If you attempt to execute workstation commands in an unsigned Symantec Mail Security database, the Execution Security Alert dialog box appears. This dialog box presents the user with three options.
In Domino R5, the options are "Abort," "Execute Once," or "Trust Signer."
In Domino 6.x and higher, the options are "Do NOT execute the action," "Execute the action this one time," and "Start trusting the signer to execute this action."
If "Trust Signer" or "Start Trusting..." is selected with "-No Signature-" as the signer, it is a security risk. The "-No Signature-" account will gain elevated rights on your workstation. Furthermore, components of Symantec Mail Security that require a valid signature will not work properly as long as the databases remain unsigned.
Note: These instructions assume a high level of knowledge about Lotus Domino and the Domino Administrator client. If you are not familiar with either program, please consult your Lotus Domino documentation before installing Norton AntiVirus or Symantec AntiVirus.
Symantec recommends immediately signing all relevant Symantec Mail Security databases. Use the following sections to sign databases for Symantec Mail Security using a trusted ID. Please note that the account used to sign the databases should already appear on your workstation's Execution Control List (ECL).
To sign a Symantec Mail Security database
Open the Domino Administrator client.
Navigate to the Files tab, and then to the Sav folder.
Right-click Sav.nsf, and click Sign.
Verify that the correct ID is selected - "Active User’s ID" or "Active Server's ID," depending on which ID you prefer.
Verify that "All design documents" is selected.
Verify that "Update existing signatures only" is not selected.
Repeat steps 4-7 for the Savlog.nsf, Savquar.nsf, and, if applicable, the Savdefs.nsf.
Note: Any time a database is recreated for any reason, it will need to be re-signed.
Imported Document ID: TECH80693
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe