Chapter 1 - Introducing Microsoft Antigen for SMTP Gateways
Applies to: Microsoft Antigen
Microsoft® Antigen for SMTP Gateways Version 9 provides complete protection for Microsoft Simple Mail Transfer Protocol (SMTP) services running on the Windows Server® 2003 or Microsoft Windows® 2000 Server operating system. It is designed to eliminate the infiltration of viruses into your environment as well as provide file and content filtering to control unwanted message traffic and proactively block viruses before they have been identified by virus labs.
Antigen for SMTP Gateways provides keyword message body filtering, mailhost filtering with real-time block list (RBL) integration, and enhanced file and content filtering that includes filter lists to help administrators manage large groups of filters.
Antigen for SMTP Gateways also supports the optional Antigen Spam Manager. This add-in module helps administrators minimize the number of spam e-mail messages that enter their messaging environments.
The Antigen Spam Manager enhances Antigen for SMTP Gateways content filtering by providing:
- Support for the Cloudmark anti-spam engine.
- Support for Microsoft Exchange Server 2003 anti-spam features.
- Identify: Tag Message options for suspected spam message tracking and identification.
- Keyword filter options.
- Junk Mail folders for Outlook® users.
Antigen for SMTP Gateways also integrates with the Antigen Enterprise Manager. The Antigen Enterprise Manager provides administrators with central installation and reporting functionality and central administration of Antigen for SMTP Gateways on all servers in their environment.
Consideration when using a third-party file-level antivirus program
When performing a file-level antivirus scan on a server operating system, you must omit the following program folders from the scan to prevent corruption of Antigen:
- Drive:\Program Files\Sybari Software\Antigen for SMTP
- Drive:\InetPub\Mailroot (2003 only)
The file-level antivirus scan can also cause a conflict when Antigen tries to scan e-mail messages.
Antigen scanning order overview
When Antigen scans a file or an e-mail message, the following tasks are performed in the order that they appear:
Allowed senders scan—If the allowed senders list functionality is enabled, Antigen compares the message sender's domain or address to the allowed senders list. If a message is from a domain or address in the allowed senders list, the message is delivered to the recipient and the rest of the scanning tasks that are described in this list are bypassed.
You can configure the allowed senders list functionality to bypass specific types of filters, such as keyword filters, file filters, and content filters, or you can bypass all filters.
For more information about allowed senders lists, see "Creating allowed senders lists" in Chapter 11 - Using keyword filtering.
Cloudmark engine scan—The Cloudmark engine compares the message contents against a database of known spam. For more information about the Cloudmark engine, see Chapter 13 - Antigen Spam Manager overview.
Mailhost filtering scan—Mailhost filtering filters messages from specific IP addresses or from specific server names. Mailhost filtering consists of the following lists:
- RBL servers list—Contains server names and IP addresses that are known to originate spam or are spam open relay hosts. Antigen compares the message sender to the RBL servers list to determine whether the message was sent from a spam server.
- Allowed mailhosts list—Contains server names and IP addresses that are considered safe. Antigen compares the message sender to this list to determine whether the message sender is considered safe. If a message is from a server or IP address in the allowed mailhosts list, the message is delivered to the recipient and the rest of the scanning tasks that are described in this list are bypassed.
- Rejected mailhosts list—Contains server names and IP addresses that have been blocked. Antigen compares the message sender to the rejected mailhosts list to determine whether the message sender has been blocked.
For more information about mailhost filtering, see Chapter 10 - Using mailhost filtering.
Content filtering scan—Content filtering includes the following filters:
- Sender-domains filtering—When sender-domain filtering is enabled, Antigen compares the message sender to the senders and domains that are in the sender-domains filter list.
- Subject line filtering—When subject line filtering is enabled, Antigen compares the contents of the message's subject line to the words in the subject line filter list.
For more information about content filtering, see Chapter 9 - Using content filtering.
Keyword filtering scan—When keyword filtering is enabled, Antigen compares the contents of the message to any keyword filter lists that have been created. For more information about keyword filtering, see Chapter 11 - Using keyword filtering.
Attachment scan—If the e-mail message has an attachment, Antigen scans it for worms and viruses:
- Worm purge—The worm purge tool maintains the WormPrge.dat file, which contains a list of known worms. This list is regularly updated and maintained by Antigen. The contents of the message are compared to the list of known worms.
For more information about worm purging, see Chapter 12 - Purging messages infected by worms. - File filtering—When file filtering is enabled, Antigen compares the contents of the message to the file filter list. The file filter list provides you with the ability to search for attachments with a specific name, type, and size within an e-mail message.
For more information about file filtering, see Chapter 8 - Using file filtering. - Virus cleaning—Antigen uses multiple virus scan engines to determine whether the attachment contains a virus. For more information about using multiple scan engines, see Chapter 5 - Implementing multiple scan engines and setting bias modes.
Body scan—The body of the message is compared to the worm list that is maintained in the WormPrge.dat file. If no worms are found, Antigen then scans the body of the message for viruses.
Antigen documentation
The most current Antigen for SMTP Gateways documentation, including the Microsoft Antigen for SMTP Gateways Quick Start Guide and the Microsoft Antigen Spam Manager Best Practices Guide, is available at the Microsoft Antigen TechNet Library.