ScanMail™ for Microsoft™ Exchange 12.5 SP1 Online Help

Collapse AllExpand All
  • access control
  • actions [1] [2]
    • advanced spam prevention [1]
    • attachment blocking [1]
    • compressed files [1]
    • Data Loss Prevention [1]
    • security risk scan [1]
    • spam prevention
      • content scanning [1]
    • web reputation [1]
  • activating ScanMail
    • Activation Code [1]
      • additional features [1]
      • suite [1]
  • activating Trend Micro products [1] [2]
    • Activation Code
    • reactivating [1]
  • Activation Code [1]
    • locating [1]
    • reactivating [1]
    • standard [1]
    • suite [1]
    • suite with additional features [1]
  • ActiveAction [1] [2]
  • ActiveUpdate [1] [2]
    • incremental updates [1]
  • advanced spam prevention [1] [2] [3]
    • actions [1]
    • configuring target settings [1]
    • enabling advanced spam prevention [1]
    • notifications [1]
  • advanced spam prevention scan [1]
  • advanced threats [1]
  • Advanced Threat Scan Engine [1]
  • Advanced Threat Scan Engine (ATSE)
  • adware [1]
  • alerts [1] [2]
    • notifications [1]
    • outbreak [1]
    • system events [1]
  • ATSE [1]
  • attachment blocking [1]
    • actions [1] [2] [3]
      • configuring [1]
    • compressed file handling [1]
    • enabling [1]
    • exceptions
    • global policy [1]
    • logs [1]
    • notifications
    • target
      • configuring [1]
  • Business Email Compromise (BEC) [1]
  • Command & Control Contact Alert Services [1]
    • categories [1]
    • Global Intelligence list [1]
    • Smart Protection Server [1]
    • Virtual Analyzer [1]
    • Virtual Analyzer list [1]
  • compressed files [1] [2] [3] [4] [5] [6]
    • actions [1]
    • compression ratios [1]
    • compression types [1]
    • Denial-of-Service [1]
  • compression types [1]
  • configuring
    • access control [1] [2]
    • advanced spam prevention scan
    • internal domains [1]
    • local sources [1]
    • macro scans [1]
    • notifications [1]
    • proxy settings [1] [2]
    • quarantine folder/directory [1]
    • real-time scan [1]
    • security risk scan
    • server groups [1]
    • special groups [1] [2]
    • web reputation [1]
  • content filtering [1]
  • content scanning [1]
  • Control Manager
    • see Trend Micro Control Manager [1]
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2]
  • customized keywords [1]
  • data identifiers [1]
  • data leakage prevention [1]
  • Data Loss Prevention [1] [2]
  • Denial-of-Service [1] [2] [3]
  • Denial-of-Service attack [1]
  • dialers [1]
  • disease vector [1]
  • documentation feedback [1]
  • EICAR [1]
  • email reputation
  • email reputation services [1]
  • encoding types [1]
  • End User Quarantine [1] [2]
  • Enterprise Protection Strategy [1]
  • expressions [1] [2]
  • false positive [1]
  • file reputation [1]
  • File Reputation Services [1]
  • files
    • uncleanable [1]
  • frequently asked questions
    • backup folders [1] [2]
    • calculating decompressed file size [1]
    • central reports [1]
    • checking pattern file updates [1]
    • checking service pack updates [1]
    • compression ratios [1]
    • dangerous files [1]
    • EICAR test virus [1]
    • End User Quarantine spam folder [1]
    • false positives [1]
    • firewall port exceptions [1]
    • handling large files [1]
    • latest patches [1]
    • locating Activation Code [1]
    • locating Registration Key [1] [2]
    • mapped network drives [1]
    • phish attacks [1]
    • public folder scan [1]
    • quarantine folders [1] [2]
    • regular expressions [1]
    • remote SQL server password changed [1]
    • removing quarantined email messages [1]
    • sending detected viruses to Trend Micro [1]
    • sending suspected threats to Trend Micro [1]
    • spyware/grayware [1]
    • time settings [1] [2]
    • UNC paths [1]
    • using keywords [1] [2] [3]
    • using operators with keywords [1]
    • virtual analyzer
      • working modes [1]
  • global policy [1]
  • global settings
    • quarantine folder/directory [1]
  • grayware [1]
  • hacking tools [1]
  • hot fixes [1]
  • icons [1]
  • integrated server [1]
  • IntelliScan [1] [2]
  • IntelliTrap [1]
  • internal domains [1]
    • configuring [1]
  • joke program [1] [2]
  • keywords [1] [2] [3] [4] [5]
  • known issues [1]
  • licenses [1]
    • registering [1]
  • local sources
    • configuring [1]
    • settings [1]
    • Smart Protection Server [1]
  • logs [1]
    • maintenance [1]
    • querying [1]
    • Search & Destroy [1]
    • types [1]
    • Windows events [1]
  • machine learning [1]
  • macro scan [1]
  • macro viruses/malware [1]
  • mailbox search
    • configuring [1]
    • criteria
      • date [1]
      • discovery mailbox [1]
      • keywords [1]
      • mailbox components [1]
      • mailboxes [1]
      • specific senders or recipients [1]
    • deleting [1]
    • keywords [1]
    • modifying [1]
    • options [1]
    • results [1]
    • syntax [1]
    • types [1]
    • viewing [1]
  • maintaining security [1]
  • managing outbreak situations [1]
    • analyzing [1]
    • confirming the outbreak [1]
    • recovering [1]
    • responding [1]
  • manual scan [1]
  • manual updates [1]
  • mass-mailing attack [1]
  • master services
    • ScanMail EUQ Monitor [1]
    • ScanMail for Exchange Remote Configuration Server [1]
    • ScanMail for Microsoft Exchange Master Services [1]
    • ScanMail for Microsoft Exchange System Watcher [1]
    • starting and stopping [1]
  • multipurpose internet mail extensions [1]
  • notifications [1] [2] [3]
    • about [1]
    • actions that trigger [1]
    • advanced spam prevention [1]
    • alerts [1]
    • configuring [1]
    • global settings [1]
    • web reputation [1]
  • one-time reports [1] [2]
    • generating [1]
  • online help
    • accessing [1]
  • operator [1]
  • outbreak alerts [1]
  • Outbreak Prevention Services [1]
  • password cracking applications [1]
  • patches [1]
    • updating FAQ [1]
  • pattern files [1] [2] [3] [4]
    • incremental updates [1]
    • Smart Scan Agent pattern [1]
    • Smart Scan pattern [1]
    • spam pattern files [1]
    • updates [1]
    • updating manually [1]
    • Web Blocking list [1]
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • phish [1] [2] [3] [4]
  • policies
    • content filtering [1]
    • Data Loss Prevention [1]
  • post-installation
    • spam folder [1]
  • predefined expressions [1]
  • predefined templates [1]
  • product console [1]
    • banner [1]
    • configuration area [1]
    • getting help [1]
    • side menu [1]
    • viewing remote servers [1]
    • viewing servers [1]
  • proxy settings [1] [2]
  • quarantine
    • alerts [1]
    • configuring [1]
    • folder/directory [1]
    • global settings [1]
    • queries
    • resending messages [1]
  • quarantine folder/directory [1]
  • quarantine query
    • maintenance
    • performing [1]
    • resending messages [1]
  • ransomware [1]
  • reactivating Trend Micro products [1]
  • real-time monitor [1]
    • viewing remote servers [1]
  • real-time scan [1] [2]
    • characteristics [1]
    • configuring [1]
  • registering
    • to Control Manager [1]
  • registering ScanMail
    • reseller purchase [1]
  • registering Trend Micro products [1]
    • how to [1]
    • online purchase [1]
    • Registration Key [1]
  • Registration Key
  • regular expressions [1]
  • remote access tools [1]
  • remote servers
    • viewing with real-time monitor [1]
  • replicating configurations [1] [2]
  • reports [1]
    • generating scheduled [1]
    • maintenance [1]
    • one-time reports [1] [2]
    • scheduled [1]
  • role
  • scan engine [1]
  • ScanMail EUQ Monitor [1]
  • ScanMail for Exchange Remote Configuration Server [1]
  • ScanMail for Microsoft Exchange Master Services [1]
  • ScanMail for Microsoft Exchange System Watcher [1]
  • ScanMail technology [1]
  • scans [1]
    • about scans [1]
    • actions [1] [2]
    • logs [1]
    • macro scan [1]
    • manual scan [1]
    • manual scan settings [1]
    • on cluster servers [1]
    • real-time scan [1]
    • scheduled scan [1]
    • scheduled scan settings [1]
  • scheduled scan [1]
  • scheduled updates [1]
  • Search & Destroy
  • Search & Destroy administrator [1]
  • security baseline [1]
    • managing real-time monitor [1]
    • performing a manual scan [1]
    • update ScanMail [1]
  • security risks [1]
    • advanced threats [1]
    • compressed files [1]
    • Denial-of-Service [1]
    • Denial-of-Service attack [1]
    • disease vector [1]
    • encoding types [1]
    • grayware [1]
    • joke program [1]
    • macro viruses/malware [1]
    • mass-mailing attack [1]
    • multipurpose internet mail extensions [1]
    • other malicious codes [1]
    • packed files [1]
    • phish [1] [2] [3]
    • ransomware [1]
    • spyware [1]
    • spyware/grayware [1] [2]
    • Trojan Horse [1] [2]
    • true file type [1]
    • virus/malware writers [1]
    • viruses/malware [1] [2]
    • worms [1] [2]
    • zip-of-death [1]
  • security risk scan
    • about [1]
    • actions [1] [2]
    • ActiveAction [1]
    • compressed file handling [1] [2]
    • configuring target settings [1]
    • custom settings [1]
    • enabling real-time scan [1]
    • IntelliScan [1] [2]
    • IntelliTrap [1]
    • logs [1]
    • notifications
    • summary screen [1]
  • server groups [1]
    • configuring [1]
  • server management console [1]
    • activating [1]
    • replicating configurations [1] [2]
    • replicating servers [1]
    • view last replication [1]
    • view pattern and engine version [1]
    • view scan results [1]
    • view scan status [1]
    • view smart scan status [1]
  • Server Management Console
  • service packs [1] [2]
  • services
    • starting and stopping [1]
  • smart protection [1] [2] [3] [4] [5]
    • File Reputation Services [1]
    • Smart Protection Network [1]
    • source [1] [2]
    • sources
      • comparison [1]
      • protocols [1]
    • volume of threats [1]
  • Smart Protection [1]
    • File Reputation Services [1]
    • integrated server [1]
    • pattern files [1]
    • Smart Protection Server [1]
    • standalone server [1]
    • Web Reputation Services [1] [2]
  • Smart Protection Network [1] [2]
    • web reputation [1]
  • Smart Protection Server [1] [2] [3] [4]
  • Smart Protection sources
    • integrated server [1]
    • local source settings [1]
    • Smart Protection Server [1]
    • standalone server [1]
  • spam engine [1]
  • spam maintenance [1]
    • End User Quarantine [1]
  • spam pattern files [1]
  • spam prevention [1]
    • content scanning [1]
    • email reputation
    • email reputation services [1]
    • End User Quarantine [1]
    • maintenance [1]
    • spam engine [1]
    • spam pattern files [1]
  • special groups [1] [2]
  • spyware [1]
  • spyware/grayware [1] [2] [3] [4]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • malware naming [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • SQL server
    • manually updating password [1]
  • standalone server [1]
  • summary [1]
    • ransomware tab [1]
    • security risks [1]
    • spam tab [1]
    • system tab [1]
  • support
    • resolve issues faster [1]
  • support/system debugger [1]
  • targets
    • web reputation [1]
  • technology
    • scan engine [1]
  • templates [1] [2]
  • Trend Micro Control Manager [1] [2]
    • agent [1]
    • communication protocol [1]
    • communicator [1]
    • entity [1]
    • registering [1]
    • server [1]
    • unregistering [1]
  • Trojan Horse [1] [2]
  • true file type [1]
  • uncleanable files [1]
  • unregistering
    • from Control Manager [1]
  • updates
    • ActiveUpdate [1]
    • alerts [1]
    • components on clusters [1]
    • download source [1]
    • latest patches FAQ [1]
    • logs [1]
    • manual updates [1]
    • pattern file, manual [1]
    • pattern files [1]
    • scan engine, manual [1]
    • scheduled updates [1]
  • updating, about [1]
  • URLs
    • Knowledge Base [1]
    • update center [1]
  • URL time-of-click protection
    • enabling URL time-of-click protection [1]
  • version comparison [1]
  • Virtual Analyzer [1]
    • about [1]
    • configuring [1]
    • scan engine technology [1]
    • settings [1]
  • virtual analyzer working modes [1]
  • virtual servers [1]
  • viruses/malware [1] [2] [3]
  • Virus Scan Application Programming Interface (VSAPI) [1]
  • Virus Scan Engine [1]
    • scan engine [1]
  • web reputation [1] [2] [3] [4] [5] [6]
  • Web Reputation Services [1] [2]
  • wildcard [1]
  • wildcards [1]
  • Windows event log codes [1]
  • worms [1] [2]
  • writing style training
  • writing style verification
    • configuring [1]
    • enabling [1]
  • zip-of-death [1]

About ScanMail Actions Parent topic

The actions that ScanMail takes when scans detect viruses/malware, suspicious URLs, or undesirable content can include the following:
Note
Note
Not all actions are available for every type of scan. For details about the actions available for a specific scan, refer to the configuration settings for the scan or refer to Scan Actions by Scan Settings.

ScanMail Actions

Action
Description
Clean
Removes viral code from infected message bodies and attachments. The remaining email message text, any uninfected files, and the cleaned files are delivered to the intended recipient(s).
Tip
Tip
Trend Micro recommends using the default scan action "clean" for viruses/malware.
Under some conditions, ScanMail cannot clean a file. These files are referred to as uncleanable. You can configure ScanMail to take a special action against these files when they are detected.
During a manual or scheduled scan, ScanMail updates the Information Store and replaces the file with the cleaned one.
Replace with text/file
ScanMail deletes the attachment, infected, malicious, or undesirable content and replaces it with text or a file. The email message is delivered to the intended recipient, but the text replacement informs them that the original content was infected and was replaced.
Note
Note
For Data Loss Prevention and content filtering, ScanMail does not perform this action in Transport level scans when the violation is in the header/subject of the email message.
Quarantine entire message
ScanMail moves the email message to a restricted access folder, removing it as a security risk to the Exchange environment. This option is not available in manual and scheduled scanning.
Quarantine message part
ScanMail moves the email message body or attachment to a restricted access folder, removing it as a security risk to the Exchange environment.
ScanMail replaces the message part with the text/file you specify.
Note
Note
For Data Loss Prevention and content filtering, ScanMail does not perform this action in Transport level scans when the violation is in the header/subject of the email message.
Backup
ScanMail backs up the message, delivers, and records the detection in logs.
Note
Note
This action behaves the same as archive in previous versions of ScanMail.
Delete entire message
During real-time scanning, ScanMail deletes the entire email message.
Pass
ScanMail records the detection in a log and delivers the message unchanged.
Pass entire message
ScanMail records the detection in a log and delivers the message unchanged.
Pass message part
ScanMail records the detection in a log and delivers the message unchanged.
Note
Note
For Data Loss Prevention and content filtering, this does not apply to low priority policies.
Tag and deliver
ScanMail adds a tag to the header information of the email message that identifies it as spam and then delivers it to the intended recipient.
Quarantine message to user’s spam folder
ScanMail moves the email message to the Spam Mail folder located on the server-side of the Information Store.
Forward to sender’s manager
Forward the email message to the sender’s manager.
Forward to specific email address(es)
Forward the email message to the specific email address(es).
Related information