Unlike most other email malware policies, the Disarm: Disarm attachment policy action is not activated by default, though it is enabled. To activate it, you:
Configure email scan settings to specify the container document and PMC types to detect.
Configure an email malware policy that detects the specified PMC types within the container documents, and includes the action to Disarm the PMC.
Apply this policy to one or more policy groups.
You can also annotate messages from which PMC was removed, mark up the Subject line, and archive the original messages for later retrieval. Any actions that can be added to other malware policies can also be added to the Disarm: Disarm attachment policy.
Configure email scan settings to specify the document and PMC types to remove.
On the Malware page, select Email scan settings and then the Disarm tab. Specify which container documents to detect, and within each container, specify which potentially malicious content types to Disarm.
Select default or create new Disarm policies.
Symantec Messaging Gateway comes with a preconfigured default Disarm policy that is enabled but not applied to any group of users. You can use this default policy as-is or modify it to create your own custom policy. You can also choose to add PMC-detection functionality to other existing policies.
To use the default PMC policy:
On the Email Malware Policies page, select the policy Disarm: Disarm attachment. In the Actions area, select Disarm attachment(s) and click Save.
You can apply the Disarm policy to policy groups in one of two ways:
On the Email Malware Policies page, select the policy Disarm: Disarm attachment. In the Apply to the following policy groups area, select the desired policy groups and click Save.
On the Administration tab, under Users, select Policy Groups. Select a policy group from the list, and click the Malware tab. Enable the Disarm: Disarm attachment policy for malware scanning, and click Save. Note that Disarm applies to inbound scannning by default, but you can choose to Disarm outbound attachments as well.
Specify other actions for Disarm policies.
Any actions that can be added to other malware policies can also be added to the Disarm policy. For example, you can annotate messages from which PMC was removed, quarantine messages with PMC, and archive the original messages for later retrieval.
Examine reports to track PMC detection and policies. Reports also indicate the volume of potential threats that your organization receives. This information can help you fine-tune your threat detection settings.