Anti-virus and anti-spam protection of the Microsoft Exchange server starts immediately after the Security Server component is installed unless it has been turned off in the Application Configuration Wizard.
The following application mode is engaged by default:
The application scans messages for all currently known malware in Anti-Virus databases with the following settings:
The application scans the message body and attached objects in any format, except for container objects with a nesting level above 32.
The application scans all storages of public folders and all mailbox storages.
The choice of the operation performed upon detection of an infected object depends on the role of the Microsoft Exchange Server where the object has been detected:
When an infected object is detected on a Microsoft Exchange Server in a Hub Transport or Edge Transport role, the object is deleted automatically, and the application saves the original copy of the message in Backup and adds the [Infected object detected] tag to the message subject.
When an infected object is detected on a Microsoft Exchange Server in a Mailbox role, the application saves the original copy of the object (attachment or message body) in Backup and attempts disinfection. If disinfection fails, the application deletes the object and replaces it with a text file containing the following notification:
Malicious object <VIRUS_NAME> has been detected. The file (<object_name>) was deleted by Kaspersky Security 9.0 for Microsoft Exchange Servers. Server name: <server_name>
When a password-protected or corrupted object is detected, the application skips it.
The application scans messages for spam with the following settings:
The application uses the low sensitivity level of anti-spam scanning. This level provides an optimal combination of scanning speed and quality.
The application skips all messages. Messages that have been tagged as Spam, Probable spam, Mass mailing, or Blacklisted are marked with special tags in the message subject: [!!SPAM], [!!Probable Spam], [!!Mass Mail] and [!!Blacklisted], respectively.
The maximum duration for scanning a single message is 60 seconds.
The maximum size of a message with attachments to be scanned is 1,536 KB (1.5 MB).
If you chose to use KSN in the Configuration Wizard, the KSN and Reputation Filtering services are enabled. Otherwise, the KSN and Reputation Filtering services are disabled.
If you enabled the use of the Enforced Anti-Spam Updates Service in the Application Configuration Wizard, the use of the Enforced Anti-Spam Updates Service is enabled. Otherwise, the use of the Enforced Anti-Spam Updates Service is disabled.
The application does not scan outgoing messages for data leaks. If the DLP Module is installed, you should configure the DLP policies (see Security Officer's Guide to Kaspersky Security 9.0 for Microsoft Exchange Servers for detailed information).
If the application database update feature is enabled in the Quick Start Wizard, the databases will be regularly updated from Kaspersky Lab update servers (with a frequency of once every hour for Anti-Virus and DLP Module databases and once every five minutes for Anti-Spam databases).