At the root of antivirus programs such as Trend Micro PortalProtect sits both a scan engine and a comprehensive database of virus ”signatures,” commonly called the virus pattern file. Together, these two components do the work of identifying and then cleaning infected files.
Whenever PortalProtect detects a file type that it has been configured to scan (for example, .zip, .exe, .doc, and so on), the application copies the file to a temporary location and opens the copy for virus scanning. If the file is clean, PortalProtect deletes the copy and releases the original for delivery by SMTP, FTP or HTTP as usual. If a virus is detected, PortalProtect takes whatever action it has been configured to take: clean, delete, quarantine, or ignore (this choice is not recommended). Deleted and quarantined files are not delivered to the intended recipient. Files set to be cleaned are opened, and the virus code is removed.
Not all viruses can be cleaned. For example, some viruses corrupt the host file, making it unusable. Trojans, worms, and mass mailers do not ”infect” a host file and therefore cannot be cleaned. Whatever the action, all detections are written to the virus log; the administrator and/or designated others can also receive an automatic notification of the incident.