Because viruses usually try to spread as spam, most email viruses are blocked by our anti-spam technologies before they are scanned with our antivirus engine. Thanks to this resource-saving and intuitive setup, even viruses that are not yet detected by virus scanners are usually safely quarantined or completely rejected.
Viruses usually try to spread in executable attachments of e-mails. In the web interface you have the possibility to manage restrictions for file extensions and thus select which extension should be blocked by the filter by default. If you enable this option and block dangerous file extensions, no more potentially dangerous attachments should be accepted by mail.
Additionally we operate the open source antivirus framework "ClamAV", which updates their virus definitions every 30 minutes. In addition to the ClamAV databases, we have added additional data sets from several external partners, specialized in email virus problems, to ensure optimal real-time protection against the latest virus attacks. Our internal reputation systems also help with virus scanning and provide optimal protection against spam, malware, phishing and viruses.
We regularly review various commercial antivirus engines and analyze false-negatives to see if other engines could deliver a different result. Unfortunately, email viruses are blocked by most commercial antivirus engines only after receiving the message and therefore do not provide additional security at the SMTP gateway level. It is also important that an antivirus program is installed on the end user, as it will later access the message and give anti-virus vendors more time to update their signatures.
We actively analyze virus emails to continuously improve our detection and catch zero-day viruses. Sandboxing is used in our environments for this purpose, but we do not integrate real-time sandboxing into our scanning processes. Vendors often advertise such technologies, but there is virtually no good sandboxing system that contributes to the effectiveness of scanning SMTP gateways in real time. When rewriting URLs that point to a sandboxed environment, you introduce a "scanning delay" because the URL may be rescanned when the user tries to access it, and therefore there is a possibility that the commercial antivirus engine will have a signature for it by then. However, our engine will never change the content of the email, as this would corrupt DKIM and may lead to message corruption. URL rewriting/filtering should be done directly at the endpoint to protect the URL from such threats.
Deutsch
Arabic
Armenian
Bosnian
Bulgarian
Croatian
Czech
Danish
Dutch
Estonian
Finnish
French
Georgian
Greek
Icelandic
Italian
Latvian
Lithuanian
Luxembourgish
Macedonian
Norwegian
Polish
Portuguese
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Turkish
Ukrainian