Detecting viruses, malware, and malicious threats
Detecting viruses, malware, and malicious threats describes the tasks that you can perform to detect viruses and malicious threats. You can perform any or all of the tasks in any order.
Task | Description |
|---|---|
Email virus attack recognition. | In an email virus attack, a specified quantity of infected email messages has been received from a particular IP address. By default, any connections that are received from violating senders are deferred. Email virus attack recognition is disabled by default and must be enabled to be activated. |
Create and enable email malware policies. | Symantec Messaging Gateway comes with the pre-configured malware policies that are automatically enabled. You can modify these polices and create your own custom policies. |
Set the artificial intelligence sensitivity level. | Symantec Messaging Gateway contains static and dynamic artificial intelligence technology. This technology scans for unusual behaviors (such as self-replication) to target potentially infected message bodies and attachments. The default setting is Medium. However, you can modify this setting or turn detection off. Artificial intelligence scanning involve a trade-off between malware-detection rates and false positives. Lower artificial intelligence sensitivity levels may miss more malware but produce fewer false positives. Higher artificial intelligence sensitivity levels may catch more malware but cause more false-positive detections. |
Specify the file types that can bypass antivirus scanning. | You can specify the file types that can bypass antivirus scanning. For example, certain file types typically do not contain viruses, such as .mpg files. File types that you feel confident do not contain viruses can bypass virus scanning, which saves system resources. Symantec Messaging Gateway provides a default list of file type categories. But you must create Exclude Scanning Lists, select the categories that you want to include, and enable the list. You can also add and remove file types from Exclude Scanning Lists. |
Configure the Suspect Virus Quarantine. | You can create virus policies to quarantine suspicious message attachments in the Suspect Virus Quarantine. Symantec provides default values for the following Suspect Virus Quarantine settings; however, you can change these settings as needed:
|
Enable definition updates. | By default, LiveUpdate is enabled. Platinum definition updates are scheduled to occur every 10 minutes from Monday through Friday. However, you modify when and how you want to obtain updates. |
Configure outbreak notification alerts. | Set up alert notifications to let you know any of the following virus-related events occur:
|
Monitor reports. | Monitor reports to determine how effective virus detection and policies are. Reports also indicate the volume of threats that your organization receives. This information can help you fine-tune your antivirus detection and threat detection settings. |