Malware, short for malicious software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software.[Malware is a general term used to refer to a variety of forms of hostile or intrusive software. Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, and other malicious programs. Malware has been a security issue for messaging systems like Exchange Server. In Exchange Server 2013, Microsoft has integrated anti-malware capabilities into the product, providing administrators with a "free" option for protecting Exchange.

In this article I will show how to configure Anti Malware and testing in Exchange Server 2013

In my LAB I use three computers

- DC2012: Domain Controller (domain mcthub.local) running Windows Server 2012

- EXCHANGE1: Domain Member running Windows Server 2012 and Exchange Server 2013 (Mailbox Role and Client Access Role)

- CLIENT1: Domain Member running Windows 8 and Outlook 2013


Enable antimalware features in Exchange Server 2013


- On EXCHANGE1, open Exchange Management Shell, change current folder to “C:\Program Files\Microsoft

\Exchange Server\V15\Scripts” by typing the following cmdlet cd “C:\Program Files\Microsoft\Exchange Server\V15\Scripts”

Then enable antimalware scanning by typing following script, and then press Enter.


- Restart the Microsoft Exchange Transport Service by typing following cmdlet

- Verify that the following antimalware agent is listed: Malware Agent. Note that the status of Malware Agent is Enabled True if the script was allowed to complete.


Configure the default antimalware policy in Exchange Server 2013


- Open Internet Explorer, type the following address in the address bar, https://exchange1.mcthub.local/ecp. In the Exchange Admin center , on the feature pane, click on protection..clickmalware filter tab, click Default rule and click Edit button on the toolbar.


- Click on settings. Under Malware Detection Response, select Delete all attachments and use custom alert text. In the Custom alert text box, type the following text: The attachment has been deleted because it contained malware

- Under Notifications, select both Notify internal senders and Notify external senders check boxes.

- Under Administrator Notifications, select the both Notify administrator about undelivered messages from internal senders and Notify administrator about undelivered messages from external senders check box. In the Administrator email address box, type  administrator@mcthub.local.

- Click save button

- Switch to CLIENT1. Logon any user (user phuongnam). Download a file contained malware ( from the link

- Open Outlook, compose a message to another (manhtrong) and attach file

- Logon on user manhtrong, open Outlook, open the new message from phuongnam. Double-click the

attachment and verify that the code that was in the file has been deleted and replaced by the custom text you configured.



Thank you for reading my article

To view my article in Vietnamese, click the link below
By Đồng Phương Nam