The Malware tab contains various measures against emails that carry harmful and dangerous content such as viruses, worms, or other malware.

Malware Scanning

When using this option, emails will be scanned for unwanted content such as viruses, trojan horses, or suspicious file types. Messages containing malicious content will be blocked and stored in the email quarantine. Users can review and release their quarantined messages either through the Sophos User Portal or the daily Quarantine Report. However, messages containing malicious content can only be released from the quarantine by an administrator in the Mail Manager.

Sophos UTM features several malware engines for best security.

  • Single scan: Default setting; provides maximum performance using the engine defined on the System Settings > Scan Settings tab.
  • Dual scan: Provides maximum recognition rate by scanning the respective traffic twice using different virus scanners. Note that dual scan is not available with BasicGuard subscription.

Quarantine unscannable and encrypted content: Quarantines emails whose content could not be scanned. Unscannable content may be encrypted or corrupt archives or oversized content, or there may be a technical reason like a scanner failure.

Max scanning size: Specify the maximum size of files to be scanned by the antivirus engine(s). Files exceeding this size will be exempt from scanning.

Click Apply to save your settings.

File Extension Filter

This feature filters and quarantines emails (with warnings) that contain certain types of files based on their extensions (e.g., executables). To add file extensions, click the Plus icon in the Blocked File Extensions box and enter a critical file extension you want to be scanned, e.g., exe or jar (without the dot delimiter). Click Apply to save your settings.

Note – Archives cannot be scanned for forbidden file extensions. To protect your network from malware included in archives you might want to consider blocking the respective archive file extensions altogether.