Table: Detecting virus and malicious threat detection describes the tasks that you can perform to detect viruses and malicious threats; you can perform any or all of the tasks in any order.
Table: Detecting virus and malicious threat detection
Email virus attack recognition.
In an email virus attack, a specified quantity of infected email messages has been received from a particular IP address. By default, any connections that are received from violating senders are deferred. Email virus attack recognition is disabled by default and must be enabled to be activated.
Create and enable email virus policies.
Set the heuristic detection level.
Symantec Brightmail Gateway contains Symantec Bloodhound heuristics technology. This technology scans for unusual behaviors (such as self-replication) to target potentially infected message bodies and attachments.
The default setting is Medium. However, you can modify this setting or turn Bloodhound off. Bloodhound heuristics involve a trade-off between higher virus detection rates and the speed with which Symantec Brightmail Gateway processes mail. Lower heuristic levels may miss more viruses but require less processing power. Higher heuristic levels may catch more viruses but consume more processing power.
Specify the file types that can bypass antivirus scanning.
You can specify the file types that can bypass antivirus scanning. For example, certain file types typically do not contain viruses, such as .mpg files. File types that you feel confident do not contain viruses can bypass virus scanning, which saves system resources.
Symantec Brightmail Gateway provides a default list of file type categories. But you must create Exclude Scanning Lists, select the categories that you want to include, and enable the list. You can also add and remove file types from Exclude Scanning Lists.
Configure the Suspect Virus Quarantine.
You can create virus policies to quarantine suspicious message attachments in the Suspect Virus Quarantine.
Symantec provides default values for the following Suspect Virus Quarantine settings; however, you can change these settings as needed:
Enable definition updates.
By default, LiveUpdate is enabled. Platinum definition updates are scheduled to occur every 10 minutes from Monday through Friday. However, you modify when and how you want to obtain updates.
Configure outbreak notification alerts.
Set up alert notifications to let you know any of the following virus-related events occur:
See Types of alerts.
Monitor reports to determine how effective virus detection and policies are. Reports also indicate the volume of threats that your organization receives. This information can help you fine-tune your antivirus detection and threat detection settings.