Dr.Web SMTP Filter and Dr.Web POP3 Filter

Dr.Web checks only unencrypted traffic over POP3 and SMTP protocols.

Scanning process has two stages:

1.On the first stage, the received message is checked by the Anti-spam module Vade Retro. It analyzes the text of the message and calculates the probability for the message to be spam. If a message is detected as spam, an action specified for the corresponding spam category in the Anti-spam section of Dr.Web Administrator Web Console will be applied to it.

2.On the second stage, messages that passed spam check (or were ignored according to the application settings), undergo scanning for malware. Depending on the scanning results, objects (the body of the message or attachments) are attributed to one of the categories (Infected or Suspicious), and the corresponding actions specified by the administrator in the Scanning pane of Dr.Web Administrator Web Console are performed.
Enabling the heuristic analyzer in application settings allows you to detect objects with modified or unknown malicious code. Such objects are identified as Suspicious. A text file with information on the detected threat and performed actions is attached to the messages with malicious objects.
If a message with infected objects is detected, the application will attach a text file with information about detected threats and performed actions .