Question re: Trend Interscan VirusWall

Question re: Trend Interscan VirusWall

Post by Tim Co » Fri, 17 Dec 1999 04:00:00



I am comtemplating using this software as it runs on the proxy server
instead of the Exchange server. It also allows me to screen email w/.EXE
attachments. Does anyone here have any experience with it? The documentation
says that Interscan needs to take over port 25 on the proxy server and will
forward scanned mail to my Exchange server. This sounds like I simply need
to delete the wspcfg.ini file on the exchange server that binds it to port
25 on the proxy server. Is this correct? I am checking with Trend Micro as
well but thought I would check to see if anyone has any experience with this
particular product and did you get it running OK? TIA
 
 
 

Question re: Trend Interscan VirusWall

Post by Petr » Sat, 18 Dec 1999 04:00:00


 Yes, we are using VirusWall on the exchange. It takes control port 25 on
SMTP-server and after that exchange use other port. Setup program do that
automatic.

 It working great, but you must use version 3.32 or above.

 .-Pepi-.


>I am comtemplating using this software as it runs on the proxy server
>instead of the Exchange server. It also allows me to screen email w/.EXE
>attachments. Does anyone here have any experience with it? The
documentation
>says that Interscan needs to take over port 25 on the proxy server and will
>forward scanned mail to my Exchange server. This sounds like I simply need
>to delete the wspcfg.ini file on the exchange server that binds it to port
>25 on the proxy server. Is this correct? I am checking with Trend Micro as
>well but thought I would check to see if anyone has any experience with
this
>particular product and did you get it running OK? TIA


 
 
 

Question re: Trend Interscan VirusWall

Post by Tim Co » Sat, 18 Dec 1999 04:00:00


It sounds like you have VirusWall loaded on the same server as Exchange
server? Is that right? The setup you describe is indeed in their
documentation. They don't say how to set it up on the Proxy server while
leaving the exchange server intact.


> Yes, we are using VirusWall on the exchange. It takes control port 25 on
>SMTP-server and after that exchange use other port. Setup program do that
>automatic.

> It working great, but you must use version 3.32 or above.

> .-Pepi-.


>>I am comtemplating using this software as it runs on the proxy server
>>instead of the Exchange server. It also allows me to screen email w/.EXE
>>attachments. Does anyone here have any experience with it? The
>documentation
>>says that Interscan needs to take over port 25 on the proxy server and
will
>>forward scanned mail to my Exchange server. This sounds like I simply need
>>to delete the wspcfg.ini file on the exchange server that binds it to port
>>25 on the proxy server. Is this correct? I am checking with Trend Micro as
>>well but thought I would check to see if anyone has any experience with
>this
>>particular product and did you get it running OK? TIA

 
 
 

Question re: Trend Interscan VirusWall

Post by Hunter Colema » Sat, 18 Dec 1999 04:00:00


Tim-

I'm ignorant of the Exchange-Proxy server interface. Without Trend in the
picture, how does Exchange transfer outbound/inbound SMTP mail from/to the
proxy server?

We're running VirusWall on our IMC boxes. I understand that you can separate
these and have VirusWall run on a separate machine. In that case, you'd have
your Exchange server forward all mail to VirusWall and your MX records would
point to the machine that VirusWall runs on, with it forwarding mail over to
the Exchange server. I'll have to check the docs on that scenario.

Hunter


> It sounds like you have VirusWall loaded on the same server as Exchange
> server? Is that right? The setup you describe is indeed in their
> documentation. They don't say how to set it up on the Proxy server while
> leaving the exchange server intact.


> > Yes, we are using VirusWall on the exchange. It takes control port 25 on
> >SMTP-server and after that exchange use other port. Setup program do that
> >automatic.

> > It working great, but you must use version 3.32 or above.

> > .-Pepi-.


> >>I am comtemplating using this software as it runs on the proxy server
> >>instead of the Exchange server. It also allows me to screen email w/.EXE
> >>attachments. Does anyone here have any experience with it? The
> >documentation
> >>says that Interscan needs to take over port 25 on the proxy server and
> will
> >>forward scanned mail to my Exchange server. This sounds like I simply
need
> >>to delete the wspcfg.ini file on the exchange server that binds it to
port
> >>25 on the proxy server. Is this correct? I am checking with Trend Micro
as
> >>well but thought I would check to see if anyone has any experience with
> >this
> >>particular product and did you get it running OK? TIA

 
 
 

Question re: Trend Interscan VirusWall

Post by Tim Co » Sat, 18 Dec 1999 04:00:00


A proxy client, called WSP client, is installed on the exchange server. An
.ini file is also put on the exchange server. This combination then binds
the exchange server port 25 to the proxy server's external interface...in
this case on port 25. Then, anything coming into the external nic of the
proxy gets redirected by proxy to the exchange server.

With VirusWall ON the exchange server, VirusWall takes over port 25 and then
reconfigures Exchange to listen on another port for the messages that
VirusWall will pass to it. I don't think that's the way it should be done
with Exchange on a different server. I THINK all I need to do is unbind
Exchange from port 25 on the proxy server and then it will listen on it's
own port 25. Then, VirusWall will take over port 25 on the proxy server and
then pass on to the Exchange server by using its IP address or DNS. I cannot
use DNS since the Exchange server is actually on a private number not in DNS
and I don't have my own internal DNS. Therefore I must point VirusWall
manually to the Exchange Server.

This is all guesswork...Trend hasn't replied to my question yet. How do you
find their product to work? I have tried their WebProtect product on Proxy
which works OK but I want email screened as well as the ability to exclude
email with .exe attachments, which Interscan can do with Emanager plug-in.


>Tim-

>I'm ignorant of the Exchange-Proxy server interface. Without Trend in the
>picture, how does Exchange transfer outbound/inbound SMTP mail from/to the
>proxy server?

>We're running VirusWall on our IMC boxes. I understand that you can
separate
>these and have VirusWall run on a separate machine. In that case, you'd
have
>your Exchange server forward all mail to VirusWall and your MX records
would
>point to the machine that VirusWall runs on, with it forwarding mail over
to
>the Exchange server. I'll have to check the docs on that scenario.

>Hunter



>> It sounds like you have VirusWall loaded on the same server as Exchange
>> server? Is that right? The setup you describe is indeed in their
>> documentation. They don't say how to set it up on the Proxy server while
>> leaving the exchange server intact.


>> > Yes, we are using VirusWall on the exchange. It takes control port 25
on
>> >SMTP-server and after that exchange use other port. Setup program do
that
>> >automatic.

>> > It working great, but you must use version 3.32 or above.

>> > .-Pepi-.


>> >>I am comtemplating using this software as it runs on the proxy server
>> >>instead of the Exchange server. It also allows me to screen email
w/.EXE
>> >>attachments. Does anyone here have any experience with it? The
>> >documentation
>> >>says that Interscan needs to take over port 25 on the proxy server and
>> will
>> >>forward scanned mail to my Exchange server. This sounds like I simply
>need
>> >>to delete the wspcfg.ini file on the exchange server that binds it to
>port
>> >>25 on the proxy server. Is this correct? I am checking with Trend Micro
>as
>> >>well but thought I would check to see if anyone has any experience with
>> >this
>> >>particular product and did you get it running OK? TIA

 
 
 

Question re: Trend Interscan VirusWall

Post by Hunter Colema » Sat, 18 Dec 1999 04:00:00


Comments inline


Quote:> A proxy client, called WSP client, is installed on the exchange server. An
> .ini file is also put on the exchange server. This combination then binds
> the exchange server port 25 to the proxy server's external interface...in
> this case on port 25. Then, anything coming into the external nic of the
> proxy gets redirected by proxy to the exchange server.

> With VirusWall ON the exchange server, VirusWall takes over port 25 and
then
> reconfigures Exchange to listen on another port for the messages that
> VirusWall will pass to it. I don't think that's the way it should be done
> with Exchange on a different server. I THINK all I need to do is unbind
> Exchange from port 25 on the proxy server and then it will listen on it's
> own port 25. Then, VirusWall will take over port 25 on the proxy server
and
> then pass on to the Exchange server by using its IP address or DNS. I
cannot
> use DNS since the Exchange server is actually on a private number not in
DNS
> and I don't have my own internal DNS. Therefore I must point VirusWall
> manually to the Exchange Server.

This sounds like it will work. Page 4-3 of the VirusWall manual describes
setting up email scanning where the mail host (Exchange) and VirusWall are
on separate machines. For outbound mail, you'll probably want Exchange to
route that through VirusWall or some other SMTP host that can use DNS to
resolve the MX information. Again, I haven't set this up with a proxy
server, so your mileage may vary.

Quote:> This is all guesswork...Trend hasn't replied to my question yet. How do
you
> find their product to work? I have tried their WebProtect product on Proxy
> which works OK but I want email screened as well as the ability to exclude
> email with .exe attachments, which Interscan can do with Emanager plug-in.

We've been very pleased with the software, less than thrilled with Trend's
support. If you remember that you'll need to cycle the InterScan service any
time you make any changes through the configuration application, you'll be
fine. I suppose something like that should be obvious, but occasionally I
miss the obvious. That's when I look to Support to tell me I've done
something boneheaded :-)

Hunter

- Show quoted text -


> >Tim-

> >I'm ignorant of the Exchange-Proxy server interface. Without Trend in the
> >picture, how does Exchange transfer outbound/inbound SMTP mail from/to
the
> >proxy server?

> >We're running VirusWall on our IMC boxes. I understand that you can
> separate
> >these and have VirusWall run on a separate machine. In that case, you'd
> have
> >your Exchange server forward all mail to VirusWall and your MX records
> would
> >point to the machine that VirusWall runs on, with it forwarding mail over
> to
> >the Exchange server. I'll have to check the docs on that scenario.

> >Hunter



> >> It sounds like you have VirusWall loaded on the same server as Exchange
> >> server? Is that right? The setup you describe is indeed in their
> >> documentation. They don't say how to set it up on the Proxy server
while
> >> leaving the exchange server intact.


> >> > Yes, we are using VirusWall on the exchange. It takes control port 25
> on
> >> >SMTP-server and after that exchange use other port. Setup program do
> that
> >> >automatic.

> >> > It working great, but you must use version 3.32 or above.

> >> > .-Pepi-.


> >> >>I am comtemplating using this software as it runs on the proxy server
> >> >>instead of the Exchange server. It also allows me to screen email
> w/.EXE
> >> >>attachments. Does anyone here have any experience with it? The
> >> >documentation
> >> >>says that Interscan needs to take over port 25 on the proxy server
and
> >> will
> >> >>forward scanned mail to my Exchange server. This sounds like I simply
> >need
> >> >>to delete the wspcfg.ini file on the exchange server that binds it to
> >port
> >> >>25 on the proxy server. Is this correct? I am checking with Trend
Micro
> >as
> >> >>well but thought I would check to see if anyone has any experience
with
> >> >this
> >> >>particular product and did you get it running OK? TIA

 
 
 

Question re: Trend Interscan VirusWall

Post by Tim Co » Sat, 18 Dec 1999 04:00:00


Wow...you just made me think. I wasn't even thinking about outbound mail.
Without IMS binding to the proxy I am not sure how to deliver out. I will
have to talk to Trend about this...


>Comments inline



>> A proxy client, called WSP client, is installed on the exchange server.
An
>> .ini file is also put on the exchange server. This combination then binds
>> the exchange server port 25 to the proxy server's external interface...in
>> this case on port 25. Then, anything coming into the external nic of the
>> proxy gets redirected by proxy to the exchange server.

>> With VirusWall ON the exchange server, VirusWall takes over port 25 and
>then
>> reconfigures Exchange to listen on another port for the messages that
>> VirusWall will pass to it. I don't think that's the way it should be done
>> with Exchange on a different server. I THINK all I need to do is unbind
>> Exchange from port 25 on the proxy server and then it will listen on it's
>> own port 25. Then, VirusWall will take over port 25 on the proxy server
>and
>> then pass on to the Exchange server by using its IP address or DNS. I
>cannot
>> use DNS since the Exchange server is actually on a private number not in
>DNS
>> and I don't have my own internal DNS. Therefore I must point VirusWall
>> manually to the Exchange Server.

>This sounds like it will work. Page 4-3 of the VirusWall manual describes
>setting up email scanning where the mail host (Exchange) and VirusWall are
>on separate machines. For outbound mail, you'll probably want Exchange to
>route that through VirusWall or some other SMTP host that can use DNS to
>resolve the MX information. Again, I haven't set this up with a proxy
>server, so your mileage may vary.

>> This is all guesswork...Trend hasn't replied to my question yet. How do
>you
>> find their product to work? I have tried their WebProtect product on
Proxy
>> which works OK but I want email screened as well as the ability to
exclude
>> email with .exe attachments, which Interscan can do with Emanager
plug-in.

>We've been very pleased with the software, less than thrilled with Trend's
>support. If you remember that you'll need to cycle the InterScan service
any
>time you make any changes through the configuration application, you'll be
>fine. I suppose something like that should be obvious, but occasionally I
>miss the obvious. That's when I look to Support to tell me I've done
>something boneheaded :-)

>Hunter


>> >Tim-

>> >I'm ignorant of the Exchange-Proxy server interface. Without Trend in
the
>> >picture, how does Exchange transfer outbound/inbound SMTP mail from/to
>the
>> >proxy server?

>> >We're running VirusWall on our IMC boxes. I understand that you can
>> separate
>> >these and have VirusWall run on a separate machine. In that case, you'd
>> have
>> >your Exchange server forward all mail to VirusWall and your MX records
>> would
>> >point to the machine that VirusWall runs on, with it forwarding mail
over
>> to
>> >the Exchange server. I'll have to check the docs on that scenario.

>> >Hunter



>> >> It sounds like you have VirusWall loaded on the same server as
Exchange
>> >> server? Is that right? The setup you describe is indeed in their
>> >> documentation. They don't say how to set it up on the Proxy server
>while
>> >> leaving the exchange server intact.


>> >> > Yes, we are using VirusWall on the exchange. It takes control port
25
>> on
>> >> >SMTP-server and after that exchange use other port. Setup program do
>> that
>> >> >automatic.

>> >> > It working great, but you must use version 3.32 or above.

>> >> > .-Pepi-.


>> >> >>I am comtemplating using this software as it runs on the proxy
server
>> >> >>instead of the Exchange server. It also allows me to screen email
>> w/.EXE
>> >> >>attachments. Does anyone here have any experience with it? The
>> >> >documentation
>> >> >>says that Interscan needs to take over port 25 on the proxy server
>and
>> >> will
>> >> >>forward scanned mail to my Exchange server. This sounds like I
simply
>> >need
>> >> >>to delete the wspcfg.ini file on the exchange server that binds it
to
>> >port
>> >> >>25 on the proxy server. Is this correct? I am checking with Trend
>Micro
>> >as
>> >> >>well but thought I would check to see if anyone has any experience
>with
>> >> >this
>> >> >>particular product and did you get it running OK? TIA

 
 
 

Question re: Trend Interscan VirusWall

Post by Tim Co » Thu, 23 Dec 1999 04:00:00


Replies inline


>This sounds like it will work. Page 4-3 of the VirusWall manual describes
>setting up email scanning where the mail host (Exchange) and VirusWall are
>on separate machines. For outbound mail, you'll probably want Exchange to
>route that through VirusWall or some other SMTP host that can use DNS to
>resolve the MX information. Again, I haven't set this up with a proxy
>server, so your mileage may vary.

I did manage to get VirusWall running on the proxy server and scanning all
SMTP traffic. It really is no big deal. The process I described is correct.
I unbound IMS from port 25 on the proxy server and configured IMS to forward
all mail to internal proxy NIC. Installed VirusWall on proxy server and told
it to listen on port 25 and forward all mail to internal Exchange server.
Then I enabled outbound processing and specified to accept only from my
internal Exchange server. VirusWall then uses DNS to deliver out. The only
tricky part about it is that I only added the default SMTP filter on the
proxy server to allow SMTP mail to reach VirusWall since it is on the proxy
server. This is similar to the setup needed when Exchange is cohosted on the
proxy server. However, I didn't realize at first that the default SMTP
filter is outbound only--it isn't that apparent to me anyway. Mail was going
out but none was coming in. I added a custom filter for inbound (which I
found later on in Jeff W's FAQ BTW) SMTP and voila...everything is working
properly. One of the VERY nice benefits of this package is that it allows
you to stamp each outgoing Internet mail with a custom message...something a
lot of people in Exchange groups want. I am now going to test the Emanager
plug in which lets me screen email attachments by file type...gotta stop
those .exe files at the front door!

Quote:>We've been very pleased with the software, less than thrilled with Trend's
>support. If you remember that you'll need to cycle the InterScan service
any
>time you make any changes through the configuration application, you'll be
>fine. I suppose something like that should be obvious, but occasionally I
>miss the obvious. That's when I look to Support to tell me I've done
>something boneheaded :-)

I see that...their tech support had no clue to my problem when inbound
wasn't coming in. You would think that if they had any familiarity with
proxy server they would think of examining the filter to allow SMTP traffic.
I am by no means a proxy expert but after I thought things through the
answer obviously lay in the filter. I looked at the packet filter log and
saw lots of rejections on Port 25 so I knew where the problem was.
 
 
 

1. Exchange 2000 and running Interscan Virus from Trend

I have Exchange 2000 and running Interscan Virus from Trend.  I have the
inbound scanning just fine. But I can't get the outbound to work.

I only have one exchange server that has the Trend Software running on it.
There is only one SMTP connector.  My Internet connection is by a cable
router thought Road Runner.  I am using a Netgear FR-314 firewall.  I am
also
running on the same box IIS 5 and using Cold Fusion to host some websites.
Inbound email scan is fine.  Out bound will not work.  I have talked to
Trend support but no
luck there.  I have configured as Trend describes but nothing.

Can anyone help

Thanks Chuck

2. How to use MS Exchange 2000 to get all the mail and get then from to local home computers

3. Anyone using Trend Interscan 5 for SMTP?

4. 128 bit ssl issue

5. Exchange 2000 and running Interscan Virus from Trend

6. Reload Exchange from ArcServeIT

7. Anyone using Trend Interscan 5 for SMTP?

8. Adding a Connector

9. Trend Users - Upgrade to ESEAPI Question...

10. Anyone ever use Trend Micro's Interscan Antivirus wall?

11. Interscan and Exchange

12. Stop unwanted Relay when InterScan installed

13. InterScan Virus Wall