Trend Micro
recognizes the unique dangers posed by security threats to Microsoft Exchange servers.
Trend Micro designed ScanMail to protect Exchange from these
numerous and diverse security risks. ScanMail uses a filtering strategy to protect Exchange. ScanMail subjects the email message to
each filter in the following order:
-
Spam Prevention
-
Advanced Spam Prevention
-
Data Loss Prevention
-
Content Filtering
-
Attachment Blocking
-
Security Risk Scan (advanced threat scan)
-
Web Reputation
In addition, ScanMail provides notifications and log queries to assist administrators to
monitor and react to security risks.
How ScanMail Protects the Microsoft Exchange Environment
|
Feature
|
Description
|
|
Spam Prevention
|
Email Reputation
ScanMail includes Email
Reputation, which allows you to block spam messages before they enter the network.
Content Scanning
ScanMail uses the Trend Micro spam engine and spam pattern file to
screen out spam messages before they are delivered to the Information Store. Administrators
can create approved and blocked senders lists if End User Quarantine is enabled. If
End User
Quarantine is enabled, end users can create their own lists of approved senders.
|
|
Advanced Spam Prevention
|
The Advanced Spam Prevention provides configuring ScanMail for Business Email
Compromise (BEC) to detect a probable scam or attack using email messages that appear
to be
from a high profile user, such as, a corporate user from the executive team. You can
also
configure the whole internal domain of senders for BEC to scan for probably scam or
attack.
The Advanced Spam Prevention also provides option to select Conservative or
Aggressive mode for scanning. The Aggressive Mode requires Virtual Analyzer to scan
content
in an isolated virtual environment, while the Conservative Mode scans content using
other
methods in the absence of Virtual Analyzer.
|
|
Data Loss Prevention
|
ScanMail can filter content for
sensitive information in different message parts based on policies set by the administrator.
ScanMail filters outgoing email
messages and can perform specific actions on email messages that contain sensitive
information.
|
|
Content Filtering
|
ScanMail can filter content in
a message header, subject, body, and/or attachment based on policies set by the
administrator. ScanMail filters
incoming and outgoing email messages and can perform specific actions on email messages
that
contain undesirable content in the message body or attachments.
|
|
Attachment Blocking
|
ScanMail can block undesirable
attachments according to administrator-defined types or specific names. During scanning,
ScanMail can replace the detected
file with a text message and then deliver the message to the intended recipient.
|
|
Security Risk Scan
|
Security risk scan employs one of the following scan engines:
|
|
Web Reputation
|
ScanMail queries Trend Micro rating servers and for the reputation
rating when an email message with URLs in the message subject, body, or attachment
arrives,
before delivery to the information store.
ScanMail also optionally
queries Trend Micro Deep Discovery Analyzer
server for advanced threats detection when an email message with URLs could not be
rated by
Trend Micro rating servers.
However, administrators can enable approved list and bypass internal domain URLs to
avoid
scanning trusted URLs.
|
|
URL Time-of-Click Protection
|
The URL Time-of-Click Protection enables you to configure ScanMail to rewrite the URLs in the
email message body during scanning, and analyze these URLs only when the message recipient
clicks on these URLs.
|
|
Real-time Scan
|
ScanMail guards possible
virus/malware entry points with real-time scanning of all incoming and outgoing messages,
SMTP messages, documents posted on public folders, and files replicated from other
Microsoft
Exchange servers. During real time scanning, ScanMail takes actions against security risks according to the
administrator’s configurations.
|
|
Manual/Scheduled Scans
|
ScanMail performs manual and
scheduled scanning on demand according to a manual prompt or schedule. On demand scanning
eliminates viruses/malware from inside the Information Store databases, eradicates
old
virus/malware infections, and minimizes the possibility of reinfection. When performing
a
manual or scheduled scan, ScanMail takes actions against security risks depending on the
administrator’s configurations.
ScanMail allows the selection
of individual Stores for scanning. For example, you can use this option to provide
security
risk scan and content security for a particular storage groups’ databases, rather
than for
all storage groups.
|
|
Alerts and notifications
|
ScanMail can send alerts about
outbreaks and significant system events. Outbreak alerts notify administrators when
the
number of detected security risks exceeds a set number. This enables administrators
to react
quickly to security breaches in their Exchange environment.
|
|
Reports and logs
|
ScanMail provides logs and
reports to keep administrators informed about the latest security risks and system
status.
ScanMail logs significant events
such as component updates and scan actions. Administrators can query these events
to create
log reports providing current and detailed information about the security of the Exchange
environment.
ScanMail can generate reports
for system analysis that can be printed or exported.
|