Community Knowledge Base

Antivirus

SmarterMail supports multiple methods of antivirus protection for securing your mail server. The default installation includes, at no additional cost, effective and self-updating antivirus protection with ClamAV, plus integration with Microsoft Defender. SmarterMail also supports additional third-party solutions, including command-line antivirus solutions. In addition, SmarterMail has the ability to quarantine messages that are suspected as containing viruses, and, using system events, can respond to senders that attempted to send an email containing a virus.

From an email processing standpoint, when all forms of antivirus are in use (or even if just one or two are used), the "order of operations" for antivirus is as follows:

  1. Microsoft Defender Antivirus
  2. ClamAV
  3. Cyren Zero-Hour Outbreak Detection (if enabled)
  4. Command-Line Antivirus

Also, in order to preserve resources, antivirus checks will stop as soon as a virus is detected by the FIRST antivirus solution. For example, if a third-party product detects a virus in the spool or in an uploaded file, any other antivirus programs will not process the same message.

When accessing Antivirus settings, the following options will be available. NOTE: The virus Quarantine Directory -- or Quarantine Path -- is part of the General Settings.

Microsoft Defender Antivirus

Microsoft Defender is part of the default installation for most Windows server operating systems and delivers the comprehensive, ongoing, and real-time protection you expect against software threats like viruses, malware, and spyware across email, apps, the cloud, and the web. SmarterMail ties into the antivirus portion of Defender to offer an added layer of protection system administrators can employ. (If Microsoft Defender is not supported, a note is displayed letting the system administrator know.)

  • Scan Uploaded Files - Enabling this will scan all files uploaded to File Storage, group chat, online meetings, and attachments to outgoing messages composed in webmail.
  • Scan Messages With Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that have attachments. Attachments are scanned as well.
  • Scan Messages Without Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that do NOT have any files attached.
  • When Virus is Found in Spool - This dropdown allows you to select what you want done with a message if Microsoft Defender detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.

ClamAV

ClamAV is a third-party open source antivirus toolkit that is included, at no additional cost, in the default installation of SmarterMail. For more information on ClamAV, visit: www.clamav.net

Note: ClamAV's virus definitions are updated every 6 hours and its last updated date/time is displayed on the card. To manually update the ClamAV definitions, click on the Actions (⋮) button and select Update ClamAV Definitions.

  • Scan Uploaded Files - Enabling this will scan all files uploaded to File Storage, group chat, online meetings, and attachments to outgoing messages composed in webmail.
  • Scan Messages With Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that have attachments. Attachments are scanned as well.
  • Scan Messages Without Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that do NOT have any files attached.
  • When Virus is Found in Spool - This dropdown allows you to select what you want done with a message if ClamAV detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.
  • ClamAV is on a remote server - Enable this setting if the server is a remote server.
  • IP Address - The IP address of the ClamAV server to use. When running ClamAV as part of the SmarterMail install, this will default to localhost. (127.0.0.1)
  • Port - The port that the ClamAV server is listening on. When running ClamAV as part of the SmarterMail install, this will default to port 3310.
  • Timeout (Seconds) - The maximum number of seconds SmarterMail should wait for ClamAV to respond before moving on to the next message. By default, the timeout is 10 seconds.
  • Failures Before Disable - The maximum number of ClamAV timeouts allowed before it is disabled. By default, ClamAv is limited to 5 failures.

Cyren Zero-Hour Outbreak Detection

Cyren Zero-Hour Outbreak Detection is a paid add-on that The Cyren Zero-hour Outbreak Detection uses Recurrent Pattern Detection to identify "zero hour", or recently released, viruses based on their unique distribution patterns and provides a complementary shield to built-in antivirus technologies. In addition, by offloading the intensive CPU cycles onto Cyren's servers, you're protected from outbreaks the moment they occur with zero impact on your server.

  • Scan Messages With Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that have attachments. Attachments are scanned as well.
  • Scan Messages Without Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that do NOT have any files attached.
  • When Virus is Found in Spool - This dropdown allows you to select what you want done with a message if ClamAV detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.

Command-Line Antivirus

Administrators can integrate SmarterMail with third-party antivirus programs via a command-line execution. This can be an efficient solution for high-volume mail environments by reducing the burden on the mail server itself.

Once a message comes into the SmarterMail spool, it will then be scanned for viruses using the command-line antivirus and any built-in antivirus measures that have been enabled in SmarterMail. If the command-line scanner picks up a virus, it will be up to the command-line antivirus program to delete/quarantine the message according to the application's configuration.

  • Scan Uploaded Files - Enabling this will scan all files uploaded to File Storage, group chat, online meetings, and attachments to outgoing messages composed in webmail.
  • Scan Messages With Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that have attachments. Attachments are scanned as well.
  • Scan Messages Without Attachments - Enabling this will only scan incoming or outgoing messages that are sent through the SmarterMail spool that do NOT have any files attached.
  • Command Line - Enter the executable for the antivirus program. For example, if you'd like to integrate with ESET Endpoint Antivirus on Windows, you might enter something like:
    C:\Program Files\ESET\ESET Endpoint Antivirus\ecls.exe /base-dir="C:\Program Files\ESET\ESET Endpoint Antivirus" /aind /arch /sfx /adware /clean-mode=Delete %FILEPATH

Note: %FILEPATH will be replaced with the path to the file to be scanned.