Using McAfee Command Line Scanner for Windows within MailEnable


SUMMARY

Instructions for configuring McAfee Antivirus with MailEnable as an antivirus plug-in.

OVERVIEW

Step 1: Installing and Configuring McAfee Command line scanner for Windows:

  • Download McAfee Command line scanner for Windows from the McAfee website: http://www.mcafee.com
  • Create a directory for the VirusScan Command Line software on your hard disk (e.g.: VirusScan).
  • Extract the contents of the downloaded file (VirusScan Command Line files) to the new folder.
  • Update the PATH environment variable to include the directory.

Step 2: Configuring the MailEnable Antivirus McAfee plug-in settings:

  • Open the MailEnable Administration program. Expand the Servers > Local host > Extensions, select the "MailEnable Message Filter" icon, then select the "MailEnable Antivirus Filter" item in the list which appears on the right side panel.
  • Select "McAfee VirusScan" from the list of available antivirus applications.
  • Make sure that the "Enable" (or "Enable selected antivirus") is selected. It is possible to enable more than one antivirus application on the server, but this will affect the number of messages that can be scanned over a period of time.
  • Ensure that the correct program path to the McAfee command line virus scanner has been specified (e.g.: C:\VirusScan\scan.exe). Select the "Options" button to edit the path. Also ensure that the MailEnable "scratch" folder exists which is used by the McAfee plug-in to unpack the message as it is scanned for viruses. To edit the path of the "scratch" folder, right click on "MailEnable Message Filter" and select "properties". In the opening window you will see the section to edit the scratch folder path. 
  • Save changes in the MailEnable McAfee plug-in window and restart the MTA agent for the changes to take effect.
  • For information on how to update the McAfee virus definitions and .DAT files please refer to the McAfee documentation.

Step 3: Creating an antivirus filter within the MailEnable administration console:

In versions 3.x onwards MailEnable introduced a spam protection filter which is enabled by default when you install MailEnable. The spam protection script will score the message with a 100 positive weighting and mark the message as spam if an infection is found by the command line scanner. The infected attachment will automatically be removed by the command line scanner. More information in regards to the spam protection filter can be found within the MailEnable documentation or the following knowledgebase article: http://www.mailenable.com/kb/content/article.asp?ID=ME020391

However if you are configuring the McAfee Command Line Scanner on a MailEnable version 1.x or 2.x (Pro or Ent) and require actions to be performed based on message infection then this will require the creation of a global filter in the MailEnable Administration program that detects when the message contains a virus and deletes the message or quarantines it, notifies sender, etc.

NOTE: A global filter can also be created in MailEnable versions 3.x and 4.x (Pro and Ent).

To create an antivirus filter:

  • Open the MailEnable Administration Program.
  • Right click on the Messaging Manager>Filters branch and create a new filter.
  • Name the filter "Antivirus Filter" (without the quotes).
  • Next double click the newly created filter in the right hand side pane window and check the criteria: "Where the message contains a virus".
  • Create the actions that are undertaken when the virus is detected by clicking on the "Add Action" button (e.g.: Copy the message to the Quarantine directory or Delete Message).

Testing antivirus configuration

Test the configuration by emailing yourself the Eicar test virus from http://www.eicar.com. To perform more advanced testing and debugging, follow the details in this knowledge base article: http://www.mailenable.com/kb/content/article.asp?ID=ME020085

The MailEnable Antivirus log files are located under: Servers > Local host > Extensions > MailEnable Message Filter > logs > Antivirus

MORE INFORMATION

MailEnable antivirus overview: http://www.mailenable.com/kb/content/article.asp?ID=ME020389

Which antivirus solution to use with MailEnable: http://www.mailenable.com/kb/content/article.asp?ID=ME020144

Debugging the anti-virus support and the Mail Transfer Agent: http://www.mailenable.com/kb/content/article.asp?ID=ME020121



Product:MailEnable (Pro-1.X Ent-1.X)
Article:ME020287
Module:MTA Filtering
Keywords:mcafee,mc,afee,antivirus,anti-virus,virus,scan,virusscan
Class:HOWTO: Product Instructions
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable