Installation manual
61
4.1.5 Performance
In this section, you can set the number of ThreatSense scan engines that will be used for virus scanning. More
ThreatSense scan engines on multiprocessor machines can increase the scanning rate. Acceptable value is 1-20.
If there are no other restrictions, our recommendation is to increase the number of ThreatSense scan engines in the
Advanced settings window (F5) under Computer protection > Antivirus and antispyware > Performance,
according to this formula: number of ThreatSense scan engines = (number of physical CPUs x 2) + 1. Also, the number of
scan threads should be equal to the number of ThreatSense scan engines. You can configure the number of scan threads
under Server protection > Antivirus and antispyware > Microsoft Exchange Server > VSAPI > Performance.
Here is an example:
Let's say you have a server with 4 physical CPUs. For the best performance, according to formula above, you should
have 9 scan threads and 9 scan engines.
NOTE: We recommend that you set the number of scan threads equal to the number of ThreatSense scan engines
used. It will have no effect on performance if you use more scan threads than scan engines.
NOTE: Changes made here will be applied only after restart.
4.1.6 Protocol filtering
Antivirus protection, for the POP3 and HTTP application protocols, is provided by the ThreatSense scanning engine,
which seamlessly integrates all advanced malware scanning techniques. The control works automatically,
regardless of the Internet browser or email client used. The following options are available for protocol filtering (if
the Enable application protocol content filtering option is selected):
HTTP and POP3 ports - Limits scanning of communication to known HTTP and POP3 ports.
Applications marked as Internet browsers and email clients – Enable this option to only filter communication of
applications marked as browsers (Web access protection > HTTP, HTTPS > Web browsers) and email clients (
Email client protection > POP3, POP3s > Email clients).
Ports and applications marked as Internet browsers or email clients – Both ports and browsers are checked for
malware.
NOTE: Starting with Windows Vista Service Pack 1 and Windows Server 2008, a new communication filtering
method is used. As a result, the Protocol filtering section is not available.
4.1.6.1 SSL
ESET Mail Security enables you to check protocols encapsulated in SSL protocol. You can use various scanning
modes for SSL protected communications using trusted certificates, unknown certificates, or certificates that are
excluded from SSL-protected communication checking.
Always scan SSL protocol – Select this option to scan all SSL protected communications except communications
protected by certificates excluded from checking. If a new communication using an unknown, signed certificate is
established, you will not be notified about the fact and the communication will automatically be filtered. When you
access a server with an untrusted certificate that is marked by you as trusted (it is added to the trusted certificates
list), communication to the server is allowed and the content of the communication channel is filtered.
Ask about non-visited sites (exclusions can be set) - If you enter a new SSL protected site (with an unknown
certificate), an action selection dialog is displayed. This mode enables you to create a list of SSL certificates that will
be excluded from scanning.
Do not scan SSL protocol - If selected, the program will not scan communications over SSL.
If the certificate cannot be verified using the Trusted Root Certification Authorities store (protocol filtering > SSL >
Certificates):
Ask about certificate validity – Prompts you to select an action to take.
Block communication that uses the certificate – Terminates connection to the site that uses the certificate.
If the certificate is invalid or corrupt (protocol filtering > SSL > Certificates):
Ask about certificate validity – Prompts you to select an action to take.