Configuring Virus Scan Criteria

The virus scan criteria allow you to create rules that take actions on messages that contain malware, worms, or other malicious code.

Click Scanning Criteria.

Specify at least one of the following detection types under the Specify at least one detection type section.

Option	Description
Cleanable malware or malicious code	Apply the rule to messages or attachments that contain cleanable malware. Cleanable malware are those that can be safely removed from the contents of the infected file, resulting in an uninfected copy of the original message or attachment. Warning: Selecting Cleanable malware or malicious code as a rule criterion, and then selecting a rule action other than Delete or Clean, can result in infected messages or attachments entering your messaging environment. By default, Trend Micro Email Security is configured with malware rules to appropriately handle threats when it is installed.
Uncleanables with mass-mailing behavior	Apply the rule to messages that contain uncleanable malware, worms, or other threats that cannot be removed from messages or attachments, and that propagate by mass-mailing copies of themselves.
Uncleanables without mass-mailing behavior	Apply the rule to messages that contain the following: Spyware Dialers Hacking tools Password cracking applications Adware Joke programs Remote access tools All others

Option

Description

Cleanable malware or malicious code

Apply the rule to messages or attachments that contain cleanable malware. Cleanable malware are those that can be safely removed from the contents of the infected file, resulting in an uninfected copy of the original message or attachment.

Warning:

Selecting Cleanable malware or malicious code as a rule criterion, and then selecting a rule action other than Delete or Clean, can result in infected messages or attachments entering your messaging environment. By default, Trend Micro Email Security is configured with malware rules to appropriately handle threats when it is installed.

Uncleanables with mass-mailing behavior

Apply the rule to messages that contain uncleanable malware, worms, or other threats that cannot be removed from messages or attachments, and that propagate by mass-mailing copies of themselves.

Uncleanables without mass-mailing behavior

Apply the rule to messages that contain the following:

Spyware
Dialers
Hacking tools
Password cracking applications
Adware
Joke programs
Remote access tools
All others

Configure Predictive Machine Learning settings to leverage the Predictive Machine Learning engine to detect emerging unknown security risks.
1. Select Enable Predictive Machine Learning under the Specify Predictive Machine Learning settings section.
  For details, see About Predictive Machine Learning.
2. Optionally select the Allow Trend Micro to collect suspicious files to improve its detection capabilities check box.
  Note:
  By default, this option is selected.
  
  If you enable this option, Trend Micro only checks potentially risky messages and encrypts all content before transferring any information.
Specify advanced settings.
Note:
These settings are not included in the Trend Micro Email Security Standard license.

For details about different license versions, see Available License Versions.
1. Select Submit suspicious files to Virtual Analyzer and select the security level from the drop-down list to perform further observation and analysis on the submitted files.
  Whether a file is suspicious is determined by the Advanced Threat Scan Engine based on the scan results.
  
  Virtual Analyzer performs observation and analysis on samples in a closed environment. It takes 3 minutes on average to analyze and identify the risk of a file, and the time could be as long as 30 minutes for some files.
  Note:
  - When an eligible file is contained in another file, such as included in an archive file or embedded in a file, Trend Micro Email Security extracts the file and submits it to Virtual Analyzer.
  - There is a submission quota limiting the number of files that can be sent to Virtual Analyzer within 24 hours. The quota is calculated based on a 24-hour sliding window as follows:
    
    File submission quota = Seat count * 0.1
    
    For example, if you have 1,000 seats, a total of 100 files can be submitted to Virtual Analyzer for analysis within 24 hours. The default quota will be 5 if your seat count is less than 50. Note that the submission quota mentioned here is subject to change without notice.
    
    In addition, the following cases will not be taken into account for quota measurement:
    - Samples hit the local or cloud cache.
    - Samples are in unsupported file format.
    - Other unexpected scan exceptions.
    Once the quota is used up, no more files can be sent to Virtual Analyzer. Nevertheless, the quota will be restored as the 24-hour sliding window moves forward.
    
    You can configure scan exception actions for the file submissions over quota. For details, see Configuring "Scan Exceptions" Actions.
2. Select Submit any JSE file, VBE file, or file with macros to submit any of the specified files to Virtual Analyzer, regardless of whether the file is suspicious.
3. Select Submit any file in specified file categories and select file categories to submit any of the specified files to Virtual Analyzer, regardless of whether the file is suspicious.
  See Files Types in File Categories for details.
Click Submit.