To offer an extensive level of virus protection, SecurityGateway includes two anti-virus engines: Clam AntiVirus (ClamAV™) and IKARUS Anti-Virus. ClamAV is an open source (GPL) anti-virus toolkit designed especially for mail gateways. IKARUS Anti-Virus offers reliable protection from malicious and potentially hostile programs. It combines traditional anti-virus defense methods with the latest proactive technologies. SecurityGateway also includes Outbreak Protection, which offers an additional layer of protection against virus outbreaks.
Configuration
Enable virus scanning
Virus scanning is enabled by default in SecurityGateway. Clear this checkbox if you do not wish to scan messages for viruses.
If the antivirus engine determines that a message is infected:
Use this option to designate the action to take when a message is found to contain a virus.
|
If you have enabled the "Attempt to clean infected messages" option below, SecurityGateway will first try to clean an infected message (i.e. remove the virus) rather than immediately refuse or quarantine it. If it succeeds then the message will be accepted and delivered. If the message cannot be cleaned then the message will be refused or quarantined. |
...refuse the message
When this option is selected, messages are refused during the SMTP session when they are found to contain a virus. This is the default option.
...quarantine the message
Choose this option if you wish to place infected messages in the administrative quarantine rather than refuse them.
Quarantine messages that cannot be scanned
Click this option if you wish to quarantine messages that for some reason cannot be scanned by the anti-virus engines. An example of this type of message would be one with a password-protected zipped attachment. When this option is disabled, messages that cannot be scanned will be delivered normally. This option is enabled by default.
Allow message to pass if one Antivirus engine scans successfully
Check this box if you wish to allow a message to pass if at least one of the anti-virus engines can scan it successfully. Otherwise, if either of the engines can't successfully scan the message, then it will be quarantined.
Exclude the files listed below
Use this option to define specific files or file-types that you wish to exclude from the Quarantine messages that cannot be scanned restriction. File masks and wildcards are allowed, such as: *.zip, secret?.zip, *.doc?, and the like.
Attempt to clean infected messages
By default SecurityGateway will first attempt to remove a virus from (i.e. "clean") an infected message rather than immediately refuse or quarantine it. If the message is successfully cleaned then it will be delivered normally. If the message cannot be cleaned then it will be refused or quarantined, depending on the option that you have selected above. Clear this checkbox if you do not wish to attempt to clean infected messages. In that case infected messages will immediately be refused or quarantined.
Flag attachments with documents that contain macros as virus
Use this option to detect macros in documents during virus scanning.
Exclusions
Do not scan messages from allowlisted IP addresses
Enable this option if you wish to exempt messages from virus scanning when they come from an allowlisted IP address.
Do not scan messages from domain mail servers
Enable this option if you wish to exempt messages from virus scanning when they are from one of your domain mail servers.
Do not scan messages sent from email addresses listed below
Use this option if you wish to exempt messages from virus scanning when they come from these specific senders.
Virus Scanning Engines (all domains)
Use the ClamAV engine to scan messages
By default SecurityGateway will use the ClamAV anti-virus engine to scan messages for viruses. Clear this checkbox if you do not with to use the ClamAV engine to scan messages.
Use the IKARUS Anti-Virus engine to scan messages
By default SecurityGateway will use the IKARUS Anti-Virus engine to scan messages for viruses. Clear this checkbox if you do not with to use IKARUS Anti-Virus to scan messages.
|
Enabling both of these options means that SecurityGateway will scan each message twice - once with each engine. This can give you an extra layer of protection since one engine could identify a virus that the other might miss. |
Exceptions - Domains
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its Virus Scanning settings, or click Reset to reset the domain's settings to the default Global values.
