Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=email-exception-add-SMTP-malware-scan-policy

Add an SMTP malware scan policy (legacy mode)

You can specify filter criteria and actions for malware and attachments in senders' and recipients' emails. You can specify the file types to control, antivirus engines, quarantine action, and notification settings.

To add an SMTP malware scan policy, do as follows:

  1. Go to Email > Policies, click Add a policy and then click SMTP malware scan.
  2. Enter a name.
  3. Specify the email address or domain groups of senders and recipients.

  4. Specify the filters for attachments.

    Option Description
    Block file types Select the type of attachments to block. To select more than one file type, press Ctrl+Shift. The MIME list shows the MIME headers.
    MIME whitelist To allow certain file types, select their MIME headers. Antivirus scanning blocks the remaining file types.

  5. Select the scanning action.

    Option Description
    Disable Emails aren't scanned.
    Single antivirus Primary antivirus engine scans emails. The selection applies only to inbound emails. Sophos Firewall uses both antivirus engines to scan outbound emails.
    Dual antivirus Primary and secondary engines scan emails sequentially.

  6. Select the action for scanned emails.

    Option Description
    Quarantine Select to quarantine the email.
    Note: Quarantined emails are delivered based on the recipient action that you specify.
    Notify sender Select to withhold mail and notify the sender that an email is infected.
    Note: To notify the sender, you need to set the recipient action to Don't deliver.
    Delivery option for recipient Select the recipient action for infected and protected attachments. The action applies to suspicious attachments too.

    Don't deliver: Doesn't send the email and notification to the recipient.

    Deliver original: Sends the email to the recipient.

    Remove and deliver: Removes the infected attachment, sends a notification of removal, and delivers the email.
    Note: Doesn't apply to the blocked file types that you've specified.
    Delivery option for administrator Select the action to notify administrators of infected and protected attachments.

    Don't deliver: Doesn't notify administrators.

    Send original: Sends the email to administrators.

    Remove attachment: Sends the email to the recipient without the attachment. Sends a notification of removal to administrators.

    Note

    Doesn't scan protected attachments, but notifies the recipient if not specified otherwise.

  7. Click Save.