[Top] [Prev] [Next] [Bottom]




Blocking viruses


The default configuration for MIMEsweeper provides comprehensive protection from viruses. You can add to this if required, by defining your own VALEXE plug-in validator instances in the [Validation] configuration section.

The VALEXE validator provides a link to a standalone application, such as an anti-virus tool, to enable it to perform the validation task.

For MAILsweeper the [Validation]configuration section is found in the validator configuration file, VALIDATE.CFG. For WEBsweeper it is found in the http and ftp configuration files, HTTP.CFG and FTP.CFG.

For example:

[Validation]
FPROT=VALEXE
...
AVTOOL=VALEXE

[AVTOOL]
ExeName=C:\MSW\PROGRAM\AVTOOL.EXE
CmdLine=%s
ApplicationType=DOS
FilePos=0
0=Success
1=VIRUSPRESENT
7=ScanFailed

In this example, a new VALEXE validator instance, called AVTOOL, is created. It is defined in the [Validation] section and a corresponding [AVTOOL] configuration section is created in the body of the file.

The return code from the application is mapped to a <Response>, using the information in the configuration section for the VALEXE instance.

VALEXE first writes the data being validated to a temporary file. It then runs the standalone application, providing it with any required command line arguments.

Using the [AVTOOL] example on the previous page, if the return code is 1 then the <Response> generated in this instance is VIRUSPRESENT.

Each <Response> used by the VALEXE validator instance must have a corresponding entry in the [Disposal] configuration section.

The [Disposal]section can be found in the mail configuration file, MIMESWP.CFG for MAILsweeper, or the http and ftp configuration files, HTTP.CFG and FTP.CFG for WEBsweeper.

This entry maps the <Response> to a final disposition for the message or Web data.

For example:

[Disposal]
DEFAULTDISPOSAL=Clean
...
Success=Clean
...
ScanFailed=Failure
...
VIRUSPRESENT=Virus
...
LOADFAILURE=FailedLoad

In this example, if the highest priority <Response> generated by validation is VIRUSPRESENT1 then the final disposition for the message or Web data will be Virus.

See the Disposal section on page 7-21 for more details.

For performance reasons, virus scanning should be limited to only the relevant data types, for example, executables, documents, text and binaries.

This can be achieved by including one or more PerformIf directives in the VALEXE instance configuration section.

For example:

[AVTOOL]
PerformIf=ContainerClass==Executable
PerformIf=ContainerClass==Document
PerformIf=ContainerClass==Text
PerformIf=ContainerClass==Binary
ExeName=C:\MSW\PROGRAM\AVTOOL.EXE
CmdLine=%s
ApplicationType=DOS
FilePos=0
0=Success
1=VIRUSPRESENT
7=ScanFailed

For more details on VALEXE see page 7-75. For more details on the PerformIf directive see page 7-107.

 


[Top] [Prev] [Next] [Bottom]



1 The VIRUSPRESENT <Response> is used to indicate that a virus has been detected.

msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.