Using the Antivirus Filtering Service

This page explains how to use the Antivirus Filtering service and how it can be configured securely. For more detailed information on what each option of the Antivirus Filtering settings is for, then please view the Antivirus Filtering page.

The Antivirus Filtering Service #

With the increase of mail born viruses, your users are constantly at risk of receiving a mail which could infect their computer. Antivirus Filtering can help prevent viruses from ever being allowed into your user's mailboxes, therefore automatically protecting all users with a single antivirus system. The Antivirus Filtering service allows you to use almost any existing antivirus product to scan incoming and outgoing mail.

Antivirus Scanners #

You can add one or more scanners to the Antivirus Filtering settings. Scanners are performed sequentially and some scanners may affect subsequent scanners. Therefore, you can also change the order of the scanners to achieve the desired effect. Each scanner has a name which is used to uniquely identify the scanner in the settings and also as an indication of the nature of the scanner.

Scanning and Actions #

Every scanner contains settings necessary to execute an antivirus application and one or more actions. Antivirus applications are used to indicate infected parts of a mail being filtered. If an infection is found in the mail, the list of actions is performed. Actions are performed sequentially and some actions may affect subsequent actions. Therefore, you can change the order of the actions to achieve the desired effect.

Example Uses of Antivirus Scanners #

Deciding which what kind of scanners to create is a reasonably straight forward process. Simply think of something you would like to achieve when filtering your mail and try to put that into a scan-action style sentence:

  • If mail contains infected parts -> strip all infected parts.
  • If mail contains infected parts -> add text to a log file showing some details.
  • If mail contains infected parts -> send an email to '####ADMINEMAIL####'.

Note that in the last example a field tag is used to send a new mail to the administrator using the system admin email address to specify the correct recipient, even if the admin email changes. Field tags can be used throughout Antivirus Filtering. For more information, please view the Using Field Tags page.

Security Considerations #

Some filtering actions must be used very carefully as they have the potential to cause serious problems.

Application Execution

Both scanning and actions can execute applications. It is very important that applications do not run for long periods of time with many instances running simultaneously as this can use up a lot of CPU time and cause your server to slow down considerably. Scanner application executions are only supposed to run for very short periods of time and then close, returning a value that can be used to indicate any infections. If the application does not return for a considerable length of time, it will be terminated and the file will be indicated as infected to be safe, possibly causing uninfected mails to be changed or deleted. The long wait for the application to close can also cause congestion in the Antivirus Filtering queue holding up all other mail passing into the system, eventually resulting in mails being discarded.

File Creation

Some actions can cause new files to be created. It is very important that this is moderated and set up with care as this could potentially lead to very large amounts of hard drive space to be used over a long period time resulting in hard drive space possibly even be used up completely, stopping your mail server from continuing to function properly.

New Mail Creation

Some actions can cause new mails to be created. It is very important that actions are not set up such that extremely large quantities of new mails are created unnecessarily and not noticed or removed from the system.