Trend Micro, Inc. January 21, 1997 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ScanMail for Microsoft Exchange Version 1.53 Release Notes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ INDEX ============================================= 1. Introduction and Overview 2. Release 1.53 Enhancements and Bug Fixes 3. Installation Notes 4. Minimum System requirements 5. The BatchExport Utility 6. ScanMail Features and Default Settings -Action on Detecting a Virus -Notification -Real-time Scanning -Manual Scanning -Scheduled Scans -Virus Pattern File Update -Log Files -Incremental Scans -On Line Registration 7. Installed Files and Registry Key 8. Release History 9. About Trend Micro Inc. 10. Contact Information ============================================= 1. Introduction and Overview ============================================================================ The ScanMail for Exchange anti-virus solution is four-fold: First, we recommend that the ScanMail administrator run a Manual scan of all existing mailboxes and public folders to clean out any viruses that might be saved as a part of a user's archived mail. Such a scan can typically be completed in a matter of minutes. Second, it is a good idea to schedule weekly automatic scans of archived mail. (You can also schedule the virus-pattern file to be updated automatically.) Third, the administrator should configure and engage ScanMail's real-time e-mail scanning options to prevent viruses from propagating via e-mail. Fourth, real-time scanning of all Public Folders is established to prevent infected files from being posted to the common area. With real-time scanning enabled, ScanMail can alert the e-mail recipient, sender, or administrator whenever a virus is detected. Who is notified, as well as the notification message contents, is also determined by the ScanMail administrator. ScanMail keeps a comprehensive log of its actions. For a list and explanation of ScanMail's features, please see Section 6 of this document or refer to the printed material that came with the software. 2. Release 1.53 Enhancements and Bug Fixes ============================================================================ The enhancements and bug fixes available in this version are cumulative. As such, installing this version brings the benefits introduced in all previous versions as well as those introduced with this version. See section 8 of this document for a full accounting of all enhancements and bug fixes so far. o Fixed a bug in version 1.5 wherein ScanMail would fail to start after installation. The problem was found to be a conflict with version 4.70 of the NT file shalwapi.dll. The conflict has been corrected. o Fixed a long-standing bug wherein virus alert notifications were not being properly sent back to the original sender of the e-mail. Senders can now reliably be notified if the e-mail the sent was found to contain a virus. Bugs Remaining: o Currently, users cannot interrupt the pattern update process (PTNUPD) without causing subsequent attempts to update the pattern file to fail. Work Around: ~~~~~~~~~~~ Stop the SMAILEX.EXE program and delete the PTNFILE.EXE file, found in the ScanMail for Exchange working directory. Restart ScanMail. o Currently, environments with more than 1500 mailboxes and insufficient hardware resources may experience the failure of their Information Store or MTS services. 3. Installation Notes ============================================================================ You can install the complete version of ScanMail for Exchange by entering the product serial number that came with the product (or contact your Trend Micro sales representative). Alternatively, you can enter no serial number to install the 30-day free trial version. o If you are installing ScanMail for the first time, please refer to the printed documentation that came with the software. o If you are upgrading a previous version of ScanMail, please uninstall your previous version of ScanMail before installing version 1.53. Note: before installing ScanMail for Exchange, be sure that the following conditions exist: 1. You have an Exchange Client installed on the same machine as the Exchange Server, and "log on to network" is enabled as the default on the client. 2. You have Administrator privileges for the Windows NT Domain where the Exchange server is located. 3. You are logged in to Exchange from a service account AND have a mailbox for that account on the server. How to Check the Status of These Conditions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. With the Microsoft Exchange client open, click Tools | Services. Then, with Microsoft Exchange Server highlighted, click the Properties button. Click the Advanced tab. A check mark should appear in the "Use network security during logon" checkbox. 2. Click the NT Start button, then Programs |Administrative Tools | User Manager for Domains. Double click the Username you are currently logged in under, then click the Groups button. In the Member of: window, you must see Administrators. If not, log off NT and then back on using an account that does have Administrative privileges. 3. With the Microsoft Exchange Administrator open, double click the Display Name of the NT account you are using. Check the Group Membership by clicking the Primary Windows NT Account button and "Select an existing Windows NT account" Locate your NT account in the list of names that appears and verify the privileges. Complete instructions for installing ScanMail for Exchange can be found in the User's Guide. Once installed, both ScanMail's real-time e-mail scanning and monitoring services are automatically started. You will see the real-time monitor on the desktop. 5. Minimum System requirements ============================================================================ o Intel Pentium 100 or higher o 64 MEG RAM o 10 MEG free disk space for the program files o Exchange Server (English) Version 4.0 or 5.0 o Exchange Client installed on the same Windows NT server o Windows NT Server version 3.51, with Service packs 4 and 5, or NT Server version 4.0 (English ) 6. BatchExport Utility for Manual Scan ============================================================================ As explained in the User's Guide, whenever you add or remove user mailboxes from Exchange, ScanMail needs to be apprised of the changes -- mailboxes that do not appear on ScanMail's list of users are not scanned. After adding or removing a user mailbox you can rebuild the list by clicking the Refresh All button on the Manual Scan page. This process can now be scheduled to take place automatically from ScanMail's Windows interface. Refreshing the list of user mailboxes daily is typical, although administrators who find themselves adding and removing user mailboxes several times a day may want to schedule the refresh to occur more frequently. Scheduling BatchExports ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To schedule the refresh frequency from ScanMail's Window's interface, click Help | Schedule Directory Export from the main menu. Click the "Automatically restart real-time scan service if there are new updates" checkbox to have the real-time scanning service stop and restart whenever the schedule for refreshing ScanMail's list of user mailboxes is modified. Since it can take some time to re-build ScanMail's list of user mailboxes, and to stop and restart the scanning service, we recommend that you don't schedule automatic refreshes any more often than is necessary. The refreshes take place at the hourly intervals (6, 8, 12, 24, or none) you specify, beginning at the designated hour. Click "Update the Schedule List" button to update the data which appears in the Schedule list window 7. ScanMail for Exchange Features and Default Settings ============================================================================ Action on Detecting a Virus ~~~~~~~~~~~~~~~~~~~~~~~~~~~ By default, when ScanMail detects an infected file in an e-mail attachment it removes the virus from the file (or "cleans" the file) then forwards it to the intended recipient(s). Notification of the action is sent to the ScanMail administrator and any other specified parties. In some cases a file cannot be cleaned, for example due to corruption, and ScanMail moves uncleanable files to the VIRUS directory, which is created upon installation. The administrator can change ScanMail's default action (AUTOCLEAN) upon detecting a virus. The following actions are available: o AutoClean - ScanMail automatically cleans infected files. If they cannot be cleaned, the file is deleted or moved to an isolated directory (or "quarantined"). Alternatively, infected files that cannot be cleaned can be "passed" on to the intended recipient without any action taken. o Delete - ScanMail automatically deletes infected files. No attempt is made to clean the file. o Move - ScanMail moves an infected file to a predetermined location or e-mails it to the administrator along with a warning. Alternatively, infected files can be e-mailed to Trend Micro's Virus Hospital for special treatment. o Pass - ScanMail ignores infected files, sending them on to the intended recipient along with a warning message. Notification ~~~~~~~~~~~~ When a virus is found, ScanMail can automatically send notification(s): o Notify the intended recipient of the infected e-mail o Notify the sender of the infected e-mail o Notify the ScanMail Administrator of the infected e-mail The notification message that the sender, intended recipient, or admin receives is user-customizable and contains details about the virus. Notifications are sent e-mail via the Exchange server (Version 1.5 does not support notification via message boxes.) Real-time Scanning ~~~~~~~~~~~~~~~~~~ ScanMail's real-time scanning operates as a Windows NT service and detects whenever mail messages arrive at the mailbox or public folders. The real-time monitor is automatically engaged following installation and whenever every time the NT server is restarted. Manual Scanning ~~~~~~~~~~~~~~~ Manual scanning is similar to real-time scanning, except that manual scans require user interaction in order to run. The ScanMail administrator can select multiple mailboxes for scanning, or specify individual folders within the mailbox -- for example, the Inbox, Outbox, Sent Items, Deleted Items, or any other folder. Manual scanning supports the scanning of public folders. Scheduled Scans ~~~~~~~~~~~~~~~ Scheduled scans can be set to run at predetermined times and frequencies. Most of the configuration options are similar to those available for the manual scans, with the main difference being that the individual folders making up a mailbox cannot be specified for scheduled scans. By default, all items in the mailbox are scanned. Virus Pattern File Update ~~~~~~~~~~~~~~~~~~~~~~~~~ ScanMail administrators can have the ScanMail's virus pattern file updated in a couple of different ways: o Pattern file updates via Internet (using HTTP) o Pattern file updates from a UNC path, Mapped Drive, or Local Drive (including floppy drive) Both methods of updating the virus pattern file can be scheduled to take place automatically, at regular intervals. Incremental Scans ~~~~~~~~~~~~~~~~~ o Incremental Scans allow the ScanMail administrator to perform manual or scheduled scans of user mailboxes. However, instead of scanning all mail items during the scan (including those that have been previously scanned) Incremental Scans can be set to scan only mail been items that have modified since a specified date or since the last scan. Log Files ~~~~~~~~~ ScanMail keeps comprehensive logs of all its actions, including: o The Event Log - records when the various ScanMail services were stopped or started (real-time, manual, and scheduled scanning events). o The Virus Log - records which viruses ScanMail has detected, including details such as the name of the virus and infected file, the date, intended recipient, sender, and the action ScanMail took: clean, delete, move or pass. o The Pattern Update Log - records when each pattern update occurred The administrator can have ScanMail save the log files in the default directory for up to 90 days or schedule them for regular deletion. On Line Registration ~~~~~~~~~~~~~~~~~~~~ Trend Micro provides convenient means by which users can register ScanMail, including both Online registration and mail-in certificates. 8. Installed Files and Registry Key ============================================================================ ScanMail for exchange installs the following executable programs, by default to the C:\Program Files\SMailEx directory: driveup.exe realscan.exe instmon.exe rmonitor.exe InstRTS.exe smailex.exe pscaneng.exe smailup.exe pscanmon.exe Lpt$vpn.324 ----this extension may vary LOG folder VIRUS folder ScanMail also adds the following folder to your Registry: HKEY_LOCALMACHINE\SOFTWARE\TREND\SCANMAIL EXCHANGE 9. Release History ============================================================================ VERSION 1.5 ScanMail for Exchange version 1.5 provided the following enhancements: o Added support for updating the virus Pattern File through a proxy server. From the Update Pattern page, click "Enable proxy," then enter the port number and IP address of the proxy server. o Added automatic, real-time scanning of server-to-server public folder replications. Give ScanMail "Editor" role or greater for replication scanning. With real-time scanning, users cannot inadvertently save infected files to the public folders -- every document is checked for viruses after being posted. Any viruses already infecting files in the public folder are detected as the replication is completed. (Manual scanning is another option.) Potential Exceptions: 1. Site-to-site replication scanning (NOT server-to-server) of existing folders designated for Directory Replications. New folders and messages (added after ScanMail was installed) can be scanned; existing ones cannot. 2. Scanning replications on public folders hosted by a remote Exchange server (with no ScanMail installed). Even if the ScanMail server is granted rights to a remote site that is hosting a public folder, ScanMail will not scan the remote public folder, regardless of permissions. ScanMail local public folder replications. VERSION 1.4 ScanMail for Exchange version 1.4 provided the following product enhancements and bug fixes: o Added support for Incremental manual and scheduled scans. Incremental manual scans save time by allowing the administrator to scan only mail that has arrived in a user mailbox since the last manual (or scheduled) scan or since a specified date. VERSION 1.3 ScanMail for Exchange version 1.3 provided the following product enhancements and bug fixes: o Automated the task of refreshing ScanMail's directory of user mailboxes so the administrator no longer needs "Refresh" by hand the ScanMail directory after adding or deleting user mailboxes (see Version 1.2 below for details). VERSION 1.2 ScanMail for Exchange version 1.2 provided the following product enhancements and bug fixes: o Exchange administrators whose servers contain hundreds or thousands of user accounts used to experience a delay upon opening the Manual Scan configuration page. The delay was due to the time needed to populate the window with the many user accounts. ScanMail for Exchange version 1.2 addresses this problem with the introduction of an export utility designed to speed and maintain the list of user accounts. After running the export utility once, users will not experience any delays when opening the Manual Scan page. Section 5 of this document provides a detailed explanation of the utility and its use. o ScanMail now supports the scanning public folders on a designated NT Server. o When simultaneously scanning multiple files, the name of a file being scanned would sometimes get lost. This resulted in a report of "unknown" in the logs. We have fixed this error in version 1.2. o When scanning an infected attachment that is being sent to to multiple mail accounts, all infected file attachments are cleaned. Previously, some infected attachments were "Moved" rather than "Cleaned." o An error reporting the percentage of mailboxes opened during a real time scan has been corrected. o When manually refreshing the list of mailboxes that appears on the Manual Scan page, a progress bar now appears to indicate the status of the task. This is most relevant on servers with thousands of mailboxes. o Support has been added for NT passwords that use special characters, for example, spaces. o When a mailbox appears to be corrupted, the real-time scan module will make three or more attempts to open it before abandoning the task. Status of the attempts is displayed on the monitor. o Version 1.2 of ScanMail for Exchange employs a new approach in exporting Exchange directories. Previously, exporting Exchange directories under ScanMail could trigger an error. o The speed of exporting directories to ScanMail has been increased. VERSION 1.1 ScanMail for Exchange version 1.1 provided the following product enhancements and bug fixes: o ScanMail now provides mailbox scanning for mail systems migrated to Exchange from cc:Mail and Microsoft Mail, as well as from Exchange Server 4.0 to Exchange Server 5.0 o Improved the scanning of public folders that contain replicas o Mailboxes containing special characters (such as ~,^,%) can now be reliably scanned o ScanMail now detects and cleans Macro viruses written in Microsoft's Excel macro language o Version 1.1 fixes a problem with scanning after the administrator is logged off the system o The reliability of Virus Pattern updates has been improved o Files with unknown, or corrupted file names can now be opened by their associated applications following a scan o Selecting both the Public folder and "Others" option used to cause a scanning conflict. This problem has been fixed. o Fixed problem with scheduled scans of specific mailboxes o ScanMail is now capable of cleaning all forms of the Macro virus "Concept" o The Time field of scheduled scans and virus-pattern downloads no longer accepts invalid user input o A glitch under "Options" on the Manual Scan page that prevented WWW addresses from being added has been fixed 10. About Trend Micro Inc. ============================================================================= Trend Micro is the leading developer of server-based virus protection for high-performance corporate networks. ScanMail is part of Trend's integrated gateway-to-desktop enterprise-wide solution. Trend Micro's virus protection technology is used by Intel, Novell, Netscape, Sun Microsystems, Control Data Systems, SCO, and WorldTalk as a key part of their server security solutions. 11. Contact Information ============================================================================= E-mail: trend@trendmicro.com E-mail: sales@trendmicro.com Web: www.antivirus.com Trend Micro Incorporated Suite 400, 10101 De Anza Bvld. Cupertino, CA 95014 Toll free: 800-228-5651 Voice: 408-257-1500 Fax:: 408-257-2003 Visit www.antivirus.com to download evaluation copies of Trend's "Total Solution" virus protection products. Copyright 1997, Trend Micro Incorporated. ScanMail is a trademark of Trend Micro Incorporated. All other marks are the trademarks or registered trademarks of their respective companies.