MailEnable Professional and Enterprise Editions provide an antivirus plugin to scan mail messages for viruses as they pass through the Mail Transfer Agent. This article explains how the Norton Anti Virus command line scanner can be integrated with MailEnable as a virus scanning agent.
Installing Norton Anti Virus
While it is not necessary to install the Norton software that comes on disk one of the two disk set, it is advisable to install the option of the on demand scanner that allows for the virus checking and scanning of files and hard drives on the server. However, it is imperative that the resident scanner is either not installed or disabled. Command line scanners and resident AV services cannot perform together.
To install the Command Line Scanner for Norton Anti Virus please follow the steps below;
Within the directory DOS is the command line of VSCAND.exe - this is the executable that is run to scan for viruses.
Step 1: Configuring the antivirus program
1. Install Norton antivirus application onto the same server that has MailEnable installed
2. Ensure that any resident or real-time protector capabilities of the antivirus application have been disabled (or all the MailEnable directories have been excluded from being protected by the software).
As a general rule, consider the following:
- Exclude MailEnable "Queues" and the "Config" Directories from the resident/real-time monitoring.
- Disable the resident/real-time monitor if exclusion of MailEnable directories is not possible within the antivirus application.
3. Open the MailEnable Administration program. Expand the Servers > Local host > Filters branch, select the 'MailEnable Message Filter' icon, then select the MailEnable Antivirus Filter item in the list which appears on the right side panel.
4. Select "Norton" from the list of available antivirus applications.
5. Make sure that the "Enable" (or "Enable selected antivirus") is selected. It is possible to enable more than one antivirus application on the server, but this will affect the number of messages that can be scanned over a period of time.
6. Ensure that the correct program path to the command line virus scanner has been specified. Select the Options button to change this. Also ensure that the scratch directory exists. This directory is used to unpack the message as it is scanned for viruses.
7. Save changes.
8. Stop the MTA service.
9. Start the MTA service.
Make sure virus definition files are being updated. See the antivirus documentation for information on how to do this. Some antivirus applications specifically require Administrative privileges to run. Since the MTA runs under the LocalSystem account, change this to an account with Administrative privileges. Open the Services control panel applet. For the "MailEnable Mail Transfer Agent" service, change the user account it runs under to a Windows user account that has Administrative rights (i.e. a member of the Administrators group).
Step 2: Creating an antivirus filter
To enable antivirus filtering requires the creation of a filter in the MailEnable Administration program that detects when the message contains a virus and deletes the message or quarantines it, notifies sender, etc.
To create an antivirus filter:
1. Open the MailEnable Administration Program
2. Right click on the Messaging Manager>Filters branch and create a new filter.
3. In the name field enter something like "Antivirus Filter" (without the quotes).
4. Having created the filter, edit the criteria for the filter as follows:
5. Check the criteria "Where the message contains a virus"
6. Create the actions that are undertaken when the virus is detected. E.g. Copy the message to the Quarantine directory or Delete Message
More Configuration Settings
The Symantec Command Line scanner Vscand.exe cannot have multiple instances of itself running. To overcome the MailEnable MTA service is required to be run in a single thread. This will slow down the processing of emails. Depending on hardware and email form/size, it will only be able to scan around 16,000 messages per day (1 scan every 5.4 seconds).
To set the MTA to run in one thread, run the Administration program. Expand the Servers->Localhost->Agents branch, right click on the MTA icon and select Properties from the popup menu. In the window which appears you can set the thread count for the MTA service.
Or you can download a registry key from the following link;
NAVCE requires Administrative privileges to run. Since the MTA runs under the LocalSystem account, you need to change this to an account with Administrative privileges. Open the Services control panel applet. For the "MailEnable Mail Transfer Agent" service, change the user account it runs under to a Windows user account that has Administrative right (ie. a member of the Administrators group)
How to configure MailEnable's antivirus plug-in: How do I configure MailEnable Professional's Anti-Virus plug-in?
How to debug antivirus support and the Mail Transfer Agent: How can I debug the Antivirus Support and the Mail Transfer Agent
How to tune the antivirus plug-in and the Mail Transfer Agent: How to tune MailEnable's Antivirus Plug-in and the MTA
How does antivirus filtering work, and how to configure it: How does Antivirus Filtering work and how do I configure it?
|Product:||MailEnable (Pro-Any Pro-1.X Ent-Any Ent-1.X)|
|Class:||HOWTO: Product Instructions|
|Revised:||Wednesday, May 4, 2016|