- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Why is Email Security's AV not catching some of the message samples that my desktop AV catches?
03/26/2020 
1,041 People found this article helpful
43,702 Views
Description
Why is Email Security's AV not catching some of the message samples that my desktop AV is able to catch?
Resolution
Question:
Why is Email Security's AV not catching some of the message samples that my desktop AV is able to catch?
Answer:
This article is geared toward a specific scenario : An inbound message comes through without an attachment and Email Security delivers it on to the End user. The end user's desktop AV solution may identify the message as virus and then ends up quarantining the message. Although the message does not contain any virus related attachment, it does contain a URL string that the desktop AV is identifying as virus related. Assuming that the Email Security deployment is receiving all of its updates successfully without delay, and that the message sample does not contain an attachment, Email Security is not designed to trace the URL links found in emails to their websites for the analysis of malicious content. However, what Email Security can do is to provide spam protection based on the spam related association of that URL and takes quarantined action against that event if configured to do so. Also to note, this does not prevent the end user from un junking the message and following the URL of the infected website. This is why implementing several layers of AV solutions would go further towards providing increased protection against malware. You would normally see this type of protection deployed at the firewall and Desktop AV solutions. SonicWall UTM solutions, for example, can be configured to detect malware being downloaded from an infected website and prevent the malware from getting to the the end user's computer. Another tip towards AV security is to diversify your AV providers as this would broaden your antivirus coverage and increase your AV security.
Some common configurations for safe computing behavior when it comes to URL's found in emails:
1) Do Not click on links in the e-mail body.
2) Do Not open automatically downloaded .zip files.
3) Do Not open the executable, screen saver, PDF, word doc, PowerPoint, etc. that is extracted from the .zip.
4) Both Steps 2 & 3 would be a a good combined action to follow.
5) Scan all zip files attachments with local Desktop AV before opening it.
NOTE: The information in the article applies to firmware versions 9.2.2 and older. URL scanning is available in firmware versions 10.0.0 and newer.
Related Articles
- SonicWall Hosted Email Security FAQ
- Email Security Junk Box & Message Log Update Issues (Y2K22 Bug)
- Email Security Junk Box & Message Log Update Issues - Y2K22 Bug
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO