Viruses, malware and other online threats often spread via email, therefore it is essential that emails are scanned for viruses before they reach users' mailboxes. Mail Assure actively blocks both spam AND its malicious attachments such as viruses, malware, ransomware, spyware and so on.
Pre-virus scan blocks
As viruses generally try to spread as spam emails, the majority of email viruses are blocked as spam before reaching our antivirus technologies. Thanks to this, even viruses not yet known to virus scanners are safely quarantined or rejected outright.
Typically, viruses within emails spread as executable attachments. In the Incoming - Protection Settings > Attachment Restrictions page, accessed from the Domain Level Control Panel, you can control what attachments should be blocked by default. In this page you can also choose to:
- Block password-protected archive attachments
- Block potentially unwanted attachments
- Block attachments that contain hidden executables.
When enabled, potentially dangerous email attachments are not accepted. See Manage Attachment Restrictions for information.
Mail Assure's additional antivirus measures include running a combination of different technologies to protect against malware. We use advanced datasets, specialized in detecting zero-day email viruses provided by several external partners. This external data is then combined with internal data, generated both automatically and provided by our analyst team. By combining various different technologies, SolarWinds can ensure real-time, optimal protection against the latest virus outbreaks. Our internal spam reputation systems (including fuzzy fingerprinting) also contribute to virus scanning to ensure optimal protection against also malware, phishing, and viruses.
It is just as important to run antivirus on the endpoint, as the delay between the actual email processing and the user opening the message allows other antivirus vendors more time to update their signatures. Based on any false negative virus reports received, Mail Assure's systems re-adjust automatically and our analysis team run in-depth analysis where needed. Most of the reports come in the form of messages that have bypassed filtering due to explicit allowing of senders/recipients matching the virus email.
We actively analyze virus emails to catch zero-day viruses and continuously improve our detection systems. Sandboxing is utilized in our central environments for analysis, however we do not integrate real-time sandboxing in our scanning processes. We have not found any significant statistical evidence proving the effectiveness of sandboxing as Mail Assure has built-in technology to quarantine or drop ANY email that includes an attachment with executable content (including non-malicious executables), since email should not be used to distribute executables.