Overview
This article outlines the process that should be followed to test whether the MailEssentials Virus Scanning Engines (VSEs) that are part of the Email Security module are properly scanning emails for viruses and malware.
Solution
Testing antivirus functionality requires sending an email that would be recognized as virus-infected. Using a real virus file is not recommended as this may have undesired effects on the MailEssentials server which could end up getting infected with actual malware.
The safe way to test the Virus Scanning Engines is to send a test email using the EICAR Standard Anti-Virus Test file. The Eicar Anti-Malware test file can be downloaded from www.eicar.org.
Send a test email with the Eicar Anti-Malware test file attachment by following these steps:
- Temporarily disable your local Anti-virus software or exclude it from scanning a specific directory. This is because the Anti-virus is likely to detect the virus signature in the test file and quarantine it before you can attach it to the test email.
- Download the Eicar test file from https://secure.eicar.org/eicar.com.txt or any of the other formats provided at Download Anti Malware Testfile and save it to your local disk in a directory with anti-virus scanning exclusion.
- Attach the eicar test file to a test email and send it.
- The email should be detected by MailEssentials as containing a virus-infected attachment. Usually, the Virus Scanning Engine with the highest priority should be able to identify the infected attachment, otherwise you should verify that you have the latest definition updates for all the Anti-Virus engines.
- To test each engine individually, disable all the other virus scanning engines leaving only one engine enabled then repeat the above steps to send the email with the infected attachment.
Confirmation
-
Navigate to GFI MailEssentials > Dashboard and open the Logs tab. Locate the test email you sent which should be blocked with a Scan Result showing the configured Action as well as the name of the VSE e.g. Quarantined [Avira] as shown below:
- Further information can be obtained by examining the debug logs for the Virus Scanning Engines (VSEs) from the respective locations shown below:
VSE Filename & Location Avira ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Avira Engine.gfi_log.txt BitDefender ..\GFI\MailEssentials\EmailSecurity\DebugLogs\BitDefender Engine.gfi_log.txt Kaspersky ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Kaspersky Engine.gfi_log.txt Cyren ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Cyren Engine.gfi_log.txt Sophos ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Sophos Engine.gfi_log.txt