The Suspected Malware Bypass Policy allows an administrator to configure certain mail flows to bypass Mimecast's default suspected malware detection. Suspected Malware detection, or ZHARA (Zero Hour Adaptive Risk Assessor), is Mimecast's proprietary software which provides early detection and prevention against zero day malware and spam outbreaks. This provides protection against previously unknown threats using deep level anomaly detection and trending against the entire Mimecast customer base.
Emails containing the file types below in a ZIP file will be placed in the Hold Queue and marked as Suspected Malware. The intended recipient will receive a notification, and will need to ask an administratos with access to the Hold Queue to release the email.
Encrypted ZIP files cannot be checked, although can be held using an Attachment Management Policy.
These checks can be bypassed by implementing a Message Passthrough policy. Mimecast recommends that this policy should only be implemented in the event that regular attachments are getting blocked which need to be allowed through. Bypassing these checks could result in a new virus outbreak being undetected whilst signatures are being updated.
Items placed in the Hold Queue due to “Suspicious Message Structure” indicate that the message has not been correctly structured based on RFC822 and RFC1123 (Request for Comment) documents, published by the Internet Engineering Task Force (IETF).
To prevent any malicious or dangerous emails from entering your email environment, Mimecast provides extensive checking of the structure and components of emails.
Although it is not uncommon that many mail servers and clients do not conform to these RFC standards, Mimecast is ﬂexible on the format we accept, and therefore only holds the problematic instances.
What You Need
- An Administrator Console logon with access to the Administration | Gateway | Policies menu item.
Creating a Policy
To create a policy, follow the instructions in the Creating / Changing a Policy article, but using the following options:
|Policy Narrative||Provide a description for the Policy to allow you to easily identify it in the future.|
Select whether to hold or ignore suspected malware.