Security Engines - Anti-Malware

The Anti-Malware engine is responsible for detecting malicious files.  It comprises of matching the file against a database of known malicious files (Anti-Virus) and running it through an advanced sandbox (Threat Emulation).

  • To review the malware event details, click More Info for Anti-Malware under Security Stack in the event profile.
  • To see the sandbox report, click View Report under Security Stack in the event profile.
  • To re-run the security for an event, click Re-check for Anti-Malware under Security Stack in the event profile.

anti-malware

Acting on Malware Events

  • To quarantine an email, click Quarantine Email from the email profile.
  • To release an email from quarantine, click Restore Email if the email is already in quarantine.
  • To prevent generating false positives for specific emails, create an allow-list.

To create a malware Allow-List:

  1. Navigate to Configuration > Malware Allow-List.
    or
    Open the malware event generated in the Avanan Portal.
  2. Click Create Allow-List.
  3. Enter the file MD5 hash and click Ok.