ServerProtect v Officescan client on server?

I have just seen it said that Server Protect is better than having an
Officescan client on the server machine (as in C/S/M SMB). Any comment
on this?

Is it the case that extra licences can only be bought in packs of 25
for C/S/M Enterprise? They can be bought in packs of 5 for the SMB
version?

Thanks

Geoff

Jim
Fri Apr 30 07:06:33 CDT 2004

Licenses can be bought for CSM for SMB in increments of 1 after the
initial purchase of 5. Yes you can buy 7 if you want. We have over 40
servers running the officescan client that have stayed clean for
years. Talk to a Trend reseller and I suspect that any of the Trend
products may be purchased in increments of 1 after the first level is
met.

Geoff Cox <geoff.cox@minusspam.freeuk.com> wrote:

>I have just seen it said that Server Protect is better than having an
>Officescan client on the server machine (as in C/S/M SMB). Any comment
>on this?
>
>Is it the case that extra licences can only be bought in packs of 25
>for C/S/M Enterprise? They can be bought in packs of 5 for the SMB
>version?
>
>Thanks
>
>Geoff

Jim B. SBS MVP
remove the mvp to send email

Geoff
Fri Apr 30 07:56:33 CDT 2004

On Fri, 30 Apr 2004 12:06:33 GMT, Jim Behning
<jimbehningmvp@atl.mindspring.com> wrote:

>Licenses can be bought for CSM for SMB in increments of 1 after the
>initial purchase of 5. Yes you can buy 7 if you want. We have over 40
>servers running the officescan client that have stayed clean for
>years. Talk to a Trend reseller and I suspect that any of the Trend
>products may be purchased in increments of 1 after the first level is
>met.

Jim,

OK - thanks for the reply.

Cheers

Geoff

Trevor
Fri Apr 30 13:45:52 CDT 2004

Geoff,

The OfficeScan version included in C/S/M for SMB (version 6.0) is designed
to be run on the server. Previously, ServerProtect was required.

I bought 14 licenses on initial purchase and added 5 later so I know it can
be done. As far as I know, you only have to buy them 1 at a time.

-Trevor

"Geoff Cox" <geoff.cox@minusspam.freeuk.com> wrote in message
news:7p3490ti6lrsggd0tt8vacknsdq52ghl7s@4ax.com...
>I have just seen it said that Server Protect is better than having an
> Officescan client on the server machine (as in C/S/M SMB). Any comment
> on this?
>
> Is it the case that extra licences can only be bought in packs of 25
> for C/S/M Enterprise? They can be bought in packs of 5 for the SMB
> version?
>
> Thanks
>
> Geoff

T
Fri Apr 30 14:38:21 CDT 2004

Might this be our answer?

We have a couple of Terminal Servers that we could not install a Trend
client on. Trend said the only solution was to buy a couple copies of
ServerProtect at almost the cost of the OS.

Will check to see what they offer now. And if we can upgrade.

Thanks
Tom

"Trevor OE News" <thetrev68 @ hotmail.com> wrote in message
news:OVBugNuLEHA.3596@tk2msftngp13.phx.gbl...
> Geoff,
>
> The OfficeScan version included in C/S/M for SMB (version 6.0) is designed
> to be run on the server. Previously, ServerProtect was required.
>
> I bought 14 licenses on initial purchase and added 5 later so I know it
can
> be done. As far as I know, you only have to buy them 1 at a time.
>
> -Trevor
>
> "Geoff Cox" <geoff.cox@minusspam.freeuk.com> wrote in message
> news:7p3490ti6lrsggd0tt8vacknsdq52ghl7s@4ax.com...
> >I have just seen it said that Server Protect is better than having an
> > Officescan client on the server machine (as in C/S/M SMB). Any comment
> > on this?
> >
> > Is it the case that extra licences can only be bought in packs of 25
> > for C/S/M Enterprise? They can be bought in packs of 5 for the SMB
> > version?
> >
> > Thanks
> >
> > Geoff
>
>

Les
Fri Apr 30 18:25:02 CDT 2004

With Trend C/S/M SMB there is no longer a distinction between workstations
and servers. The Officescan module is installed on *all* computers for file
level and network I/O scanning. Makes perfect sense :-)

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !



"T Man" <tman@destnospam2.com> wrote in message
news:NWxkc.13$m03.4@clgrps13...
> Might this be our answer?
>
> We have a couple of Terminal Servers that we could not install a Trend
> client on. Trend said the only solution was to buy a couple copies of
> ServerProtect at almost the cost of the OS.
>
> Will check to see what they offer now. And if we can upgrade.
>
> Thanks
> Tom
>
> "Trevor OE News" <thetrev68 @ hotmail.com> wrote in message
> news:OVBugNuLEHA.3596@tk2msftngp13.phx.gbl...
> > Geoff,
> >
> > The OfficeScan version included in C/S/M for SMB (version 6.0) is
designed
> > to be run on the server. Previously, ServerProtect was required.
> >
> > I bought 14 licenses on initial purchase and added 5 later so I know it
> can
> > be done. As far as I know, you only have to buy them 1 at a time.
> >
> > -Trevor
> >
> > "Geoff Cox" <geoff.cox@minusspam.freeuk.com> wrote in message
> > news:7p3490ti6lrsggd0tt8vacknsdq52ghl7s@4ax.com...
> > >I have just seen it said that Server Protect is better than having an
> > > Officescan client on the server machine (as in C/S/M SMB). Any comment
> > > on this?
> > >
> > > Is it the case that extra licences can only be bought in packs of 25
> > > for C/S/M Enterprise? They can be bought in packs of 5 for the SMB
> > > version?
> > >
> > > Thanks
> > >
> > > Geoff
> >
> >
>
>

Geoff
Sat May 01 01:33:55 CDT 2004

On Fri, 30 Apr 2004 18:25:02 -0500, "Les Connor [SBS MVP]"
<les.connor@DEL.cfive.ca> wrote:

>With Trend C/S/M SMB there is no longer a distinction between workstations
>and servers. The Officescan module is installed on *all* computers for file
>level and network I/O scanning. Makes perfect sense :-)

Les,

thanks for that. In fact we went ahead last night and installed C/S/M
SMB version. It seemed to go OK except that I cannot seem to get email
notification of virus scan for either Offiecscan or Scanmail ...

With Scanmail - I have sent an email to an address held on the server
with the eicar.com attachment but I do not get an email notification.
The email should be sent to Administrator. I have set up a contact so
that Administrator email should be sent to my own email address. I see
in the user guide "Administrator;Joe". Can Joe be an email address?
Exactly what is Joe an example of?

I seem to remember that under C/S/M Enterprise it was possible to
"test" the notification? Is this possible under the SMB version?

Thanks

Geoff

Jim
Sat May 01 10:13:49 CDT 2004

Well how did you do that? No notification to the administrator that
is. I am deleting 20-30 notifications a day from the administrator
account. The end users get confused at the blank messages except for
the virus was deleted message. Out of the box with no special clicks
it should notify away.

Open the Scan Mail maager. Have you clicked on the notification tab on
the left? When I do I see that my server is set to send an email to
the administrator. It really does at that account.

Geoff Cox <geoff.cox@minusspam.freeuk.com> wrote:

>On Fri, 30 Apr 2004 18:25:02 -0500, "Les Connor [SBS MVP]"
><les.connor@DEL.cfive.ca> wrote:
>
>>With Trend C/S/M SMB there is no longer a distinction between workstations
>>and servers. The Officescan module is installed on *all* computers for file
>>level and network I/O scanning. Makes perfect sense :-)
>
>Les,
>
>thanks for that. In fact we went ahead last night and installed C/S/M
>SMB version. It seemed to go OK except that I cannot seem to get email
>notification of virus scan for either Offiecscan or Scanmail ...
>
>With Scanmail - I have sent an email to an address held on the server
>with the eicar.com attachment but I do not get an email notification.
>The email should be sent to Administrator. I have set up a contact so
>that Administrator email should be sent to my own email address. I see
>in the user guide "Administrator;Joe". Can Joe be an email address?
>Exactly what is Joe an example of?
>
>I seem to remember that under C/S/M Enterprise it was possible to
>"test" the notification? Is this possible under the SMB version?
>
>Thanks
>
>Geoff

Jim B. SBS MVP
remove the mvp to send email

Les
Sat May 01 18:54:26 CDT 2004

I've got all email notifications turned off. Waste of resources. But I do
have event logs turned on, so abnormal activity can be picked up there
instead.

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !



"Jim Behning" <jimbehningmvp@atl.mindspring.com> wrote in message
news:c7e7905gt9h7cfcbro1l14fr75jndi92ur@4ax.com...
> Well how did you do that? No notification to the administrator that
> is. I am deleting 20-30 notifications a day from the administrator
> account. The end users get confused at the blank messages except for
> the virus was deleted message. Out of the box with no special clicks
> it should notify away.
>
> Open the Scan Mail maager. Have you clicked on the notification tab on
> the left? When I do I see that my server is set to send an email to
> the administrator. It really does at that account.
>
> Geoff Cox <geoff.cox@minusspam.freeuk.com> wrote:
>
> >On Fri, 30 Apr 2004 18:25:02 -0500, "Les Connor [SBS MVP]"
> ><les.connor@DEL.cfive.ca> wrote:
> >
> >>With Trend C/S/M SMB there is no longer a distinction between
workstations
> >>and servers. The Officescan module is installed on *all* computers for
file
> >>level and network I/O scanning. Makes perfect sense :-)
> >
> >Les,
> >
> >thanks for that. In fact we went ahead last night and installed C/S/M
> >SMB version. It seemed to go OK except that I cannot seem to get email
> >notification of virus scan for either Offiecscan or Scanmail ...
> >
> >With Scanmail - I have sent an email to an address held on the server
> >with the eicar.com attachment but I do not get an email notification.
> >The email should be sent to Administrator. I have set up a contact so
> >that Administrator email should be sent to my own email address. I see
> >in the user guide "Administrator;Joe". Can Joe be an email address?
> >Exactly what is Joe an example of?
> >
> >I seem to remember that under C/S/M Enterprise it was possible to
> >"test" the notification? Is this possible under the SMB version?
> >
> >Thanks
> >
> >Geoff
>
> Jim B. SBS MVP
> remove the mvp to send email

Geoff
Sun May 02 04:30:31 CDT 2004

On Sat, 01 May 2004 15:13:49 GMT, Jim Behning
<jimbehningmvp@atl.mindspring.com> wrote:

>Well how did you do that? No notification to the administrator that
>is. I am deleting 20-30 notifications a day from the administrator
>account. The end users get confused at the blank messages except for
>the virus was deleted message. Out of the box with no special clicks
>it should notify away.
>
>Open the Scan Mail maager. Have you clicked on the notification tab on
>the left? When I do I see that my server is set to send an email to
>the administrator. It really does at that account.

Jim,

all is well now ... with Officescan I got the wrong idea from TM's
user guide and had our .local domain name for the SMTP entry when in
fact it required the name of the server...

with Scanmail, again the TM user guide did not help me as it gives an
example with administrator and joe ... but I found that I can enter an
email address too ...

Cheers

Geoff




>Geoff Cox <geoff.cox@minusspam.freeuk.com> wrote:
>
>>On Fri, 30 Apr 2004 18:25:02 -0500, "Les Connor [SBS MVP]"
>><les.connor@DEL.cfive.ca> wrote:
>>
>>>With Trend C/S/M SMB there is no longer a distinction between workstations
>>>and servers. The Officescan module is installed on *all* computers for file
>>>level and network I/O scanning. Makes perfect sense :-)
>>
>>Les,
>>
>>thanks for that. In fact we went ahead last night and installed C/S/M
>>SMB version. It seemed to go OK except that I cannot seem to get email
>>notification of virus scan for either Offiecscan or Scanmail ...
>>
>>With Scanmail - I have sent an email to an address held on the server
>>with the eicar.com attachment but I do not get an email notification.
>>The email should be sent to Administrator. I have set up a contact so
>>that Administrator email should be sent to my own email address. I see
>>in the user guide "Administrator;Joe". Can Joe be an email address?
>>Exactly what is Joe an example of?
>>
>>I seem to remember that under C/S/M Enterprise it was possible to
>>"test" the notification? Is this possible under the SMB version?
>>
>>Thanks
>>
>>Geoff
>
>Jim B. SBS MVP
>remove the mvp to send email

Geoff
Sun May 02 04:33:43 CDT 2004

On Sat, 1 May 2004 18:54:26 -0500, "Les Connor [SBS MVP]"
<les.connor@DEL.cfive.ca> wrote:

>I've got all email notifications turned off. Waste of resources. But I do
>have event logs turned on, so abnormal activity can be picked up there
>instead.

Les,

either way - what do you do re the Netsky.Q virus? I have run the
clean up (correct term? using the tsc files) on the client PCs. As yet
have not looked at e-Manager which we now have installed. Is it any
use for this?

Cheers

Geoff

Les
Sun May 02 08:33:32 CDT 2004

Hi Geoff,

I'm not sure I understand your question, I don't have any virus. Are you
saying you are infected with Netsky, and want to clean up ? I haven't had
any reason or opportunity to use the Trend damage cleanup, but if you are
infected this might be a good opportunity.

I do use eManager, and it is good. That is spam control though, not A/V -
allthough it does have some bearing depending of how you configure it.

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !



"Geoff Cox" <geoff.cox@minusspam.freeuk.com> wrote in message
news:7vf990l60bibs3ri82v3irgiqqrp8lmn55@4ax.com...
> On Sat, 1 May 2004 18:54:26 -0500, "Les Connor [SBS MVP]"
> <les.connor@DEL.cfive.ca> wrote:
>
> >I've got all email notifications turned off. Waste of resources. But I do
> >have event logs turned on, so abnormal activity can be picked up there
> >instead.
>
> Les,
>
> either way - what do you do re the Netsky.Q virus? I have run the
> clean up (correct term? using the tsc files) on the client PCs. As yet
> have not looked at e-Manager which we now have installed. Is it any
> use for this?
>
> Cheers
>
> Geoff
>

Daryl
Sun May 02 09:28:48 CDT 2004

"Jim Behning" <jimbehningmvp@atl.mindspring.com> wrote in message
news:c7e7905gt9h7cfcbro1l14fr75jndi92ur@4ax.com...
> Well how did you do that? No notification to the administrator that
> is. I am deleting 20-30 notifications a day from the administrator
> account. The end users get confused at the blank messages except for
> the virus was deleted message. Out of the box with no special clicks
> it should notify away.

To stop the users getting blank messages, you need to turn on the Active
Message Filter. This will delete the message completely if it contains a
virus.

Geoff
Sun May 02 14:43:21 CDT 2004

On Sun, 2 May 2004 08:33:32 -0500, "Les Connor [SBS MVP]"
<les.connor@DEL.cfive.ca> wrote:

>Hi Geoff,
>
>I'm not sure I understand your question, I don't have any virus. Are you
>saying you are infected with Netsky, and want to clean up ? I haven't had
>any reason or opportunity to use the Trend damage cleanup, but if you are
>infected this might be a good opportunity.

Les,

Apologies - muddled thinking on my part. What I meant was that I am
getitng email alerts that Scanmail has deleted Netsky.P loaded emails
and I was wondering how you would react if you received such messages.

I see for example that Scanmail sees an attachment called message.scr
so I have configured Scanmail to block *.scr attachments. Is this the
best approach?

I believe e-Manager acts before emails get to Scanmail? Can e-Manager
block/delete attachments before they get to Scanmail?

Cheers

Geoff




>
>I do use eManager, and it is good. That is spam control though, not A/V -
>allthough it does have some bearing depending of how you configure it.

Jim
Sun May 02 15:59:50 CDT 2004

I will try that. Thanks.

"Daryl Maunder" <dmaunder.nospam@midnightoil.nospam.com.nospam.au>
wrote:

>"Jim Behning" <jimbehningmvp@atl.mindspring.com> wrote in message
>news:c7e7905gt9h7cfcbro1l14fr75jndi92ur@4ax.com...
>> Well how did you do that? No notification to the administrator that
>> is. I am deleting 20-30 notifications a day from the administrator
>> account. The end users get confused at the blank messages except for
>> the virus was deleted message. Out of the box with no special clicks
>> it should notify away.
>
>To stop the users getting blank messages, you need to turn on the Active
>Message Filter. This will delete the message completely if it contains a
>virus.
>

Jim B. SBS MVP
remove the mvp to send email

Les
Mon May 03 09:26:31 CDT 2004

Hi Geoff,

Exchange gets the first crack at incoming email. So any actions that
exchange is set to perform will take precedence. If you have attachment
blocking set in Exchange, then Scanmail will never see them. At this level,
attachments are blocked because of their extension, not because they are or
are not virus infected.

If an attachment type is not blocked by exchange, either because exchange is
not configured to block that particular file type, or becasue it's not
configure to block *an* file type, exchange delivers it to the mail store.
As part of this delivery process, Scanmail inspects the email. If it matches
a virus definition, then scanmail takes whatever action you configured.

Note that scanmail can also block attachments based on file type, so there
is an overlap between exchange and scanmail capabilities. You may elect to
configure exchange to allow all attachments, and configure scanmail
attachment handling instead. The advantage may be that you now have one
point of configuration for attachment blocking and virus scanning.

eManager is yet another layer of email inspection, nothing to do with
attachments nor virus - allthough it can have an effect. After exchange has
accepted the email, and attempts to deliver it to the mail store, eManager
inspects the emai. If it matches it's spam settings, then it takes the
action you configured. So if that action happens to be delete, then it ends
there.

Your line of defense might look like this:

a) SMTP filters for valid A/D recipients, blank senders, etc. If a match
exists, email is rejected. If not rejected, delivery to the mail store is
initiated.
b) Exchange can strip attachments, or not.
c) eManager filters item for a spam setting match, if exists, eManager takes
configured action.
d) Scanmail filters item against virus definition, if match, takes
configured action. Optionally, if Exchange is not blocking attachments,
scanmail can take configured action on attachments.
e) if the email and/or attachments make it through the above, then they are
deliverd to the store.
f) Use the junk mail filter in Outlook. With updated junk filters (office
update), it's fairly effective at eliminating unwanted email that makes it
into the mail store.
g) when the recipient receives the attachment, they save to disk. Officescan
gets a shot at it at this point, but as it's using the same definitions as
scanmail it's unlikely to find anything different.

Note: I haven't seen eManager definitions update automatically; I don't know
why and haven't taken it up with Trend yet. But eManager should be updated,
perhaps once a week. Manual updates succeed.

Some other related configurations may help reduce the amount of email
generated as a result of spam and viruses.

a) disable NDRs.
b) disable blocked attachment, virus, and spam notifications by email to all
parties, with the possible exception of your own Administrator/postmaster.
You can enable event logging instead.
c) Use Trend's quarantine capabilities, and configure automatic maintenance
so the quarantied files don't build up indefinately. Then you can recover
email and/or an attachment within a reasonable time limit, should you feel
the need to.

I did post a walkthrough of the configuration steps a couple of weeks ago,
perhaps a google search will find it.

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !



"Geoff Cox" <geoff.cox@minusspam.freeuk.com> wrote in message
news:v4ja90dijnj52fpf53ght5p17j5p0ucsj7@4ax.com...
> On Sun, 2 May 2004 08:33:32 -0500, "Les Connor [SBS MVP]"
> <les.connor@DEL.cfive.ca> wrote:
>
> >Hi Geoff,
> >
> >I'm not sure I understand your question, I don't have any virus. Are you
> >saying you are infected with Netsky, and want to clean up ? I haven't had
> >any reason or opportunity to use the Trend damage cleanup, but if you are
> >infected this might be a good opportunity.
>
> Les,
>
> Apologies - muddled thinking on my part. What I meant was that I am
> getitng email alerts that Scanmail has deleted Netsky.P loaded emails
> and I was wondering how you would react if you received such messages.
>
> I see for example that Scanmail sees an attachment called message.scr
> so I have configured Scanmail to block *.scr attachments. Is this the
> best approach?
>
> I believe e-Manager acts before emails get to Scanmail? Can e-Manager
> block/delete attachments before they get to Scanmail?
>
> Cheers
>
> Geoff
>
>
>
>
> >
> >I do use eManager, and it is good. That is spam control though, not A/V -
> >allthough it does have some bearing depending of how you configure it.
>