Overview
Fact Sheet
How To
FAQs
Download
Feature Matrix

Exchange Server email content control (internal, outgoing, incoming)
Exchange Server email content control (outgoing, inbound)
Exchange Server email content control (internal, outbound, inbound)

Real-time & after-the-fact scanning:

Intelligent Content Analysis (ICA):

Smart Action Triggers™

Disclaimers:

Exchange Server Support

Support is provided for:
 Exchange 2010
Exchange 2007
Exchange 2003
Exchange 2000
Exchange 5.5
SBS 2003

Cluster environments support:
Active/Passive
Active/Active/Active

All service packs for Exchange Server are supported.

SecurExchange - > How To

Search Exchange Mailboxes and Public Folder for Content?

An Exchange mailbox content search can be initiated to identify any correspondence concerning a certain topic in response to a legal, financial or other action weeks or even months after they occur or to cleanup and remove sensitive information like credit card or account number data. Scanning of Exchange mailboxes compliments SecurExchange's real-time monitoring and active control of email thereby providing protection at the 4 critical points of email delivery (internal, outgoing, inbound, and "After the Fact"). Support for Recovery Storage Groups (RSG) is supported. A mailbox search involves the Exchange System Administrator quickly creating or activating a previous mailbox search definition.

When messages and their attachments are encountered in a user's mailboxes that meet the search criteria, any number of Smart Action Triggers can be invoked on the message. Smart Action Triggers for instance can copy the message to the Security Officer, copy or move to message to a public folder , archive the message to a SQL or ODBC database, or completely delete the message from the employee's or contractor's mailbox.

When invoking a mailbox content search, an existing Concept Policy item, or Nemx provided template such as credit card data (PCI), Social Security Numbers (SSN), account numbers, confidential material, harassing or inappropriate language may be used as the search criteria allowing analysis of the content of both the message and any attachments. Office documents such as Word (*.doc,*.rtf), Excel (*.xls,*.xlt), and PowerPoint (*.ppt) and Adobe PDF files (*.pdf) as well as archive files (*.zip) will be fully scanned. Mailbox scanning utilizes Nemx's Intelligent Content Analysis which uses natural language processing queries and techniques including dictionary, thesaurus and prefix/suffix, plural stripping methods, and regular expressions (to name a few) to ensure you find what you are looking for, something keyword and keyphrase based products can not do.

In this How To, we will copy all messages located in all user's mailboxes to a public folder for review as well a text based Audit Log will be created. The original messages will remain in the user's mailbox and subfolder after the search.

For other scenarios of SecurExchange see the following link.

Create the Smart Action Trigger:

If the Smart Action Trigger (SAT) that you wish to invoke on every message matching the search definition is not currently defined, then one will need to be created

  1. On the Actions configuration tab, select Content and Spam Actions
  2. Click Add
  3. In the Name Field, enter a name for this Action, say "Search Mailboxes - Copy to Security Officer Folder"
  4. In the Message Auxiliary area, enable the "Send Copy to" action, and hit the Copies button
  5. Select the appropriate Address List type. For this example, select "Public Folders"
  6. Set the Security Officer Public Folder and then the Add button.
  7. Hit Ok to save the Send Copy recipients
  8. In the Message Auxiliary area, enable the "Log Filter History" and hit the Options button
  9. Enter the filename for the Audit Log (or select an SQL or ODBC DSN for database archiving recording)
  10. Hit Ok to save the Audit Log location
  11. Hit Ok to save the Smart Action Trigger

Create the Mailbox Search Definition:

For any mailbox search, a definition of what to scan or discover needs to be created along with the frequency in which the definition will periodically be run. Definitions once created will remain available for future mailbox searches.

In this How To we will create a new Mailbox Search Definition, which will be run once and will look for a existing "Confidential" policy concept in both the message text and within attachments.

  1. On the Actions configuration tab, select Mailbox Content Search
  2. Click Add
  3. Enter a Description for this search definition
  4. Set the Frequency of execution to "Run Once"
  5. Select the Message Store Search Type. For this example select "Private Message Store" (user mailboxes)
  6. Enable the Message Content Filtering option
  7. In the Defaults Action list, select the previously created SAT, namely "Search Mailboxes - Copy to Security Office Folder"
  8. Hit the Content Rules button
  9. Hit Add to add a new content rule or existing Concept Policy
  10. In the Message Content field enter "Confidential Concept" (existing Concept Builder Policy)
  11. Select the Scan Format options as Message Body and Attachments
  12. Select any specific options in terms of message direction (inbound/outbound/private/public)
  13. Select any Include or Exclude Restrictions if required
  14. Hit Okay to save the Search Mailbox Definition

Run the Mailbox Search Definition:

Once a mailbox search definition is created, it can be run at any point in time. As this definition is current set as Run Once, all that is required to start searching mailboxes is to enable the definition.

  1. On the Actions configuration tab, select Mailbox Content Search
  2. Select the previously created Mailbox Search Definition in the Schedule Definitions list
  3. Select the "Active" checkbox.
  4. Hit Ok

At this point, the Nemx SecurExchange service will start to run the definition. Status on the Mailbox Search definition can be viewed in real time by starting the Schedule Event Viewer.

  1. Hit the Event Viewer button

This How To applies to the following SecurExchange family of products:

 

Corporate

Perimeter

SBS

Anti-Spam

IMF

AutoContent

Monitoring / Control

Inbound

 

Outbound

 

 

Internal

 

 

  

 

opt

Mailbox Search

 

 

  

 

 

Granular by AD Group

Smart Action Triggers (Partial List)

Multi-level Quarantine

 

Multi-level "Approve and Send"

 

 

Block / Delete Message

 

Copy / Notify / Route Message

 

Secure Message (encrypt / sign)

Opt

Opt

 

  

 

 

Selective Archive to SQL / ODBC

 

 

 

Audit Log

 

 


Need to add virus protection to your solution?
Check out SecurExchange Anti-Virus

More About This Product: Fact Sheet | FAQS | Download | Feature Matrix

Still not sure which solution is right for you? Find out more about our SecurExchange family of products, compare products through a feature matrix, or view some of our most Frequently Asked Questions, or email info@nemx.com

 

Internal corporate email outnumbers all other messages 8:1

Appliances and managed services monitor only 15% of total corporate email traffic


Real-time monitoring of all Exchange Server traffic – Internal, Inbound, Outbound

“Plug & Play” Exchange Server add-in

Concept-based content analysis for greater accuracy and flexibility

Smart Action Triggers™ - over 17 standard process actions

Automatic, policy-driven S/MIME encryption for outbound & internal mail (optional)

After-the-fact mailbox scanning supports ediscovery activities. Support for Recovery Storage Groups (RSG)

Inspect MS Office & PDF file attachments for compliance & content violations

Easy to use Policy Builder for fast, accurate creation of policy rules

Selective archival to MSSQL or ODBC compliant databases

Zero-hour virus & malware defense (optional)

Enhanced rule filtering and audit logging

Supports Exchange Server 2010, 2007, 2003, 2000, 5.5 & cluster configurations

Copyright 1996-2007, Nemx Software Corporation, All Rights Reserved. All trademarks used or referred to on this site are the
property of their respective owners. No materials on this site may be reproduced, altered, or further distributed without Nemx's prior written permission.