Mail Anti-Virus settings

Settings

Description

Security level

Kaspersky application uses various groups of settings to run Mail Anti-Virus. The sets of settings that are stored in the application are called security levels:

  • Extreme. When this mail security level is selected, Mail Anti-Virus applies maximum scrutiny to messages. Mail Anti-Virus scans incoming and outgoing mail messages, and it also performs a deep heuristic analysis. The High mail security level is applied when working in a dangerous computing environment. An example of such an environment is a connection to a free email service from a home network that is not guarded by centralized email protection.
  • Optimal. The mail security level that strikes the optimal balance between Kaspersky application performance and mail security. Mail Anti-Virus scans incoming and outgoing mail messages, and it also performs a medium-level heuristic analysis. This mail security level is recommended by Kaspersky specialists.
  • Low. This is the mail security level that Mail Anti-Virus uses only to scan incoming mail messages as well as to perform a surface heuristic analysis. It does not use this level to scan archives that are attached to messages. When this mail security level is selected, the Mail Anti-Virus component scans email messages as fast as possible and consumes the least amount of operating system resources. The Low mail security level is recommended to be used when working in a reliably protected environment. An example of such an environment might be a local network with centralized email security.

Action on threat detection

  • Ask user. Mail Anti-Virus informs you of detection of an infected or probably infected object, prompting you for further actions to take on this object.

    This option is available if the Perform recommended actions automatically check box is cleared under SettingsSecurity settingsExclusions and actions on object detection.

  • Select action automatically. When infected or probably infected objects are detected, Mail Anti-Virus automatically performs the action that is recommended by Kaspersky specialists. For infected objects, this action is Disinfect. This value is selected by default.

    Before attempting to disinfect or delete an infected object, Mail Anti-Virus creates a backup copy in case there is a later need to restore the object or possibility of disinfecting it.

    This option is available if the Perform recommended actions automatically check box is selected under SettingsSecurity settingsExclusions and actions on object detection.

  • Disinfect, delete if disinfection fails. If an infected object is detected in an incoming or outgoing message, Kaspersky application tries to disinfect the discovered object. The user will be able to access the message with a secure attachment. However, if Kaspersky application is unable to disinfect the object, then it will delete it. Kaspersky application adds information about the performed action in the message subject: [Message has been processed] <message subject>.
  • Disinfect, block if disinfection fails. If an infected object is detected in an incoming message, Kaspersky application tries to disinfect the discovered object. The user will be able to access the message with a secure attachment. If the object cannot be disinfected, Kaspersky application will add a warning to the message subject. The user will be able to access the message with the original attachment. If an infected object is detected in an outgoing message, Kaspersky application will try to disinfect the discovered object. If Kaspersky application is not able to disinfect the object, it will block the message from being sent, and the mail client will display an error message.
  • Block. If an infected object is detected in an incoming message, Kaspersky application will add a warning to the message subject. The user will be able to access the message with the original attachment. If an infected object is detected in an outgoing message, Kaspersky application will block the message from being sent, and the mail client will display an error.

Protection scope

The Protection scope includes objects that the component checks when it is run: incoming and outgoing messages or incoming messages only.

In order to protect your computers, you need only scan incoming messages. You can turn on scanning for outgoing messages to prevent infected files from being sent in archives. You can also turn on the scanning of outgoing messages if you want to prevent files in particular formats from being sent, such as audio and video files, for example.

Scan POP3, SMTP, NNTP, and IMAP traffic

This check box enables/disables the scanning by Mail Anti-Virus of mail traffic that is sent over the POP3, SMTP, NNTP and IMAP protocols.

Connect Microsoft Outlook extension

 

If the check box is selected, email messages transmitted via the POP3, SMTP, NNTP, and IMAP protocols will be scanned using the extension that is integrated into Microsoft Outlook.

If email is scanned using the extension for Microsoft Outlook, it is recommended to use Cached Exchange Mode. You can find more details about the Cached Exchange Mode and recommendations for how to use it in the Microsoft Knowledge Base.

Heuristic analysis

A technique for detecting threats that cannot be identified using the current version of Kaspersky application databases. It allows you to find files that may contain unknown malware or a new modification of a known malware program.

When scanning files for malicious code, the heuristic analyzer executes instructions in the executable files. The number of instructions that are executed by the heuristic analyzer depends on the level that is specified for the heuristic analyzer. The heuristic analysis level sets the balance between the thoroughness of searches for new threats, the load on the operating system resources, and the time required for heuristic analysis.

Scan attached files of Microsoft Office formats

Scans Microsoft Office files (DOC, DOCX, XLS, PPT and other Microsoft extensions). Office format files also include OLE objects. Kaspersky application scans office format files that are smaller than 1 MB, regardless of whether the check box is selected or not.

Scan attached archives

Scan ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE and other archives. The application scans archives not only by their extension, but by their format as well. When checking archives, the application performs a recursive unpacking. This allows to detect threats inside multi-level archives (archive within an archive).

Do not scan archives larger than

If this check box is selected, Mail Anti-Virus excludes archives that are attached to mail messages from scanning if their size exceeds the value that you have specified. If the check box is cleared, Mail Anti-Virus scans archives of any size that are attached to mail messages.

Limit the time for checking archives to

If the check box is selected, then the amount of time that is needed to scan archives that are attached to mail messages will be limited to the specified period.

Attachment filter

The attachment filter does not work for outgoing mail messages.

Disable filtering. If you select this option, Mail Anti-Virus will not filter files that are attached to mail messages.

Rename attachments of selected types. If you select this option, Mail Anti-Virus will replace the last extension character found in the attached files of the specified types with the underscore character (for example, attachment.doc_). Thus, in order to open the file, the user must rename the file.

Delete attachments of selected types. If you select this option, Mail Anti-Virus will delete files of the specified types that are attached to mail messages.

You can specify the types of attached files that you must rename or delete from Email messages in the file mask list.

Use these settings for the following tasks

Configuring Mail Anti-Virus

Page top