Add an SMTP malware scan policy

With SMTP malware scan policies, you can specify filter criteria and action for malware and attachments in senders’ and recipients’ emails.

You can specify the file types to control, antivirus engines, quarantine action, and notification settings.
  1. Go to EmailPolicies, click Add a policy and then click SMTP malware scan.
  2. Enter a name.
  3. Specify the email address or domain groups of senders and recipients.
  4. Specify the filters for attachments.
    OptionDescription
    Block file types Select the type of attachments to block. To select more than one file type, press Ctrl+Shift. MIME headers populate the MIME whitelist.
    MIME whitelist To allow certain file types, select their MIME headers. Antivirus scanning blocks the remaining file types.
  5. Select the scanning action.
    OptionDescription
    Disable Emails aren’t scanned
    Single antivirus Primary antivirus engine scans emails
    Dual antivirus Primary and secondary engines scan emails sequentially
    Note In models lower than Sophos Firewall XG 105, you can turn on scanning only with the primary antivirus engine.
  6. Select the action for scanned emails.
    OptionDescription

    Quarantine

    Select to quarantine the email.

    Note Quarantined emails are delivered based on the recipient action that you specify.

    Notify sender

    Select to withhold mail and notify the sender that an email is infected.

    Note To notify sender, you need to set recipient action to Don’t deliver.

    Delivery option for recipient

    Select the recipient action for infected and protected attachments. The action applies to suspicious attachments too.

    Don’t deliver: Doesn’t send email and notification to recipient

    Deliver original: Sends email to recipient

    Remove and deliver: Removes infected attachment, sends notification of removal, and delivers the email
    Note Doesn’t apply to the blocked file types that you’ve specified.

    Delivery option for administrator

    Select the action to notify administrators for infected and protected attachments.

    Don’t deliver: Doesn’t notify administrators

    Send original: Sends email to administrators

    Remove attachment: Sends email to recipient without attachment. Sends notification of removal to administrators.
    Note Doesn’t scan protected attachments, but notifies recipient, if not specified otherwise.
  7. Click Save.