Kaspersky
Question

KS 9.0 for Exchange - Release infected mail from Backup to analyse it

  • 9 April 2019
  • 6 replies
  • 154 views

Kaspersky Security 9.0 for Microsoft Exchange (9.5.153.9)
Exchange 2016 on Windows Server 2016

Hi,
does anyone have a workflow to release an infected mail which was stopped by Anti-Virus on Hub-Transport? Unlike to the attachment filter, I can't define exceptions like sender- or recipient-addresses. When I send it again to an other mailbox, Kaspersky strikes again and the mail goes to Backup. When I download it, the Antivir Server-Client will notice it. The only way I see is to disable the Anti-Virus check on Hub-Transport or Antivir Server-Client, which is not the best solution I think..

Thanks!

6 replies

please check “advanced anti-virus settings” tab.

But if all the anti virus products detect a virus, I would be careful (maybe you send the mail to kaspersky to analyze it → company account)?

Thank you for your reply.

I can not see quarantine setting on this tab (https://support.kaspersky.com/KS4Exchange/9.6/en-US/48563.htm)

Yes, you’re right, we must be carefull.. I don’t have ideas about which mails are in quarantine (sender, recipient, etc.)

Thanks for helping

Hi, not sure if I understand your question right. But in our setup we can find the quarantined mails in “backup”, based on rules which are set in anti-virus for mailbox and transport (see screenshots). Sure, the mails/attachments are potentially harmful. But in some cases we need to know, why they came to exchange and were not blocked before (gateways etc...).

 

you can define trusted recipients, file masks.

That doesn’t work. Even if the sender (kasperksy daemon mail) and recipient ist trusted etc., the mail is blocked again - but only if it’s blocked because auf virus. If it’s block because of forbidden attachment, it works.

Userlevel 3
Badge +1

you can define trusted recipients, file masks.

please check “advanced anti-virus settings” tab.

But if all the anti virus products detect a virus, I would be careful (maybe you send the mail to kaspersky to analyze it → company account)?

Thank you for your reply.

I can not see quarantine setting on this tab (https://support.kaspersky.com/KS4Exchange/9.6/en-US/48563.htm)

Yes, you’re right, we must be carefull.. I don’t have ideas about which mails are in quarantine (sender, recipient, etc.)

Thanks for helping

Userlevel 3
Badge +1

please check “advanced anti-virus settings” tab.

But if all the anti virus products detect a virus, I would be careful (maybe you send the mail to kaspersky to analyze it → company account)?

Kaspersky Security 9.0 for Microsoft Exchange (9.5.153.9)
Exchange 2016 on Windows Server 2016

Hi,
does anyone have a workflow to release an infected mail which was stopped by Anti-Virus on Hub-Transport? Unlike to the attachment filter, I can't define exceptions like sender- or recipient-addresses. When I send it again to an other mailbox, Kaspersky strikes again and the mail goes to Backup. When I download it, the Antivir Server-Client will notice it. The only way I see is to disable the Anti-Virus check on Hub-Transport or Antivir Server-Client, which is not the best solution I think..

Thanks!


Hi,

With KS 9.0, how can you view catched emails? With backup feature, I can not see quarantine, although statistics show few mails.
Thanks!

Userlevel 7
Badge +2
Hi, welcome to the new Kaspersky Community.
I am not sure if this will exactly be what you are looking for in your situation.
But i hope it is a starting point.
https://docs.microsoft.com/en-us/office365/securitycompliance/find-and-release-quarantined-messages-as-an-administrator#Releasequarantinedmessageallowfuturemessagesfromsender
Thank you.

Reply