How to configure a custom command line anti-virus scanner with MailEnable


SUMMARY

MailEnable Professional and Enterprise Editions integrate with a variety of third party antivirus solutions in order to scan and remove viruses on messages as they are processed. While MailEnable comes with presets for some of the popular anti-virus applications it is possible to configure your own command line scanner.

DETAIL

Configure antivirus scanning as follows:

1. From the MailEnable Administration program select MailEnable|MailEnable Management|Servers|localhost|Filters|MailEnable Message Filter by clicking on it.
2. In the right hand panel, right click on MailEnable Antivirus Filter and select Properties.
3. Ensure that the Enable anti-virus support check box is checked.
4. Scroll down through the list to locate the antivirus application to use, and enable it.

If antivirus support is enabled, messages are unpacked and scanned as they pass through the Mail Transfer Agent. The MTA moves mail messages internally within MailEnable. When the MTA picks up a message from a connector's queue, it unpacks it into a scratch directory and uses the command line specified in the administration program to scan each unpacked file. In most cases, command line virus checkers have the ability to automatically delete files. If one of the scanned attachments of the message is deleted, the anti-virus filter assumes that it has a virus and when the message is reconstructed, it replaces the offending content with a note indicating that offending content was removed. MailEnable can also check the return code from a command line scanner in order to determine whether the item it processed is infected.

For example, a sample argument line for a command line scanner is:

"[AGENT]" "[FILENAME]" -remove -s -nb -nc

This can be seen by opening the registry and accessing HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\[Virus Scanner Short Name].

Note that the [AGENT] and [FILENAME] tokens in this registry setting are replaced by the path to the A/V Command Line Scanner and the attachment name (which is generated by the system). The "-remove -s -nb -nc" part of this registry value is the part that will vary depending on the scanner application being used.

Ensuring that the antivirus application supports auto deletion is a little limiting. As a result there are registry setting that allow the use of the scanners DOS error level or exit code.

The settings are:

"Exit Code Enabled": 0/1 - on/off
"Exit Codes": eg: 1 2 9: space delimited string containing application exit codes
"Exit Codes Error Inclusive": 0/1 - on/off: used to configure whether the "Exit Codes" indicate errors or successes.

Using your own Anti-virus Scanner:

A sample registry import file is outlined below:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\Custom]
"Status"=dword:00000000
"Antivirus Notification Message"="The virus was removed."
"Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch"
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" -s -nb -nc"
"Antivirus Agent"="C:\\Program Files\\Virus Scanner\\CUSTOM.EXE"
"Provider DLL"="MEAVGEN.DLL"
"Program Name"="Custom"
"Program Info"="This is a template for new virus scanners."
"Exit Code Enabled"=dword:00000001
"Exit Codes Error Inclusive"=dword:00000001
"Exit Codes"="1"
"Type"= dword:00000001


Copy this into Notepad, save as a .reg file and import it using the registry editor. Once imported into the registry, the settings can be edited to those required by the anti-virus command line application.

MORE INFORMATION

Which anti-virus solutions can be used with MailEnable?: http://www.mailenable.com/kb/content/article.asp?ID=ME020144

How to tune MailEnable's antivirus Plug-in and the MTA: http://www.mailenable.com/kb/content/article.asp?ID=ME020147

How to debug anti-virus support and the Mail Transfer Agent: http://www.mailenable.com/kb/content/article.asp?ID=ME020121



Product:MailEnable (Pro-Any Pro-1.X Ent-Any Ent-1.X)
Category:Configuration
Article:ME020056
Module:MTA Filtering
Keywords:Antivirus,MTA,filtering,AV,custom,anti,virus,anti-virus,command,line,scan
Class:HOWTO: Product Instructions
Created:23/10/2002 10:42:00 PM
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable