Configuring Virus Scan Criteria

The virus scan criteria allow you to create rules that take actions on messages that contain malware, worms, or other malicious code.

  1. Click Scanning Criteria.
  2. Specify at least one of the following detection types under the Specify at least one detection type section.
    Option Description

    Cleanable malware or malicious code

    Apply the rule to messages or attachments that contain cleanable malware. Cleanable malware are those that can be safely removed from the contents of the infected file, resulting in an uninfected copy of the original message or attachment.


    Selecting Cleanable malware or malicious code as a rule criteria, and then selecting a rule action other than Delete or Clean, can result in infected messages or attachments entering your messaging environment. By default, Trend Micro Email Security is configured with malware rules to appropriately handle threats when it is installed.

    Uncleanables with mass-mailing behavior

    Apply the rule to messages that contain uncleanable malware, worms, or other threats that cannot be removed from messages or attachments, and that propagate by mass-mailing copies of themselves.

    Uncleanables without mass-mailing behavior

    Apply the rule to messages that contain the following:

    • Spyware

    • Dialers

    • Hacking tools

    • Password cracking applications

    • Adware

    • Joke programs

    • Remote access tools

    • All others

  3. Configure Predictive Machine Learning settings to leverage the Predictive Machine Learning engine to detect emerging unknown security risks.
    1. Select Enable Predictive Machine Learning under the Specify Predictive Machine Learning settings section.

      For details, see About Predictive Machine Learning.

    2. Optionally select the Allow Trend Micro to collect suspicious files to improve its detection capabilities check box.

      By default, this option is selected.

      If you enable this option, Trend Micro only checks potentially risky messages and encrypts all content before transferring any information. By stripping out specific personal information and keeping only anonymous behavior profiles, Trend Micro can maintain your privacy while discovering new threats.

  4. Specify advanced settings.
    1. Select Enable Virtual Analyzer, and then select the security level from the drop-down list, to perform further observation and analysis for threats detected.

      If Virtual Analyzer is enabled, Trend Micro Email Security performs observation and analysis on samples in a closed environment. It takes three minutes on average to analyze and identify the risk of an attachment or file, and the time could be as long as 30 minutes for some files.

    2. Select Include macro, JSE and VBE scanning to include macro threats during observation and analysis.
  5. Click Submit.