Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

INFO: What Virus and Malware Scanners are supported by ECM/MailMarshal Exchange?

Expand / Collapse


This article applies to:

  • Trustwave ECM/MailMarshal Exchange

Question:

What Virus Scanners and Malware Scanners are supported by MailMarshal Exchange?

Information:

This article discusses the virus scanning products that have been tested and proven to work with ECM/MailMarshal Exchange. Also listed are some scanners that ECM does not support.

There are several different methods by which ECM integrates with third party antivirus products. Those utilizing the DLL Interface have an increased level of performance over those utilizing a command line executable. Interface method is listed next to product name.

Important note: For all virus scanners, ensure the ECM working directories are excluded from any resident or on-access file monitoring. This includes the unpacking and quarantine directories. See the User Guide and Release Notes for your product version.

Supported Scanners

The following anti-virus scanners are supported in MailMarshal Exchange:

  • Bitdefender for Marshal (includes updater)
  • McAfee for Marshal (Includes updater; supports cleaning)
  • Sophos for Marshal (MailMarshal Exchange 5.2 and above. Includes updater; supports cleaning)
  • Sophos Anti-Virus (MMSAVI.DLL)
  • Symantec AntiVirus Scan Engine (Supports remote installation and cleaning)
  • CA Anti-Virus (Previously called InoculateIT or eTrust EZAntiVirus)
  • McAfee Command Line Scanner
  • NOD32 Command Line
  • Vet NT 10.x  (Not supported in 7.X)
  • Network Associates Netshield (Not supported in 7.X)

Note that Norman scanning products are NO LONGER supported (they are discontinued by the developer).

Please refer to the "Configuring Virus Scanners" topic in Help, or the "Virus Scanners" items in the MailMarshal Exchange User Guide for further information.

Scanner Details

Bitdefender for Marshal (DLL interface)

Trustwave ECM 7.2 and above supports an integrated Bitdefender scanner and configurable automatic updater, making it easier for administrators to have up-to-the-minute protection.

After installing Bitdefender for Marshal, simply choose the Bitdefender for Marshal option in the Configurator - there is no need to specify any parameters. 

McAfee for Marshal (DLL interface)

MailMarshal Exchange 5.0 and above supports an integrated McAfee virus scanner, which utilizes the McAfee engine. It also features configurable automatic updating of the latest virus signature files, making it easier for administrators to have up-to-the-minute protection.

Note: With the retirement of the McAfee engine 4.4 effective January 2007, McAfee for Marshal is not supported for use with MailMarshal Exchange 4.x

After installing McAfee for Marshal, simply choose the McAfee for Marshal option in the Configurator - there is no need to specify any parameters.

Further installation information for McAfee for Marshal is available in Trustwave Knowledgebase article Q10382.

Sophos for Marshal (DLL interface)

MailMarshal Exchange 5.2 and above supports an integrated Sophos scanner and configurable automatic updater, making it easier for administrators to have up-to-the-minute protection.

After installing Sophos for Marshal, simply choose the Sophos for Marshal option in the Configurator - there is no need to specify any parameters.

Sophos Anti-Virus (DLL interface)

When installing, either disable the Intercheck service (resident scanner) or apply file exclusions for the MailMarshal directories.

After installing Sophos, simply choose the 'Sophos AntiVirus (SAVI2 Interface)' option in the Configurator - there is no need to specify any parameters.

Further installation information for 'Sophos Antivirus' is available in Q10387 and Trustwave recommends that you also read Q10219 about 'Updating Sophos IDE Files Automatically'.

Network Associates/McAfee (command line)

McAfee Command Line Scanner.
The command line scanner is a full 32 bit scanner (scan.exe) and is usually supplied along with other Network Associates products, including NetShield.  If you have installed Netshield, you will find scan.exe in Program Files | Common Files | Network Associates | VirusScan Engine.  If you have the product licensing and customer information for a legitimate copy of the software, you can go to the Network Associates web site and download the latest command line scanner. The command line scanner (scan.exe) is preferred to the GUI product (scan32.exe) in the MailMarshal environment as it is effective, simple, reliable, and quick.  Use the following string in the parameters field:

/ALL /SUB /NOEXPIRE /ANALYZE /SECURE /NOBEEP "%CmdFileName%"

Note: VirusScan Enterprise 8.5i does not include Scan.exe. Licensed users of this product may be able to download a compatible version of Scan.exe from McAfee (by logging in using the Grant Number). The new command line scanner csscan.exe CANNOT be used with MailMarshal because this scanner application does not return a code indicating virus found.

Network Associates NetShield.
This is the full GUI version of McAfee's virus scanning product, and utilises the scan32.exe file. It can be run silently in the background using command line arguments, although it does tend to be slower than the true command line scanner (scan.exe).  Some customers prefer this version as you can configure it to perform automatic updates. When installing Netshield, be careful to immediately update your dat files - if they are more than three months out of date McAfee will try to pop up a GUI warning message. This causes all messages to time out and get "deadlettered".  Folder exclusions are set via an Exclusions tab in Scan Properties.  Use the following string in the parameters field:

/NOBOOT /NOMEM /AUTOSCAN /NOSPLASH /ALWAYSEXIT /ALL /UINONE
/SECURE /SUB "%CmdFileName%"

Note: With VirusScan Enterprise 7.x, the functionality of the scan32.exe application has been more tightly integrated, preventing it from being used by other applications. Please use the McAfee Command Line Scanner (scan.exe) with the MailMarshal product, if an upgrade to this version of McAfee is planned.

Vet Anti-Virus (command line)

Note: Vet is no longer available from the vendor, and cannot be selected in the latest MailMarshal interfaces. Trustwave strongly recommends you use a currently maintained scanner.

When installing, you must disable Resident Scanning, as there is no way to exclude MailMarshal's directories.

Further installation information for 'Vet Anti-Virus' is available in Q10391.

NOD32 (command line)

There are two parts to this product:

  1. NOD32, which is the scanning engine and command line components
  2. AMON, which is for the on access/demand scanning and scheduling scans.

NOD can also output its results to a log file that can either be set to be appended to or over written.  If you use the overwrite option you can attach this file to the MailMarshal Virus warning e-mail. This will inform the user as to what virus they have.  Use these parameters for nod32.exe:

/quit+ /sound- /scanmem- /scanmbr- "%CmdFileName%"

For information about the updated command line parameters and executable in Nod32 version 3 and above, see Q12706.

 

Symantec (DLL interface)

Symantec integration is available from MailMarshal Exchange 5.0 onwards.

Symantec AntiVirus Scan Engine (formerly CarrierScan Server) is the only product from Symantec/Norton currently integrating with MailMarshal. MailMarshal provides a DLL interface to this scanner. The Symantec AntiVirus Scan Engine is not in the standard line of products such as Norton Anti-Virus. If you do not have these specific products please contact your Symantec/Norton Reseller.

After installing Symantec AntiVirus Scan Engine, simply choose the 'Symantec AntiVirus Scan Engine (CarrierScan)' option in the Configurator - there is a requirement to insert the server name in the parameters field.

Note: A common misconception is that MailMarshal supports Norton AV Corporate Edition.  It does not.  Please review the following KB article:

  • Q10759: The Symantec Scan Engine 5.0 will not install in MailMarshal, MailMarshal Exchange or WebMarshal.
  • Q10054: Does MailMarshal integrate with Norton AV Corporate edition?

CA Anti-Virus (command line) (Previously called Inoculate or eTrust (TM) EZAntiVirus )

After installing CA Anti-Virus, simply choose it from Configurator. There is a requirement to specify the scanner application directory.

For further installation information for CA Anti-virus please see Q11603.

 

Notes

The above list is not exhaustive and with a bit of experimentation, other alternatives to command line scanners may be used.

Anti-Virus Scanners not currently supported by ECM/MailMarshal Exchange

Below are listed scanners that do not currently work as a configured scanner under MailMarshal. However, in most cases, MailMarshal will happily function alongside these scanners in a network.

  • Norman (Norman Endpoint Protection or Norman Virus Control, MMNorman.DLL)
    • This product has been discontinued by the developer, Norman Shark.
    • Definition updates and critical product updates are no longer guaranteed after December 31, 2014.
  • McAfee
    csscan.exe command line scanner as provided with McAfee 8.5i is not supported (it does not return a code indicating virus found).
  • Norton
    Norton Anti-Virus enterprise or corporate editions are not supported.
  • Kaspersky
    The Kaspersky for Marshal plug-in is no longer supported.
  • Panda Anti-Virus
    Not currently Supported
  • F-Secure
    Not Currently Supported
  • Counterspy for Marshal
    This product has been discontinued. Current versions of other integrated scanners provide equivalent protection.
  • PestPatrol for Marshal
    This product has been discontinued. Current versions of other integrated scanners provide equivalent protection.

 

This article was previously published as:
NETIQKB46254

To contact Trustwave about this article or to request support:


Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.