Configuration G DATA Exchange Mail Security

G DATA Exchange Mail Security is configured in the G DATA Administrator.

You can find the settings by selecting the "Client" area in the object selection and the "Exchange" supergroup in the object tree. The icon legend helps you to get a quick overview of the functions.

Clients Module

In the submodule "Overview" all important information is summarised in a table.

Show table

Column name

Meaning

Client

Name of the Exchange server

Tenant

Indication of which client G DATA Exchange Mail Security belongs to

Security status

Warnings that something needs to be checked (G DATA Exchange Mail Security no longer reports to G DATA Management Server, virus database out of date or unread logs)

Engine A

Last version status of Engine A reported by G DATA Exchange Mail Security

Engine B

Last version of Engine B reported by G DATA Exchange Mail Security

Data status

Data status of the signatures

Version G DATA Security Client

Last version of the installed program version reported by G DATA Exchange Mail Security

Restart required

Indicates when a restart must be performed

Last synchronisation

Indicates when the G DATA Exchange Mail Security service last reported to G DATA Management Server

Update virus database / time

Shows when the last virus signature update was loaded from G DATA Management Server

Update program files / time

Shows when the last program update was loaded from the G DATA Management Server

Type

Indicates the type of client

Exchange Module Settings

Submodule General

In the submodule you configure the tool.

Automatically update virus signatures

Update virus signatures automatically

G DATA Exchange Mail Security always receives the latest virus signatures from the G DATA Management Server on contact, if newer virus signatures are available.

Update programme files automatically

G DATA Exchange Mail Security always receives the latest program update from G DATA Management Server on contact, if a newer version is available.

Proxy settings

If the Exchange Server is connected to the Internet via a proxy server, this must be stored.

AntiVirus protection

Access scan

G DATA Exchange Mail Security scans all mails that are routed through the transport service in the Exchange Server (internal and external mails).

Scan settings

Function

Selection options

Advantages

Disadvantages

Use engines

Both engines - performance-optimised (recommended): If both engines are switched on, they complement each other optimally.

Highest level of security during detection.

Slightly increased impact on performance.

Engine A only (recognition: very good / performance: very good): Only Engine A is switched on.

Less influence on the server performance and very good security in detection.

Protection no longer optimal, but still very good.

Engine B only (recognition: good / performance: optimal): Only Engine B is switched on.

Least impact on the performance of the server and good security in detection.

Protection no longer optimal, but still good.

In case of infection

Log only: If a virus is detected, only a log is sent to the G DATA Management Server.

Since no action is taken, error detections can be identified during a test phase without affecting the daily business.

Low security, only suitable for testing purposes or for special application environments.

Disinfect (if not possible: log only): If a virus is detected, an attempt is made to clean up the malicious email or its attachment. If this is not successful, only a log is sent to the G DATA Management Server.

If the email cannot be deleted or moved, an attempt is made to clean up the email/attachment.

The majority of viruses are located in virus files and remain.

Attempting to disinfect a file may in rare cases result in file corruption.

Disinfect (if not possible: quarantine): If a virus is detected, an attempt is made to clean up the malicious email. If this is not successful, the email is moved to quarantine. In addition, a log is sent to G DATA Management Server.

The e-mail still exists after the attempt to disinfect.

The logs and e-mails must be deleted manually.

Attempting to disinfect a file may in rare cases result in file corruption.

Disinfect (if not possible: remove message): If a virus is detected, an attempt is made to clean up the malicious email. If this is not successful, the e-mail and attachment are deleted. In addition, a log is sent to G DATA Management Server.

Recommended for high mail traffic with many virus detections.

In case of a false positive, the e-mail will no longer exist.

Information loss possible.

Remove infected attachments: In the event of a virus detection, the attachments (or the email text) in which the infection was found are removed.

Safe and requires little work.

Information loss possible.

Move message to quarantine: If a virus is detected, the e-mail is immediately moved to quarantine.

This provides the highest level of data security as nothing is deleted or corrupted.

If there is a high volume of e-mails, there may be a large number of infected e-mails and attachments in the system. Select this option only if the quarantine is checked regularly and infected files are deleted promptly.

Remove message: If a virus is found, the e-mail is deleted immediately.

Safe and little work.

In case of a false positive, the e-mail is no longer present and must be resent by the sender.

Information loss possible.

File types

All files: All files are checked.

Highest level of detection security.

Slightly increased impact on performance.

Only programme files and documents: No archives are checked, for example.

Improves performance with heavy email traffic.

Protection is not optimal.

Use heuristics

With the help of heuristics, typical characteristics of malware can be analysed to further increase detection.

Improves malware detection significantly.

May lead to false positive results.

Check archives

Archive files can be quite large and thus influence performance. The checking of archive files such as *.zip or *.iso can be switched off. We advise you to switch this off only if necessary. The files in the archive files can also be cleaned up later by mailbox scans.

Little impact on server performance. When unpacking the archive file on a client, in case of infection, the G DATA Security Client guard will react to the infection.

Protection is not optimal.

Submodul AntiSpam

Special settings for specific email addresses or domains and configuration for handling spam.

Spam filter

Switched on (recommended)

The spam filter is enabled and can be configured.

The spam filter requires a free connection to ctmail.com.

Use whitelist

Stored email addresses or domains will be delivered without spam checking.

Edit whitelist

Enter the email addresses or domains that should be excluded from spam checking.

Use blacklist

Stored e-mail addresses or domains will be classified as "Very high spam probability" and treated accordingly.

Edit blacklist

Enter the e-mail addresses or domains that you want to treat according to the settings of "Very high spam probability".

The spam filter is available only on Exchange servers running the Hub Transport role.

Spam filters are divided into three categories, for each category you can define how the Exchange plugin reacts.

The three categories are listed in a staggered manner

Suspicion of spam
High spam probability
Very high spam probability

Reaktion

Deliver mail: The mail is sent to the recipient’s inbox.

Move mail to quarantine: The mail is moved to quarantine.

Reject mail: The mail will not be accepted.

Move mail to spam folder: The mail will be moved to the recipient’s junk mail folder.

Public mailboxes do not have a junk mail folder preconfigured by Microsoft.

Prefix in subject line

The prefix is added to the subject line of the mail declared as spam. An individual text can be entered.

Message in the text

The message is inserted into the body of the email declared as spam. An individual text can be entered.

Create reports

When an email is declared as spam, a log is sent to G DATA Management Server. Keep in mind that, depending on the volume of spam mail, an enormous amount of spam reports can accumulate. Under certain circumstances, this can put a heavy load on the database. Helpful is the setting for the Reaction reject mail, so can it be traced which e-mails have been rejected as spam.

Module Tasks

Create jobs for scanning mailboxes here, or edit existing jobs. Existing jobs are listed in the module area. To edit a job, right-click on the desired job → Properties.

Jobs can be created as a one-time scan or as a periodically repeating scan. To do this, right-click in the empty window of the module area (Add → One-time Exchange Scan Job or Periodic Exchange Scan Job).

The window for configuration opens:

Settings
Job name	Freely chosen name
Schedule	Interval of execution	Only for periodic scan job
Time	Start time of execution	In case of a periodic scan job, the date of the first execution can also be specified
Settings	Percentage progress is displayed in the data line of the job
Scanner
Identical selections as in the Scan settings in the General submodule of the Exchange settings
Analysis scope
Mailboxes	All Mailboxes
Exclude mailboxes: all except the selected mailboxes
Include mailboxes: none except the selected mailboxes
Add/Remove	Add or remove the mailboxes which are to be excluded. Or which ones should be scanned only
Scan public folders	Decides whether to include public mailboxes

Settings

Job name

Freely chosen name

Schedule

Interval of execution

Only for periodic scan job

Time

Start time of execution

In case of a periodic scan job, the date of the first execution can also be specified

Settings

Percentage progress is displayed in the data line of the job

Scanner

Identical selections as in the Scan settings in the General submodule of the Exchange settings

Analysis scope

Mailboxes

All Mailboxes

Exclude mailboxes: all except the selected mailboxes

Include mailboxes: none except the selected mailboxes

Add/Remove

Add or remove the mailboxes which are to be excluded. Or which ones should be scanned only

Scan public folders

Decides whether to include public mailboxes

Module Logs

Security logs contain virus detections and (if Create report for a spam level has been checked) the desired spam logs.

Infrastructure logs contain all relevant information about the infrastructure, such as virus and program updates, necessary reboots, etc.

Module Statistics

There is an option to have information about the frequency of events filtered out. The values refer only to existing logs. Deleted logs are not taken into account.

Three hit lists are available:

Hit list threats by notifier: shows the total sum of virus detections and detected spam mails respectively.
Hit list threats by viruses: shows the sum of virus detections listed by the frequency of the viruses encountered.
Hit list threats by clients: shows the total sum of virus detections separated by exchange server. The client is also displayed here.