AntiVirus Multiscan
Retarus checks messages for viruses within our own infrastructure. We don’t transmit any data to third party providers. The check is carried out with two virus scanners from different suppliers chosen by Retarus. Retarus updates the scanners as soon as the manufacturers provide updates or new releases. If a virus is detected, Retarus deletes the infected messages. Status information on infected emails is transmitted to the customer via API callback (HTTP Push Status Notifications).
The additional AntiVirus MultiScan feature must be ordered for a specific technical account, which will be activated by Retarus. In your account configuration it can be defined if we should scan only attachments and/or the html-body as well. After activating the feature for your account, you can use it via the REST or SMTP request. The object description for the activation can be found in the current API description.
All requests which come through our infrastructure will be checked if the AntiVirus MultiScan feature is active. If the feature was activated the system pull out all attachments and/or html-body within the message and routes their contents to a specified antivirus scanner services, collects and evaluates their feedback.
Our service provides different defined results of a virus scan:
OK: The entire Job will be sent.
INFECTED: The Job will be discarded.
If our service detects a virus we discard the entire job and provide you the details via our HTTP Push Notification Service with the following „Event Type“.
Event/phase | Event/state | Event/type | Event/subType | Description |
---|---|---|---|---|
PROCESS | FINISHED | DROPPED | VIRUS_DETECTED | Retarus Virus Engine detected a virus. Email not delivered. |
Sample push notification
{
"notifications":[
[
{
"meta":{
"event":{
"description":"INFECTED: attachments <attachment_name>/<body_related> are infected.",
"phase":"PROCESS",
"state":"FINISHED",
"subType":"VIRUS_DETECTED",
"ts":"2019-11-14T13:14:05.699Z",
"type":"DROPPED"
},
"mail":{
"email":" recipient@sample.com ",
"from":"sender@sample.com ",
"id":"186248a8-b695-49be-ba51-bbc0b8e7931a#85213bcf#85b5fb36",
"mimeFrom":"sender@sample.com "
},
"tag":"1daaa3a665636cf44844b68b33dc0573ca1f0d6ee96d7e079c488490305c1d79"
}
}
]
]
}
Synchronous response
If the account configuration does not permit this feature and a JobRequest explicitly requests the activation of AntiVirus, the JobRequest will be rejected immediately.
{
"meta": {
"jobId": "308a020f-4f71-4f4d-853d-9ccfca0b2645",
"state": {
"type": "REJECTED",
"subType": "DISABLED_IN_ACCOUNT_CONFIG",
"phase": "PRE_PROCESS",
"description": "Feature antivirus is disabled in AccountConfig for this account/domain"
}
}
}
Monitoring and updating antivirus engines
The database used by our antivirus engines is continuously updated. The latest version is checked by an automated procedure. Also, checking and importing new findings is carried out by a process completely independent of the Antivirus service.
In order to check the Antivirus service for availability, a corresponding health check was included in our Transactional Email monitoring. In addition, a further check was activated to check whether the currently used Antivirus version matches the latest published version.
The AntiVirus MultiScan service is within our Transactional Email infrastructure and it is not directly connected to the service that renews the database of known viruses. That means, there is no impact on our service during database updates.