This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Mail Shield

This Article Applies to:

  • Avast Business Hub

 

Mail Shield checks incoming and outgoing email messages in real time for viruses and links to malicious websites. This only applies to messages handled by mail management software installed on your computer, such as Microsoft Outlook. If accessing a web-based email account via an internet browser, the device is protected by other Antivirus shields.

We do not recommend installing this component on a server OS that is also running Microsoft Exchange. The Exchange and Anti-Spam components handle the Exchange-level filtering and will conflict with Mail Shield.

Note that in Antivirus for macOS, the shields can only be disabled, not uninstalled. Therefore, if you uninstall Mail Shield from a policy, the service on macOS endpoints will only be disabled.

Configuring Mail Shield Settings

Windows and macOS configuration options are mixed together in the policy settings for the various components.

To access Mail Shield settings:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Select the Settings tab, then Antivirus
  4. Expand the Mail Shield section (under Antivirus Protection)

The available configuration options are grouped as follows:

  • Main settings (Windows and macOS)
  • Behavior (Windows)
  • SSL scanning (Windows)
  • Actions (Windows)
  • Packers (Windows)
  • Sensitivity (Windows)
  • Report file (Windows)

Main Settings

The main Mail Shield settings offer the following options for Windows devices:

  • Inbound mail: Scans all incoming emails (POP3, IMAP4) sent using an SSL/TLS encrypted connection
  • Outbound mail: Scans all outbound emails (SMTP) sent using an SSL/TLS encrypted connection
  • Newsgroup messages: Scans all newsgroup messages (NNTP) sent using an SSL/TLS encrypted connection

For macOS devices, you can choose whether to:

  • Enable IPv6: Scans devices that use IPv6.
  • Scan secured connections: Scans emails sent or received over secure protocols such as PGP and S/MIME.
  • Report PUPs: Checks for and notifies about potentially unwanted programs.
  • Mark mail headers: Adds a warning to the header of suspicious emails.
  • Email attachments: Removes suspicious email attachments before downloading the email.

Behavior

Under the General section of the Behavior tab, you can decide whether you want to:

  • Insert note into clean message (incoming)
  • Insert note into infected message (incoming)
  • Insert note into clean message (outgoing)
  • Add a warning to the subject line of infected emails

For MS Outlook only, you can also choose to:

  • Show splash screen
  • Scan files when attaching to email
  • Scan archived messages when opening (or just the unread ones)

SSL Scanning

Here, you can choose whether Mail Shield scans SSL connections.

Actions

The Actions settings define how viruses, PUPs, unwanted tools, and suspicious objects are handled when detected by File Shield. For each type, it is possible to configure three actions to perform, with the "if the action fails" value. The following actions can be selected from each drop-down menu:

  • Fix automatically: Runs a sequence of actions (repair file; if not possible, then move to Quarantine; if not possible, then delete)
  • Move to Quarantine : Sends the threat to Quarantine, where it cannot harm your system
  • Repair: Removes only malicious code attached to an otherwise safe file — this is not possible for files that are entirely malware
  • Ask: Avast asks what you want to do with a detected threat before any action is taken
  • Delete: Permanently remove the file from your computer
  • No action: No action is taken during the scan; the threat is listed in your scan results and you can decide what to do later

For example, you can set the first action to Move to quarantine. If that fails, then Ask the user. If that then fails as well, the final action can be to Delete the file. If the final action also fails, nothing further will be performed (file will continue to be blocked).

Under the Notification section, you can also define whether a notification will be displayed each time Mail Shield detects a threat on the device.

Lastly, the Processing of infected archives option allows you to configure what to do with detected archives. By default, the shield will try to remove the infected file from the archive and if that fails, nothing will happen.

The other option (removing the whole archive if removing the infected file from the archive fails) can lead to issues if there is a false positive, and the archive may be deleted if too large.

Packers

These settings allow you to define which archive (packer) formats Avast should try to extract during Mail Shield scans (unpacked files can be better analyzed for malware). Original archives remain intact while processed by Mail Shield. You can choose to use either all packer formats or just the ones you select from the list. By default, all packers are used.

Sensitivity

Here, you can adjust the sensitivity of the Antivirus scan for Mail Shield:

  • Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware.
    • Use code emulation: Choose whether to use code emulations to unpack and test suspected malware in an emulated environment, where the files cannot cause damage to devices.
  • Sensitivity: Enable Test whole files to check the whole content of a file instead of the parts typically affected by malicious code. There is usually no need to enable this option, and it will likely impact system performance.
  • PUP and suspicious files: Choose whether or not to scan for potentially unwanted programs (PUPs). You can select the option separately for pre and post 21.5 and 21.6 versions of the Antivirus respectively. For versions 21.6 and newer, you can also choose whether to scan for potentially unwanted tools.

Report File

You can configure the report file here in order to enhance the reporting of the shield:

  • File name: Enter a name for the report file (default * will use the default file name)
    • The Generate report file checkbox needs to be ticked for the report file to be created.
  • File type: Select the format of the report file:
    • Plain text (ANSI)
    • Plain text (Unicode)
    • XML
  • If file exists: Select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report
    • Using the Append option will gradually increase the size of the report file on the disk. Including informative events such as OK will also greatly increase the size on the disk as every clean file will be reported.
  • Reported items: Define which events appear in report files:
    • Infected items — Files and areas of the scanned environment that the virus scan identifies as containing malware
    • Hard Errors — Unexpected errors that require further investigation
    • Soft Errors — Minor errors, such as a file being unable to be scanned because it was in use
    • OK items — Files and areas that the virus scan identified as being clean
    • Skipped items — Files and areas that the virus scan did not check because of the scan settings

At the bottom of the settings, the default location of the report is displayed.

Adding Mail Shield Exclusions (macOS Only)

If needed, you can add exclusions to the Mail Shield scans through the Antivirus Exclusions settings of a selected policy. This can speed up the scans and prevent false-positive detections.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.

FAQ