About detecting viruses and malicious attacks

book

Article ID: 179460

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

 

Resolution

About detecting viruses and malicious attacks

Viruses and other types of malicious attacks can wreak havoc in an organization. The damage can range from email server crashes to network downtime and the compromise and destruction of company data. Given the damage that can result from viruses and other types of malicious attacks, it is essential to employ virus protection as early in the mail flow process as possible. Virus and malicious threat detection is optional.

See How to detect virus and malicious threat detection.

Create virus policies to protect your server from the following types of attacks:

Viruses

Symantec Brightmail Gateway detects viruses, worms, and Trojan horses in all major file types (for example, Microsoft Word files), including compressed file formats.

See Product technologies that detect viruses and malicious attacks.

Mass-mailer worms

Symantec Brightmail Gateway detects that an email message is a mass-mailer worm or virus. It can automatically delete the infected email message and any attachments.

Suspicious attachments

Symantec Brightmail Gateway detects the email messages that exhibit virus-like signs. It also detects the messages that contain a suspicious new pattern of message flow that involves email message attachments.

Encrypted attachments

Infected files can be intentionally encrypted. Encrypted files cannot be decrypted and scanned without the appropriate decryption tool. You can configure how you want Symantec Brightmail Gateway to process encrypted container files.

Adware and spyware

Symantec Brightmail Gateway detects the security risks that do any of the following:

  • Provide unauthorized access to computer systems

  • Identity theft or fraud by logging keystrokes

  • Capture email and instant messaging traffic

  • Harvest personal information, such as passwords and logon identifications

  • Present some type of disruption or nuisance

See Spyware or adware verdict details.


See Creating email virus policies.

Symantec Brightmail Gateway must be able to decompose and scan a container file to detect viruses. You can specify the maximum size and scanning depth levels of container files to reduce your exposure to zip bombs or denial-of-service attacks.

See Setting limits on nested files.

When Symantec Brightmail Gateway scans a message and detects a virus policy violation, it takes the verdict that you specify in that policy.

See Selecting virus policies for a policy group.

You must have a valid antivirus license to perform antivirus scanning functions and to obtain updated virus definitions.

See Licensing your product.