This article contains information on why outbound messages may contain malware, steps to stop infected messages, and how Mimecast's tools, such as Message Tracking and Internal Email Protect, can help prevent and remediate outbound malware threats.
Mimecast scans all outbound messages that the on-premises email server or hosted email service sends to its email security platform. Once there, the messages are checked to determine if they contain known malware. Any messages found to contain malware are blocked, thereby ensuring they aren't sent to your customers, business partners, and other third parties.
This guide lists the frequently asked questions about outbound malware and provides information about how Mimecast can prevent malware in outbound messages from being sent.
| Q:
|
Why are messages containing malware being sent from our email platform?
|
| A: |
Outbound messages infected with malware could be sent from your email server or platform for the following reasons:
- A user’s device has been compromised by malware that has hijacked their email client to send messages automatically to contacts in their address book.
- A user’s email account credentials have been stolen, and a bad actor is using them to send malicious messages to targeted individuals.
- A malicious user is sending messages containing malware.
- A user is inadvertently sending messages with attachments that they don’t realize are infected with malware.
|
| Q: |
How can I stop outbound messages infected with malware from being sent?
|
| A |
To minimize the damage and cost to your business, you must contain this threat as quickly as possible. If you know the sender's email address:
- Isolate their endpoint devices.
- Remove them from the network.
- Disable their logon to your email platform.
|
| Q: |
How can Mimecast protect you from sending malware in outbound messages?
|
| A: |
You may already have tools that can help with the investigation, but your priority must be preventing these messages from leaving your organization. Mimecast's email security can help you quickly identify the cause of any outbound messages it identifies as containing malware. There are several mechanisms you can use, including:
-
Message Tracking: This allows you to identify individual senders that have sent malware outbound by using the following options from the Message Center | Rejected and Deferred Messages menu item:
- Click on the Rejected tab.
- Change the Search drop-down from All drop-down to Rejection Type.
- Enter a value for Virus. This returns all messages blocked due to virus infection.
- Export the list of messages in CSV or Excel format.
- Open the exported file and search in the first column for any internal senders. This also enables you to identify the recipient had the message not been blocked and when the message was sent.
See the Message Center: Rejected and Deferred Messages page for further details.
-
Account Assessment Report: This provides an overview of your Mimecast account, including outbound messages with malware detected. See the Account Assessment Report Overview page for further details.
-
Internal Email Protect: This Mimecast add-on extends detection and protection to internal email threats and provides threat response and remediation. It can also notify you immediately when outbound malware is detected and provides the incident investigation tools you need to help respond, contain, and manually remediate threats. See the Targeted Threat Protection: Internal Email Protect page for further details.
|
Comments
Please sign in to leave a comment.