sys_scan_exc_help

Setting Scan Exceptions

Under certain circumstances, you may want to prevent IMSVA from scanning certain types of email messages that could be part of a DoS attack. For example, messages with extremely large attachments require significant IMSVA server resources to scan fully. Additionally, messages addressed to hundreds of recipients are most likely spam or some type of attack.

Rather than consuming IMSVA resources to scan these types of email messages, set scan exceptions to bypass scanning and instruct IMSVA to take action on the messages immediately.

• 1. For the actions specified in Scan Exceptions to take effect, verify that the Global antivirus rule is enabled.
  
  2. For malformed messages, when a message triggers the scan exception, IMSVA stops scanning and takes the corresponding actions. That means IMSVA will not trigger any policy rules when a scan exception occurs.
  
  For security setting violations and encryption exceptions, IMSVA will not stop scanning after the action of the scan exception executes. IMSVA con­tinues checking other policy rules. IMSVA will stop scanning if it encoun­ters a terminal scan action.

To configure scan exceptions:

1. Choose Policy > Scanning Exceptions from the menu.

2. To set scan exception conditions for email messages based on several conditions, click the Security settings violations link under Exception. The Security Settings Violations screen appears.

3. To set scan exception conditions for encrypted or decrypted email messages, click the Encryption exceptions link under Exception. The Encryption Exceptions screen appears.

4. To set an action for an exception type, click the corresponding link under Action:

• Setting Scan Actions for Security Setting Violations

• Setting Scan Actions for Malformed Messages

• Setting Scan Actions for Encrypted Messages

See also:

Configuring Exceptions for Security Settings Violations