User guide
U S E R G U I D E
84
The application intercepts each message that the user sends or receives and parses it into basic components: message
header, body, attachments. Message body and attachments (including attached OLE objects) are scanned for the
presence of threats.
Kaspersky Lab advises you not to configure Mail Anti-Virus settings on your own. In most cases, selecting a security
level is enough (see section "Changing and restoring security level" on page 86).
You can specify the types of messages to be scanned, and specify which scan methods should be used. By default, the
mode of using records from application databases to search for threats is always enabled. In addition, you can enable
heuristic analysis. Furthermore, you can enable filtering of attachments (see page 87), which allows automatic renaming
or deletion of specified file types.
If a threat is detected, Kaspersky Small Office Security assigns one of the following statuses to the found object:
malicious program (such as a virus or Trojan);
potentially infected (suspicious) status if the scan cannot determine whether the object is infected or not. The file
may contain a sequence of code appropriate for viruses, or modified code from a known virus.
The application blocks a message, displays a notification (see page 222) about the detected threat and performs the
assigned action. You can change actions to be performed on detected threat (see section "Changing actions to be
performed on detected objects" on page 87).
If you work in automatic mode (see section "Using interactive protection mode" on page 39), Kaspersky Small Office
Security will automatically apply the action recommended by Kaspersky Lab's specialists when dangerous objects are
detected. For malicious objects this action is Disinfect. Delete if disinfection fails, for suspicious objects – Move to
Quarantine. If you work in interactive mode (see section "Using interactive protection mode" on page 39), Kaspersky
Small Office Security displays a notification window, in which you will be able to choose one of the available actions.
Before attempting to disinfect or delete an infected object, Kaspersky Small Office Security creates a backup copy for
subsequent restoration or disinfection. Suspicious (potentially infected) objects are quarantined. You can enable the
automatic scan for quarantined objects after each update.
After the email message is successfully disinfected, it returns to the user. If the disinfection fails, the infected object is
deleted from the message. After the virus scan, a special text is inserted in the subject line of the email, stating that the
email was processed by Kaspersky Small Office Security.
You can disable Mail Anti-Virus, if necessary (see section "Enabling and disabling Mail Anti-Virus" on page 85).
An integrated plug-in is provided for Microsoft Office Outlook (see section "Email scanning in Microsoft Office Outlook"
on page 88) that allows you to fine-tune the email client.
If you use The Bat!, Kaspersky Small Office Security can be used in conjunction with other anti-virus applications. At that,
the email traffic processing rules (see section "Email scanning in The Bat!" on page 88) are configured directly in The
Bat! and override the application’s email protection settings.
When working with other mail programs, including Microsoft Outlook Express/Windows Mail, Mozilla Thunderbird,
Eudora, and Incredimail, the Mail Anti-Virus component scans email on SMTP, POP3, IMAP, and NNTP protocols.
Note that when working with the Thunderbird mail client, email messages transferred via IMAP will not be scanned for
viruses if any filters moving messages from the Inbox folder are used.