SmarterMail Help

Antivirus

SmarterMail supports multiple methods of antivirus protection for securing your mail server. The default installation includes, at no additional cost, effective and self-updating antivirus protection with ClamAV. SmarterMail also supports additional third-party solutions, including command-line antivirus solutions and Cyren Zero-hour Outbreak Detection. (Cyren Zero-hour Outbreak Detection is a paid SmarterMail add-on and can be licensed in 12-month subscriptions. Start a 30 day trial in the Licensing settings, or contact SmarterTools Sales for purchasing details.) In addition, SmarterMail has the ability to quarantine messages that are suspected as containing viruses, and, using system events, can respond to senders that attempted to send an email containing a virus.

To view the antivirus settings for your server, log in to SmarterMail as an Administrator and click on the Setting icon. Then click on Antivirus in the navigation pane. The following settings will be available:

Options

  • Scan Inbound/Outbound Messages - This dropdown list allows you to specify the types of messages that will be scanned for the virus quarantine: messages coming into the server, leaving the server or both.

NOTE: The virus Qurantine Directory -- or Quarantine Path -- is part of the General Settings.

ClamAV

ClamAV is a third-party open source antivirus toolkit that is included, at no additional cost, in the default installation of SmarterMail. For more information on ClamAV, visit: www.clamav.com

Note: ClamAV's virus definitions are updated whenever the service starts and every 6 hours thereafter, and its last updated date/time is displayed on the card. To manually update the ClamAV definitions, click on the Actions (...) button and select Update ClamAV Definitions.

  • Enable ClamAV - Enable this setting to use ClamAV.
  • When Virus is Found - This dropdown allows you to select what you want done with a message if ClamAV detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.
  • ClamAV is on a remote server - Enable this setting if the server is a remote server.
  • IP Address - The IP address of the ClamAV server to use. When running ClamAV as part of the SmarterMail install, this will default to localhost. (127.0.0.1)
  • Port - The port that the ClamAV server is listening on. When running ClamAV as part of the SmarterMail install, this will default to port 3310.
  • Timeout (Seconds) - The maximum number of seconds SmarterMail should wait for ClamAV to respond before moving on to the next message. By default, the timeout is 10 seconds.
  • Failures Before Disable - The maximum number of ClamAV timeouts allowed before it is disabled. By default, ClamAv is limited to 5 failures.

Cyren Zero-hour Outbreak Detection

The Cyren Zero-hour Outbreak Detection add-on uses Recurrent Pattern Detection technology to identify viruses based on their unique distribution patterns and provides a complementary shield to conventional AV technology, protecting in the earliest moments of malware outbreaks and continuing protection as each new variant emerges.

Cyren evaluates each message and determines the probability that the message contains a virus. For more information, or to purchase this add-on, visit the SmarterTools website.

Note: This service is intended to be used as a complement to conventional antivirus technology as an additional protection against zero-hour virus outbreaks. Cyren Zero-hour Outbreak Detection looks for new variants of malware and should not be used as the standalone antivirus program.

  • Enable Cyren Zero-Hour Outbreak Detection - When licensed, enabling this setting allows the use of Cyren Zero-hour Outbreak Detection. Note: Cyren Zero-hour Outbreak Detection is a paid SmarterMail add-on and can be licensed in 12-month subscriptions. Start a 30 day trial in the Licensing settings, or contact SmarterTools Sales for purchasing details.
  • When Virus is Found - This dropdown allows you to select what you want done with a message if Cyren detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.

Command-Line Antivirus

Administrators can integrate SmarterMail with third-party antivirus programs via a command-line execution. This can be an efficient solution for high-volume mail environments by reducing the burden on the mail server itself.

Once a message comes into the SmarterMail spool, it will then be scanned for viruses using the command-line antivirus and any built-in antivirus measures that have been enabled in SmarterMail. If the command-line scanner picks up a virus, it will be up to the command-line antivirus program to delete/quarantine the message according to the application's configuration.

  • Enable command-line antivirus - Enable this setting to allow the use of command-line antivirus.
  • Command Line - Enter the executable for the antivirus program. For example, if you'd like to integrate with ESET Endpoint Antivirus, you might enter something like:
    C:\Program Files\ESET\ESET Endpoint Antivirus\ecls.exe /base-dir="C:\Program Files\ESET\ESET Endpoint Antivirus" /aind /arch /sfx /adware /clean-mode=Delete %FILEPATH

Note: %FILEPATH will be replaced with the path to the file to be scanned.