Table: Detecting viruses, malware, and malicious threats
Email virus attack recognition.
In an email virus attack, a specified quantity of infected email messages has been received from a particular IP address. By default, any connections that are received from violating senders are deferred. Email virus attack recognition is disabled by default and must be enabled to be activated.
Symantec Messaging Gateway contains Symantec Bloodhound heuristics technology. This technology scans for unusual behaviors (such as self-replication) to target potentially infected message bodies and attachments.
The default setting is Medium. However, you can modify this setting or turn Bloodhound off. Bloodhound heuristics involve a trade-off between higher virus detection rates and the speed with which Symantec Messaging Gateway processes mail. Lower heuristic levels may miss more viruses but require less processing power. Higher heuristic levels may catch more viruses but consume more processing power.
Specify the file types that can bypass antivirus scanning.
You can specify the file types that can bypass antivirus scanning. For example, certain file types typically do not contain viruses, such as .mpg files. File types that you feel confident do not contain viruses can bypass virus scanning, which saves system resources.
Symantec Messaging Gateway provides a default list of file type categories. But you must create Exclude Scanning Lists, select the categories that you want to include, and enable the list. You can also add and remove file types from Exclude Scanning Lists.
Monitor reports to determine how effective virus detection and policies are. Reports also indicate the volume of threats that your organization receives. This information can help you fine-tune your antivirus detection and threat detection settings.