Symantec Protection Engine must receive a MIME-encoded message in its entirety to scan it for threats. Some email software applications break down large messages into a number of smaller, more manageable messages for transmission. These messages are typically transmitted separately and reassembled before delivery to the recipient. Because the message is broken down into several partial messages, the entire message (including all attachments) is not available to Symantec Protection Engine for scanning. Symantec Protection Engine is configured by default to reject partial messages because they cannot effectively be scanned for threats.
Computer viruses and malicious programs sometimes create intentionally malformed files. Symantec Protection Engine recognizes such files. If Symantec Protection Engine can identify the container type, in some cases, it can repair the container file. If Symantec Protection Engine cannot determine the container type, Symantec Protection Engine rejects it as a potentially infected file.
Infected files are often encrypted to defect scanning attempts. Encrypted files cannot be decrypted and scanned without the appropriate decryption tool. You can configure Symantec Protection Engine to handle encrypted container files to protect your network from threats.