Scan Items tab

Option definitions

Configure detection options for the email scanner.

Option Definition
Settings for Select Workstation or Server from the drop-down list.
Note: This option is only available via ePolicy Orchestrator.
Scanning of email Enable scanning of on-delivery email.
Note: This option is only available via ePolicy Orchestrator.
Attachments to scan
  • All file types — Scan all types of files, regardless of extension.
  • Default + additional file types — Scan the default list of extensions plus any additions you specify. The default list is defined by the current DAT file. Select Default + additional file types, then enter file extensions separated by spaces in the text box.

    Also scan for macros in all attachments— If you selected Default + additional file types, you can also search for known macro threats in all files.


  • Specified file types — Create a list of user-specified extensions to be scanned. You can also remove any extensions you added previously.

    Select Specified file types, then enter file extensions separated by spaces in the text box.
Heuristics
  • Find unknown program threats and trojans — Use heuristic scanning to detect executable files that have code resembling malware.
  • Find unknown macro threats — Use heuristic scanning to detect unknown macro viruses.
  • Find attachments with multiple extensions — Treat attachments with multiple extensions as a threat.

    When you select this option, an Email Scan Warning dialog box appears. Click OK to confirm your selection.
Compressed files
  • Scan inside archives — Examine archive (compressed) files and their contents.

    Although it provides better protection, scanning compressed files can increase the time required to perform a scan.


  • Decode MIME encoded files — Detect, decode, and scan Multipurpose Internet Mail Extensions (MIME) encoded files.
Unwanted programs detection Detect unwanted programs — Enables the on-delivery email scanner to detect potentially unwanted programs. The email scanner uses the information you configured in the Unwanted Programs Policy to detect potentially unwanted programs.

See Restricting Potentially Unwanted Programs for more information.
Email message body (for Microsoft Outlook only) Scan email message body — Scan the body of Microsoft Outlook email messages.
Heuristic network check for suspicious files
Configure the sensitivity level you wish to use when determining if a detected sample is malware. For all levels other than Disabled, fingerprints of samples, or hashes, are submitted to Avert Labs to determine if they are malware. The benefit to you is that detection may be made available as soon as AVERT Labs publishes the update, and you would not have to wait fro the next DAT release. The higher the sensitivity level you choose, the higher the number of malware detections. However, by allowing more detections, you may also get more false positive results. Choose from these sensitivity levels:

  • Disabled — No fingerprints or any data are submitted to Avert Labs to determine if they malware.

  • Very Low —The detections and risk of false positives are the same as with regular DATs. A detection is made available to VirusScan Enterprise when Avert Labs publishes it instead of waiting for the next DAT update.

  • Low — This level is defined as between Very Low and Medium.

  • Medium — Use this level when the regular risk of exposure to malware is greater than the risk of a false positive. Avert Labs proprietary, heuristic checks results in detections that are likely to be malware. However, there is some risk that a detection on a file that isn’t common may result in a false positive. Avert Labs checks that detections with this setting will not create a false positive on popular applications and operating system files.

  • High — This level is defined as between Medium and Very High.

  • Very High —We recommend using this level only for email and for scanning volumes and directories that support neither executing programs nor operating systems. Detections found with this level are presumed to be malicious, but they haven’t been fully tested to confirm that they are not false positives.