Dangerous Email attachements

How dangerous is malware for your company?

Protecting your mail servers from viruses effectively

Tips & Tricks Mail Server IT-Security
15.06.2022

Every day, your Exchange Server receives hundreds, if not thousands, of emails. It is probably clear that these are not always customer requests.

According to a study by Statista, the number of spam sent worldwide peaked in July 2021 at around 283 billion spam emails. By comparison, a total of around 336 billion emails were sent worldwide in the same month. Quite a lot!

 

Spam is annoying and dangerous

Spam emails are not only annoying and time-consuming to delete, they also often contain malware in their attachments. This can be viruses, Trojans or even worms, which often disguise themselves well.

As a result, such malware may be detected too late or not at all by your employees in the heat of the moment. If there is no effective virus protection on the work computer, the malware can infect your company network within seconds.

Once the Trojan is in your system, it can rage as often as it likes. Companies are often powerless in the face of ransomware, or extortion Trojans, as the Ransomware Trends Report 2022 makes clear: 76 percent of companies affected by ransomware buy their freedom from the extortionists.

 

Recognizing the dangers of phishing emails

Phishing emails also pose a danger: Here, senders use clever email forgeries to try to inspire trust in the recipient and get him or her to divulge security-relevant data, such as login information.

However, emails from known and trusted senders can also be contaminated. Botnets are often the means of choice for cybercriminals. A botnet is a spanning network of individual bots, i.e. automatic computer programs. These bots use proxy servers to imitate familiar connections in order to infect corporate networks.

The bottom line, then, is that it is sometimes almost impossible for ordinary employees without a deeper technical understanding to distinguish phishing emails from genuine emails in your inbox. This poses a great potential danger, especially for mails with dangerous attachments.

 

How to protect yourself from viruses in attachments

Whether it's simple spam or well-disguised phishing, it often includes an attachment with dangerous malware.

But how do you protect your corporate network efficiently? We define two simple anti-virus strategies!

 

It's better to check email once too often than once too little

When opening email attachments, as is often the case, use common sense.

If an attachment seems strange to you, check the email again for plausibility.

  • Is the income tax assessment really coming by email?
  • And does Amazon really send the amended terms and conditions directly as a PDF attachment?
  • Or is the email, which is supposed to come from your colleague, not written in a language style that is rather untypical for him?

As a general rule, it is better to think once too much about whether you should really open the email attachment than once too little.

The following may sound obvious, but it is still done far too often: Never open attachments of obvious spam emails! Even if the spam email may seem amateurish at first glance, the attachment can be fire-hazardous to your system.

If you do have to open a questionable attachment, make sure you do so in a shielded environment - for example, on a virtual machine that is shielded from the company network.

 

Reject viruses on the mail server

In addition to training your employees, an effective antivirus scanner on your systems is indispensable. That's why every computer should have antivirus software installed that is updated as frequently as cybercriminals pump new malware into the market.

Even better, reject emails with malicious attachments directly at the level of your Exchange server. If a virus is detected at the server level and the email is rejected for delivery, the malicious content won't reach your employees' inboxes in the first place.

Rejecting viruses at the mail server level has other advantages as well: Since the email is not even accepted by the Exchange Server, it does not need to be covered by the legally compliant archiving process. Given the high density of daily spam, this saves you valuable storage space.

 

Reject viruses already on the mail server

In addition to training your employees, an effective antivirus scanner on your systems is essential. That's why every computer should have antivirus software installed that is updated as frequently as cybercriminals pump new malware into the market.

Even better, reject emails with malicious attachments directly at the level of your Exchange server. If a virus is detected at the server level and the email is rejected for delivery, the malicious content won't reach your employees' inboxes in the first place.

Rejecting viruses at the mail server level has other advantages as well: Since the email is not even accepted by the Exchange Server, it does not need to be covered by the legally compliant archiving process. This saves you valuable storage space given the high density of daily spam.

 

ClamAV for Microsoft Exchange Server

But which solution is best suited for virus protection on a Microsoft Exchange Server? We rely on ClamAV in the Exchange Server Toolbox!

ClamAV is a popular, open source antivirus scanner used by many companies on mail servers. The open source community is continuously working on training ClamAV to detect new malware, leaving no security gap open.

In combination with our plugin Exchange Server Toolbox, ClamAV can reject emails with malware attachments directly at the mail server level. Another practical feature is that the Exchange Server Toolbox adds Sanesecurity signatures directly to ClamAV - these are automatically downloaded.

The Exchange Server Toolbox has a comprehensive set of rules into which the virus scan with ClamAV is integrated. Depending on the settings, emails with dangerous attachments can be rejected directly - the sender is then automatically informed of the undeliverability of his email, if desired.

Alternatively, it can be specified via rules that the attachment is simply removed. In this case, the recipient is informed that the email attachment has been classified as dangerous and removed.

 

Securely protecting the corporate network from malware

The bottom line is that good virus protection is multi-layered.

On the one hand, it is essential to sensitize your employees to the issue of spam and dangerous attachments. Here, good education and practicing on sample cases can protect you from malware.

In addition, effective virus protection on the Microsoft Exchange Server is indispensable. If incoming emails are scanned for viruses and sorted out directly at the mail server level with Exchange Server Toolbox, dangerous attachments will not reach your employees' mailboxes in the first place.

If you don't know our Exchange Server Toolbox yet, you can test our Exchange Server plugin now for one month for free. If you have any further questions, please contact us at exchangeservertoolbox@jam-software.com!

 

 

Want to always stay up to date?

Do you like what you've just read, have new ideas or feedback? Visit our contact form and let us know your thoughts!

Blog author Marcel

Marcel

Mail Server Software