Home Email Scan Emails

Scan Emails

63
0
How to scan emails
How to scan emails

Scan Emails – Before We Get Into The Topic, let’s Learn Some Basics Of This Topic

How to scan emails?

Bitdefender Security for Mail Servers uses award-winning proactive antivirus, antispyware, antispam, antiphishing, content, and attachment filtering technologies to protect Windows or UNIX-based mail servers from known and unknown security threats. By eliminating spam and offering uniform centralized administration tools, the system secures enterprises’ email services and increases productivity.

A handy utility from /opt/Bitdefender/bin can be used to see if non-legit e-mails are flagged as spam by Bitdefender Security for Mail Servers without having to pass them through the Mail Transfer Agent again. bdconsole is his name. Because this utility isn’t a daemon, it doesn’t need to reload the antispam and antivirus modules, instead of using them directly from RAM. Two major Bitdefender daemons, bdscand and build, have already loaded these modules into RAM.

Enhanced Email Malware Scan

You can use email content scanning that is more advanced.

Restraints

Only if your license includes Sophos Email is this option available.

noteĀ 

If an option is locked, your partner or Enterprise administrator has applied global settings.

Enhanced content and file property scan

This is the highest level of email virus protection we offer. It’s turned on by default.

Both inbound and outgoing communications are affected by this setting.

noteĀ 

A message is always discarded if malware is identified in it.

Un-scanned emails

What happens to texts that can’t be scanned is up to you. The following actions are available:

  • a period of quarantine
  • Remove it.
  • Subject line with a tag

Only inbound messages are affected by this setting.

We may not be able to scan individual messages for a variety of reasons:

  • The file has been appropriately detected, but the software is unable to access it to decompress or scan it.
  • The file is corrupt, which means it can no longer be accessible.
  • Although a file is correctly identified, it contains unexpected content: Although the file is appropriately identified and access is given, unexpected material is discovered. An issue occurs during the antivirus scan process.
  • Antivirus scanner times out When attempting to scan, the antivirus scanner times out. This can happen for a variety of reasons. When a file is compressed in several nested levels, or when the antivirus scanner surpasses the scan time limit, are two examples.
  • Large compressed attachment: If a compressed attachment is too large to be scanned, it will be rejected. It’s possible that the attachment is nested within too many levels of compression, that the compressed files included are too huge, or that the attachment contains too many compressed files.

These are but a few instances. Other factors could be at play.

Inbound Allow/Block email addresses and domains, as well as Sophos encrypted emails, will not be examined.

Scan Emails

Time of Click URL Protection

This feature is only available with an Email Advanced license, and it is enabled by default.

When you set Time of Click URL Protection, URLs in inbound communications are modified to refer to Sophos Email rather than the original destination.

Sophos Email performs an SXL lookup when the link is clicked, and if it is malicious, it is banned. If the URL is clean, the action is taken when you click the link will be determined by the policy settings. For example, if you have set medium-risk websites as authorized, the link will transport you to the original link location once it has been reviewed and classified as not harmful.

If allowed, the domain name will be displayed at the beginning of the rebuilt URL so you can know where the link will take you. d=domain.com, for example.

  • After a URL has been modified by another program, Sophos Email is unable to re-evaluate it.
  • For websites with the following reputation levels, you can choose which action you want to take:
  • High-risk sites include those that are unlawful, including malware or are phishing sites.
  • Sites linked to spam and anonymizing proxies are considered to be of medium risk.
  • Unverified: The website’s reputation cannot be verified.
  • You must not enable access to high-risk websites.

note

The URLs you add to the Allow at Moment of Click list are never altered at the time of click.

You can also choose whether URLs in plain text messages and securely signed messages are rewritten:

  • Emails with no HTML formatting are referred to as plain text messages. When URL rewriting is enabled and HTML formatting is disabled, the complete encoded URL will be displayed in the email. By deselecting the Re-write URLs in the plain text messages option, you can avoid URL re-writing in these communications.
  • Securely signed messages: URL rewriting may cause S/MIME, PGP, and DKIM signed messages to lose their signatures. By deselecting the option Re-write URLs within securely signed communications, you can avoid URL re-writing in these communications.

If you choose to skip URL rewrites, keep in mind that URLs in these messages will not be secured.

Intelix Threat Analysis

This feature is only available with an Email Advanced license, and it is enabled by default.

This option delivers emails with active harmful material to a virtual environment where they are opened and checked. Emails that are deemed to be malicious are deleted. SophosLabs Intelix uses static and dynamic analysis to detect dangers in messages. Multiple machine learning models, neural networks, global reputation, deep file scanning, and other techniques are used in static analysis. Dynamic analysis detonates a message in a sandbox to uncover a possible threat’s true nature and capabilities.

  • You can choose your favourite location when the Intelix service location is enabled.
  • Choose Allow Sophos to decide (preferred) how to route communications automatically for the best performance.
  • Messages that appear to be harmful will be tested in a simulated environment.
  • Clean messages are delivered in the usual way. Messages containing sophisticated threats will be deleted.

Impersonation Protection

  • This feature is only available with an Email Advanced license, and it is enabled by default.
  • This function recognizes emails purporting to be from well-known companies or extremely important persons (VIPs) in your company.
  • Select the action to be taken when this feature detects emails.
  • These emails are classified as an advanced threat in summary reports.
  • In VIP management, you can add email addresses for VIPs.