ScanMail Scan Hierarchy Parent topic

Administrators can configure security risk scans in ScanMail to provide varying levels of security. Enabling the Advanced Threat Scan Engine in conjunction with Virtual Analyzer assists in discovering and preventing targeted attacks by suspected malware threats.
The following table provides an overview of the scan engine hierarchy in ScanMail.

Scan Engine Hierarchy

Scan Engine
Description
Virus Scan Engine scanning
The Virus Scan Engine provides pattern-based and heuristic scanning for traditional malware threats.
ATSE scanning
ATSE enhances the traditional malware threat protection offered by the Virus Scan Engine. ATSE performs an aggressive scan using heuristic algorithms to identify possible targeted attacks, such as document exploits.
For scan configurations that enable ATSE without sending files to Virtual Analyzer, ScanMail performs the action configured for Advanced threats on any suspicious messages and files detected as an advanced threat by ATSE.
Note
Note
Some detected files may be safe. Trend Micro recommends selecting the Quarantine entire message action for suspected threats detected by ATSE. Perform an evaluation on files not sent to Virtual Analyzer to determine the actual threat of the quarantined files.
ATSE and Virtual Analyzer
After ATSE detects a suspected malware threat, ScanMail sends the message to Virtual Analyzer for further analysis.
Virtual Analyzer assesses the risk level of the message in an isolated virtual environment and returns the threat rating to the ScanMail server. ScanMail then performs the action configured for Advanced threats if the security rating violates the configured security level for suspected threats.
Related information