How To Enforce Your Exchange Anti-Spam And Malware Protection

You might think that the anti-spam technology offered by Microsoft Exchange is enough, but many would beg to differ. To further enforce their network’s security strategy, some organizations simply couple their anti-spam solution with their current antivirus software.

What they fail to realize is that because malware threats have become increasingly sophisticated over the years, an organization can no longer rely solely on desktop-based antivirus solutions to protect their business’ assets.

Let’s take a common day example. A user receives an email at work. Assuming that the email is legitimate, especially knowing there are anti-spam filters in place, the user just downloads the attachment or any other type of call-to-action used in the email. Their computer is now infected.

What failed?

Because the anti-spam filter in place simply stops at spam filtering and doesn’t include antivirus scanning abilities, it only looks for keywords or IP addresses related to spam. Malware creators continuously update their spamming methods.

As a result, spam with malicious content can sometimes go through in the opportunity window that exists between the evolved spam and the time it takes for conventional anti-spam filters to adopt technologies to counter such danger. Having anti-malware protection that works in tandem with your anti-spam solution will help keep threats delivered through email at bay.

Multiple antivirus engines

Antivirus software identifies malware using one of three different methods: signature files, heuristic analysis or sandboxing. Signature files are definitions created by the vendor to help the antivirus engine identify malware.

If the signature file and the suspected software match, the antivirus software does not allow the executable file to run. This keeps false positive rates down but can be detrimental if a signature file has not yet been created or if the user has not yet downloaded the updated signature files.

Heuristic analysis looks for known patterns in different types of malware. This works well against malware where there is still no signature file, because instead of looking for an exact match, the antivirus engine looks for common patterns. While this is more susceptible to falsely identifying legitimate programs as malware, it does a much better job at protecting against zero-day threats.

Sandboxing works like heuristic analysis, but it is much more effective at identifying malicious software because it actually runs the executable in a virtual environment. This helps to cut down on false positives and is more effective at identifying executables that can infect your system.

Solutions that use a mix of antivirus engines that encompass all three of these strategies will offer protection against known and unknown threats while minimizing the possibility of falsely identifying a legitimate application as harmful or, worse, allowing a harmful application into the network thinking that it is safe.


For companies who do not have a dedicated IT security department, managing antivirus software can be extremely difficult and time consuming. Having a solution in place that requires a minimal amount of configuration, runs automatic updates and includes a user-friendly management console, is paramount to keeping an organization safe against email-based malware.

When security solutions are too complicated for the staff to use, they are often neglected and forgotten. Add the fact that an improperly configured security solution can give users a false sense of security or prevent users from carrying out legitimate activities, and you can see where a solution that is easy-to-use and out-of-the-box is essential. As long as cyber criminals can profit from malware, companies of all sizes will be under attack. By proactively addressing these threats, you can keep your company’s resources and employees as safe as possible.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Emmanuel Carabott CISSP heads security research at GFI Software. He has over 12 years’ experience in the security field and is a regular contributor to several websites and blogs. For more information about the benefits of using email usage reporting.