Configuring Message Scan

By default, SpIDer Mail attempts to cure messages with a known and (supposedly) curable threat and moves incurable and suspicious messages as well as adware and dialers to Quarantine. Other messages are transmitted unchanged by SpIDer Mail (skipped). The default message scan parameters are optimal for most cases. Do not change them unnecessarily.

In this section:

Actions for detected threats

Configuring message scan parameters

Scanning archives

Scanning messages transmitted over cryptographic protocols

Configuring message scan

The default SpIDer Mail settings are optimal for recent users, provide maximum protection and require minimum user actions. However, by default SpIDer Mail may block some features of email programs (for example, sending a message to multiple addresses might be considered as mass distribution, incoming mail is not scanned for spam). Useful information from safe text part of infected messages also becomes unavailable in case of automatically deletion.

To start editing email scan parameters

1.Open Dr.Web menu Dr.Web icon, then select Security Center.

2.In the open window, click Files and Network tile.

3.Make sure Dr.Web operates in administrator mode (the lock at the bottom of the program window is open ). Otherwise, click the lock .

4.Click the SpIDer Mail tile. A component parameters window opens.

Figure 45. Email scan parameters

Actions for detected threats

In this group, you can configure actions that Dr.Web will apply to messages if Dr.Web detects a threat in them.

Figure 46. Configuring actions for messages

Possible actions

The following actions can be applied to threats:

Action

Description

Cure, move to quarantine if not cured

Instructs to restore the original state of the message before infection. If the message is incurable, or the attempt of curing fails, the object is moved to quarantine.

Available only for objects with a known threat that can be cured except for Trojan programs, which are deleted on detection. This action is not applicable to files within archives.

Results in failure to send the message.

Cure, delete if incurable

Instructs to restore the original state of the message before infection. If the message is incurable, or the attempt of curing fails, this object is deleted.

Results in failure to send the message.

Delete

Instructs to delete the message. The message is not sent to the recipient; the mail client receives a notification about this.

Results in failure to send the message.

Move to Quarantine

Instructs to move the message to the special Quarantine folder. The message is not sent to the recipient; the mail client receives a notification about this.

Results in failure to send the message.

Ignore

Instructs to pass the message to the mail client as usual, that is, without performing any action.

You can increase security above the default level. For this, click the Advanced settings link and select Move to quarantine action for Not scanned. It is recommended that you scan the moved file with Dr.Web Scanner after that.

Note

If you want to disable scans of email, ensure that SpIDer Guard monitors your computer constantly.

Configuring message scan parameters

To access the parameters of message scan, click the Advanced settings link.

Actions on messages

In this group, you can configure additional actions to be applied when SpIDer Mail processes messages.

Option

Description

Insert 'X-AntiVirus' header into messages

This option is enabled by default.

Instructs SpIDer Mail to add scan results and information on Dr.Web version to message headers after processing. You cannot edit data format.

Delete modified messages on server

Instructs to remove messages to which either Delete or Move to Quarantine action was applied by SpIDer Mail. The messages are removed from mail servers regardless of the mail client settings.

Scan optimization

You can set the condition under which SpIDer Mail should acknowledge complex messages, whose scanning is time consuming, as unchecked. To do that, enable the Message scan timeout option and set the maximum message scanning time. After the expiry of the specified period (by default, 250 sec.), SpIDer Mail stops scanning the message.

Scanning archives

Enable the Scan archives option if you want SpIDer Mail to scan archived files transferred via email. If necessary, enable the following options and configure scan parameters for archives:

Maximum file size to extract. If an archive size exceeds the specified value (by default, 30,720 KB), SpIDer Mail does not unpack and scan the archive.

Maximum archive nesting level. If a nesting level is greater than the specified value (by default, 64), SpIDer Mail proceeds unpacking and scanning the archive until this limit is exceeded.

Note

There is no restrictions for the parameter if the value is set to 0.

Additional options

The following settings allow you to configure additional email scanning parameters:

Use heuristic analysis—in this mode, special methods are used to detect suspicious objects that are most likely infected with unknown threats. To disable the analyzer, disable the Use heuristic analysis (recommended) option.

Scan containers. This option is disabled by default.

Notification settings

After performing the action you configured, SpIDer Mail can display a notification in the notification area. If necessary, you can configure desktop and email notifications.

Scanning messages transferred via POP3S, SMTPS, IMAPS

If you want SpIDer Mail to scan data transmitted over cryptographic protocols, enable the Scan encrypted traffic option in the Network window.