Domino Consulting - HCL Domino Administrator 12 Help

CONFIGURING

Creating a virus scanning Configuration

Before you enable virus scanning, you must configure at least one virus scanning Configuration.

Open Domino Content Scan Configuration (cscancfg.nsf) and clickConfigurations in the navigation. Then click New Configuration, complete the tabs in the Configuration document, and click Save & Close.

Parent topic: Scanning message attachments for viruses

Basics tab

Procedure

Enter a configuration name and optional comments.

Mail Scan tab

Procedure

1. Complete the fields in the Scan and Log Optionssection:

Option Description

Field Description

Virus detected action Choose from the following options to specify what happens to a message when a virus is detected:

Discard message with notificationThis option deletes the original message content. The message is sent with a Subject prefix that contains the text configured in the Subject prefix message discarded field and body text configured in the Body text message discardedfield.
Clean message and deliver This option deletes viruses from infected attachments. The message is sent with a Subject prefix that contains the text configured in the Subject prefix virus foundfield and the contents of any infected attachments are replaced with the text configured in the Virus attachment text field.
Silently discard the message. With this option, the recipient does not receive the message or any notification about a virus.

Quarantine action

Quarantine original message Original messages with viruses are saved in Domino Content Scan Quarantine (cscanquarantine.nsf).
Do not quarantine

Message log option

Log attachments with viruses only
Log all attachments

Log database Specify the name of the log database for virus scan results. Default is cscanlog.nsf.

Quarantine database Specify the name of the quarantine database. Default is cscanquarantine.nsf

Log retention (days) The number of days to retain log documents. Default is 40.

Quarantine (days) The number of days to retain quarantined messages. Default is 40.

2. Complete the fields in the Mail Scan Tab / Mail Tag for Notification section to provide information for scanning notifications:

Option	Description
Field	Description
Subject prefix scanned	The text to display before the subject in a sent message indicating that the message was scanned for viruses and none were found. For example, "Virus scanned."
Subject prefix virus found	The text to display before the subject in a sent message indicating that a virus was found. For example, "Virus found." Applies when the virus detected action is "Clean message and deliver."
Subject prefix message discarded	The text to display before the subject in a sent message indicating that the message was discarded because it contained a virus. For example, "Message blocked due to virus." Applies when the virus detected action is "Discard message with notification."
Virus view icon	A number representing the icon to use in a mail view to indicate a message had a virus. For choices, see the topic https://help.hcltechsw.com/dom_designer/12.0.0/basic/H_ABOUT_DISPLAYING_AN_ICON_IN_A_COLUMN.html in the Domino Designer documentation.
Virus attachment text	The text to display inside an attachment that has been cleaned due to a virus. For example, "Virus found! Attachment text replaced." Applies when the virus detected action is "Clean message and deliver." If unable to double-click the attachment to open it, open it from a text editor to read the message. To do this from Notes, right-click, select Open with..., and select a text editor.
Body text message discarded	The text to display in the body of sent message indicating that the message was discarded because it contained a virus. For example, "Virus found! Message discarded." Applies when the virus detected action is "Discard message with notification." Note: Use the Text Properties dialog, Paragraph Margins tab to set the left margin of this field to 1 inch to make it display properly in clients.

Scan Config tab

Procedure

1. Complete the fields in the Scan Configurationsection:

Option Description

Field Description

Scan protocol Select ICAP

Maximum scan size (MB) The maximum attachment size allow for scanning. Default is 100 MB. Most often, very large attachments do not contain viruses, so it may make sense to exempt them from scanning. Specify 0 if you wish all attachments to be scanned.

Server DNS name/address The host name or address of the ICAP server. Depending on the product used, this server could also be a load-balancer, off-loading TLS and providing high availability.

TLS server port The port to use to connect to the ICAP server. Default is 1344. The well-known port for ICAP is TCP/1344. Depending on the product and setup, a different port might be used. For example, a TLS-enabled server often uses TCP/11344.

ICAP service name The ICAP "service name" defined on the ICAP server for attachment scan services. Scanning requires ICAP Response Modification Mode (RESPMOD). Contact the administrator of your ICAP server to verify that the server supports RESPMOD and to obtain the ICAP service name.

ICAP preview If the ICAP service supports preview mode, selectEnable ICAP preview. Preview mode defines how many bytes of data the ICAP client should send for pre-evaluating if the full attachment needs to be sent. Contact the administrator of your ICAP server to determine whether the server supports ICAP preview mode and if it is enabled on the server. If so, enable it here, too. If unsure, leave it unchecked.
Note: Domino 12.0.2 does not use preview mode, even if it is checked. Scanning operates correctly, but without the potential optimization provided by preview mode for certain attachments. This will be corrected in a future release.

Virus name formula A formula that you enter that generates the name of the virus found in an attachment. The formula is evaluated against a log document that is created for an attachment that has a virus. Domino writes an ICAP_ResponseHeaders item to that document that contains the ICAP response headers received from the ICAP server after processing the attachment data. Since each ICAP vendor's response format may differ, Domino allows you to write a formula to extract the name of the virus found from this data.
For example, if a vendor writes the virus name to a header named X-ICAP-Virus-ID, the formula might be as follows: @Trim(@Right(ICAP_ResponseHeaders; "X-ICAP-Virus-ID:"))

Important: First, follow the instructions in the topic Import and validate trusted roots using an ICAP connection. Then complete the fields in the TLS Connection Security section:

Option Description

Field Description

Trusted roots Domino requires a secure, trusted connection to the ICAP server for virus scanning. You must establish that you trust one or more of the ICAP server's root certificates before virus scanning can operate. Domino stores data about trusted roots in certstore.nsf. To simply the configuration process, the trusted root for the connection can be automatically imported from the ICAP server using an action in the cscancfg.nsf configuration document. This process involves both certstore.nsf and cscancfg.nsf.
For full instructions, see What to do next at the end of this table.

Certificate subject If the server has no Subject Alternate Name (SAN), the subject used to verify the certificate. This must be the exact subject name, including proper mixed cased characters if applicable.

Certificate expiration warning period The number of days before certificate expiration that the server sends a warning.

What to do next

Configure virus scanning on a Domino server

Help on Help

All Help Contents

Help on Help

All Help Contents