Home Email Scan Email For Malware

Scan Email For Malware


Enhanced Email Malware Scan

  • You can use email content scanning that is more advanced.
  • Only if your license includes Sophos Email is this option available.
  • Content and file property scans have been improved.

Enhanced content and file property scan

This is the highest level of email virus protection we offer. It’s turned on by default.

Both inbound and outgoing communications are affected by this setting.

Emails that have not been scanned

Un-scanned emails

What happens to texts that can’t be scanned is up to you. The following actions are available:

  • a period of quarantine
  • Remove it.
  • Subject line with a tag

Only inbound messages are affected by this setting.

We may not be able to scan individual messages for a variety of reasons:

  • The file has been appropriately detected, but the software is unable to access it to decompress or scan it.
  • The file is corrupt, which means it can no longer be accessible.
  • Although a file is correctly identified, it contains unexpected content: Although the file is appropriately identified and access is given, unexpected material is discovered. An issue occurs during the antivirus scan process.
  • Antivirus scanner times out When attempting to scan, the antivirus scanner times out. This can happen for a variety of reasons. When a file is compressed in several nested levels, or when the antivirus scanner surpasses the scan time limit, are two examples.
  • Large compressed attachment: If a compressed attachment is too large to be scanned, it will be rejected. It’s possible that the attachment is nested within too many levels of compression, that the compressed files included are too huge, or that the attachment contains too many compressed files.

These are but a few instances. Other factors could be at play.

Inbound Allow/Block email addresses and domains, as well as Sophos encrypted emails, will not be examined.

Time of Click URL Protection

This feature is only available with an Email Advanced license, and it is enabled by default.

When you set Time of Click URL Protection, URLs in inbound communications are modified to refer to Sophos Email rather than the original destination.

Sophos Email performs an SXL lookup when the link is clicked, and if it is malicious, it is banned. If the URL is clean, the action is taken when you click the link will be determined by the policy settings. For example, if you have set medium-risk websites as authorized, the link will transport you to the original link location once it has been reviewed and classified as not harmful.

If allowed, the domain name will be displayed at the beginning of the rebuilt URL so you can know where the link will take you. d=domain.com, for example.

For websites with the following reputation levels, you can choose which action you want to take:

  • High-risk sites include those that are unlawful, including malware or are phishing sites.
  • Sites linked to spam and anonymizing proxies are considered to be of medium risk.
  • Unverified: The website’s reputation cannot be verified.

You must not enable access to high-risk websites.

You can also choose whether URLs in plain text messages and securely signed messages are rewritten:

  • Emails with no HTML formatting are referred to as plain text messages. When URL rewriting is enabled and HTML formatting is disabled, the complete encoded URL will be displayed in the email. By deselecting the Re-write URLs in the plain text messages option, you can avoid URL re-writing in these communications.
  • Securely signed messages: URL rewriting may cause S/MIME, PGP, and DKIM signed messages to lose their signatures. By deselecting the option Re-write URLs within securely signed communications, you can avoid URL re-writing in these communications.

Intelix Threat Analysis

This feature is only available with an Email Advanced license, and it is enabled by default.

This option delivers emails with active harmful material to a virtual environment where they are opened and checked. Emails that are deemed to be malicious are deleted. SophosLabs Intelix uses static and dynamic analysis to detect dangers in messages. Multiple machine learning models, neural networks, global reputation, deep file scanning, and other techniques are used in static analysis. Dynamic analysis detonates a message in a sandbox to uncover a possible threat’s true nature and capabilities.

You can choose your favourite location when the Intelix service location is enabled.

Messages that appear to be harmful will be tested in a simulated environment.

Clean messages are delivered in the usual way. Messages containing sophisticated threats will be deleted.

Impersonation Protection

  • This feature is only available with an Email Advanced license, and it is enabled by default.
  • This function recognizes emails purporting to be from well-known companies or extremely important persons (VIPs) in your company.
  • Select the action to be taken when this feature detects emails.
  • These emails are classified as an advanced threat in summary reports.
  • In VIP management, you can add email addresses for VIPs.


Please enter your comment!
Please enter your name here