Virus Scanning

Viruses, malware and other online threats often spread via email, therefore it is essential that emails are scanned for viruses before they reach users' mailboxes. Mail Assure actively blocks both spam AND its malicious attachments such as viruses, malware, ransomware, spyware and so on.

Pre-virus scan blocks

Due to the fact that viruses generally try to spread as spam emails, the majority of email viruses are already blocked as spam before they reach our antivirus technologies. Thanks to this setup, even viruses not yet known to virus scanners are safely quarantined or rejected outright.

Attachment Filtering

Email viruses typically try to spread as executable attachments. In the Incoming - Protection Settings > Attachment Restrictions page, accessed from the Domain Level Control Panel, you can control what attachments should be blocked by default. In this page you can also choose to:

  • Block password-protected archive attachments
  • Block potentially unwanted attachments
  • Block attachments that contain hidden executables.

With these options enabled, potentially dangerous email attachments are not accepted. See Manage Attachment Restrictions.

Antivirus Engine

Our additional antivirus measures include running a combination of different technologies to protect you against malware. This includes the open-source ClamAV antivirus framework, which is enhanced with additional datasets specialized in detecting zero-day email viruses provided by several external partners. We combine this external data with our internal data, which is generated both automatically and provided by our analyst team. By combining various different technologies, we can ensure real-time, optimal protection against the latest virus outbreaks. All our internal spam reputation systems (including fuzzy fingerprinting) also contribute to virus scanning to ensure optimal protection against not only spam, but also malware, phishing, and viruses.

It is just as important to run antivirus on the endpoint as well, as the delay between the actual email processing and the user opening the message allows other antivirus vendors more time to update their signatures. Based on any false negative virus reports received, our systems re-adjust automatically and our analysis team can run in-depth analysis where needed. Most of the reports come in the form of messages that have bypassed filtering due to explicit whitelisting of senders/recipients matching the virus email.


We actively analyze virus emails to catch zero-day viruses and continuously improve our detection systems. Sandboxing is utilized in our central environments for analyses, however we do not integrate real-time sandboxing in our scanning processes. We have not found any significant statistical evidence proving the effectiveness of sandboxing as Mail Assure has built-in technology to quarantine or drop ANY email that includes an attachment with executable content (including non-malicious executables), since email should not be used to distribute executables.