My Bitdefender
  • 0 Shopping Cart

How to configure the Antivirus module of the Bitdefender Security for Exchange

Bitdefender Security for Exchange safeguards your organizations critical messaging services to protect against email-borne viruses, spyware and spam. Iintegrating seamlessly with Microsoft® Exchange Server, Bitdefender Security for Exchange combines malware protection, antispam, antiphishing, and content filtering technologies to increase productivity and ensure the overall integrity of your email platforms.

RealTime Protection

Click Antivirus in the tree menu to enter this section.

This is where you can enable real-time protection and configure advanced antivirus settings.

If you want the real-time antivirus protection to be enabled, select Enable real-time antivirus scanning. Otherwise, clear the check box. Click Apply to save the changes.

Click Advanced to open the configuration window of the advanced antivirus settings.

Antivirus Advanced Settings

In this window you can enable/disable Edge/Hub Transport scanning, configure mailbox (VSAPI) scanning settings, as well as set the number of scanning threads, scanning instances and the maximum archive depth to scan.

         Б≈▐  Enable Edge / Hub Transport scanning - to enable SMTP-level antivirus scanning. This type of scanning is only available for the Exchange servers installed with the Edge Transport or Hub Transport role.

         Б≈▐  Enable mailbox (VSAPI) scanning - to enable the VSAPI-based antivirus scanning. This type of scanning is available only for the Exchange servers installed with the Mailbox role. You can select:

 

            -  Do not scan outgoing mail if they are scanned at Exchange Transport level - to skip the VSAPI-based antivirus scanning of outgoing e-mails. You should not select this option if no antivirus scanning is available on the Exchange server installed with the Edge Transport or Hub Transport role.

 

            -  Enable proactive scanning - to enable proactive scanning.

 

Proactive scanning allows scanning messages before they are actually accessed. When a message is submitted to the Store, it is placed in the global scanning queue and assigned a low priority. If and when threads are available in the thread pool and no high priority message remains to be scanned, each message in the global scanning queue is submitted for scanning. On the other hand, if a message in the global scanning queue is requested by a client, it is assigned a high priority and it is removed from the low priority list.


Proactive scanning optimizes the overall scanning process because the messages having undergone proactive scanning are not scanned again when accessed (unless the virus stamp has changed in the meantime).

 

            -  Enable background scanning - to enable background scanning.

 

The purpose of background scanning is to scan all messages stored in the Exchange databases (mailboxes and public folders). When an object having been checked through background scanning is requested, it will not be scanned again unless a virus signature update has been performed in the meantime. Although background scanning is performed at low priority, the process takes up system resources because databases are re-scanned after each update and updates are performed often. When it is enabled, additional background scanning options can be configured by clicking the Advanced button.

In order to configure the antivirus scanning options of all of the mail traffic, go to the SMTP Policies section and configure the default rule. You can create different SMTP scanning policies, based on user groups, for Edge Transport or Hub Transport servers. For Exchange servers installed with the Mailbox role, you can configure the default real-time VSAPI scanning policy by going to the VSAPI Policies section.

 

            -  Number of scanning threads
            -  Maximum archive depth to scan
            -  Add footer to incoming / outgoing scanned e-mails

 

To set the number of scanning instances, click the Scanning Instances tab. Based on the system configuration and on the number of Bitdefender products you have chosen to install, Bitdefender computes an optimal number of scanning instances.
Though not recommended, you may change this value for systems with powerful multicore CPUs to speed up scanning.

 

SMTP Policies

Click Antivirus in the tree menu and then the SMTP Policies tab to enter this section.

 


This is where you can configure the rules of the real-time antivirus scanning at the SMTP level. This section is available only for Exchange servers installed with the Edge Transport or Hub Transport role.

 

You can see all the existing rules listed in the table. For each rule, the following information is provided: priority, the name and the groups of senders and recipients it applies to. The rules are listed by order of priority with the first rule counting as the highest priority. Messages are checked against each rule, by order of priority, until a message matches a rule. The message is then processed according to the antivirus scanning options specified by that rule.

 

         Б≈▐  Default Rule. There is one rule created by default that manages the global settings for real-time antivirus scanning at SMTP level.

 

         Б≈▐  Group Filtering Policies. In this way you can create customized filtering rules for the mail traffic between certain groups of users. To create a rule, choose one of these methods:

 

            -  copy an existing rule and click Properties to modify it.
            -  click New Rule and configure the new rule.

 

In both cases, a new window will appear. Next, you must configure or modify the rule.

 

To configure a rule follow these steps:

 

         1.  Provide the general data


The following options are available:

            -  Enable / disable the rule.
            -  Enter the rule name and, optionally, the rule description.
            -  Select what type of mail traffic this rule applies to: incoming, outgoing or both.

 

        2.  Select Senders Groups
Click the From tab and select the groups of senders the rule applies to.

 

 

Antivirus Rule

 


In this window, you can select:

All
The rule applies to all senders, regardless of the group they belong to.

 

Selected
The rule applies only to senders from the selected groups.


You can choose which headers are checked when filtering traffic from the menu
on the top-right corner of the window.

        

         Б≈▐  E-mail headers - check the message headers.
         Б≈▐  Connection headers - check the SMTP connection headers.

 

The groups you want the rule to apply to can be selected from the list. Click Select All to select all groups. If you click Clear All no group will be selected. If necessary, you can create a new group by clicking New and configuring it. The
new group will appear in the Groups section.


To configure an existing group or to see its parameters, select it and click Details.


         3.  Select Recipients Groups
Click the To tab and select the groups of recipients the rule applies to.

 

 

Antivirus Rule

 

 

In this window, you can select:

All

The rule applies to all recipients, regardless of the group they belong to.

 

Selected

The rule applies only to recipients from the selected groups.

 

You can choose which headers are checked when filtering traffic from the menu
on the top-right corner of the window.

 

         Б≈▐  E-mail headers - check the message headers.
         Б≈▐  Connection headers - check the SMTP connection headers.

 

The groups you want the rule to apply to can be selected from the list. Click Select All to select all groups. If you click Clear All no group will be selected. If necessary, you can create a new group by clicking New and configuring it. The
new group will appear in the Groups section. To configure an existing group or to see its parameters, select it and click Details.

 

         4.  Configure Scan Options


Antivirus Rule

If you do not want the messages to be scanned for malware, select Do not scan. Then, click OK to save the changes and close the configuration window. If you select Scan, the messages will be scanned for malware using the settings
configured for this policy. You can specify:

            -  Attachment extensions to be scanned - select one of the following options in
order to scan attachments depending on their extension.
            -  Scan all extensions
            -  Scan only application extensions
            -  Scan custom extensions
            -  Scan all except specific extensions

            -  Maximum mail body / attachment size to be scanned

 

         5.  Set Actions

Click the Actions tab and specify the actions to be taken on infected and suspect objects.

 

 

Antivirus Rule

 


There is a list of actions that can be applied to each category of detected objects (infected or suspect). When such an object is detected, the first action in the corresponding list is applied.

 

         a.  Actions for infected objects.

 

            -  Disinfect
            -  Move to Quarantine
            -  Delete object
            -  Reject / Delete e-mail
            -  Replace object
            -  Ignore

 

        b.  Actions for suspect objects.

 

            -  Move to Quarantine
            -  Delete object
            -  Reject / Delete e-mail
            -  Replace object
            -  Ignore

 

Objects that are deleted or moved to quarantine are replaced with a text. Also, by default, when a message matches the conditions of a rule, it is no longer checked against any other rules. If you want Bitdefender to continue processing rules, clear the check box If the rule conditions are matched, stop processing more rules.

 

         6. Configure Notifications

Click the Notifications tab and specify whether to issue notifications or not when infected messages are detected or files cannot be scanned. Select the events for which to issue notifications:
 

            -  Infected file detected - when an infected file was detected.
            -  File not scanned - when a file could not be scanned.

 

VSAPI Policies

This section is available only for Exchange servers installed with the Mailbox role.
Click Antivirus in the tree menu and then the VSAPI Policies tab to enter this section. This section is available only for Exchange servers installed with the Mailbox role.There is one rule created by default that allows you to configure VSAPI scanning. You can neither copy, delete nor disable this rule.

 

 

 

 

         1.  Provide General Data
Enter the rule name and, optionally, the rule description.

 

         2.  Configure Scan Options
The messages will be scanned for malware using the settings configured for this policy. You can specify:
            -  Attachment extensions to be scanned
            -  Maximum mail body / attachment size to be scanned


        3.  Set Actions
Click the Actions tab and specify the actions to be taken on infected and suspect objects.


Antivirus Rule

Different actions can be configured for the infected and suspect objects detected by Bitdefender. There is a list of actions that can be applied to each category of detected objects (infected or suspect).
            -  Actions for infected objects.
            -  Actions for suspect objects.
Objects that are deleted or moved to quarantine are replaced with a text.

         4.  Configure Notifications
Click the Notifications tab and specify whether to issue notifications or not when infected messages are detected or files cannot be scanned. Select the events for which to issue notifications:

            -  Infected file detected - when an infected file was detected.

            -  File not scanned - when a file could not be scanned.


On-demand Scanning


Bitdefender can scan the Exchange databases (mailboxes and public folders) for viruses and spyware on-demand. To configure and initiate on-demand scanning processes, click Antivirus in the tree menu and then the On-demand tab.

 


In order to perform an on-demand scan, you must configure the scan settings and then click Scan. You can stop the scan process anytime you want by clicking Cancel. Only one on-demand scan can be run at a time. Please note that on-demand scanning increases resource consumption.

 

You should not set Bitdefender to scan the Exchange databases when the server workload is at a high level.

 

Configuring Scan Settings

Specify the scan target and other scan settings.


Select Scan Target

 

Select the check boxes corresponding to the items (groups, mailboxes and public folders) you want to be scanned. If you want to scan all the Exchange databases (mailboxes and public folders), just click Select All.


         1.  Set Advanced Settings

To set advanced scan settings click Advanced. A new window will appear. If you do not want to scan messages that exceed a certain size limit, select Maximum e-mail message size to be scanned and provide the size limit in the corresponding field.

 

 

On-demand Scanning Advanced Settings

 

 

         2.  Set Actions

Click the Actions tab and specify the actions to be taken on infected and suspect objects.

 

         a.  Actions for infected objects.

 

            -  Disinfect
            -  Move to Quarantine
            -  Delete object
            -  Reject / Delete e-mail
            -  Replace object
            -  Ignore

 

         b.  Actions for suspect objects.

 

            -  Move to Quarantine

            -  Delete object
            -  Reject / Delete e-mail
            -  Replace object
            -  Ignore

 

 

         3.  Configure Notifications

Click the Notifications tab and configure the notifications issued for the on-demand scan.


Antivirus on-demand scanning

         4.  Log Scanning

Select Log start/end of on-demand scanning to record the start and the end of the
on-demand scanning in the log file.

 

         5.  Configure Report Settings

Select Generate scan report to generate a report for the on-demand scan. By default, the report file is saved in: C:\Program Files\Bitdefender\Bitdefender Security for Exchange\Reports. To change this location click Change location.

The report can be generated in HTML or CSV format. You can choose the format of the report file from the menu.

 

Click OK to save the changes and close the configuration window.