User Guide

Additional setup 51

7.4. Defining an e-mail scan policy

Using Kaspersky Anti-Virus, the mail server administrator can customize the anti-

virus protection of incoming and outgoing e-mail messages by defining scan

policies.

There are two types of policies:

• message – scan the entire message for viruses, regardless of its

separate objects (header, body, attachment). This policy also aims to

detect viruses that infect and corrupt MIME messages.

If the message is flagged as clean during the scan, its separate objects

won't be analyzed. It will be delivered to the recipient. This policy

guaranties faster scanning of the clean message than a combined policy

(see below).

If the message is flagged as infected and the preset action for such

messages is cure or delete, the application will subsequently analyze all

message objects.

• combined – scan both the entire message and then, regardless of the

scan results, analyze all message objects for viruses (header, body, and

attachment).

You can achieve faster message processing using message policy only

if you do not use it together with object filtration (see section 6.5 on

p. 43).

To analyze separate message objects, the application first breaks the message

down into individual components, scans each component separately, and then

restores the message integrity.

The message policy is less strict, and, hence, requires less time and resources.

The combined policy provides the most thorough analysis of e-mail messages.

The type of the policy is defined by the ScanPolicy parameter in the

[kavmilter.global] section.

7.5. Adjusting scan thoroughness

The mail server administrator can adjust the level of anti-virus protection,

including the following settings:

• Enable or disable the heuristic code analyzer for scanning messages.

The heuristic analyzer is a powerful tool for detecting modified malicious

code that is similar to a known virus signature, i.e., it recognizes new