This article contains the Best Practices for installing Symantec Mail Security for Domino (SMSDOM).
Install the latest version
The first recommended action is to ensure the latest released version of the product is installed and running on all servers.
Problems fixed and code optimizations
Following every product release, solutions to a number of previously identified problems are included, thus increasing product's stability and performance.
Furthermore, code-level changes occur in order to optimize the processor and memory footprint.
Often, releases introduce new features improving and extending the product's capabilities, such as more granular detection capabilities of encrypted files.
It is recommended to upgrade the product to the latest version in order to avail of improved and new functionality.
For more information, please refer to the product's Implementation Guide DOC3292, DOC3289, DOC5369, DOC5364 and DOC5368
Issues not yet uncovered
Should new problems be found in the product and require a code-level change, this will likely be made on the latest available version of the product.
Supportability of the environment
Every version of SMSDOM is certified against specific versions of Lotus Domino server.
Some versions of Domino server may not be supported by certain SMSDOM versions.
For more information, please refer to the product's Support Matrix TECH96823.
Scan errors due to new file type technologies
The latest version of SMSDOM will reflect changes in file type technologies and algorithms.
Often, these technologies require changes to the scanning engine components in order to better identify and scan new file types.
When running an old version of SMSDOM, scan errors may occur due to the inability of the engine to properly determine file types.
Furthermore, missed or improper file identifications may be used as a vehicle for threats.
Sample setup "checklist"
The following steps are recommended prior to a product upgrade or reinstallation.
- Ensure that realtime exclusions are properly set for certain Domino processes.
To do so, browse to "Settings > Configuration > Auto-Protect > Ignore the following server processes" then click on "Reset to defaults".
Additional processes may now be added to the list, if needed.
- Before the product upgrade or reinstall, ensure that there are no lines in notes.ini beginning with "SAV".
Should SAV-related lines be present, it is recommended to comment (;) the lines rather than deleting them.
- Ensure to configure a dedicated directory for temporary scanning with sufficient space.
Browse to "Settings > Configuration > Threat/Security Risk > Directory for temporary files".
For more info, please refer to the following technote: TECH96140.
- If a file-system local AntiVirus solution is also installed on the same server, ensure that the directory configured for SMSDOM's temporary files is excluded from realtime scan.