Kaspersky Security 5.5 for Microsoft Exchange Server 2003 Maintenance Pack 3 Critical Fix 2, build 5.5.1388.0 ------------------------------------------------------------------- Description Kaspersky Security 5.5 for Microsoft Exchange Server 2003 (hereinafter referred to as Kaspersky Security) Maintenance Pack 3 Critical Fix 2 (hereinafter - CF2) is designed to protect mailboxes and public folders on Microsoft Exchange Server 2003 against malware and unsolicited e-mail (spam). ------------------------------------------------------------------- Differences of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 CF2 compared with Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 cF1: 1) Memory leak in the antispam interception module has been removed. 2) Changes to the application update system. ------------------------------------------------------------------- Differences of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 CF1 compared with Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3: Changes to the application licensing system (support for new types of license keys). ------------------------------------------------------------------- Differences of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 compared with Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP2: 1) Improved spam recognition. 2) New updating subsystem decreases the time required to download the anti-spam databases making spam detection more efficient as well. ------------------------------------------------------------------- Differences of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP2 compared with Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP1: 1) Added opportunity to start updating using a specified user account. 2) Improved Backup filters with an added opportunity to search objects in storage using masks. 3) Added opportunity to mark the subject of spam messages. 4) Support for integration with Microsoft Operation Manager 2005 has been implemented. 5) Added opportunity to send Backup messages identified by mistake as spam to their original recipients. ------------------------------------------------------------------- Differences of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP1 compared with Kaspersky Security 5.5 for Microsoft Exchange Server 2003: 1) The application can be controlled using the centralized remote management system of Kaspersky Administration Kit. ------------------------------------------------------------------- INSTALLING THE APPLICATION Hardware requirements: - Intel Pentium II 300 MHz or higher - 256 MB free (available) RAM - 50 MB free disk space to install the application files and 100 MB free disk space for temporary storage of the objects being scanned. Software requirements: One of the following operating systems: - Microsoft(R) Windows 2000 Server with installed SP4 or higher - Microsoft(R) Windows 2000 Advanced Server with installed SP4 or higher - Microsoft(R) Windows Server 2003 Standard Edition - Microsoft(R) Windows Server 2003 Enterprise Edition. One of the following Microsoft Exchange Server versions: - Microsoft(R) Exchange 2003 Enterprise Edition Server - Microsoft(R) Exchange 2003 Standard Edition Server. In order to install the application you will need the administrator’s rights for this computer and the domain administrator’s rights. ------------------------------------------------------------------- INSTALLATION PROCEDURE Application upgrading is only supported for Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 CF1 with the same localization language as the version being installed. If any other versions of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 or Kaspersky Anti-Virus 5.5 for Microsoft Exchange 2003 is installed on the computer, it must be uninstalled before installing Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 CF2. ------------------------------------------------------------------- KNOWN PROBLEMS 1. If Microsoft Office Outlook is used as the IMAP client, an error message appears when attempting to save a message with an infected attachment into a server folder. This message appears only once. The infected object will be processed in accordance with the anti-virus settings. This error does not occur when using Outlook Express. 2. If Kaspersky Anti-Virus 4.5 for Microsoft Exchange Server was installed and then removed from your computer, then Kaspersky Security installer can detect an invalid registration of anti-virus software for Microsoft Exchange Server in the system registry. In this situation a warning message will be displayed suggesting that you remove the invalid registry entry detected. In order to proceed with the installation of Kaspersky Security, confirm the removal of this registry entry. 3. If Kaspersky Security is installed on a cluster of servers operating in the Active/Active mode, in some cases incorrect delivery of notifications is possible. 4. If Kaspersky Anti-Virus is installed on all nodes of a cluster in the Active/Active mode, then exclusion of an individual storage area from the protection scope even on one of the cluster nodes may entirely disable the protection of that storage. 5. If Kaspersky Security is used to protect MS Exchange Server 2003 installed on a cluster of servers, then when an infected message is sent via a MAPI client, the sender may receive two notifications instead of just one. 6. Kaspersky Security does not send notifications about password-protected archives it detects. 7. When using a trial key, the application may display different expiration date on the General settings and on the License keys tabs. 8. Virus notification can be identified as a suspicious message that may contain spam if such notification is sent from one organization to another and both organizations have Kaspersky Security installed. 9. If the Kaspersky Security 5.5 for Exchange Server 2003 service cannot be stopped when the stream of messages is continuous, perform the following steps: 1) Disable anti-spam protection. 2) Disable anti-virus protection. 3) Wait until the Exchange system reloads the interceptors (it does not take a long time). 4) Stop the Kaspersky Security 5.5 for Exchange Server 2003 service. 10. Same message sent by one and the same sender to the same recipient, but using different e-mail applications, can be classified as different types of spam. 11. Message that was moved to the Junk E-mail folder is not saved to the backup folder. 12. If the anti-spam database is corrupted, the application status still remains “active” although the anti-spam scan is not performed. The application then adds to the event log a record informing about a failure that occurred while starting the Kaspersky Anti-Spam Service. 13. Messages that are suspected of being spam cannot be sent for analysis to Kaspersky Lab from the Backup. 14. The Kaspersky Security Anti-Spam Service can be restarted from time to time during the operation of the application. This does not lead to any errors in the operation. 15. In cases when anti-spam database compilation terminates abnormally (the ASCompiler.exe process is terminated manually) the database status is displayed incorrectly: "Compilation ÎÊ" appears instead of "Compilation failed". 16. When the number of instances of the anti-virus kernel is modified in the Additional settings tab, the OutProcAdapter.exe anti-virus processes may be reloaded twice. This does not lead to any errors in the operation. 17. If the application is set to notify recipients about virus detection in a message and the recipient is specified as a distribution group or security group within Active Directory, the number of notifications in some cases may be equal to the number of users in that group. 18. When notifications are sent to a distribution group within Active Directory with a Display name different from the group name, the notifications do not reach the recipient. 19. After removal of an installed independent server, the application directory may contain several left subdirectories and/or files. 20. The application does not check messages for spam if the anti-virus databases become damaged. 21. Incorrect application name. If Kaspersky Administration Kit has been installed without a plug-in necessary to control Kaspersky Security for Microsoft Exchange Server, then an attempt to switch to the General tab in the server settings window will result in a warning informing that the plug-in is not installed. The warning text contains 'null' instead of the application name. 22. If Kaspersky Anti-Virus for Windows File Servers and Kaspersky Security 5.5 for Microsoft Exchange Server 2003 are installed on the same computer, the task updating the anti-virus databases in the list of tasks in Kaspersky Administration Kit appears to look identically for both applications. 23. Last update time in the General tab of the application settings in Kaspersky Administration Kit reproduces the time of creation of the anti-virus databases. 24. When the diagnostics level in the Diagnostics tab of application settings window is set to "None", application events will not be delivered in Kaspersky Administration Kit. 25. If backup storage folder name ends in an ellipsis character, files will not be saved to the storage. 26. When a local computer is managed via Kaspersky Administration Kit and you select a local folder as the source of updates for the anti-spam database updating task and click the Run button, the started task will use its previous value as the source of updates. 27. When parameter changing is prohibited in a policy of Kaspersky Administration Kit, its value cannot be modified. However, the parameter will be changed visually in graphical user interface (GUI) of the Management Console. 28. Several services have to be stopped during removal of Kaspersky Security. If you terminate the process of application removal, a number of services will remain stopped. The application displays on the screen information about specific services that will be stopped during the removal process. 29. The Security Server can only be controlled using the Management Console of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 or later. 30. If the target computer has Kaspersky Anti-Virus 6.0 for Windows Servers installed with application self-protection enabled, the installer of Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 terminates with an error. In that case you are advised to disable self-protection of Kaspersky Anti-Virus 6.0 before the installation. 31. If the application uses damaged anti-virus databases released by Kaspersky Lab, it assigns wrong statuses to the objects being scanned and performs their processing incorrectly. In case of a nonstandard situation the content of the objects in Microsoft Exchange Server storage areas will be corrupted beyond recovery. Similar situation occurs if available disk space becomes insufficient on the drive where Kaspersky Security is installed. 32. Mail messages can be blocked in the Microsoft Exchange Server storages if the application uses damaged anti-virus databases. Messages will be unlocked after next success databases update. It is recommended to turn off anti-virus protection for immediate access to those messages. 33. Anti-virus databases are not preserved when Kaspersky Security is upgraded. You are advised to update the anti-virus databases after the upgrade procedure. 34. Addresses from the "CC" field can appear twice in the list of recipients for notifications about spam detection. However, each recipient receives a notification just once. 35. You cannot control Kaspersky Anti-Virus 5.5 for Microsoft Exchange Server 2000/2003 and Kaspersky Security 5.5 for Microsoft Exchange Server 2003 from the same computer at the same time. 36. If registration in the event log is disabled in the virus outbreak counter settings, then notifications about a virus outbreak are not delivered to the Microsoft Operations Manager console. 37. If application setup is attempted using a local account (without sufficient rights to write to Active Directory) the installation procedure will be rolled back. However, certain files remain in the destination directory. 38. Update will not be performed if attempted using an account included into the Users group of the operating system. 39. The SERVER_NAME macro cannot be displayed in the notifications informing about virus outbreaks. 40. User account in Unicode format cannot be used for specification of proxy authentication settings in the update task parameters. 41. While scanning a part of a multivolume archive, the application may assign the Corrupted status to such object and perform corresponding actions. 42. If Australia is selected as the location for updates, the actual updating procedure uses the Ashmore and Cartier Islands as the location because both countries have identical letter codes. 43. Records about scanning of password-protected objects by Kaspersky Security are not saved in the event log of Kaspersky Administration Kit. 44. Limitations for the application's log files do not apply to the application components log files. 45. Upon an attempt to update from a user-defined FTP server in the active mode, the update is performed in passive mode when a proxy server is used. Active FTP mode is only available for direct FTP updates without a proxy. 46. The addresses of report recipients in the "CC" field of the report configuration must only be specified in SMTP format. 47. In Management Console installed on a computer running Microsoft Windows Vista problems may occur while displaying the Backup storage content. 48. If damaged anti-virus databases are used and update is started using a non-existent source (URL), update terminates with an error. However, instead of a precise error description the report will contain the string "No reserved update description". 49. The feature for updating of the anti-virus and anti-spam databases does not function in FTP over HTTP mode. 50. Updates of the anti-spam databases via Kaspersky Administration Kit 6.0 are only possible in complete update downloading mode. The mode for selective downloading of updates will only be supported beginning with Kaspersky Administration Kit 6.0 MP1. 51. First update of the anti-spam databases after application setup is always performed using one of the servers from the preset list. 52. It is not recommended to open the services management snap-in while removing the application from a computer running Microsoft Windows 2000, because the Security Server service will not be removed then; instead, it will be stopped only. Service removal will require an additional restart of the computer. 53. The application removal may be failed due to IIS Admin services stopping error. In this case it is recommended to stop this service by iisreset /stop command and start the application removal process again. 54. Attention! The Store folder placed in the application installation directory should be excluded from file antiviruses scan lists. ---------------------------------------------------------------------------- RECOMMENDATIONS FOR UPDGRADING FROM Kaspersky Anti-Virus 4.5 for Microsoft Exchange Server TO Kaspersky Security 5.5 for Microsoft Exchange Server 2003 MP3 CF1 After version 5.5 is installed, the application will start functioning using the minimum set of parameters most of which are configured by default and are the optimal settings recommended by the Kaspersky Lab’s experts. Additional configuration must be performed manually. In order to restore the system configuration in accordance with version 4.5 the required changes must be made. While making these changes the following must be taken into account: 1) Version 5.5 has no provision for the unprotected users group. Exclusions from the scan scope are configured through unprotected storages. You can configure the storages protection settings on the Protected mail tab of the Anti-virus protection window. 2) By default, notifications are not registered in the events log in version 5.5. The settings for registering notifications in the logs are configured on the Actions tab of the Properties configuration dialog. 3) When configuring the settings of notifications, you only have to specify the recipients’ addresses. SMTP addresses are not required to be specified as version 5.5 does not use STMP for sending notifications. The notification settings are configured on the Actions tab of the " Properties" configuration dialog.