Scott, thanks for your reply. > > I have been experimenting with running McAfee VirusScan > > Enterprise v7.1.0 on a server running Imail v8.12. > > McAfee VirusScan is configured to ignore (does not scan) > > file types MBX and NBX. > > Well, that part is good. That will help minimize the very > high CPU usage (you'll still find it scanning temporary files > IMail uses, E-mails as they arrive, and mailbox files that > IMail is manipulating). And it will help prevent entire > mailboxes from being deleted (it can still happen if they > using a different extension, such as .~bx, however).
VirusScan has not moved a .~bx file...yet. > > Virus/worm laden files (D*.SMD) are detected as > > SMTPd32.exe writes the file to disk. > > No. Some virus/worm laden files are detected. Various virus > scanners will detect different amounts, anywhere from none to > many. I haven't heard of a desktop scanner that can detect most. VirusScan appears to be finding 100% of the virus laden messages I used to find via Imail filters for executable file attachments. My incoming virusbox is empty. Prior to experimenting with VirusScan I was trapping thousands per day. Plus it is finding the JavaScript Trojans in HTML messages. > Note that by doing that, it will also leave the Q*.SMD file, > which can cause problems. For example, you are likely to get > blank E-mails, and will have a hard time delivering E-mails > if there are false positives (although that should be rare). I have considered this issue and have been tracking it. So far, I have not found any orphaned SMD files nor have I seen any blank e-mail messages. Speculation and wishful thinking to follow... I think SMTPd32.exe is taking care of this. It may attempt to write the D*.SMD file, then check if the D*.SMD file is still in the SPOOL directory before attempting to create the Q*.SMD file. Something is preventing the accumulation of Q*.SMD files. > Other issues include poor logging (it may log that it finds > viruses, but you would have to do a lot of work to find out > who it was sent from/to), no notifications, no ability to use > multiple virus scanners, no mailserver AV vulnerability > detection, etc. I will agree with you on these points. But, at this point in time,... I do not care who sent the virus/worm laden message. I do not need notifications. I just want to kill the virus/worm laden messages. > It's kind of like using IMail filters to block attachments -- > it's a "poor man's" way of doing it. If you can put up with > the drawbacks, the price is right (free or nearly free!). > But if you need a very high level of accuracy, you need the > right tool for the job. Yes, low cost and simple. db To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
