5. E-mail Scanner for MS Exchange Server 2003
5.1. Overview
The E-mail Scanner for MS Exchange Server 2003 configuration options are fully integrated within the AVG Email Server Edition 2011 as a server component.
The server components include the following:
Basic overview of the individual server components:
·
·
Anti-Spam - Anti-Spam Server for MS Exchange
Checks all incoming e-mail messages and marks unwanted e-mails as SPAM. It uses several analyzing methods to process each e-mail message, offering maximum possible protection against unwanted e-mail messages.
EMS (VSAPI) - E-mail Scanner for MS Exchange (VSAPI)
Checks all e-mail messages stored in user mailboxes. If any viruses are detected, they are moved to the Virus Vault, or completely removed.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 4
Double-click a required component to open its interface. With the exception of Anti-
Spam, all the components share the following common control buttons and links:
· Scan Results
Opens a new dialog where you can review scan results:
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 5
Here you can check messages divided into several tabs according to their severity. See configuration of individual components for amending the severity and reporting.
By default there are displayed only results for the last two days. You can change the displayed period by amending the following options: o Show last - insert preferred days and hours.
o o
Show selection - choose a custom time and date interval.
Show all - Displays results for the whole time period.
·
Use Refresh button to reload the results.
Refresh statistical values - updates stats displayed above.
· Reset statistical values - resets all the stats to zero.
The working buttons are as follows:
·
·
Settings - use this button to open settings of the component.
Back - press this button to return to the Server components overview.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 6
You will find more information on individual settings of all components in the chapters below.
5.2. E-mail Scanner for MS Exchange (VSAPI)
This item contains settings of the E-mail Scanner for MS Exchange (VSAPI).
The Basic Settings section contains the following options:
· Enable component - uncheck to disable the whole component.
· Language - select preferred component language.
The Logging settings section:
· Log file size - choose a preferred size of the log file. Default value: 100 MB.
The Scan settings section:
· Background Scan – you can enable or disable the background scanning process here. Background scanning is one of the features of the VSAPI 2.0/2.5
application interface. It provides threaded scanning of the Exchange Messaging
Databases. Whenever an item that has not been scanned with the latest AVG
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 7
· virus base update is encountered in the users’ mailbox folders, it is submitted to
AVG for Exchange Server to be scanned. Scanning and searching for the not examined objects runs in parallel.
A specific low priority thread is used for each database, which guarantees other tasks (e.g. e-mail messages storage in the Microsoft Exchange database) are always carried out preferentially.
Proactive Scan (incoming messages)
You can enable or disable the proactive scanning function of VSAPI 2.0/2.5 here.
This scanning occurs when an item is delivered to a folder, but a request has not been made by a client.
As soon as messages are submitted to the Exchange store, they enter the global scanning queue as low priority (maximum of 30 items). They are scanned on the first in, first out (FIFO) basis. If an item is accessed while still in the queue, it is changed to high priority.
Note: Overflow messages will continue to the store unscanned.
Note: Even if you disable both Background Scan and Proactive Scan options, the on access scanner will be still active when an user will try to download a message with the MS Outlook client.
·
·
Scan RTF - you can specify here, whether the RTF file type should be scanned or not.
Number of Scanning Threads - the scanning process is threaded by default to increase the overall scanning performance by a certain level of parallelism. You can change the threads count here.
The default number of threads is computed as 2 times the
‘number_of_processors’ + 1.
·
·
The minimum number of threads is computed as ('number of processors'+1) divided by 2.
The maximum number of threads is computed as 'Number of Processors' multiplied by 5 + 1.
If the value is the minimum or lesser value or the maximum or greater, the default value is used.
· Scan Timeout - the maximum continuous interval (in seconds) for one thread to access the message that is being scanned (the default value is 180 seconds).
The Scanning properties section:
Use Heuristics - check this box to enable heuristic analysis method during scanning.
Report Potentially Unwanted Programs and Spyware threats - check this
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 8
· option to report the presence of potentially unwanted programs and spyware.
Report enhanced set of Potentially Unwanted Programs - check to detect extended package of spyware: programs that are perfectly ok and harmless when acquired from the manufacturer directly, but can be misused for malicious purposes later, or programs that always harmless but might be unwanted
(various toolbars etc.). This is an additional measure that increases your computer security and comfort even more, however it can possibly block legal programs, and is therefore switched off by default. Note: This detection feature is additional to the previous option, so if you want protection from the basic types of spyware, always keep the previous box checked.
· Scan inside archives - check this option to let the scanner look also inside archived files (zip, rar, etc.)
The E-mail attachments reporting section allows you to choose which items should be reported during scanning. The default configuration can be easily amended in the
Detection actions section, part Information (see below).
The following options are available:
· Report password protected archives
·
·
Report password protected documents
Report files containing macro
· Report hidden extensions
Generally, all these features are user extensions of the Microsoft VSAPI 2.0/2.5
application interface services. For the detailed information on the VSAPI 2.0/2.5 please refer to the following links (and also the links accessible from the referenced ones):
· http://support.microsoft.com/default.aspx?scid=kb;enus;328841&Product=exch2k - for information on Exchange and antivirus software interaction
· http://support.microsoft.com/default.aspx?scid=kb;en-us;823166 for information on additional VSAPI 2.5 features in Exchange 2003 Server application.
There are also these sub-items available in the following tree structure:
·
·
Detection actions
Mail filtering
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 9
5.3. Detection Actions
In the Detection actions sub-item you can choose automatic actions that should take place during the scanning process.
The actions are available for the following items:
· Infections
·
·
PUP (Potentially Unwanted Programs)
Warnings
· Information
Use the roll-down menu to choose an action for each item:
·
·
·
None - no action will be taken.
Move to Vault - the given threat will be moved to Virus Vault.
Remove - the given threat will be removed.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
3 0
5.4. Mail Filtering
In the Mail Filtering sub-item you can choose which attachments should be automatically removed, if any. The following options are available:
·
·
Remove attachments - check this box to enable the feature.
Remove all executable files - removes all executables.
·
·
Remove all documents - removes all document files.
Remove files with these comma separated extensions - fill the box with file extensions you wish to automatically remove. Separate the extensions with comma.
A V G E mail Server E dition 2 0 1 1 © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
3 1