Chapter 2 - Installing Microsoft Antigen for SMTP Gateways

  • Article

 

Applies to: Microsoft Antigen

Antigen for SMTP Gateways supports local and remote installations on computers running Windows Server 2003 and Windows 2000 Server.

Antigen for SMTP Gateways Setup wizards can be used to install the product to a local SMTP server, to a remote SMTP server, or as an Administrator-only installation to a local workstation. If you are performing a remote installation, you should know the server name of the computer running the SMTP service prior to running the installation program.

System requirements

The following are the minimum server and workstation requirements for Antigen for SMTP Gateways.

Minimum server requirements

The following are minimum server requirements:

  • Windows 2000 Server Service Pack 4 (SP4) Update Rollup 1 or Windows 2000 Advanced Server SP4 Update Rollup 1

    Note

    Windows Server 2003 is also supported. Antigen for SMTP Gateways is supported only on 32-bit environments.

  • 1 gigabyte (GB) of free memory

    Note

    With each additional licensed scan engine, more memory is needed for each scanning process.

  • 2 GB of available disk space

  • Intel processor, 1 gigahertz (GHz)

  • Microsoft Data Access Components (MDAC) 2.7

  • Microsoft Jet 4.0 Service Pack 3 (SP3)

  • Microsoft XML Core Services (MSXML) 6.0

  • Internet Information Services (IIS) 5.0 with SMTP Service installed

  • Windows messaging

    Note

    Windows messaging provides the MAPI interface to ensure the proper parsing of message bodies in .msg files or TNEF-encoded messages. (You may install Outlook on the server to provide the required functionality.)

Minimum workstation requirements

The following are minimum workstation requirements:

  • Windows 2000 Professional or Windows XP

    Note

    Windows Server 2003 and Windows Vista® are also supported.

  • 6 MB of available memory

  • 10 MB of available disk space

  • Intel processor

Installing Antigen on a local server

To locally install Antigen for SMTP Gateways on an SMTP server, you must log on to the local computer using an account that has administrator rights. This step is necessary for Setup to perform service registration.

To install Antigen for SMTP Gateways on a local server

  1. Run Setup.exe from the folder containing the Antigen for SMTP Gateways installation files. You can obtain the latest installation package from the Microsoft Volume Licensing Download Center.

  2. Follow the initial setup dialog boxes until you are prompted by the Installation Location dialog box. Select Local Installation and click Next.

  3. In the Installation Type dialog box, select Server - Admin console and scanner components and click Next.

  4. Setup checks whether you have the correct version of the Windows Update Agent:

    • If you do not have the correct version, at the end of the installation, you are directed to the Microsoft Update Web site to upgrade manually.
    • If you have the correct version, Setup then checks if Microsoft Update is enabled. If Microsoft Update is not enabled, the Use Microsoft Update dialog box appears so that you can enable it.

  5. In the Quarantine Security Settings dialog box, select the desired setting and click Next. Select one of the following:

    • Secure Mode is the default and when the value is set to this mode, all messages and attachments delivered from quarantine are scanned again for viruses and filter matches.
    • Compatibility Mode allows messages and attachments to be delivered from quarantine without being scanned for filter matches. (Messages and attachments are always scanned for viruses.) Antigen for SMTP Gateways identifies these messages by placing special tag text in the subject line of all messages that are delivered from quarantine.

    For more information about this setting, see Chapter 15 - Reporting and statistics overview.

  6. In the Engine Updates Required dialog box, read the warning about engine updates and proxy information, and then click Next.

  7. In the Choose Destination Location dialog box, either accept the default destination folder for the product, or click Browse to select a different one. The default location is:

    Program Files\Microsoft Antigen for SMTP

  8. In the Select Program Folder dialog box, choose a program folder for Antigen for SMTP Gateways. The default location is:

    Microsoft Antigen for SMTP

  9. In the Start Copying Files dialog box, review the data. If any changes have to be made, use the Back button to navigate to the page to be changed. Otherwise, click Next to begin the installation. A progress bar indicates that the files are being copied.

  10. After installation is complete, you can start or restart the SMTP services, depending on whether they were stopped or running when the installation began. For a clean installation, the services were probably still running and need to be recycled. If you are reinstalling the product, the services had to be stopped before Antigen for SMTP Gateways could be uninstalled. In the Start SMTP Services dialog box, you can start the SMTP services automatically so that Antigen for SMTP Gateways can become active. Click Next to have Setup perform this step, or click Skip to manually perform this step at a later time. Until the SMTP services have been started or restarted, Antigen for SMTP Gateways cannot scan mail.

  11. If the SMTP services are being started or restarted (that is, you clicked Next in the prior dialog box), the Starting SMTP Services dialog box appears. Wait until the status changes to All services started before clicking Next to continue.

  12. In the InstallShield Wizard Complete dialog box, you can optionally select to View the README file before clicking Finish. If you do not have the correct version of the Windows Update Agent, you are directed to a site to obtain it.

Note

As in most installations, Setup updates shared Microsoft files on your computer. If you are asked to restart your computer, you do not have to do that immediately, but it may be necessary for certain Antigen for SMTP Gateways features to work correctly.
The Antigen Administrator installed with SMTP scanning for Windows Server 2003 or Windows 2000 Server may also be used to connect to Antigen for Exchange or Antigen for SharePoint® servers. The registry for Antigen services remains: HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for SMTP

Installing Antigen on a remote server

To remotely install Antigen for SMTP Gateways on an SMTP server, you must log on to your local computer using an account that has administrator rights to the remote computer. This step is necessary for Setup to perform service registration. The platforms of both the local computer and remote computer must be the same.

To install Antigen for SMTP Gateways on a remote server

  1. Run Setup.exe from the folder containing the Antigen for SMTP Gateways installation files. You can obtain the latest installation package from the Microsoft Volume Licensing Download Center.

  2. Follow the initial setup dialog boxes until you are prompted by the Installation Location dialog box. Select Remote Installation and click Next. If Antigen for SMTP Gateways is already installed on the remote SMTP server, this process can automatically stop the SMTP and IIS services, and uninstall Antigen for SMTP Gateways.

  3. In the Remote Server Information dialog box, enter the following information and click Next. The parameters are:

    • Server Name—The name of the computer to which you are installing Antigen for SMTP Gateways.
    • Share Directory—The temporary location that the remote installation uses while setting up Antigen. The default is:
      C$

  4. Setup checks whether you have the correct version of the Windows Update Agent:

    • If you do not have the correct version, at the end of the installation, you are directed to the Microsoft Update Web site to upgrade manually.
    • If you have the correct version, Setup then checks if Microsoft Update is enabled. If Microsoft Update is not enabled, the Use Microsoft Update dialog box appears so that you can enable it.

  5. In the Quarantine Security Settings dialog box, select the desired setting and click Next. The parameters are:

    • Secure Mode is the default and when the value is set to this mode, all messages and attachments delivered from quarantine are scanned again for viruses and filter matches.
    • Compatibility Mode allows messages and attachments to be delivered from quarantine without being scanned for filter matches. (Messages and attachments are always scanned for viruses.) Antigen identifies these messages by placing special tag text in the subject line of all messages delivered from quarantine.

    For more information about this setting, see Chapter 15 - Reporting and statistics overview.

  6. In the Remote Location dialog box, select the Destination Directory and Folder Name, and then click Next to begin installing Antigen for SMTP Gateways.

  7. After installation is complete, you can start or restart the SMTP services, depending on whether they were stopped or running when the installation began. For a clean installation, the services were probably still running and need to be recycled. If you are reinstalling the product, the services had to be stopped before Antigen for SMTP Gateways could be uninstalled. In the Start SMTP Services dialog box, you can start the SMTP services automatically so that Antigen for SMTP Gateways can become active. Click Next to have Setup perform this step, or click Skip to manually perform this step at a later time. Until the SMTP services have been started or restarted, Antigen for SMTP Gateways cannot scan mail.

  8. If the SMTP services are being started or restarted (that is, you clicked Next in the prior dialog box), the Starting SMTP Services dialog box appears. Wait until the status changes to All services started before clicking Next to continue.

  9. After you are informed that the installation was successful, click Next to perform another remote installation, or click Cancel to exit the installation program. If you do not have the correct version of the Windows Update Agent, you are directed to a site to obtain it.

Note

As in most installations, Setup updates shared Microsoft files on your computer. If you are asked to restart your computer, you do not have to do that immediately, but it may be necessary for certain Antigen features to work correctly.

Administrator-only installation

Performing an Administrator-only installation will install the Antigen Administrator onto any Windows workstation or server, which can then be used to centrally manage the Antigen services running on remote SMTP servers. An Administrator-only installation requires approximately 2.5 MB of disk space.

To perform an Administrator-only installation

  1. Run Setup.exe from the folder containing the Antigen for SMTP Gateways installation files. You can obtain the latest installation package from the Microsoft Volume Licensing Download Center.

  2. Follow the initial setup dialog boxes until you are prompted by the Installation Location dialog box. Choose Local Installation and click Next.

  3. In the Installation Type dialog box, select Client - Admin console only and click Next.

  4. Setup checks whether you have the correct version of the Windows Update Agent:

    • If you do not have the correct version, at the end of the installation, you are directed to the Microsoft Update Web site to upgrade manually.
    • If you have the correct version, Setup then checks if Microsoft Update is enabled. If Microsoft Update is not enabled, the Use Microsoft Update dialog box appears so that you can enable it.

  5. In the Choose Destination Location dialog box, either accept the default destination folder for the product, or click Browse to select a different one. The default is:

    Program Files\Microsoft Antigen for SMTP

  6. In the Select Program Folder dialog box, choose a program folder for Antigen for SMTP Gateways. The default is:

    Microsoft Antigen for SMTP

  7. In the Start Copying Files dialog box, review the data. If any changes have to be made, use the Back button to navigate to the page to be changed. Otherwise, click Next to begin the installation. A progress bar indicates that the files are being copied.

  8. In the InstallShield Wizard Complete dialog box, you can optionally select to View the README file before clicking Finish. If you do not have the correct version of the Windows Update Agent, you are directed to a site to obtain it.

Post-installation security consideration

When you install Antigen for SMTP Gateways, it is configured to allow everyone access to the AntigenService service. To change the security settings to restrict access to AntigenService, you need to use DCOMCNFG to modify the security settings. For more information about securing access to AntigenService, see "Securing the service from unauthorized use" in Chapter 3 - Antigen services.

Installing to multiple servers

The Antigen Enterprise Manager should be used to install Antigen for SMTP Gateways to multiple servers. For complete installation instructions, see the Microsoft Antigen Enterprise Manager User Guide at the Microsoft Antigen TechNet Library.

Uninstalling Antigen

To uninstall Antigen for SMTP Gateways, log on to the computer on which it is installed.

To uninstall Antigen for SMTP Gateways

  1. Ensure that the Antigen Administrator is not running.

  2. In Control Panel, click Administrative Tools, and then click Services.

  3. Stop the SMTP and IIS services.

  4. When all these services have stopped, close the Services dialog box.

  5. In Control Panel, click Add or Remove Programs.

  6. Remove Microsoft Antigen for SMTP. Click Yes to confirm the deletion.

  7. On the Uninstall Complete page, click Finish.

  8. Delete the Microsoft Antigen for SMTP folder in Program Files. (Or, if you installed to a different folder, delete your installation folder.)

  9. If you are not planning to reinstall Antigen for SMTP Gateways, restart the stopped SMTP and IIS services.

Migrating and upgrading

Antigen for SMTP Gateways detects previous installations and provides the option of upgrading. Upgrading an installation only requires that you provide the password for the user account that the Antigen services run under. (Antigen for SMTP Gateways does not store this for security reasons.) Antigen for SMTP Gateways retains all of your previous settings. When upgrading, additional features may be added based on your environment.

When upgrading Antigen for SMTP Gateways, all scan jobs have their template settings configured to none to prevent users from inadvertently overwriting existing settings. To deploy templates, you need to change this setting on each server to default or a named template. For more information about configuring scan job template settings, see Chapter 7 - Using templates.

Note

When upgrading from Antigen for SMTP Gateways version 8.0 SR3, you must do an engine update immediately after Antigen for SMTP Gateways version 9 is installed to ensure that the engines are using the most recent signature files.
After an upgrade to Antigen for SMTP Gateways version 9, the Microsoft engine is not scheduled for updates. You must manually set the update schedule for the Microsoft engine after the upgrade is complete.
When upgrading Antigen for SMTP Gateways on a server where NetIQ AppManager is installed, you first need to disable and shut down NetIQ prior to the upgrade of Antigen for SMTP Gateways. This is required because the Antigen for SMTP Gateways performance.dll file is registered so that Performance Monitor monitors it. NetIQ attaches itself to this .dll file and will not release it, even if the programs that use it are shut down. If this .dll file is not released, it is not properly upgraded during the installation.

Applying Antigen service packs and rollups

To install an Antigen service pack or rollup

  1. Run the installer by double-clicking the service pack or rollup executable file.

    Note

    While the installer is running, the SMTP and Antigen services are stopped, and your mail flow is temporarily halted.

  2. After the installation is complete and the SMTP and Antigen services have been restarted (this occurs automatically during the installation), verify that Antigen is working properly.

    Note

    Antigen service packs or rollups can also be installed using the FFSMC Deployment job. (For details, see Deployment Jobs in the Forefront Server Security Management Console User Guide.) In this case, the installer runs in silent mode and there is no user input required. The rest of the process remains the same as when running the installer by double-clicking the executable file.

Relocating Antigen data files

Antigen for SMTP Gateways stores program settings as well as scanning activity information including the Quarantine Area on the file system. If you want, you can relocate these files at any time after installation.

To relocate data files

  1. Stop all Antigen services.

  2. Create a folder in the location where you want to move the files.

  3. Move all the data files (files with the .adb extension) and the Quarantine and Engines folders.

  4. Change the following registry key to reflect the new location: HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for SMTP\DatabasePath

  5. Set the security for the new location. Right-click the folder of the new location, and then select Properties. On the Security tab, add a user called Network Service with Full Control privileges. This is necessary so that logging is performed for the SMTP Scan Job.

  6. Restart the services.

Using the evaluation version

Microsoft provides a fully functional version of Antigen for SMTP Gateways for a 30-day evaluation. After 30 days, the evaluation version continues to operate and report detected files. However, it no longer cleans, deletes, or purges files (that is, the action for all virus detection is reset to Skip: detect only). All filters (file, content, and keyword) also have their actions set to Skip: detect only. Finally, the Allowed Sender lists are disabled, and scan engines no longer update.

Note

To purchase a subscription build of Antigen for SMTP Gateways, contact Microsoft Sales.

Product licensing information

After you install a subscription build of Antigen for SMTP Gateways, you can enter licensing information (which can also be obtained from Microsoft Sales).

These are the reasons to license your product:

  • You can align when your product expires with your license agreement. (Otherwise, the expiration is three years from the installation date.)
  • You can easily renew your license by entering a new expiration date.

To license Antigen for SMTP Gateways, select Product License from the Help menu. The Product License Agreement and Expiration dialog box appears.

Enter your seven-digit License Agreement Number and then an Expiration Date. You should enter a date that corresponds to the expiration of your license agreement. This coordinates the expiration of both the license agreement and the product. When the product nears its expiration, you should renew your license agreement and enter the new license information into the Product License Agreement and Expiration dialog box.

Chapter 1 - Introducing Microsoft Antigen for SMTP Gateways

Chapter 3 - Antigen services