before the installation of Kaspersky Anti-Virus, make sure that the software and hardware of the computers used meet the installation requirements. The minimum requirements to the computers' configuration are provided in para 1.4, page 11.
3.1. Installing the application
The installation procedure is a standard one similar to that of most Windows applications. The setup wizard will offer you to install the application components of Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003, Security Server and Management Console, on the computer on which the setup wizard is run. This configuration is recommended at the initial stage of creating the Exchange servers anti-virus protection system. You can select either complete or custom installation of the application or repair an incorrect installation of Kaspersky Anti-Virus. For installation of Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003 the local administrator's rights are required for the computer on which the installation is performed. After the Management Console is installed, a shortcut icon for this component will appear in Run/Programs/Kaspersky Anti-Virus Microsoft Exchange Server menu in your computer. The Security Server will be installed on your computer as a service with a set of attributes as follows: name Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003; startup type automatic; account Local system.
The properties of the Security Server can be viewed and its operation can be monitored using standard Windows administration tools - Computer Management/Services. Information about the operation of the Security Server is registered and saved in the Windows applications log on the computer on which the Security Server is installed.
Installing, updating and removing the application
3.1.1. First-time installation
In order to install Kaspersky Anti-Virus into your computer run the setup.exe file on the installation CD included into the distribution package. The installation process will be facilitated by the setup wizard. Setup wizard will offer you to configure the installation parameters and start the installation. Following below is a detailed discussion of each step of the application installation. The procedure used to install the application from the distribution kit downloaded from the internet is identical to the procedure used for application installation from the installation CD.

If a copy of Kaspersky Anti-Virus 4.5 was installed on your computer and if the license key that was used with this version has not expired yet, you can use this key as the license key for Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003. You can also install a backup license key that will be activated automatically upon the expiry of the current license key. If, at the time of the installation, you still do not have the license key (for example you ordered it from Kaspersky Lab via internet but have not received it yet), you can install it later when you run the application for the first time using the Management Console. Note that without the license key you cannot start using Kaspersky Anti-Virus.
3.1.2. Reinstalling the application
Reinstallation of Kaspersky Anti-Virus is performed if the initial installation of the application was incorrect or during program operation the integrity of executable files was broken. In order to ensure the correct installation of the application, select the Repair option in the window that will open (see Figure 5) This will start reinstallation of Kaspersky Anti-Virus, which will use the same settings as the previous installation. For example, if the previous installation was a custom installation, then the reinstallation initiated by the Repair button will also be a custom type installation.
Figure 5. Selecting the application reinstallation mode
3.2. Upgrading to a new version
In order to upgrade version 4.x of Kaspersky Anti-Virus for Microsoft Exchange Server to version 5.5, remove the previous version and install a new one following the steps described in this Guide (details see para 3.1, page 20 and para 3.3, page 28).
RECOMMENDATIONS FOR MIGRATION FROM VERSION 4.5 TO 5.5
After installation, product version 5.5 starts working with a minimum set of parameters. Most of them are specified by default and correspond to optimal values recommended by Kaspersky Lab experts (see para 4.6, page 36). Additional configuration should be performed manually. In order to make the system configuration identical to the settings used by version 4.5, you will have to enter the required changes. Please pay attention to the following during the procedure: Scanning of archives is disabled by default in version 5.5. You can enable it in the Scan attachments tab of the Anti-virus protection window (see para 5.3, page 47). Version 5.5 does not support unprotected user groups. Exclusion of objects from scanning is accomplished using unprotected storage. Storage protection can be configured in the Protected E-mail tab of the Anti-virus protection window (see para 12.6, page 120).

4.2. Application interface
Kaspersky Anti-Virus user interface is provided by the Management Console component. The Management Console is a dedicated isolated facility integrated into MMC, therefore the application interface is a standard MMC interface.
4.2.1. Main application window
The main application window (see Figure 8) contains a menu, a toolbar, a view pane and a results pane. The menu provides the files and windows management functions as well as the access to the help system. The set of buttons on the toolbar ensures the direct access to some frequently accessed items of the main menu. The display pane presents the Microsoft Exchange Server namespace in the form of the console tree, the results pane displays the list of elements presented in the tree form. The Microsoft Exchange Server namespace may contain several nodes with the names of the servers managed via the console. The namespace does not
Starting using the application
contain any elements immediately after the installation of the Management Console.
Figure 8. Main application window
After a new server is added, it is displayed in the console tree as a node <Server Name>. The settings configuration and controlling Kaspersky Anti-Virus application is performed using hyperlinks in the results pane. General settings used for viewing general settings of Kaspersky AntiVirus operation, license details and information about installed license keys, renewing the license and the configuring the application operation diagnostics settings. Anti-virus protection used for viewing and configuring the managed server's anti-virus protection settings Anti-virus database updates used to configure settings for downloading the anti-virus database updates, manual updates and setting up an automatic update schedule.
If the connection to the server was established, the <Server name> node will include nested folders; each of these folders is used for managing a particular function of the application. Notification templates for configuring notifications about detection of infected or suspicious objects during an anti-virus scan. Backup storage for working with the backup storage where backup copies of objects are stored; includes the list of objects stored in the backup storage. Report templates for managing reports; contains a list of report templates used to create reports about the program operation and the status of the server anti-virus protection. Virus outbreak counters for configuring the criteria for identifying virus outbreaks and settings used in notification about detected outbreaks.

If you connect to the internet using a proxy server, you will have to configure your connection settings to receive updates. In order to ensure full functionality of the mail server protection, it is necessary to configure settings used to notify the administrator and other users about the detection of infected and suspicious objects and about virus outbreaks threats. The application settings are configured from the administrator's workstation a computer on which the Management Console is installed. This operation can be performed irrespective of whether the Microsoft Exchange server application is running on the server.
4.6. Mail server protection without additional configuration
Anti-virus protection of the Exchange server starts operating immediately after the Security Server component is installed. The default operation mode of the application is as follows: The Anti-Virus will scan objects for the presence of currently known malicious software (with the standard anti-virus protection level applied) Anti-virus protection will be provided for all public folders, all storage areas created at the Exchange server and all users registered with the particular mail server. All new e-mail messages arriving to the Exchange server and having the following parameters will be scanned for viruses: the body of the message and attached objects of any format will be scanned, except archives and containers with the level of nesting above 32; the maximum time for scanning 1 object is 180 seconds; when an infected object is detected, the application saves a copy of this object (attachment or the body of the message) in the backup storage, then attempts to disinfect the object and, if disinfection is impossible, the application deletes the object and replaces it with a text file containing a notification in the following format: Malicious object %VIRUS_NAME% has been detected. File (%OBJECT_NAME%) was deleted by Kaspersky Anti-Virus.
If an object that cannot be disinfected is detected in the body of the message, the body of the message will be replaced with a similar text notification. when a suspicious object is detected, the application will save a copy of this object (attachment or the body of the message) in the backup storage. Suspicious objects detected in message body are replaced with a notification of the following format: Virus (possibly %VIRUS_NAME%). File (%OBJECT_NAME%) was deleted by Kaspersky AV If a suspicious object is detected in the attached file, the application will change filename and extension of attached objects. Renamed objects will have txt extension. when a protected or corrupt object is detected, the application will save a copy of this object (file or the body of the message) in the backup storage. Objects detected in message body are replaced with a notification of the following format: The attached file %OBJECT_NAME% was deleted by Kaspersky AV. File was password-protected or corrupted If a protected or corrupt object is detected in the attached file, the application will change filename and extension of attached objects. Renamed files will have txt extension. Messages stored on the server as well as the content of public folders are not scanned. Mail traffic routed by the Exchange server will not be scanned. The anti-virus database is updated hourly via internet from the Kaspersky Lab's HTTP and FTP servers. If you connect to the Internet using proxy-server, you should configure connection settings for successful updates download. The administrator will not be notified about infected and suspicious objects detected. The detection of virus outbreaks will be recorded: detection of infected objects will be recorded five times a day without issuing notifications to the administrator. Reports on the status of the anti-virus protection system are created on the first day of each month and covers last 30 days.

4.7. Verifying the application performance
After Kaspersky Anti-Virus is installed and configured, we recommend verifying the correctness of its settings and operation using a test "virus" and its modifications.
4.7.1. Test virus EICAR and its modifications
This test "virus" was specially designed by EICAR (The European Institute for Computer Antivirus Research) for testing anti-virus products. The test virus IS NOT A VIRUS because it does not contain code that can harm your computer. However, most anti-virus products manufacturers identify this file as a virus. Never use real viruses for testing the operation of an anti-virus product! You can download this test virus from the official website of the EICAR organization at http://www.eicar.org/anti_virus_test_file.htm. If you have no Internet connection, you can create your own test "virus". To create a test virus, type the following string in any text editor and save the file as eicar.com: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TESTFILE!$H+H* The file downloaded from the EICAR website or created as described above contains the body of a standard test virus. Kaspersky Anti-Virus will detect it, assign it to the Infected category and apply the action defined by the administrator for processing objects of this type. To test the response of Kaspersky Anti-Virus when other types of objects are detected, modify the content of this standard test virus by adding one of the prefixes listed in Table below. You can test the correctness of Kaspersky Anti-Virus operation using the modified EICAR virus only if your anti-virus database was last updated on or after October 24, 2003 (October, 2003 cumulative updates).
Prefix No prefix, standard test "virus" CORRSUSPWARNERROCURE-
Object type Infected An error occurs during an attempt to disinfect the object; apply action set for objects that cannot be disinfected. Corrupted Suspicious (unknown virus code) Warning (modified code of a known virus) Not analyzed due to an error. Infected The object will be disinfected; the text of the "virus" body will be replaced with the word "DISINFECTED" Infected Apply action set for objects that cannot be disinfected.
The first table column lists prefixes to be added at the beginning of the string of the standard test "virus" (for example, DELE-X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUSTEST-FILE!$H+H*). After adding a prefix to the test "virus" save it, for example, to a file under the name eicar_dele.com (assign names to all the modified "viruses" in the same manner). The second column of this table contains the types of objects identified by the anti-virus application after you have added a prefix. The actions for each type of objects are defined by the Kaspersky Anti-Virus settings customized by the administrator.

7.3. Restoring objects from the backup storage
In order to restore an object from the backup storage: 1. Select the Backup Storage folder in the console tree.
Select the object you wish to restore in the table displaying the content of the backup storage (see Figure 30). You can use filter for searching for the object (see para 7.2, page 70). Open the shortcut menu and use the Get file or the analogous command under the Action menu. In a window that will open (see Figure 32) specify the folder to which you wish to save the object restored, and if required, enter or modify the object's name. Before sending a warning message (see Figure 33) will be displayed and ask you to confirm that you wish to proceed with the restoring. Press the Yes button to restore the object. As a result of these actions the object will be moved from the backup storage into the specified folder, decoded and saved with the specified name. The restored file will have the same format as it had when it first processed by Kaspersky Anti-Virus. After the object is successfully restored, a corresponding notification is displayed on the screen. We recommend restoring only those objects that have suspicious, protected or corrupted status. A new scan of such objects using the updated anti-virus database may result in the change in their status: the object may be disinfected or a new virus unknown before may be found in this object. Restoring other objects may result in infecting your computer!
Figure 32. Restoring objects from the backup storage
Figure 33. Confirming object restoring
7.4. Sending objects for analysis
In order to send an object from the backup storage to Kaspersky Lab's experts for analysis, 1. 2. Select the Backup Storage folder in the console tree. Select the object you wish to send for analysis in the table displaying the content of the backup storage (see Figure 30). You can use filter when searching for the object (see 7.2, page 70). Open the shortcut menu and use the Send for analysis or the analogous command under the Action menu. As a result of these actions an e-mail message with the selected object attached will be created on the computer where the managed Exchange server is installed, and this message will be sent to Kaspersky Lab. After the message is sent a message confirming the file has been sent will be displayed by the computer from which the control is maintained (see Figure 34). If the restoring succeeded, you can delete the object from the backup storage (see para 7.5, page 75).

Figure 38. Modifying notification template. The General tab
You can view the template of the message that is sent as a notification and modify its parameters on the Text tab (see Figure 39),
Figure 39. Modifying notification template. The Text tab
The Actions tab (see Figure 40) contains notification methods, recipients and computers that receive notification messages (if the corresponding notification options have been selected). You can select other methods of notification and modify the parameter values.
Figure 40. Modifying notification template. The Actions tab
After you have made the changes, press the OK or the Apply button to apply changes. For exit without savings the changes made press the Cancel button.
8.2. Creating a notification template
In order to create a new notification template: 1. 2. 3. Select the Notification templates folder in the console tree Open the shortcut menu and use the New template command or an analogous command under the Action menu. As a result of these actions a <New notification> windows used for configuring new notification template will open (Figure 41). Specify the required values for the parameters in the tabs of the window. Perform the following actions on the General tab (see Figure 41):
Figure 41. Notification template. The General tab
Enter the template name in the Name field. Specify the notification type. It must match the event which would trigger the notification to be created. In order to specify the type, select the required value from the Type drop-down containing the following values.

83 o o o

Infected object notification. Suspicious object notification Corrupted object notification
If necessary, enter a more detailed description of the notification in the Description field. Determine whether notifications will be created based on this template. In order to do this check (or uncheck) the Notify about event box.
Create a template of the message that will be sent as a notification on the Text tab (see Figure 42): Enter a brief description of the notification in the Notification Subject field. This line will be used as the header of the message. Create the message text in the Full notification text field. The message may include information about a registered event. To include this information add corresponding substitution macros to the template selecting them from the dropdown list accessible via the Macros button. The full list of the substitution macros is provided in Appendix A, page 126.

Preventing virus outbreaks
Several counters with different settings values can be created for each type of events. By default, notifications about increased virus activity level are not issued. However a built-in virus outbreaks counter is created during the installation of the Security Server. Virus outbreak notification can be set up based on the counter. Virus outbreaks counters are located in the Virus outbreak counters service folder. This folder is included into the structure of each node reflecting the managed Exchange server. The list of the virus outbreaks counters created is displayed in the form of a table in the results pane (see Figure 44). The table displays the name of the type for each counter. The counter type corresponds to the type of events traced by this counter. Detailed information about the virus outbreak counter settings is provided in the settings window accessible through the Properties shortcut menu command (details see para 9.1, page 88).
Figure 44. The Virus outbreaks folder
The administrator can create new counters, view and edit the settings of the existing counters, rename and delete counters using the shortcut menu commands. In order to set up issuing notifications about increased virus activity level, 1. Create a new virus outbreak counter (see para 9.2, page 90) or select an existing counter and configure its settings (see 9.1, page 88). Check the Notify about virus outbreaks box in the General tab of the virus outbreak counter settings (see Figure 45).
9.1. Viewing and modifying virus outbreak notification settings
In order to view or modify the virus outbreak notification settings, 1. 2. 3. 4. Select the Virus outbreak counters folder in the console tree. Select the counter you need in the table displaying the list of created counters (see Figure 44). Open the shortcut menu and use the Properties or the analogous command under the Action menu. As a result of these actions a counter settings window <Counter name>: Properties will open (see Figure 45). This window includes the following tabs: General, Text, Notifications and is completely analogous to the New counter window (see Figure 41). Notification settings can be modified the same way as they are specified when the notification is created (details see para 9.2, page 90). Using the General tab (see Figure 45) , you can enable or disable the virus activity level detection feature based on the counter settings and view or modify:

or 2. Purchase a new license key directly from Kaspersky Labs. In order to do this, send a request directly to the Sales Department of our company (sales@kaspersky.com) or fill in a form at our website (http://www.kaspersky.com). Upon the receipt of your payment, we
will send a new license key to the e-mail address specified in your order. 3. Install the license key (see para 12.4, page 119). You can install two keys: one current key and one backup key. The current key is the active key that you are using. The application cannot use more than one current key. The backup license key will be automatically activated upon the expiry of the current key. In some cases, as, for example, if the sales contract was terminated or if the license agreement restrictions were changed, Kaspersky Labs terminates the license agreement with the user. In this case the serial number of the license key will be added to the list of cancelled license keys, the so-called "black list". If your current license key is found in the black list, the backup key will not be activated and the application functionality will not be available except for the management and the anti-virus database updating services.
12.1. License information
In order to view the license, 1. 2. Select the node corresponding to the required server in the console tree and follow the General parameters link in the results pane. Go to the General tab in the General settings window that will open (see Figure 62).
Figure 62. Viewing license information
The tab contains the following information: the name of Exchange servers on which the Kaspersky AntiVirus Security Server component is installed; the number of the application version installed; License owner information; License expiry date; the status of the current license key; application functionality available based on the current license key:
Full. The application operates as provided for in the license agreement. Updates are not available. The anti-virus database updating feature is not available. The application performs the anti-virus scan and disinfects infected objects found based on the outdated version of the anti-virus database. Your license may be expired. Management services only. Only management services used to configure the application parameters (license key installation and selection of protected storage areas) are

Kaspersky Anti-Hacker

Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a computer running any Windows operating system. It protects your computer against unauthorized access and external hacker attacks from either the Internet or the local network. Kaspersky Anti-Hacker monitors the TCP/IP network activity of all applications running on your machine. When it detects a suspicious action, it prevents the suspicious application from accessing the network. This enhances your privacy and provides 100% security for confidential data stored on your computer. The products SmartStealth technology prevents hackers from detecting your computer from the outside. In this stealthy mode, the application works seamlessly to keep your computer protected while you are on the Web. The application provides conventional transparency and accessibility of information. Kaspersky Anti-Hacker also blocks most common network hacker attacks and monitors for attempts to scan computer ports. Configuration of the application is simply a matter of choosing one of five security levels. By default, the application starts in self-learning mode, which will automatically configure your security system depending on your responses to various events. This makes the firewall adjustable to your specific preferences and your particular needs.
Kaspersky Security for PDA Kaspersky Security for PDA provides reliable anti-virus protection of data stored on PDAs running Palm OS or Windows CE. It also offers anti-virus protection from corrupted files transferred from a PC or an extension card, from ROM files, or from databases. This software package includes an optimal combination of the following anti-virus tools:
anti-virus scanner to scan the data stored on both the PDA and extension card on demand; anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using HotSync technology.
Kaspersky Security for PDA protects your handheld (PDA) from unauthorized intrusion by encrypting both access to the device and data stored on memory cards. Kaspersky Anti-Virus Business Optimal This package provides a configurable security solution for small- and mediumsized corporate networks. Kaspersky Anti-Virus Business Optimal includes full-scale anti-virus protection1 for: Workstations running Windows 98/ME/NT/2000/XP Workstation, and Linux; File and application servers running Windows NT 4.0 Server, Windows 2000, 2003 Server/Advanced Server, Windows 2003 Server, Novell Netware, FreeBSD and OpenBSD, and Linux; Email clients, namely Microsoft Exchange 5.5/2000/2003, Notes/Domino, Postfix, Exim, Sendmail, and Qmail; Internet-gateways: CheckPoint Firewall 1; Microsoft ISA Server. Lotus

1.1. Threats to the computer security
There are a vast number of threats that could affect your computer today. Reading this chapter will give you a general understanding of them. Worms This malicious program category largely exploits operating system vulnerabilities to spread itself. The class was named for the way the worms
crawl from computer to computer, using networks, e-mail, and other data channels. This feature gives many worms a rather high speed in spreading themselves. Worms penetrate a computer, calculate the network addresses of other computers, and send a burst of self-made copies to these addresses. In addition to network addresses, worms often utilize data from e-mail client address books. Some of these malicious programs occasionally create working files on system disks, but they can run without any system resources at all (with the exception of RAM). Viruses Programs that infect other programs, adding their own code to them to gain control of the infected files when they are opened. This simple definition explains the fundamental action performed by a virus infection. Trojans Programs that carry out unauthorized actions on computers, such as deleting information on drives, making the system hang, stealing confidential information, etc. These malicious programs are not viruses in the traditional sense of the term, since they do not infect other programs or data; Trojans are not capable of independently penetrating computers. Their users spread them under the guise of useful software. The damage that they incur can exceed that done by traditional virus attacks by several fold. Recently, worms have become the most widespread type of malware, followed by viruses and Trojans. Some malicious computer programs have characteristics of two or even all three of the above categories. Henceforth in the text of this Administrators Guide the term "virus" will be used to refer collectively to viruses, Trojan Horses, and worms. A particular type of malware will be mentioned only when it is required. The following potentially dangerous types of malware have also become widespread: Adware Program code included in software, unbeknownst to the user, designed to display advertisements. Adware is usually built into software that is distributed for free. The advertisement is situated in the program interface. These programs often also collect personal data on the user and send it back to their developer, change browser settings (start page and search pages, security levels, etc.) and also create traffic that the user cannot control. All this can lead to breach of the security policy and to direct financial losses.

3.3. Upgrading from a previous version
If the installer detects that your business is running Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (release version, MP1), you can upgrade it to Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP2. You are advised to process objects in the Backup before upgrading. In order to upgrade, run the setup executable file from the distribution package of Kaspersky Security. During the installation of Kaspersky Security, the wizard will ask you to confirm removal of previously installed application. It will be uninstalled automatically. During an upgrade of the application, the installer will automatically preserve the current settings for further use.
CHAPTER 4. STARTING USING THE APPLICATION
4.1. Starting the application
The server component of the application is started automatically at the operating system startup. If the anti-virus protection of the server and the anti-spam protection features are enabled, they will start functioning immediately after the Microsoft Exchange Server is launched. The operation of the application is controlled from the administrator's workstation a computer where the Management Console is installed. In order to start the Management Console select the Management Console item in the programs group Kaspersky Security 5.5 for Microsoft Exchange Server 2003 from the standard Start / Programs Microsoft Windows menu. This programs group is created only on the administrator's workstations when the Management Console is installed.
4.2. Application interface
The user interface of the application is provided by the Management Console component. The Management Console is a dedicated isolated facility integrated into MMC.
4.2.1. Main application window
The main application window (see Figure 2) contains a menu, a toolbar, a view pane and a results pane. The menu provides the files and windows management functions as well as the access to the help system. The set of buttons on the toolbar ensures the direct access to some frequently used items of the main menu. The view pane displays the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 namespace in the form of the console tree, the results pane displays the list of all elements of the object chosen in the tree.

Starting using the application
The Kaspersky Security 5.5 for Microsoft Exchange Server 2003 namespace may contain several nodes with the names of the servers managed via the console. The namespace does not contain any elements immediately after the installation of the Management Console.
Figure 2. Main application window
After a new server is added (see section 4.3, page 30), it is displayed in the console tree as a node <Server Name>. When the server is selected in the console tree (see Figure 2) the results pane will display hyperlinks, which can be used for application control and configuration. General settings used for viewing general application's operation settings, license details and information about installed license keys, renewing the license and configuring the application operation diagnostics settings. Anti-virus protection used for viewing and configuring the managed server's anti-virus protection settings Anti-Spam protection used for viewing and configuring the settings of the server protection against unsolicited correspondence (SPAM). Updates used to configure settings for the anti-virus and content filtration database update service, to set up an automatic update schedule and to update databases manually.
If the connection to the server has been established the node will include nested folders; each of these folders is intended for management of a specific application feature:
Notification templates for configuring notifications about infected or suspicious objects and messages containing spam detected during the scan. Backup storage for working with the backup storage where backup copies of objects are stored; includes the list of objects stored in the backup storage. Report templates for managing reports; contains a list of report templates used to create reports about the program operation and the status of the server protection. Virus outbreak counters for configuring the criteria for identifying virus outbreaks and settings used in notification about detected outbreaks.

4.2.2. Shortcut menu

Each category of objects in the console tree has its own shortcut menu that opens after right-clicking an object with the mouse. In addition to standard MMC commands, this shortcut menu contains commands used for handling a particular object. The list of objects and the corresponding set of commands accessible via the context menu are provided in the table below. Object Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Command Purpose

In order to enable the automatic updates of the anti-virus and the content filtration databases, check the Update automatically box and set up the schedule for receiving updates. If the box is not checked, the databases must be updated manually (see section 5.1, page 39). You can select different modes for updating the anti-virus and the content filtration databases. In order to do this, check the Allow different anti-virus and anti-spam settings box. This will divide the schedule setup window into two corresponding sections. For example, you can create separate schedules for updating the anti-virus and the content filtration databases and disable the automatic updating feature for one of the two types.
5.3. Selecting the updates source
By default, the anti-virus and the content filtration databases are updated from the Kaspersky Lab's internet update servers.
Additionally, you can configure the updates to be downloaded from a HTTP, FTP server or a network folder. If you have Kaspersky Administration Kit (the centralized Kaspersky Lab's applications management system) installed in your corporate network, then the databases updates received by the Administration Servers will be copied to a public folder (details see Kaspersky Administration Kit Guide). This folder can be used as the updates source for your copy of Kaspersky Security 5.5 for Microsoft Exchange Server 2003. In order to select a different anti-virus and content filtration databases updates source: 1. In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open it, select the node corresponding to the server you need and follow the Updates link in the results pane. Switch to the Source of updates tab in the Updates window that will open (see Figure 6) and specify the updates source required: Updates servers of Kaspersky Lab - Kaspersky Lab's HTTPand FTP internet servers where new updates are uploaded every hour (default option). Below you can specify the update server of Kaspersky Lab, which is nearest to your geographical location. In order to do that, select your current location from the respective drop-down list. That will help decrease the time necessary to download updates and increase their transfer speed. HTTP-, FTP-server or network folder - a network or a local folder or the Kaspersky Administration Kit Administration Server where the updates downloaded from the internet are copied. If you selected this option, enter the path to the folder in the entry field or select the folder in the standard Microsoft Windows dialog box that opens by pressing the Browse button.

Figure 8. Configuring update settings. The Startup options tab
CHAPTER 6. ANTI-VIRUS PROTECTION
The main task of Kaspersky Security for Microsoft Exchange Server 2003 is to perform an anti-virus scan of mail traffic and to disinfect mail messages using the information contained in the current (latest) version of the anti-virus database. Depending on the anti-virus protection level selected by the administrator (see section 6.1, page 49), the application allows detection of: malicious objects; potentially dangerous objects;
All mail messages arriving to the Exchange server are scanned in the real-time mode. The processing is provided both for the incoming and outgoing traffic and all traffic routed by the Exchange server via SMTP protocol. In order to decrease the load on the server, you can disable the scan of the routed mail traffic (details see section 6.3, page 53). When the traffic scan mode is enabled, the application remains loaded in the computer's RAM and the E-mail Interceptor analyzes the mail traffic received from the Exchange server and transfers it to the Anti-Virus Scan Subsystem. The Anti-Virus Scan Subsystem processes e-mail messages based on the settings configured: scans and analyzes the object using the anti-virus database; if an e-mail message or its part is infected, the application processes the detected object in accordance with the selected settings (details see section 6.4, page 56); before the processing, a copy of the object can be saved in the backup storage.
If the anti-virus server protection is enabled (details see section 6.1, page 49), then starting and stopping of the traffic scan will be performed simultaneously with the starting and stopping of the Microsoft Exchange Server. Kaspersky Security does not scan messages created by protected users in the Public folders of unprotected Exchange servers. If messages are transferred from Public folders of an unprotected area to a protected one, the application will scan them. In case of data replication in protected and unprotected areas changes will not be synchronized.
E-mail messages stored on the server and the content of public folders are also rescanned on a regular basis using the latest version of the anti-virus database (if the background storage scan is enabled). The scan is performed in the background mode and can be launched either automatically each time the antivirus database is updated, or according to the schedule, or manually (details see section 6.6, page 62). If the background scan mode is enabled for the application used on a servers cluster, the background scan can start when the Microsoft Exchange Server is moved from one cluster node to another. If the background scan mode is disabled, then the messages stored on the server will be scanned only when the user requests a message, immediately before the delivery. Operation of the application in the background scan mode may slow down the operation of Microsoft Exchange Server; therefore we do not recommend using this type of protection frequently. When the background scan is enabled, the Internal Application Management Module, based on the settings configured, will receive from the Exchange server all e-mail messages located in the public folders and protected storage areas. If a message has not been analyzed using the latest anti-virus database, the application will send it to the Anti-Virus Scan Subsystem for processing. Objects processing in the background mode is performed in the same way as in the traffic scan mode. The application will analyze the body of the message and attached files of any format. It is to be noted that Kaspersky Security differentiates between simple objects (an executable file, a message with a simple attachment) and containers (consisting of several objects, for example, an archive or a message with any message attached to it). When scanning multiple-volume archives, Kaspersky Security treats and processes each volume as a separate object. In this case, the application can detect malicious code only if such code if fully located in one of the volumes. If a virus is also divided into parts, then it cannot be detected when only part of the data is loaded. In this situation, the malicious code may propagate after the object is restored as one entity. Multiple-volume archives can be scanned after they are saved to the hard drive by the anti-virus application installed on the user's computer. If necessary, you can define the list of objects that should not be scanned for viruses. The following types of objects can be excluded from the scan scope: all

Anti-virus protection

containers above the specified nesting level, file specified by mask or files specified by type (details see section 6.3, page 53). Kaspersky Security supports scanning several objects at the same time. The number of objects that can be processed at the same time depends on the number of started instances of the anti-virus kernel running simultaneously. The mode of scanning objects in RAM allows scanning objects without saving them to a temporary folder on the hard drive. Depending on the scan settings, the program can simultaneously analyze up to 9 objects up to 1 MB each in the computer's RAM without using the disk subsystem (details see section 8.1, page 72). Files over 1 MB will be saved to a working folder Store for processing. The Store folder is located in the installation folder of the application. The Store folder and the temporary file storage folder TMP must be excluded from the scan scope of anti-virus applications installed in the enterprise local network.
6.1. Anti-virus protection levels
Kaspersky Security 5.5 for Microsoft Exchange Server 2003 allows detecting and preventing the penetration of the following types of objects through the mail server: All currently known malicious programs. Programs that do not contain malicious code as it is commonly understood, but may impose a moral threat, inflict financial damage or facilitate abduction of confidential information. This software category includes: adware; various harmless utilities that can be used by malicious software and intruders; automatic dialing programs that connect the user's computer to commercial internet sites (including porn websites); automatic porn files downloading programs; keyboard spies; password hacking programs; backdoor programs.
Joke programs and programs with "bizarre" content or form that affect the system in a way that cannot be qualified as beneficial. This type of software includes:
programs that cause unexpected video or sound effects; programs that cause problems in the system operation; virus simulators.
Programs that do not contain malicious code and do not inflict any damage to the user, but can be a part of the environment used for development of malicious software. This software category includes: licensed software hacking programs, key generators, credit card numbers generators; Java classes; programs that gather information about the system security (anti-virus software installed, firewalls, etc.) network utilities (scanners, etc.)
Apart from the programs listed above, each of the above categories may include legal software that may work in a way that can be viewed by the application as a behavior characteristic of malicious or potentially dangerous software. Examples of such software are backdoor and remote surveillance software. Categories of objects detected by Kaspersky Security in the mail flow of the protected server are determined by the anti-virus protection level selected. The application provides for the following protection levels: Standard anti-virus protection level: protection against all currently known malicious programs. This level is applied by default. Extended anti-virus protection level: protection against all currently known malicious and potentially dangerous programs included under b in the list above. Redundant anti-virus protection: protection against all currently known malicious programs and potentially dangerous software included under b, c, and d in the list above.

message will include the name of the virus detected and the name of the infected object. If an object attached to the message was processed (disinfected, deleted, replaced) by Kaspersky Security, then before the message is closed, your e-mail client application (for example, Microsoft Outlook) will offer you to save changes although the user has made no changes. You must save the message. In order to define the rules for processing objects detected during an anti-virus scan, 1. Select the node corresponding to the server you need in the console tree and follow the Anti-virus protection link in the results pane. Go to the Actions tab in the Anti-virus protection window (see Figure 14) that will open.
Figure 14. Configuring actions to be applied to infected objects
The tab displays rules for processing objects with the followings statuses (each status individually): infected, suspicious and protected/corrupted.
Determine the rule for object processing for each status individually. In order to do this, press the Modify rule button in the corresponding section. As a result the Master is started. Follow its instructions. In the window that will open (see Figure 15) select actions from the list.
Figure 15. Creating the replacement template
Depending on the status of the object for which configuration is performed; the list may contain different values. A detailed description of the option selected in the table is provided in the bottom part of the window. The further steps will depend on the selection you have made. In order to continue using the wizard, press the Next button. If no additional settings configuration is required, the Finish button will become enabled. In order to complete the wizard, press this button. 5. If you selected disinfection as the action to be performed with the object, during the next step you will be offered to determine the procedure to be used to process objects that could not be disinfected (see Figure 16). Select the required option from the list in the wizard window and press the Finish or the Next buttons.
Figure 16. Selecting an action to be performed with an object that could not be disinfected
If you selected one of the actions that involve replacement of the object with text, you will be offered to create a replacement template (see Figure 17). The informational message created based on this template will be copied to the message body and into the replacement txt file. Create a replacement template. In order to do this, enter the message text into the wizard window. The text of this notification may include information about the virus detected and about the infected object. To include this information add corresponding substitution macros to the template selecting them from the dropdown list accessible via the Macros button. A description of the macros in the list is provided in Appendix A, page 160.
Figure 17. Creating a replacement template

The validity of the addresses can be verified using the Test button. A message will be sent to the specified address. Entering several e-mail addresses is allowed, the addresses entered must be separated by semicolons.
Figure 31. Notification template. The Actions tab
In order to send messages via network using the Net Send service, check the Send network notifications using Net Send box and specify the addresses of the computers-recipients in the Computers-recipients field IP address or NetBIOS-computer name can be used as the computer address. Entering several addresses is allowed, the addresses entered must be separated by semicolons. The validity of the addresses can be verified using the Test button. A message will be sent to the specified address.
In order to register events in the Microsoft Windows system log, check the Register in Windows event log box.
After you are done with the settings press the Apply or the OK buttons. As a result of these actions the notification template will be added to the Notification templates folder and will be included in the table displayed in the
results pane and, if the Notify about events box in the General tab is checked, notifications will be issued using this template.
10.2. Viewing and editing notification parameters
In order to view or modify notification parameters, 1. 2. 3. 4. Select the Notification templates folder in the console tree. Select the required notification template in the table containing the list of created templates (see Figure 28). Open the shortcut menu and use the Properties command or the analogous command under the Action menu. As a result of these actions a notification template settings windows will open Properties: <Template name>. This window consists of the following tabs: General, Text, Actions and is completely similar to the <New Notification> window (see Figure 29). Parameters are changed in the same way they were specified when the notification was created (details see section 10.1, page 87).
After you have made the changes, press the OK or the Apply buttons to apply changes. To exit without savings the changes, press the Cancel button.
10.3. Customizing general notification settings
When the application sends e-mail notifications, it places the KSE (Kaspersky Security for Microsoft Exchange Server) value in the From field by default. That may cause identification of such messages as formal spam. To resolve the problem, specify an existing SMTP address that will be used to send the notifications instead of KSE. You can modify the information, which will appear in the From field of sent e-mail notifications. In order to do this, perform the following actions: 1. In the main application window, select in the console tree the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node, open it, select the node corresponding to the necessary server and use the General settings hyperlink in the results pane.

Reports

Figure 37. The Report templates folder
Apart from the reports' names, this table contains information on the status for each report created based on the template. Depending on the current stage of the report creation, its status may have one of the following values: being created the report is being created (according to the schedule or by request); expected creation of the next report is expected based on the schedule; disabled report generation is disabled for this template.
Detailed information about report template settings is provided in the settings window accessible through the Properties shortcut menu command (details see section 12.1.2, page 107). The administrator can create new templates, view and edit the settings of the existing templates, rename and delete templates using the shortcut menu commands.

12.1. Receiving reports

In order to receive a report about an anti-virus server scan or an antispam scan: 1. Create a report template of an appropriate type (see section 12.1.1, page 104) or select an existing template and configure its settings (see section 12.1.2, page 107). Check the Create a report box in the General tab of the report template settings window (see Figure 39).
As a result, reports will be created at the time interval specified in the schedule. In order to view the results of the scan, open the report for the corresponding reporting period (details see section 12.2, page 108). There is a possibility to receive reports by request, irrespective of the scheduled time, which can be useful when you need updated information about the status of server protection, for example, during virus outbreaks. In order to receive a report upon request: 1. In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open it, select the node corresponding to the necessary server and select the Report templates folder in the console tree. Select the report template you need in the table displaying the list of created templates (see Figure 37). Open the shortcut menu and use the Create a report command or the analogous command under the Action menu.
A report will be created only if creation of reports based on this template is enabled, i.e. if the Create a report box in the General tab of the report template settings window (see Figure 39) is checked. Reports will be created based on the information about the anti-virus server scans and anti-spam scans results, saved by the application. The application saves all mail traffic scan results, transit mail scan results and storage background scan results. In order to reduce the amount of the information stored, a restriction can be imposed on its storage period as well as the maximum number of lines per report section.

Enter the path to the new folder in the Server folder for log files field. Select the frequency for creating logs in the Start a new log file every field by selecting the required value from the drop-down list. Specify the number of log files of the same format that can be stored by the application. In order to do this, specify the desired value in the Do not keep more than [NN] files for each log field.
After you are done with the settings press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button.

CHAPTER 14. LICENSE KEYS

When you purchase Kaspersky Security 5.5 for Microsoft Exchange Server 2003, you enter into a license agreement with Kaspersky Lab. Based on this agreement, you are granted the right to use the software you purchased during a certain period for the protection of the specified number of mailboxes. Anti-virus protection covers both mailboxes and public folders. Therefore, you need no additional license for protection of public folders when working in the Microsoft Exchange environment. The following features will be available for you during the license period: using the anti-virus functionality of the application; using the anti-spam functionality of the application; regular anti-virus database and content filtration database updates; receiving new versions of the application (upgrades); support on issues related to the installation, configuration and the use of the purchased software product, provided 24 hours a day by phone or via email; the possibility to send suspicious objects to Kaspersky Lab for expert analysis.
The application verifies the validity of the license agreement by the license key that is an integral part of any Kaspersky Labs product. Kaspersky Security 5.5 for Microsoft Exchange Server 2003 WILL NOT WORK without a license key! The application can use only one active license key. This license key contains restrictions imposed on the use of Kaspersky Security that can be verified by the special application's components. If any violation of the terms and conditions of the license agreement has been detected: the functionality of the application will be limited; a record about the violation detected will be entered into the event logs; if the notification settings are configured, a notification of the violation will be issued and sent by e-mail (details see section 14.4, page 121).
The number of objects not scanned during the period when the application functionality was restricted due to the violation of the license terms, can be viewed in the corresponding section of the General scan results report (see section 12.2, page 108). We recommend that you start a background scan after the functionality of the application is restored (after the new license key is installed) to scan these objects (see section 6.6, page 62). You can change the number of protected mailboxes by excluding some of them from the storage scan scope; such mailboxes will not be scanned (details see section 14.5, page 122). A preliminary notification about the license restriction on the number of mailboxes is issued when the number of mailboxes on the mail server reaches 90% of the number specified in the license. In order to receive the notification, specify the email address to which it should be sent (see section 14.5, page 122). We recommend that you purchase additional licenses to ensure anti-virus protection of all mailboxes as any unprotected storage areas increase the possibility of penetration and distribution of viruses via the e-mail system. Upon the expiration of the commercial license, the functionality of the application will be preserved except for the possibility to update its databases. The application will continue to perform anti-virus traffic scan, background storages scan and the anti-spam scan of the incoming mail, but it will use outdated versions of the anti-virus and content filtration databases. In this case, it is difficult to guarantee comprehensive anti-virus protection against new viruses and new types of spam that appeared after license expiration. By default, a notification is sent when the application is running, two weeks prior to the license expiration date. This message contains information about the expiration date of the currently installed license key, as well as information about extending a license. You can change the date of the notification and specify an email address to which the notification should be sent (see section 14.4, page 121). We recommend that you timely renew your application's license. In order to renew your license you have to purchase and install a new license key for your Kaspersky Security application. In order to do this: 1. Contact the dealer you originally purchased the product from and buy a new license key for the use of Kaspersky Security 5.5 for Microsoft Exchange Server 2003.

the status of anti-virus and content filtration databases.
14.2. Installing the license key
Two license keys, the current and the backup key, can be installed for one application. The backup license key automatically becomes the current license key upon the expiry of the current key. If the current license key is found in the black list, the backup key will not be activated. In this case, you have to replace the current license key. You can manually install the backup license key as the current key. There is a provision for the replacement of the current license key that prevents the restriction of the application functionality if the replacement is performed as the consecutive procedure of the removal of the old current key and installation of the new key. A backup key cannot be installed if its validity expires earlier than the same period of the current license key! If no license keys are installed for the application, only the current license key can be installed. In order to install or to replace the license key: 1. In the main application window select the Kaspersky Security 5.5 for Microsoft Exchange Server 2003 node in the console tree, open it, select node corresponding to the required server in the console tree and follow the General settings link in the results pane. Go to the License Keys tab in the General settings window that will open (see Figure 46).
if you are installing or replacing the current license key, press the Add/replace button in the Current license key section. if you are installing or replacing the backup license key, press the Add key in the Backup license key section.
Figure 46. View license key info. Configuring license notifications
Specify the license key file (*.key) to be installed in the file select dialog box that will open.
After the trial license key is expired you will not be able to install another trial license key. As a result, information about the license key installed will be displayed in the fields of the corresponding section. Close the General settings window by pressing the OK or the Apply button.
14.3. Removing a license key
When you remove your license key using the Kaspersky Security interface, only the registration of the key with the application will be removed. Physically, the key will remain on the media from which it had been added to the application. In order to remove a license key, 1. 2. Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane. Go to the License keys tab in the General settings window that will open (see Figure 46). 3. if you are removing the backup license key, press the Delete button in the Backup license key section. if you are removing the current license key, press the Delete button in the Current license key section.
Confirm the removal of the license key in the warning message that will be displayed on your screen. As a result, information in the fields of the corresponding sections will be updated.

for Kaspersky Administration Kit for details on work with reports). Review the current statistics on application activity. Configure the application. Most tabs in the window are identical to similar ones in the policy configuration window (see details in section 15.1.2, page 130). The section further will only describe the functionality different from the features provided for in policies.
Figure 65. Client computer properties dialog. The Applications tab
While configuring application parameters, you can only redefine the values allowed for modification in the corresponding group policy.
15.2.1. Reviewing the information about application
The General tab (see Figure 66) displays general information about Kaspersky Security 5.5 for Microsoft Exchange Server 2003. The upper window part contains the title of the installed application, its version number, installation date, status (running or stopped on the local computer) and the information about the anti-virus database status.
Figure 66. The application properties window. The General tab
15.2.2. Reviewing the license key information
The Licenses tab (see Figure 67) is purely informational. It displays the information about the current and the backup license keys installed on the selected computer.
Figure 67. The Licenses tab
15.2.3. Start background scan
Background scans of e-mail saved on the server and in public folders are run on the Server protection tab (see Figure 68). To start the scan, check Enable background scan and assign the scan settings in the window that opens when you click the Configure button. To start background scanning immediately, click the Scan now button.
Figure 68. The Server protection tab
15.2.4. Selection of protected storage
You can use the Protected Mail tab (see Figure 69) to enable/disable scanning of mail traffic routed via an Exchange server and also enable/disable protection of mailbox storages or public folders. By default, the application protects all mailbox storages and public folders existing on the protected mail server. If the number of protected mailboxes exceeds the number indicated in the license, you will have to purchase an additional license or exclude some mailbox storages from the protected area (see details in section 14.5, page 122).

An additional feature available is the updating of the application modules to repair detected vulnerabilities or offer new functionality. Question: Can an intruder replace my anti-virus database? All anti-virus and content filtration databases are supplied with a unique signature verified by the application when it tries to use them. If the signature does not match with the signature assigned by Kaspersky Lab or it is stamped by a later date compared to your license expiry date, the application will not use this database. Question: I use a proxy server and cannot perform updates. What should I do? Failure to receive updates via a proxy server can be attributed to the following: Incorrect network settings. When configuring the update service you can specify the network settings using one of the two below methods: using your Microsoft Internet Explorer settings or using custom settings. In certain cases detailed below, the update service may use the Microsoft Internet Explorer settings incorrectly:
internet settings are not configured on your computer; Microsoft Internet Explorer settings are not available if no users are logged in; your proxy server requires authorization.
In this case, the network settings should be configured in the update service settings. your proxy server is not supported by the Kaspersky Security update service. The update service is not compatible with Kerio WinRoute proxy server as WinRoute does not fully support the http 1.0 protocol. In this case we recommend using a different proxy server. Question: Sometimes e-mail files in msg format attached to a message become corrupted while being sent so that they cannot be opened. Does it happen because of their scanning by Kaspersky Security? The situation has been reproduced during application testing. It has been established that, irrespectively of the presence or absence of installed
Kaspersky Security, files in that format can be damaged during their delivery via an Exchange server. Question: After installation of Kaspersky Security on one of servers in our organization, the nearest relay server began generating a queue of messages, which cannot arrive at our server. What should be done in such case? The situation results from the application of the Reject action to one of the messages containing signs of spam and addressed to your server. The problem will be resolved without additional actions when the relay servers timeout expires, then receipt of the queued messages will be resumed. You can also delete the rejected message manually from queue and use force connection method for the remaining messages to resolve the issue.