MailEnable Enterprise Guide
In This Topic
    Antivirus Configuration
    In This Topic

    Using your own antivirus scanner

    If antivirus support is enabled, attachments in messages are unpacked and scanned as they pass through the Mail Transfer Agent. The MTA moves mail messages internally within MailEnable. When the MTA picks up a message from a connector’s queue, it unpacks it into a scratch directory and uses the command line specified in the administration program to scan each unpacked file. In most cases, command line virus checkers have the ability to automatically delete files. If one of the scanned attachments of the message is deleted, the Antivirus filter assumes that it has a virus and when the message is reconstructed, it replaces the offending content with a note indicating that offending content was removed. MailEnable can also check the return code from a command line scanner in order to determine whether the item it processed is infected.

    For example, a sample argument line for a command line scanner is:

    "[AGENT]" "[FILENAME]" -remove -s -nb -nc

    This can be seen if you open the registry and access HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\[Virus Scanner Short Name].

    Note that the [AGENT] and [FILENAME] tokens in this registry setting are replaced by the path to the A/V Command Line Scanner and the attachment name (which is generated by the system). The "-remove -s -nb -nc" part of this registry value is the part that will vary depending on the scanner application being used.

    Ensuring that the A/V app supports auto deletion is a little limiting. As a result there are registry settings that allow the use of the scanners DOS error level or exit code.

    The respective settings are:


    A sample registry import file is outlined below:

    Windows Registry Editor Version 5.00 
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\Custom] 
    "Antivirus Notification Message"=">"
    "Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch" 
    "Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" -s -nb -nc" 
    "Antivirus Agent"="C:\\Program Files\\Virus Scanner\\CUSTOM.EXE" 
    "Provider DLL"="MEAVGEN.DLL" 
    "Program Name"="Custom" 
    "Program Info"="This is a template for new virus scanners." 
    "Exit Code Enabled"=dword:00000000 
    "Exit Codes Error Inclusive"=dword:00000001 
    "Exit Codes"="1" 

    This can be copied into Notepad, saved as a .reg file and imported using the registry editor. Once imported into the registry, the settings can be edited to those required by the antivirus command line application.

    Selecting an antivirus application

    MailEnable Enterprise Edition provides an antivirus plug-in that will allow scanning of mail messages for viruses as they pass through the Mail Transfer Agent. The following overviews are provided to assist in selecting an antivirus application.


    Company:  Frisk International

    Product Name: F-Prot for Windows

    Configuration Guidelines: MailEnable Knowledge Base


    Company:  Sophos

    Product Name: Sophos Antivirus

    Configuration Guidelines: MailEnable Knowledge Base

    Norman Antivirus

    Company: Norman

    Product Name: Norman Virus Control (NVC)

    Configuration Guidelines: MailEnable Knowledge Base


    Company: Panda Software

    Product Name: Panda Command Line

    Configuration Guidelines:MailEnable Knowledge Base

    Symantec Norton Antivirus

    Company:  Symantec

    Product Name:Norton Antivirus (Corporate Edition)

    Configuration Guidelines: MailEnable Knowledge Base (versions 6 and 7) (Corporate Edition)

    McAfee Virus Scan

    Company:  McAfee

    Product Name:  McAfee Virus Scan

    Configuration Guidelines:MailEnable Knowledge Base

    Grisoft AVG


    Product Name:AVG

    Configuration Guidelines: MailEnable Knowledge Base

    Real time protection

    Some antivirus agents cannot exclude directories or file types from their real time protector. Problems may occur if real-time virus protectors are not prevented from monitoring and protecting critical MailEnable directories. Depending on what the server is being used for, it may be better disable real time protectors because they drastically inhibit disk IO. An option is to schedule scans rather than using the real-time protector. The following table outlines the current features of leading antivirus manufacturers with respect to configuring real-time virus protection/IO monitoring.



    Norton Antivirus Corporate Edition

    Can exclude directories and file types.

    McAfee Virus Scan

    Can exclude directories and file types.


    Can exclude specific folders.


    No ability to exclude directories or file types.


    Can exclude directories and file types.


    No ability to exclude directories or file types.

    Note: Any errors or omissions in the above are unintentional. For accurate and up to date information it is recommended to consult the manual or web site of the respective antivirus software package. Whilst MailEnable provides a means for you to integrate Antivirus software, you should always check the licensing agreement supplied with the Antivirus software to determine any licensing constraints.