Symantec™ Mail Security for Microsoft® Exchange Mail Security for Microsoft® Exchange 3 What’s new in this release Ability to block multimedia and executable files based on their

Getting Started

Symantec™ Mail Security for Microsoft® Exchange

About Symantec Mail Security for Microsoft Exchange

Symantec Mail Security for Microsoft Exchange is a complete, customizable, and scalable antivirus, antispam, security risk protection, and content filtering solution. Symantec Mail Security scans Microsoft Exchange database document writes and email messages that pass through the Microsoft Exchange server. It protects your Microsoft Exchange server from viruses, destructive programs, and other security risks, filters unwanted content, and identifies unsoliticted email messages. You can manage one or more Microsoft Exchange servers with Symantec Mail Security.

Symantec Mail Security lets you specify the actions to take and notifications and alerts to issue when a threat, risk, or violation is detected. The criteria that are used to identify threats, security risks, and violations are customizable.

Symantec Mail Security contains a heuristic antispam engine that identifies spam messages. To further enhance spam detection, you can subscribe to the Symantec Premium AntiSpam service. The premium antispam service provides continual, real-time updates to the Symantec Premium AntiSpam filters. The heuristic antispam engine and the premium antispam service use a shared white list to reduce the incidence of false positives.

The content filtering feature lets you filter undersirable content, such as offensive language and confidential information.

2 Symantec™ Mail Security for Microsoft® ExchangeWhat’s new in this release

What’s new in this releaseTable 1-1 lists the new and enhanced features in Symantec Mail Security.

Table 1-1 New and enhanced features

Feature Description

Expanded protection from mail-based security risks

Symantec Mail Security protects your mail environment from spyware, adware, and other types of unwanted mail content.

Redesigned user interface You can manage a single mail server or a group of servers from the same user interface. The new user interface lets you view summary information about the activities on an individual mail server or a group of servers.

Automatic discovery When you add servers to a group, Symantec Mail Security can automatically discover all of the Exchange servers that are within your organization through Active Directory.

In previous versions, you had to browse for or manually provide the host name or IP address of each server that you wanted to add to the group.

Ability to import and export configuration settings

You can import and export configuration settings for Symantec Mail Security from one Exchange server to another or from one group to another, across all of your Exchange servers.

User-based and group-based policies

You can select the users or group addresses to which a scanning rule applies.

You can configure the rule to apply globally to all users and Active Directory groups or to only the users or active directory groups that you select. You can also specify exceptions to the global scanning rules.

Ability to scan file attachments for content rule violations

You can scan for content violations within file attachments.

Symantec Mail Security supports over 300 file attachment types and common file types, for example, Microsoft Office documents, Adobe Acrobat PDF files, text files, RTF files, and database files.

3Symantec™ Mail Security for Microsoft® ExchangeWhat’s new in this release

Ability to block multimedia and executable files based on their true file type

You can block the delivery of multimedia and executable files based on an analysis of their true file type instead of relying solely on their file extensions.

This analysis protects against threats in which the file extension is changed to match a file type that is usually allowed.

Simplified content filtering settings

Symantec Mail Security simplifies the process of configuring content filtering rules with a new easy-to-use interface.

Automatically generated executive summary reports

You can automatically generate a report that contains statistics about the scanning activities that occurred on one or more mail servers. You can configure the report to be sent automatically to an email distribution list.

You can also view some of this same data in the Symantec Mail Security Home page.

Improved support for cluster environments

Symantec Mail Security is now cluster-aware. In a clustering environment, multiple nodes on the network operate like a single system to ensure high availability.

Symantec Mail Security is installed as a cluster resource. It is designed to detect and interact with the nodes that are within the cluster environment.

Improved spam foldering You can forward spam to a specified folder.

Save to folder In heuristic antispam, Symantec Premium AntiSpam, and all filtering rules, you can save affected messages to a specified folder. If you enable this feature and specify a folder, Symantec Mail Security will create the folder for you. If you specify an absolute path (with ':'), the folder will be created as specified. If you specify a relative path (without ':'), the folder will be created as a subfolder underneath the "SavedMessages" folder in the server installation directory.

Table 1-1 New and enhanced features (Continued)

Feature Description

4 Symantec™ Mail Security for Microsoft® ExchangeComponents of Symantec Mail Security

Components of Symantec Mail SecurityTable 1-2 lists the components of Symantec Mail Security.

Before you installYou can use Symantec Mail Security to monitor mail security on one or more Exchange servers.

Before you install Symantec Mail Security, ensure that all system requirements are met. Review the information that describes where key files are located and how security is set up. In addition, ensure that you have an installation plan that best matches your organization’s needs.

Table 1-2 Software components

Component Description

Symantec Mail Security for Microsoft Exchange

This is the software that you install to protect your Exchange servers. It protects your servers from viruses, messages that overload the system, inappropriate message content, spam, and denial-of-service attacks.

Outlook Plug-in As a part of the premium antispam service, this is the software that lets you submit missed spam and false positives to Symantec. It lets you administer lists for allowed senders and blocked senders and block email messages based on language identification.

Symantec Spam Folder Agent for Exchange

As a part of the premium antispam service, this is the software that lets you automatically route unwanted messages to a spam folder in each user’s mailbox. This agent is available only for Microsoft Exchange 2000 installations.

LiveUpdate Administrator Utility(optional)

LiveUpdate lets Symantec products download program and virus definition files updates directly from Symantec or from an intranet LiveUpdate server. With the LiveUpdate Administration Utility, you can configure one or more intranet FTP, HTTP, or LAN servers to act as internal LiveUpdate servers.

For more information, see the LiveUpdate Administrator’s Guide on the CD.

SESA Integration Package (SIP)(optional)

This is the software configuration package that must be installed on each computer that runs a SESA Manager. The SIP extends SESA functionality to include Symantec Mail Security event data.

5Symantec™ Mail Security for Microsoft® ExchangeBefore you install

If you are running Symantec Brightmail™ AntiSpam on the same server on which you want to install Symantec Mail Security, you must uninstall Symantec Brightmail AntiSpam before installing Symantec Mail Security.

If you are installing Symantec Mail Security on a single Exchange Server, follow the instructions for a single-server installation.

See “Installing on a single server” on page 8.

If your organization is running multiple Exchange Servers, you can manage Symantec Mail Security from the same user interface as with a single server.

See “Installing on multiple servers” on page 11.

Note: The email tools feature of Symantec AntiVirus™ Corporate Edition is not compatible with Microsoft Exchange or Symantec Mail Security for Microsoft Exchange and must be uninstalled prior to installing Symantec Mail Security.

Note: To install Symantec Mail Security components correctly, you must be logged on as a Windows domain administrator.

Server system requirementsSymantec Mail Security runs on Microsoft Windows 2000 Server/Server 2003 on the Intel platform. You must have domain administrator-level privileges to install Symantec Mail Security.

The server system requirements are as follows:

Operating system ■ Windows 2000 Server/Advanced Server/Data Center (SP 4)

■ Windows Server 2003 Standard/Enterprise/Data Center (no SP requirement)

Exchange platform ■ Exchange 2000 Server (SP 3)/Enterprise Server

■ Exchange Server 2003/Enterprise Server

6 Symantec™ Mail Security for Microsoft® ExchangeBefore you install

If you install Symantec Mail Security on a Windows 2000 Domain Controller that does not allow impersonation, you will have difficulty changing settings. You should run Microsoft Exchange on a computer that is not a Domain Controller. If this is not feasible, set the computer to allow impersonation by configuring the Impersonate a client after authentication policy for the IWAM account.

User interface system requirementsYou can install the user interface (UI) on a computer on which Symantec Mail Security is not installed. This enables you to control Symantec Mail Security from a convenient location, if, for example, the servers are in a computer room away from your regular work area.

The system requirements for a separate installation of the UI are as follows:

Minimum system requirements ■ Intel® Server class 32-bit processor

■ 1 GB RAM

■ 650 MB available disk space

■ .NET Framework version 1.1 SP1 Required for the Symantec Mail Security for Microsoft Exchange Console to function properly. You must ensure that .NET Framework version 1.1 SP1 is installed for your language prior to installing Symantec Mail Security for Microsoft Exchange.

■ MDAC 2.6 or higher (will install with installation if not already installed)

■ DirectX 8.01 or higher (will install DirectX 9 with installation if not already installed)

Operating system ■ Windows 2000 (SP 4)

■ Windows 2003 (no SP requirement)

■ Windows XP (SP 1)

7Symantec™ Mail Security for Microsoft® ExchangeInstalling Symantec Mail Security

Installing Symantec Mail SecurityBy default, Symantec Mail Security creates the following user groups and assigns them access rights:

These user groups are domain-wide for Active Directory. Use the Active Directory Users and Computers MMC snap-in to change membership in these groups.

During the security set-up process, security is set for the Symantec Mail Security registry key and file folders.

Note: For the security setup to succeed, you must have administrator access to the local servers and domain administrator rights.

Minimum system requirements ■ Intel® Server class 32-bit processor

■ 512 MB RAM

■ 250 MB available disk space

■ .NET framework version 1.1 SP1 Required for the Symantec Mail Security for Microsoft Exchange Console to function properly. You must ensure that .NET Framework version 1.1 SP1 is installed for your language prior to installing Symantec Mail Security for Microsoft Exchange.

■ DirectX 8.01 or higher (will install DirectX 9 with installation if not already installed)

SMSMSE Admins Provides read and write access to all Symantec Mail Security components and features.

Users in this group can change settings for Symantec Mail Security through the user interface. A Windows 2000 Server/Server 2003 administrator-level account is not necessary for an SMSMSE Admins account.

SMSMSE Viewers Provides read-only access to Symantec Mail Security components and features.

Users in this group cannot change settings for Symantec Mail Security but can run reports, view event logs, and view settings through the user interface.

8 Symantec™ Mail Security for Microsoft® ExchangeInstalling Symantec Mail Security

User group assignments and setupYou are automatically added to the SMSMSE Admins group when you set up a single Symantec Mail Security server. If you do not already belong to the SMSMSE Admins group, you are not automatically added to SMSMSE Admins when you install remote servers in a multiserver environment. Use the Active Directory Users and Computers MMC snap-in to verify and add membership to SMSMSE Admins if necessary.

Installing on a single serverYou can install Symantec Mail Security on a single Microsoft Exchange server.


Before you begin, you should ensure that your environment meets the system requirements.

See “Server system requirements” on page 5.

Note: You are prompted whether to retain existing settings or to use default settings when you upgrade Symantec Mail Security 4.0/4.5/4.6 to Symantec Mail Security 5.0.

To perform the initial setup

1 Start the Symantec Mail Security Setup program (Setup.exe).

This file is located in the SMSMSE\Install folder on the product CD.

2 In the InstallShield Welcome panel, click Next.

3 In the first Symantec Mail Security Setup Preview panel, click Next.

4 In the second Symantec Mail Security Setup Preview panel, click Next.

5 In the Software License Agreement panel, click I accept the terms in the license agreement, and then click Next.

You must accept the terms of the license agreement for the installation to continue.

6 If the Existing Settings panel appears, click Restore default settings or Retain existing settings, and then click Next.

7 In the Destination Folder panel, do one of the following:

■ Verify that the default destination directory is appropriate.

The default destination directory is:

C:\Program Files\Symantec\SMSMSE\5.0\Server

■ Click Change, and then select a different destination directory.


8 In the Setup Type panel, click Complete (recommended) or Custom, and then click Next.

If you select Custom, do all of the following:

■ Select Symantec Mail Security for Microsoft Exchange (full installation) or Server management console (user interface installation).

■ Continue to step 9.

See “Installing the user interface separately” on page 20.

9 Click OK.

To configure external interfaces

1 In the IIS Reset Options panel, select whether to stop IIS during installation, and then click Next.

2 In the Web Service Setup panel, accept the following values or type new data.

3 Click Next.

4 In the Notification E-mail Address panel, accept the default or type a new originator email address, and then click Next.

5 In the Symantec Enterprise Security Architecture panel, select whether to enable logging to SESA.

You should only select Yes if you have a SESA server. If you select Yes, type the SESA IP address, and then click Next. If you do not have a SESA server or select No, you can manually configure the SESA agent at another time.

6 In the Setup Summary panel, review the information. If any changes are needed, click Back to return to the appropriate panel to make the changes.

IP/Name By default, the computer name resolves to the primary external network identification card (NIC). Alternatively, an IP address can be used.

The IP address can be used to validate the availability of the port.

Port # Port 8081 is the default port number for the Web service that is used by Symantec Mail Security. If port 8081 is being used by another application, a different default port number appears.

If you change the port number, do not use a port number that is used by another application, and do not use port 80. Port 80 is the port number that is used by the default Web service, which is hosted by Microsoft Internet Information Services (IIS).


7 Click Next.

8 Click Install.

After installing the product on a server, you can install the UI separately on a remote computer, add the server to the UI, and specify the port number to access Symantec Mail Security.


To install content licenses

1 In the Install Content License File panel, do one of the following:

■ Type the fully qualified path to the license file, and then click Install.

A dialog box will confirm installation of the license. Click OK to close the dialog box, and then click Next.

If the license file is located on another computer, you can specify a mapped drive or UNC path.

■ Click Browse, select the license file, and then click Install.

If the license file is located on another computer, you can locate the file using My Network Places.

■ Click Skip to skip file selection and add the license information later.

You can install the virus content and the Symantec Premium AntiSpam license one after the other.


2 After installing the license or licenses, click Next on the Install Content License File screen.

3 In the LiveUpdate screen, click Yes or No, and then click Next.

If you click No, proceed to step 7.

4 In the Welcome to LiveUpdate screen, click Next.

5 In the Options screen, click Next.

6 When the Thank you message appears, click Finish.

7 In the Setup Complete panel, select whether to view the Readme file, and then click Finish.

The Readme file contains information that is not available in the product documentation.


Installing on multiple serversYou can install Symantec Mail Security on multiple Exchange servers by doing the following:

■ Installing Symantec Mail Security on remote servers

■ Customizing the installation of remote servers

Installing Symantec Mail Security on remote serversYou can install the Symantec Mail Security server component on remote servers. This should not be done when installing the product in a cluster environment.

See “Installing to Exchange servers with Microsoft Clustering Service” on page 17.

Remote servers are installed with default installation settings. By default, vpremote.dat retains settings if Symantec Mail Security is already installed on a remote server. If you want to customize the installation settings and apply them to a remote server, add the custom features to the vpremote.dat file.

See “Customizing the installation of remote servers” on page 12.

See “Upgrading from a previous version” on page 15.

You must be logged on as a member of the administrator group on the local computer and have domain administrator privileges on all remote computers on which you want to install Symantec Mail Security.

To install Symantec Mail Security on remote servers

1 Review pre-installation information.

See “Server system requirements” on page 5.

See “Components of Symantec Mail Security” on page 4.

See “Before you install” on page 4.

2 On the main menu bar, select Tasks > Manage Assets.

3 In the Asset Management window, in the sidebar, click Install to server(s).

4 Under Servers to install to, in the Servers and server groups box, select the server or servers on which you want to install Symantec Mail Security.

5 Click the >> button to select the server(s). The name or the IP address of the selected server(s) appears in the Selected Servers box.

You can select individual servers, or groups, or a combination.


6 To deselect a server or servers, select it in the Selected Servers box and click the << button.

7 Optionally, under Server options, check Keep installation files on server(s) if you do not want the installation files to be deleted when the installation finishes.

8 Optionally, check Send group settings to deploy the settings of the group or groups to which the servers belong when the installation finishes.

9 Click OK.

Customizing the installation of remote serversThere may be cases in which you want to customize the installation of Symantec Mail Security on a remote Exchange server. For example, you may need to change the following settings:

■ Installation location

■ Default email address for notifications

■ Stop/Start of IIS

Table 1-3 lists the remote customization options.

Table 1-3 Remote customization options

Property Description Default value Optional value

EMAILADDRESS= Address of the domain administrator. This will be used for the Notification/Alert settings-Address of sender and Administrator and other to notify.

N/A (Email address of domain administrator)

EXISTINGSETTINGGROUP= Controls whether to retain a previous version’s setting or restore the default settings of the new version.

Retain Restore

IIS_RESET= Controls whether or not to stop and restart the IIS.

Yes No

INSTALL_SESA= Determines whether or not to install SESA No Yes

INSTALLDIR= The “drive:\path” to install SMSME product.

[drive]:\ program files\symantec\ smsmse\5.0\

(Any valid path)

PORTNUMBER= The port used by the product for Web services.

8081 (Any valid port)


To customize the installation of remote servers

1 Locate the folder [installation folder]\SMSMSE\5.0\UI\remote install files.

2 Using WordPad or a similar tool, open the file vpremote.dat.

3 Insert one or more of the properties listed in Table 1-3 by doing the following:

■ Type a space after the previous or existing entry, inside the quotation marks.

■ Type the new property.

The property portion of each entry is case sensitive.

■ Type the value immediately after the = sign with no space.

The values are not case sensitive.

For example, specify a silent installation as follows:

{setup.exe /s /v"/qn NOT_FROM_ARP=1 REMOTEINSTALL=1”}

Note: Do not edit the entry {setup.exe /s /v"/qn NOT_FROM_ARP=1”}. This entry must remain as is.

Installing or renewing license files You must install a license file on each server that is running Symantec Mail Security in order to receive the latest virus definition updates or to activate Symantec Premium AntiSpam. To obtain an antivirus content license, you must have the serial number that is required for activation. The serial number is listed on your purchase certificate. The purchase certificate is mailed separately (or sent by email, if you requested that method when you purchased your software). It arrives in the same time frame as your software. The serial number is used to request a license file and to register for support. The format of a serial number is a letter followed by 10 digits, for example, F2430482013.

REMOTEINSTALL Used to control the user interfaces from appearing during the installation. Set to 1 if a silent installation is desired.

0 1 to hide user interfaces

SESAIP= The IP address of the SESA server. N/A (A valid SESA IP number)

Table 1-3 Remote customization options (Continued)

Property Description Default value Optional value


If you purchased Symantec Premium AntiSpam, a second serial number is listed on the purchase certificate. This serial number is needed to receive the latest spam definition updates for the premium antispam service. If only Symantec Premium AntiSpam is purchased, only that serial number is listed.

After you install the license files for antivirus content and Symantec Premium AntiSpam, content and premium spam updating are enabled for the duration of your maintenance contract. When a content license expires, a new license must be installed to renew the subscription. When no license is installed, virus and spam definitions that are needed to keep protection current are not downloaded.

If you have questions about licensing, contact Symantec Customer Service at 800-721-3934 or your reseller to check the status of your order.

You must install the license file on each server on which Symantec Mail Security is installed, regardless of whether the computer is partitioned or is a cluster node. The same license file supports all servers that are covered by the content license.

You must install the license file on each member of an Exchange cluster. You can use the same license file for multiple servers in a group.

To install or renew a license file to a single server

1 Open Symantec Mail Security.

2 Select the Admin tab.

3 Click Licensing.

4 If necessary, follow steps 1 and 2 of the Licensing panel to request a license file from Symantec.

5 In step 3 of the Licensing panel, do one of the following:

■ Type the fully qualified path to the license file.

If the license file does not reside on the same computer, you can specify a mapped drive or UNC path to the file.

■ Click Browse, select the license file, and then click Open.

If the license file does not reside on the same computer, you can locate the file using My Network Places.

6 Click Install to install the license file to the server.

You can install the virus content license and Symantec Premium AntiSpam license one after the other.

To install a license file to a remote server or remote server group

1 Select the Admin tab.

2 At the top of the window, click Change next to the Server/group panel.


3 Select Global Group or a specific server group from the menu.

4 Click Select.

5 If necessary, follow steps 1 and 2 of the Licensing panel to request a license file from Symantec.

6 In step 3 of the Licensing panel, do one of the following:

■ Type the fully qualified path to the license file.

If the license file does not reside on the same computer, you can specify a mapped drive or UNC path to the file.

■ Click Browse, select the license file, and then click Open.

If the license file does not reside on the same computer, you can locate the file using My Network Places.

7 Click Install to install the license file to the server group.

If a server within a server group is already licensed, the license file is reapplied. The license file with the latest expiration date is applied.

Upgrading from a previous versionIf you are upgrading from a previous version, note that there is no longer a separate multiserver console. Single and multiple servers are all administered from the same user interface. Console settings will not migrate to the new version.

Custom policies, content filtering rules, and report templates will not migrate to the new version.

Table 1-4 lists the data and settings that will migrate to the new version.

Table 1-4 Migration of upgrade settings

Category Migration status

Auto-protect Policy in use migrates to the new version as the standard policy

Auto-protect statistics Migrate as is

Mass-Mailer Rule Enable/disable setting only

Basic Virus Rule Migrates as is

Virus subpolicy Enable/disable setting only

Filtering subpolicy Policy currently in use migrates to the new version as the standard policy

Enable/disable setting migrates


To upgrade from a previous version

1 Launch the SMSMSE 5.0 Console.

2 Add existing servers to be upgraded to an asset group of your choice (for example, Global).

3 Use the Upgrade Servers link to upgrade the selected server.

4 Once all of the servers are upgraded, you can uninstall the previous console using the Add/Remove Programs control panel.

Exception subpolicy All existing exceptions rules and settings migrate

Cert and License files including registry keys

Migrate as is

Quarantine files Migrate as is

Quarantine settings Migrate as is

Spam settings Migrate as is

“Clear” outbreak settings Migrate as is

Alerting/Notification settings

All except AMS and Messenger settings

LiveUpdate/Rapid Release settings

All settings migrate

Matchlists Migrate as is

Report settings Migrate as is

Saved Reports Existing reports (that is, .csv and .html files) migrate if code already exists to do this

Report and Statistics Data Migrates as is

Spam XML file Migrates as is

Table 1-4 Migration of upgrade settings (Continued)

Category Migration status


Installing to Exchange servers with Microsoft Clustering ServiceYou can install Symantec Mail Security in a Microsoft cluster. Symantec supports Active/active configurations, but recommends configurations with one or more passive nodes. The two configuration types have different installation requirements.

When installing Symantec Mail Security in a cluster environment, the product should be installed individually on each node of the cluster. The remote installation feature should not be used.

Installing Symantec Mail Security on a cluster with one or more passive nodesYou can install Symantec Mail Security to Exchange servers that are running Microsoft Clustering Service with one or more passive nodes.

For Symantec Mail Security to support a cluster environment, the Symantec Web site must be accessible from all active and passive nodes of the cluster to ensure that settings can be retrieved and changed. Symantec Mail Security settings are stored in the registry and local hard drive of each individual server. Every time settings are changed, the settings are duplicated on the hard drive of the shared storage that is used as a dependency for the Symantec Mail Security resource. Any time the active node goes down and control transfers to the passive node, the passive node checks for settings on the shared hard disk storage. The settings are then downloaded to the passive node (which is now active) and applied.

The Symantec Mail Security service is Microsoft cluster aware and does not require any specific settings prior to installing on a cluster with one or more passive nodes. Symantec Mail Security requires its own cluster resource.

You must use IP addresses or names of the Exchange Virtual Server (EVS) nodes instead of the server IP addresses or names for managing Symantec Mail Security through the UI.

When the EVS group and Symantec Mail Security cluster resource move from one node to another, the following items will not be transferred:

■ Quarantine contents

■ Virus definitions and spam rules

■ Report database and generated reports

■ Spam statistics

■ Mailbox and public folder lists

See “Configuring the cluster resource” on page 18.


Preinstallation requirementsBefore installing the Symantec Mail Security product on an Exchange cluster with one or more passive nodes, ensure that the following requirements are met:

■ Symantec Mail Security must be installed to all active and passive nodes of a cluster.

■ Only one Exchange Virtual Server (EVS) may run on any cluster node at any time. If two EVSs attempt to run on the same node, the results are undefined.

■ There must always be available passive node(s) to fail to. Multiple failovers are supported only if multiple passive nodes are available.

■ Symantec Mail Security must be identically installed in the same locations on all nodes of the cluster.

During installation, Symantec Mail Security checks for presence of a cluster environment. If the installation is running in a cluster environment, you will be prompted to register a cluster resource DLL (SMSMSEClusterResource.dll). This DLL must be registered only on one of the cluster nodes.

Once the installation is complete, Symantec Mail Security service will be running on all the nodes. It should be running on all the nodes (even passive) immediately after installation. After the first instance of the cluster resource is configured, the service will run only on the active node or nodes.

Configuring the cluster resource After Symantec Mail Security is installed on each node of the cluster, a new resource needs to be created. This resource provides high availability by monitoring and controlling the Symantec Mail Security service. The resource should be created in each Exchange Virtual Server group.

The Symantec Mail Security cluster resource is responsible for all of the following tasks:

■ Handling cluster events

■ Saving Symantec Mail Security settings for each Exchange Virtual Server to shared storage

■ Retrieving settings from shared storage and making them active on a given cluster node

■ Managing the Symantec Mail Security service


To configure the cluster resource

1 On the Windows taskbar, click Start > Programs > Administrative Tools > Cluster Administrator.

2 Select an EVS group and launch the New Resource Wizard.

3 Name the resource.

You must assign a unique name to each resource.

4 Select Symantec Mail Security for Microsoft Exchange as the resource type, and then click Next.

5 On the next screen, choose the nodes for which this resource is being created, and then click Next.

The nodes should be the same as those on which EVS can operate.

6 On the next screen, choose the dependencies for this resource.

The required dependencies are as follows:

■ Physical Disk Resource (disk on which the settings are saved)

■ EVS Network Name resource

7 Repeat steps 2 through 6 for each EVS server group.

As the Symantec Mail Security for Microsoft Exchange resource is created, the Symantec Mail Security service on all nodes is stopped and service startup is changed to manual. This is because the service is running under the control of the Symantec Mail Security cluster resource.

Installing Symantec Mail Security on an active/active clusterYou can install Symantec Mail Security on an active/active Microsoft Exchange cluster.

Before installing the Symantec Mail Security product on an active/active Exchange 2000 or 2003 cluster, ensure that the following requirements are met:

■ The cluster is a group of identical servers containing two nodes. An active/active cluster can contain only two nodes.

■ At least two Exchange virtual servers exist and are capable of running on either node in the cluster.

To install Symantec Mail Security on an active/active cluster

1 Log on to a node using an Administrator account that is a member of the Domain and Local Admin groups.

2 Run setup.exe to Install the Symantec Mail Security product on the cluster node.

The installation directory should be on a local node (non-shared drive).

20 Symantec™ Mail Security for Microsoft® ExchangeInstalling the user interface separately

3 In the server user interface, type the IP address of the externally accessible network card of the current node (if not already present).

Do not type the Virtual Server IP address or the cluster IP address. Do not type the name of the node.

4 Repeat steps 2 and 3 to install the Symantec Mail Security product on the remaining node.

In a cluster environment, you should manage Symantec Mail Security with a UI that is installed on a computer that is not a part of the cluster rather than from one of the cluster nodes. This lets you maintain independent Symantec Mail Security settings for each Exchange Virtual Server.

Managing Symantec Mail Security on all cluster nodesYou can manage Symantec Mail security on all cluster nodes.


To manage Symantec Mail Security on all cluster nodes

1 If desired, install the Symantec Mail Security UI on a workstation on the same network as the cluster.

2 Use Asset Management to add each cluster node to a group.

Installing the user interface separatelyThe Symantec Mail Security user interface (UI) is a Windows application that lets you manage local and remote installations of Symantec Mail Security from a single computer, including one on which Symantec Mail Security is not installed.

You can use the UI to roll out installations of Symantec Mail Security to other Exchange servers.

Before you install the UI on a computer without Microsoft Exchange, you should fully understand its purpose and have an implementation plan.

Note: Symantec Mail Security supports upgrades from Symantec Mail Security 4.0, 4.5, and 4.6. If you are upgrading from a previous version, the active policy settings on the previous installation will be incorporated into the applicable policy on the new installation. Before you begin, you should review the preinstallation requirements. Not all settings and policies are migrated during an upgrade.

See “User interface system requirements” on page 6.

21Symantec™ Mail Security for Microsoft® ExchangePost-installation tasks

To install the user interface separately

1 Start the Symantec Mail Security Setup program (Setup.exe).

This file is located in the SMSMSE folder on the product CD.

2 In the License Agreement panel, check I accept the Terms in the license agreement, and then click Next.

3 Click Customize.

4 In the Customize panel, deselect Server.

5 In the Ready to Install the Program panel, click Install.

The installation may take several minutes.

6 Click Finish.

Post-installation tasksTable 1-5 describes the tasks that you should perform after installing or upgrading Symantec Mail Security.

Table 1-5 Post-installation tasks

Task Description

Read the ReadMe file. This text file contains compatibility information and known issues about Symantec Mail Security.

The ReadMe.txt file is located in the [MS Exchange data directory]\SAV directory and on the installation CD.

Install the License file if it was not installed during setup.

You must install a license file on each server that is running Symantec Mail Security in order to receive the latest virus definitions updates. You must also purchase and activate a Symantec Premium AntiSpam license to enable the premium antispam service.

Update virus definitions. You can either perform manual updates or schedule virus definition updates.

Configure notification and alert recipients.

Specify the administrators, users, and computers that receive email notifications when a rule violation occurs, when an outbreak trigger is activated, or when a critical service failure occurs.

22 Symantec™ Mail Security for Microsoft® ExchangePost-installation tasks

For more information, see the Symantec Mail Security for Microsoft Exchange Implementation Guide.

If managing multiple servers, be sure that all of the servers that you intend to manage are listed.

If necessary, add servers or groups.

Table 1-5 Post-installation tasks (Continued)

Task Description

Copyright © 2005 Symantec Corporation. All rights reserved. Printed in the U.S.A.12/05 PN: 10460550Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation. Symantec AntiVirus is a trademark of Symantec Corporation. Other brands and products are trademarks of their respective holder/s.

Documents

Symantec™ Mail Security for Microsoft® Exchange Mail Security for Microsoft® Exchange 3 What’s new in this release Ability to block multimedia and executable files based on their