Alt-N Technologies have released their latest version of SecurityPlus, the antivirus plugin for MDaemon. This new version adds a second layer of defense with an additional AV engine, ClamAV. (Previously it included only the anti-virus engine from Kaspersky Labs.)
Currently each AV engine needs to be configured separately. By default both are enabled. If you find emails being blocked after updating to SecurityPlus v5.1.0 you will need to go in and configure the new Clam AV. Please read on.
After updating your SecurityPlus to v5.1.0 you will now have a new option under the Security menu titled “ClamAV Plugin”. If you have any AV exclusions configured prior to this update, then you will need to add these same exclusions into ClamAV.
In the ClamAV options click the “Configure Exceptions” button. If you only have a handful of entries to do then you can manually enter the exclusions here.
Each AV has two types of exclusions. You can exclude an email address that messages are BOUND for (meaning exclude when an email is TO a certain email address), or you can make an exclusion when an email is FROM a certain email address.
If you have many AV exclusions you may find copying this information from a configuration file much easier and time saving. The exclusion configuration file for the Kaspersky AV is found in the \MDaemon\App\CfExcludes.dat file (open in Notepad). You are looking for the entries under the [VIRUS_EXCLUDES] and [VIRUS_EXCLUDES_FROM] headings. The former being the option to exclude messages TO a certain email address.
The exclusion file for ClamAV is located in the \MDaemon\SecurityPlus\ClamAVPlugin\excludes.dat file (open in Notepad). This file is slightly different with it’s headings. You will see [EXCLUDE_TO] and [EXCLUDE_FROM] headings. Any entries under [VIRUS_EXCLUDES] should be copied under [EXCLUDE_TO], and any entries under [VIRUS_EXCLUDES_FROM] should be copied under the [EXCLUDE_FROM] heading.
***NOTE: if you manually copied entries over instead of using the GUI you will need to restart the MDaemon service for the changes to take effect.
Password Protected Files
Alt-N has added a separate exclusion list for file types of password protected files for the purpose of allowing them through the AV filtering stage. By default MDaemon will quarantine any attachments that are password protected. This is a safety precaution because an AV cannot fully scan a password protected file. This exclusion is specifically for the Kaspersky AV. The ClamAV addon has no such setting. It’s simply allow, or to not allow, password protected files. For this reason, we recommend configuring ClamAV to allow all password protected files and use the Kaspersky AV to limit which password protected files types are allowed (if any!).
To configure ClamAV to allow password protected files open MDaemon and click Security | ClamAV Plugin. Place a check mark beside the option stating “Allow password-protected files that can not be scanned”. OK the change.
If you need to allow a certain type of file through that is password protected you will want to make the below changes.
Open MDaemon and click Security | AntiVirus. Ensure the option stating “Allow password-protected files in exclusion list..” is enabled, and then click the “Configure Exclusions” button just to the right hand side of this option. Here is where you can enter a file type (i.e. *.pdf).
If you have any questions regarding this upgrade please feel free to contact us at support<at>ccsoftware.ca.