Community Knowledge Base

Antivirus

SmarterMail supports multiple methods of antivirus protection for securing your mail server. The default installation includes, at no additional cost, effective and self-updating antivirus protection with ClamAV. SmarterMail also supports additional third-party solutions, including command-line antivirus solutions and Cyren Zero-hour Outbreak Detection. (Cyren Zero-hour Outbreak Detection is a paid SmarterMail add-on and can be licensed in 12-month subscriptions. Start a 30 day trial in the Licensing settings, or contact SmarterTools Sales for purchasing details.) In addition, SmarterMail has the ability to quarantine messages that are suspected as containing viruses, and, using system events, can respond to senders that attempted to send an email containing a virus.

To view the antivirus settings for your server, log in to SmarterMail as an Administrator and click on the Setting icon. Then click on Antivirus in the navigation pane. The following settings will be available. NOTE: The virus Qurantine Directory -- or Quarantine Path -- is part of the General Settings.

Windows Defender

Windows Defender (which may eventually become Microsoft Defender for servers, as it's being changed for desktops currently) is part of the default installation for most Windows server operating systems and delivers the comprehensive, ongoing, and real-time protection you expect against software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.

  • Scan Uploaded Files - Enabling this will scan all files uploaded to File Storage, group chat, Team Workspaces and attachments to outgoing messages composed in webmail.
  • Scan Messages - Enabling this will scan any incoming or outgoing messages, as well as all file attachments, that are sent through the SmarterMail spool.
  • When Virus is Found - This dropdown allows you to select what you want done with a message if ClamAV detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.

ClamAV

ClamAV is a third-party open source antivirus toolkit that is included, at no additional cost, in the default installation of SmarterMail. For more information on ClamAV, visit: www.clamav.net

Note: ClamAV's virus definitions are updated every 6 hours and its last updated date/time is displayed on the card. To manually update the ClamAV definitions, click on the Actions (...) button and select Update ClamAV Definitions.

  • Scan Uploaded Files - Enabling this will scan all files uploaded to File Storage, group chat, Team Workspaces and attachments to outgoing messages composed in webmail.
  • Scan Messages - Enabling this will scan any incoming or outgoing messages, as well as all file attachments, that are sent through the SmarterMail spool.
  • When Virus is Found - This dropdown allows you to select what you want done with a message if ClamAV detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.
  • ClamAV is on a remote server - Enable this setting if the server is a remote server.
  • IP Address - The IP address of the ClamAV server to use. When running ClamAV as part of the SmarterMail install, this will default to localhost. (127.0.0.1)
  • Port - The port that the ClamAV server is listening on. When running ClamAV as part of the SmarterMail install, this will default to port 3310.
  • Timeout (Seconds) - The maximum number of seconds SmarterMail should wait for ClamAV to respond before moving on to the next message. By default, the timeout is 10 seconds.
  • Failures Before Disable - The maximum number of ClamAV timeouts allowed before it is disabled. By default, ClamAv is limited to 5 failures.

Cyren Zero-hour Outbreak Detection

The Cyren Zero-hour Outbreak Detection add-on uses Recurrent Pattern Detection technology to identify viruses based on their unique distribution patterns and provides a complementary shield to conventional AV technology, protecting in the earliest moments of malware outbreaks and continuing protection as each new variant emerges.

Cyren evaluates each message and determines the probability that the message contains a virus. For more information, or to purchase this add-on, visit the SmarterTools website.

Note: This service is intended to be used as a complement to conventional antivirus technology as an additional protection against zero-hour virus outbreaks. Cyren Zero-hour Outbreak Detection looks for new variants of malware and should not be used as the standalone antivirus program.

  • Scan Messages - When licensed, enabling this setting allows the use of Cyren Zero-hour Outbreak Detection to scan any incoming or outgoing messages, as well as all file attachments, that are sent through the SmarterMail spool. Note: Cyren Zero-hour Outbreak Detection is a paid SmarterMail add-on and can be licensed in 12-month subscriptions. Start a 30 day trial in the Licensing settings, or contact SmarterTools Sales for purchasing details.
  • When Virus is Found - This dropdown allows you to select what you want done with a message if Cyren detects it contains a virus. These options include:
    • No Action - Do nothing with the message.
    • Delete Message - Delete the entire message. Note: The Delete Message action will permanently delete messages, preventing them from reaching the user's mailbox. Exercise caution when selecting this action, as messages deleted via virus filtering cannot be recovered.
    • Quarantine Message - Move the message to the quarantine folder on the server. These messages can then be found on the Virus Quarantine tab on the Spool page. By default, messages remain in quarantine for 30 days, after which time the .eml is deleted, unless other action is taken to move the message out of quarantine.

Command-Line Antivirus

Administrators can integrate SmarterMail with third-party antivirus programs via a command-line execution. This can be an efficient solution for high-volume mail environments by reducing the burden on the mail server itself.

Once a message comes into the SmarterMail spool, it will then be scanned for viruses using the command-line antivirus and any built-in antivirus measures that have been enabled in SmarterMail. If the command-line scanner picks up a virus, it will be up to the command-line antivirus program to delete/quarantine the message according to the application's configuration.

  • Scan Messages - Enable this setting to allow the use of command-line antivirus to scan any incoming or outgoing messages, as well as all file attachments, that are sent through the SmarterMail spool.
  • Command Line - Enter the executable for the antivirus program. For example, if you'd like to integrate with ESET Endpoint Antivirus, you might enter something like:
    C:\Program Files\ESET\ESET Endpoint Antivirus\ecls.exe /base-dir="C:\Program Files\ESET\ESET Endpoint Antivirus" /aind /arch /sfx /adware /clean-mode=Delete %FILEPATH

Note: %FILEPATH will be replaced with the path to the file to be scanned.