This topic describes how to enable and configure virus filtering on your Forefront TMG server. Forefront TMG provides edge protection that removes these threats before they can enter an organization’s infrastructure.
This topic describes:
- Scanning with
- Configuring the
intelligent engine selection policy
- Configuring virus
filtering on your server
Before you configure virus filtering, make sure you complete the following:
- Install the Exchange Edge Transport server
role and Forefront Protection 2010 for Exchange Server (FPES)on
each Forefront TMG server in the array, as described in Installing prerequisites
for e-mail protection.
- Create the initial SMTP routes using the
E-Mail Policy Wizard, as described in Configuring SMTP
- Enable virus filtering, either by using the
E-Mail Policy Wizard, or by clicking Enable Virus
Filtering from the Tasks pane of the Virus and
Content Filtering tab.
Scanning with multiple engines
Forefront TMG lets you employ multiple scan engines (up to five) to detect and clean viruses from e-mail attachments. Multiple engines provide extra security by enabling you to draw upon the expertise of various virus labs to keep your environments virus-free; a virus might slip by one engine, but it's unlikely to get past three.
Configuring the intelligent engine selection policy
The intelligent engine selection policy setting controls how many of the selected engines should be used in order to provide you with an acceptable probability that your system is protected (because there is a trade-off between virtual certainty and system performance). The more engines you use, the greater the probability that all viruses will be caught. However, the more engines you use, the greater is the impact on your system's performance.
Configuring virus filtering on your server
To configure virus filtering
In the Forefront TMG Management console, in the tree, click the E-Mail Policy node.
In the details pane, click the Virus and Content Filtering tab, and under Virus Filtering, click Enabled.
On the General tab of the Antivirus Configuration dialog, verify that Status is set to Enabled.
On the Engines tab, select an engine management method:
- Use automatic engine management
- Manually enable up to 5 engines—If you
select this option, you must enable at least one antivirus
- Use automatic engine management
Also on the Engines tab, configure the following Intelligent Engine Selection Policy options:
- Always scan with all selected
engines—Queues scanning if any selected engine becomes busy,
such as during signature updates.
- Scan with the subset of selected engines
that are available—Scans with all selected engines that are
available. Scans continue with the available engines when one of
the selected engines is being updated.
- Scan with a dynamically chosen subset of
the selected engines—Heuristically chooses from the selected
engines, based on recent results and statistical projections. On
average, half of the selected engines are used in scanning any
- Scan with only one of the selected
engines—Heuristically chooses from the selected engines, based
on recent results and statistical projections. Only one of the
selected engines is used in scanning any single object.
- Always scan with all selected engines—Queues scanning if any selected engine becomes busy, such as during signature updates.
On the Remediation tab, select the action to take when a virus is detected in an e-mail attachment.
- Skip (detect only)—Makes no attempt to
clean or delete. Viruses are reported, but the files remain
- Clean (repair attachment)—Attempts to
clean the virus. If the attempt is successful, the infected
attachment or message body is replaced with the clean version. If
cleaning is not possible, the attachment or message body is
replaced with the deletion text. This is the default setting for
each antivirus scan type.
- Delete (remove infection)—Deletes the
attachment without attempting to clean it. The detected attachment
is removed from the message, and the deletion text is inserted in
- Skip (detect only)—Makes no attempt to clean or delete. Viruses are reported, but the files remain infected.
If you want the e-mail recipient to be notified whenever a virus is detected, on the Remediation tab, click Send notifications.
Forefront TMG replaces the contents of the infected file with the text you provide in the Deletion text box. The default deletion text informs the recipient that an infected file was removed and includes the name of the file and the name of the virus found. The deletion text can be customized; simply type your own text in the box.
Copyright © 2009 by Microsoft Corporation. All rights reserved.