Mail Threat Protection

The Mail Threat Protection component scans incoming and outgoing email messages for viruses and other threats. It starts together with Kaspersky Endpoint Security, continuously remains active in computer memory, and scans all messages that are sent or received via the POP3, SMTP, IMAP, MAPI, and NNTP protocols. If no threats are detected in the email message, it becomes available and/or is processed.

When a threat is detected in an email message, the Mail Threat Protection component performs the following actions:

  1. Assigns the Infected status to the email message.

    This status is assigned to the email message in the following cases:

    • A scan of the email message finds a section of code of a known virus that is included in the anti-virus databases of Kaspersky Endpoint Security.
    • The email message contains a section of code that is typical of viruses or other malware, or the modified code of a known virus.
  2. Identifies the type of object detected in the email message (such as a Trojan).
  3. Blocks the email message.
  4. Displays a notification about the detected object (if configured to do so in the notification settings).
  5. Performs the action defined in the Mail Threat Protection component settings.

This component interacts with mail clients installed on the computer. An embeddable extension is available for the Microsoft Office Outlook® mail client that lets you fine-tune the message scan settings. The Mail Threat Protection extension is embedded in the Microsoft Office Outlook mail client during installation of Kaspersky Endpoint Security.

Mail Threat Protection component settings

Parameter

Description

Action on threat detection

Disinfect; delete if disinfection fails. When an infected object is detected in an inbound or outbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. The user will be able to access the message with a safe attachment.

If the object cannot be disinfected, Kaspersky Endpoint Security deletes the infected object. Kaspersky Endpoint Security adds information about the performed action to the message subject: [Infected object was deleted] <message subject>).

Disinfect; block if disinfection fails. When an infected object is detected in an inbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. The user will be able to access the message with a safe attachment. If the object cannot be disinfected, Kaspersky Endpoint Security adds a warning to the message subject: [Message infected] <message subject>. The user will be able to access the message with the original attachment.

When an infected object is detected in an outbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. If the object cannot be disinfected, Kaspersky Endpoint Security blocks transmission of the message, and the mail client shows an error.

Block If an infected object is detected in an inbound message, Kaspersky Endpoint Security adds a warning to the message subject: [Message infected] <message subject>. The user will be able to access the message with the original attachment.

If an infected object is detected in an outbound message, Kaspersky Endpoint Security blocks transmission of the message, and the mail client shows an error.

Before attempting to disinfect or delete an infected email message, the Mail Threat Protection component creates a backup copy of it so that the message can be restored or disinfected later.

POP3 / SMTP / NNTP / IMAP traffic

If the check box is selected, the Mail Threat Protection component scans email messages that arrive via the POP3, SMTP, NNTP, and IMAP protocols before they are received on the computer.

When the check box is cleared, the Mail Threat Protection component does not scan email messages that are transferred via the POP3, SMTP, NNTP, and IMAP protocols before they arrive on your computer. In this case, email messages are scanned by the Mail Threat Protection component plug-in that is embedded in the Microsoft Office Outlook email client after email messages arrive on the user's computer.

Microsoft Office Outlook extension

If the check box is selected, scanning of email messages transmitted via the POP3, SMTP, NNTP, IMAP, and MAPI protocols is enabled on the side of the extension integrated into Microsoft Office Outlook.

If mail is scanned using the Mail Threat Protection extension for Outlook, it is recommended to use Cached Exchange Mode. For more detailed information about the Exchange caching mode and recommendations on its use, please refer to the Microsoft Knowledge Base.

Do not scan archives larger than N MB

If this check box is selected, the Mail Threat Protection component excludes archives attached to email messages from scanning if their size exceeds the specified value. A field for specifying the maximum size of archives attached to email messages.

If the check box is cleared, the Mail Threat Protection component scans email attachment archives of any size.

This feature can accelerate scanning of email messages.

Do not scan archives for more than N sec

If the check box is selected, the time that is allocated for scanning archives attached to email messages is limited to the specified period. A field for specifying the maximum time for scanning archives attached to email messages.

Attachment filter

The Attachment filter functionality is not applied to outgoing email messages.

  • Disable filtering. If this setting is selected, the Mail Threat Protection component does not filter files that are attached to email messages.
  • Rename attachments of selected types. If this setting is selected, the Mail Threat Protection component replaces the last character in attached files of the specified types with the underscore (_) symbol.
  • Delete attachments of selected types. If this setting is selected, the Mail Threat Protection component deletes attached files of the specified types from email messages.

In the list of file masks, you can specify the types of attached files to rename or delete from email messages.

File masks

A list of file masks that the Mail Threat Protection component either renames or deletes after filtering attachments in email messages.

If the check box next to the file mask is selected, the Mail Threat Protection component renames or deletes files of this type when filtering email attachments.

See also: Managing the application via the local interface

Enabling and disabling Mail Threat Protection

Mail Threat Protection settings

Scanning emails in Microsoft Office Outlook
Page top