Here's my documented attempt to have Symantec send me email notifications upon all sorts of alerts.
From this link :
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008031219333348
Im running Exchange 2003 SP2 server for mail on port 25
I configured the email server and have tried the folowing variations:
Server Address: mail.domain.com
Port number" 25
User Name:
symantec@domain.com
Password: password
Server Address: 10.0.1.100
Port number: 25
User Name:
symantec@domain.com
Password: password
Server Address: External Ip Address
Port number: 25
User Name:
symantec@domain.com
Password: password
Server Address: server
Port number: 25
User Name:
symantec@domain.com
Password: password
Server Address: server.arc.local
Port number: 25
User Name:
symantec@domain.com
Password: password
Server Address: mail.domain.com
Port number: 25
User Name: symantec
Password: password
The notifications are set for every type of risk there is such as New Risk detected, Virus definition out of date etc.
Im using EICAR (http://www.eicar.org/anti_virus_test_file.htm) to test the notifications
I have also followed the
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040309460648
and it seems that while Delete EICAR events is unchecked and the damper is set to 20 minutes on every type of risk, Im not getting the EICAR events to appear under Monitors>Logs>Risk Logs
At this point im not sure whether its a matter of bad mail server configuration or EICAR not even reporting to SEPM console.
I do however see bunch of
March 17, 2010 5:19:08 PM CDT: Email sending failed [Site: Site server2] [Server: server2]
notifications under Admin > Servers log at the bottom
I will appreciate any help, advice or pointers in the right direction