Skip to content
Last update: 2021-10-15

Add an SMTP malware scan policy

You can specify filter criteria and action for malware and attachments in senders' and recipients' emails. You can specify the file types to control, antivirus engines, quarantine action, and notification settings.

To add an SMTP malware scan policy, do as follows:

  1. Go to Email > Policies, click Add a policy and then click SMTP malware scan.
  2. Enter a name.
  3. Specify the email address or domain groups of senders and recipients.
  4. Specify the filters for attachments.

    Option Description
    Block file types Select the type of attachments to block. To select more than one file type, press Ctrl+Shift. MIME headers populate the MIME whitelist.
    MIME whitelist To allow certain file types, select their MIME headers. Antivirus scanning blocks the remaining file types.
  5. Select the scanning action.

    Option Description
    Disable Emails aren't scanned.
    Single antivirus Primary antivirus engine scans emails. The selection applies only to inbound emails. Sophos Firewall uses both antivirus engines to scan outbound emails.
    Dual antivirus Primary and secondary engines scan emails sequentially.

    Note

    In models lower than Sophos Firewall XG 105, you can turn on scanning only with the primary antivirus engine.

  6. Select the action for scanned emails.

    Option Description
    Quarantine Select to quarantine the email.
    Note: Quarantined emails are delivered based on the recipient action that you specify.
    Notify sender Select to withhold mail and notify the sender that an email is infected.
    Note: To notify the sender, you need to set the recipient action to Don't deliver.
    Delivery option for recipient Select the recipient action for infected and protected attachments. The action applies to suspicious attachments too.

    Don't deliver: Doesn't send the email and notification to the recipient.

    Deliver original: Sends the email to the recipient.

    Remove and deliver: Removes the infected attachment, sends a notification of removal, and delivers the email.
    Note: Doesn't apply to the blocked file types that you've specified.
    Delivery option for administrator Select the action to notify administrators for infected and protected attachments.

    Don't deliver: Doesn't notify administrators.

    Send original: Sends the email to administrators.

    Remove attachment: Sends the email to the recipient without the attachment. Sends a notification of removal to administrators.

    Note

    Doesn't scan protected attachments, but notifies the recipient, if not specified otherwise.

  7. Click Save.

Back to top