MailEnable Enterprise Guide
Message Filtering / Antivirus filtering / How to implement antivirus filtering
In This Topic
    How to implement antivirus filtering
    In This Topic

    Configuring MailEnable to filter viruses requires both:

    1. Configuration of the antivirus program to use, and also
    2. Creation of an antivirus filter in MailEnable

    For further advice on selecting or configuring an antivirus program, please see the Antivirus configuration section

    Configuring the antivirus program

    1. Install the selected antivirus application onto the same server that has Enterprise Edition installed
    2. Ensure that any resident or real-time protector capabilities of the antivirus application have been disabled (or all the MailEnable directories have been excluded from being protected by the software). 
      Note: Running a real time antivirus protection on a server can cause issues and each resident antivirus protection agent can have its own problems. If the resident/real-time monitor is enabled, the problems range from blank messages showing up when MailEnable tries to deliver a message with a virus, to possible corruption of mail system configuration files or messages themselves.

      As a general rule, consider the following:

      • Exclude MailEnable Queues and the Config Directories from the resident/real-time monitoring.
      • Disable the resident/real-time monitor if exclusion of MailEnable directories is not possible within the antivirus application.
    3. Open the MailEnable Administration program. Expand the Servers > Local host > Extensions branch. Click on MailEnable Message Filter to highlight the Message filtering extensions in the right hand side pane window. Next double click on MailEnable Antivirus Filter.
    4. Select the appropriate item from the list of available antivirus applications.
    5. Make sure that the "Enable" (or "Enable selected antivirus") is selected. It is possible to enable more than one antivirus application on the server, but this will affect the number of messages that can be scanned over a period of time.
    6. Ensure that the correct program path to the command line virus scanner has been specified. Select the Options button to change this. Also ensure that the scratch directory exists. This directory is used to unpack the message as it is scanned for viruses.
    7. Save changes.
    8. Stop the MTA service.
    9. Start the MTA service.

    Make sure virus definition files are being updated. See the antivirus documentation for information on how to do this.

    Some antivirus applications specifically require Administrative privileges to run. Since the MTA runs under the LocalSystem account, change this to an account with Administrative privileges. Open the Services control panel applet. For the "MailEnable Mail Transfer Agent" service, change the user account it runs under to a Windows user account that has Administrative rights (i.e. a member of the Administrators group).

    The antivirus filter allows command line virus checkers to be used on emails that as they pass through the MailEnable server either for relay or for delivery to local mailboxes.  The following presets are available but require a valid server license to use any of the following supported software:

    • ClamAV
    • F-Prot
    • Sophos
    • McAfee Virus Scan
    • Norton Antivirus Corporate Edition 7.6
    • Norman Virus Control
    • Panda Antivirus Command Line
    • Grisoft AVG

    It is important to disable any Real Time Virus Protection software on the server (since it will interfere with the scanning process).  Please see the Real time antivirus protection section for more information on this.

    Creating an antivirus filter

    To enable antivirus filtering requires the creation of a filter in the MailEnable Administration program that detects when the message contains a virus and deletes the message or quarantines it, notifies sender, etc.

    To create an antivirus filter:

    1. Open the MailEnable Administration Program
    2. Right click on the Messaging Manager > Filters branch and create a new filter.
    3. Specify a name for the filter. Eg: Antivirus filter
    4. Having created the filter, edit the criteria for the filter as follows:
    5. Check the criteria "Where the message contains a virus"
    6. Create the actions that are undertaken when the virus is detected. E.g. Copy the message to the Quarantine directory or Delete Message