Exchange Server Toolbox logo

Exchange Server Toolboxv5.7Anti-Spam & -Virus, Backup and Rules Engine for the Exchange Server


Improve Protection Against Locky Ransomware

The macro trojan "Locky" is running rampant. Experts estimate that in Germany 17,000 computers were infected in 24 hours. Locky scrambles and remanes all files on an infected machine and even accesses connected USB or network drives. Victims can buy a decryption key from the extortionists, but at the moment there is no other way to regain the files.

The most common way the trojan arrives is an office document (e.g. Word or Excel) with embedded macros. Sometimes it hides in a ZIP file the user has to open. Other file formats might be affected as well.

What Should Companies do?

The sad truth is: There is no such thing as absolute safety. The malware is tweaked constantly - and security has to be adapted accordingly. No one can guarantee that today's solution will guarantee a safe sytem tomorrow. Does this mean that resistance is futile? No! Just don't allow yourself to be lulled into a false sense of security. Stay alert!

Administrators have to implement safety measures. If possible, block the execution of macros via Group Policy Settings. Microsoft offers how-tos - for example for Office 2013.

Keep your employees informed! Many affected businesses were hit because an staff member did not know that Locky could lurk in simple Word document.

Your Exchange Server: Email Security Starts Here

To augment your level of protection you can adjust the security settings of the Exchange Server Toolbox.

Refuse Virus-Infected E-Mails

The Exchange Server Toolbox can automatically refuse emails if a virus is detected. The sender receives a warning via email and can take steps to remove the infection.

Proceed as follows:

  • Open the Exchange Server Toolbox menu.
  • Navigate to "Rules" > "Incoming".
  • Edit the "Antivirus" rule:
    • Select the action "Refuse mail".
    • Optionally you can change the email sent to the sender, for example to "Virus found: [$Virus name$]". Double-click on "Refuse mail" under "Rule content".
  • Save your changes.

Virenvbefallene E-Mails automatisch ablehnen mit der Exchange Server Toolbox.

Move all Office Attachments to Quarantine

If this rule is active, all attached Microsoft Office files will be removed from the emails and stored in a secure place. If the user requires one of these files, the administrator can check the file and forward it to the user as long as it is clean.

Proceed as follows:

  • Open the Exchange Server Toolbox menu.
  • Navigate to "Rules" > "Incoming".
  • Activate the "Security: Office attachments removal" rule.
    • This rule saves all Office attachments to "C:\ProgramData\JAM Software\Exchange Server Toolbox\BackupMails\EntfernteAnhaenge\[$Date$]\[$MessageID$]".
    • Date and message ID will replace the placeholders used in the path.
  • A list of all removed files and the information that they were removed for security reasons will be attached to processed emails.
  • Save your changes.

Alternatively you can refuse emails with attachments completely.

Office-Anhänge automatisch aus E-Mails löschen und in Quarantäne verschieben mit der Exchange Server Toolbox.

We protect your privacy! The plug-in "Shariff" makes sure that your data will not be transferred to social networks unless you click one of the share buttons. Learn more.