MailEnable Enterprise Guide
In This Topic
    Antivirus Configuration
    In This Topic

    Using your own antivirus scanner

    If antivirus support is enabled, attachments in messages are unpacked and scanned as they pass through the Mail Transfer Agent. The MTA moves mail messages internally within MailEnable. When the MTA picks up a message from a connector’s queue, it unpacks it into a scratch directory and uses the command line specified in the administration program to scan each unpacked file. In most cases, command line virus checkers have the ability to automatically delete files. If one of the scanned attachments of the message is deleted, the Antivirus filter assumes that it has a virus and when the message is reconstructed, it replaces the offending content with a note indicating that offending content was removed. MailEnable can also check the return code from a command line scanner in order to determine whether the item it processed is infected.

    For example, a sample argument line for a command line scanner is:

    "[AGENT]" "[FILENAME]" -remove -s -nb -nc

    This can be seen if you open the registry and access HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\[Virus Scanner Short Name].

    Note that the [AGENT] and [FILENAME] tokens in this registry setting are replaced by the path to the A/V Command Line Scanner and the attachment name (which is generated by the system). The "-remove -s -nb -nc" part of this registry value is the part that will vary depending on the scanner application being used.

    Ensuring that the A/V app supports auto deletion is a little limiting. As a result there are registry settings that allow the use of the scanners DOS error level or exit code.

    The respective settings are:

    Example

    A sample registry import file is outlined below:

    Windows Registry Editor Version 5.00 
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\Custom] 
    
    "Status"=dword:00000000 
    "Antivirus Notification Message"=">"
    "Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch" 
    
    "Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" -s -nb -nc" 
    
    "Antivirus Agent"="C:\\Program Files\\Virus Scanner\\CUSTOM.EXE" 
    
    "Provider DLL"="MEAVGEN.DLL" 
    
    "Program Name"="Custom" 
    
    "Program Info"="This is a template for new virus scanners." 
    
    "Exit Code Enabled"=dword:00000000 
    
    "Exit Codes Error Inclusive"=dword:00000001 
    
    "Exit Codes"="1" 
    

    This can be copied into Notepad, saved as a .reg file and imported using the registry editor. Once imported into the registry, the settings can be edited to those required by the antivirus command line application.

    Selecting an antivirus application

    MailEnable Enterprise Edition provides an antivirus plug-in that will allow scanning of mail messages for viruses as they pass through the Mail Transfer Agent. The following overviews are provided to assist in selecting an antivirus application.

    F-Prot

    Company:  Frisk International

    Product Name: F-Prot for Windows http://www.f-prot.com/

    Configuration Guidelines: MailEnable Knowledge Base http://www.mailenable.com/kb/Content/Article.asp?ID=me020284

    Sophos

    Company:  Sophos

    Product Name: Sophos Antivirus http://www.sophos.com/

    Configuration Guidelines: MailEnable Knowledge Base
    http://www.mailenable.com/kb/Content/Article.asp?ID=me020288

    Norman Antivirus

    Company: Norman

    Product Name: Norman Virus Control (NVC)

    Configuration Guidelines: MailEnable Knowledge Base http://www.mailenable.com/kb/Content/Article.asp?ID=me020290

    Panda

    Company: Panda Software

    Product Name: Panda Command Line http://www.symantec.com/index.htm

    Configuration Guidelines:MailEnable Knowledge Base
    http://www.mailenable.com/kb/Content/Article.asp?ID=me020289

    Symantec Norton Antivirus

    Company:  Symantec

    Product Name:Norton Antivirus (Corporate Edition) http://www.symantec.com/index.htm

    Configuration Guidelines: MailEnable Knowledge Base
    http://www.mailenable.com/kb/Content/Article.asp?ID=me020086 (versions 6 and 7)
    http://www.mailenable.com/kb/Content/Article.asp?ID=me020277 (Corporate Edition)

    McAfee Virus Scan

    Company:  McAfee

    Product Name:  McAfee Virus Scan http://www.mcafee.com/

    Configuration Guidelines:MailEnable Knowledge Base

    http://www.mailenable.com/kb/Content/Article.asp?ID=me020287

    Grisoft AVG

    Company:Grisoft

    Product Name:AVG  http://www.grisoft.com

    Configuration Guidelines: MailEnable Knowledge Base
     http://www.mailenable.com/kb/Content/Article.asp?ID=me020201

    Real time protection

    Some antivirus agents cannot exclude directories or file types from their real time protector. Problems may occur if real-time virus protectors are not prevented from monitoring and protecting critical MailEnable directories. Depending on what the server is being used for, it may be better disable real time protectors because they drastically inhibit disk IO. An option is to schedule scans rather than using the real-time protector. The following table outlines the current features of leading antivirus manufacturers with respect to configuring real-time virus protection/IO monitoring.

    Vendor/Product

    Support

    Norton Antivirus Corporate Edition

    Can exclude directories and file types.

    McAfee Virus Scan

    Can exclude directories and file types.

    Panda

    Can exclude specific folders.

    AVG

    No ability to exclude directories or file types.

    Norman

    Can exclude directories and file types.

    F-Prot

    No ability to exclude directories or file types.

    Note: Any errors or omissions in the above are unintentional. For accurate and up to date information it is recommended to consult the manual or web site of the respective antivirus software package. Whilst MailEnable provides a means for you to integrate Antivirus software, you should always check the licensing agreement supplied with the Antivirus software to determine any licensing constraints.