Scanning emails in Thunderbird, MyOffice, R7-Office
The Mail Threat Protection component scans the attachments of incoming and outgoing email messages for viruses and other threats. For Mozilla Thunderbird, MyOffice Mail, and R7-Office Organizer mail clients, the application gains access to messages only at the protocol level (POP3, SMTP, IMAP, NNTP).
To scan traffic in the Mozilla Thunderbird, MyOffice Mail, and R7-Office Organizer mail clients, you need to add a Kaspersky certificate to the certificate store and select the own certificate store.
The Mail Threat Protection component does not scan messages if the mail client is open in a browser.
Real-time Mail Threat Protection
Mail Threat Protection can scan both incoming and outgoing messages. By default, the Mail Threat Protection component automatically attempts to disinfect all infected email messages that are detected. If disinfection fails, the Mail Threat Protection component deletes the infected email messages. When a malicious file is detected in an attachment, Kaspersky Endpoint Security adds information about the performed action to the message subject, for example, [Message has been processed] <message subject>.
When working with the Mozilla Thunderbird mail client, the Mail Threat Protection component does not scan messages that are transmitted via the IMAP protocol for viruses and other threats if filters are used to move messages from the Inbox folder.
Malware Scan in mail databases
The Malware Scan task allows scanning mail format files. If a malicious object is detected in files of these mail clients, Kaspersky Endpoint Security only adds information about detected objects to the list of active threats. The application does not disinfect or delete infected files in mail databases, regardless of task settings.
Eliminating active threats
Mail Threat Protection prevents the infection of the computer at the protocol level, but if the computer had been infected before Kaspersky Endpoint Security was installed, the application may only detect the threat in mail databases. Mail Threat Protection does not include components that specifically allow disassembling a message into parts (header, body, attachments), as for Microsoft Office Outlook. Therefore, the application cannot delete or disinfect the detected objects. Kaspersky Endpoint Security only adds information about detected objects to the list of active threats.
To eliminate active threats:
- Manually find and delete the message with the detected object in the interface of the mail client.
The application displays information about the detected object in the list of active threats.
Example of detected object card:
HEUR:Trojan.PDF.Phish.gen
Object:
C:\Users\admin\AppData\Roaming\Thunderbird\Profiles\ov56jpz0.default-release\Mail\mail.company.ru\Inbox//[From USER NAME <company@mail.com>][Date 25 Sep 2025 20:05:36][Subj Mail title X]Object.pdf - Perform the database compaction operation.
When a message is deleted in the user interface, the mail client only adds a deletion mark. The mail client really deletes the message only after a database compaction. For details about database compaction, see the help of your mail client (for example, Mozilla Thunderbird).
- Run the Malware Scan task again and make sure the threat is no longer present.