About ScanMail Actions Parent topic

The actions that ScanMail takes when scans detect viruses/malware, suspicious URLs, or undesirable content can include the following:
Note
Note
Not all actions are available for every type of scan. For details about the actions available for a specific scan, refer to the configuration settings for the scan or refer to Scan Actions by Scan Settings.

ScanMail Actions

Action
Description
Clean
Removes viral code from infected message bodies and attachments. The remaining email message text, any uninfected files, and the cleaned files are delivered to the intended recipient(s).
Tip
Tip
Trend Micro recommends using the default scan action "clean" for viruses/malware.
Under some conditions, ScanMail cannot clean a file. These files are referred to as uncleanable. You can configure ScanMail to take a special action against these files when they are detected.
During a manual or scheduled scan, ScanMail updates the Information Store and replaces the file with the cleaned one.
Replace with text/file
ScanMail deletes the attachment, infected, malicious, or undesirable content and replaces it with text or a file. The email message is delivered to the intended recipient, but the text replacement informs them that the original content was infected and was replaced.
Note
Note
For Data Loss Prevention and content filtering, ScanMail does not perform this action in Transport level scans when the violation is in the header/subject of the email message.
Quarantine entire message
ScanMail moves the email message to a restricted access folder, removing it as a security risk to the Exchange environment. This option is not available in manual and scheduled scanning.
Quarantine message part
ScanMail moves the email message body or attachment to a restricted access folder, removing it as a security risk to the Exchange environment.
ScanMail replaces the message part with the text/file you specify.
Note
Note
For Data Loss Prevention and content filtering, ScanMail does not perform this action in Transport level scans when the violation is in the header/subject of the email message.
Backup
ScanMail backs up the message, delivers, and records the detection in logs.
Note
Note
This action behaves the same as archive in previous versions of ScanMail.
Delete entire message
During real-time scanning, ScanMail deletes the entire email message.
Pass
ScanMail records the detection in a log and delivers the message unchanged.
Pass entire message
ScanMail records the detection in a log and delivers the message unchanged.
Pass message part
ScanMail records the detection in a log and delivers the message unchanged.
Note
Note
For Data Loss Prevention and content filtering, this does not apply to low priority policies.
Tag and deliver
ScanMail adds a tag to the header information of the email message that identifies it as spam and then delivers it to the intended recipient.
Quarantine message to user’s spam folder
ScanMail moves the email message to the Spam Mail folder located on the server-side of the Information Store.
Forward to sender’s manager
Forward the email message to the sender’s manager.
Forward to specific email address(es)
Forward the email message to the specific email address(es).
Related information