How ScanMail Protects the Microsoft Exchange Environment Parent topic

Trend Micro recognizes the unique dangers posed by viruses/malware to Microsoft Exchange servers. Trend Micro designed ScanMail to protect Exchange from these numerous and diverse security risks. ScanMail uses a filtering strategy to protect Exchange. When each message arrives at the Exchange server, ScanMail subjects the email message to each filter in the following order:
  • Spam prevention
  • Data Loss Prevention
  • Content filtering
  • Attachment blocking
  • Security risk scan (advanced threat scan)
  • Deep Discovery Advisor
  • Web reputation
In addition, ScanMail provides notifications and log queries to assist administrators to monitor and react to security risks.

How ScanMail Protects the Microsoft Exchange Environment

Feature
Description
Spam Prevention
Email Reputation
ScanMail includes Email Reputation, which allows you to block spam messages before they enter the network.
Content Scanning
ScanMail uses the Trend Micro spam engine and spam pattern file to screen out spam messages before they are delivered to the Information Store. Administrators can create approved and blocked senders lists if End User Quarantine is enabled. If End User Quarantine is enabled, end users can create their own lists of approved senders.
ScanMail performs one of the following actions on detected spam:
  • Quarantines spam messages to a spam message folder
  • Deletes the spam message
  • Tags and delivers messages as spam
Data Loss Prevention
ScanMail can filter content for sensitive information in a message header, subject, body, and/or attachment based on policies set by the administrator. ScanMail filters outgoing email messages and can perform one of the following actions on email messages that contain sensitive information in the message body or attachments:
  • Replace with text/file
  • Quarantine entire message
  • Quarantine message part
  • Delete entire message
  • Backup
  • Pass message part
Content filtering
ScanMail can filter content in a message header, subject, body, and/or attachment based on policies set by the administrator. ScanMail filters incoming and outgoing email messages and can perform one of the following actions on email messages that contain undesirable content in the message body or attachments:
  • Replace with text/file
  • Pass entire message
  • Pass message part
  • Quarantine entire message
  • Quarantine message part
  • Delete entire message
  • Backup
Attachment blocking
ScanMail can block undesirable attachments according to administrator-defined types or specific names. During manual or scheduled scanning, ScanMail can replace the detected file with a text message and then deliver the message to the intended recipient.
During real-time scanning, ScanMail can perform one of four actions against blocked attachments:
  • Replace attachment with text/file
  • Quarantine entire message
  • Quarantine message part
  • Delete entire message
Security risk scan
Security risk scan employs one of the following scan engines:
  • Security risk scan uses the latest version of the Trend Micro VSAPI scan engine to detect viruses/malware, spyware/grayware, worms, Trojans, and other malicious code. The Trend Micro scan engine uses pattern recognition and rule-based technologies to scan all incoming and outgoing messages for viruses/malware and other security risks in real time or on-demand.
  • Security risk scan uses the Advanced Threat Scan Engine (ATSE) which employs a combination of pattern-based scanning and heuristic scanning to detect document exploits and other threats used in targeted attacks. Administrators can configure ScanMail to send suspicious files to Deep Discovery Advisor for further analysis.
Web Reputation
ScanMail queries Trend Micro rating servers for the reputation rating when an email message with a URL in the message subject, body, or attachment arrives, before delivery to the information store.
However, administrators can enable approved list to avoid scanning trusted URLs.
Depending on the configuration, web reputation performs one of actions:
  • Quarantine message to user's spam folder
  • Delete entire message
  • Tag and deliver
Real-time scan
ScanMail guards possible virus/malware entry points with real-time scanning of all incoming messages, SMTP messages, documents posted on public folders, and files replicated from other Microsoft Exchange servers. During real time scanning, ScanMail takes actions against security risks according to the administrator’s configurations.
Manual/Scheduled scans
ScanMail performs manual and scheduled scanning on demand according to a manual prompt or schedule. On demand scanning eliminates viruses/malware from inside the Information Store databases, eradicates old virus/malware infections, and minimizes the possibility of reinfection. When performing a manual or scheduled scan, ScanMail takes actions against security risks depending on the administrator’s configurations.
ScanMail allows the selection of individual Stores for scanning. For example, you can use this option to provide security risk scan and content security for a particular storage groups’ databases, rather than for all storage groups.
Alerts and notifications
ScanMail can send alerts about virus/malware outbreaks and significant system events. Outbreak alerts notify administrators when the number of detected viruses/malware, uncleanable files, or blocked attachments exceed a set number. This enables administrators to react quickly to security breaches in their Exchange environment.
Reports and logs
ScanMail provides logs and reports to keep administrators informed about the latest security risks and system status. ScanMail logs significant events such as component updates and scan actions. Administrators can query these events to create log reports providing current and detailed information about the security of the Exchange environment.
ScanMail can generate reports for system analysis that can be printed or exported.