You must indicate the action that Forefront Protection 2010 for Exchange Server (FPE) should take when malware is detected. You must set the action for each scan job type (realtime, transport, scheduled, and on-demand) you configure. The action setting is not global. Also, for each scan job type except the on-demand scan (which does not support spyware scanning), you can configure different actions for virus and spyware detections. In cases where a file is detected as containing both a virus and spyware, the virus action setting takes precedence.
The available action options are listed and described in the following table. Click Save after making any changes to your action settings.
| Action | Description | ||
|---|---|---|---|
|
Skip (detect only) |
Makes no attempt to clean or delete. Malware is reported, but the files remain infected. If, however, Delete corrupted compressed files, Delete corrupted UUEncoded files, or Delete encrypted compressed files was selected in Global Settings - Advanced Options, a match to any of those conditions causes the item to be deleted. |
||
|
Clean |
Attempts to clean the malware. If successful, the infected attachment or message body is replaced with the clean version (even if part of a container file). If cleaning is not possible, the attachment or message body is replaced with the deletion text. This is the default setting for each antivirus scan job type. |
||
|
Delete |
Deletes the file attachment without attempting to clean it. The detected file is removed from the message (even if part of a container file), and the deletion text is inserted in its place. This is the default setting for each antispyware scan job type.
|
||
|
Purge |
Deletes the entire message from your mail system. It cannot be recovered unless you select to quarantine files. |
Note:Configuring the extension type for all deleted attachments
You can specify the extension type used for all deleted attachments (for example, .abc), making it easier to instantly identify deleted attachments.
To configure the extension type for all deleted attachments-
In the Forefront Protection 2010 for Exchange Server Administrator Console's Policy Management view, in the tree, expand Global Settings, and then click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Scans section, specify a value in the Use this extension when replacing a deleted attachment with the deletion text field. The default value is txt.
If you want to disable this feature (causing the original extension to be retained), replace txt with an empty string.
If you want to specify a different extension, replace txt with another string, which must be between one and three characters long.
-
Click Save.