Configuring virus scanning on a Domino server

After you create a virus scanning Configuration, configure virus scanning on a Domino server. Perform this procedure for each Domino server on which you want to enable virus scanning.

Procedure

  1. Open Domino Content Scan Configuration (cscancfg.nsf).
  2. Click New Server.
  3. Complete the following fields:
    FieldDescription
    Server name The Domino server. Click on the twistie to the right of the field and select a server in the domain from the Select Keywords dialog.
    Configuration name The virus scanning Configuration to use. Click on the twistie and select a configuration name. If the list is empty, you must first create a configuration document as described in prior sections.
    Logging level The level of Domino logging. Click on the twistie and select minimal, normal, or verbose. The default is normal.
    Log to file Logs messages to a separate file rather than the console log. The format of the log file name is similar to cscan_Renovations_2022_06_10@09_15_31.log.
  4. Click Save & Close.

    When you first create a server document, the Health status field displays as Pending validation. It remains that way until the mailscan task runs with a valid configuration and connects to the ICAP server. At that point, the status may be updated to one of the following:

    Service validated
    This indicates a successful connection to and communication with the ICAP server.
    Warnings
    This indicates a non-fatal issue with the ICAP server that should be addressed soon. An example warning is "ICAP server widget.acme.com certificate will expire on 09/20/2022 12:34:05 PM."
    Error
    This indicates an error that prevents virus scanning from operating. An example error is "ICAP server widget.acme.com certificate has expired (08/30/2022 12:30:02 PM)."

    Server documents have a Status of Enabled when created. Typically you will not change this. However, if there is a prolonged issue that prevents Domino from successfully communicating with the ICAP server, you may select the server in the Servers view and click Disable Server to disable virus scanning. Alternatively you can open the server document and click Disable Virus Scan . The danger of this is that attachments will no longer be scanned on this server. It is up to you to decide whether the risk of routing a message with a virus is preferable to messages containing attachments being held up in the router.

    When the issue has been addressed, re-enable the server for virus scanning. Either select the server in the Servers view and click Enable Server, or open the server document and click Enable Virus Scan.

Results

Assuming the router and mailscan tasks are active and the Health status is not Pending validation or Error, the Domino server begins managing scanning of incoming messages in mail.box for attachments with viruses.

What to do next

Monitor virus scan logs