Chapter 18 - Using e-mail notifications

  • Article

 

Applies to: Microsoft Antigen

E-mail notifications are critical in keeping Microsoft® Exchange Server users informed about changes that occur to their attachments due to virus cleaning and file filtering, or informing users of infections that exist when a virus is detected and not cleaned. E-mail notifications are also important to administrators who prefer to have information delivered directly to their mailbox instead of continually checking logs for activity.

Sending notifications

Antigen utilizes SMTP messaging for notification purposes, placing the message in the SMTP service Pickup folder and resolving the Exchange name with the Active Directory® directory service. By default, the server profile used for this purpose is: Antigen**_**Server_Name. For example: Antigen_EX_Server1. To change the server profile, you must modify the FromAddress registry value.

To change the FromAddress registry value on Exchange 2000/2003

  1. Open the registry editor and navigate to the following registry value:

    HKEY_LOCAL_MACHINE\SOFTWARE\SybariSoftware\Notifications\FromAddress

  2. Change the default value to the sender name you would like. Alphanumeric characters are acceptable. You can also use the at sign (@) or a period (.), but these characters cannot be the first or last character. Any illegal characters will be replaced with an underscore (_).

  3. You must restart the Exchange and Antigen services for this change to take effect.

Configuring notifications

There are various types of notification messages and each can be individually configured.

To configure notifications

  1. Select Notification in the REPORT shuttle. The Notification Setup work pane appears.

    The top pane of the Notification Setup work pane contains the list of default notification roles. Each role can be customized, as well as enabled or disabled. For more information about each of the roles, see About notification roles.

  2. Enable those notifications that are to be in effect. For more information, see Enabling and disabling a notification.

    Note

    Scan job configurations control whether a scan job will send any enabled notifications.

  3. Make the desired changes to the notifications that are to be enabled. For more information, see Editing a notification.

  4. Click Save.

Note

The following is an example of a configured file-filter notification:
Subject: Antigen Notification: Antigen found a message matching a filter
Date: Tuesday 07 November 2006 15:50
From: Antigen_EX_Server1
To: joe@contoso.com

Microsoft Antigen for Exchange found a message matching a filter. The message is currently Purged. Message: "Hello"
Filter name: "KEYWORD= spam: xxx "
Sent from: "Nicole Holliday"
Folder: "SMTP Messages\Inbound"
Location: "contoso.com/First Administrative Group/SAMPLEDC"
If you have questions, contact:
helpdesk@contoso.com / 5551212

About notification roles

The following list describes the various notification roles. Typically, each notification is used for reporting the who, what, where, and when details of the infection or the filtering performed, including the disposition of the virus or the attachment.

Role Description

Virus Administrators

Alerts administrators of all viruses detected on a server being protected by Antigen.

Virus Sender (internal)

Use this notification to alert the sender of the infection if the sender is an Exchange user in your organization. The typical message would include help in determining the extent of infection on the user’s own computer, who to call, and how to proceed.

Virus Sender (external)

Alerts the sender of the infection if the sender is not a user in your organization.

Virus Recipients (internal)

Alerts the recipient of the infection if the recipient is an Exchange user in your organization. The typical message would include help in determining the extent of infection on the user's own computer, who to call, and how to proceed.

Virus Recipients (external):

Alerts the recipient of the infection if the recipient is not a user in your organization.

File Administrators

Alerts administrators of all files that are filtered by file filtering on the server being protected by Antigen. This notification is also used for messages purged by the file filter.

File Sender (internal)

Alerts the sender of the filtered attachment if the sender is an Exchange user in your organization. This notification is also used for messages purged by the file filter.

File Sender (external)

Alerts the sender of the filtered attachment if the sender is not a user in your organization. This notification is also used for messages purged by the file filter.

File Recipients (internal)

Alerts the recipient of the filtered attachment if the recipient is an Exchange user in your organization. This notification is also used for messages purged by the file filter.

File Recipients (external)

Alerts the recipient of the filtered attachment if the recipient is not a user in your organization. This notification is also used for messages purged by the file filter.

Worm Administrators

Alerts administrators of all worm messages that are detected or purged by Antigen.

Content Administrators

Alerts administrators of all messages that are filtered by content filtering (sender-domains and subject line filtering).

Content Sender (internal)

Alerts the sender that a message was filtered by sender or subject line filtering if the sender is an Exchange user in your organization.

Content Sender (external)

Alerts the sender that a message was filtered by sender or subject line filtering if the sender is not a user in your organization.

Content Recipients (internal)

Alerts the recipient that a message was filtered by sender or subject line filtering if the recipient is an Exchange user in your organization.

Content Recipients (external)

Alerts the recipient that a message was filtered by sender or subject line filtering if the recipient is not a user in your organization.

Keyword Administrators

Alerts administrators of all messages that are filtered by keyword filtering.

Keyword Sender (internal)

Alerts the sender that a message was filtered by keyword filtering if the sender is an Exchange user in your organization.

Keyword Sender (external)

Alerts the sender that a message was filtered by keyword filtering if the sender is not an Exchange user in your organization.

Keyword Recipients (internal)

Alerts the recipient that a message was filtered by keyword filtering if the recipient is an Exchange user in your organization.

Keyword Recipients (external)

Alerts the recipient that a message was filtered by keyword filtering if the recipient is not an Exchange user in your organization.

Spam/RBL Administrators

Alerts administrators of all messages that are filtered by a spam engine or RBL filters.

Configuring Antigen for internal addresses

Internal addresses must be identified in Antigen so that the proper notifications can be sent to senders and recipients. Internal addresses are configured in the General Options pane or in an external text file. For information on configuring internal addresses, see Chapter 4 - Using the Antigen Administrator.

Enabling and disabling a notification

The Enable and Disable buttons in the Notification Setup work pane let you selectively enable or disable any selected notification. The current status of each notification is displayed in the list in the top pane, under the State column. A change made to the status of a notification takes effect as soon as you click Save.

Note

Scan job configurations control whether a scan job will send any enabled notifications.

Editing a notification

The changes that are made to the lower portion of the Notification Setup work pane apply to the notification role currently selected in the notification list. If no changes have been made to the selected notification, the Save and Cancel buttons appear dimmed. Making any change to the configuration will activate these buttons. If you make a change to a notification and try moving to another notification role or shuttle icon, you will be prompted to save or discard your changes. All changes take effect immediately on saving them.

The following are the fields that can be edited:

Field Description

To

A semicolon-separated list of people and groups who will receive the notification. This list can include Exchange names, aliases, groups, and keyword substitution macros. Notifications may also be sent to cc and bcc recipients.

Subject

The message that will be sent on the subject line of the notification. This field can include keyword substitution macros.

Body

The message that will be sent as the body of the notification. This field can include keyword substitution macros. (Administrators may also include the MIME headers in this field by inserting the %MIME% macro.)

Antigen provides keywords that can be used in the notification fields to obtain information from the message in which the infection was found or filtering was performed. For more information about this feature, see Appendix C - Using keyword substitution macros.

Chapter 17 - Antigen Spam Manager overview

Chapter 19 - Reporting and statistics overview