Symantec™ Mail Security8.0.5 for Domino®Multi-Platform EditionInstallation Guide

Installing Mail Security forMulti-Platform Edition

This document includes the following topics:

■ Installing overview

■ If you are upgrading

■ System requirements for AIX

■ Installing Symantec Mail Security for Domino — MPE

■ About installation script options

■ About the command line syntax

■ About the command line options

■ Post-installation tasks

■ Signing the Mail Security databases to certify integrity

■ Granting rights to run unrestricted agents

■ Accessing Mail Security

■ Restricting access to Mail Security databases

■ Installing SymantecMail Security onDPARwith SMSDOMsettings replication

■ About uninstalling Symantec Mail Security for Domino

Installing overviewThe Symantec Mail Security 8.0.5 for Domino — Multi-Platform Edition (MPE)installation script creates a directory named Symantec. (All Symantec productsshare this directory for items such as Symantec program libraries and executablefiles.) By default, the Symantec directory is installed in the following location:

/opt

You can specify a different location during installation.

Symantec Mail Security for Domino — MPE creates the following directories.

Table 1-1 Installation directories

DescriptionDirectory

SymantecMail Security forDominoMPEdatabasetemplates (sav.ntf, savlog.ntf, savquar.ntf, andsavdefs.ntf).

[Domino data directory]

Symantec Mail Security for Domino MPE enginedatabases (sav.nsf, savlog.nsf, savquar.nsf,savdefs.nsf, and savhelp.nsf).

[Domino data directory]/sav

Virus definition files that are operating systemspecific and used for all Symantec products.

.../Symantec/virusdefs

Standard antispam definition files, DynamicDocument Review (DDR) dictionaries (only in32-bit ), signature files for file type detection,attachment content scanning files, RapidReleasescripts, ReadMe text file, Version Support Policyfile, and PDF version of the Symantec MailSecurity 8.0.5 for Domino Implementation Guide.

.../Symantec/SMSDOM

Symantec license files.

After you install a license for any Symantecproduct, the license file is placed in the Licensesfolder.

.../Symantec/Licenses

Platform independent LiveUpdate technology todownload definition files and program updates(used for all Symantec products).

.../Symantec/LiveUpdate

Installing Mail Security for Multi-Platform EditionInstalling overview

4

If you are upgradingYou can not upgrade any earlier installed version of SMSDOM to SMSDOM 8.0.5(64-bit). Mail Security supports upgrades from version 8.0.x and higher only on32-bit Domino. If you are running version 3.x or lower, you must uninstall theproduct and then install version 8.0.5.

When you upgrade from version 8.0.x or higher, you can upgrade your previousdatabases. The databases that you choose to keep during the installation processare upgraded the next time that you start the LotusDomino server. You can verifythat the previous databaseswere properly upgraded by viewing theDomino serverconsole messages. Any new databases are created from templates and are placedin the SAV subdirectory of your default Data directory.

A direct support is not available to migrate from 32-bit version of SMSDOM to64-bit. Follow the steps below tomigrate from32-bit version of SMSDOMto64-bit.

To migrate from 32-bit version of SMSDOM to 64-bit

1 Uninstall 32-bit version of SMSDOM.However, youmay retain the SMSDOMdatabases during this process.

2 Ensure that virus definitions of the earlier 32-bit version of SMSDOM aredeleted.

These virus definitions are located at the /opt/Symantec/virusdefs folder. Alocation can be different according to your installation.

3 Ensure that you upgrade your 32-bit Domino server to 64-bit.

4 Install 64-bit version of SMSDOM on your 64-bit Domino server.

System requirements for AIXYoumusthave administrator-level privileges to anAIX computer and theDominoserver to install Symantec Mail Security for Domino — MPE.

The minimum system requirements for AIX are as follows:

AIX version 5.3 or 6.1Operating system

Domino 7.x or 8.xLotus Domino

7.x or laterLotus Notes

350 MBAvailable disk space

5Installing Mail Security for Multi-Platform EditionIf you are upgrading

32-bit version of SMSDOM:

■ 1.5x (32-bit)

64-bit version of SMSDOM:

■ 1.5x (64-bit)

JRE

9.0.0.8xlc runtime binaries

200 MB minimumAvailable disk space in /tmpdirectory

The disk space in /tmp directory is required to download LiveUpdate and RapidRelease definitions. Youmust have additional 4 GB of hard disk space if you wantto enable definitionmanagement for RapidRelease. Formore details on definitionmanagement for Rapid Release, refer to the Saving a Rapid Release definition setsection in the Symantec Mail Security 8.0.5 for Domino Implementation Guide.

Installing SymantecMail Security for Domino—MPESymantec Mail Security for Domino® — MPE 3.x must be uninstalled before youinstall Symantec Mail Security for Domino — MPE as upgrade is not supported.

For Symantec Mail Security for Domino — MPE to function properly, the avdefsgroup must exist. You must ensure one of the following conditions is met:

■ The avdefs group exists on the computer on which the Domino server runs.

■ The avdefs group is valid on the computer on which the Domino server runs.For example, the avdefs group ismaintained onanNIS server and the computeronwhich the Domino server runs has access to those NIS controlled accounts.

Theavdefs group canbe created andpopulatedduring installationby theSymantecMail Security for Domino—MPE installation script. You can also create the groupand add Notes users manually before you perform the Symantec Mail Securityfor Domino — MPE installation. The installation script will not complete if theavdefs group does not already exist or you do not allow the installation script tocreate the group itself.

Note: You must add all Notes server user accounts (server user IDs) as membersof the avdefs group that haveSymantecMail Security forDomino—MPE installedinto their respective Domino partitions.

After the installation is completed and the Domino users are added to the avdefsgroup, any terminal sessions that launch Domino must be logged off and loggedonto again to ensure that the group membership and associated permissions are

Installing Mail Security for Multi-Platform EditionInstalling Symantec Mail Security for Domino—MPE

6

enabled. Failure to do this prevents Symantec Mail Security for Domino — MPEfrom locating virus definitions on startup and causes the product not to loadcompletely.

Installing Symantec Mail Security for Domino — MPE on AIXYou must run the installation script under an account with root or administratorprivileges to install Symantec Mail Security for Domino — MPE on an AIXcomputer.

To install Symantec Mail Security for Domino—MPE on AIX

1 Stop the Domino server.

2 Go to the DVD-ROM directory (for example: cd /cdrom).

3 If the SMSDOM binaries and install script are stored in the TAR archive,extract them with the '-o' option.

Using '-o' along with other options changes the ownership of all extractedfiles to the system on which you extract the files.

4 Run the shell script ./install from the Symantec Mail Security for Domino —MPE DVD-ROM.

If youhavemultipleDominopartitions on the same server, separate SymantecMail Security for Domino — MPE databases are required for each partition.Setup detects and lets you specify on which partitions you want to installSymantec Mail Security for Domino — MPE.

5 Specify the location for Java 1.5x to install LiveUpdate.

However, if youdonotwant to install LiveUpdate, then typenwhenpromptedfor LiveUpdate installation.

6 After the SymantecMail Security forDomino—MPE install completes, restartthe Domino server.

When theDomino server is restarted, the SymantecMail Security forDomino— MPE databases are created from templates and placed in the /savsubdirectory of your default Data directory along with the readme.txt file.

7 Start your Lotus Notes client.

8 Select the workspace tab onwhich youwant to place SymantecMail Securityfor Domino — MPE.

9 On the File menu, click Database > Open.

7Installing Mail Security for Multi-Platform EditionInstalling Symantec Mail Security for Domino—MPE

10 Select the server on which Symantec Mail Security for Domino — MPE isinstalled.

11 In the sav folder, open the SMSDOM Settings database (sav/sav.nsf).

About installation script optionsThe installation shell script can install SymantecMail Security forDomino—MPEin the following ways:

No command-line options are supplied.Interactively

The -p and -s options are specified on the command line.Non-interactively

About the command line syntaxThe command line syntax is as follows:

./install [-h] [-p <notespartition>] [-s <Symantec base directory>]

[-d]

About the command line optionsThe command line options are as follows:

Displays the command-line syntax.-h

Specifies the full path to the Notes partition on which to installSymantec Mail Security for Domino — MPE. You can specifymultiple Notes partitions. Separate partitions with commas.

-p

Specifies the full path to the Symantec base directory that willcontain all of the Symantec Mail Security for Domino — MPEbinary files.

The -s option cannot be used on its own. It is used only inconjunction with the -p option.

-s

Specifies that the Symantec Mail Security for Domino — MPEinstallation process should use default settings.

You must specify the -d option if the avdefs group does not yetexist else the installation fails.

-d

Installing Mail Security for Multi-Platform EditionAbout installation script options

8

The following is an example of an installation on two Notes partitions in thedefault Symantec directory:

./install -p /notesdata1,/notesdata2 -d

Post-installation tasksTable 1-2 describes the post-installation tasks that you can perform after youinstall or upgrade to Mail Security.

Table 1-2 Post-installation tasks

DescriptionTask

This text file contains compatibility information andknown issuesabout Mail Security. The ReadMe.txt file is located on theinstallation DVD and in the following directory:

.../Symantec/SMSDOM

Refer to the ReadMefile

Before you open the databases for the first time, sign the MailSecurity databases with a trusted Notes ID file.

See “Signing the Mail Security databases to certify integrity”on page 10.

Sign the Mail Securitydatabases

You cangive auser rights to enable, disable, ormodify unrestrictedagents.

See “Granting rights to run unrestricted agents ” on page 11.

Grant rights to rununrestricted agents

After you open a Mail Security database, you can save it to aworkplace for easy access.

See “Accessing Mail Security” on page 12.

Access the MailSecurity databases

The access control settings establish who can access the MailSecurity databases.

See “Restricting access to Mail Security databases” on page 13.

Set access control

You must purchase and activate a content license and productlicense to receive updated definition files and to operate any ofthe Mail Security scanning functions. For more information onactivating licenses, refer to the Symantec Mail Security 8.0.5 forDomino Implementation Guide.

Activate licenses

9Installing Mail Security for Multi-Platform EditionPost-installation tasks

Table 1-2 Post-installation tasks (continued)

DescriptionTask

On a Domino partitioned server, all partitions share the sameDomino and SMSDOM program directory, and thus share one setof Domino and SMSDOM executable files.

See “Installing Symantec Mail Security on DPAR with SMSDOMsettings replication” on page 14.

Installing on Dominopartitioned servers(DPAR)

Signing the Mail Security databases to certifyintegrity

Before you open the databases for the first time, sign the databases with a trustedNotes ID file, using the Domino Administrator client. Signing the databases isnecessary to ensure the proper operation of all of the Mail Security features inyour Domino environment.

To properly sign the Mail Security databases, ensure that the following settingsare configured in the Domino Administrator client:

■ Sign all design documents.

■ Do not update existing signatures only.

■ Sign all data documents using an administrator ID.

■ Configure the ID as follows:

■ The ID should sign all data documents, not just those with existingsignatures.

■ The ID should be a trusted administrator’s ID or server ID.

■ The ID should have the right to run unrestricted Methods and Operations,which is necessary to run all of the database agents.

■ The ID used to sign the databases should appear on the workstation’sExecution Control List (ECL).

Ensure that the trusted Notes ID in the Execution Control List is listed with thefollowing rights in the Notes client:

■ Access to current database

■ Access to environment variables

■ Access to external code

■ Access to external programs

Installing Mail Security for Multi-Platform EditionSigning the Mail Security databases to certify integrity

10

■ Ability to read other databases

■ Ability to modify other databases

■ Ability to export data

For more information on signing databases, see the Domino Administrator andLotus Notes documentation.

Granting rights to run unrestricted agentsMail Security contains agents to help youmanage database size and run scheduledqueries. You must grant rights to the user who signs the IDs.

See “Signing the Mail Security databases to certify integrity” on page 10.

The agents are as follows:

Purges events from the Log database

By default, threat incidents are purged after 365days. Server messages and other incidents arepurged every 30 days.

For information on removing documentsautomatically from the Log database, refer toSymantec Mail Security 8.0.5 for DominoImplementation Guide.

Log purge agent

Purges items from the Quarantine database

By default, all items in the Quarantine are purgedafter 30 days.

For information on removing documentsautomatically from the Quarantine database, referto Symantec Mail Security 8.0.5 for DominoImplementation Guide.

Quarantine/Backup purge agent

Runs scheduled queries in the Log database

By default, the agent runs scheduled queries oncea day and posts the queries in the CompletedReports view.

For informationongeneratingcustomizedscheduledreports, refer to Symantec Mail Security8.0.5 forDomino Implementation Guide.

Scheduled reports agent

11Installing Mail Security for Multi-Platform EditionGranting rights to run unrestricted agents

For users to enable, disable, or modify an agent, the administrator must grantrights to run unrestricted agents in the Server Document of the server that isrunning Mail Security.

Note: Agents are disabled by default. You must enable the agents that you wantto use.

To grant users rights to run unrestricted agents

1 Open Domino Administrator.

2 On the Configuration tab, in the left pane, double-click Server.

3 In the left pane, under Server, click All Server Documents.

4 In the right (view) pane, double-click the server on whichMail Security runs.

5 On the action bar, click Edit Server.

6 On the Security tab, under Programmability Restrictions, in the Rununrestricted methods and operations box, add the users to whom you wantto grant rights to enable, disable, or modify agents.

7 On the action bar, click Save & Close.

Accessing Mail SecurityMail Security is fully integrated with the Lotus Notes environment and can beaccessed like any other database. When you open any Mail Security database, anavigation pane appears on the left. You can access any of the Mail Securitydatabases from the navigation pane.

Each Mail Security database contains options that are specific to that database.For example, the Log database contains options for server messages, productinformation, and incidents. Thenavigation pane only contains the options for thedatabases that are available and for which you have at least Reader access. Forexample, the navigation pane does not display the options for the Definitionsdatabase if it has not been created.

If you create a Definitions database, you must close all of the Mail Securitydatabases and documents.When you open any of theMail Security databases, theVirus Definitions option appears on the navigation pane.

For information about creating a Definitions database and on troubleshootinguser interface errors and issues, refer to SymantecMail Security 8.0.5 for DominoImplementation Guide.

Figure 1-1 shows the Mail Security console.

Installing Mail Security for Multi-Platform EditionAccessing Mail Security

12

Figure 1-1 Mail Security console

Action bar

Navigationpane

VersionStatus pane

To access Mail Security

1 In Lotus Notes, on the File menu, click Database > Open.

2 In the Open Database dialog box, under Server, select the server on whichyou installed Mail Security.

3 Under Database, in the SAV directory, double-click SMSDOM Settings 8.0(the Settings database).

The Settings view appears.

4 Drag the Settings database window tab to any Lotus Notes bookmark folder.

Restricting access to Mail Security databasesTo maintain security in your Lotus Domino environment, restrict access to theMail Security databases to administrators by setting theAccess Control List (ACL)for following databases:

■ Settings (sav.nsf)

■ Log (savlog.nsf)

■ Quarantine (savquar.nsf)

■ Definitions (savdefs.nsf), if used

13Installing Mail Security for Multi-Platform EditionRestricting access to Mail Security databases

TheQuarantinedatabase requires that youalso assign roles toQuarantinedatabaseusers. These roles restrict access to various Quarantine views and control whocan release documents from the Quarantine. When you set access control for theQuarantine database, you must assign roles to those groups and users who usethe Quarantine.

Formore information about theQuarantine views and assigningQuarantine roles,refer to Symantec Mail Security 8.0.5 for Domino Implementation Guide.

To restrict access to Mail Security databases

1 Log on to the account that you plan to use to administer Mail Security.

2 In Lotus Notes, right-click the Settings database, and then click Database >Access Control.

3 In the Access Control List window, add yourself, a group, or other users asnecessary to the Access Control List as Managers with Delete Documentsrights.

4 Click Default.

5 In the Access list, click No Access.

6 Click OK.

7 Repeat steps 1 - 6 for the other Mail Security databases.

Installing Symantec Mail Security on DPAR withSMSDOM settings replication

To install Mail Security on Domino partitioned servers with SMSDOM settingsreplication

1 Install SMSDOM on all the Domino partitioned servers.

2 Start any one Domino partitioned server.

This creates SAV databases on DPAR-1.

3 Modify other Domino partitioned servers' notes.ini and remove NNTASKentry from server tasks.

4 Start other Domino partitioned servers.

5 Create Replicas of SAV databases from DPAR-1 to other Domino partitionedservers.

6 Modify other Domino partitioned servers' notes.ini and add NNTASK entryto server tasks.

Installing Mail Security for Multi-Platform EditionInstalling Symantec Mail Security on DPAR with SMSDOM settings replication

14

7 Start all Domino partitioned servers.

8 SMSDOM now starts on all Domino partitioned servers and SAV databasesare replicable.

AboutuninstallingSymantecMail Security forDominoYou must run the installation script under an account with root or administratorprivileges to uninstall Symantec Mail Security for Domino — MPE . If LiveUpdateorRapidRelease is running, uninstallation of SymantecMail Security forDominofails. Mail Security includes a setup option that lets you retain existing MailSecurity databases.

To uninstall Symantec Mail Security for Domino—MPE on AIX

1 Stop the Domino server.

2 Switch to superuser or equivalent.

3 Change to the following directory:

…/Symantec/SMSDOM/uninstall

4 At the command prompt, type the following:

./uninstallsmsdom

5 Follow the on-screen instructions.When you are prompted to retain or deletethe SMSDOM databases, type n to delete the specified database.

15Installing Mail Security for Multi-Platform EditionAbout uninstalling Symantec Mail Security for Domino

Installing Mail Security for Multi-Platform EditionAbout uninstalling Symantec Mail Security for Domino

16