Exchange 2013 brings you a new feature Malware Protection which can help in protecting our spams emails, Malware is comprised of viruses and spyware which inspects each and every mail in our exchange server.
There are several anti-malware protection options in Exchange 2013:
Build In Anti Malware Protection for Exchange 2013
We can use the Exchange malware protection feature in order to help you combat malware this basic anti-malware protection can be turned off, replaced, or paired with a cloud-based service (such as Microsoft Exchange Online Protection
or Microsoft Forefront Online Protection for Exchange) to provide a layered defense.
Cloud Based Anti Malware Protection
Microsoft Forefront Online Protection for Exchange (FOPE) which is hosted Filtering service which is used for cloud based solution ( Exchange Online Protection) EOP.
Third Party Solutions
We can also disable the build in malware protection and install a third party anti malware for our Exchange Server
During our Exchange 2013 Setup it will prompt you to enable the Malware feature,
Lets start with Our Current Anti-Malware Protection Feature which is in our On-Premises
Login to the EAC Console
Navigate to Protection Settings
Malware Detection Response
When Malware is detect with any attachment you can chose the following settings to delete messages or delete attachments or to allow custom text from for the email.
Its also allow you to send a notification to both internal and External Senders for undelivered Messages
You can create a dedicated Mailbox to monitor the Emails which is undelivered.
Now we need to check the regular update if we have enable the Malware Protections
- We cannot perform this task from Exchange Administration Console
- We need to use Exchange Management Shell to update the latest engine of malware protection
- To download updates, we must be able to access the Internet and be able to establish a connection on TCP port 80 (HTTP).
To download engine and definition updates, run the following command
Open the EMS go to scripts folder
Update-MalwareFilteringServer.ps1 -Identity <FQDN of server>
Now how do we know that its got update with the latest Update or not
Open the Event Viewer Under the Application Logs
Filter the current logs and Select FIPS ( Filter Engine Update Process)
You will see an event ID 6033
MS Filtering Engine Update process performed a successful scan engine update.
Scan Engine: Microsoft
Engine Version: 1.1.8601.0
Signature Version: 1.131.2169.0