Anti-Virus and Anti-Spam Checking Cycle

After a notification that a new message has been received by the server, the message is processed in the following three stages:

1.Application of filtering rules (adjusted on the Filtering section).

•Anti-distribution rules (restriction of distribution lists). You can set rules to limit the number of recipients for the messages (or the messages with attachments). These rules are applied to the senders and allow sending only for the messages, the number of recipients of which doesn't exceed the specified maximum value.

•Attached files filtering rules. You can set rules to remove certain types of attachments: by the extension, file name mask or maximum file size.

Provided that one of the set rules applies, the message (or the attachment) is removed, and (if it is set on the Notifications section) the administrator or other persons are notified about the event. In case an attached file is deleted it is replaced by a text file with a message that the attachment was deleted. The message template and the file name of such message are also set on the Filtering section.

2.Spam check (performed in case you have the "Anti-Virus&Anti-Spam" license and only for the emails received by the server via SMTP, adjusted on the Anti-Spam section).

In the first place the addresses of the recipients and senders are analysed against the black and white lists, which are specified on the Anti-Spam section. Then the Anti-spam component checks the message body and issues a decision that determines the grade of possibility that this message is spam. If the message is spam, the administrator or other persons are notified of the event (in case of corresponding settings on the Notifications section), the message is handled according to the action set by the administrator for this spam category on the Anti-Spam section.

3.Virus check (adjusted on the Scanning section).

Messages that have successfully passed the previous stages of checking (or have been passed according to the settings of the Dr.Web plug-in) are submitted to be analyzed for malicious code occurrence. If an item (an attachment or message body) contains malicious code, the anti-virus attempts to cure the item. If the heuristic analyzer is enabled in the settings, it implements the detection of the objects containing modified or unknown malicious code and assigns the Suspicious category to such objects.

Based on the scan results the items receive the categories (e.g. Not Cured, Suspicious, Bad, Cured) and then are treated based on such conclusion. Messages with infected objects receive a text file attachment with information about the detected infection and the actions applied to such objects.

Cured and uninfected items are passed to the server with the respective mark. Not cured, bad and suspicious objects are processed according to the settings on the Scanning section.

The administrator may be notified of all types of virus events if it is set on the Notifications section.