Setting up the script configuration file

The Microsoft Exchange Web Services Managed API 2.0 program interface is required to run the script intended for sending spam for research. Download the software module of this interface by clicking the following link: http://www.microsoft.com/en-us/download/details.aspx?id=35371 and store it in the bin subfolder of the folder containing the script.

The config.xml script configuration file allows you to configure the script. It is structured as follows:

<config>

<senderEmail>administrator@company.com</senderEmail>

<recipientEmail>Probable_KSEspam@spam.kaspersky.com</recipientEmail>

<exchangeVersion>Exchange2013</exchangeVersion>

<envelopeSubject>Example of SPAM Message</envelopeSubject>

<envelopeBody>This message contains SPAM sample in attachment</envelopeBody>

<logSize>10</logSize>

<oldMessages>3</oldMessages>

<ews>https://kseserver.company.com/EWS/Exchange.asmx</ews>

<users>

<user rightsAssigned="True">user@company.com</user>

<user>user1@company.com</user>

<user>user2@company.com</user>

</users>

<subjectMarks>

<mark>[KL SPAM]</mark>

<mark default="True">[!! SPAM]</mark>

<mark>[!!SPAM]</mark>

<mark>[!!Spam]</mark>

<mark>[!!Probable Spam]</mark>

<mark>[!!Blacklisted]</mark>

</subjectMarks>

</config>

You can redefine the following parameters of the script's configuration file:

• senderEmail – the email address from which messages with spam samples are sent to Kaspersky for analysis.

  The account under which the script is executed should have full privileges to manage the mailbox from which messages are sent to Kaspersky.

• recipientEmail – email address to which spam samples are sent. The default address is Probable_KSEspam@spam.kaspersky.com.
• exchangeVersion – a parameter describing the Microsoft Exchange Server version for initializing EWS API; it can take one of the following values (you have to choose the most appropriate value):
  • Exchange2013 (for Microsoft Exchange 2013)
  • Exchange2013_SP1 (for Microsoft Exchange 2013 SP1 and later)
  • Exchange2016 (for Microsoft Exchange 2016)
• envelopeSubject – the subject of the message to which spam samples are attached before it is sent. Changing this value is not recommended.
• envelopeBody – the text of the message to which spam specimen are attached before it is sent. Changing this value is not recommended.
• logSize – the maximum size of the script log file (in megabytes) upon which rotation is performed. You can specify any value.
• oldMessages – the maximum age of messages (in days) that the script selects for transmission. The default value is 3 days. Changing this value is not recommended.
• ews – Exchange Web Services address. If this parameter is present in the configuration file, the script does not use the option that automatically detects the CA of the server. Using this parameter is not recommended.
• users – a section containing the email addresses of users whose mailboxes are processed by the script. This section can contain a random number of entries with individual mailboxes of users.
• user – an entry containing the email address of the mailbox to be processed by the script. The rightsAssigned attribute is inserted automatically when the rights are assigned. Changing this value manually is not recommended, unless you need to reassign rights to a user's mailbox. Entries for which this attribute has not been set are skipped by the script.
• subjectMarks – a section containing possible tags that are added by anti-spam systems to the message subject. This section can contain a random number of entries. However, the number of different tags can affect the speed of the search for messages in user mailboxes.
• mark – an entry containing an individual tag. The default attribute marks the entry that is used by the script to tag the messages sent for analysis. It is not recommended to set the default attribute for several tags, as doing so would disrupt the operation of the script.