Integrated Antivirus SmarterMail
Idea shared by BMark - 11/19/2020 at 8:56 AM
Under Consideration

I would like to propose an idea about the antivirus:
since Microsoft Defender Antivirus has been much improved and is natively implemented on the latest versions of the Windows Server OS, would it be possible to include it as an "integrated antivirus" system on SmartMail (together with Clam)?

Also having a lot of contact with Microsoft technicians for the MAPI talk, I think the integration and functionality with SM is not complicated.

This antivirus seems to be very performing and constantly updated, from the last tests it has received a lot of appreciation.
It is also integrated to the new Windows Server 2016/2019.

What do you think?


21 Replies

Reply to Thread
Matt Petty Replied
Employee Post
Hmm interesting idea. Did a little research on technologies.

Seems like a pretty easy way to add another virus scanning option.
+1, I'll keep an eye on this and mention it.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
Thanks Matt !! :)
Just want to added my thought this would be an immensely useful feature. I am finding ClamAV to be increasingly unreliable with too many false positives. A simple alternative would make SmarterMail even more valuable!
Yeah, ClamAV has always been trash, even with 3rd party DBs, it's just a horrible AV (better than nothing I guess though). Uses a ton of resources and has pretty poor performance.

Great idea!

I'm using this thread to get rid of some frustration. Again and again I read about useful ideas or questions on topics that concern all administrators. Especially the topics security, anti-virus and anti-spam(!) are things that concern everyone. Often there is an answer like in this thread, which gives hope (yes, good idea / we'll look into it / we're working on it / seems easy to do / etc.). But unfortunately it often stays like that and nothing happens anymore!

I am SmarterMail server operator for many years, but no professional in this world (my main business are Apple computers). That's exactly why I would like it very much if SmarterTools would really respond to such ideas or problems and offer practical solutions. Almost every customer could benefit from this. But that's the problem: Often only the frustration remains, because a thread finally remains unanswered.

@Matt Petty: Why is there no answer for months, when it should be "pretty easy"?

But it is the same in many other threads. Therefore my please and call to the SmarterTools team: Offer tangible solutions, incl. instructions how to implement it. Only this will help us all.

I know that the SmarterTools team is good and competent, because they have helped me a lot with support requests.

Thank you!

PS: But the best tool is only as good as you know how to use it.
Matt Petty Replied
Employee Post
@Dave, I'm sorry I've been busy making searches and indexing faster (and more accurate), mailbox access quicker and more resilient for other languages, we're upgrading protocol versions, adding support for more than 2gb a day for a folder, among a large pile of bugs. We're busy, and we already "integrate" clamav, I'd use command line AV while you wait, I'm sure it can be worked into using that mechanism. Sorry if it seems like we're doing nothing right now, but there is a lot more fish to fry. I simply said it would be pretty easy and was a good idea, I never said we'd do it right then.

PS, someone posted a guide here a while back to make ClamAV more useful by providing it your own signature sources. I think Securite? or something like that, maybe you could try configuring ClamAV with more signatures.

Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
@Matt, I am fully aware that you have many other tasks to solve. I appreciate your work and the product very much! I just wanted to point out that there are often such threads where topics are taken up, but then unfortunately "forgotten" again. After a while, you subjectively get the feeling that nothing is happening, which is of course wrong. Thank you!
Has anyone tried how to download additional signatures from

Also has anyone tried to use command line windows defender?
Hi you all,

Here is a .BAT script that i build using Microsoft Defender Antivirus that you can invoce in SM Command Line Antivirus or in SM Spool Command Line file with "C:\virusscan.bat %FILEPATH"

you need to create 2 folders :

C:\Viruses\                to Store Infected files for future checking
C:\VirusReport\         to Store Debug Files


echo # >> C:\VirusReport\ReportScanDebug%date:~6,4%%date:~3,2%%date:~0,2%.txt
echo # %time% >> C:\VirusReport\ReportScanDebug%date:~6,4%%date:~3,2%%date:~0,2%.txt
call "C:\program files\windows defender\mpcmdrun.exe" -Scan -ScanType 3 -File %1 -DisableRemediation >> C:\VirusReport\ReportScanDebug%date:~6,4%%date:~3,2%%date:~0,2%.txt

@REM echo Virus Found
move %1 C:\Viruses
echo # >> C:\VirusReport\ReportScanVirus%date:~6,4%%date:~3,2%%date:~0,2%.txt
echo #VIRUS - %time% - %1 >> C:\VirusReport\ReportScanVirus%date:~6,4%%date:~3,2%%date:~0,2%.txt

@REM echo File Clean
echo #CLEAN - %time% - %1 >> C:\VirusReport\ReportScanClean%date:~6,4%%date:~3,2%%date:~0,2%.txt



I am using the definitions and they seem to work well. I do have some false positives I cannot figure out how to whitelist.

My biggest senders I have issues with: usbank.com, delta.com, southwest.com, hilton.com, and a few others, one is a customer's franchise email. The reason they get flagged is because "Heuristics.Phishing.Email.SpoofedDomain".

Overall it has helped.
I am using SECURITEINFO definitions and it seems to me ClavAV with those definitions works very well
I just a got a response from SECURITEINFO, and they told me to add the following line to clamd.conf: PhishingScanURLs no

I am going to see how this works throughout the day.

Also forgot I had added these to my freshclam, if anyone sees one that looks like trouble let me know. ;)

freshclam.conf add-ons

# Reference for the following: https://forum.iredmail.org/topic12749-iredmail-support-tutorial-increasing-clamav-effectiveness.html
# winnow
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb

# Malware.expert
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malware.expert.hdb

# bofhland
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb

# Porcupine
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb

# from proxmox
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb


Are you using them both?

I find out that SANESECURITY is not effective (or at least it seems to me), so I use only SECURITEINFO
I have not had time to test both but I do stop a lot of viruses.

One day I will verify the sanesecurity are up to date.

Need to take the time and search the logs for sansecurity versus securieinfo in my delivery logs.
Is there any one who tried to use windows defender command line antivirus. Can you please tell me the main purpose of this antivirus? 
Are the free and paid ones both provide same security? And is there any security plugin for sites like novel reading

Reply to Thread