OSCE scans POP3 emails and detects malicious content. In rare cases, POP3 emails bypass scans because of their header length.
Due to email structure complexity, the POP3 email header length is set to 64 bytes by default in OSCE. If the header length exceeds 64 bytes, the email bypasses the scan.
Trend Micro highly recommends using an email security product (e.g. Deep Discovery Email Inspector) to protect all email channels.
To adjust and set the header length limit for POP3 email messages:
- Upgrade to at least OfficeScan 11.0 Service Pack 1 4150 and contact Trend Micro Technical Support for Hot Fix Build 4253. If you have OfficeScan 11.0 Service Pack 1 Patch 1 or XG, proceed to next step.
- Open the Ofcscan.ini file in the \PCCSRV\ folder under the OfficeScan server installation directory.
- Under the [Global Setting] section, manually add the HdrPerEnt key and set an appropriate value for the header fields. For example, to set the limit to 100 fields:
HdrPerEnt=100The default value for this key is 64 and can take any value. However, Trend Micro recommends limiting the value to 1024 fields.
- Save the changes and close the file.
- Open the OSCE web console and go to the Agents > Global Agent Settings screen.
- Click Save to deploy the setting to agents.
The OSCE server deploys the command to OSCE agents and adds the following registry entry in all OSCE agent computers:
Key: HdrPerEntType: dwordValue: 100 (Decimal)
- Restart the OSCE agents.