Use the Security Risk Scan tab to define how ScanMail scans documents for viruses and other malware.
To configure security risk scan options:
-
Under Scan Options click the Security Risk Scan tab.
-
Under Scan Mode Settings section of the Security Risk Scan tab, click Enable Advance Threat Scan Engine.
Note
Advanced Threat Scan Engine checks files for less conventional threats, including document exploits. However, it may detect some files that are actually safe. Therefore, further observation and analysis is required in a virtual environment, which is provided by Deep Discovery Advisor. Refer to the topic Configuring Deep Discovery Advisor Settings for the configuration procedure.The Advanced Threat Scan Engine is not supported on Windows 32-bit version. -
Under the Files to Scan section, configure the security risk scan options as follows:
-
Select which files to scan from the following options:
-
All (recommended) scans all documents except file types, names, or specified extensions.To define exclusions by true file type, type the file name or extension in the Exclude files by true file type field or click
to select from the available list. You can also specify exclusions according to file name or extension, type the file name or extension in the Exclude files by file name or extension field or click to select from the available list. -
Selected files scans documents based on file names or extension names.A default list of file extension names is presented. To define new file names or extensions to scan, type the file name or extension in the Scan files by file name or extension field or click to select from the list.
-
-
-
Under the Advanced Options section, configure the settings according to the following:
-
Compressed files scans compressed files.ScanMail contains a default list of compressed file types to scan. You can select the number of layers of compression to scan via the Scan Restrictions tab. When you select Clean compressed files, ScanMail extracts compressed files for scanning, which can consume a large amount of disk space.
Note
Refer to the Trend Micro Knowledge Base for the list of compressed file types that the ScanMail can support. -
Embedded objects scans OLE.ScanMail can scan embedded objects in Notes mails.
-
Macros in Microsoft Office filesuses heuristic scanning to detect macro viruses/malware in Microsoft Office files (for example, *.doc and *.xls).Heuristic scanning is an evaluative method of using pattern recognition and rules-based technologies to detect malicious macros.After you select Macros in Microsoft Office files, choose from the following:
-
All takes actions against all macros detected.
Note
This setting will apply to all Microsoft Office files containing macros, even if they are not malicious. -
Equal to and below heuristic level takes action against macros detected with the specified or a lower heuristic level.When you select Equal to and below heuristic level, you also need to choose a heuristic level.
Note
Before choosing a heuristic level, read the following information:-
Level 1 uses the most specific criteria, but detects the least macros.
-
Level 4 detects the most macros, but uses the least specific criteria, and may falsely identify safe macros as harboring malicious macros.
-
Trend Micro recommends level 2. This level provides a high detection level and a fast scanning speed. It uses only the necessary rules to detect macro virus/malware strings and has a low level of false identification.
-
-
-
-
In the IntelliTrap section, you can enable or disable scanning by IntelliTrap.
Note
Virus writers often attempt to circumvent virus filtering by using real-time compression algorithms. IntelliTrap helps reduce the risk of such viruses entering your network by blocking email attachments with real-time compressed executable files and pairing them with other malware characteristics. -
Under the Actionsection, set the scan action on infected files according to the following:
-
Use Active Action (intelligent actions based on the virus pattern file) identifies malware types and uses the Trend Micro pattern file to automatically recommend scan or filter actions based on how each type infects a computer system or environment. Quarantine is the default action for items that are uncleanable.When you select Active Action, you will also need to choose an action to perform on uncleanable Microsoft Office files. Microsoft Office files can contain macros that cannot be stripped, which means that these files will be scanned as uncleanable. The action that you select for Action on uncleanable virus will be applied to Microsoft Office files only; the actions defined in the pattern file will be applied to all other file types.
-
Specified actions allows you to select the action ScanMail takes according to the malware type.
Note
If the Clean compressed files action is disabled, ScanMail applies the action for a detected malware to the entire compressed file that contains the malware. If the Clean compressed files action is enabled, ScanMail applies the action only to the specific file harboring the malware.If there is no threat and specific action enabled under Action on other malware, ScanMail applies the Action on cleanable virus or Action on uncleanable virus for all detected threats. To customize the Action on other malware, enable the threat and then select the corresponding action.For example, when Mass-mailing virus is enabled and the Delete action is selected, ScanMail will automatically delete a detected mass-mailing virus. -
-
Under the Notification section, select the notification options for when malware is detected, uncleanable, or a scan action was applied on infected file(s).
-
Under the Email Stampsection, select and enter the appropriate options.
-
Click Save & Close.