How-to


Changelog


Troubleshooting


Privacy policy for enterprise solutions



Page tree
Skip to end of metadata
Go to start of metadata

Configuration G DATA Exchange Mail Security

G DATA Exchange Mail Security is configured in the G DATA Administrator.

You can find the settings by selecting the "Client" area in the object selection and the "Exchange" supergroup in the object tree.
The icon legend helps you to get a quick overview of the functions.

Clients Module

In the sub-module "Overview" all important information is summarised in a table.

Important columns (shown in standard)


Column nameMeaning
ClientName of the Exchange server.
ClientIndication of which client G DATA Exchange Mail Security belongs to.
Security statusWarnings that something needs to be checked (G DATA Exchange Mail Security no longer reports to G DATA ManagementServer, virus database out of date or unread logs).
Engine ALast version status of Engine A reported by G DATA Exchange Mail Security.
Engine BLast version of Engine B reported by G DATA Exchange Mail Security.
Data statusData status of the signatures.
Version G DATA Security ClientLast version of the installed program version reported by G DATA Exchange Mail Security.
Restart requiredIndicates when a restart must be performed.
Last synchronisationIndicates when the G DATA Mail Security for Exchange service last reported to G DATA ManagementServer.
Update virus database / timeShows when the last virus signature update was loaded from G DATA ManagementServer.
Update program files / timeShows when the last program update was loaded from the G DATA Management Server.
TypeIndicates the type of client.

Exchange Modul - Settings

Submodule General

In the sub-module you configure the tool.

Automatically update virus signatures

Update virus signatures automaticallyG DATA Exchange MailSecurity always receives the latest virus signatures from the G DATA ManagementServer on contact, if newer virus signatures are available.
Update programme files automaticallyG DATA Exchange MailSecurity always receives the latest program update from G DATA ManagementServer on contact, if a newer version is available.
Proxy settingsIf the Exchange Server is connected to the Internet via a proxy server, this must be stored.

AntiVirus protection

Access scan

G DATA Exchange MailSecurity scans all mails that are routed through the transport service in the Exchange Server (internal and external mails).

Scan settings

FunctionSelection optionsAdvantagesDisadvantages
Use engines

Both engines - performance-optimised (recommended): If both engines are switched on, they complement each other optimally.Highest level of security during detection.Slightly increased impact on performance.
Engine A only (recognition: very good / performance: very good): Only Engine A is switched on.Less influence on the server performance and very good security in detection.Protection no longer optimal, but still very good.
Engine B only (recognition: good / performance: optimal): Only Engine B is switched on.Least impact on the performance of the server and good security in detection.Protection no longer optimal, but still good.
In case of infection





Log only: If a virus is detected, only a log is sent to the G DATA ManagementServer.Since no action is taken, error detections can be idetified during a test phase without affecting the daily business.Low security, only suitable for testing purposes or for special application environments.
Disinfect (if not possible: log only): If a virus is detected, an attempt is made to clean up the malicious email or its attachment. If this is not successful, only a log is sent to the G DATA ManagementServer.If the email cannot be deleted or moved, an attempt is made to clean up the email/attachment.

The majority of viruses are located in virus files and remain.

(warning)  Attempting to disinfect a file may in rare cases result in file corruption.

Disinfect (if not possible: quarantine): If a virus is detected, an attempt is made to clean up the malicious email. If this is not successful, the email is moved to quarantine. In addition, a log is sent to G DATA ManagementServer.The e-mail still exists after the attempt to disinfect.

The logs and e-mails must be deleted manually.

(warning)  Attempting to disinfect a file may in rare cases result in file corruption.

Disinfect (if not possible: remove message): If a virus is detected, an attempt is made to clean up the malicious email. If this is not successful, the e-mail and attachment are deleted. In addition, a log is sent to G DATA ManagementServer. Recommended for high mail traffic with many virus detections.

In case of a false positive, the e-mail will no longer exist.

(warning) Information loss possible.

Remove infected attachments: In the event of a virus detection, the attachments (or the email text) in which the infection was found are removed.Safe and requires little work.(warning)  Information loss possible.
Move message to quarantine: If a virus is detected, the e-mail is immediately moved to quarantine. This provides the highest level of data security as nothing is deleted or corrupted.If there is a high volume of e-mails, there may be a large number of infected e-mails and attachments in the system. Select this option only if the quarantine is checked regularly and infected files are deleted promptly.
Remove message: If a virus is found, the e-mail is deleted immediately. Safe and little work. 

In case of a false positive, the e-mail is no longer present and must be resent by the sender.

(warning) Loss of information possible.

File typesAll files: All files are checked.Highest level of detection security.Slightly increased impact on performance.
Only programme files and documents: No archives are checked, for example.Improves performance with heavy email traffic.Protection is not optimal.
Use heuristicsWith the help of heuristics, typical characteristics of malware can be analysed to further increase detection.Improves malware detection significantly.May lead to false positive results. 
Check archivesArchive files can be quite large and thus influence performance. The checking of archive files such as *.zip or *.iso can be switched off. We advise you to switch this off only if necessary. The files in the archive files can also be cleaned up later by mailbox scans.Little impact on server performance. When unpacking the archive file on a client, in case of infection, the G DATA Security Client guard will react to the infection.Protection is not optimal.

Submodul AntiSpam

Special settings for specific email addresses or domains and configuration for handling spam.

Spam-Filter 

Switched on (recommended)The spam filter is enabled and can be configured.
(warning) The spam filter requires a free connection to ctmail.com.
Use whitelistStored email addresses or domains will be delivered without spam checking.
Edit whitelistEnter the email addresses or domains that should be excluded from spam checking.
Use blacklistStored e-mail addresses or domains will be classified as "Very high spam probability" and treated accordingly.
Edit blacklistEnter the e-mail addresses or domains that you want to treat according to the settings of "Very high spam probability".


The spam filter is available only on Exchange servers running the Hub Transport role.

Spam filters are divided into three categories, for each category you can define how the Exchange plugin reacts.

The three categories are listed in a staggered manner

  • Suspicion of spam
  • High spam probability
  • Very high spam probability
Reaktion


Deliver mail: The mail is sent to the recipient's inbox.
Move mail to quarantine: The mail is moved to quarantine.
Reject mail: The mail will not be accepted.
Move mail to spam folder: The mail will be moved to the recipient's junk mail folder.
(warning) Public mailboxes do not have a junk mail folder preconfigured by Microsoft.
Präfix in BetreffzeileThe prefix is added to the subject line of the mail declared as spam. An individual text can be entered.
Meldung im TextThe message is inserted into the body of the email declared as spam. An individual text can be entered.
Berichte erstellenWhen an email is declared as spam, a log is sent to G DATA ManagementServer.
Keep in mind that, depending on the volume of spam mail, an enormous amount of spam reports can accumulate. Under certain circumstances, this can put a heavy load on the database. Helpful is the setting for the Reaction reject mail, so can it be traced which e-mails have been rejected as spam.

Modul Tasks

Legen Sie hier Aufträge für das Scannen von Postfächern an, oder bearbeiten Sie vorhandene Aufträge. Bereits vorhandene Aufträge werden im Modulbereich aufgelistet. Zum Bearbeiten eines Auftrags klicken Sie mit einem Rechtsklick auf den gewünschten Auftrag → Eigenschaften.

Die Aufträge können als einmaliger oder als ein sich periodisch wiederholender Scan angelegt werden.
Hierzu klicken Sie mit einem Rechtsklick in das leere Fenster des Modulbereiches (Hinzufügen → Einmaliger Exchange-Scan-Auftrag oder Periodischer Exchange-Scan-Auftrag).


Create jobs for scanning mailboxes here, or edit existing jobs. Existing jobs are listed in the module area. To edit a job, right-click on the desired job → Properties.

Jobs can be created as a one-time scan or as a periodically repeating scan.
To do this, right-click in the empty window of the module area (Add → One-time Exchange Scan Job or Periodic Exchange Scan Job).

The window for configuration opens:

Settings
Job nameFreely chosen name
ScheduleInterval of executionOnly for periodic scan job
TimeStart time of executionin case of a periodic scan job, the date of the first execution can also be specified.
SettingsPercentage progress is displayed in the data line of the job.
Scanner
Identical selections as in the Scan settings in the General sub-module of the Exchange settings.
Analysis scope
MailboxesAll mailboxes
Exclude mailboxes: all except the selected mailboxes
Include mailboxes: none except the selected mailboxes
Add/RemoveAdd or remove the mailboxes which are to be excluded. Or which ones should be scanned only.
Scan public foldersDecides whether to include public mailboxes.

Modul Logs

Security logs contain virus detections and (if Create report for a spam level has been checked) the desired spam logs.

Infrastructure logs contain all relevant information about the infrastructure, such as virus and program updates, necessary reboots, etc.

Modul Statistics

There is an option to have information about the frequency of events filtered out. The values refer only to existing logs. Deleted logs are not taken into account.

3 hitlists are available:

Hitlist threats by notifier: shows the total sum of virus detections and detected spam mails respectively.

Hitlist threats by viruses: shows the sum of virus detections listed by the frequency of the viruses encountered.

Hitlist threats by clients: shows the total sum of virus detections separated by exchange server. The client is also displayed here.

If you have any questions or need help with further problem solutions, please feel free to contact our business support: G DATA Technical Support.








  • No labels