Device Configuration : Protect : Email : Email Policies : Add SMTP Malware Scanning Policy
Add SMTP Malware Scanning Policy
This feature requires a subscription in Sophos XG Firewall. It can be configured but cannot be enforced without a valid Email Protection subscription.
The Add SMTP/S Malware Scanning Policy page allows you to configure scanning policy to detect malware in Email traffic and take appropriate action.
1. Go to Device Configuration > Protect > Email > Email Policies and click on Switch to Legacy Mode.
2. Click Add SMTP MAlware Policy under Email Policies section and selectAdd SMTP Scanning Policy.
3. Enter Policy details
Name
Enter a unique name to identify the scanning Policy.
Sender
Select the sender name from the list of users.
Select Any if the Policy is to be applied on all the senders.
You can also add a new Email address by clicking Create New link.
Recipient
Select the recipient name from the list of users.
Select Any if the Policy is to be applied on all the recipients.
You can also add a new Email Address by clicking Create New link.
Block File Types
Select file types to be blocked as an attachment to remove all the files that are a potential threat and to prevent from virus attacks.
More than one file type can be selected using ctrl/shift keys.
Device contains a default list of File Types, with each Type containing relevant file extensions. Refer to Protect > Web > File Type to view the list of file extensions which can be blocked.
Select All to block Emails with any type of attachments.
Select None to allow Emails with any type of attachments.
MIME Whitelist
If one or more File Type is selected in Block File Type, this field is populated with the corresponding MIME Headers that belong to selected File Type(s).
Select the MIME Header(s) of the selected File Type(s). Only selected headers are to be allowed while the rest in the selected File Type are to be blocked during Anti Virus scanning of Email attachments.
Scanning
Specify the type of scanning to be applied.
Available Options:
Disable (default):No scanning applied.
Single Anti Virus (Maximum Performance): Traffic will be scanned ONLY by the Primary Anti Virus Engine. Select the Primary Anti Virus Engine from Protection > Web Protection > Malware Protection or System > System Services > Malware Protection .
Dual Anti Virus (Maximum Security): Traffic will be scanned by both Anti Virus Engines, first by Primary and then by the Secondary Engine. Select the Primary Anti Virus Engine from Protection > Web Protection > Malware Protection or System > System Services > Malware Protection .
Action
Enable action to be taken on the mails received, from the available options:
Quarantine: If enabled, copies the Email to the quarantine file list. Email is either delivered to recipient or dropped, as per configured Recipient Action.You can view the Email details like sender and receiver of the Email in the Malware Quarantine. Administrator can access the Quarantine on the Sophos XG Firewall device from System > Current Activity > Malware Quarantine while user can access from their respective User Portal.
Notify Sender: If enabled, the original message is withheld by the Device and a notification is sent to the sender informing that the Email was infected. The sender will receive the notification only if the Receiver Action is configured as Don't Deliver.
Default - Disable
Delivery Option for Infected Attachment/Protected Attachment
Recipient
Select the action to be taken on the message that is detected to be Infected, Suspicious or includes a Protected Attachment.
Available Options:
Don't Deliver (default value): Receiver will not receive the message and will also not receive the notification regarding the infected Email.
Deliver Original: Receiver receives the original Email.
Remove and Deliver: Infected part of the Email is removed before delivering. Receiver will also receive the notification stating that the Email was infected and infected portion of the Email is removed. Not applicable for Blocked Attachments (Block File Type).
* Protected attachments are not scanned but receiver will be notified, if not specified otherwise.
Administrator
Select the action to notify the Administrator for the message detected to be Infected, Suspicious or includes a Protected Attachment.
Available Options:
Don't Deliver:(default value) Administrator will not be notified about the infected Email.
Send Original: Receiver receives the original Email.
Remove Attachment: Recipient receives message without attachment and the Administrator receives the notification that the Email attachment was infected and removed before delivering Email.
* Protected attachments are not scanned but receiver will be notified, if not specified otherwise.
4. Click Save to add the Email Policy.