Antivirus Filtering

This service allows you to help protect users from viruses by scanning each every mail that passes through. You can use almost any existing antivirus product to perform the scanning. You can also choose from a wide range of actions to perform in response to a virus being found. This includes deleting the mail, stripping infected attachments, sending new mails and more.

Antivirus Filtering #

  • Enable Antivirus Filtering - This controls whether the antivirus filtering is enabled.
  • Max Simultaneous Scans - This controls the maximum number of antivirus scans that can be performed at any one time. If this limit is reached, mails will be held in a queue until an antivirus scan can be performed.
  • Antivirus Scanners - This is a list of antivirus scanners that will be used to scan mail passing through your mail server. Scanners are performed sequentially and some scanners may affect subsequent scanners. Therefore, you can change the order of the scanners to achieve the desired effect.
  • Add Preset - This allows you to add a preset antivirus scanner to help save time and give an indication of the kind of scanner that can be created.

Add / Edit Scanner #

  • Enable Antivirus Scanner - This controls whether the antivirus scanner is enabled.
  • Name - This is used to uniquely identify a scanner in the settings and also as an indication of the nature of the scanner. The name is only used in the settings and logs and does not have any effect during the scan being performed on any mails.
  • Scan All Mail - If set, all incoming and outgoing mail will be scanned.
  • Scan Incoming Mail - If set, only mail with one or more local SMTP recipients (incoming mail) will be scanned.
  • Scan Outgoing Mail - If set, only mail with all external SMTP recipients (outgoing mail) will be scanned.
  • Scan Raw Email Data - This controls whether a preliminary scan of the entire mail file is performed before each of its constituent parts is scanned separately. This can be used as an extra chance for a virus to be found in the mail as a whole. If a virus is found, some antivirus products may also attempt to fix the mail file by repairing or removing any infected part found.
  • Scan Text and HTML Body Parts - If enabled, the HTML and text body parts of the mail will also be scanned.
  • Application Path - This is the file path of the antivirus scanner application. It is perfectly legal to have this path set to a network location. For more information on using network drives, please view this Frequently Asked Questions page.
  • Parameters - This is an optional set of parameters which will be passed to the application. You can also pass the mail file path as a parameter using the special tag of "%s", allowing relevant processing to be performed on the relevant file.
  • Thread Priority - This controls the CPU priority of the antivirus scan. If your AV scanner is too slow or aggressively using the CPU, this option can allow you to compensate.
  • Return Value - This is the value range to be compared against the return value given by the application. If the return value is in this range, this will indicate that a virus was found.
  • Check For File Deletion - If set, the return value of an application will be ignored and instead a virus will be indicated by the antivirus application deleting the infected file. This is usually only necessary for antivirus applications that cannot indicate an infection via a return value.
  • Hide Scanner Application Window - If enabled, the antivirus scanner application window will be hidden when executed.
  • Classify File as Virus if Application Fails - If enabled and the antivirus application fails to complete the scan, the current mail part being scanned will be assumed to be virus.
  • Load Approved Antivirus Scanner - This allows you to load in recommended settings for one of several antivirus products tested and approved by Code Crafters. These settings are only a recommendation and should be checked and tested before putting to use. Also, the provided 'Application Path' does not contain a full path name. This should be used has a guide to locate the actual file. If you require further information on configuring the scanner with your antivirus product, you should read the products documentation or contact the vendor.
  • Test Antivirus Scanner - This allows you to perform a test scan using the EICAR test virus. This file is not a virus but should be recognized by most antivirus products as a means of testing setup without exposing your system to a real virus. This test will indicate any problems with your antivirus scanner setup. Please close down all other antivirus products running on your system before performing this test as other scanners will respond to the test file being created and may interfere with the test.

Approved Antivirus Scanners #

Ability Mail Server will work with any antivirus software that includes a command line scanner. Below are a few approved presets. However, newer versions of these antivirus products may have different settings to the ones below. You can use the command line help for the software or contact the software vendor for more details of the latest settings.

Antivirus Product Application Parameters Returns
Norton Antivirus navw32.exe /b- /automation "%s" Check for File Deletion
Symantec Antivirus Scan Engine savsecls.exe -mode scan "%s" 1:*
McAfee VirusScan scan.exe /noboot /nobreak /nomem /silent /unzip "%s" 1:*
Sophos Antivirus sav32cli.exe -sc -s -nb -all "%s" 1:*
Grisoft AVG 32Bit avgscanx.exe /arc /heur /clean /scan="%s" Check for File Deletion
Grisoft AVG 64Bit avgscana.exe /arc /heur /clean /scan="%s" Check for File Deletion
F-Prot Antivirus fpscan.exe /archive=99 "%s" 1:*
avast! Professional Edition ashcmd.exe /c /i /p /s /t=a "%s" 1:*
ClamWin clamscan.exe --database="C:\Documents and Settings\All Users\.clamwin\db" "%s" 1:*
eScan Antivirus avpdos32.exe /m /p /b /s /y "%s" 1:*
CA eTrust Antivirus Inocmd32.exe -arc -nex "%s" 1:*
Eset Security ecls.exe /base-dir="C:\Program Files\ESET\ESET Security\Modules" /no-boots /arch /mail /sfx /rtp /adware /unsafe /unwanted /suspicious /pattern /heur /adv-heur /clean-mode=none /no-quarantine "%s" 1:*
Kaspersky Antivirus avp.exe scan /i4 /fe "%s" 1:*

Add / Edit Action #

All actions are shown in the table below followed by details of each action type.

Type Action Description
No Settings Remove All Recipients Removes all SMTP recipients.
Set SPAM Flag Sets the SPAM flag in the mail.
Remove SPAM Flag Removes the SPAM flag in the mail.
Stop Filtering Stops filtering. Subsequent actions and remaining Content Filter Rules / Antivirus Scanners are not evaluated.
Delete Email Deletes the mail from the system. Subsequent actions for the current rule that do not affect the mail directly will still be performed. Further rules will not be performed.
Convert Text Content to HTML Generates a HTML version of a plain-text only email based on the plain-text content.
Recipients Redirect To Removes all SMTP recipients and adds the recipients provided.
Add Recipients Adds the SMTP recipients provided.
Send Copy To Sends a copy of the mail to the recipients provided.
Rename Rename Recipients Renames any SMTP recipients that match the substring search.
Rename Attachments Renames any attachments that match the substring search.
Remove Remove Recipients Removes any SMTP recipients that match the substring search.
Remove Custom Event Removes any custom events that match the substring search.
String Add Custom Event Adds the specified custom event to the mail.
Place in Account Directory Tries to deliver the mail to the specified account directory instead of the default 'Inbox' directory.
Rename Sender Renames the SMTP sender to the provided address.
Edit Header Field Edit Header Field Replaces the field text of the specified header field. Adds the field if it does not exist.
Add Signature Add Signature Appends text or HTML code to the base of a mail body.
Strip Attachments Strip Attachments Strips any attachments that match the substring search. Optionally inserts 'removed attachments' message.
Strip All Strip All Attachments Strips all attachments. Optionally inserts 'removed attachments' message.
Strip All Infected Parts Strips all infected parts of the mail. Optionally inserts ‘removed attachments’ message.
New Mail Send Email Sends a new mail.
Reply to Email Sends a reply mail back to the SMTP sender.
Send Email to Recipients Sends a new mail to all SMTP recipients.
Add Text to File Add Text to File Appends text to the specified file. Creates the file if it does not exist.
Copy All to Directory Copy All Attachments to Directory Copies all attachments to a specified directory. Does not alter the attachments within the mail.
Copy All Infected Parts to Directory Copies all infected parts of the mail to a specified directory. Does not alter the infected parts within the mail.
Execute Application Execute Application Executes an application with the parameters provided.

Action Type - No Settings #

This is the simplest type of action. Each action with this type requires no additional settings to be performed.

Action Type - Recipients #

'Recipients' actions control the recipients in the SMTP envelope which governs which email addresses the mail is delivered to.

  • Recipients - This is a list of recipients which are to be affected by the appropriate action.

Action Type - Rename #

'Rename' actions are performed on a particular attribute based on its value matching the substring search criteria provided.

  • Match Type - This controls what kind of substring search will be performed against the values supplied. This can be one of the following:
    • String Matches - The value must match the substring provided.
    • String Contains - The value must contain the substring provided.
    • String Starts With - The value must start with the substring provided.
    • String Ends With - The value must end with the substring provided.
    • String Does Not Contain - The value must not contain the substring provided.
  • Substring - This is the substring to be used with the given 'Match Condition' during the string search.
  • Case Sensitive - If enabled, the string search will be case sensitive. Otherwise, a case in-sensitive search will be performed.
  • Substring List - This allows a list of substrings to be used in the search instead of just one. The substrings are separated by semicolons (';'). If any one of the substrings matches the search criteria the condition will evaluate true.
  • Rename To - This is what values matching the substring search will be renamed to.

Action Type - Remove #

The 'Remove' actions are performed on a particular attribute based on its value matching the substring search criteria provided.

  • Match Type - This controls what kind of substring search will be performed against the values supplied. This can be one of the following:
    • String Matches - The value must match the substring provided.
    • String Contains - The value must contain the substring provided.
    • String Starts With - The value must start with the substring provided.
    • String Ends With - The value must end with the substring provided.
    • String Does Not Contain - The value must not contain the substring provided.
  • Substring - This is the substring to be used with the given 'Match Condition' during the string search.
  • Case Sensitive - If enabled, the string search will be case sensitive. Otherwise, a case in-sensitive search will be performed.
  • Substring List - This allows a list of substrings to be used in the search instead of just one. The substrings are separated by semicolons (';'). If any one of the substrings matches the search criteria the condition will evaluate true.

Action Type - String #

The 'String' actions are performed based on the string provided.

  • Account Directory - This is the directory that mail will try to be delivered in instead of the default 'Inbox' directory. If the directory doesn't exist for a particular account, the mail will be placed in the 'Inbox' as normal.
  • Custom Event - This is the custom event that will be added to the mail.

Action Type - Edit Header Field #

The 'Edit Header Field' action replaces the text of a particular header field. If the header field is not present it will be created.

  • Standard Header Field - If set, the substring search will be performed on the header field selected from the combo box.
  • Custom Header Field - If set, the substring search will be performed on the header field specified in the available text box.
  • Text - This is the text that will replace the current header field text specified. This option allows the use of field tags, for more information please view the Using Field Tags page.

Action Type - Add Signature #

The 'Add Signature' action inserts a signature in the text and HTML body parts of a mail.

  • Text Body Signature - This is the text which will be appended to the base of the text body part of the mail. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • HTML Body Signature - This is the HTML code which will be appended to the base of the HTML body part of the mail. This option allows the use of field tags, for more information please view the Using Field Tags page.

Action Type - Strip Attachments #

The 'Strip Attachment' action removes attachments that match the substring search criteria provided.

  • Match Type - This controls what kind of substring search will be performed against the values supplied. This can be one of the following:
    • String Matches - The value must match the substring provided.
    • String Contains - The value must contain the substring provided.
    • String Starts With - The value must start with the substring provided.
    • String Ends With - The value must end with the substring provided.
    • String Does Not Contain - The value must not contain the substring provided.
  • Substring - This is the substring to be used with the given 'Match Condition' during the string search.
  • Case Sensitive - If enabled, the string search will be case sensitive. Otherwise, a case in-sensitive search will be performed.
  • Substring List - This allows a list of substrings to be used in the search instead of just one. The substrings are separated by semicolons (';'). If any one of the substrings matches the search criteria the condition will evaluate true.
  • Insert Removed Attachment Message - This will cause an extra attachment listing all removed attachments to be added to the mail.

Action Type - Strip All #

The 'Strip All' actions remove all appropriate parts from the mail.

  • Insert Removed Attachment Message - This will cause an extra attachment listing all removed attachments to be added to the mail.

Action Type - New Mail #

'New Mail' actions create new mail to be inserted into the mail server.

  • From - This is the email address that will be used as the 'From' address of the mail.
  • To - This is a list of recipients that will receive the mail. You can add more than one email address separated by semi-colons (';').
  • Subject - This is the subject of the new mail. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Message Text - If set, this will be the message body of the new mail. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Message File - If set, the message body of the new mail will be the contents of this file.

Action Type - Add Text to File #

The 'Add Text to File' action appends the provided text to a given file. If the file does not already exist it will be created.

  • File Path - This is the path of the file to be appended to. It is perfectly legal to have this path set to a network location. For more information on using network drives, please view the Frequently Asked Questions page.
  • Text - This is the text that will be appended to the file. This option allows the use of field tags, for more information please view the Using Field Tags page.

Action Type - Copy All to Directory #

The 'Copy All to Directory' actions copy all appropriate parts of the mail to a specified directory. The parts remain in the mail.

  • Directory Path - This is the directory that all parts will be copied to. It is perfectly legal to have this path set to a network location. For more information on using network drives, please view the Frequently Asked Questions page.

Action Type - Execute Application #

The 'Execute Application' action executes a specified application.

  • Application Path - This is the file path of the application to be executed. It is perfectly legal to have this path set to a network location. For more information on using network drives, please view the Frequently Asked Questions page.
  • Parameters - This is an optional set of parameters which will be passed to the application. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Hide Application Window - If enabled, the application window will be hidden when executed.