[Contents] [Prev] [Next] [Index] [Report an Error]

Understanding POP3 Antivirus Scanning

If Post Office Protocol 3 (POP3) antivirus scanning is enabled in a content security profile, the security device redirects traffic from a local mail server to antivirus scanner before sending it to the local POP3 client.

This is a general description of how POP3 traffic is intercepted, scanned, and acted upon by the antivirus scanner.

  1. The POP3 client downloads an e-mail message from the local mail server.
  2. The security device intercepts the e-mail message and passes the data to the antivirus scanner, which scans it for viruses.
  3. After completing the scan, the security device follows one of two courses:
    • If there is no virus, the device forwards the message to the client.
    • If there is a virus, the device sends a message reporting the infection to the client.

    Note: See Protocol-Only Virus-Detected Notifications for information on protocol-only notifications for IMAP.

This topic includes the following sections:

Understanding POP3 Antivirus Mail Message Replacement

If the antivirus scanner finds a virus in an e-mail message, the original message is dropped, the message body is truncated, and the content is replaced by a message that may appear as follows:

nContent-Type: text/plainYour mail <src_ip> : <src_port> — <dst_port>: <dst_port> contains contaminated file <filename> with virus <virusname>, so it is dropped.

Understanding POP3 Antivirus Sender Notification

If notify-sender-on-virus is set and the message is dropped due to a detected virus, an e-mail is sent to the mail sender.

From: <admin>@<gateway_ip>To: <sender_e-mail>Subject: Mail Delivery Failure This message is created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients for the reason:<src_ip> : <src_port> — <dst_port>: <dst_port> contaminated file <filename> with virus <virusname>.e-mail Header is:<header of scanned e-mail>

If notify-sender-on-error-drop is set and the message is dropped due to a scan error, an e-mail is sent to the mail sender of the scanned message. The content of the e-mail may appear as follows:

From: <admin>@<gateway_ip>To: <sender_e-mail>Subject: Mail Delivery Failure This message is created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients for the reason:<src_ip> : <src_port> — <dst_port>: <dst_port> <reason>.e-mail Header is:<header of scanned e-mail>

Understanding POP3 Antivirus Subject Tagging

If a scan error is returned and the fail mode is set to pass, the antivirus module passes the message through to the server. If notify-recipient-on-error-pass is set, the following string is appended to the end of subject field:

(No virus check: <reason>)

Related Topics

JUNOS Software Feature Support Reference for SRX Series and J Series Devices

[Contents] [Prev] [Next] [Index] [Report an Error]


[an error occurred while processing this directive]