Threat Intelligence Services: Anti-Malware for Email

Dual defenses catch outbreaks as they happen

Malware threats continue to grow in both volume and complexity. Email-borne malware remains a considerable threat, with social engineering convincing recipients to open and execute harmful attachments. Cyren’s Anti-Malware for Email service provides security vendors and email service providers the ultimate threat defense capability with a dual-detection approach: cloud-based pattern detection combined with multi-layer file scanning. This dual approach ensures malware detection from the “zero-hour” of an outbreak through any stage of the malware lifecycle.

Advanced cloud pattern detection

Our patented cloud-based Recurrent Pattern Detection (RPD) technology analyzes billions of emails everyday to detect malware outbreaks as they happen. Outbreaks distributed via email share identifiable patterns composed of elements like the sender IP addresses, combinations of characters in the subject or body, and the code in attached malware. RPD does not rely on file scanning, instead detecting based on:

  • Email distribution patterns—such as senders (how many, location) and the volume of the emails sent over a period of time
  • Structure patterns—in the email messages and attachments

Multi-layer file scanning

Cyren’s Anti-Malware engine provides multiple layers of file-based malware detection including:

  • Heuristics—basic and emulator-based
  • Algorithmic scanning methods—using an internal detection language
  • Signature-based scanning—for exact malware file identification
  • Emulation—for encrypted and polymorphic virus detection
  • Threat protection modules—which use the above techniques to accurately detect malware hidden in PDF files, HTML and Java scripts, archive files, and many more

Why use Cyren’s Anti-Malware for Email?

  • High catch rates with our dual detection approach for email-borne malware with our dual detection approach
  • Enhanced customer satisfaction due to realtime protection from emailborne malware with almost zero false positives
  • Increased revenue — by adding a premium messaging security solution to your current offerings
  • Lower TCO — by working with a single vendor for your Internet security services

100% cloud architecture

All Cyren solutions are built on Cyren’s GlobalView™ Security Cloud, the industry’s largest. Our GlobalView cloud collects and analyzes billions of Internet transactions daily to build unmatched insight into Internet security threats. This data is instantly available to endpoints that implement Cyren’s email security, web security and antimalware solutions.

How it works

Anti-Malware for Email can be integrated into vendor devices or service provider environments. An email attachment query is sent by the Mail Transfer Agent (MTA) or security device to Cyren’s engine. The result is a combined response from the pattern detection and file scanning services. This enables the requester to delete malware attachments and emails and forward clean emails to their intended recipients. Integration options include comprehensive SDKs, daemons, and a range of plugins and milters.

Cyren’s anti-malware engine is designed for high throughput, but is also flexible, allowing integration into the thinnest hardware platforms, as well as large-scale carrier-grade deployments. The same engine can be expanded to include additional services such as Anti-Spam or Malware Attack Detection.

By combining multiple security services into a single engine and framework, our partners gain important technological, operational, and financial advantages.


  • Full anti-malware SDK detects worms, Trojans, spyware, adware and potentially unwanted application types
  • Full support for all types of ZIP, Bzip2, RAR, 7zip, NSIS and CAB compression techniques
  • Comprehensive SDK (daemon or shared library) as well as industrystandard milters and plugins
  • Multi-platform (Windows, Linux, UNIX, etc.)
  • Detailed threat feedback through simple API, including detection accuracy and type
  • Small definition file size
  • Efficient processing— hundreds of messages per second, per processor
  • Very low CPU and memory load
Last updated: 2016