Chapter 4: Configuring Notifications

Applies to: Forefront Security for Office Communications Server

Notifications are used for reporting the “who, what, where, and when” details of an infection or a filtering action, including the status of the virus, attachment, or message.

Notifications give administrators a convenient way to get information about virus and filtering events without having to continually check the Incidents Log. You can configure notifications to be sent automatically to the e-mail address of the administrator you specify.

You can also use notifications to alert users (through IM) when they have sent either an attachment or message text that contains a virus or out-of-policy content.By writing these clearly and explicitly, you can help your users understand what has happened, alleviate any concerns, and tell them who to contact for more information.

Not only can such notifications reduce help desk calls, but they can help enhance the security of your environment. For example, if a user sends a virus-infected attachment from a computer that is also infected, your notification can give specific instructions to the user—for example, “Please turn off your computer immediately and call the Emergency Virus Hotline at…” These alerts can help stop the spread of viruses from that computer and possibly prevent further damage, as well as help educate users, thereby reinforcing corporate policy.

In this chapter

• Configuring notifications
  • To configure a notification
  • To turn off a notification
  • About notification roles
  • About dynamic keywords

Configuring notifications

Configuring a notification requires two steps:

1. In the Notification work pane (shown below), you configure and enable the message to be sent to administrators, senders, or recipients.
2. To send enabled notifications, check Send Notifications when you configure specific scan jobs (see To select engines and configure antivirus settings) or filters (see Configuring File and Keyword Filters).

To configure a notification

To configure a notification:

1. Under REPORT, click Notification.

   

2. Under Name, select the recipient of the notification.

   For information about each role, see About notification roles.

3. Make sure it is Enabled.

   If is not, click Enable at screen right.

4. Fill in the Body: field.

   You can use the default text provided or write a new message including the use of keyword substitution macros. Find out more about keyword substitution macros.

5. To insert a keyword substitution macro, right-click in the Body: field where you want to insert it, and select Paste Keyword from the list.

   

6. Click the dynamic keyword you want to add. Repeat to add other keywords.

7. Click Save.

8. If you want to configure another notification, return to Step 2.

To turn off a notification

You may want to disable a notification—for example, if you no longer want to notify users when viruses are detected.

To turn off a notification:

1. Under REPORT at screen left, click Notification.

2. Under Name, select the notification you want to turn off, and click Disable.

3. Click Save.

About notification roles

Forefront Security for Office Communications Server offers e-mail notifications for administrators and IM notifications for users, each of which can be individually configured.

About keyword substitution macros

Keyword substitution macros gather information from the file in which the infection was found or filtering was performed and substitute actual data for the keyword.

For example, to include the name of the virus in the Subject of the message, you could use the %Virus% macro in the Subject field: “Forefront Security for Office Communications Server found the %Virus% virus.” The keyword %Virus% will then be replaced in the e-mail message with the name of the virus.