using antigen 9 for exchange - "allowed senders" options grayed out for real time scan job
- Hi
we are using antigen 9, and want to exclude certain senders from realtime scanning. we have created a test list, and populated it with addresses. the list appears as expected in the filtering options for the smtp scan job, but does not appear in the bottom left pane for the realtime scan job. all options in the righthand bottom pane are therefore grayed out.
全部回复
Hi Ishmael,
Interesting scenario, but I'm afraid what you are seeing is expected behaviour in Antigen 9. “Allowed Senders” is a feature that is only available on the SMTP scanjob.As a workaround, e.g. to allow an external sender to send any file inbound, move all File Filters to the SMTP scanjob. At the SMTP level, the Allowed Senders feature can then be enabled for specific users, as you know. As there won’t then be any file filters at the Realtime level, Antigen won’t perform any file filtering there and the Allowed Sender’s file should get through ok.
A word of warning: it’s quite easy for a spammer or virus writer to spoof a sender address, so beware that some unwanted mail may bypass Antigen. That said, the Allowed Senders feature cannot bypass virus scanning, so all mail will always be virus-scanned. A safer alternative to Allowed Senders is Allowed Mailhosts, which is more difficult to spoof. The problem in enabling Allowed Mailhosts is that all mail from the mailhost will be exempt from file filtering etc – not just from one user.Another workaround (for attachments), would be to get the user to send files inside a password-protected archive file (e.g. zip, rar). This file cannot be scanned by Antigen (not at the SMTP or Realtime levels), since Antigen will not bypass the password security on the file. It will be deleted by Antigen only if the ‘Delete Encrypted Compressed Files’ General Option is enabled (go to SETTINGS>General Options to disable this).
Kind Regards, Andy Day | CSS Security, Sr. Support Engineer (Antigen/Forefront Server Security)
