CHAPTER 8.
MAIL ANTI-VIRUS
Mail Anti-Virus
is Kaspersky Anti-
Virus‟s component to prevent incoming and
outgoing email from transferring dangerous objects. It starts running when the
operating system boots up, stays active in your system memory, and scans all
email on protocols POP3, SMTP, IMAP, MAPI
1
and NNTP, as well as secure
connections (SSL) using POP3 and IMAP.
The component‟s activity is indicated by the Kaspersky Anti-Virus icon in the
taskbar notification area, which looks like this
whenever an email is being
scanned.
The default setup for Mail Anti-Virus is as follows:
1. Mail Anti-Virus intercepts each email received or sent by the user.
2. The email is broken down into its parts: email headers, its body, and at-
tachments.
3. The body and attachments of the email (including OLE attachments) are
scanned for dangerous objects. Malicious objects are detected using
the
databases
included in the program, and with the heuristic algorithm.
The databases contain descriptions of all the malicious programs known
to date and methods for neutralizing them. The heuristic algorithm can
detect new viruses that have not yet been entered in the databases.
4. After the virus scan, you have the following available courses of action:
If the body or attachments of the email contain malicious code, Mail
Anti-Virus will block the email, place a copy of the infected object in
Backup
, and try to disinfect the object. If the email is successfully
disinfected, it becomes available to the user again. If not, the in-
fected object in the email is deleted. After the virus scan, special
text is inserted in the subject line of the email stating that the email
has been processed by Kaspersky Anti-Virus.
If code is detected in the body or an attachment that appears to be,
but is not definitely malicious, the suspicious part of the email is
sent to
Quarantine
.
1
Emails sent with MAPI are scanned using a special plug-in for Microsoft Office
Outlook and The Bat!