Symantec Messaging Gateway is integrated with Symantec Security Response to protect your network against the threats that spim poses through Instant Messaging providers. Spim detection does not detect the malicious software that generates spim. Instead spim detection blocks known spim that an external IM user or bot sends to your IM users. It also blocks spim that an internal IM user can unknowingly spread from a computer that is infected with a virus. Finally, it blocks the IM messages that are suspected of containing spim based on a configured set of heuristic-based rules.
Symantec Messaging Gateway detects spim through the following features:
Known spim detection
Symantec Messaging Gateway periodically downloads the latest virus definitions, worm signatures, and spim signatures from the Symantec Security Response. By default, known spim detection is enabled.
Heuristic-based spim detection
Symantec Messaging Gateway can detect heuristic-based IM activity, such as a URL that is sent in multiple IM messages in rapid succession. These threats are then shared with Symantec Security Response for download to other organizations that use Symantec Messaging Gateway. By default, heuristic-based spim detection is enabled.
After you configure your IM spim settings, you can create spim policies to scan and optionally block the IM messages that contain spim. If you allow a suspected IM message to be delivered, you can append it with an annotation to alert the recipient. You can also send a notification to the sender, recipient, or both, to indicate that a suspected IM message has been deleted or delivered.