Configuring a Threat Protection Rule

You can create threat protection rules to scan messages for viruses and other malware such as spyware and worms.

  1. Go to Policies > Policy Management.
  2. Click the Threat Protection Rules tab.
  3. Do one of the following:
    • Click Add to create a new rule.

    • Click a rule name to change the settings.

  4. Type a rule name.
  5. Configure the settings for High, Medium, and Low risk, and Unrated messages.
    1. For Unrated messages, select a detection reason.
    2. Specify the Action.

      For more information, see Policy Actions.

    3. (Optional) From the Send notification drop-down list, select a notification message to inform recipients about the applied policy action.
      Important:

      Deep Discovery Email Inspector only sends recipient notifications when you select Send notification and a notification message.

      You can configure notification messages on the Notifications screen (go to Policies > Policy Objects > Notifications).

      For more information, see Configuring Recipient Notification.

    4. (Optional) For low-risk messages, configure the subject tag and X-header settings.
      • Subject tag: Specify the string to insert in the subject of email messages.

      • X-Header: Specify the text to add to the X-header.

  6. (Optional) Under Advanced Settings, select one or more of the following settings:
    • Select Quarantine the original message when attachments cannot be stripped to store the detected email message in the quarantine when Deep Discovery Email Inspector is unable to strip the attachments. Deep Discovery Email Inspector does not deliver the email message to the recipients.

      Note:
      • This setting only takes effect when Deep Discovery Email Inspector is in MTA mode.

      • When you select this option, Deep Discovery Email Inspector also quarantines detected phishing messages.

    • Select Quarantine a copy of the original message when stripping attachments or redirecting links to store a copy of the detected email message with the attachment and URL in the quarantine for further investigation.

      Note:

      This setting only takes effect when Deep Discovery Email Inspector is in MTA mode.

    • Select Attempt to clean before stripping attachments to have Deep Discovery Email Inspector clean an attachment first when you also select a strip attachment action for the rule. If Deep Discovery Email Inspector is unable to clean the attachment, Deep Discovery Email Inspector then deletes the attachment.

      Clear the check box to have Deep Discovery Email Inspector immediately delete attachments that are detected as malicious.

      Note:

      This setting only takes effect when Deep Discovery Email Inspector is in MTA mode.

    • Select Prioritize for Virtual Analyzer submission to submit detected email messages to Virtual Analyzer with high priority.

  7. Click Save.

    After adding a rule, you can:

    • Click a rule name to edit the rule settings.

    • Select a rule and click Delete to remove the selected rule.