SUMMARY
MailEnable Professional and Enterprise Editions
provide an antivirus plug-in allowing mail messages to be scanned for viruses as
they pass through the Mail Transfer Agent. This article contains general
information about MailEnable's Anti-virus module and how the anti-virus agents
are called by MailEnable.
OVERVIEW
MailEnable's Mail Transfer Agent (MTA) is the core
component of MailEnable responsible for the routing of messages once they have
been received from a mail client for delivery. Every mail message arriving or
leaving MailEnable (whether SMTP, web mail, HTTP, IMAP, POP3, etc.) travels
through the Mail Transfer Agent.
DETAIL
MailEnable Professional Edition and
Enterprise Edition allow the creation of system filters responsible for checking messages for
viruses as they pass through the Mail Transfer Agent.
As the messages pass through the Mail Transfer Agent,
its message parts are extracted into a scratch directory for analysis by one or
more anti-virus agents.
Once the message is extracted MailEnable's anti-virus
plug-in creates an anti-virus process for each attachment that is passed through
the MTA. Hence, if a message contains 3 attachments, the MTA will extract the
attachments to the scratch folder and run the antivirus scanning process for
each attachment.
Note: When the messages are put into the scratch
directory, they are converted to .ATT files for scanning
purposes.
If the message contains no virus, then its routing
path is unaltered and it is delivered to the connector appropriate to its
delivery. If the message contains a virus, then the antivirus scanner returns a code to
the MTA alerting it to the successful find of an infection the MTA then actions
a filter criteria associated with the antivirus plug-in.
The MailEnable MTA can work with many
antivirus command line scanners. The configuration settings of the command line
options used by the scanners often need to be slightly modified, depending on
the version of the scanner being used. It is important to configure the
antivirus application to regularly update its signature files (or otherwise the
scanner will not effectively capture new virus strains). The product
documentation or reference material provided by the antivirus software vendor
should provide instructions on scheduling signature updates.
NOTE: Some antivirus scanners are fooled by the
.ATT attachment used by MailEnable when its extracted and the viruses are not
detected. Recent testing indicates that this limitation has been overcome by
most antivirus software vendors.
Many antivirus agents
do not function effectively under high concurrency (i.e.: where there are many
instances of the antivirus agent running at the one time). This can be controlled by
limiting the number of transfer threads used by the MTA. The default settings
for the number of concurrent MTA transfer threads are 64. In most cases,
if scanning for viruses, set the maximum number of transfer threads to a value
less than 5 (in fact, some antivirus agents require this setting to be 1
transfer thread only).
The default threads can be changed in the MTA
properties:
1. Go to Agents>MTA
2. Right click MTA agent and click
'Properties'
3. Change maximum threads.
MailEnable recommends trialling
any anti-virus software before purchasing, as each agent works differently, and a
decision should be made on personal requirements for antivirus scanning. It is
also worth mentioning that some antivirus agents require that the MailEnable
Mail Transfer Agent run with elevated privileges.
Please note: The MailEnable MTA agent purely calls
a command line scanner, and as such MailEnable does not accept responsibility
for any companies antivirus scanner not detecting particular viruses. This issue can
only be rectified through the company where the product was purchased, and as
such all queries and support except for configuration should be directed through
their relevant channels.
Any errors
or omissions in
the documentation describing the configuration options for antivirus
agents are unintentional. Contact the vendor's manual or web site relevant
to the respective antivirus package for more information. Whilst MailEnable provides
a means for integrating antivirus software, always check the licensing agreement
supplied with the antivirus software to determine any licensing
constraints.
MORE INFORMATION
How
to configure an anti-virus filter as a system message filter: Article ME020388
Which antivirus solution should be used with
MailEnable?: Article ME020144 | 
