To offer an extensive level of virus protection, SecurityGateway includes two anti-virus engines: Clam AntiVirus (ClamAV™) and CYREN AntiVirus. ClamAV is an open source (GPL) anti-virus toolkit designed especially for mail gateways. CYREN AV offers reliable protection from malicious and potentially hostile programs. It combines traditional anti-virus methods with the latest proactive technologies. SecurityGateway also includes Outbreak Protection from CYREN, which offers an additional layer of protection against virus outbreaks.
Configuration
Enable virus scanning
Virus scanning is enabled by default in SecurityGateway. Clear this checkbox if you do not wish to scan messages for viruses.
If the antivirus engine determines that a message is infected:
Use this option to designate the action to take when a message is found to contain a virus.
|
If you have enabled the "Attempt to clean infected messages" option below, SecurityGateway will first try to clean an infected message (i.e. remove the virus) rather than immediately refuse or quarantine it. If it succeeds then the message will be accepted and delivered. If the message cannot be cleaned then the message will be refused or quarantined. |
...refuse the message
When this option is selected, messages are refused during the SMTP session when they are found to contain a virus. This is the default option.
...quarantine the message
Choose this option if you wish to place infected messages in the administrative quarantine rather than refuse them.
Quarantine messages that cannot be scanned
Click this option if you wish to quarantine messages that for some reason cannot be scanned by the anti-virus engine. An example of this type of message would be one with a password-protected zipped attached. When this option is disabled, messages that cannot be scanned will be delivered normally. This option is disabled by default.
Exclude the files listed below
Use this option to define specific files or file-types that you wish to exclude from the Quarantine messages that cannot be scanned restriction. File masks and wildcards are allowed, such as: *.zip, secret?.zip, *.doc?, and the like.
Attempt to clean infected messages
By default SecurityGateway will first attempt to remove a virus from (i.e. "clean") an infected message rather than immediately refuse or quarantine it. If the message is successfully cleaned then it will be delivered normally. If the message cannot be cleaned then it will be refused or quarantined, depending on the option that you have selected above. Clear this checkbox if you do not wish to attempt to clean infected messages. In that case infected messages will immediately be refused or quarantined.
Flag attachments with documents that contain macros as virus
Use this option to detect macros in documents during virus scanning.
Exclusions
Exclude messages from whitelisted IP addresses and hosts
Enable this option if you wish to exempt messages from virus scanning when they come from a whitelisted IP address or host.
Exclude messages from whitelisted senders
Enable this option if you wish to exempt messages from virus scanning when they come from one of the addresses on the Addresses Whitelist.
Exclude messages from domain mail servers
Enable this option if you wish to exempt messages from virus scanning when they are from one of your domain mail servers.
Do not scan messages sent from email addresses listed below
Use this option if you wish to exempt messages from virus scanning when the come from certain specific senders.
Virus Scanning Engines (all domains)
Use the ClamAV engine to scan messages
By default SecurityGateway will use the ClamAV anti-virus engine to scan messages for viruses. Clear this checkbox if you do not with to use the ClamAV engine to scan messages.
Use the CYREN Anti-Virus engine to scan messages
By default SecurityGateway will use the CYREN Anti-Virus engine to scan messages for viruses. Clear this checkbox if you do not with to use CYREN AV to scan messages.
|
Enabling both of these options means that SecurityGateway will scan each message twice - once with each engine. This can give you an extra layer of protection since one engine could identify a virus that the other might miss. |
Exceptions - Domains
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its Virus Scanning settings, or click Reset to reset the domain's settings to the default Global values.
