What Virus Scanners are supported by MailMarshal?


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • What Virus Scanners are supported by MaiMarshal?

Information:

This article discusses the virus or malware scanning products that have been tested and proven to work with Trustwave MailMarshal (SEG). Also listed at the end of the article are some scanners that MailMarshal does not support.

There are two methods by which MailMarshal integrates with third party antivirus products. Scanners utilizing the DLL Interface have a greatly improved throughput compared to those utilizing a command line executable (roughly 10 times faster). Interface method is listed next to the product names listed in this article.

  • NOTE: Sophos for Marshal is included in all MailMarshal licenses. The primary reason for use of command line scanners was reduced cost, and this reason no longer applies. 

"Cleaning" of viruses has been removed in MailMarshal 8.2 and above. For details, see article Q21054.

Important note: For all virus scanners, ensure the MailMarshal working directories are excluded from any resident or on-access file monitoring or backups. This includes the Unpacking and quarantine directories. For more information on this and other facts regarding using anti-virus scanners, refer to Trustwave Knowledgebase article Q10369.

Scanners supported in current supported versions of MailMarshal

  • Sophos for Marshal (DLL) - Included in all MailMarshal licenses
  • Bitdefender for Marshal (DLL) 
  • McAfee for Marshal  (DLL)
  • CA Anti-Virus (Command Line) (Previously called InoculateIT or eTrust EZAntiVirus)
  • McAfee Command Line Scanner (scan.exe)
  • NOD32 Anti-Virus (Command Line)

For further information about configuring scanners, refer to the "Configuring Virus Scanners" topic in Help, or the "Stopping Viruses" topic in the MailMarshal User Guide.

Bitdefender for Marshal (DLL interface)

An integrated Bitdefender virus scanner, licensed through Trustwave, which utilizes the Bitdefender engine. It also features configurable automatic updating of the latest virus signature files, making it easier for administrators to have up-to-the-minute protection.

  • Licensing: Trial license keys support this scanner. Customers with full keys can contact Trustwave for a special time limited trial.
  • After installing Bitdefender for Marshal ensure that signature updates are complete and then simply choose the 'Bitdefender for Marshal' option in the Configurator or Management Console - there is no need to specify any parameters.
  • For more information see the Bitdefender for Marshal Release Notes.

    McAfee for Marshal (DLL interface)

    An integrated McAfee virus scanner, licensed through Trustwave, which utilizes the McAfee engine. It also features configurable automatic updating of the latest virus signature files, making it easier for administrators to have up-to-the-minute protection.

    • Licensing: Trial license keys support this scanner. Customers with full keys can contact Trustwave for a special time limited trial.
    • After installing McAfee for Marshal, simply choose the 'Marshal Integrated McAfee Antivirus' or 'McAfee for Marshal' option in the Configurator or Management Console - there is no need to specify any parameters.
    • Further installation information for McAfee for Marshal is available in Q10382.

    Sophos for Marshal (DLL interface)

    An integrated Sophos virus scanner, licensed through Trustwave, which utilizes the Sophos engine. It also features configurable automatic updating of the latest virus signature files, making it easier for administrators to have up-to-the-minute protection.

    • Licensing: Trial license keys support this scanner. All customer licenses include this scanner.
    • After installing Sophos for Marshal, simply choose the 'Sophos for Marshal' option in the Configurator or Management Console - there is no need to specify any parameters.
    • For more information see the Sophos for Marshal Release Notes. 

    McAfee (command line)

    The command line scanner is a full 32 bit scanner (scan.exe) and is usually supplied along with other Network Associates products, including NetShield.  If you have installed Netshield, you will find scan.exe in Program Files | Common Files | Network Associates | VirusScan Engine.  If you have the product licensing and customer information for a legitimate copy of the software, you can go to the Network Associates web site and download the latest command line scanner. The command line scanner (scan.exe) is preferred to the GUI product (scan32.exe) in the MailMarshal environment as it is effective, simple, reliable, and quick.  Use the following string in the parameters field:

    /ALL /SUB /NOEXPIRE /ANALYZE /SECURE /NOBEEP "%CmdFileName%"

    Note: VirusScan Enterprise 8.5i does not include Scan.exe. Licensed users of this product may be able to download a compatible version of Scan.exe from McAfee (by logging in using the Grant Number). csscan.exe CANNOT be used with MailMarshal because this scanner application does not return a code indicating virus found.

     

    CA Anti-Virus (command line) 

    (Previously called InoculateIT or EZAntiVirus)

    After installing CA Anti-Virus, simply choose it from the Configurator or Management Console. There is a requirement to specify the scanner application directory.

    For further installation information for CA Anti-virus please see Q11603.

    NOD32 (command line)

    There are two parts to this product:

    1. NOD32, which is the scanning engine and command line components
    2. AMON, which is for the on access/demand scanning and scheduling scans.

    NOD can also output its results to a log file that can either be set to be appended to or over written.  If you use the overwrite option you can attach this file to the MailMarshal Virus warning e-mail. This will inform the user as to what virus they have.  Use these parameters for nod32.exe:

    /quit+ /sound- /scanmem- /scanmbr- "%CmdFileName%"

    For information about the updated command line parameters and executable in Nod32 version 3 and above, see Q12706.

    Notes:

    Using other command line scanners not on this list

    The list of command line scanners is not exhaustive. With a bit of experimentation, other alternatives may be used.  Please refer to Q10369 for more information. Command line scanning is only suitable for smaller installations.

    • NOTE: Sophos for Marshal is included in all MailMarshal licenses. The primary reason for use of command line scanners was reduced cost, and this reason no longer applies. 

    Anti-Virus Scanners not currently supported by MailMarshal

    Below are scanners that do not currently work as a configured scanner under MailMarshal. MailMarshal will happily function alongside these scanners when they are installed on the local server or the network, with appropriate scanning exclusions.

    • Authentium Comman AV
      Not currently supported.
    • F-Secure
      Not currently supported.
    • Kaspersky
      The Kaspersky for Marshal plugin is no longer supported. 
    • McAfee
      csscan.exe command line scanner as provided with McAfee 8.5i is not supported (it does not return a code indicating virus found).
      scan32 (NetShield GUI) is not supported as a command line scanner.
    • Norman Endpoint Protection/Norman Virus Control
      This product has been discontinued by the developer, Norman Shark.
    • Norton
      Norton Anti-Virus enterprise or corporate editions are not supported.
    • Panda Antivirus
      Not currently supported.
    • Sophos Anti-Virus (SAVI Interface)
      Sophos for Marshal provides the same functionality and is included in licensing.
    • Symantec AntiVirus Scan Engine  
    • Trend Micro
      Not currently supported.
    • Vet Anti-Virus
      Not currently supported.

    This article was previously published as:
    NETIQKB29746
    Marshal KB183

    Last Modified 4/1/2020.
    https://support.trustwave.com/kb/KnowledgebaseArticle10923.aspx