Default Microsoft Exchange Server protection

Anti-virus and anti-spam protection of the Microsoft Exchange server starts immediately after the Security Server component is installed unless it has been turned off in the Application Configuration Wizard.

The following application mode is engaged by default:

• The application scans messages for all currently known malware in Anti-Virus databases with the following settings:
  • The application scans the message body and attached objects in any format, except for container objects with a nesting level above 32.
  • The application scans all mailbox storages.
  • The choice of the operation performed upon detection of an infected object depends on the role of the Microsoft Exchange Server where the object has been detected:
    • When an infected object is detected on a Microsoft Exchange Server in a Hub Transport or Edge Transport role, the object is deleted automatically, and the application saves the original copy of the message in Backup and adds the [Infected object detected] tag to the message subject.
    • When an infected object is detected on a Microsoft Exchange Server in a Mailbox role, the application saves the original copy of the object (attachment or message body) in Backup and attempts disinfection. If disinfection fails, the application deletes the object and replaces it with a text file containing the following notification:

      Malicious object <VIRUS_NAME> has been detected. The file (<object_name>) was deleted by Kaspersky Security 9.0 for Microsoft Exchange Servers. Server name: <server_name>

  • When a password-protected object is detected, the application skips the object.
• The application scans messages for spam with the following settings:
  • The application uses the low sensitivity level of anti-spam scanning. This level provides an optimal combination of scanning speed and quality.
  • The application allows all messages. Messages that have been tagged as Spam, Probable spam, Mass mail, or Address denylist are marked with the following special tags in the message subject: [!!SPAM], [!!Probable Spam], [!!Mass Mail] and [!!Blacklisted], respectively.
  • The maximum duration for scanning a single message is 60 seconds.
  • The maximum size of a message with attachments to be scanned is 2096128 KB (2047 MB).
  • External services are used to check IP addresses and URLs: DNSBL and SURBL. These services enable spam filtering using public lists of denied IP addresses and URLs.
  • If you chose to use KSN in the Configuration Wizard, the KSN and Reputation Filtering services are enabled. Otherwise, the KSN and Reputation Filtering services are disabled.
  • If you enabled the use of the Enforced Anti-Spam Updates Service in the Application Configuration Wizard, the use of the Enforced Anti-Spam Updates Service is enabled. Otherwise, the use of the Enforced Anti-Spam Updates Service is disabled.