ToDo for using onboard Microsoft Defender on Windows Server 2019 with Mailenable 10.32
I think it works also an Windows 2016.
Main reason for me was to replace f-port Scan in Mailenable, because it shuts down in April 2021.
First, disable other Antivirus than Microsoft Defender and remove/deinstall old Stuff (f-prot)
Main Problem for not using defender directly is that MS errorlevel returncodes are 0 (nothing found) oder 2 (virus found OR program error). So you have to use a batchfile (CMD) instead with "find" command.
so, here is the batchfile.
---cut Scanvir.cmd
@echo off
rem Ralph Brilla 20.02.2021
rem Infos sind aus diversen Artikeln im Internet
rem Return code is
rem 0 if no malware is found or malware is successfully remediated and no additional user action is required
rem 2 if malware is found and not remediated or additional user action is required to complete remediation or there is error in scanning. Please check History for more information.
rem Depending on the version, mpcmdrun.exe could be found in a couple of different locations.
rem %ProgramFiles%\Microsoft Security Client\Antimalware\
rem %ProgramFiles%\Microsoft Security Essentials\
rem %ProgramFiles%\Windows Defender\ Windows 10 (Build 2004)
"%ProgramFiles%\Windows Defender\mpcmdrun.exe" -scan -scantype 3 -file %1 -disableremediation >c:\Scripte\Virusscan\scanlog.txt
find /c "LIST OF DETECTED THREATS" c:\Scripte\Virusscan\scanlog.txt
IF ERRORLEVEL 2 GOTO Label2
IF ERRORLEVEL 1 GOTO Label1
ECHO 0 THREAT/Virus found
EXIT /b 1
GOTO ENDE
:Label2
ECHO 2
EXIT /b 2
GOTO ENDE
:Label1
ECHO 1 Nothing found
EXIT /b 0
:ENDE
---cut
Save it as Scanvir.cmd in folder "C:\Scripte\Virusscan"
Now you need to disable the Realtime Scan on a few folders (ie. MailEnable, Tempfolders, Scanfolder..)
Start a powershell with adminrights. Disable Realtime Scan for Mail Enable, Virusscan Scriptfolder and Temp Folder (used for expanding zip/rar):
Use this commands
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Mail Enable"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Mail Enable\Scratch"
Add-MpPreference -ExclusionPath "C:\Scripte\Virusscan"
Add-MpPreference -ExclusionPath "C:\Windows\Temp"
you can check the settings with this command: Get-MpPreference
We can go on to confire MailEnable
Now you need to enable the MailEnable Antivirus Filter
You can find it under MailEnable Management/Server/Extensions/Message Filter
For scanning with Defender i used the filter from Sophos. (Creating my own Scanfilter with .reg file doesn´t work )
Activate "Enable selected anti-virus"
Now click Options
Program path: C:\Windows\System32\cmd.exe
Command line arguments: "[AGENT]" /C C:\Scripte\Virusscan\Scanvir.cmd "[FILENAME]"
click Detection method: Return code will be checked against this list
Use "1" as Return code
Return code check: Match a return code
click "ok"
Enable Activity Log if you wish
Enable Bypass antivirus scan on authenticard sender if you wish
click Ok
Now restart the MTA
Go back an klick Test settings. Now you should see a windows with AV test Results. Message should be "0 THREAT/Virus found" Command line scanner returned 1
You can now start to create a filter for moving to quarratine or to move to junk-folder
I preferred to move it to junk, because the attachment is removed via virusscan.
The filter is configured under Mailenable Management/Messaging Manager/Filter
i have included a screenshot from my filter
Last of all.
Test it. you can find many testsites where you can send eicar testfiles via your mailserver.
I used heise security to send eicar testfiles with zip/rar.
hope this helps a little, because there a not many cmd virusscanner today you can use.
Greetings from germany
Ralph
Use Mailenable 10.32 with Microsoft Defender on Windows Server 2019 as CMD AV Scanner
Use Mailenable 10.32 with Microsoft Defender on Windows Server 2019 as CMD AV Scanner
- Attachments
-
- Virusscan_Options_Screenshot.PNG (50.23 KiB) Viewed 9886 times
-
- Messagefilter_Virusscan_move_to_Junk.PNG (59.16 KiB) Viewed 9886 times
-
- Posts: 154
- Joined: Mon May 24, 2010 2:27 pm
Re: Use Mailenable 10.32 with Microsoft Defender on Windows Server 2019 as CMD AV Scanner
RBrilla,
Thank you for this post. It works great
Thank you for this post. It works great
Kent Runyan
CFDynamics.com
Providing World Class Hosting Solutions for over two decades.
CFDynamics.com
Providing World Class Hosting Solutions for over two decades.