There are two methods used to identify these emails to you. Firstly, the subject line of the affected email will be prefixed with one of the following:
- {Disarmed}- indicates that the email contained html tags that are considered dangerous, e.g. iframe and form tags
- {Virus?}- indicates that the email contained a virus and has had the attachment removed.
- {Filename?}- indicates that the email contained a dangerous file attachment which has been removed.
- {Spam?}- indicates that the email is likely to be spam - you should filter these emails into a separate folder in your email client.
- {Definitely Spam?}- indicates that the email is almost definitely spam because it got a very high detection score - you should filter these emails into a separate folder in your email client.
Secondly, additional headers are added to the email:
- X-___________-VirusCheck: Found to be clean- indicates that the email passed the virus scanning tests.
- X-___________-VirusCheck: Found to be infected- indicates that email email contained a virus which has been removed.
- X-___________-SpamCheck: spam- indicates that the email is likely to be spam and contains information on how the score was reached.
- X-___________-SpamScore: ssssss- indicates the spam score for the email. Each s represents 1 point, so sssss indicates a score of 5. The service has a default threshold of 5 for {Spam?} and 20 for {Definitely Spam?}