Appendix B - Setting registry keys
Applies to: Microsoft Antigen
Warning
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. Make sure that you back up the registry before you modify it, and that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see Microsoft Knowledge Base article Windows registry information for advanced users.
Antigen for SMTP Gateways stores many settings in the Windows registry. You seldom have to edit the registry yourself, because most of those settings are derived from entries you make in General Options. There are, however, some additional settings you may occasionally need to make. Antigen for SMTP Gateways stores registry values in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for SMTP
| Variable | Description and values |
|---|---|
AdditionalEngines |
Allows users to use locally installed antivirus engines by specifying the engines in the DWORD value for this registry key. |
AdditionalTypeChecking |
Antigen for SMTP Gateways performs signature type checking on files to avoid scanning files that can never contain a virus. If it becomes necessary to scan an additional file type, you will need to contact Microsoft Customer Service and Support to obtain the proper setting for the file type you would like to add. This key is set to 0 (disabled) by default. |
CloudmarkDownloadTimeout |
Specifies the time (in seconds) that the Cloudmark scan engine will attempt to download an update before timing out. The default value is 900 (15 minutes). |
ConvertExtensionType |
When this value is set with a specified extension type (for example "txt"), all deleted attachments will be renamed with that extension. By default, this registry value is set to "txt." To disable this feature, replace "txt" with an empty string (for example ""). To specify a different extension, replace "txt" with the desired extension. The allowed maximum size of a specified extension is three characters. If you place an extension larger than three characters or if you delete the ConvertExtensionType registry value, it will default back to "txt" at the next recycling of the services. Any changes made to this registry value will take effect only after recycling the appropriate SMTP and Antigen services. |
DatabasePath |
Specifies the path under which the Antigen for SMTP Gateways configuration files and Quarantine folder reside. It defaults to the Antigen for SMTP Gateways installation path (InstalledPath). If this value is changed, the configuration files and the Quarantine folder (along with its contents) must be moved to this new location. If this value is changed and the files are not moved, Antigen for SMTP Gateways recreates them and the previous settings are lost. Move the files first and then change this value. |
DisableInboundContentFiltering |
When set to 1, this value disables inbound content filtering for the Internet Scan Job. The default value is 0. The Antigen services must be cycled for this feature to take effect. |
DisableInboundFileFiltering |
When set to 1, this value disables inbound file filtering for the Internet Scan Job. The default value is 0. The Antigen services must be cycled for this feature to take effect. |
DisableInboundVirusScanning |
When set to 1, this value disables inbound virus scanning for the Internet Scan Job. The default value is 0. |
DisableOutboundContentFiltering |
When set to 1, this value disables outbound content filtering for the Internet Scan Job. The default value is 0. The Antigen services must be cycled for this feature to take effect |
DisableOutboundFileFiltering |
When set to 1, this value disables outbound file filtering for the Internet Scan Job. The default value is 0. The Antigen services must be cycled for this feature to take effect |
DisableOutboundVirusScanning |
When set to 1, this value disables outbound virus scanning for the Internet Scan Job. The default value is 0. |
DisableSMTPVS |
By default, Antigen for SMTP Gateways scans mail on all SMTP virtual servers when the SMTP Scan Job is enabled. This value can be used to prevent Antigen for SMTP Gateways from scanning selected SMTP virtual servers. To disable scanning on selected SMTP virtual servers, create a STRING registry value named DisableSMTPVS. The STRING value must be populated with a comma-delimited list of numbers from 1 through 10 representing the virtual servers you would like Antigen for SMTP Gateways to skip during scanning. For example, if you have four virtual servers (VS1, VS2, VS3, and VS4) and only want Antigen for SMTP Gateways to scan VS1 and VS3, the STRING value would be: 2,4. Note Placing anything other than the numbers 1 through 10 in the STRING will cause unpredictable results. |
DomainDatFilename |
Specifies whether an external text file will be used to indicate your internal domains. Specify the full path of the external text file into which you have entered domains. If the DomainDatFilename registry key is not present, the Internal Address field in General Options is used. |
DoNotScanIPMReplicationMessages |
Specifies whether to scan IPM replication messages. The SMTP Scan Job scans files called Winmail.dat for viruses. These files are used for several purposes, including facilitating replication between servers (IPM replication messages). If Antigen for SMTP Gateways modifies a Winmail.dat file, the public folder replication process fails. Setting this DWORD registry key to 1 prevents the SMTP Scan Job from scanning IPM replication messages. |
EngineDownloadTimeout |
Specifies the time (in seconds) that the antivirus scan engines will attempt to download an update before timing out. The default value is 300 (5 minutes). |
HttpPort |
Specifies the port used while performing an engine update via HTTP. The default value is 80. By default, entries into the registry are hexadecimal values. This is not noticed until you enter a value that is greater than 9. If you are entering a value greater than 9, you must change the option from hexadecimal to decimal. |
HTTPUseWinInet |
Configures scan engine updating to use the WinInet API to handle MS Proxy authentication. Set the value to 1 to enable and 0 to disable use of the WinInet API. The default value is 0. |
IncidentPurge |
Sets a purge threshold for removing entries from the incidents.mdb file. To enable the incident purging feature, a new DWORD registry key called IncidentPurge must be added to the registry. The upper byte of this registry value must be set to 0001 for incident purging to be enabled. The lower byte must be set to the number of days (in hexadecimal) of the threshold limit. For example, to enable purging after 20 days, which is 14 hexadecimal, make the key 00010014. (Note that this key is similar to the QuarantinePurge registry value that is set and enabled in the Quarantine work pane.) |
InternetPurge |
Enables or disables purging by the Internet scanner. If set to 0, purging is disabled. If set to 1 (the default), purging is enabled. |
MaxCompressedSize |
This registry key works in conjunction with the General Option setting Delete Corrupted Compressed Files. In order to delete a file that exceeds the MaxCompressedSize, the Delete Corrupted Compressed Files General Option setting must be enabled. This key sets the maximum compressed file size that Antigen attempts to clean or repair in the event that it discovers an infected file. This key is set to 26 MB by default but may be changed by the administrator. Infected files or files that meet file filter rules that are larger than the allowed maximum size are deleted. Antigen reports a deleted file as having a LargeCompressedInfectedFile virus. |
MaxUncompressedFileSize |
This registry key works in conjunction with the General Option setting Delete Corrupted Compressed Files. In order to delete a file that exceeds the MaxUncompressedFileSize, the Delete Corrupted Compressed Files General Option setting must be enabled. Specifies the maximum uncompressed file size for a file within a ZIP or a RAR archive file. Files larger than the maximum permitted size are deleted and reported as Large Uncompressed File Size. The default setting is 100 MB. A restart of the Exchange services is required for any changes to this setting to take effect. The RAR archive format allows one or more compressed files to be stored in multiple RAR volumes, thereby permitting large files to be broken into smaller-size files for ease of file transfer. The files stored in the multiple part RAR volumes are subject to the size limit specified by the registry value MaxUncompressedFileSize. (The default value is 100 MB). If a file exceeds the limit, any multiple part RAR volume that contains the file, or a part of the file, is deleted. However, the outcome can vary depending on the size of the original files and how they are distributed across the multiple RAR volumes. Example 1: A single file (F1) is split across 3 RAR volumes (V1, V2, V3). Outcome: If the uncompressed size of F1 exceeds the default 100 MB limit, all 3 RAR volumes (V1, V2, V3) will be deleted. Example 2: Four files (F1, F2, F3, F4) are split across three RAR volumes (V1, V2, V3) as follows: V1 contains F1 and the first half of F2. V2 contains the second half of F2 and F3. V3 contains only F4. Outcome: If only F1 exceeds the default 100 MB limit, only V1 will be deleted. If only F2 exceeds the default 100 MB limit, V1 and V2 will be deleted but V3 will not. If only F4 exceeds the limit, only V3 will be deleted. Note that deleting a volume causes all files stored in the same volume to be deleted, even if only one file or part of a file exceeds the size limit. In both examples, deletion text specifies that a file (the RAR volume) was deleted because it exceeded the maximum uncompressed file size limit. To prevent the volumes from being deleted, you must set the registry value MaxUncompressedFileSize to a value large enough to exceed the uncompressed size of the largest file in the multiple part RAR volumes. |
MIMEDeletePartialMessages |
Some e-mail client programs, such as Microsoft Outlook Express, let you send large e-mail messages in several fragments. By default, when Antigen for SMTP Gateways scans fragmented messages (content type: message/partial), the e-mail message may be tagged as FragmentedMessage. In this case, the message body is deleted and replaced with the file filter deletion text. To prevent Antigen from deleting fragmented e-mail messages, you must create a new DWORD registry key called MIMEDeletePartialMessages and set it to a value of zero. Note Fragmented messages are not deleted when the value data is set to 0. Fragmented messages are deleted when there is no MIMEDeletePartialMessages DWORD value in the registry or when the MIMEDeletePartialMessages value data is set to 1. |
QuarantineTimeout |
Specifies whether items that cause a scan job time-out should be quarantined. If this DWORD registry value is not present or if it is present and its value is not zero, a message that causes a scan job time-out will be quarantined. If the registry value is present and its value is zero, that message will not be quarantined. |
ScanAllAttachments |
When this DWORD value is set to 1 (the default), Antigen for SMTP Gateways scans all file attachments. |
UpdateOnLoad |
When this value is set to 1, updates are scheduled for each file scanner that was installed with Antigen for SMTP Gateways after an AntigenService startup. This feature is mainly used in clustered SMTP servers. The default value is 0. |
UpdateStatusNotification |
When this key is set to 1, it enables Antigen for SMTP Gateways to send notifications to the Virus Administrator following an engine update. Antigen for SMTP Gateways will send unique notifications for a Successful Update, No Update Available, or an Error Updating. |
VirusLogEnabled |
When this key is set to 1, the log is enabled. If set to 0, the log is disabled. When enabled, all virus incidents are written to a text file VirusLog.txt under the Antigen for SMTP Gateways installation path (InstalledPath). The Virus Incident log also follows the ProgramLogMaxFile settings. |
There are also registry keys containing the scanner information that is reported on the Scanner Update Settings work pane. Although these should not be modified, you may find them useful for reporting purposes. These registry values are stored in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for SMTP\Scan Engines\engine name
| Variable | Description |
|---|---|
Engine Version |
Indicates the current version of engine name, as specified in the Antigen Administrator. |
Last Checked |
Indicates the date and time engine name was last checked, as specified in the Antigen Administrator. |
Last Updated |
Indicates the date and time engine name was last updated, as specified in the Antigen Administrator. |
Signature Version |
Indicates the current version of the engine name signature file, as specified in the Antigen Administrator. |
Update Version |
Indicates the current update of engine name, as specified in the Antigen Administrator. |