Skip to main content
Skip table of contents

AntiVirus Multiscan

Retarus checks messages for viruses within our own infrastructure. We don’t transmit any data to third party providers. The check is carried out with two virus scanners from different suppliers chosen by Retarus. Retarus updates the scanners as soon as the manufacturers provide updates or new releases. If a virus is detected, Retarus deletes the infected messages. Status information on infected emails is transmitted to the customer via API callback (HTTP Push Status Notifications).

The additional AntiVirus MultiScan feature must be ordered for a specific technical account, which will be activated by Retarus. In your account configuration it can be defined if we should scan only attachments and/or the html-body as well. After activating the feature for your account, you can use it via the REST or SMTP request. The object description for the activation can be found in the current API description.

image-20240508-073018.png

All requests which come through our infrastructure will be checked if the AntiVirus MultiScan feature is active. If the feature was activated the system pull out all attachments and/or html-body within the message and routes their contents to a specified antivirus scanner services, collects and evaluates their feedback.

Our service provides different defined results of a virus scan:

  • OK: The entire Job will be sent.

  • INFECTED: The Job will be discarded.

If our service detects a virus we discard the entire job and provide you the details via our HTTP Push Notification Service with the following „Event Type“.

Event/phase

Event/state

Event/type

Event/subType

Description

PROCESS

FINISHED

DROPPED

VIRUS_DETECTED

Retarus Virus Engine detected a virus. Email not delivered.

Sample push notification

JSON 
{
   "notifications":[
      [
         {
            "meta":{
               "event":{
                  "description":"INFECTED: attachments <attachment_name>/<body_related> are infected.",
                  "phase":"PROCESS",
                  "state":"FINISHED",
                  "subType":"VIRUS_DETECTED",
                  "ts":"2019-11-14T13:14:05.699Z",
                  "type":"DROPPED"
               },
               "mail":{
                  "email":" recipient@sample.com ",
                  "from":"sender@sample.com ",
                  "id":"186248a8-b695-49be-ba51-bbc0b8e7931a#85213bcf#85b5fb36",
                  "mimeFrom":"sender@sample.com "
               },
               "tag":"1daaa3a665636cf44844b68b33dc0573ca1f0d6ee96d7e079c488490305c1d79"
            }
         }
      ]
   ]
}

Monitoring and updating antivirus engines

The database used by our antivirus engines is continuously updated. The latest version is checked by an automated procedure. Also, checking and importing new findings is carried out by a process completely independent of the Antivirus service.

In order to check the Antivirus service for availability, a corresponding health check was included in our Transactional Email monitoring. In addition, a further check was activated to check whether the currently used Antivirus version matches the latest published version.

The AntiVirus MultiScan service is within our Transactional Email infrastructure and it is not directly connected to the service that renews the database of known viruses. That means, there is no impact on our service during database updates.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close