Symantec™ Mail Security 8.0.5 for Domino® Multi-Platform Edition Installation Guide

Installing Mail Security for Multi-Platform Edition This document includes the following topics: ■

Installing overview

■

If you are upgrading

■

System requirements for AIX

■

Installing Symantec Mail Security for Domino — MPE

■

About installation script options

■

About the command line syntax

■

About the command line options

■

Post-installation tasks

■

Signing the Mail Security databases to certify integrity

■

Granting rights to run unrestricted agents

■

Accessing Mail Security

■

Restricting access to Mail Security databases

■

Installing Symantec Mail Security on DPAR with SMSDOM settings replication

■

About uninstalling Symantec Mail Security for Domino

4

Installing Mail Security for Multi-Platform Edition Installing overview

Installing overview The Symantec Mail Security 8.0.5 for Domino — Multi-Platform Edition (MPE) installation script creates a directory named Symantec. (All Symantec products share this directory for items such as Symantec program libraries and executable files.) By default, the Symantec directory is installed in the following location: /opt

You can specify a different location during installation. Symantec Mail Security for Domino — MPE creates the following directories. Table 1-1

Installation directories

Directory

Description

[Domino data directory]

Symantec Mail Security for Domino MPE database templates (sav.ntf, savlog.ntf, savquar.ntf, and savdefs.ntf).

[Domino data directory]/sav

Symantec Mail Security for Domino MPE engine databases (sav.nsf, savlog.nsf, savquar.nsf, savdefs.nsf, and savhelp.nsf).

.../Symantec/virusdefs

Virus definition files that are operating system specific and used for all Symantec products.

.../Symantec/SMSDOM

Standard antispam definition files, Dynamic Document Review (DDR) dictionaries (only in 32-bit ), signature files for file type detection, attachment content scanning files, Rapid Release scripts, ReadMe text file, Version Support Policy file, and PDF version of the Symantec Mail Security 8.0.5 for Domino Implementation Guide.

.../Symantec/Licenses

Symantec license files. After you install a license for any Symantec product, the license file is placed in the Licenses folder.

.../Symantec/LiveUpdate

Platform independent LiveUpdate technology to download definition files and program updates (used for all Symantec products).

Installing Mail Security for Multi-Platform Edition If you are upgrading

If you are upgrading You can not upgrade any earlier installed version of SMSDOM to SMSDOM 8.0.5 (64-bit). Mail Security supports upgrades from version 8.0.x and higher only on 32-bit Domino. If you are running version 3.x or lower, you must uninstall the product and then install version 8.0.5. When you upgrade from version 8.0.x or higher, you can upgrade your previous databases. The databases that you choose to keep during the installation process are upgraded the next time that you start the Lotus Domino server. You can verify that the previous databases were properly upgraded by viewing the Domino server console messages. Any new databases are created from templates and are placed in the SAV subdirectory of your default Data directory. A direct support is not available to migrate from 32-bit version of SMSDOM to 64-bit. Follow the steps below to migrate from 32-bit version of SMSDOM to 64-bit. To migrate from 32-bit version of SMSDOM to 64-bit

1

Uninstall 32-bit version of SMSDOM. However, you may retain the SMSDOM databases during this process.

2

Ensure that virus definitions of the earlier 32-bit version of SMSDOM are deleted. These virus definitions are located at the /opt/Symantec/virusdefs folder. A location can be different according to your installation.

3

Ensure that you upgrade your 32-bit Domino server to 64-bit.

4

Install 64-bit version of SMSDOM on your 64-bit Domino server.

System requirements for AIX You must have administrator-level privileges to an AIX computer and the Domino server to install Symantec Mail Security for Domino — MPE. The minimum system requirements for AIX are as follows: Operating system

AIX version 5.3 or 6.1

Lotus Domino

Domino 7.x or 8.x

Lotus Notes

7.x or later

Available disk space

350 MB

5

6

Installing Mail Security for Multi-Platform Edition Installing Symantec Mail Security for Domino — MPE

JRE

32-bit version of SMSDOM: ■

1.5x (32-bit)

64-bit version of SMSDOM: ■

xlc runtime binaries

1.5x (64-bit)

9.0.0.8

Available disk space in /tmp directory 200 MB minimum

The disk space in /tmp directory is required to download LiveUpdate and Rapid Release definitions. You must have additional 4 GB of hard disk space if you want to enable definition management for Rapid Release. For more details on definition management for Rapid Release, refer to the Saving a Rapid Release definition set section in the Symantec Mail Security 8.0.5 for Domino Implementation Guide.

Installing Symantec Mail Security for Domino — MPE Symantec Mail Security for Domino® — MPE 3.x must be uninstalled before you install Symantec Mail Security for Domino — MPE as upgrade is not supported. For Symantec Mail Security for Domino — MPE to function properly, the avdefs group must exist. You must ensure one of the following conditions is met: ■

The avdefs group exists on the computer on which the Domino server runs.

■

The avdefs group is valid on the computer on which the Domino server runs. For example, the avdefs group is maintained on an NIS server and the computer on which the Domino server runs has access to those NIS controlled accounts.

The avdefs group can be created and populated during installation by the Symantec Mail Security for Domino — MPE installation script. You can also create the group and add Notes users manually before you perform the Symantec Mail Security for Domino — MPE installation. The installation script will not complete if the avdefs group does not already exist or you do not allow the installation script to create the group itself. Note: You must add all Notes server user accounts (server user IDs) as members of the avdefs group that have Symantec Mail Security for Domino — MPE installed into their respective Domino partitions. After the installation is completed and the Domino users are added to the avdefs group, any terminal sessions that launch Domino must be logged off and logged onto again to ensure that the group membership and associated permissions are

Installing Mail Security for Multi-Platform Edition Installing Symantec Mail Security for Domino — MPE

enabled. Failure to do this prevents Symantec Mail Security for Domino — MPE from locating virus definitions on startup and causes the product not to load completely.

Installing Symantec Mail Security for Domino — MPE on AIX You must run the installation script under an account with root or administrator privileges to install Symantec Mail Security for Domino — MPE on an AIX computer. To install Symantec Mail Security for Domino — MPE on AIX

1

Stop the Domino server.

2

Go to the DVD-ROM directory (for example: cd /cdrom).

3

If the SMSDOM binaries and install script are stored in the TAR archive, extract them with the '-o' option. Using '-o' along with other options changes the ownership of all extracted files to the system on which you extract the files.

4

Run the shell script ./install from the Symantec Mail Security for Domino — MPE DVD-ROM. If you have multiple Domino partitions on the same server, separate Symantec Mail Security for Domino — MPE databases are required for each partition. Setup detects and lets you specify on which partitions you want to install Symantec Mail Security for Domino — MPE.

5

Specify the location for Java 1.5x to install LiveUpdate. However, if you do not want to install LiveUpdate, then type n when prompted for LiveUpdate installation.

6

After the Symantec Mail Security for Domino — MPE install completes, restart the Domino server. When the Domino server is restarted, the Symantec Mail Security for Domino — MPE databases are created from templates and placed in the /sav subdirectory of your default Data directory along with the readme.txt file.

7

Start your Lotus Notes client.

8

Select the workspace tab on which you want to place Symantec Mail Security for Domino — MPE.

9

On the File menu, click Database > Open.

7

8

Installing Mail Security for Multi-Platform Edition About installation script options

10 Select the server on which Symantec Mail Security for Domino — MPE is installed.

11 In the sav folder, open the SMSDOM Settings database (sav/sav.nsf).

About installation script options The installation shell script can install Symantec Mail Security for Domino — MPE in the following ways: Interactively

No command-line options are supplied.

Non-interactively

The -p and -s options are specified on the command line.

About the command line syntax The command line syntax is as follows: ./install [-h] [-p ] [-s ] [-d]

About the command line options The command line options are as follows: -h

Displays the command-line syntax.

-p

Specifies the full path to the Notes partition on which to install Symantec Mail Security for Domino — MPE. You can specify multiple Notes partitions. Separate partitions with commas.

-s

Specifies the full path to the Symantec base directory that will contain all of the Symantec Mail Security for Domino — MPE binary files. The -s option cannot be used on its own. It is used only in conjunction with the -p option.

-d

Specifies that the Symantec Mail Security for Domino — MPE installation process should use default settings. You must specify the -d option if the avdefs group does not yet exist else the installation fails.

Installing Mail Security for Multi-Platform Edition Post-installation tasks

The following is an example of an installation on two Notes partitions in the default Symantec directory: ./install -p /notesdata1,/notesdata2 -d

Post-installation tasks Table 1-2 describes the post-installation tasks that you can perform after you install or upgrade to Mail Security. Table 1-2

Post-installation tasks

Task

Description

Refer to the ReadMe file

This text file contains compatibility information and known issues about Mail Security. The ReadMe.txt file is located on the installation DVD and in the following directory: .../Symantec/SMSDOM

Sign the Mail Security Before you open the databases for the first time, sign the Mail databases Security databases with a trusted Notes ID file. See “Signing the Mail Security databases to certify integrity” on page 10. Grant rights to run unrestricted agents

You can give a user rights to enable, disable, or modify unrestricted agents. See “Granting rights to run unrestricted agents ” on page 11.

Access the Mail Security databases

After you open a Mail Security database, you can save it to a workplace for easy access. See “Accessing Mail Security” on page 12.

Set access control

The access control settings establish who can access the Mail Security databases. See “Restricting access to Mail Security databases” on page 13.

Activate licenses

You must purchase and activate a content license and product license to receive updated definition files and to operate any of the Mail Security scanning functions. For more information on activating licenses, refer to the Symantec Mail Security 8.0.5 for Domino Implementation Guide.

9

10

Installing Mail Security for Multi-Platform Edition Signing the Mail Security databases to certify integrity

Table 1-2

Post-installation tasks (continued)

Task

Description

Installing on Domino partitioned servers (DPAR)

On a Domino partitioned server, all partitions share the same Domino and SMSDOM program directory, and thus share one set of Domino and SMSDOM executable files. See “Installing Symantec Mail Security on DPAR with SMSDOM settings replication” on page 14.

Signing the Mail Security databases to certify integrity Before you open the databases for the first time, sign the databases with a trusted Notes ID file, using the Domino Administrator client. Signing the databases is necessary to ensure the proper operation of all of the Mail Security features in your Domino environment. To properly sign the Mail Security databases, ensure that the following settings are configured in the Domino Administrator client: ■

Sign all design documents.

■

Do not update existing signatures only.

■

Sign all data documents using an administrator ID.

■

Configure the ID as follows: ■

The ID should sign all data documents, not just those with existing signatures.

■

The ID should be a trusted administrator’s ID or server ID.

■

The ID should have the right to run unrestricted Methods and Operations, which is necessary to run all of the database agents.

■

The ID used to sign the databases should appear on the workstation’s Execution Control List (ECL).

Ensure that the trusted Notes ID in the Execution Control List is listed with the following rights in the Notes client: ■

Access to current database

■

Access to environment variables

■

Access to external code

■

Access to external programs

Installing Mail Security for Multi-Platform Edition Granting rights to run unrestricted agents

■

Ability to read other databases

■

Ability to modify other databases

■

Ability to export data

For more information on signing databases, see the Domino Administrator and Lotus Notes documentation.

Granting rights to run unrestricted agents Mail Security contains agents to help you manage database size and run scheduled queries. You must grant rights to the user who signs the IDs. See “Signing the Mail Security databases to certify integrity” on page 10. The agents are as follows: Log purge agent

Purges events from the Log database By default, threat incidents are purged after 365 days. Server messages and other incidents are purged every 30 days. For information on removing documents automatically from the Log database, refer to Symantec Mail Security 8.0.5 for Domino Implementation Guide.

Quarantine/Backup purge agent

Purges items from the Quarantine database By default, all items in the Quarantine are purged after 30 days. For information on removing documents automatically from the Quarantine database, refer to Symantec Mail Security 8.0.5 for Domino Implementation Guide.

Scheduled reports agent

Runs scheduled queries in the Log database By default, the agent runs scheduled queries once a day and posts the queries in the Completed Reports view. For information ongenerating customized scheduled reports, refer to Symantec Mail Security8.0.5 for Domino Implementation Guide.

11

12

Installing Mail Security for Multi-Platform Edition Accessing Mail Security

For users to enable, disable, or modify an agent, the administrator must grant rights to run unrestricted agents in the Server Document of the server that is running Mail Security. Note: Agents are disabled by default. You must enable the agents that you want to use. To grant users rights to run unrestricted agents

1

Open Domino Administrator.

2

On the Configuration tab, in the left pane, double-click Server.

3

In the left pane, under Server, click All Server Documents.

4

In the right (view) pane, double-click the server on which Mail Security runs.

5

On the action bar, click Edit Server.

6

On the Security tab, under Programmability Restrictions, in the Run unrestricted methods and operations box, add the users to whom you want to grant rights to enable, disable, or modify agents.

7

On the action bar, click Save & Close.

Accessing Mail Security Mail Security is fully integrated with the Lotus Notes environment and can be accessed like any other database. When you open any Mail Security database, a navigation pane appears on the left. You can access any of the Mail Security databases from the navigation pane. Each Mail Security database contains options that are specific to that database. For example, the Log database contains options for server messages, product information, and incidents. The navigation pane only contains the options for the databases that are available and for which you have at least Reader access. For example, the navigation pane does not display the options for the Definitions database if it has not been created. If you create a Definitions database, you must close all of the Mail Security databases and documents. When you open any of the Mail Security databases, the Virus Definitions option appears on the navigation pane. For information about creating a Definitions database and on troubleshooting user interface errors and issues, refer to Symantec Mail Security 8.0.5 for Domino Implementation Guide. Figure 1-1 shows the Mail Security console.

Installing Mail Security for Multi-Platform Edition Restricting access to Mail Security databases

Figure 1-1

Mail Security console

Action bar

Navigation pane

Version Status pane

To access Mail Security

1

In Lotus Notes, on the File menu, click Database > Open.

2

In the Open Database dialog box, under Server, select the server on which you installed Mail Security.

3

Under Database, in the SAV directory, double-click SMSDOM Settings 8.0 (the Settings database). The Settings view appears.

4

Drag the Settings database window tab to any Lotus Notes bookmark folder.

Restricting access to Mail Security databases To maintain security in your Lotus Domino environment, restrict access to the Mail Security databases to administrators by setting the Access Control List (ACL) for following databases: ■

Settings (sav.nsf)

■

Log (savlog.nsf)

■

Quarantine (savquar.nsf)

■

Definitions (savdefs.nsf), if used

13

14

Installing Mail Security for Multi-Platform Edition Installing Symantec Mail Security on DPAR with SMSDOM settings replication

The Quarantine database requires that you also assign roles to Quarantine database users. These roles restrict access to various Quarantine views and control who can release documents from the Quarantine. When you set access control for the Quarantine database, you must assign roles to those groups and users who use the Quarantine. For more information about the Quarantine views and assigning Quarantine roles, refer to Symantec Mail Security 8.0.5 for Domino Implementation Guide. To restrict access to Mail Security databases

1

Log on to the account that you plan to use to administer Mail Security.

2

In Lotus Notes, right-click the Settings database, and then click Database > Access Control.

3

In the Access Control List window, add yourself, a group, or other users as necessary to the Access Control List as Managers with Delete Documents rights.

4

Click Default.

5

In the Access list, click No Access.

6

Click OK.

7

Repeat steps 1 - 6 for the other Mail Security databases.

Installing Symantec Mail Security on DPAR with SMSDOM settings replication To install Mail Security on Domino partitioned servers with SMSDOM settings replication

1

Install SMSDOM on all the Domino partitioned servers.

2

Start any one Domino partitioned server. This creates SAV databases on DPAR-1.

3

Modify other Domino partitioned servers' notes.ini and remove NNTASK entry from server tasks.

4

Start other Domino partitioned servers.

5

Create Replicas of SAV databases from DPAR-1 to other Domino partitioned servers.

6

Modify other Domino partitioned servers' notes.ini and add NNTASK entry to server tasks.

Installing Mail Security for Multi-Platform Edition About uninstalling Symantec Mail Security for Domino

7

Start all Domino partitioned servers.

8

SMSDOM now starts on all Domino partitioned servers and SAV databases are replicable.

About uninstalling Symantec Mail Security for Domino You must run the installation script under an account with root or administrator privileges to uninstall Symantec Mail Security for Domino — MPE . If LiveUpdate or Rapid Release is running, uninstallation of Symantec Mail Security for Domino fails. Mail Security includes a setup option that lets you retain existing Mail Security databases. To uninstall Symantec Mail Security for Domino—MPE on AIX

1

Stop the Domino server.

2

Switch to superuser or equivalent.

3

Change to the following directory: …/Symantec/SMSDOM/uninstall

4

At the command prompt, type the following: ./uninstallsmsdom

5

Follow the on-screen instructions. When you are prompted to retain or delete the SMSDOM databases, type n to delete the specified database.

15

16

Installing Mail Security for Multi-Platform Edition About uninstalling Symantec Mail Security for Domino