General Options
Applies to: Microsoft Antigen
General Options, which is accessed from the SETTINGS shuttle of the Antigen Administrator, provides access to a variety of system-level settings for Antigen for Exchange. This eliminates the need to directly access the registry to change the settings.
Although there are many options that can be controlled through the General Options pane, each of them has a default setting (Enabled, Disabled, or a value) that is probably the correct one for your enterprise. These settings rarely need to be changed.
General Options - Important Settings
You should pay particular attention to these settings:
Critical Notification List |
If Antigen stops working on the server, or if there is a serious issue with scanning, Antigen will send a notification that is vital to maintaining a stable and secure environment. |
Send Update Notification |
Whenever a server attempts to download and update a scan engine, it is a best practice to send a notification. Although this will generate multiple e-mails each hour from each server, it is an effective way of tracking current processes. If a scan engine fails to update, it is easy to identify the cause and take the appropriate action. A simple rule can be set up in Microsoft® Office Outlook® to manage the volume of notifications. |
Body Scanning – Realtime |
Antigen can scan the actual message body for embedded viruses. Because message body scanning is performance-intensive, it is disabled by default in the Realtime Scan Job. Usually, the best practice is to keep it disabled for Realtime, except during a virus outbreak that might involve a message body virus. Message body scanning is always enabled for the SMTP Scan Job. |
Delete Corrupted Compressed Files |
You should select this option because Antigen cannot parse the file. |
Delete Corrupted Uuencode Files |
You should select this option because Antigen cannot parse the file. |
Delete Encrypted Compressed Files |
You should select this option because encrypted files cannot be scanned by antivirus scan engines. |
Scan Doc Files - Manual |
You should select this option because viruses and worms can be embedded in container files (such as .doc, .xls, .ppt, and .shs). You should also enable the equivalent setting for the Internet and Realtime scan jobs. |
Scan on Scanner Update |
It is recommended that you turn on this option during an outbreak scenario, so that e-mail will be rescanned each time an engine is updated. You will achieve the best protection because scanning is always done with the latest signatures. When the outbreak passes, turn this option off again, because it can negatively affect system performance. |
Realtime Process Count |
To enhance performance, Antigen allows additional processes to be created for the Realtime Scan Job. If the first process is busy scanning a file, the second process begins to scan, and so on. By changing this value, the number of processes can be increased up to ten. The Antigen Service must be recycled for the change to take effect. However, be cautious when increasing the number of processes, because each additional process consumes more server resources. It is best to add processes one at a time, and evaluate the performance at each step. It is recommended that you set the number of processes to twice the number of effective processors on the server. For example, a two-processor server or a single processor dual core server should have the Realtime Process Count set to four (the default). If the server contains two processors, each of which is dual core, the recommended setting is eight. These same guidelines apply to the Internet Process Count. |
Deliver From Quarantine Security |
Although the default value of Secure Mode is more secure than the other parameter option, Compatibility Mode, Secure Mode can involve considerable administrative overhead. For example, if you have a quarantined file that needs to be released, you must stop the file filter completely before you can release it, and then go back and enable the filter again. Therefore, you may find that Compatibility Mode is more suitable. |
Max Container File Size |
It is recommended that you change this value to match your e-mail policy concerning the largest allowable file attachment size. If a filter match or a virus is detected, attachments larger than this value will automatically be deleted. By default, this setting is 26,214,400 bytes. |
Internal Address |
Antigen can be configured to send different notifications to internal and external senders and recipients. If your list of internal names is small, enter the domain names in the Internal Address field to indicate who should be sent internal notifications. Domains should be entered as a semicolon-delimited list (for example, microsoft.com;microsoft.net; When entering a domain name in the Internal Address field, be aware that subdomains are covered by the entry. For example, domain.com will include subdomain.domain.com and subdomain2.domain.com. Alternate domains, such as domain.net or domain.org, must be entered individually. If you have a large number of domains to be used as internal addresses, you can enter them in an external text file (leaving the Internal Address field blank). Enter all of your internal domains, each on a separate line. Be aware that all subdomains must be entered individually. To use the external file, you must manually create the registry key DomainDatFilename and set its value to the full path of the external text file. For more about this key, see the Microsoft Antigen for Exchange User Guide at the Microsoft Antigen TechNet Library. |
Enable Background Scan if 'Scan On Scanner Update' Enabled |
Initiates a background scan every time a scan engine is updated, if the General Option setting Scan on Scanner Update is enabled. This setting can be left enabled, even when Scan on Scanner Update is disabled. Background Scanning applies only to Mailbox servers that have Antigen installed. |