How ScanMail Protects the Microsoft Exchange Environment

Trend Micro recognizes the unique dangers posed by viruses/malware to Microsoft Exchange servers. Trend Micro designed ScanMail to protect Exchange from these numerous and diverse security risks. ScanMail uses a filtering strategy to protect Exchange. When each message arrives at the Exchange server, ScanMail subjects the email message to each filter in the following order:

In addition, ScanMail provides notifications and log queries to assist administrators to monitor and react to security risks.

Feature	Description
Spam Prevention	Email Reputation ScanMail includes Email Reputation which allows you to block spam messages before they enter the network. Content Scanning ScanMail uses the Trend Micro spam engine and spam pattern file to screen out spam messages before they are delivered to the Information Store. The Exchange server will not process rejected spam mail and the rejected messages do not end up in your clients’ mailboxes. On Exchange Server 2003, administrators can create approved and blocked senders lists if End User Quarantine is enabled. If End User Quarantine is enabled, end users can create their own lists of approved senders. ScanMail performs one of the following actions on detected spam: Quarantines spam messages to a spam message folder Deletes the spam message Tags and delivers messages as spam
Content filtering	ScanMail can filter content in a message header, subject, body, and/or attachment based on policies set by the administrator. ScanMail filters incoming and outgoing email messages and can perform one of the following actions on email messages that contain undesirable content in the message body or attachments: Replace with text/file Pass entire message Pass message part Quarantine entire message Quarantine message part Delete entire message Backup
Attachment blocking	ScanMail can block undesirable attachments according to administrator-defined types or specific names. During manual or scheduled scanning, ScanMail can replace the detected file with a text message and then deliver the message to the intended recipient. During real-time scanning, ScanMail can perform one of four actions against blocked attachments: Replace attachment with text/file Quarantine entire message Quarantine message part Delete entire message
Security risk scan	Security risk scan employs the latest version of the Trend Micro scan engine to detect viruses/malware, spyware/grayware, worms, Trojans, and other malicious code. The Trend Micro scan engine uses pattern recognition and rule-based technologies to scan all incoming and outgoing messages for viruses/malware and other security risks in real time or on-demand.
Web reputation	ScanMail queries Trend Micro rating servers for the reputation rating when an email message with a URL in the message subject or body before they are delivered to the information store. However administrators can enable approved list to avoid scanning deemed safe URLs. Depending on the configuration, Web reputation performs one of actions: Quarantine message to user's spam folder Delete entire message Tag and deliver
Real-time scan	ScanMail guards possible virus/malware entry points with real-time scanning of all incoming messages, SMTP messages, documents posted on public folders, and files replicated from other Microsoft Exchange servers. During real time scanning, ScanMail takes actions against security risks according to the administrator’s configurations.
Manual/scheduled scans	ScanMail performs manual and scheduled scanning on demand according to a manual prompt or schedule. On demand scanning eliminates viruses/malware from inside the Information Store databases, eradicates old virus/malware infections, and minimizes the possibility of reinfection. When performing a manual or scheduled scan, ScanMail takes actions against security risks depending on the administrator’s configurations. ScanMail allows the selection of individual Stores for scanning. For example, you can use this option to provide security risk scan and content security for a particular storage groups’ databases, rather than for all storage groups.
Alerts and notifications	ScanMail can send alerts about virus/malware outbreaks and significant system events. Outbreak alerts notify administrators when the number of detected viruses/malware, uncleanable files, or blocked attachments exceed a set number. This enables administrators to react quickly to security breaches in their Exchange environment.
Reports and logs	ScanMail provides logs and reports to keep administrators informed about the latest security risks and system status. ScanMail logs significant events such as component updates and scan actions. Administrators can query these events to create log reports providing current and detailed information about the security of the Exchange environment. ScanMail can generate reports for system analysis that can be printed or exported.