Email Security.cloud detects malicious contents within emails based on several scanning technologies. The expected behavior when this happens is detailed below.

• When Email Security.cloud intercepts a threat in an email, it places the infected email into a holding pen.
• Within Email Track and Trace, the Delivered column remains "Not Delivered" and the Service column displays "Anti-Malware".
• Within Email Track and Trace, the name of the virus is logged as "Reason" in the Summary of the message.
• Email Security.cloud sends a notification from [email protected] to the original recipient and the administrator of the domain protected by Email Security.cloud.
  This notification has the Subject "Subject: WARNING: Someone tried to send you a potential virus or unauthorized code", and contains the following:
  • Sender
  • Sending server IP address:
  • Recipient:
  • Subject:
  • Date:
  • Message ID:
  • Virus/Unauthorized code:
  • A line similar to the following, which explains where the email message was quarantined:
    
    Email quarantined on mail server server-x.tower-xxx.messagelabs.com (Pen ID xxxxxx_xxxxxxxxxx)
     
• The infected email is stored for up to 30 days before it is deleted. This quarantine period ensures that the virus is isolated and cannot infect the intended recipient's computer.