Anti-Virus Transport Agents

The anti-virus transport agent responds to the SMTP event OnSubmittedMessage related to putting the message in waiting line for processing by the serve transport system. Messages cannot be excluded from the check by this agent.

If the sender address is included into the values list of TrustedEmails variable, the email will not be checked for spam and viruses and will be considered as not being spam or virus.

The anti-virus agent check consists of anti-virus checks of message body and all its attachments. The infected message can be deleted, blocked or moved to Quarantine (the suspicious objects can also be ignored without applying any actions to them). All these actions are fixed in the Incidents section of the Dr.Web Administrator Web Console and in the server log.

If the infected objects are configured to be deleted, after the first infected attachment is detected, the scanning cycle is interrupted and an event to delete the message is sent to the server transport system. All the events are fixed in the Incidents section of the Dr.Web Administrator Web Console and in the server log, but the recipients and senders are not notified about the message deletion. This is the most rapid reaction on detection of the infected objects, but not the most secure, so you are recommended to move such objects to Quarantine to prevent possible data loss. Moreover, the EWS (Exchange Web Services) protocol is supported on the server, you can configure sending the notifications about deleting the infected objects to a special email address using Dr.Web Administrator Web Console or Dr.Web CMS Web Console.

If the attachment is blocked after it is filtered and the infected objects are configured to be moved to Quarantine, all the infected or blocked attachments in the initial messages are replaced by the text files describing the reason of deleting the initial files. Then, the messages is checked for a X-DrWeb-RedirectTo header added by the anti-spam transport agent, and in case the message has such header, it is delivered to the recipients. If the message should be redirected, each recipient gets the SmtpResponce notification with the following text: Message was redirected as spam. The message without the infected attachments is sent to the email address specified in the X-DrWeb-RedirectTo header.