Scan Incoming Messages for Computer Viruses

Regardless if you use our Anti-Virus-Scanner-Interface or not...

If you run a file-level anti-virus package on the machine where the Pytheas.Mailgate service is installed, you should create a folder for temporary storage of incoming messages, then make a reference to this folder on the Service options / Incoming mail tab in the Configuration Program (this is possible with v.2.30 and later). Exclude this folder from the virus scan.

Overview

Il you have an anti-virus package able to use the virus-scanning-interface of your mail server, you do not need the anti-virus interface built into PYTHEAS MailGate.

Il you have an anti-virus package able to scan at SMTP level, we recommend using this feature, and insert the virus scanner between PYTHEAS MailGate and your mail server: on the Your mail server page in the PYTHEAS MailGate Configuration Program, configure the IP address/port of the incoming SMTP interface of your virus scanner. Have the virus-scanner forward the mail to your mail server.

If your anti-virus package does not have any of the features mentioned above, you may be interested in the anti-virus interface built into PYTHEAS MailGate, carry on reading.

What do you need?

A real-time, server-based virus scanner which you hopefully already have somewhere in your network, protecting one of your file servers. Your virus scanner should be able to analyze MIME encoded messages in its real-time scan, and preferably zip archives. If you are in doubt, go on reading - you will find out later.
PYTHEAS MailGate version 2.30, or later.

Configure virus scanning of incoming messages

Virus scanner and `Pytheas.Mailgate` service (the Communication Task) on the same machine

Very important: define a folder for temporary storage of incoming messages on the Service options / Incoming tab. Exclude this folder from the virus scan.
Create another folder where the virus scan should be performed, and select this folder on the Content checking / Virus check / Virus scanner page.

Virus scanner and `Pytheas.Mailgate` service (the Communication Task) on different machines

Create a folder where the virus scan should happen, on the machine with the running virus scanner. Share this folder, give R/W permissions to user account which will be used to start the Pytheas.Mailgate service (see below).
On the Content checking / Virus check / Virus scanner page, configure access to this shared folder in UNC notation (\\Server\Share\Folder); avoid using a drive letter.
The Pytheas.Mailgate service accesses this shared folder through the network. To make this possible, please configure the Pytheas.Mailgate service to start up with a "real" user account, which has R/W permissions in the shared folder. By the way, this user account also needs R/W permissions in the Program files/PytheasMailgate folder and its subfolders (and maybe the SpamAssassin subsystem, too).

Configure the virus-scanning software

Configure the way the real time scan (on-access-scan) is performed in the following way:

scan MIME encoded messages (this is mandatory),
check inside archives (this is optional). Set it to 2 levels deep, as in some virus scanning packages the MIME encoding counts for one level already. So zip archives inside MIME encoded messages should be scanned for viruses.

Checking folder name (C:\Temp\VCheck)... - Ok, folder found. Checking C/R/W/D permissions in C:\Temp\VCheck... - Permissions ok. Make test message with attached EICAR virus (C:\Temp\PmgTmp\EICAR.tmp)... - Done. Copy test message to folder watched by the virus scanner... - Done. File name: C:\Temp\VCheck\pmg-vcheck-EICAR.msg - Test message swallowed by the virus scanner. - Ok, this is what should happen.

Try it

Go to the Try tab on the Virus check configuration page. This will submit a message "infected" by the harmless EICAR virus to your virus scanner. If your real-time virus scanner and PYTHEAS MailGate work together as expected, you should get a result similar to the text on the right. In case something does not work as expected, it will try to give you some idea what to check.