Anti-Virus Recommendations

[m1byo]

I have just implimented NOD32 2.7 onto a Windows NT 4.0 Server running AMS!

I have tried loading the default settings included in AMS for this AV application and the test always returns a fail.

The only success I have had is to use the following settings:
"%s" /selfcheck- /sound- /quit+ /scanmbr- /scanmem- /scanboot- /arch+ /pack+ /sfx+ /mailbox+ /antistealth+ /all /heur+ /ah /delete

And detect when the file is deleted!

anyone got any ideas why this isnt returning the correct value for the virus?

Thanks

Ian

[Code Crafters]

There is a new update AMS 2.62 due out next week that contains new preset values for the latest version Eset NOD32 3.0. These settings are below.

File Path: C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
Arguments: /base-dir="C:\Program Files\ESET\ESET NOD32 Antivirus" /no-boots /arch /mail /sfx /rtp /adware /unsafe /unwanted /pattern /heur /adv-heur /action=none /no-quarantine "%s"
Check for File Delete: No
Regturn Value: 1:*

[m1byo]

Hello All,

I have also upgraded from AVG7.5 to AVG8.0 on another one of my servers, and once again all the settings have changed, and this time AVG seem to have removed the return codes from the command line scanner.

The new values which I have implimented which seem to work are:

File Path=C:\Program Files\AVG\AVG8\avgscanx.exe
arguments=/ARC /HEUR /CLEAN /SCAN="%s"
Check for File Delete: Yes
Return Value:

I hope this helps others!

Thanks

Ian

[Code Crafters]

We'll check the new version of AVG for its new settings and also update those for the preset approved antivirus scanner settings within Ability Mail Server.

I would expect though that by using the /clean parameter with AVG, that is why it is deleting your file rather than just giving you a return value. Try removing that and take no action on infected mail parts as AMS will do that for you.

[m1byo]

Hello Chris,

I initially started by using the commands without the /CLEAN function and it always failed when I clicked the Test AV scanner button.

I then continued to read the documentation provided on the Grisoft website, it seems that 7.5 has all of the return codes documented, however 8.0 does not have any return codes documented and the guides for setting up the 8.0 command line scanner with other applications all use the /clean switch.

To check they had not changed everything on its head, I even changed the expected return value to 0:* and once again clicked Test AV scanner, to which it failed.

As soon as I enabled the check for file deletion, it immediately worked, and seems to be a little quicker.

If I am wrong, then I would greatly appreciate someone elses input to get it to work correctly.

Thanks very much

Ian

[Code Crafters]

Its very possible that they have changed the latest version to delete files rather than give an application return value on closing. All files given to the command line scanners are temporary copies of parts of the mail anyway so that they can be deleted without actually affecting the original mail so using check for delete is fine. We will of course download and test this and add the new settings which we approve. For now, if file delete works fine then by all means use it. Also, check that avgscanx.exe is the most appropriate or only command line scanner. There may be an avgscan.exe or other executable that acts differently.

[m1byo]

With regards to the command-line scanner for AVG8.0

avgscanx.exe is the x32 operating system command line scanner
avgscana.exe is the x64 operating system command line scanner

as far as I am aware, the installation of AVG will only install either the a or the x version.

Hope this helps

Ian

[Code Crafters]

Use whatever works for now. We'll look into it and update the preset approved settings in the AMS2 next update.

[waterman34]

Guys whats the overall feeling on how good ESET NOD32 Antivirus is at protecting the server as well as an email scanner within AMS?

We currently have AVG installed with resident shield enabled and so far haven't had any problems in that department, the only downside is where you start using it to scan emails and the CPU usage can go through the roof. So if we really want to start pushing email scanning to our customers we obviously have 2 choices, either we find a way to effectively run AVG or look at NOD32 as a completely different solution.

Personally I've never heard of NOD32 until now so would rather start looking at ways to run AMS on there first as it's *done the job* for us to date and I trust it, anyone got it running successfully with 400+ user accounts?

[Pugglewuggle]

Yes, it works on our server with over 400 accounts.

[Code Crafters]

I have also upgraded from AVG7.5 to AVG8.0 on another one of my servers, and once again all the settings have changed, and this time AVG seem to have removed the return codes from the command line scanner.

The new values which I have implimented which seem to work are:

File Path=C:\Program Files\AVG\AVG8\avgscanx.exe
arguments=/ARC /HEUR /CLEAN /SCAN="%s"
Check for File Delete: Yes
Return Value:

avgscanx.exe is the x32 operating system command line scanner
avgscana.exe is the x64 operating system command line scanner

After downloading and testing the new AVG 8.0, I have determined that the return values still do exist and the /clean parameter is not needed as long as AVG isn't running scans in the background which it shouldn't be on a mail server as this can interfere with communication. You should use the command line scanner directly with AMS only. Therefore, the new AVG presets for version 2.63 will be:

Application Path: avgscanx.exe
Parameters: /arc /heur /scan="%s"
Return Value: 1:*
Check for File Delete: No