How to detect virus and malicious threat detection


Article ID: 179472


Updated On:


Messaging Gateway




How to detect virus and malicious threat detection

Table: Detecting virus and malicious threat detection describes the tasks that you can perform to detect viruses and malicious threats; you can perform any or all of the tasks in any order.

Table: Detecting virus and malicious threat detection



Email virus attack recognition.

In an email virus attack, a specified quantity of infected email messages has been received from a particular IP address. By default, any connections that are received from violating senders are deferred. Email virus attack recognition is disabled by default and must be enabled to be activated.

See Configuring email virus attack recognition.

Create and enable email virus policies.

Symantec Brightmail Gateway comes with the pre-configured virus policies that are automatically enabled. You can modify these polices and create your own custom policies.

See Default email virus policies.

See Creating email virus policies.

Set the heuristic detection level.

Symantec Brightmail Gateway contains Symantec Bloodhound heuristics technology. This technology scans for unusual behaviors (such as self-replication) to target potentially infected message bodies and attachments.

The default setting is Medium. However, you can modify this setting or turn Bloodhound off. Bloodhound heuristics involve a trade-off between higher virus detection rates and the speed with which Symantec Brightmail Gateway processes mail. Lower heuristic levels may miss more viruses but require less processing power. Higher heuristic levels may catch more viruses but consume more processing power.

See Modifying the heuristic level.

Specify the file types that can bypass antivirus scanning.

You can specify the file types that can bypass antivirus scanning. For example, certain file types typically do not contain viruses, such as .mpg files. File types that you feel confident do not contain viruses can bypass virus scanning, which saves system resources.

Symantec Brightmail Gateway provides a default list of file type categories. But you must create Exclude Scanning Lists, select the categories that you want to include, and enable the list. You can also add and remove file types from Exclude Scanning Lists.

See Excluding file types from virus scanning.

Configure the Suspect Virus Quarantine.

You can create virus policies to quarantine suspicious message attachments in the Suspect Virus Quarantine.

Symantec provides default values for the following Suspect Virus Quarantine settings; however, you can change these settings as needed:

  • Maximum amount of the time that messages are held in the quarantine

    The default setting is 6 hours.

  • Disk space available for the quarantine

    The default setting is 10 GB.

See About quarantining suspected viruses.

Enable definition updates.

By default, LiveUpdate is enabled. Platinum definition updates are scheduled to occur every 10 minutes from Monday through Friday. However, you modify when and how you want to obtain updates.

See About updating virus definitions.

Configure outbreak notification alerts.

Set up alert notifications to let you know any of the following virus-related events occur:

  • An outbreak is detected

  • Virus filters are older than the time period that you specify

  • New virus filters are available

  • The antivirus license has expired

See Types of alerts.

Monitor reports.

Monitor reports to determine how effective virus detection and policies are. Reports also indicate the volume of threats that your organization receives. This information can help you fine-tune your antivirus detection and threat detection settings.

See About working with reports.