criteria_antivirus_help
After selecting the senders and recipients for a new rule or modifying the senders and recipients for an existing rule, configure the rules to filter email traffic based on several conditions.
The scanning conditions vary depending on whether Antivirus rules or Other rules are being created.
To specify scanning conditions:
Select the check boxes as desired, from the Step 2: Select Scanning Conditions screen. The categories of scanning conditions for the Antivirus and the Other rule types vary as follows:
Antivirus rule
Files to Scan: Set the default method for scanning messages and specific file types containing viruses and other malware.
Files to Scan |
Setting |
Description |
All scannable files |
Attempt to scan all files. |
IntelliScan: uses "true file type" identification |
Use IntelliScan to identify malicious code that can be disguised by a harmless extension name. |
Specific file types |
Select the check box next to one of the following types of file extensions to scan:
|
IntelliTrap Settings: Scan compressed files for viruses/malware and send samples to TrendLabs for investigation.
IntelliTrap: Scan email attachments that contain real-time compressed executable files.
Send the IntelliTrap samples to TrendLabs: IMSVA can automatically send email messages with attachments that IntelliTrap catches to TrendLabs.
Spyware/Grayware Scan: Scan for other types of threats such as spyware and adware.
Other rule
Select one of the following next to Take rule action when, which specifies when IMSVA can take action on an email message:
all conditions matched (AND): When an email message matches all of the conditions.
any conditions matched (OR): When an email message matches any of the conditions.
Spam/Phishing Email: Scans messages identified as spam and phishing messages. Spam messages are generally unsolicited messages containing mainly advertising content. Phishing messages, on the other hand, originate from senders masquerading as trustworthy entities.
Spam detection settings: Click the link to choose a level of spam protection and configure lists for approved and blocked senders and text exemptions.
Phishing email
Web Reputation: Scans URLs in messages to protect against phishing and other malicious websites.
Attachment: Scans messages for file attachments that match the selected criteria, such as attachments with specific extensions or belonging to a certain true file type.
Name or extension: Click the link to configure filter settings for specific file names or extension names.
MIME content type: Click the link to configure filter settings for MIME content types.
True file type: Click the link to configure filter settings for common executable, document, image, media, and compressed files.
Size is {>, <, =} {size} {MB, KB, B}: Choose to filter attachments of a size that is more than, less than, or equal to a certain number of bytes, kilobytes, or megabytes. Type a number that represents the file size.
Number is {>, <, =} {number}: Choose to filter the number of attachments that is more than, less than, or equal to a certain number. Type a number that represents the total number of attachments for each email message.
Password protected zip files (unscannable files): Choose to filter password protected files that cannot be scanned by IMSVA.
Size: Scans messages that match the specified message size.
Message size is {>, <, =} {size} {MB, KB}: Choose to filter email messages of a size that is more than, less than, or equal to a certain number of kilobytes, or megabytes. Type a number that represents the email message size.
Content: Scans messages containing the keyword expressions that match those expressions specified in the subject, body, header, or attachment content keyword expressions links.
Subject keyword expressions: Click the link to manage your expression lists.
Subject is blank: Select to filter email messages without a subject. Sometimes spam messages do not contain subject lines.
Body keyword expressions: Click the link to manage your expression lists.
Header keyword expressions: Click the link to manage your expression lists. Headers include Subject, To, From, CC, and other headers that you can specify.
Attachment content keyword expressions: Click the link to manage your expression lists.
Compliance: Scans messages to protect against data leakage using regulatory compliance templates. Click Compliance templates to see the list of available templates.
Regulatory Compliance Templates |
Template |
Description |
GLBA |
Gramm-Leach-Bliley Financial Services Modernization Act of 1999 |
HIPAA |
Health Insurance Portability and Accountability Act |
PCI-DSS |
The Payment Card Industry Data Security Standard |
SB-1386 |
California law regulating the privacy of personal information |
US PII |
Personally Identifiable Information |
Others: Scans messages in which the number of recipients match the specified number. Also scans messages that are received within the specified time range.
Recipient number {>, <, =} {number}: Choose to filter the number of recipients. Type a number that represents the total number of recipients for each email message.
Received time range: Click the link to choose a day and time within which a message was received.
Unable to decrypt messages: Choose to filter encrypted messages that cannot be decrypted by IMSVA.
Spoofed internal messages: Click the link to create or modify a trusted internal IP address list.
See also:
Selecting Scanning Conditions for Spam
Configuring Approved and Blocked Sender Lists
Configuring Spam Text Exemption Rules
Selecting Scanning Conditions for Attachments
Selecting Scanning Conditions for Message Size
Using the Keyword & Expression List