Configure the following settings for each scan type (Manual Scan, Scheduled Scan, and Real-time Scan):
Target Tab
Scan Targets
Additional Threat Scan Settings
Scan Exclusions
Action Tab
Scan Actions/ActiveAction
Notifications
Advanced Settings
Scan Targets
Select scan targets:
All attachment files: Only encrypted or password-protected files are excluded.
Note:This option provides the maximum security possible. However, scanning every file requires a lot of time and resources and might be redundant in some situations. Therefore, you might want to limit the amount of files the agent includes in the scan.
IntelliScan: Scans files based on true-file type. See IntelliScan.
Specific file types: Worry-Free Business Security will scan files of the selected types and with the selected extensions. Separate multiple entries with semicolons(;).
Select other options:
Enable IntelliTrap: IntelliTrap detects malicious code, such as bots, in compressed files. See IntelliTrap.
Scan message body: Scans the body of an email message that could contain embedded threats.
Additional Threat Scan Settings
Select other threats the agent should scan. For details about these threats, see Understanding Threats.
Select additional options:
Backup infected file before cleaning: Worry-Free Business Security makes a backup of the threat before cleaning. The backed-up file is encrypted and stored in the following directory on the client:
<Messaging Security Agent installation folder>\storage\backup
You can change the directory in the Advanced Options section, Backup Setting subsection.
To decrypt the file, see Restoring Encrypted Files.
Do not clean infected compressed files to optimize performance
Scan Exclusions
Under the Target tab, go to the Exclusions section and select from the following criteria that the agent will use when excluding email messages from scans:
Message body size exceeds: The Messaging Security Agent only scans email messages when the size of the body of the message is smaller or equal to the specified amount.
Attachment size exceeds: The Messaging Security Agent only scans email messages when the size of the attachment file is smaller than or equal to the specified amount.
Tip:Trend Micro recommends a 30 MB limit.
Decompressed file count exceeds: When the amount of decompressed files within the compressed file exceeds this number, then the Messaging Security Agent only scans files up to the limit set by this option.
Size of decompressed file exceeds: The Messaging Security Agent only scans compressed files that are smaller or equal to this size after decompression.
Number of layers of compression exceeds: The Messaging Security Agent only scans compressed files that have less than or equal to the specified layers of compression. For example, if you set the limit to 5 layers of compression, then the Messaging Security Agent will scan the first 5 layers of compressed files, but not scan files compressed to 6 or more layers.
Size of decompressed file is “x” times the size of compressed file: The Messaging Security Agent only scans compressed files when the ratio of the size of the decompressed file compared to the size of the compressed file is less than this number. This function prevents the Messaging Security Agent from scanning a compressed file that might cause a Denial of Service (DoS) attack. A DoS attack happens when a mail server's resources are overwhelmed by unnecessary tasks. Preventing the Messaging Security Agent from scanning files that decompress into very large files helps prevent this problem from happening.
Example: For the table below, the value typed for the “x” value is 100.
File size
(not compressed)
File size
(not compressed)
Result
500 KB
10 KB (ratio is 50:1)
Scanned
1000 KB
10 KB (ratio is 100:1)
Scanned
1001 KB
10 KB (ratio exceeds 100:1)
Not scanned *
2000 KB
10 KB (ratio is 200:1)
Not scanned *
* The Messaging Security Agent takes the action you configure for excluded files.
Scan Actions
Administrators can configure the Messaging Security Agent to take actions according to the type of threat presented by virus/malware, Trojans, and worms. If you use customized actions, set an action for each type of threat.
Action |
Description |
|---|---|
Clean |
Removes malicious code from infected message bodies and attachments. The remaining email message text, any uninfected files, and the cleaned files are delivered to the intended recipients. Trend Micro recommends you use the default scan action clean for virus/malware. Under some conditions, the Messaging Security Agent cannot clean a file. During a Manual Scan or Scheduled Scan, the Messaging Security Agent updates the Information Store and replaces the file with the cleaned one. |
Replace with text/file |
Deletes the infected/filtered content and replaces it with text or a file. The email message is delivered to the intended recipient, but the text replacement informs them that the original content was infected and was replaced. For Content Filtering and Data Loss Prevention, you can replace text only in the body or attachment fields (and not From, To, Cc, or Subject). |
Quarantine entire message |
(Real-time Scan only) Quarantines only the infected content to the quarantine directory and the recipient receives the message without this content. For Content Filtering, Data Loss Prevention, and Attachment Blocking, moves the entire message to the quarantine directory. |
Quarantine message part |
(Real-time Scan only) Quarantines only the infected or filtered content to the quarantine directory and the recipient receives the message without this content. |
Delete entire message |
(Real-time Scan only) Deletes the entire email message. The original recipient will not receive the message. |
Pass |
Records virus infection of malicious files in the Virus logs, but takes no action. Excluded, encrypted, or password-protected files are delivered to the recipient without updating the logs. For Content Filtering, delivers the message as-is. |
Archive |
Moves the message to the archive directory and delivers the message to the original recipient. |
Quarantine message to server-side spam folder |
Sends the entire message to the Security Server for quarantine. |
Quarantine message to user's spam folder |
Sends the entire message to the user’s spam folder for quarantine. The folder is located on the server-side of the Information Store. |
Tag and deliver |
Adds a tag to the header information of the email message that identifies it as spam and then delivers it to the intended recipient. |
In addition to these actions, you can also configure the following:
Enable action on Mass-mailing behavior: Select from Clean, Replace with Text/File, Delete Entire message, Pass, or Quarantine message part for mass-mailing behavior type of threats.
Do this when clean is unsuccessful: Set the secondary action for unsuccessful cleaning attempts. Select from Replace with Text/File, Delete Entire message, Pass, or Quarantine the message part.
ActiveAction
The following table illustrates how ActiveAction handles each type of virus/malware:
|
Virus/Malware Type |
Real-time Scan |
Manual Scan/Scheduled Scan |
||
|---|---|---|---|---|
|
First Action |
Second Action |
First Action |
Second Action |
|
|
Virus |
Clean |
Delete entire message |
Clean |
Replace with text/file |
Trojan horse program/Worms |
Replace with text/file |
N/A |
Replace with text/file |
N/A |
|
Packer |
Quarantine message part |
N/A |
Quarantine message part |
N/A |
Other malicious code |
Clean |
Delete entire message |
Clean |
Replace with text/file |
| Additional threats | Quarantine message part |
N/A |
Replace with text/file |
N/A |
Mass-mailing behavior |
Delete entire message |
N/A |
Replace with text/file |
N/A |
Scan Action Notifications
Select Notify recipients to set the Messaging Security Agent to notify the intended recipients when taking action against a specific email message. For various reasons, you may want to avoid notifying external mail recipients that a message containing sensitive information was blocked. Select Do not notify external recipients to only send notifications to internal mail recipients. Define internal addresses from .
You can also disable sending notifications to spoofing senders’ external recipients.
Advanced Settings (Scan Actions)
Settings |
Details |
|---|---|
Macros |
Macro viruses are application-specific viruses that infect macro utilities that accompany applications. Advanced macro scanning uses heuristic scanning to detect macro viruses or strip all detected macro codes. Heuristic scanning is an evaluative method of detecting viruses that uses pattern recognition and rules-based technologies to search for malicious macro code. This method excels at detecting undiscovered viruses and threats that do not have a known virus signature. The Messaging Security Agent takes action against malicious macro code depending on the action that you configure.
|
Unscannable Message Parts |
Set the action and notification condition for encrypted and/or password-protected files. For the action, select from Replace with text/file, Quarantine entire message, Delete entire message, Pass, or Quarantine message part. |
Excluded Message Parts |
Set the action and notification condition for parts of messages that have been excluded. For the action, select from Replace with text/file, Quarantine entire message, Delete entire message, Pass, or Quarantine message part. |
Backup Setting |
The location to save the backup of infected files before the agent cleaned them. |
Replacement Settings |
Configure the text and file for replacement text. If the action is replace with text/file, Worry-Free Business Security will replace the threat with this text string and file. |