|
Resident Protection: Internet Mail - Heuristic
(Advanced)
This page allows you to modify the heuristic analysis settings
for outgoing mail. The settings are used only when the "Heuristic" sensitivity is set to
high or custom (and they can be changed only with
custom sensitivity set).
Viruses spreading themselves by e-mail will send a number
of messages containing their code during a short time. These
messages usually have the same subject and/or they contain
the same attachment. Those four factors can be checked by
ALWIL Antivirus and a warning can be displayed when a virus-like behavior is
detected. You can specify the particular values on this page.
- Checked time. ALWIL Antivirus will count the outgoing messages
during the given time. The default value is 30 seconds. It means
that if more than 5 messages (another default value) will be sent
within half a minute, having the same subject and/or containing the
same attachment, a warning will be displayed.
- Warning count. The number of messages ALWIL Antivirus lets pass
without any warning, even when they have the same subject and/or
contain the same attachment. When the number is exceeded, a warning
is displayed.
- Check subject. If set, ALWIL Antivirus will take email "Subjects"
into account during the heuristic analysis.
- Check attachments. If set, ALWIL Antivirus will take the email
attachments into account during the heuristic analysis.
Another way viruses use to spread are mass messages. In the
previous case, we expected the virus to spread by quickly sending
many emails to many addresses; here, it sends itself by one message
only, but to many recipients simultaneously. This is another thing
ALWIL Antivirus can check, and the parameters can be modified here. All the
recipients of a message are counted, i.e. the addresses in the
fields To, Carbon copy and Blind carbon
copy.
- Absolute count. This value, set to 10 by default, is the
number of recipients of a single message; when exceeded, a warning
will be displayed.
|
