6.3 Creating an Anti-Virus Policy
Creating a policy manually involves:
-
Creating the policy
-
Setting the policy priority, messages move through the policies from top to bottom
-
Set the policy message scan direction
-
Configuring the policy with filters, services and exceptions
For this example we will assume that a supplier has an overly enthusiastic marketing department and orders to reduce the amount of unwanted mail but allowing the desired mail through have come down.
In this case, the Inbound Mail Filter Policy is a wizard created policy that deals with general spam, and malware. However, unwanted message are getting through and need to be dealt with.
6.3.2 Set the Policy Message Direction
Open the panel and enable Scan by message direction then enable Handle inbound mail.
6.3.3 Configure the Scanner
-
Open the Policy scan configuration folder and select the policy. The workbench will be empty.
-
Add the Filter
There are two filters that will block viruses: Anti-Virus and Zero Hour Virus.
-
Anti-Virus scans for known virus signatures and is updated no longer than hourly.
Zero Hour Virus uses a heuristic method of determining if the traits of a virus exist in a message. This functionality used to be combined into the Anti-Virus scanner. This may trigger false positives, so it has been broken out into its own filter so exceptions may be created while continuing to keep the attack surface as small as possible.
-
Drag the filters to the Workbench.
-
The filter will now scan messages for the word “unsubscribe”, but without one or more services nothing will be done with the message.
-
Add Service
-
Select the Services tab.
-
Because we do not want viruses to enter the system, drag and drop the Block service to the workbench, or drag and drop the red Services pin and select Block.
-
Connect the Red Services pin to the service with drop and drop.
-
Press Save.
-
Items with viruses will now be blocked.