about_security_risk_scan
ScanMail protects your Exchange environment by performing scans on all incoming and outgoing email messages. You can accept the Trend Micro default values set by the installation program or you can customize scanning by setting a number of configurations described in this chapter. You can configure ScanMail to run scans on-demand (manual scanning), according to a schedule (scheduled scanning), or in an ongoing and persistent manner (real-time scanning). You configure scans using the Security Risk Scan screen, accessible from the sidebar, or from the Manual Scan and Scheduled Scan screens.
The following describes the key characteristics of security risk scans:
|
Security risk scan characteristics |
|
Type of Scan |
Characteristics |
|
Real-time scan |
ScanMail scans the following in real time:
|
|
Manual scan and scheduled scan |
During manual and scheduled scans, ScanMail scans messages stored in the mailbox and public folder stores. Starting another scheduled scan does not interrupt the scheduled scan that is already in progress. ActiveUpdate does not interrupt a scheduled scan. On cluster servers: Each virtual server has a scan task list. You can specify the store database that belongs to the current virtual server. When there is a running scheduled scan task, new tasks are queued. When another tasks is triggered at the same time; then the task will be queued and finished eventually. |
ScanMail provides two basic settings for security risk scan: using ActiveAction or setting a customized action according to security risk type.
Select ActiveAction to have ScanMail perform Trend Micro recommended actions. Trend Micro recommends using ActiveAction when you are not familiar with scan actions or if you are not sure which scan action is suitable for a certain type of virus/malware.
Select Customize action for detected threats to instruct ScanMail to execute a customized action according to the type of detected threat.
At the bottom of the screen you can configure ScanMail to Backup infected file before performing action. This is a safety precaution designed to protect the original file from damage.
Use these actions when you want to optimize scanning for your environment.
When you want to configure ScanMail to use the same action against all detected security risks. Select All threats and accept the default action or select a customized action.
When you want to configure a ScanMail action for each type of threat that ScanMail detects. Select each threat type individually and configure the action ScanMail executes when it detects that threat type.
When you want to protect your Exchange servers against a mass-mailing attack, select Enable action on Mass-mailing behavior and select the action that ScanMail executes whenever it detects a mass-mailing attack. This action overrides any other action for ScanMail. The real-time scanning default action is "delete entire message".
See also: