Stage 1: Restricted Attachments
First we scan messages for dangerous types of file attachments. Dangerous files can execute code, which can be used by hackers to spread viruses or damage your computer. Restricted file types include, but are not limited to, program files (.exe, .com), script files (.bas, .vbs, .js), and shortcuts to files (.lnk, .pif). When an email containing a restricted file attachment is detected, the system rejects the email and the sender receives a "bounced" email notification.
Stage 2: Normalization
This stage of the email anti-virus process searches for formatting vulnerabilities that can hide viruses from scanners. If the system finds any vulnerability, it corrects the formatting of the message so that it can be thoroughly scanned (this is called "normalizing" the message). Normalization protects against known Microsoft® Outlook® security threats.
Stage 3: Decompression
Many of today's viruses use compression as a way to sneak past virus scanners, sometimes even compressing themselves several layers deep. If the email contains any compressed attachments such as .zip files, the system temporarily unzips them to scan them for viruses. If an attachment (such as a password-protected .zip file) cannot be decompressed, our system scans the original file for virus signatures that occur within compressed attachments.
Stage 4: Virus Scan
After the first 3 steps are complete, an email anti-virus scanner processes the email and its uncompressed attachments. This provides maximum protection against new virus threats. Our system automatically updates virus definitions hourly, giving customers protection from new viruses within minutes. Compared that to most desktop and server AV programs, which check for new virus signatures once per day.