Anti virus software

<< Click to Display Table of Contents >>

Navigation:  »No topics above this level«

Anti virus software

Exchange Server Toolbox is able to test incoming messages for viruses using the integrated ClamAV or your installed anti virus software.

 

ClamAV

The integrated anti virus is the Windows version of ClamAV: ClamWin (http://www.clamwin.com)

 

"Clam AntiVirus is an open source (GPL) anti virus toolkit for UNIX, designed especially for email scanning on mail gateways. [...] The core of the package is an anti virus engine available in a form of shared library.

 

Here is a list of the main features:

   * [...]

   * advanced database updater with support for scripted updates and digital signatures

   * virus scanner C library

   * virus database updated multiple times per day (see homepage for total number of signatures)

   * built-in support for various archive formats, including Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others

   * built-in support for almost all mail file formats

   * built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and shrouded with SUE, Y0da Cryptor and others

   * built-in support for popular document formats including MS Office and MacOffice files, HTML, RTF and PDF

(Source: http://www.clamav.net/)

 

 

Installed anti virus software

Installed anti virus software can be used by Exchange Server Toolbox as long as it includes an "On Access Scanner" that checks all files written to the hard disk.

 

 

Common settings for any virus software you want to use with Exchange Server Toolbox are:

If a virus is found (files and archives) the software must not prompt for any user interaction. Set "delete file" or "move/rename file" as action to be taken.

 

 

The specific behavior varies depending on the anti virus software you use.

Below, we will provide detailed configuration instructions for some anti virus software systems:

 

GData

BitDefender

Kaspersky

Sophos

 

 

GData

 

It is important that the mail scanner of GData is disabled. Otherwise Exchange Server Toolbox will not work correctly.

 

GData AntiVirus is delivered with an "On Access Scanner" that is able to notice if an infected file was written to / read from the hard disk. The "On Access Scanner" needs time to test attachments resulting in a longer download time for messages.

 

To make Exchange Server Toolbox and GData virus scanner work together some changes in the configuration of the "AVK Guard" are necessary:

 

Infected files have to be moved or deleted without prompting.

Infected archives should be handled without prompting a warning.

Files have to be scanned while writing to disk.

Also scan archives. Most viruses attached to emails are in an archive (e.g. *.zip Files).

 

 

BitDefender

 

BitDefenders virus scanners are able to check incoming messages. If you enable the appropriate anti virus feature in the Anti virus options form Exchange Server Toolbox activates this function in your scanner. After activating it all forwarded Messages containing a virus will be replaced by a notification message from the anti virus software.

 

Kaspersky

 

Kaspersky virus scanners are delivered with an "On Access Scanner" that is able to notice whether an infected file was written to / read from the hard disk.

The "On Access Scanner" needs time to test attachments resulting in a longer download time for messages.

 

To make Exchange Server Toolbox and the Kaspersky virus scanner work together some changes in the configuration of the "Anti virus Monitor" have to be made.

 

Following changes are required:

Viruses have to be renamed or deleted without asking.

Disable the warning message box.

 

Following changes are recommended:

Also scan compressed files. Most viruses attached to emails are in archives (e.g. *.zip Files).

Scan all files (not only files that may be infected) to get better results.

Allow Kaspersky to provide a "Report File" briefing you if any viruses were found.

 

 

Sophos

 

Sophos virus scanners are delivered with an "On Access Scanner" that is able to notice if an infected file was written to/read from the hard disk. The "On Access Scanner" needs time to test attachments resulting in a longer download time for messages.

 

To make Exchange Server Toolbox and the Sophos virus scanner work together some changes in the configuration of the "InterCheck - Client" have to be made.

 

Following changes are required:

Viruses have to be renamed, removed or deleted without asking.

Files have to be scanned while writing to disk.

 

Following changes are recommended:

Also scan compressed files. Most viruses attached to emails are in archives (e.g. *.zip Files).

Scan Files while reading and renaming files.