How MSME protects your Exchange Server

Learn how MSME protects your exchange server by accessing all email messages that reach the exchange server, and emails that are read from and written to the mailbox.

Protecting your Microsoft Exchange server

MSME uses the virus scanning interface of your Exchange server to gain full access to all email messages that are being read from, and written to the mailbox of the Exchange server.

  • The anti-virus scanning engine compares the email message with all the known virus signatures stored in the DATs.
  • The content management engine scans the email message for banned content as specified in the content management policies in MSME.

If these checks find any viruses or banned content within the email message, MSME takes the specified action. If no items are detected, MSME passes the information back to the virus-scanning interface to complete the original message request within Microsoft Exchange.

Real-time detection

MSME integrates with your Exchange server and works in real time to detect and delete viruses or other harmful or unwanted code. It also helps you maintain a virus-free environment by scanning the databases on your Exchange server. Each time an email message is sent to or received from a source, MSME scans the email message to compare it with a list of known viruses and suspected virus-like behavior and intercepts and cleans the infected file before it spreads. It can also scan content within the email message (and its attachments), using rules and policies defined in the software.

Scanning of email messages

  • The anti-spam, anti-virus, and the content management engines scan the email messages and provide the result to MSME before the content is written to the file system or read by the Microsoft Exchange users.
  • The anti-virus and the anti-spam scanning engines compare the email message with all the known signatures stored in the currently installed virus definition files (DATs) and anti-spam rules. The anti-virus engine also scans the message using selected heuristic detection methods.
  • The content management engine scans the email message for banned content as specified in the content management policies running within the software. If there are no viruses, banned/unwanted content in the email message, MSME passes the information back to Microsoft Exchange. In case of a detection, MSME takes actions as defined within its configuration settings.

How scanning works

  • Central to your MSME are the scanning engine and DAT files. The engine is a complex data analyzer. The DAT files contain a great deal of information including thousands of different drivers, each of which contains detailed instructions on how to identify a virus or a type of virus.
  • The scanning engine works with the DAT files. It identifies the type of the item being scanned and decodes the content of that object to understand what the item is. It then uses the information in the DAT files to search and locate known viruses. Each virus has a distinctive signature. There is a sequence of characters unique to a virus and the engine searches for that signature. The engine uses a technique called heuristic analysis to search for unknown viruses. This involves analyzing the object's program code and searching for distinctive features typically found in viruses.
  • Once the engine has confirmed the identity of a virus, it cleans the object to the extent possible. For example, it removes an infected macro from an attachment or deletes the virus code in an executable file.

What and when to scan?

  • The threat from viruses can come from many directions such as infected macros, shared program files, files shared across a network, email messages and attachments, floppy disks, files downloaded from the Internet, and so on. Individual McAfee Security anti-virus software products target specific areas of vulnerability. We recommend a multi-tiered approach to provide the full range of virus detection, security, and cleaning capabilities that you require.
  • MSME provides a range of options that you can further configure according to the demands of your system. These demands will vary depending on when and how the component parts of your system operate and how they interact with each other and with the outside world, particularly through emails and Internet access.
  • You can configure or enable various actions that allow you to determine how your MSME server should deal with different items and what actions it should take on detected or suspicious items.