beautypg.com

Additional zero-hour threat protection, Advanced antivirus heuristics – Google Message Security for Google Apps Administration Guide User Manual

Page 187

background image

Virus Blocking

187

Additional Zero-Hour Threat Protection

The following additional zero-hour threat protection is available to you:

Advanced Antivirus Heuristics

Advanced Antivirus Heuristics also examines message attachments, and works in
conjunction with the spam filtering engine as part of your protection against botnet
virus attacks. The heuristics provide protection against emerging threats for which
antivirus signatures have not yet been released.

To apply advanced antivirus heuristics, you need to configure Spam Filtering and
Virus Blocking.

How it works: Spam Blocking filters botnet attacks based on the sending behavior
(botnets send messages through networks of compromised computers). When
the botnet protection identifies a suspicious message, advanced antivirus
heuristics scan the message, and if triggered, process the message as a virus.
This helps assure that virus-infected messages are deleted or sequestered in the
virus quarantine, rather than treated as junk messages.

When a message is disposed of in this fashion, the associated virus name that
appears in reports is PSTN-MalwareDetection.

For more information, see “ Interpreting Header Fields” on page 401 and
“ Reports” on page 321

Attachment Manager
(optional feature)

“System Threats” filter catches potentially harmful
files.

Virus Blocking

The message security service uses heuristics to
detect malformed MIME attachments and messages
to augment McAfee and Authentium virus scanning.

McAfee Antivirus

McAfee’s virus heuristics engine catches some
viruses before patterns can be isolated. McAfee also
uses the message security service’s log data to help
detect outbreak patterns.

Authentium Antivirus
(optional feature)

Authentium’s HoloCheck™ Heuristic Technology
provides a separate methodology of heuristic
detection. This second scan engine provides broader
coverage for inbound mail.

Advanced Antivirus
Heuristics

Evaluates whether messages that are considered to
be part of a botnet attack are also virus infected.

All messages with attachments are quarantined.

See also other documents in the category Google Software: