Documentation for Alt-N MDaemon

Content Filter and Anti-virus

Filtering messages and scanning for viruses.

The Content Filter dialog (Security Content Filter…) can be used for a large number of purposes such as: preventing spam email, intercepting messages containing viruses before they reach their final destination, copying certain emails to one or more additional users, appending a note or disclaimer to the bottom of messages, adding and deleting headers, stripping email attachments, deleting messages, and more. Because individual Content Filter rules are created by the administrator, and because of their diversity, they can be used in many situations and are limited for the most part only be the creativity of the person creating them. With a little bit of thought and experimentation, this feature can be very useful.

MDaemon version 8 has integrated support for AntiVirus for MDaemon. Alt-N Technologies, in a joint effort with Kaspersky Labs a world-renowned anti-virus software developer, has developed AntiVirus, an anti-virus engine that can be installed and integrated with MDaemon. When AntiVirus is installed you will see two additional tabs on the Content Filter dialog. These tabs are used to directly control the product's features and designate what actions MDaemon will take when a virus is detected. To obtain AntiVirus for MDaemon, visit www.altn.com.

All messages processed by MDaemon will at some point reside temporarily in one of the message queues. When Content Filtering is enabled, before any message is allowed to leave the queue it will first be processed through the Content Filter rules. The result of this procedure will determine what is done with the message.

Content Filtering Rules

Enable rules processing engine

Click this checkbox to enable content filtering. All messages processed by MDaemon will be filtered through the content filter rules before being delivered.

Existing Content Filter Rules

This box lists all rules in the order that they will be applied to a message. This makes it possible for you to arrange your rules to achieve a greater level of versatility.

For example: If you have a rule that deletes all messages containing the words, "This is Spam!" and a similar rule that sends those messages to the Postmaster, then putting them in the right order will enable both rules to be applied to the message. This assumes that there isn't a "Stop Processing Rules" rule that applies to the message higher up in the list. If so, then you would use the Move Up/Move Down buttons to move the "Stop" rule below the other two. Now any message containing "This is Spam!" would be copied to the Postmaster and then deleted.

New rule

Click this button to create a new content filter rule. This will open the Setup New Rule dialog.

Edit rule

Click this button to open the selected rule in the Modify Rule editor.

Copy rule

Click this button to clone the selected content filter rule. An identical rule will be created and added to the list. The new rule will be given a default name called "Copy of [Original Rule Name]". This is useful if you wish to create multiple similar rules. You can create a single rule, clone it several times, and then modify the copies as needed.

Delete rule

Click this button to delete the selected content filter rule. You will be asked to confirm your decision to delete the Rule before MDaemon will do so.

Move up

Click this button to move the selected rule up.

Move down

Click this button to move the selected rule down.

Rule Description [Rule Name] (Enabled/Disabled)

This box displays the currently selected rule in its internal script format. Click any of the rule's conditions (listed as a hyperlink) and the appropriate editor will be opened for changing that particular condition.

This dialog is used for creating Content Filter Rules. It is reached by clicking the New Rule button on the Content Filter dialog.

Give This Rule a Name

Type a descriptive name for your new rule here. By default it will be called "New Rule #n".

Define New Content Filter Rule

Select conditions for this rule

This box lists the conditions that may be applied to your new rule. Click the checkbox corresponding to any condition that you want to be applied to the new rule. Each enabled condition will appear in the Rule Description box below. Most Conditions will require additional information that you will specify by clicking on the Condition's hyperlink in the Rule Description box.

If the [HEADER] contains-Click any of these options to base your rule on the content of those particular message headers. You must specify the text for which to scan. This condition now supports regular expressions. See "Using Regular Expressions in Your Filter Rules".

If the user defined [# HEADER] contains-Click one or more of these options to base the rule on message headers that you will define. You must specify the new header, and the text for which to scan. This condition now supports regular expressions. See "Using Regular Expressions in Your Filter Rules".

If the MESSAGE BODY contains-This option makes the contents of the message body one of the conditions. This condition requires you to specify a text string for which to search. This condition now supports regular expressions. See "Using Regular Expressions in Your Filter Rules".

If the MESSAGE has Attachment(s)-When this option is selected, the rule will be contingent upon the presence of one or more message attachments. No additional information is required.

If the MESSAGE SIZE is greater than-Click this option if you want the rule to be based upon the size of the message. The size must be specified in KB. Default is 10KB.

If the MESSAGE HAS A FILE called-This option will scan for a file attachment with a particular name. The filename must be specified. Wildcards such as *.exe and file*.* are permitted.

If message is INFECTED…-This condition is TRUE when AntiVirus for MDaemon determines that a message is infected with a virus.

If the EXIT CODE from a previous run process is equal to-If a previous rule in your list utilizes the Run Process action, you can use this condition to look for a specific exit code from that process.

If the MESSAGE IS DIGITALLY SIGNED-The condition applies to messages that have been digitally signed. No further information is required by this condition.

If ALL MESSAGES-Click this option if you want the rule to be applied to all messages. No further information is required; this rule will affect every message except those to which a "Stop Processing Rules" or "Delete Message" action has been applied in a previous rule.

Select actions for this rule

MDaemon can perform these actions if a message matches the rule's conditions. A few Actions will require additional information that you will specify by clicking on the Action's hyperlink in the Rule Description box.

Delete Message-Selecting this action will cause the message to be deleted.

Strip All Attachments From Message-This action causes all attachments to be stripped from the message.

Move Message To Bad Message Directory-Click this action to cause a message to be moved to the bad message directory.

Skip n Rules-Selecting this action will cause a specified number of rules to be skipped. This is useful in situations where you may want a rule to be applied in certain circumstances but not in others.

For example: you may wish to delete messages that contain the word "Spam", but not those that contain "Good Spam". To accomplish this you could create a rule that deletes messages containing "Spam" and then place above it another rule that states "if the message contains "Good Spam" then Skip 1 Rule".

Stop Processing Rules-This action will skip all remaining rules.

Copy Message To Specified User(s)-Causes a copy of the message to be sent to one or more recipients. You must specify which recipients are to receive the message.

Append Standard Disclaimer-This action makes it possible for you to create a small amount of text that will be appended as a footer to the message. Alternatively, it can add the contents of a text file.

For example: you could use this rule to include a statement that says "This email originated from my company, please direct any complaints or questions to me@mycompany.com".

Add Extra Header Item To Message-This action will add an additional header to the message. You must specify the name of the new header and its value.

Delete A Header Item From Message-This action will remove a header from a message. You must specify the header that you wish to delete.

Send Note To... -This action will send an email to a particular address. You will be able to specify the recipient, sender, subject, and a small amount of text. You can also configure this action to attach the original message to the note.

For example: you might wish to create a rule that will move all messages containing "This is Spam!" to the bad message directory and create another rule that will send a note to someone letting them know that this has been done.

Remove Digital Signature-Click this action to cause a digital signature to be removed from the message.

Run Process…-This action can be used to run a particular program when a message meets the rule's conditions. You must specify the path to the program that you wish to run. You can use the $MESSAGEFILENAME$ macro to pass the name of the message to the process, and you can specify whether or not MDaemon should suspend its operations temporarily or indefinitely while it waits for the process to terminate. Further, you can force the process to terminate and/or run it in a hidden window.

Send Message Through SMS Gateway Server…-Click this option to send the message through an SMS Gateway Server. You must supply the Host or IP Address and the SMS phone number.

Copy Message to Folder…-Use this option to place a copy of the message into a specific folder.

Add Line To Text File-This option will cause a line of text to be added to a specific text file. When choosing this action you will have to specify the path to the file and the text that you want to be appended to it. You may use certain MDaemon macros in your text to cause the content filter to dynamically include information about the message such as the sender, recipient, message ID, and so on. Click the Macros button on the "Add line to text file" dialog to display a list of permitted macros.

CONTENT FILTER EDITOR

Move Message to Public Folders…-Use this action to cause the message to be moved to one or more Public Folders.

Search and Replace Words in a Header-Use this option to scan a specified header for certain words and then delete or replace them. When creating this rule, click the "specify information" link in the Rule Description to open the "Header - Search and Replace" dialog on which you will designate the header and words to replace or delete. This action now supports regular expressions. See "Using Regular Expressions in Your Filter Rules" below.

Search and Replace Words in the Message Body-Use this option to scan the message body and replace any desired text. This action now supports regular expressions. See "Using Regular Expressions in Your Filter Rules" below.

Jump to Rule…-Use this action to jump immediately to a rule further down in the list, skipping over all rules between the two.

Sign with DomainKeys selector …-Use this action if you want the rule to cause a message to contain a DomainKeys signature. You can also use it if you wish to sign some messages using a selector other than the one designated on the DomainKeys dialog.

Rule description

This box displays the new rule's internal script format. Click any of the rule's conditions or actions (listed as hyperlinks) and the appropriate editor will be opened for specifying any needed information.

Modifying an Existing Content Filter Rule

To modify an existing content filter rule, select the rule and then click the Edit Rule button on the Content Filter dialog. The rule will be opened for editing in the Modify Rule editor. The controls on this editor are identical to the Create Rule Dialog.

Using Regular Expressions in Your Filter Rules

Previously, the Content Filtering system only supported searches for specific text strings. Now, it supports "regular expression" searches, which is a more powerful system that also makes it possible for you to search for text patterns. Regular expressions contain a mix of plain text and special characters that indicate what kind of matching to do, and can thus make your Content Filter rules more powerful and better targeted.

What are Regular Expressions?

A regular expression (regexp) is a text pattern consisting of a combination of special characters known as metacharacters and alphanumeric text characters, or "literals" (abc, 123, and so on). The pattern is used to match against text strings-with the result of the match being either successful or not. Regexps are used primarily for regular text matches and for search and replace.

Metacharacters are special characters that have specific functions and uses within regular expressions. The regexp implementation within the MDaemon Content Filtering system allows the following metacharacters:

\ | () [] ^ $ * + ? . <>

	When used before a metacharacter, the backslash ( "\" ) causes the metacharacter to be treated as a literal character. This is necessary if you want the regular expression to search for one of the special characters that are used as metacharacters. For example, to search for "+" your expressions must include "+".
|	The alternation character (also called "or" or "bar") is used when you want either expression on the side of the character to match the target string. The regexp "abc|xyz" will match any occurrence of either "abc" or "xyz" when searching a text string.
[]	A set of characters contained in brackets ("[" and "]") means that any character in the set may match the searched text string. A dash ("-") between characters in the brackets denotes a range of characters. For example, searching the string "abc" with the regexp "[a-z]" will yield three matches: "a," "b, " and "c. " Using the expression "[az]" will yield only one match: "a."
^	Denotes the beginning of the line. In the target string, "abc ab a" the expression "^a" will yield one match-the first character in the target string. The regexp "^ab" will also yield one match-the first two characters in the target string.
[^]	The caret ("^") immediately following the left-bracket ("[") has a different meaning. It is used to exclude the remaining characters within brackets from matching the target string. The expression "[^0-9]" indicates that the target character should not be a digit.
()	The parenthesis affects the order of pattern evaluation, and also serves as a tagged expression that can be used in search and replace expressions. The results of a search with a regular expression are kept temporarily and can be used in the replace expression to build a new expression. In the replace expression, you can include a "&" or "�" character, which will be replaced by the sub-string found by the regular expression during the search. So, if the search expression "a(bcd)e" finds a sub-string match, then a replace expression of "123-&-123" or "123-�-123" will replace the matched text with "123-abcde-123". Similarly, you can also use the special characters "1," "2," "3," and so on in the replace expression. These characters will be replaced only by the results of the tagged expression instead of the entire sub-string match. The number following the backslash denotes which tagged expression you wish to reference (in the case of a regexp containing more than one tagged expression). For example, if your search expression is "(123)(456)" and your replace expression is "a-2-b-1" then a matching sub-string will be replaced with "a-456-b-123" whereas a replace expression of "a-�-b" will be replaced with "a-123456-b".
$	The dollar sign ("$") denotes the end of the line. In the text string, "13 321 123" the expression "3$" will yield one match-the last character in the string. The regexp "123$" will also yield one match-the last three characters in the target string.
*	The asterisk ("*") quantifier indicates that the character to its left must match zero or more occurrences of the character in a row. Thus, "1*abc" will match the text "111abc" and "abc."
+	Similar to the asterisk quantifier, the "+" quantifier indicates that the character to its left must match one or more occurrences of the character in a row. Thus, "1+abc" will match the text "111abc" but not "abc."
?	The question mark ("?") quantifier indicates that the character to its left must match zero or one times. Thus, "1*abc" will match the text "abc," and it will match the "1abc" portion of "111abc."
.	The period or dot (".") metacharacter will match any other character. Thus ".+abc" will match "123456abc," and "a.c" will match "aac," abc," acc," and so on.

Eligible Conditions and Actions

Regular expressions may be used in any Header filter rule Condition. For example, any rule using the "if the FROM HEADER contains" condition. Regular expressions may also be used in the "if the MESSAGE BODY contains" condition.

Regular expressions may be used in two Content Filter rule Actions: "Search and Replace Words in a Header" and "Search and Replace Words in the Message Body."

Configuring a Regexp in a Rule's Condition

To configure a header or message body condition to use a regular expression:

1. On the Create Rule dialog, click the checkbox that corresponds to the header or message body condition that you wish to insert into your rule.
2. In the summary area at the bottom of the Create Rule dialog, click the "contains specific strings" link that corresponds to the condition that you selected in step 1. This will open the Specify Search Text dialog.
3. Click the "contains" link in the "Currently specified strings…" area.
4. Choose "Matches Regular Expression" from the drop-down list box, and click OK.
5. If you need help creating your regexp or want to test it then click "Test regular expression." If you do not need to use the Test Regular Expression dialog then type your regexp into the text box provided, click Add, and then go to step 8.
6. Type your regular expression into the "Search expression" text box. To simplify the process we have provided a shortcut menu that can be used to easily insert the desired metacharacters into your regexp. Click the ">" button to access this menu. When you choose an option from this menu its corresponding metacharacter will be inserted into the expression and the text insertion point will be moved to the appropriate place required by the character.
7. Type any text that you wish to use to test your expression in the text area provided, and click Test. When you are finished testing your expression, click OK.
8. Click OK.
9. Continue creating your rule normally.

Configuring a Regexp in a Rule's Action

To configure a "Search and Replace Words in…" action to use a regular expression:

1. On the Create Rule dialog, click the checkbox that corresponds to the "Search and Replace Words in…" action that you wish to insert into your rule.
2. In the summary area at the bottom of the Create Rule dialog, click the "specify information" link that corresponds to the action that you selected in step 1. This will open the Search and Replace dialog.
3. If you chose the "Search…header" action in step 1, then use the drop-down list box provided to choose the header that you wish to search, or type a header into the box if the desired header isn't listed. If you did not choose the "Search…header" action in step 1 then skip this step.
4. Type the search expression that you wish to use in this action. To simplify the process we have provided a shortcut menu that can be used to easily insert the desired metacharacters into your regexp. Click the ">" button to access this menu. When you choose an option from this menu its corresponding metacharacter will be inserted into the expression and the text insertion point will be moved to the appropriate place required by the character.
5. Type the replace expression that you wish to use in this action. As with the search expression we have provided a metacharacter shortcut menu for this option as well. Leave this text box blank if you wish to delete a matched sub-string instead of replace it with more text.
6. Click "Match case" if you want the expression to be case sensitive.
7. Click "Regular expression" if you want the search and replace strings to be treated as regular expressions. Otherwise each will be treated as a simple sub-string search and replace-it will look for an exact literal match of the text rather than process it as a regular expression.
8. If you do not need to test your expression then skip this step. If you do need to test your expression then click "Run Test." On the Search and Replace Tester dialog, type your search and replace expressions and the text that you wish to test with, then click Test. When you are finished testing your regexps click OK.
9. Click OK.
10. Continue creating your rule normally.

Use this tab to specify attachments that you wish to classify as allowed or restricted. Attachments that are not allowed will be automatically removed from messages. There is also a section used for designating email addresses as administrators. The administrator section corresponds to the "send…to administrator" controls on the Notifications tab.

Administrators

Addresses listed in this area are considered administrators and correspond to the Administrator controls located on the Notifications tab. These addresses will receive notification messages when one of the Administrator options is selected on that tab. To add an address to this section, type it into the space provided and then click Add. To remove an address, select it from the list and then click Remove.

Restricted Attachments

Filenames specified in RESTRICT these files list will be stripped from messages automatically when MDaemon encounters them. If you list any files in the ALLOW these files only list, then only those files listed will be permitted-all other attachments will be stripped from messages. After the attachment is stripped, MDaemon will continue normally and delivery the message without it. You can use the controls on the Notifications tab to cause a notification message to be sent to various addresses when one of these restricted attachments is encountered.

Wildcards are permitted in list entries. An entry of "*.exe", for example, would cause all attachments ending with the EXE file extension to be allowed or removed. To add an entry to either of the lists, type the filename in the space provided and the click Add.

Configure Exclusions

Click Configure Exclusions to specify addresses that you wish to exclude from attachment restriction monitoring. When a message is directed to one of these addresses MDaemon will allow the message to pass even if it contains a restricted attachment.

With the controls on this tab you can cause message attachments to be automatically compressed or decompressed before the message is delivered. The level of compression can be controlled as well as several other parameters and exclusions. This feature could significantly reduce the amount of bandwidth and throughput required to deliver your outbound messages.

Outbound Compression

Enable compression of attachments for outbound messages

Click this checkbox if you want to enable automatic message attachment compression for outbound remote mail messages. Enabling this control will not cause all message attachments to be compressed; it simply turns the feature on. Whether an outbound message's files are compressed or not is determined by the remaining settings on this tab.

Compress outbound local domain attachments

Enabling this control will cause the file compression settings to be applied to all outbound mail - even those messages whose destination is another local address.

Compression Options

Create self-extracting zips

Click this checkbox if you want the compression files that MDaemon creates to be self-extracting zip files with an EXE file extension. This is useful if you are concerned that the message recipients may not have access to a decompression utility. Self-extracting zip files can be decompressed simply by double-clicking on them.

Compress only if compression % is greater than XX%

MDaemon will not compress a message's attachments before sending it unless they can be compressed by a percentage greater than the value specified in this control. For example, if you designate a value of 20 and a given attachment can't be compressed by at least 21% then MDaemon will not compress it before sending the message.

Compress if total attachment size is greater than XX KB

When automatic attachment compression is enabled, MDaemon will only attempt to compress a message's attachments when their total size exceeds the value specified here. Messages with total attachment sizes below this threshold will be delivered normally with the attachments unchanged.

Compression level

Use the drop-down list box to choose the degree of compression that you want MDaemon to apply to automatically compressed attachments. You can choose three levels of compression: minimum (fastest compression process with least compression), medium (default value), or maximum (slowest compression process but highest degree of compression).

Use fixed archive name: [archive name]

Click this checkbox and choose a name if you want the automatically compressed attachments to have a specific filename.

Compression exclusions

Exclude these attachments…

Click this button to specify files that you want to exclude from the automatic compression features. When a message attachment matches one of these filenames it will not be compressed, regardless of the compression settings. Wildcards are permitted in these entries. Therefore, you could specify "*.exe", for example, and all files ending with ".exe" would remain uncompressed.

Exclude these domains…

Click this button to specify recipient domains whose messages you wish to exclude from automatic compression. Messages bound for these domains will not have their file attachments compressed, regardless of your compression settings.

Inbound Decompression

Enable decompression of attachments for inbound messages

Click this checkbox if you want to enable automatic decompression of inbound remote mail message attachments. When a message arrives with a zipped attachment, MDaemon will decompress it before delivering it to the local user's mailbox.

Decompress inbound local domain attachments

Enable this control if you want automatic decompression to apply to local mail as well.

This tab (and the AntiVirus Updater tab) will only be visible when you have installed AntiVirus for MDaemon. To obtain AntiVirus for MDaemon, visit www.altn.com.

Scanner Configuration

Enable AntiVirus scanner

Click this checkbox to enable AntiVirus scanning of messages. When MDaemon receives a message with attachments, it will activate AntiVirus for MDaemon and scan them for viruses before delivering the message to its final destination.

Exclude gateways from virus scanning

Click this checkbox if you want messages bound for one of MDaemon's domain gateways to be excluded from virus scanning. This may be desirable for those who wish to leave the scanning of those messages to the domain's own mail server. For more information on domain gateways, see Domain Gateways.

Refuse to accept messages that are infected with viruses

Click this option is you wish to scan incoming messages for viruses during the SMTP session rather than after the session is concluded, and then reject those messages found to contain viruses. Because each incoming message is scanned before MDaemon officially accepts the message and concludes the session, the sending server is still responsible for it-the message hasn't technically been delivered yet. Thus the message can be rejected outright when a virus is found. Further, because the message was rejected, no further AntiVirus related actions listed on this dialog will be taken. No quarantine or cleaning procedures will be taken, and no notification messages will be sent. This can greatly reduce the number of infected messages and virus notification messages that you and your users receive.

The SMTP-(in) log will show the result of AV processing. The possible results you might see are:

1. the message was scanned and found infected with a virus
2. the message was scanned and no virus was found
3. the message could not be scanned (usually because a ZIP or other type or attachment could not be opened/accessed)
4. the message could not be scanned (it exceeds the max size limit)
5. an error occurred during the scan

Configure Exclusions

Click the Configure Exclusions button to specify recipient addresses to exclude from virus scanning. Messages bound for these addresses will not be scanned for viruses by AntiVirus for MDaemon. Wildcards are allowed in these addresses. You could therefore use this feature to exclude entire domains or specific mailboxes across all domains. For example, "*@example.com or "VirusArchive@*".

Scanner Actions

Click one of the option buttons in this section to designate the action that MDaemon will take when AntiVirus for MDaemon detects a virus.

Delete the infected attachment

This option will delete the infected attachment. The message will still be delivered to the recipient but without the infected attachment. You can use the "Add a warning…" control on the bottom of this dialog to add text to the message informing the user that an infected attachment was deleted.

Quarantine the infected attachment to…

Choose this option and specify a location in the space provided if you want infected attachments to be quarantined to that location rather than deleted or cleaned. Like the "Delete the infected attachment" option, the message will still be delivered to the recipient but without the infected attachment.

Clean the infected attachment

When this option is chosen, AntiVirus for MDaemon will attempt to clean, or disable, the infected attachment. If the attachment cannot be cleaned, it will be deleted.

Delete the entire message

This option will delete the entire message rather than just the attachment when a virus is found. Because this deletes the whole message, the "Add a warning…" option doesn't apply. However, you can still send a notification message to the recipient by using the controls on the Notifications tab.

Quarantine the entire message to…

This option is like the "Delete the entire message" option above, but the message will be quarantined in the specified location rather than deleted.

Do nothing (use content filter to handle)

Choose this option if you wish to take none of the above actions, and have set up content filter rules to take some alternative actions instead.

Add a warning message to the top of the message body if infected

When one of the "…attachment" options is chosen above, click this option if you want to add some warning text to the top of the previously infected message before it is delivered to the recipient. Thus you can inform the recipient that the attachment was stripped and why.

Warning message

Click this button to display the warning text that will be added to messages when the "Add a warning message…" feature is used. After making any desired changes to the text, click "OK" to close the dialog and save the changes.

Use the controls on this tab to manually or automatically update AntiVirus for MDaemon's virus definitions. There is a scheduler for automatic updating, a report viewer so that you can review when and which updates have been downloaded, and a test feature used for confirming that you your virus scanning is working properly.

Scanner info

This section tells you whether AntiVirus for MDaemon is installed and, if so, what version you are running. It also lists the date of your last virus definition update.

Updater Configuration

Activate urgent updates

Click this checkbox to activate the urgent updates feature. With this feature enabled, AntiVirus will immediately connect to the update location and download the high-priority update whenever MDaemon receives an "Urgent Update" message. To receive these messages you must first subscribe to the "Urgent Updates" mailing list. See the Subscribe control below.

Subscribe

This button to opens your default browser to Alt-N Technologies' Urgent Updates subscription page. On that page enter your domain name to subscribe your domain to the Urgent Updates mailing list.

250 CONTENT FILTER EDITOR

Whenever there is an urgent update to AntiVirus for MDaemon's virus definitions, an email will be dispatched to the domain. When MDaemon receives the message, AntiVirus will be updated immediately.

Update AV signatures now

Click this button to update the virus definitions manually. The updater will connect immediately after the button is pressed.

Configure updater

Click this button to open the updater. The Updater contains three tabs: Update URLs, Connection, and Proxy.

The Update URLs tab contains a list of sites to which AntiVirus for MDaemon will connect to check for virus signature updates. You can add and remove web sites to and from the list, and move the URLs up and down in the list by using the provided arrow buttons; the web sites are checked for updates from top to bottom. Clicking the control, "Use random starting point in the URL list" will cause the sites to be checked in random order rather than in the order that they are listed.

The Connection tab is used to designate the Internet Connection Profile that you wish AntiVirus for MDaemon to use when connecting to the update sites. The "Use Internet Settings from Control Panel" option uses your default Internet settings. The "Setup Internet settings manually" option and subsequent controls can be used to manually choose a Connection Profile and designate its user name and password settings.

The Proxy tab contains options for configuring any HTTP or FTP proxy settings that your current network configuration may require in order to connect to the update sites.

View update report

The AntiVirus for MDaemon Log Viewer is opened by clicking the View update report button. The viewer lists the times, actions taken, and other information about each update.

Scheduler

Click this button to open MDaemon's Event Scheduler to the AntiVirus Updates tab. The controls on this tab are similar to those on the Send & Receive Mail tab and can be used to schedule checks for virus signature updates at specific times on specific days or by a Simple Scheduling method that causes AntiVirus for MDaemon to check for updates once every so many minutes. There is also an Activate urgent updates option on this tab that can be used to activate or deactivate Automatic Urgent Updates. This option is the same as the control of the same name described above.

Test Scanner

Send EICAR

Click this button to send a test message to the postmaster, with the EICAR virus file attached. This attachment is harmless - it is merely used to test AntiVirus for MDaemon. By watching the Content Filter's log window on MDaemon's main interface you can see what MDaemon does with this message when it is received. For example, depending upon your settings, you might see a log excerpt that looks something like this:

Mon 2002-02-25 18:14:49: Processing C:\MDAEMON\LOCALQ\md75000001128.msgMon 2002-02-25 18:14:49: > eicar.com (C:\MDaemon\CFilter\TEMP\cf1772420862.att)Mon 2002-02-25 18:14:49: > Message from: postmaster@mycompany.comMon 2002-02-25 18:14:49: > Message to: postmaster@mycompany.com
Mon 2002-02-25 18:14:49: > Message subject: EICAR Test MessageMon 2002-02-25 18:14:49: > Message ID:<MDAEMON10001200202251814.AA1447619@mycompany.com>Mon 2002-02-25 18:14:49: Performing viral scan...Mon 2002-02-25 18:14:50: > eicar.com is infected by EICAR-Test-FileMon 2002-02-25 18:14:50: > eicar.com was removed from messageMon 2002-02-25 18:14:50: > eicar.com quarantined toC:\MDAEMON\CFILTER\QUARANT\Mon 2002-02-25 18:14:50: > Total attachments scanned : 1 (includingmultipart/alternatives)Mon 2002-02-25 18:14:50: > Total attachments infected : 1 Mon 2002-02-25 18:14:50: > Total attachments disinfected: 0 Mon 2002-02-25 18:14:50: > Total attachments removed : 1 Mon 2002-02-25 18:14:50: > Total errors while scanning : 0 Mon 2002-02-25 18:14:50: > Virus notification sent to postmaster@mycompany.com (sender)Mon 2002-02-25 18:14:50: > Virus notification sent to postmaster@mycompany.com (recipient)Mon 2002-02-25 18:14:50: > Virus notification sent to postmaster@mycompany.com (admin)Mon 2002-02-25 18:14:50: > Virus notification sent to postmaster@example.com(admin)Mon 2002-02-25 18:14:50: Processing complete (matched 0 of 12 active rules)

Use this tab to designate those who should receive notification messages when a virus or restricted attachment is detected.

Notification Messages

Notification message from:

Use this control for specifying the address from which you want the notification message to come.

Send virus notification message to…

When a message arrives with a file attachment containing a virus, a warning message will be sent to the individuals designated in this section. A customized warning message can be sent to the sender, recipient, and the administrators that you have designated on the Admins/Attachments tab. To customize the message for any of the three entries, select one of them from the list and then edit the message that appears on the bottom half of this tab. Each entry has its own message, though by default this isn't obvious since all three are identical.

Send restricted attachment notification message to…

When a message arrives with a file attachment matching a restricted attachment entry (listed on the Admins/Attachments tab) a warning message will be sent to the individuals designated in this section. A customized warning message can be sent to the sender, recipient, and the administrators that you have designated on the Admins/Attachments tab. To customize the message for any of the three entries, select

CONTENT FILTER EDITOR

one of them from the list and then edit the message that appears on the bottom half of this tab. Each entry has its own message, though by default this isn't obvious since all three are identical.

Subject

This text will be displayed in the "Subject:" header of the notification message that is sent.

Message

This is the message that will be sent to the entry selected in the list above when the checkbox corresponding to that entry is enabled. You can directly edit this message from the box in which it is displayed.

Message Macros

For your convenience, certain macros may be used in the notification messages and other messages that the Content Filters generate. You may use any of the following macros:

$ACTUALTO$ Some messages may contain an "ActualTo" field which generally represents the destination mailbox and host as it was entered by the original user prior to any reformatting or alias translation. This macro is replaced with that value.

$AV_VERSION$ Lists the version of AntiVirus for MDaemon that you are using.

$CURRENTTIME$ This macro is replaced with the current time when the message is being processed.

$ACTUALFROM$ Some messages may contain an "ActualFrom" field which generally represents the origination mailbox and host prior to any reformatting or alias translation. This macro is replaced with that value.

$FILTERRULENAME$ This macro is replaced by the name of the rule whose criteria the message matched.

$HEADER:XX$ This macro will cause the value of the header specified in place of the "xx" to be expanded in the reformatted message. For example: If the original message has "TO: joe@mdaemon.com" then the

CHAPTER 14 CONTENT FILTER AND ANTI-VIRUS

$HEADER:TO$ macro will expand to "joe@mdaemon.com". If the original message has "Subject: This is the subject" then the $HEADER:SUBJECT$ macro would be replaced with the text "This is the subject"

$HEADER:MESSAGE-ID$ As with $HEADER:XX$ above, this macro will expand to the value of the Message-ID header.

$LIST_ATTACHMENTS_REMOVED$ When one or more attachments are removed from the message, this $LIST_VIRUSES_FOUND$ $MESSAGEFILENAME$ $MESSAGEID$ $PRIMARYDOMAIN$

$PRIMARYIP$

$RECIPIENT$ $RECIPIENTDOMAIN$ $RECIPIENTMAILBOX$

$REPLYTO$ $SENDER$ $SENDERDOMAIN$

$SENDERMAILBOX$

$SUBJECT$ macro will list them.

When one or more viruses is found in a message, this macro will list them. This macro expands to the file name of the current message being processed.

As $HEADER:MESSAGE-ID$ above, except this macro strips "<>" from the value of the message ID. Expands to MDaemon's primary domain name, which is designated on the Primary Domain Configuration dialog (click Setup Primary Domain). This macro expands to the IP address of your primary domain (specified on the Primary Domain Configuration dialog)

This macro resolves to the full address of the message recipient. This macro will insert the domain name of the message recipient.

Lists the recipient's mailbox (the value to the left of "@" in the email address). This macro expands to the value of the message's "Reply-to" header.

Expands to the full address from which the message was sent. This macro will insert the domain name of the message's sender (the value to the right of "@" in the email address). Lists the sender's mailbox (the value to the left of "@" in the email address).

Displays the text contained in the message's subject.