ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What you can do with Mail Security


Article ID: 181292


Updated On:


Mail Security for Microsoft Exchange




Table: What you can do with Mail Security lists the tasks that you can perform with Mail Security.

Table: What you can do with Mail Security



Manage your Exchange environment by using policies

You can configure Productname to scan email messages and their attachments for threats such as viruses, Trojan horses, adware, spyware, and spam. You can define policies to detect potential risks to your Microsoft Exchange email system and process email messages and attachments that contain threats.

See About Mail Security policies.

Scan your Exchange server for risks and violations

You can keep your server protected by performing any of the following types of scans:

  • Auto-Protect scans

  • Manual scans

  • Scheduled scans

  • Background scans

See About the types of scanning that you can perform.

Protect against threats

Symantec engineers track reported outbreaks of threats (such as viruses, Trojan horses, and worms) to identify new risks. After a threat is identified, information about the threat (a signature) is stored in a definition file. This file contains information to detect and eliminate the threat. When Mail Security scans for threats, it searches for these signatures. Definition files are downloaded using LiveUpdate or Rapid Release.

See About keeping your server protected.

Mail Security also uses Symantec Bloodhound heuristics technology to scan for threats for which no known definitions exist. Bloodhound heuristics technology scans for unusual behaviors such as self-replication to target potentially infected message bodies and attachments.

See Configuring a threat detection.

Keep your protection up-to-date

Mail Security relies on up-to-date information to detect and eliminate risks. One of the most common reasons computers are vulnerable to attacks is that definition files are out-of-date. Symantec regularly supplies updated definition files.

Using LiveUpdate, Mail Security connects to a Symantec server over the Internet and automatically determines if definitions need to be updated. If they do, the definition files are downloaded to the proper location and installed. If you need a quicker response for emerging threats, you can enable Rapid Release to get the most current definitions that are available.

See About keeping your server protected.

See About using Mail Security with other antivirus products.


You must have a valid license to update definitions.

See About licensing.

Identify spam email

Spam is unsolicited bulk email, which most often advertises messages for a product or service. It wastes productivity, time, and network bandwidth.

Symantec Premium AntiSpam provides continuous updates to the premium antispam filters to ensures that your Exchange server has the most current spam detection filters.

See How to detect spam using Symantec Premium AntiSpam.

See Configuring whitelists.

You must have a valid Symantec Premium AntiSpam license to enable Symantec Premium AntiSpam.

See About licensing.

Filter undesirable message content and attachments

Mail Security lets you create the content filtering rules that you can use to filter email messages and attachments. Mail Security provides some predefined file filtering rules that you can use to enforce email attachment policies. Mail Security also uses match lists to filter email messages and attachments for specific words, terms, and phrases. Mail Security also provides the predefined content filtering policy templates that help prevent data leakage.

See About content filtering.

Apply X-headers to messages for archiving

Mail Security provides default X-headers that you can apply to the email messages that contain content filtering rule violations or are spam or suspected spam. You can modify the default X-headers, or you can create your own.

See About applying X-headers to messages for archiving.

Manage outbreaks

An outbreak occurs when the number of threats to the Microsoft Exchange system that are detected over a period of time exceeds a specified limit. Mail Security lets you manage outbreaks quickly and effectively by setting outbreak rules and sending notifications when an outbreak is detected.

You can also select an action to take when an outbreak is detected, such as the following:

  • Delete the entire message.

  • Delete the attachment or the message body.

  • Quarantine entire message and replace with text.

  • Quarantine the attachment or the message body.

  • Log the event.

  • Add Tag to the beginning of the subject line.

You can set rules to define an outbreak based on event. For example, the same threat occurs a specified number of times within a specified time period. You can also configure Mail Security to send notifications and alerts in the case of an outbreak.

See About outbreak management.

Quarantine infected message bodies and attachments

Mail Security for Microsoft Exchange includes a local quarantine that can store the infected message bodies and attachments that are detected during scans. You can configure Mail Security to quarantine threats and security risks, and file filtering violations in the local quarantine.

The quarantined items that contain threats can be forwarded to the Symantec Central Quarantine, if it is installed. The Symantec Central Quarantine program is available on the Mail Security product CD.

You can quarantine the entire message or by parts.

See About the quarantine.

Monitor Mail Security events

Mail Security logs events to the Windows Application event log. You can view the events that are logged to the Windows Application event log from the console.

See Viewing the Mail Security Event log.

Mail Security logs extensive report data on threats, security risks, violations, spam, and server information to the reports database. You can use this data to generate summary or detailed reports based on different subsets of the data.

See About logging events.

See Creating or modifying a Summary report template.

See Creating or modifying a Detailed report template.

Generate reports

Mail Security collects scan data from your Exchange servers and generates reports.

Mail Security provides the preconfigured report templates that you can modify. You can also create your own report templates.

You can create the following types of report templates:

  • Summary

  • Detailed

See About generating reports.

Send notifications when a threat or violation is detected

Mail Security provides several options for notifying administrators, internal senders, and email recipients of threats and violations.

Mail Security lets you define the conditions in which to send an alert. You can also customize the alert message text for each alert condition that you define.

See Configuring rules to address unscannable and encrypted files.

See Configuring a threat detection.

See Configuring notification settings for scan violations.

Manage single and multiple Exchange servers

Mail Security can protect one or more Exchange servers. If your organization has multiple Exchange servers, you can manage all the servers from the same console that you use to manage a single server.

By switching between the server view and group view, you can manage the following:

  • Configuration settings for individual servers

  • All servers in a specific location

See About managing your Exchange servers.