Accedi
Microsoft.com
 
Risorse per professionisti IT
 
 
 
Risorse per professionisti IT > Home page del forum > Antigen > using antigen 9 for exchange - "allowed senders" options grayed out for real time scan job
Formula una domandaFormula una domanda
Cerca nei forum:
 

Domandausing antigen 9 for exchange - "allowed senders" options grayed out for real time scan job

  • giovedì 2 luglio 2009 10.27ishmael.whale Medaglie utenteMedaglie utenteMedaglie utenteMedaglie utenteMedaglie utente
     
    Registrati per votare
    0
    Registrati per votare
    Hi
    we are using antigen 9, and want to exclude certain senders from realtime scanning. we have created a test list, and populated it with addresses. the list appears as expected in the filtering options for the smtp scan job, but does not appear in the bottom left pane for the realtime scan job. all options in the righthand bottom pane are therefore grayed out.
     

Tutte le risposte

  • mercoledì 15 luglio 2009 14.19Andy S. Day Medaglie utenteMedaglie utenteMedaglie utenteMedaglie utenteMedaglie utente
     
    Registrati per votare
    0
    Registrati per votare

    Hi Ishmael,

    Interesting scenario, but I'm afraid what you are seeing is expected behaviour in Antigen 9. “Allowed Senders” is a feature that is only available on the SMTP scanjob.

    As a workaround, e.g. to allow an external sender to send any file inbound, move all File Filters to the SMTP scanjob. At the SMTP level, the Allowed Senders feature can then be enabled for specific users, as you know. As there won’t then be any file filters at the Realtime level, Antigen won’t perform any file filtering there and the Allowed Sender’s file should get through ok.
    A word of warning: it’s quite easy for a spammer or virus writer to spoof a sender address, so beware that some unwanted mail may bypass Antigen. That said, the Allowed Senders feature cannot bypass virus scanning, so all mail will always be virus-scanned. A safer alternative to Allowed Senders is Allowed Mailhosts, which is more difficult to spoof. The problem in enabling Allowed Mailhosts is that all mail from the mailhost will be exempt from file filtering etc – not just from one user.

    Another workaround (for attachments), would be to get the user to send files inside a password-protected archive file (e.g. zip, rar). This file cannot be scanned by Antigen (not at the SMTP or Realtime levels), since Antigen will not bypass the password security on the file. It will be deleted by Antigen only if the ‘Delete Encrypted Compressed Files’ General Option is enabled (go to SETTINGS>General Options to disable this).

    Kind Regards, Andy Day | CSS Security, Sr. Support Engineer (Antigen/Forefront Server Security)