Trojan and Executable Scanner

The Trojan and Executable Scanner analyzes and determines the function of executable files attached to emails. This scanner can subsequently quarantine any executables that perform suspicious activities (such as Trojans).

How does the Trojan & Executable Scanner work?

GFI MailEssentials rates the risk-level of an executable file by decompiling the executable, and detecting in real-time what the executable might do. Subsequently, it compares capabilities of the executable to a database of malicious actions and rates the risk level of the file. With the Trojan & Executable scanner, you can detect and block potentially dangerous, unknown or one-off Trojans before they compromise your network.

Configuring the Trojan & Executable Scanner

1. Go to Email Security > Trojan & Executable Scanner.
   

Trojan and Executable Scanner: General Tab

2. Select Enable Trojan & Executable Scanner to activate this filter.
3. In Email checking area, specify the emails to check for Trojans and other malicious executables by selecting:

Option	Description
Scan Inbound SMTP Email	Scan incoming emails for Trojans and malicious executable files.
Scan Outbound SMTP Email	Scan outgoing emails for Trojans and malicious executable files.

4. From the Security settings area, choose the required level of security:

Security Level	Description
High Security	Blocks all executables that contain any known malicious signatures
Medium Security	Blocks suspicious executables. Emails are blocked if an executable contains one high-risk signature or a combination of high-risk and low-risk signatures.
Low Security	Blocks only malicious executables. Emails are blocked if an executable contains at least one high-risk signature.

5. From Actions tab, configure the actions you want GFI MailEssentials to take on emails containing a malicious executable.

6. To send email notifications whenever an email gets blocked, check any of the following options:

Option	Description
Notify administrator	To notify the administrator whenever this engine blocks an email. For more information refer to Administrator email address. For more information refer to Administrator email address.
Notify local user	To notify the email local recipients about the blocked email.

7. To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file. By default, log files are stored in:

<GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\Logs\<EngineName>.log

Engine Updates tab

8. In the Updates tab, check Automatically check for updates to enable automatic updating for the selected engine.
9. From the Downloading option list, select one of the following options:

Option	Description
Only check for updates	Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option does NOT download the available updates automatically.
Check for updates and download	Select this option if you want GFI MailEssentials to check for and automatically download any updates available for this engine.

10. Specify how often you want GFI MailEssentials to check and download updates for this engine, by specifying an interval value in hours.
11. From Update options area, check Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully.

12. To force the most recent updates you have two options:

Option	Description
Download updates	Trigger the update process manually. It is an incremental update where only the most recent definitions are updated.
Force full updates	This option forces a new version of the engine to be downloaded and replaced. This option is slower and consumes more bandwidth.

13. Click Apply.