MailEnable Professional Guide
Antivirus Configuration

Using your own antivirus scanner

If antivirus support is enabled, attachments in messages are unpacked and scanned as they pass through the Mail Transfer Agent. The MTA moves mail messages internally within MailEnable. When the MTA picks up a message from a connector’s queue, it unpacks it into a scratch directory and uses the command line specified in the administration program to scan each unpacked file. In most cases, command line virus checkers have the ability to automatically delete files. If one of the scanned attachments of the message is deleted, the Antivirus filter assumes that it has a virus and when the message is reconstructed, it replaces the offending content with a note indicating that offending content was removed. MailEnable can also check the return code from a command line scanner in order to determine whether the item it processed is infected.

For example, a sample argument line for a command line scanner is:

"[AGENT]" "[FILENAME]" -remove -s -nb -nc

This can be seen if you open the registry and access HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\[Virus Scanner Short Name].

Note that the [AGENT] and [FILENAME] tokens in this registry setting are replaced by the path to the A/V Command Line Scanner and the attachment name (which is generated by the system). The "-remove -s -nb -nc" part of this registry value is the part that will vary depending on the scanner application being used.

Ensuring that the A/V app supports auto deletion is a little limiting. As a result there are registry settings that allow the use of the scanners DOS error level or exit code.

The respective settings are:

Example

A sample registry import file is outlined below:

Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\Custom] 
"Status"=dword:00000000 
"Antivirus Notification Message"=">"
"Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch" 
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" -s -nb -nc" 
"Antivirus Agent"="C:\\Program Files\\Virus Scanner\\CUSTOM.EXE" 
"Provider DLL"="MEAVGEN.DLL" 
"Program Name"="Custom" 
"Program Info"="This is a template for new virus scanners." 
"Exit Code Enabled"=dword:00000000 
"Exit Codes Error Inclusive"=dword:00000001 
"Exit Codes"="1" 

This can be copied into Notepad, saved as a .reg file and imported using the registry editor. Once imported into the registry, the settings can be edited to those required by the antivirus command line application.

Selecting an antivirus application

MailEnable Enterprise Edition provides an antivirus plug-in that will allow scanning of mail messages for viruses as they pass through the Mail Transfer Agent. The following overviews are provided to assist in selecting an antivirus application.

F-Prot

Company:  Frisk International

Product Name: F-Prot for Windows http://www.f-prot.com/

Configuration Guidelines: MailEnable Knowledge Base http://www.mailenable.com/kb/Content/Article.asp?ID=me020284

Sophos

Company:  Sophos

Product Name: Sophos Antivirus http://www.sophos.com/

Configuration Guidelines: MailEnable Knowledge Base
http://www.mailenable.com/kb/Content/Article.asp?ID=me020288

Norman Antivirus

Company: Norman

Product Name: Norman Virus Control (NVC)

Configuration Guidelines: MailEnable Knowledge Base http://www.mailenable.com/kb/Content/Article.asp?ID=me020290

Panda

Company: Panda Software

Product Name: Panda Command Line http://www.symantec.com/index.htm

Configuration Guidelines:MailEnable Knowledge Base
http://www.mailenable.com/kb/Content/Article.asp?ID=me020289

Symantec Norton Antivirus

Company:  Symantec

Product Name:Norton Antivirus (Corporate Edition) http://www.symantec.com/index.htm

Configuration Guidelines: MailEnable Knowledge Base
http://www.mailenable.com/kb/Content/Article.asp?ID=me020086 (versions 6 and 7)
http://www.mailenable.com/kb/Content/Article.asp?ID=me020277 (Corporate Edition)

McAfee Virus Scan

Company:  McAfee

Product Name:  McAfee Virus Scan http://www.mcafee.com/

Configuration Guidelines:MailEnable Knowledge Base

http://www.mailenable.com/kb/Content/Article.asp?ID=me020287

Grisoft AVG

Company:Grisoft

Product Name:AVG  http://www.grisoft.com

Configuration Guidelines: MailEnable Knowledge Base
 http://www.mailenable.com/kb/Content/Article.asp?ID=me020201

Real time protection

Some antivirus agents cannot exclude directories or file types from their real time protector. Problems may occur if real-time virus protectors are not prevented from monitoring and protecting critical MailEnable directories. Depending on what the server is being used for, it may be better disable real time protectors because they drastically inhibit disk IO. An option is to schedule scans rather than using the real-time protector. The following table outlines the current features of leading antivirus manufacturers with respect to configuring real-time virus protection/IO monitoring.

Vendor/Product

Support

Norton Antivirus Corporate Edition

Can exclude directories and file types.

McAfee Virus Scan

Can exclude directories and file types.

Panda

Can exclude specific folders.

AVG

No ability to exclude directories or file types.

Norman

Can exclude directories and file types.

F-Prot

No ability to exclude directories or file types.

Note: Any errors or omissions in the above are unintentional. For accurate and up to date information it is recommended to consult the manual or web site of the respective antivirus software package. Whilst MailEnable provides a means for you to integrate Antivirus software, you should always check the licensing agreement supplied with the Antivirus software to determine any licensing constraints.

 

 

 


© MailEnable Pty. Ltd. All Rights Reserved.