Anti-Virus Scanning

 

External Anti-Virus Scanners

 

The installation of third party antivirus scanners on the archiving server is generally not recommended. Since MailArchiva is an archiving server, it is writing to thousands of files on a continuous basis. The antivirus product may slow the archiving server down and secondly, if the anti-virus product discovers a virus (even a false positive), it may modify files in a manner that could cause unpredictable behavior.

 

If the use of external anti-virus products is a strong requirement, please ensure that MailArchiva's file system locations are excluded from the antivirus scanning. In addition, all index and store directories ought to be excluded. Please also be aware that archiving and search performance will also be affected.

The in-built antivirus scanning feature of MailArchiva (outlined below) does not quarantine or remove viruses. It only flags them in the GUI.

 

In-Built Anti-Virus Scanner

 

Although in the majority of cases, MailArchiva receives emails for archiving after they have already been processed by the mail server's antivirus scanner, for extra protection, it is possible to configure MailArchiva to perform additional antivirus scanning.  To enable this feature, it is necessary to install the ClamAV antivirus scanner (preferably on the same machine running MailArchiva)

 

Windows Setup Instructions

 

Please refer to the Clam-AV website. Modify the clamd.conf file as in the Ubuntu setup instructions below.

 

Ubuntu Setup Instructions

 

Install the ClamAV antivirus scanner from the terminal prompt as follows:

 

apt-get install clamav
apt-get install clamav-daemon

 

Modify the /etc/clamav/clamd.conf configuration file as follows:

 

LocalSocket /var/run/clamav/clamd.ctl
TCPSocket 3310
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 50
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true

 

Note: The line TCPSocket 3310 was added to the configuration above. This causes Clam to listen on port 3310 for scanning jobs.

 

After modifying the configuration as above, reconfigure clamd as follows:

 

dpkg-reconfigure clamav-base

 

MailArchiva Clam-AV Setup

 

Thereafter, login to the MailArchiva console. From Configuration->Archive modify the Clamd configuration to point to the newly installed Clam deamon.

 

Antivirus Options

 

 

Identifying Viruses

 

Emails that contain viruses are still archived for record keeping purposes, however, they show up with a Bug icon in the search results. The intention is to warn users that the email may contain a virus.

 

Antivirus

 

Was this information helpful?

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please make sure you spelled the page name correctly or use the search box.