MSFE for Users – Frequently Asked Questions

This list of Frequently Asked Questions is provided to help you understand the Mail Scanning Service.

Not unless it is an email from someone you regularly receive email from. The simplest thing to do would be to add an extra inbox rule in your email client to keep email from them in your inbox. Alternatively, you can add them to your whitelist in the cPanel MailScanner configuration.

No. All the email is scanned and assigned a score based on the likelihood that an email is spam. Thresholds (low scoring and high scoring spam) are used to determine whether an email should be tagged as spam: it is important that this is done to help avoid false-positives and false-negatives.

Not necessarily. The system is not foolproof and there will be instances where legitimate email is tagged as spam and where spam is not tagged as such. This is why all email is delivered by default, so you can filter them email in your email client and check through the spam to ensure there is no email that you actually need.

Yes, you can configure the service to either scan for viruses, spam or both.

Yes, if you or your hosting provider sets Virus Scanning to yes in the MailScanner Front-end. All emails and file attachments will be scanned for viruses. If one is found, the virus is removed from the email before it is delivered to your mailbox, a text file attachment will be added to the email notifying you of the virus infection. Removed viruses and dangerous file attachments removed from email may be stored in a quarantine area on the server for 30 days. You can request the file from quarantine as described in the text file attachments, or , preferably ask the sender to resend the file in a zip archive.

No system can guarantee 100% detection, though nearly all infected files and dangerous file attachments should be detected using this service. The service scans all email received and sent through the server to help ensure that you do not accidentally start spreading a virus yourself.

Yes! Not only can the service not guarantee that all email viruses will be detected, there are many other ways that your computer can become infected. You should always install an anti-virus solution on every computer and ensure that it is constantly kept up to date.

There are two methods used to identify these emails to you. Firstly, the subject line of the affected email will be prefixed with one of the following:

{Disarmed} - indicates that the email contained html tags that are considered dangerous, e.g. iframe and form tags
{Virus?} - indicates that the email contained a virus and has had the attachment removed.
{Filename?} - indicates that the email contained a dangerous file attachment which has been removed.
{Spam?} - indicates that the email is likely to be spam - you should filter these emails into a separate folder in your email client.
{Definitely Spam?} - indicates that the email is almost definitely spam because it got a very high detection score - you should filter these emails into a separate folder in your email client.

Secondly, additional headers are added to the email:

X-___________-VirusCheck: Found to be clean - indicates that the email passed the virus scanning tests.
X-___________-VirusCheck: Found to be infected - indicates that email email contained a virus which has been removed.
X-___________-SpamCheck: spam - indicates that the email is likely to be spam and contains information on how the score was reached.
X-___________-SpamScore: ssssss - indicates the spam score for the email. Each s represents 1 point, so sssss indicates a score of 5. The service has a default threshold of 5 for {Spam?} and 20 for {Definitely Spam?}

We advise against this as it is possible that legitimate email will be deleted and the sender will never know that you didn't receive it. We recommend filtering the email in your email client and placing it in a separate folder so that you can check through it in your own time.

If you're happy that email marked as {Spam?}, and/or more suitably {Definitely Spam?} you can then configure MailScanner to delete that email.

Another alternative is to have all email marked as {Spam?}, and/or more suitably {Definitely Spam?} delivered to a specific email address. For example,

You can create a separate folder in your email client called Spam. You should then create an inbox rule to place any email containing the strings {Spam?} or {Definitely Spam?} into that folder. How exactly this is done will depend on your email client.

Have a look at the self-help checklist here.