Operation Manual
Getting Started with Trend Micro™ ServerProtect™
1-13
MacroTrap™
ServerProtect includes patented MacroTrap technology to guard against macro
viruses in Microsoft™ Office files and templates. Macro viruses are the fastest
spreading computer viruses. Since they are harbored in files that are commonly
passed around via email, these kinds of viruses are easily spread. See Configuring
Real-time Scan on page 3-49 for MacroTrap configuration information.
Note: Trend Micro MacroTrap protects network users from receiving and sending macro
viruses.
How MacroTrap Works
The MacroTrap performs a rule-based examination of all Macro code that is saved in
association with a document. Macro virus code is typically contained as a part of the
invisible template (for example., *.dot in Microsoft Word) that travels with the
document. Trend Micro MacroTrap checks the document for signs of a macro virus
by seeking out instructions that perform virus-like activity. Examples of virus-like
activity are copying parts of the template to other templates (replication), or code to
execute harmful commands (destruction).
Compressed Files
Compressed file archives (that is, a single file composed of many separate
compressed files) are the preferred form to distribute files via email and the Internet.
Since some antivirus software are not able to scan these kinds of files, compressed
file archives are sometimes used as a way to "smuggle" a virus into a protected
network or computer.
The Trend Micro scan engine can scan files inside compressed archives. It can even
scan compressed files that are composed of other compressed files -- up to a
maximum of five compression layers.
The Trend Micro scan engine used in ServerProtect can detect viruses in files
compressed using the following algorithms:
• PKZIP (.zip) & PKZIP_SFX (.exe)
• LHA (.lzh) & LHA_SFX (.exe)