Loading...
Loading...

Trustwave Knowledge Base

Home » Knowledgebase » Trustwave MailMarshal (SEG) » INFO: What Virus Scanners are supported by SEG/MailMarshal?

INFO: What Virus Scanners are supported by SEG/MailMarshal?

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • What Virus Scanners are supported by SEG or MailMarshal?

Information:

This article discusses the virus scanning products that have been tested and proven to work with Trustwave SEG. Also listed are some scanners that SEG does not support.

There are several different methods by which SEG integrates with third party antivirus products. Those utilizing the DLL Interface have a greatly improved throughput compared to those utilizing a command line executable (roughly 10 times faster). Interface method is listed next to the product names listed in this article.

Important note: For all virus scanners, ensure the SEG working directories are excluded from any resident or on-access file monitoring or backups. This includes the Unpacking and quarantine directories. For more information on this and other facts regarding using anti-virus scanners, refer to Trustwave Knowledgebase article Q10369.

The following AntiVirus scanners are supported on Trustwave MailMarshal (SEG) version 6.X and above

  • Bitdefender for Marshal (DLL) SEG 7.5.6 and above
  • McAfee for Marshal  (DLL, Supports cleaning)
  • Sophos for Marshal  (DLL, Supports cleaning)
  • Sophos Anti-Virus (DLL, Supports cleaning) Not supported on SEG 8.0 or above, but see notes below for available options
    • Specifically, the "SAVI Interface"
  • Symantec AntiVirus Scan Engine (DLL, Supports remote installation and cleaning) Not currently supported on SEG 8.0 or above, see notes 
  • CA Anti-Virus (Previously called InoculateIT or eTrust EZAntiVirus)
  • McAfee Command Line Scanner (scan.exe)
  • NOD32 Anti-Virus 

Note that all Norman products are no longer supported as they are discontinued by the developer.

"Cleaning" of viruses has been removed in SEG 8.2 and above. For details, see article Q21054.

Please refer to the "Configuring Virus Scanners" topic in Help, or the "Stopping Viruses" topic in the SEG User Guide for further information.

For lists of scanners supported in earlier versions, see the end of this article.

Bitdefender for Marshal (DLL interface)

An integrated Bitdefender virus scanner, licensed through Trustwave, which utilizes the Bitdefender engine. It also features configurable automatic updating of the latest virus signature files, making it easier for administrators to have up-to-the-minute protection.

  • Licensing: Trial license keys support this scanner. Customers with full keys can contact Trustwave for a special time limited trial.
  • After installing Bitdefender for Marshal ensure that signature updates are complete and then simply choose the 'Bitdefender for Marshal' option in the Configurator or Management Console - there is no need to specify any parameters.
  • For more information see the Bitdefender for Marshal Release Notes.

    McAfee for Marshal (DLL interface)

    An integrated McAfee virus scanner, licensed through Trustwave, which utilizes the McAfee engine. It also features configurable automatic updating of the latest virus signature files, making it easier for administrators to have up-to-the-minute protection.

    • Licensing: Trial license keys support this scanner. Customers with full keys can contact Trustwave for a special time limited trial.
    • After installing McAfee for Marshal, simply choose the 'Marshal Integrated McAfee Antivirus' or 'McAfee for Marshal' option in the Configurator or Management Console - there is no need to specify any parameters.
    • Further installation information for McAfee for Marshal is available in Q10382.

    Sophos for Marshal (DLL interface)

    An integrated Sophos virus scanner, licensed through Trustwave, which utilizes the Sophos engine. It also features configurable automatic updating of the latest virus signature files, making it easier for administrators to have up-to-the-minute protection.

    • Licensing: Trial license keys support this scanner. Customers with full keys can contact Trustwave for a special time limited trial.
    • After installing Sophos for Marshal, simply choose the 'Sophos for Marshal' option in the Configurator or Management Console - there is no need to specify any parameters.
    • For more information see the Sophos for Marshal Release Notes. 

    Sophos Anti-Virus (DLL interface)

    Not available with SEG 8.0 and above. Use Sophos for Marshal instead. See the notes below.

    • When installing, either disable the Intercheck service (resident scanner) or apply file exclusions for the MailMarshal directories.
    • After installing Sophos, simply choose the 'Sophos AntiVirus (SAVI2 Interface)' option in the Configurator - there is no need to specify any parameters.

    Symantec (DLL interface)

    Symantec integration is available from MailMarshal SMTP 5.0 through 7.X. This product is not currently supported on SEG 8.0 or above, see notes below

    • Symantec AntiVirus Scan Engine (formerly CarrierScan Server) is the only product from Symantec/Norton currently integrating with SEG. SEG provides a DLL interface to this scanner. The Symantec AntiVirus Scan Engine is not in the standard line of products such as Norton Anti-Virus. If you do not have these specific products please contact your Symantec/Norton Reseller.
    • After installing Symantec AntiVirus Scan Engine, simply choose the 'Symantec AntiVirus Scan Engine (CarrierScan)' option in the Configurator - there is a requirement to insert the server name in the parameters field.

    Note: A common misconception is that SEG supports Norton AV Corporate Edition.  It does not.  Please review the following KB article:

    • Q10054: Does MailMarshal SMTP integrate with Norton AV Corporate edition?

    McAfee (command line)

    The command line scanner is a full 32 bit scanner (scan.exe) and is usually supplied along with other Network Associates products, including NetShield.  If you have installed Netshield, you will find scan.exe in Program Files | Common Files | Network Associates | VirusScan Engine.  If you have the product licensing and customer information for a legitimate copy of the software, you can go to the Network Associates web site and download the latest command line scanner. The command line scanner (scan.exe) is preferred to the GUI product (scan32.exe) in the MailMarshal environment as it is effective, simple, reliable, and quick.  Use the following string in the parameters field:

    /ALL /SUB /NOEXPIRE /ANALYZE /SECURE /NOBEEP "%CmdFileName%"

    Note: VirusScan Enterprise 8.5i does not include Scan.exe. Licensed users of this product may be able to download a compatible version of Scan.exe from McAfee (by logging in using the Grant Number). The new command line scanner csscan.exe CANNOT be used with MailMarshal because this scanner application does not return a code indicating virus found.

    McAfee NetShield

    Note: With VirusScan Enterprise 7.x and up, the functionality of the scan32.exe application has been more tightly integrated, preventing it from being used by other applications. Please use the McAfee Command Line Scanner (scan.exe) to perform command line scanning with the MailMarshal product.

    CA Anti-Virus (command line) 

    (Previously called Inoculate or EZAntiVirus)

    After installing CA Anti-Virus, simply choose it from the Configurator or Management Console. There is a requirement to specify the scanner application directory.

    For further installation information for CA Anti-virus please see Q11603.

    eTrust™ EZAntiVirus and InoculateIT (command line)

    InoculateIT has been rebranded as CA Antivirus.

    Versions prior to 6.0 are not supported - they cannot be run from a command line under MailMarshal. If the Realtime Monitor is enabled, then you can exclude MailMarshal's directories via Realtime Monitor Options | Filters tab | Directory.

    After installing eTrust™ EZAntiVirus or InoculateIT, simply choose the 'InoculateIT Ver 6.X' (for MailMarshal SMTP 6.0) or 'eTrust™ EZAntiVirus (formerly InoculateIT)' (for MailMarshal SMTP 6.1) option in the Configurator - there is a requirement to specify the scanner application directory, however there is no need to specify any parameters.

    Further installation information for 'eTrust™ EZAntiVirus' and 'InoculateIT' is available in Q10370.

    NOD32 (command line)

    There are two parts to this product:

    1. NOD32, which is the scanning engine and command line components
    2. AMON, which is for the on access/demand scanning and scheduling scans.

    NOD can also output its results to a log file that can either be set to be appended to or over written.  If you use the overwrite option you can attach this file to the MailMarshal Virus warning e-mail. This will inform the user as to what virus they have.  Use these parameters for nod32.exe:

    /quit+ /sound- /scanmem- /scanmbr- "%CmdFileName%"

    For information about the updated command line parameters and executable in Nod32 version 3 and above, see Q12706.



    Notes:

    SEG 8.0 and above Limitations

    Sophos (SAVI interface) and Symantec AntiVirus Scan Engine are not available for SEG 8.0 and above as of the date of this article, because a 64-bit interface DLL is not available. Trustwave will review the options for these scanners available if the scanner suppliers provide 64 bit access to scanning.  Note that you CAN use Sophos for Marshal with SEG 8.0 and above.

    • For customers currently licensed for Sophos (SAVI), Trustwave has agreed with Sophos to provide Sophos for Marshal, at no cost, for the remaining life of the customer's existing SAVI license.
    • At the next renewal, to continue using Sophos for Marshal, customers must purchase Sophos for Marshal licensing from Trustwave on normal terms.
    • To take advantage of this offer, customers (or partners) should contact their Trustwave account manager. Proof of the SAVI license is required, such as the original order confirmation.

    Using other anti-virus scanners not on this list

    The above list is not exhaustive and with a bit of experimentation, other alternatives may be used.  Please refer to Q10369 for more information.

    Anti-Virus Scanners not currently supported by SEG

    Below are scanners that do not currently work as a configured scanner under SEG. However, in most cases, SEG will happily function alongside these scanners in a network.

    • Norman Endpoint Protection/Norman Virus Control:  This product has been discontinued by the developer, Norman Shark.
    • McAfee
      csscan.exe command line scanner as provided with McAfee 8.5i is not supported (it does not return a code indicating virus found).
      scan32 (NetShield GUI) is not supported as a command line scanner.
    • Norton
      Norton Anti-Virus enterprise or corporate editions are not supported.
    • Kaspersky
      The Kaspersky for Marshal plugin is no longer supported. 
    • Authentium Comman AV
      Not currently supported.
    • Trend Micro
      Not currently supported.
    • F-Secure
      Not currently supported.
    • Panda Antivirus
      Not currently supported.
    • Vet Anti-Virus
      Not currently supported.

    This article was previously published as:
    NETIQKB29746
    Marshal KB183

    To contact Trustwave about this article or to request support:

    Rate this Article:
         

    Add Your Comments


    Comment submission is disabled for anonymous users.
    Please send feedback to Trustwave Technical Support or the Webmaster    .


    Execution: 0.031. 8 queries. Compression Disabled.
    Powered by InstantKB.NET