Specifying Scanning Conditions

After selecting the senders and recipients for a new rule or modifying the senders and recipients for an existing rule, configure the rules to filter email traffic based on several conditions.

The scanning conditions vary depending on whether Antivirus rules or Other rules are being created.

To specify scanning conditions:

Select the check boxes as desired, from the Step 2: Select Scanning Conditions screen. The categories of scanning conditions for the Antivirus and the Other rule types vary as follows:

Antivirus rule

Files to Scan: Set the default method for scanning messages and specific file types containing viruses and other malware.

Files to Scan

Setting	Description
All scannable files	Attempt to scan all files.
IntelliScan: uses "true file type" identification	Use IntelliScan to identify malicious code that can be disguised by a harmless extension name.
Specific file types	Select the check box next to one of the following types of file extensions to scan: Application and executables: Click the link and select the sub-types to scan. Documents: Click the link and select the sub-types to scan. Compressed files: Click the link and select the sub-types to scan. Specified file extensions: Type the extension in the text box. You do not need to type the period (.) before the extension. You can also use an asterisk wildcard for the extension.

IntelliTrap Settings: Scan compressed files for viruses/malware and send samples to TrendLabs for investigation.

IntelliTrap: Scan email attachments that contain real-time compressed executable files.
Send the IntelliTrap samples to TrendLabs: IMSVA can automatically send email messages with attachments that IntelliTrap catches to TrendLabs.

Spyware/Grayware Scan: Scan for other types of threats such as spyware and adware.

Other rule

Select one of the following next to Take rule action when, which specifies when IMSVA can take action on an email message:

all conditions matched (AND): When an email message matches all of the conditions.
any conditions matched (OR): When an email message matches any of the conditions.

Spam/Phishing Email: Scans messages identified as spam and phishing messages. Spam messages are generally unsolicited messages containing mainly advertising content. Phishing messages, on the other hand, originate from senders masquerading as trustworthy entities.

Spam detection settings: Click the link to choose a level of spam protection and configure lists for approved and blocked senders and text exemptions.
Phishing email

Web Reputation: Scans URLs in messages to protect against phishing and other malicious websites.
Attachment: Scans messages for file attachments that match the selected criteria, such as attachments with specific extensions or belonging to a certain true file type.

Name or extension: Click the link to configure filter settings for specific file names or extension names.
MIME content type: Click the link to configure filter settings for MIME content types.
True file type: Click the link to configure filter settings for common executable, document, image, media, and compressed files.
Size is {>, <, =} {size} {MB, KB, B}: Choose to filter attachments of a size that is more than, less than, or equal to a certain number of bytes, kilobytes, or megabytes. Type a number that represents the file size.
Number is {>, <, =} {number}: Choose to filter the number of attachments that is more than, less than, or equal to a certain number. Type a number that represents the total number of attachments for each email message.
Password protected zip files (unscannable files): Choose to filter password protected files that cannot be scanned by IMSVA.

Size: Scans messages that match the specified message size.

Message size is {>, <, =} {size} {MB, KB}: Choose to filter email messages of a size that is more than, less than, or equal to a certain number of kilobytes, or megabytes. Type a number that represents the email message size.

Content: Scans messages containing the keyword expressions that match those expressions specified in the subject, body, header, or attachment content keyword expressions links.

Subject keyword expressions: Click the link to manage your expression lists.
Subject is blank: Select to filter email messages without a subject. Sometimes spam messages do not contain subject lines.
Body keyword expressions: Click the link to manage your expression lists.
Header keyword expressions: Click the link to manage your expression lists. Headers include Subject, To, From, CC, and other headers that you can specify.
Attachment content keyword expressions: Click the link to manage your expression lists.

Compliance: Scans messages to protect against data leakage using regulatory compliance templates. Click Compliance templates to see the list of available templates.

Regulatory Compliance Templates

Template	Description
GLBA	Gramm-Leach-Bliley Financial Services Modernization Act of 1999
HIPAA	Health Insurance Portability and Accountability Act
PCI-DSS	The Payment Card Industry Data Security Standard
SB-1386	California law regulating the privacy of personal information
US PII	Personally Identifiable Information

Others: Scans messages in which the number of recipients match the specified number. Also scans messages that are received within the specified time range.

Recipient number {>, <, =} {number}: Choose to filter the number of recipients. Type a number that represents the total number of recipients for each email message.
Received time range: Click the link to choose a day and time within which a message was received.
Unable to decrypt messages: Choose to filter encrypted messages that cannot be decrypted by IMSVA.
Spoofed internal messages: Click the link to create or modify a trusted internal IP address list.