Mail Anti-Virus scans incoming and outgoing messages for malicious objects. It loads when the operating system launches and runs continually, scanning all email sent or received on the POP3, SMTP, IMAP, MAPI and NNTP protocols, as well as on secure connections (SSL) for POP3 and IMAP.
The indicator of the component’s operation is the application icon in the taskbar notification area, which looks like whenever an email message is being scanned.
The application intercepts each message that the user sends or receives and parses it into basic components: message header, body, attachments. Message body and attachments (including attached OLE objects) are scanned for the presence of threats.
An attached object or an object embedded into another file. Kaspersky Lab application allows scanning OLE objects for viruses. For example, if you insert a Microsoft Office Excel table into a Microsoft Office Word document, the table is scanned as an OLE object.
By default, the mode of using records from application databases to scan for threats is always enabled. In addition, you can enable heuristic analysis. Furthermore, you can enable filtering of attachments, which allows automatic renaming or deletion of specified file types.
Databases created by Kaspersky Lab’s experts and containing a detailed description of all current threats to computer security as well as methods used for their detection and disinfection. These databases are constantly updated by Kaspersky Lab as new threats appear. In order to achieve a higher quality of threat detection we recommend that you copy databases from Kaspersky Lab’s update servers on a regular basis.
If a threat is detected, Kaspersky Internet Security assigns one of the following statuses to the found object:
The application blocks a message, displays a notification about detected threat and performs the assigned action. You can change actions to be taken on detected threats.
When working in automatic mode, Kaspersky Internet Security automatically applies the action recommended by Kaspersky Lab specialists to each dangerous object detected. For malicious objects this action is Disinfect. Delete if disinfection fails, for suspicious objects – Move to Quarantine.
Before attempting to disinfect or delete an infected object, Kaspersky Internet Security creates a backup copy for subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable the automatic scan of quarantined objects after each update.
After the email message is successfully disinfected, it returns to the user. If the disinfection fails, the infected object is deleted from the message. After the virus scan, a special text is inserted in the subject line of the email, stating that the email was processed by Kaspersky Internet Security.
A special plug-in is provided for Microsoft Office Outlook; it can configure email scans more exactly.
If you use The Bat!, Kaspersky Internet Security can be used in conjunction with other anti-virus applications. In addition, the rules for processing email traffic are configured directly in The Bat! and supersede the application’s mail protection settings.
When working with other mail programs, including Microsoft Outlook Express/Windows Mail, Mozilla Thunderbird, Eudora, and Incredimail, the Mail Anti-Virus component scans email on SMTP, POP3, IMAP, and NNTP protocols.
Note that when working with the Thunderbird mail client, email messages transferred via IMAP will not be scanned for viruses if any filters moving messages from the folder are used.