Configuring the Default Anti-Malware Policy
By default, malware filtering is enabled in Microsoft Exchange Server 2013.
The default anti-malware policy controls your company-wide malware filtering settings. As an administrator, you can view and edit, but not delete, the default anti-malware policy so that it is tailored to best meet the needs of your organization.
- In the EAC, navigate to Protection > Malware filter, and then double-click the default policy.
- Click the Settings menu option. In the Malware Detection Response section, use the option buttons to select the action to take when malware is detected in a message:
- Delete the entire message prevents the entire message, including attachments, from being delivered to the intended recipients. This is the default value.
- Delete all attachments and use default alert text Deletes all message attachments, not just the infected one, and inserts the following default alert text into a text file that replaces the attachments: "Malware was detected in one or more attachments included with this email. All attachments have been deleted."
- Delete all attachments and use custom alert text Deletes all message attachments, not just the infected one, and inserts a custom message into a text file that replaces the attachments. Selecting this option enables the Custom alert text field where you must type a custom message.
Please note: if malware is detected in the message body, the entire message, including all attachments, will be deleted regardless of which option you select. This action is applied to both inbound and outbound messages.
- In the Notifications section, you have the option to send a notification email message to senders or administrators when a message is detected as malware and is not delivered. These notifications are only sent when the entire message is deleted.
- In the Sender Notifications section, select the check boxes to Notify internal senders (those within your organization) or to Notify external senders (those outside your organization) when a detected message is not delivered.
- Similarly, in the Administrator Notifications section, select the check boxes to Notify administrator about undelivered messages from internal senders or to Notify administrator about undelivered messages from external senders. Specify the email address or addresses of the administrator in their respective Administrator email address fields after selecting one or both of these check boxes. Use a semicolon to separate multiple addresses.
The default notification text is "This message was created automatically by mail delivery software. Your email message was not delivered to the intended recipients because malware was detected." The language in which the default notification text is sent is dependent on the locale of the message being processed. - In the Customize Notifications section, you can create customized notification text to be used in place of the default notification text for sender and administrator notifications. Select the Use customized notification text check box, and then specify values in the following required fields:
- From name The name you want to be used as the sender of the customized notification.
- From address The email address you want to be used as the sender of the customized notification.
- Messages from internal senders The Subject and Message of the notification if the detected message originated from an internal sender.
- Messages from external senders The Subject and Message of the notification if the detected message originated from an external sender
The default Subject text is "Undeliverable message."
Click Save. A summary of your default policy settings appears in the right pane.