Configuring Mail Threat Protection in the command line

On the command line, you can manage Mail Threat Protection using the Mail Threat Protection predefined task (Mail_Monitoring).

The Mail Threat Protection task is started by default. You can start and stop this task manually.

Administrator role privileges are required to start and stop the Mail Threat Protection task from the command line.

You can manage Mail Threat Protection settings by editing the settings of the Mail Threat Protection predefined task.

The following table describes available values and default values of settings that you can specify for the Mail Threat Protection task.

Mail Threat Protection task settings

Setting	Description	Values
`CheckIncomingMessagesOnly`	The protection scope specifies which objects the component must scan: incoming and outgoing messages or only incoming messages.	`Yes` means the application scans only incoming messages. `No` (default) means the application scans incoming as well as outgoing messages.
`ScanFileArchive`	Enables or disables scanning of attached archives. This includes the scanning of ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE and other types of archives. The application identifies archives not just by extension, but also by format. When scanning archives, the application performs recursive unpacking. This makes it possible to detect threats in nested archives (archive inside an archive).	`Yes` (default) means the application scans attached archives. `No` means the application does not scan attached archives.
`ScanFileOffice`	Enables or disables the scanning of attached files in office formats.	`Yes` (default) means the application scans attached office format files. `No` means the application does not scan office format attachments.
`UseSizeLimit`	Limits the size of scanned archives.	`Yes` means the application excludes from scanning archive attachments larger than the `SizeLimit`. `No` (default) means the application scans archives of any size attached to email messages.
`SizeLimit`	Sets the maximum size of archives that can be scanned.	1 to 9999 (MB).
`UseTimeLimit`	Limits the maximum scan duration for attached archives.	`Yes` means the application stops scanning attached archives after the `TimeLimit` is reached. `No` (default) means the scanning time for attached archives is not limited.
`TimeLimit`	Sets the maximum scan duration for attached archives.	1 to 9999 (seconds).
`ExtensionFilter`	Configures email attachment filtering.	`Disable` means the application does not filter files attached to email messages. `Rename` (default) means the application replaces the last character of the extension for the specified file types with an underscore character (for example, attachment.doc_). Thus, to open the file, the user needs to rename the file. `Delete` means the application deletes attached files of the specified types from email messages.
`ExtensionMasks`	Specifies extensions for the types of attachments that you want to rename or remove from email messages.	A list of multiple extensions can be specified as follows: `[ExtensionMasks.item_0000]` `UseExtensionMask=Yes` `ExtensionMask=.txt` `[ExtensionMasks.item_0001]` `UseExtensionMask=Yes` `ExtensionMask=.run` `[ExtensionMasks.item_0002]` `UseExtensionMask=Yes` `ExtensionMask=*.exe` `...` By default, files with the TXT, RUN, EXE, JS, JSE, MSI, SCR, VBE, VBS, SH extensions are processed. To change the list of extensions, you need to export the task settings to an INI file, then edit the list in the file and import the INI file into the application.
`UseAnalyzer`	Enables or disables the heuristic analyzer.	`Yes` (default) means the heuristic analyzer is enabled. `No` means the heuristic analyzer is disabled.
`AnalyzerLevel`	When scanning files for malicious code, the heuristic analyzer executes instructions in executable files. How many instructions the heuristic analyzer executes depends on the specified heuristic analysis level. The heuristic analysis level sets the balance between the thoroughness of searches for novel threats, the load on the operating system's resources, and the duration of heuristic analysis.	`Light`—Least detailed scan, minimum system load. `Medium` (default) – medium scan, balanced system load. `Deep`—Most detailed scan, maximum system load.
`ActionOnThreat`	The action that Mail Threat Protection performs when a threat is detected in incoming email messages. The `ActionOnThreat` setting is not applicable to outgoing messages. If an infected object is detected in an outgoing message, the application blocks the message from being sent.	`DisinfectDeleteIfNotPossible` (default) – disinfect; delete if disinfection fails. When an infected object is detected in an incoming message, the application attempts to disinfect the detected object. The message with the safe attachment is then made available to the user. If disinfection fails, the application deletes the infected object. The application adds information about the performed action to the message subject, for example, [The message has been processed] <message subject>. This action is selected by default. `DisinfectBlockIfNotPossible` – disinfect; block if disinfection fails. When an infected object is detected in an incoming message, the application attempts to disinfect the detected object. The message with the safe attachment is then made available to the user. If disinfection fails, the application adds a warning to the subject of the message. The message with the original attachment is then made available to the user. `Block` – block. If an infected object is detected in an incoming message, the application adds a warning to the message subject. The message with the original attachment is then made available to the user.

Page top