SmarterMail 15.x Help

Antivirus Administration

SmarterMail's default installation includes, at no additional cost, effective and self-updating antivirus protection with ClamAV. In addition, SmarterMail can support additional third-party solutions that include a quarantine directory as well as support for command-line antivirus solutions. SmarterMail has the ability to check the quarantine directory and respond to users that attempted to send an email containing a virus.

To view the antivirus settings for your server, click the security icon and then click Antivirus Administration in the navigation pane The antivirus settings will load in the content pane and the following tabs will be available:

Options

  • Virus Quarantine - Allows you to specify the amount of time you want to quarantine any detected viruses.
  • Enable ClamAV - Select this checkbox to enable ClamAV.
  • Enable real-time AV - Select this checkbox to enable virus checking in real-time.
  • Enable command-line AV - Select this checkbox to enable a command-line virus scanner.
  • Enable Cyren zero-hour antivirus - Select this checkbox to enable the Cyren Zero-hour Antivirus add-on.

ClamAV

Clam AntiVirus is a third-party open source antivirus toolkit, designed especially for scanning email on mail gateways. ClamAV is included at no additional cost in the default installation of SmarterMail. For more information on ClamAV, visit: www.clamav.com

  • IP Address - The IP address of the ClamAV server to use.
  • Port - The port that the ClamAV server is listening on.
  • Remote Server - Select this checkbox if the server is a remote server.
  • Timeout - The maximum number of seconds SmarterMail should wait for ClamAV to respond before moving on to the next message. By default, the timeout is 10 seconds.
  • Failures Before Disable - The maximum number of ClamAV timeouts allowed before it is disabled. By default, ClamAv is limited to 5 failures.
  • Virus Definitions - The date and time the virus definitions were last updated. The definitions are updated whenever the service starts and every 6 hours thereafter.

Real-Time AV

  • Quarantine Directory - The full path to the quarantine directory for the server. This is where emails that are allegedly infected with a virus are temporarily held.
  • Virus Action - The action taken when an email contains a virus. The available actions are:
    • Delete - Deletes any files attached to the message from the spool directory. This does not take any action on the quarantine directory.
    • Inform Sender - Informs the "From" address that a message was received by the server, and because a virus was found in the message, it did not reach the intended recipient. Note: With some of the more recent viruses, this action becomes less useful, as many viruses now spoof the "From" email address.

Command-line AV

  • Command Line - The command that you want to execute. %FILEPATH will be replaced with the path to the file to be scanned.

Cyren Zero-hour Antivirus

The Cyren Zero-hour Antivirus add-on uses Recurrent Pattern Detection technology to identify viruses based on their unique distribution patterns and provides a complementary shield to conventional AV technology, protecting in the earliest moments of malware outbreaks and continuing protection as each new variant emerges.

Cyren evaluates each message and determines the probability that the message contains a virus. System administrators can choose the default action taken on a message when Cyren determines the it has a medium, high, or definite probability of containing a virus. For more information, or to purchase this add-on, visit the SmarterTools website.