Manualshelf

User guide

ManualsBrandsKaspersky Lab ManualsSoftwareAnti-Virus 2010, 3u, 3Y
51525354555657585960
K A S P E R S K Y A N T I - V I R U S 2 0 1 0
52
COMPONENT OPERATION ALGORITHM
Kaspersky Anti-Virus includes the component, which ensures scanning the email for dangerous objects named Mail Anti-
Virus. It loads when the operating system launches and runs continually, scanning all email on the POP3, SMTP, IMAP,
MAPI and NNTP protocols, as well as on secure connections (SSL) for POP3 and IMAP.
The indicator of the component's operation is the application icon in the taskbar notification area, which looks like
whenever an email message is being scanned.
By default, email protection is carried out as follows:
1. Each email received or sent by the user is intercepted by the component.
2. The email is broken down into its parts: the email heading, its body, and attachments.
3. The body and attachments of the email message (including OLE objects) are scanned for dangerous objects.
Malicious objects are detected with the databases used by Kaspersky Anti-Virus, as well as with a heuristic
algorithm. The database contains descriptions of all the malicious programs known to date and methods for
neutralizing them. The heuristic algorithm can detect new viruses that have not yet been entered in the
database.
4. After the virus scan, the following behavior options are available:
If the body or attachments of the email contain malicious code, the File Anti-Virus component will block the
email, create a backup copy of it and attempt to disinfect the object. After the email message is successfully
disinfected, it returns to the user. If the disinfection fails, the infected object will be deleted from the
message. After the virus scan, special text is inserted in the subject line of the email, stating that the email
has been processed by Kaspersky Anti-Virus.
If potentially malicious code is detected in the body or an attachment (but the maliciousness is not
absolutely guaranteed), the suspicious part of the email will be placed to the special storage area called
Quarantine.
If no malicious code is discovered in the email, it is immediately made available again to the user.
An integrated extension module is provided for Microsoft Office Outlook (see section "Email scanning in Microsoft Office
Outlook" on page 54) that allows for fine-tuning the email client.
If you are using The Bat!, Kaspersky Anti-Virus can be used in conjunction with other anti-virus applications. At that, the
email traffic processing rules (see section "Email scanning in The Bat!" on page 55) are configured directly in The Bat!
and override the application‟s email protection settings.
When working with other mail programs, including Microsoft Outlook Express/Windows Mail, Mozilla Thunderbird,
Eudora, and Incredimail, the Mail Anti-Virus component scans email on SMTP, POP3, IMAP, and NNTP protocols.
Note that when working with Thunderbird mail client, email messages transferred via IMAP will not be scanned for
viruses if any filters moving messages from the Inbox folder are used.