Share via


Description of FOPE Anti Malware Scans

Forefront Online Protection for Exchange (FOPE) has an anti-malware service level agreement (SLA) that guarantees we will scan every message with at least two antivirus engines.

FOPE has a customer SLA to detect 100 percent of known viruses. To meet our SLA commitments, FOPE does the following:

  • All of the antivirus engines have heuristics scanning enabled. This enables the antivirus engines to scan for both known (signature match) and unknown (suspicious) viruses.
  • To stay on top of the latest threats, FOPE servers query our vendors for virus definition updates every 15 minutes.
  • The FOPE product team performs a periodic review with the antivirus vendors to ensure that our scan and heuristics settings are optimally set to detect both known and unknown viruses.
  • The latest trend in malware delivery is not via infected payload but via infected landing pages (URLs). FOPE subscribes to an external URL feed for known abusive URLS. The URL feed enables FOPE to stay up to date on the new abusive URLs.
  • FOPE has SLAs with our antivirus vendors. This ensures that we receive a timely response from the vendors when there is a new outbreak.

When FOPE detects an infected message, the message is dropped and a notification is sent to the Admin/Sender/Recipient based on the customer-defined Administration Center settings.

The virus engines can drill into archive (compressed) files (such as ZIP files).

When encrypted or password-protected files are sent to the anti-malware engines, because these files are protected and we do not have keys/password for them, the anti-malware engines perform a signature match scan on them. The anti-malware engines can't drill into such files.