GWAVA Home
blank
design
blank Home > Support
 

AV Engines


Integrating 3rd Party AV NLMs into your Novell GroupWise email system

Specific AV NLM Configuration Instructions



CA eTrust Antivirus (Formerly InoculateIT) 4.5 or higher
  • Install InoculateIT, and run it (ISTART4.NCF).
  • In the Configuration, and Real-Time Monitor menu, set Direction to Disabled. Save your changes.
  • In the GWAVA Configuration Manager, click on the AV vendor integrations button, and select eTrust InoculateIT from the pull-down menu. Click OK.

Note: If the virus scanner engine is not loaded when GWAVA starts, it will not use the integration. You cannot enable this after the fact, so the AVENGINE program must be loaded prior to GWAVA.
In GWAVA, ensure Decompression Engine is enabled, as eTrust InoculateIT does not scan compressed files.

CA eTrust 7.x (GWAVA 3.x Only)

 

  • Install eTrust Antivrus , and run it (AVLAUNCH INOSTART at the server console).
  • In the GWAVA Configuration Manager, click on the AV vendor integrations button, and select eTrust 7.0 from the pull-down menu. Save your changes by clicking OK.
  • Configure your exclusions via the eTrust Antivirus Realtime settings (using the Exclusions section of the Filters tab on the Realtime Monitor Options dialog)
  • Note: If the virus scanner engine is not loaded when GWAVA starts, it will not use the integration. You cannot enable this after the fact, so the AVENGINE.NLM must be loaded prior to GWAVA.
  • In GWAVA, ensure Decompression Engine is enabled, as eTrust InoculateIT does not scan compressed files.

Top


NAI Netshield 4.11/4.5/4.6 (or higher)
  • Install Netshield, and load the server-based NLM (NETSHLD.NCF). Then run the Netshield Console.
  • Right-Click the NetShield On-Access Monitor and select Properties.
  • In Scan, files written to and from the server should be scanned.
  • In What To Scan, All Files should be scanned.
  • In Actions, either Move Infected files to a folder or Delete Infected Files Automatically can be selected.
  • Under Exclusions, add the excluded directories.
  • In GWAVA, ensure the Decompression Engine is enabled; NetShield does not scan compressed files.

Top


Symantec / Norton Antivirus Corporate Edition 7 (or higher)

Options for the server-based scanner are configured in the Symantec System Console (SSC), which requires an NT workstation or server machine.

  • After you install the SSC and the server-based scanner, load the server based scanner as instructed. (LOAD VPSTART /INSTALL the first time, and VPSTART afterwards).
  • Run the SSC.
  • Select the Server, unlock it, and Choose the Server RealTime Protection Options
    The Enable file system realtime protection checkbox should be checked.
  • Set File Types to All Types.
  • In Macro Virus options, set the primary action to Quarantine, and the secondary action to Delete. Repeat for Non-Macro viruses.
  • The Exclude selected files and folders checkbox should be checked.
  • Click Exclusions and Add the excluded directories (see Directories to Exclude from Scanning).
  • You may wish to enable/disable Display Message on infected computer.

GWAVA does not need the Decompression Engine enabled, SAV can scan compressed files (must be enabled in SAV console). However, it is strongly recommended that decompression remains enabled in GWAVA. This will provide optimal protection against all threats.

NAV 7 Note: To work properly with compressed files, the primary action must be set to Quarantine or GWAVA will fail to detect the virus.

Top


Command Interceptor for GWAVA
Interceptor is not the same as Command Antivirus. If you do not have Command Interceptor, please follow the Command Antivirus configuration or contact Command Software for information regarding Interceptor.
  • Install the NLM, run it (LOAD CSSCAN).
  • If you also have Command Antivirus running on your GWAVA server, disable real time scanning or exclude the ENTIRE Domain and Post Office directories (Ignore the directory exclusion instructions earlier.
  • In the GWAVA Configuration Manager, click on the AV vendor integrations button, and select Command Interceptor from the pull-down menu. Save changes by clicking OK.

Note: If the virus scanner engine is not loaded when GWAVA starts, it will not use the integration. You cannot enable this after the fact, so the CSSCAN.NLM must be loaded prior to GWAVA. In GWAVA, ensure Decompression Engine is enabled, as Command Interceptor does not scan compressed files.

Top


Command AntiVirus for NetWare 4.58 (or higher)
Options for the server-based scanner are configured in a Windows based program (Command AntiVirus for Netware Administration).
  • Install the program, run it (LOAD F-PROT), and run the Command AntiVirus for NetWare Administration.
  • Select the Server, and under the Task Menu, choose Real-Time Scans
  • In Settings, set Action on Infection to Quarantine or Delete.
  • In Settings, select both Scans On Opens and Scans on Closes.
  • In Exclude, add the excluded directories (see Directories to Exclude from Scanning). All subdirectories will automatically be added, although the interface does not make this obvious.

In GWAVA, ensure Decompression Engine is enabled, as Command AntiVirus does not scan compressed files.

Top


Trend Micro's ServerProtect for NetWare 3.71/5.0/5.1
Options for the server-based NLM are configured in a Windows based program (Supervisor Configuration Utility).

 

  • Install the program files. Make sure they are running (SPNW.NCF), then run the Supervisor Configuration Utility.
  • Double-click the server, and unlock it. Then choose File Checking from the Configure Menu.
  • In the RealTime tab, make sure ALL Files are selected for DOS.
  • In the RealTime tab, enable all the Incoming/Outgoing File Checking options—all 5 checkboxes should be checked.
  • In the Exception Tab, add the excluded directories (see Directories to Exclude from Scanning).
  • In the Action Tab, set Action on Virus Identification to Wipe Out or Move.
  • Trend users should use
    • Bindery with Omit VS Scan Delays checked.
    • Or use NDS, with Omit VS Scan Delays unchecked.

You may wish to disable the Broadcast message for Configure Actions. GWAVA does not need the Decompression Engine enabled; ServerProtect can scan compressed files. (This is true of ServerProtect 5.0/5.1. However, ServerProtect 3.71 does require the Decompression Engine.)

Top


Panda Antivirus 2.5 (or higher)
Options for the server-based scanner are configured in a Windows based program (Panda Administrator)
  • Install Panda Enterprise Manage
  • Deploy your Distribution Agent to the Novell Server
  • Install Panda Antivirus to Netware
  • Right click on server and choose Edit Settings. Under Antivirus make sure
  • All files will be scanned instead of selected items
  • Deletion will be performed on viruses instead of cleaning

The directories below MUST be excluded in order for Panda to work. If this step is not completed fully, false positives will result. That all directories which must be excluded are. Panda is VERY particular here. You must exclude:

  • Work
  • Archive
  • MSLocal

GWAVA does not need the Decompression Engine enabled; Panda can scan compressed files.

Top


Sophos Antivirus 3.32 (or higher)

In the Real-Time Configuration screen

  • Status = active
  • Volumes = the volume with GWAVA’s directories should be write only
  • Workstations: all (or whatever is required)
  • Server Processes: Do not monitor for file access
  • Scanning options: Scanning Level (full), Compressed Files: Yes, Intercheck: any setting
  • Removal options: purge infected files
  • Notify group: any setting

In the Administration screen

  • Executables - make certain BIN has been added so that the virus scanner validation test passes.

In GWAVA Configuration

  • Create a user. Log in.
  • Enable both file locking and virus scanning.

Note: Ensure Omit VS Scan Delay checkbox in advanced is off. This significantly degrades performance but is needed due to a Sophos-specific issue, which can be eliminated by using SAVI.

Sophos SAVI (GWAVA 3.x Only)
Sophos SAVI is not the same as Sophos Sweep. If you do not have Sophos SAVI, please follow the Sophos Sweep configuration or contact Sophos for information regarding SAVI. At the time of publication, Sophos SAVI is still in Beta and has not yet been released by Sophos.

  • Install the program files. Typically the virus definitions go into SYS:\SOPHOS\SAVI and the NLMS (SAVI and VEEX) got into SYS:\SYSTEM
  • If you also have Sophos Sweep running on your GWAVA server, disable real time scanning or exclude the ENTIRE Domain and Post Office directories (Ignore the directory exclusion instructions earlier.
  • In the GWAVA Configuration Manager, click on the AV vendor integrations button, and select Sophos SAVI from the pull-down menu. Save changes by clicking OK.

Note: SAVI may be safely loaded before GWAVA starts. Alternatively GWAVA will automatically load it when needed.

Top


Kaspersky AntiVirus for NetWare 3.5 (or higher)
KAV 5.02 is available now 5.5 will be out shortly. Currently the primary interface is via ConsoleOne Snapins (5.5 will move to a web based primary interface but ConsoleOne will still be supported).

Installation

  • Install Kasperksy main EXE, ConsoleOne snapins.
  • Run ConsoleOne
  • Drill down the Kaspersky AntiVirus tree to your server and right click, install.

The next phase of installing Kaspersky so that it operates with GWAVA is done from within ConsoleOne. Settings can be accessed by Right clicking on Server under Kaspersky Antivirus tree in C1, and choosing Properties Under Tasks tab, click on the Real Time protection and then click Edit. A new tabbed window will appear.

Options Tab

  • Add all excluded folders, especially Work, Archive, MSLocal, WPGate
  • Under Files to be scanned: All Files should be scanned, Excluded Files, Archived Files, Mail Databases, Compressed Executables, which ever meets your needs.
  • Plain mail format should all be checked
  • Scan Files as they are: Check both options
  • Code analysis : optional

Actions tab

  • How to treat infected files: Delete
  • How to treat suspicious files: Delete

Enable password to delete or rename the archived files should be checked

Top

Norman

  • Display messages on the system console – Select Yes for diagnostic purposes. You can always turn this option off later.
  • Display monitor screen upon load: Select Yes. This option is very useful for watching scanning
  • Common Scanning Options
    • GWAVA suggests leaving all at the default settings except for the usual files included in Exclude category
  • RealTime Scanning Options
    • Scan Incoming, Outgoing, Outgoing with Write -- all yes
    • Add to the Include List for ServerBased Processes - the VWORK directory
  • Sever Scanning Options:
    • Leave at the default settings.
    • Virus Detected options
    • Cleaning turned off
    • Purging turned on.

Top
Support

Support
FAQs
Technical Notes
Updates
AV Engines
Product Requirements
Discussion Board
Product Documentation
Latest Virus Threats
GWAVA Security Report
Beta Program
Contact Information
GWAVA World Headquarters
100 Alexis Nihon Rd., Suite 500
Montreal, QC, H4M 2P1, Canada
Tel: +1 514.639.4850
Fax: +1 646.304.6250
questions@GWAVA.com
Sales Contacts
North America (US & Canada)
Northeast Region Doug Stein
D.C. & Southeast Region Lori Fair
Midwest Region Mike Silverman
Heartland Region Davin Cooke
West Coast Tom Poitras
Canada Tara Quinn
Retain for BlackBerry Enterprise Server Mitch Lauer
International Contacts
Locate a Reseller