SUMMARY

This article explains how to setup and integrate ClamWin within MailEnable for virus scanning. Versions 6 and later of MailEnable include ClamWin, so this article does not apply to those MailEnable versions.

DETAIL

Step 1: Installing and Configuring ClamWin Antivirus:

• Download ClamWin Free Antivirus from the following location: http://www.clamwin.com/content/view/18/46/
• Install to "C:\Program Files\ClamWin" (32bit Windows) or "C:\Program Files (x86)\ClamWin" (64bit Windows)

Please download the respective registry import file for the ClamWin Antivirus MailEnable plug-in:

64 Bit versions of Windows: http://www.mailenable.com/utilities/addons/clamwin64bit.zip

32 Bit versions of Windows: http://www.mailenable.com/utilities/addons/clamwin32.zip

• Double click the registry import file to add the ClamWin plugin settings to the MailEnable Antivirus plugin window.
• Open the MailEnable Administration program. Expand: Servers > Local host > Extensions branch, select the "MailEnable Message Filter" icon, then select the "MailEnable Antivirus Filter" item in the list which appears on the right side panel.
• Select "ClamWin" from the list of available antivirus applications.
• Make sure that the "Enable" (or "Enable selected antivirus") is selected. It is possible to enable more than one antivirus application on the server, but this will affect the number of messages that can be scanned over a period of time.
• Save changes within the ClamWin plugin window and restart the MTA agent.
• Use the "test" button within the Antivirus plugin window to test that ClamWin is working correctly and picking up the test "eicar" virus.

Step 2: Creating an antivirus filter within the MailEnable administration console

In versions 3.x onwards MailEnable introduced a spam protection filter which is enabled by default when you install MailEnable. The spam protection script will score the message with a 100 positive weighting and mark the message as spam if an infection is found by the command line scanner. The infected attachment will automatically be removed by the command line scanner. More information in regards to the spam protection filter can be found within the MailEnable documentation or the following knowledgebase article: http://www.mailenable.com/kb/content/article.asp?ID=ME020391

However if you are configuring ClamWin on a MailEnable version 1.x or 2.x (Pro or Ent) and require actions to be performed based on message infection then this will require the creation of a global filter in the MailEnable Administration program that detects when the message contains a virus and deletes the message or quarantines it, notifies sender, etc.

NOTE: A global filter can also be created in MailEnable versions 3.x and 4.x (Pro and Ent).

To create an antivirus filter:

• Open the MailEnable Administration Program.
• Right click on the Messaging Manager > Filters branch and create a new filter.
• Name the filter "Antivirus Filter" (without the quotes).
• Next double click the newly created filter in the right hand side pane window and check the criteria: "Where the message contains a virus".
• Create the actions that are undertaken when the virus is detected by clicking on the "Add Action" button (e.g.: Copy the message to the Quarantine directory or Delete Message).

Testing antivirus configuration

Test the configuration by emailing yourself the Eicar test virus from http://www.eicar.com. To perform more advanced testing and debugging, follow the details in this knowledge base article: http://www.mailenable.com/kb/content/article.asp?ID=ME020085

The MailEnable Antivirus log files are located under: Servers > Local host > Extensions > MailEnable Message Filter > logs > Antivirus

Configuring the MailEnable MTA agent

The Mail Transfer Agent can be set to run in multiple occurrences or multiple threads. This setting allows a command line scanner to run several times concurrently allowing a greater pass through of mail checking.  The default settings for the number of concurrent MTA transfer threads are 64, however it is fairly common in high volumes of processed mail that the antivirus program does not handle this well and can often fail.   
 
The default thread count can be changed in the MTA properties:

• Navigate to: Servers > Local Host > Agents > MTA
• Right click MTA agent and select Properties
• Change maximum threads to 1 

NOTE: It is mandatory that the MTA maximum transfer thread settings is set to 1 for ClamWin antivirus to operate correctly.

MORE INFORMATION

How to debug anti-virus support and the Mail Transfer Agent:http://www.mailenable.com/kb/content/article.asp?ID=ME020121