Sophos and McAfee Antivirus (AV)

Antivirus (AV) is the examination of email attachments for malicious content. Modern AV engines use a wide range of techniques to detect malicious content, and rely on regular updates to the rules packages that they operate on. You can think of AV as a test platform, with the message as subject and the downloaded rules as the test. The rules are generally dubbed signatures and are routinely updated. In fact, what distinguished AV today between the different vendors is how quickly a signature is created when a new virus type is identified.

The ESA provides two signature-based AV engines on the platform, each from a different vendor: Sophos and McAfee. Both products use both industry-standard and their own proprietary techniques for analyzing messages. Dynamic updates allow both the rules engine, and the rules themselves, to be updated at any time. As an ESA administrator, you can choose to run one, or the other, or both, provided you have a license key.