VStream Antivirus Actions

When VStream Antivirus detects malicious content, the action it takes depends on the protocol in which the virus was found. See the following table. In each case, VStream Antivirus blocks the file and writes a log to the Event Log.

If a virus if found in this protocol...	VStream Antivirus does this...	The protocol is detected on this port...
HTTP	Terminates the connection	All ports on which VStream Antivirus is enabled by the policy, not only port 80
POP3	Terminates the connection Deletes the virus-infected email from the server	The standard TCP port 110.
IMAP	Terminates the connection Replaces the virus-infected email with a message notifying the user that a virus was found	The standard TCP port 143
SMTP	Rejects the virus-infected email with error code 554 Sends a "Virus detected" message to the sender	The standard TCP port 25
FTP	Terminates the data connection Sends a "Virus detected" message to the FTP client	The standard TCP port 21
TCP and UDP	Terminates the connection	Generic TCP and UDP ports, other than those listed above

Note: In protocols that are not listed in this table, VStream Antivirus uses a "best effort" approach to detect viruses. In such cases, detection of viruses is not guaranteed and depends on the specific encoding used by the protocol.