Understanding POP3 Antivirus Scanning
If Post Office Protocol 3 (POP3) antivirus scanning is enabled in a content security profile, the security device redirects traffic from a local mail server to antivirus scanner before sending it to the local POP3 client.
This is a general description of how POP3 traffic is intercepted, scanned, and acted upon by the antivirus scanner.
- The POP3 client downloads an e-mail message from the local mail server.
- The security device intercepts the e-mail message and passes the data to the antivirus scanner, which scans it for viruses.
- After completing the scan, the security device
follows one of two courses:
- If there is no virus, the device forwards the message to the client.
- If there is a virus, the device sends a message reporting the infection to the client.
Note: See Protocol-Only Virus-Detected Notifications for information on protocol-only notifications for IMAP.
This topic includes the following sections:
- Understanding POP3 Antivirus Mail Message Replacement
- Understanding POP3 Antivirus Sender Notification
- Understanding POP3 Antivirus Subject Tagging
Understanding POP3 Antivirus Mail Message Replacement
If the antivirus scanner finds a virus in an e-mail message, the original message is dropped, the message body is truncated, and the content is replaced by a message that may appear as follows:
Understanding POP3 Antivirus Sender Notification
If notify-sender-on-virus is set and the message is dropped due to a detected virus, an e-mail is sent to the mail sender.
If notify-sender-on-error-drop is set and the message is dropped due to a scan error, an e-mail is sent to the mail sender of the scanned message. The content of the e-mail may appear as follows:
Understanding POP3 Antivirus Subject Tagging
If a scan error is returned and the fail mode is set to pass, the antivirus module passes the message through to the server. If notify-recipient-on-error-pass is set, the following string is appended to the end of subject field:
Related Topics
JUNOS Software Feature Support Reference for SRX Series and J Series Devices