SUMMARY

How to run the MailEnable antivirus option in debug mode for troubleshooting.

DETAIL

After setting up the antivirus component of MailEnable it is possible to check whether the configuration is correct. In the MailEnable Administration program under MailEnable Management > Servers > Localhost > Extensions > Message Filter. Click on "Message Filter" and in the right hand pane window double click on "MailEnable Antivirus Filter". Locate and select the antivirus preset that is set to "Enabled" and then click on the "Test Settings..." button. This button will create a test virus file (details of the test file can be found at http://www.eicar.com), and then attempt to run the virus checker using the specified options. MailEnable will warn of any errors when it tests. Be aware that some virus checkers may not work with the "Test Settings" feature.

If the test does not indicate an error, but viruses are not being detected, it can be helpful to follow the steps below to show what the command line scanner is actually doing:

1. Stop the Mail Transfer Agent (MTA) service
2. Configure the antivirus options
3. Open a command prompt and enter the following command:

    MEMTA -debug

This will run the MTA service in debug mode to determine whether  the emails are being scanned.

4. Download and send the test virus from http://www.eicar.org. This is a test file that virus checkers pick up. The virus checker should write output to the screen when the email goes through.
5. To stop the MTA service, press Control-C. Then start the MTA service through the MailEnable Administration program normally.

CLAMAV INFORMATION

MailEnable Professional and Enterprise versions contain ClamAV which runs as a service. The ClamAV preset runs the clamdscan.exe application which passes the email to the ClamAV service to check. If the test fails, check to make sure that the ClamWin Free Antivirus Scanner Service Windows service is running. If it cannot start, or is running and the test is failing, you can check the ClamAV clamd.log log file which is located in Mail Enable\Antivirus\ClamAV for details. A common reason for a test to fail is an existing resident antivirus scanner is running on the server and is not excluding the directories.

MORE INFORMATION

How to debug the antivirus support and the Mail Transfer Agent: http://www.mailenable.com/kb/content/article.asp?ID=ME020121

How to run MailEnable services in debug mode: http://www.mailenable.com/kb/content/article.asp?ID=ME020021