- F-Prot
- Sophos
- McAfee Virus Scan
- Norton Antivirus Corporate Edition 7.6
- Norman Virus Control
- Panda Antivirus Command Line
- Grisoft AVG
Configuring MailEnable to filter viruses requires both:
1. Configuration of the antivirus program to use, and also
2. Creation of an antivirus filter in MailEnable
2. Ensure that any resident or real-time protector capabilities of the antivirus application have been disabled (or all the MailEnable directories have been excluded from being protected by the software).
NOTE: Running a real time antivirus protection on a server can cause issues and each resident antivirus protection agent can have its own problems. If the resident/real-time monitor is enabled, the problems range from blank messages showing up when MailEnable tries to deliver a message with a virus, to possible corruption of mail system configuration files or messages themselves.
As a general rule, consider the following:
- Exclude MailEnable “Queues” and the “Config” Directories from the resident/real-time monitoring.
- Disable the resident/real-time monitor if exclusion of MailEnable directories is not possible within the antivirus application.
3. Open the MailEnable Administration program. Expand the Servers >Local host >Filters branch, select the 'MailEnable Message Filter' icon, then select the MailEnable Antivirus Filter item in the list which appears on the right side panel.
4. Select the appropriate item from the list of available antivirus applications.
5. Make sure that the "Enable" (or "Enable selected antivirus") is selected. It is possible to enable more than one antivirus application on the server, but this will affect the number of messages that can be scanned over a period of time.
6. Ensure that the correct program path to the command line virus scanner has been specified. Select the Options button to change this. Also ensure that the scratch directory exists. This directory is used to unpack the message as it is scanned for viruses.
7. Save changes.
8. Stop the MTA service.
9. Start the MTA service.
Make sure virus definition files are being updated. See the antivirus documentation for information on how to do this. Some antivirus applications specifically require Administrative privileges to run. Since the MTA runs under the LocalSystem account, change this to an account with Administrative privileges. Open the Services control panel applet. For the "MailEnable Mail Transfer Agent" service, change the user account it runs under to a Windows user account that has Administrative rights (i.e. a member of the Administrators group).
To create an antivirus filter:
1. Open the MailEnable Administration Program
2. Right click on the Messaging Manager>Filters branch and create a new filter.
3. In the name field enter something like "Antivirus Filter" (without the quotes).
4. Having created the filter, edit the criteria for the filter as follows:
5. Check the criteria "Where the message contains a virus"
6. Create the actions that are undertaken when the virus is detected. E.g. Copy the message to the Quarantine directory or Delete Message
Once the Antivirus agents have been configured to be used by the server, they can be used by specific filters. The configurable properties for antivirus agents are outlined in the following table:
Enable antivirus/filter support
Enables or disable all antivirus and other filters that may be installed for MailEnable.
Enable selected antivirus/filter
Indicates that the currently selected virus checker or filter will scan emails. It is possible to enable more than one antivirus/filter at once.
Options
Sets the advanced options for the currently selected antivirus application.
Test
Tests the currently selected antivirus program by writing out the test Eicar virus and determining whether the command line scanner can detect it. Be aware that this may not work with all command line scanners (Symantec’s Norton's Antivirus Corporate Edition is one of these). For scanners that do not work with the test button, check whether the antivirus program is functioning by running the MTA in debug mode.
Command line arguments
The command line arguments that are used to run the antivirus scanner. There should be no need to change these options unless adding your own antivirus scanner (i.e. not a preset).
Command line arguments will delete attachment
Selecting this will require that the command line scanner to delete any infected attachment. Some virus scanners cannot remove zip files that are infected with viruses using this option.
Return code will be checked against this list
This option will make MailEnable check the return code from a command line scanner. If the return code matches the return codes items in the list, then the attachment is detected as a virus. It is not possible to use any command line argument that deletes the attachment when this option is selected. Use the 'any' keyword in order to check for any return code (i.e. other than 0)
Return code check
Choose to detect the attachment as a virus if the return code is a number other than those in the list.
It is not advisable to notify the sender that the have an infected email. When a virus is sent via email, it will usually use a different senders address that it randomly picks from the infected machine. So by sending notifications back to the sender address it is probably not being sent to someone who is infected.
Also consider that virus-scanning email adds more load on the server. This is because the antivirus filter must extract and test every attachment that goes through the server. It is advisable to adjust the MTA maximum transfer threads under the MTA properties to ensure that the number of concurrent instances of virus scan agents is appropriately configured. Consider that each transfer thread could potentially mean a different concurrent instance of the agent’s command line scanner.