KS 9.0 for Exchange - Release infected mail from Backup to analyse it

[rolfroyce]

Kaspersky Security 9.0 for Microsoft Exchange (9.5.153.9) Exchange 2016 on Windows Server 2016 Hi, does anyone have a workflow to release an infected mail which was stopped by Anti-Virus on Hub-Transport? Unlike to the attachment filter, I can't define exceptions like sender- or recipient-addresses. When I send it again to an other mailbox, Kaspersky strikes again and the mail goes to Backup. When I download it, the Antivir Server-Client will notice it. The only way I see is to disable the Anti-Virus check on Hub-Transport or Antivir Server-Client, which is not the best solution I think.. Thanks!

[KarDip]

Hi, welcome to the new Kaspersky Community. I am not sure if this will exactly be what you are looking for in your situation. But i hope it is a starting point. https://docs.microsoft.com/en-us/office365/securitycompliance/find-and-release-quarantined-messages-as-an-administrator#Releasequarantinedmessageallowfuturemessagesfromsender Thank you.

[knut2nd]

  rolfroyce said:

Kaspersky Security 9.0 for Microsoft Exchange (9.5.153.9)
Exchange 2016 on Windows Server 2016

Hi,
does anyone have a workflow to release an infected mail which was stopped by Anti-Virus on Hub-Transport? Unlike to the attachment filter, I can't define exceptions like sender- or recipient-addresses. When I send it again to an other mailbox, Kaspersky strikes again and the mail goes to Backup. When I download it, the Antivir Server-Client will notice it. The only way I see is to disable the Anti-Virus check on Hub-Transport or Antivir Server-Client, which is not the best solution I think..

Thanks!

Hi,

With KS 9.0, how can you view catched emails? With backup feature, I can not see quarantine, although statistics show few mails.
Thanks!

[ak01]

please check “advanced anti-virus settings” tab.

But if all the anti virus products detect a virus, I would be careful (maybe you send the mail to kaspersky to analyze it → company account)?

[knut2nd]

  ak01 said:

please check “advanced anti-virus settings” tab.

But if all the anti virus products detect a virus, I would be careful (maybe you send the mail to kaspersky to analyze it → company account)?

Thank you for your reply.

I can not see quarantine setting on this tab (https://support.kaspersky.com/KS4Exchange/9.6/en-US/48563.htm)

Yes, you’re right, we must be carefull.. I don’t have ideas about which mails are in quarantine (sender, recipient, etc.)

Thanks for helping

[ak01]

i mean

 

Do not scan files matching the masks

Do not scan messages for the following recipients

[ak01]

you can define trusted recipients, file masks.

[rolfroyce]

  knut2nd said:

  ak01 said:

please check “advanced anti-virus settings” tab.

But if all the anti virus products detect a virus, I would be careful (maybe you send the mail to kaspersky to analyze it → company account)?

Thank you for your reply.

I can not see quarantine setting on this tab (https://support.kaspersky.com/KS4Exchange/9.6/en-US/48563.htm)

Yes, you’re right, we must be carefull.. I don’t have ideas about which mails are in quarantine (sender, recipient, etc.)

Thanks for helping

Hi, not sure if I understand your question right. But in our setup we can find the quarantined mails in “backup”, based on rules which are set in anti-virus for mailbox and transport (see screenshots). Sure, the mails/attachments are potentially harmful. But in some cases we need to know, why they came to exchange and were not blocked before (gateways etc...).

 

  ak01 said:

you can define trusted recipients, file masks.

That doesn’t work. Even if the sender (kasperksy daemon mail) and recipient ist trusted etc., the mail is blocked again - but only if it’s blocked because auf virus. If it’s block because of forbidden attachment, it works.