SUMMARY

MailEnable Professional and Enterprise Editions provide an antivirus plug-in allowing mail messages to be scanned for viruses as they pass through the Mail Transfer Agent. This article contains general information about MailEnable's Anti-virus module and how the anti-virus agents are called by MailEnable.

OVERVIEW

MailEnable's Mail Transfer Agent (MTA) is the core component of MailEnable responsible for the routing of messages once they have been received from a mail client for delivery. Every mail message arriving or leaving MailEnable (whether SMTP, web mail, HTTP, IMAP, POP3, etc.) travels through the Mail Transfer Agent. 

DETAIL

MailEnable Professional Edition and Enterprise Edition allow the creation of system filters responsible for checking messages for viruses as they pass through the Mail Transfer Agent.

As the messages pass through the Mail Transfer Agent, its message parts are extracted into a scratch directory for analysis by one or more anti-virus agents.

Once the message is extracted MailEnable's anti-virus plug-in creates an anti-virus process for each attachment that is passed through the MTA. Hence, if a message contains 3 attachments, the MTA will extract the attachments to the scratch folder and run the antivirus scanning process for each attachment.

Note: When the messages are put into the scratch directory, they are converted to .ATT files for scanning purposes.

If the message contains no virus, then its routing path is unaltered and it is delivered to the connector appropriate to its delivery. If the message contains a virus, then the antivirus scanner returns a code to the MTA alerting it to the successful find of an infection the MTA then actions a filter criteria associated with the antivirus plug-in.

The MailEnable MTA can work with many antivirus command line scanners. The configuration settings of the command line options used by the scanners often need to be slightly modified, depending on the version of the scanner being used.  It is important to configure the antivirus application to regularly update its signature files (or otherwise the scanner will not effectively capture new virus strains). The product documentation or reference material provided by the antivirus software vendor should provide instructions on scheduling signature updates.

NOTE: Some antivirus scanners are fooled by the .ATT attachment used by MailEnable when its extracted and the viruses are not detected. Recent testing indicates that this limitation has been overcome by most antivirus software vendors.

Many antivirus agents do not function effectively under high concurrency (i.e.: where there are many instances of the antivirus agent running at the one time). This can be controlled by limiting the number of transfer threads used by the MTA. The default settings for the number of concurrent MTA transfer threads are 64.  In most cases, if scanning for viruses, set the maximum number of transfer threads to a value less than 5 (in fact, some antivirus agents require this setting to be 1 transfer thread only).

The default threads can be changed in the MTA properties:

1. Go to Agents>MTA

2. Right click MTA agent and click 'Properties'

3. Change maximum threads.

MailEnable recommends trialling any anti-virus software before purchasing, as each agent works differently, and a decision should be made on personal requirements for antivirus scanning. It is also worth mentioning that some antivirus agents require that the MailEnable Mail Transfer Agent run with elevated privileges.

Please note: The MailEnable MTA agent purely calls a command line scanner, and as such MailEnable does not accept responsibility for any companies antivirus scanner not detecting particular viruses.  This issue can only be rectified through the company where the product was purchased, and as such all queries and support except for configuration should be directed through their relevant channels.

Any errors or omissions in the documentation describing the configuration options for antivirus agents are unintentional.  Contact the vendor's manual or web site relevant to the respective antivirus package for more information. Whilst MailEnable provides a means for integrating antivirus software, always check the licensing agreement supplied with the antivirus software to determine any licensing constraints.

MORE INFORMATION

How to configure an anti-virus filter as a system message filter: http://www.mailenable.com/kb/content/article.asp?ID=ME020388

Which antivirus solution should be used with MailEnable?: http://www.mailenable.com/kb/content/article.asp?ID=ME020144