Kaspersky Security 9.

0
for Microsoft Exchange
Servers
Proof of Concept guide

Ivan Panin
Kaspersky Lab

06.09.2022
Content

Introduction ...................................................................................................................................................................2
Who should use this guide? ......................................................................................................................................2
About Kaspersky Security for Microsoft Exchange Servers ......................................................................................2
Application components and their purpose ...............................................................................................................3
Application deployment models depending on your corporate Microsoft Exchange infrastructure ..........................4
Prepare an environment ...............................................................................................................................................5
Review hardware and software requirements ...........................................................................................................5
Download required files .............................................................................................................................................5
Account permissions .................................................................................................................................................5
PoC environment description ....................................................................................................................................5
Deployment and configuration ......................................................................................................................................7
Install Active Directory ...............................................................................................................................................7
Install Microsoft Exchange Server ...........................................................................................................................17
Configure Microsoft Exchange Server .....................................................................................................................27
Deploy and configure hMailServer ..........................................................................................................................34
Configure DNS ........................................................................................................................................................39
Install Kaspersky Security for Microsoft Exchange Servers ....................................................................................42
Configure Kaspersky Security for Microsoft Exchange Servers ..............................................................................53
Capability scenarios ....................................................................................................................................................57
Anti-Virus .................................................................................................................................................................57
Anti-Spam ................................................................................................................................................................62
Anti-Phishing ...........................................................................................................................................................65
Content Filtering: Attachments ................................................................................................................................68
Content Filtering: List of keywords ..........................................................................................................................71
Content Filtering: Regular expression .....................................................................................................................74
Allow and Block lists ................................................................................................................................................78
Reporting .................................................................................................................................................................80
Appendix A: POC success criteria ..............................................................................................................................82
Appendix B: Troubleshooting......................................................................................................................................83
Introduction
Who should use this guide?
This guide is built to help you quickly deploy and configure Kaspersky Security for Microsoft Exchange Servers
(KS4Exchange) for evaluation. It guides you through detailed scenarios in a Proof of Concept (PoC) environment to
help you better understand how KS4Exchange works when deployed in a corporate infrastructure. These instructions
provide an evaluation method for the most common KS4Exchange use cases.

The guide is intended for use primarily by Kaspersky’s presales engineers and technical specialists wishing to
evaluate the KS4Exchange product.

It is assumed that the reader has:

• A basic knowledge of virtual machine (VM) management.

• Systems administration or technical reviewing skills.

• Basic skills in mail infrastructure administration.

About Kaspersky Security for Microsoft Exchange Servers

Kaspersky Security 9.0 MR6 for Microsoft Exchange Servers is an application designed for protecting mail servers
based on Microsoft Exchange Server against viruses, Trojans, worms and other types of threats that could be
transmitted via email, as well as against spam and phishing.

Kaspersky Security provides anti-spam protection on the level of your corporate mail server, saving your employees
the trouble of deleting unwanted mail manually.

Kaspersky Security protects mailboxes, public folders, and relayed mail traffic on a Microsoft Exchange Server
against malware, spam, and phishing. Kaspersky Security scans all e-mail traffic passing through the protected
Microsoft Exchange Server.

Kaspersky Security can perform the following operations:

• Scan mail traffic, incoming and outgoing mail, as well as email messages stored on the Microsoft Exchange
Server (including shared folders) for malware. The scan processes the message and all of its attachments.
Depending upon the selected settings, the application disinfects and removes detected harmful objects and
provides users with complete information about them.

• Filter mail traffic to prevent unsolicited mail (spam) and messages with fake senders (spoofing). The Anti-
Spam component scans mail traffic for spam content. In addition, Anti-Spam allows you to create Allow and
Block lists of sender addresses and supports flexible configuration of anti-spam scanning sensitivity.

• Scan mail traffic for phishing and malicious URLs.

• Filter attachments in email messages by format, name, and size of attached files.

• Save backup copies of objects (an object consists of message content and its attachments) and spam
messages prior to their disinfection or deletion to enable subsequent restoration, if required, thus preventing
the risk of data losses. Configurable filters allow the user to easily locate specific stored objects.

• Notify the sender, the recipient and the system administrator about messages that contain malicious objects.

• Manage identical settings of multiple Security Servers in centralized mode by means of profiles.

• Maintain event logs, display statistics, and create regular reports on application activity. The application can
create reports automatically according to a schedule or manually.
 • Configure the application settings to match the volume and type of relayed mail traffic, in particular, define
the maximum connection wait time to optimize scanning.

• Update the Kaspersky Security databases automatically or in manual mode. Updates can be downloaded
from the FTP and HTTP servers of Kaspersky, from a local / network folder that contains the latest set of
updates, or from user-defined FTP and HTTP servers.

• Re-scan old (previously scanned) messages for the presence of new viruses or other threats according to a
schedule. This task is performed as a background scan and has little effect on the mail server’s performance.

• Perform anti-virus protection on storage level based on the list of protected storages.
Refer to KS4Exchange Online Help > About Kaspersky Security 9.0 for Microsoft Exchange Servers:
https://support.kaspersky.com/KS4Exchange/9.6/en-US/22779.htm

Application components and their purpose

Kaspersky Security consists of three basic components:

• The Security Server is installed on the Microsoft Exchange server and is responsible for protection against
viruses and filtering of mail traffic against spam and phishing content. Security Server intercepts messages
coming to the Microsoft Exchange Server and scans them for viruses, spam and phishing content using
embedded Anti-Virus and Anti-Spam modules, respectively. If an incoming message is infected with a virus
or if a message contains indicators of spam or phishing links, the application takes the actions defined in the
settings of the corresponding module.

• The Management Console is a dedicated isolated snap-in integrated into Microsoft Management Console
3.0. You can use the Management Console to create and edit the list of protected Microsoft Exchange servers
and manage Security Servers. The Management Console can be installed both on a Microsoft Exchange
server with the Security Server and on a remote computer.

• The Kaspersky Security for Microsoft Exchange Servers administration plug-in includes libraries allowing you
to manage a protected object through Kaspersky Security Center.
Refer to KS4Exchange Online Help > Application architecture > Application components and their purpose:
https://support.kaspersky.com/KS4Exchange/9.6/en-US/26311.htm
Security Server consists of the following modules:

• Email interceptor. Intercepts messages arriving on the Microsoft Exchange server and forwards them to Anti-
Virus and Anti-Spam. This module participates in Microsoft Exchange processes using Transport Agents
technology.

• Anti-Virus. Scans messages for viruses and other malicious objects. This module comprises an anti-virus
kernel and a storage for temporary objects, which is used for scanning objects in RAM. The storage is located
in the working folder Store.

• Anti-Spam. Filters out unsolicited mail. Copies of deleted messages can be stored in Backup.

• Internal Application Management and Integrity Control Module. It is the Kaspersky Security 9.0 for Microsoft
Exchange Servers service in Microsoft Windows. The module is started automatically when the first message
passes through the Microsoft Exchange server. This service does not depend on the state of the Microsoft
Exchange Server (whether it is started or stopped), so the application can be configured when the Microsoft
Exchange Server is stopped.

• The application stores Backup data and application statistics in a special database deployed on a Microsoft
SQL Server, the so-called the Backup and statistics database.
Refer to KS4Exchange Online Help > Application architecture > Security Server modules:
https://support.kaspersky.com/KS4Exchange/9.6/en-US/26311.htm
Application deployment models depending on your corporate
Microsoft Exchange infrastructure
• The Security Server is installed on the computer hosting the stand-alone Microsoft Exchange Server.
Management Console is installed on the same computer.

• The Security Server is installed in the Database Availability Group (hereinafter also "DAG"). In this case,
the Security Server and Management Console must be installed together on each Microsoft Exchange
server belonging to the DAG.
Refer to KS4Exchange Online Help > Common application deployment procedures and scenarios > Basic
application installation models: https://support.kaspersky.com/KS4Exchange/9.6/en-US/26303.htm

This particular PoC guide describes the scenario of deploying the KS4Exchange for the stand-alone
Microsoft Exchange Server.
Prepare an environment
Review hardware and software requirements
• KS4Exchange Online Help > Hardware and software requirements:
https://support.kaspersky.com/KS4Exchange/9.6/en-US/28855.htm

• Windows Server operating system prerequisites for Exchange Server 2019 Mailbox servers and Edge
Transport servers. Refer to Exchange Server 2019 prerequisites: https://docs.microsoft.com/en-
us/exchange/plan-and-deploy/prerequisites?view=exchserver-2019

• Exchange Server 2019 requirements: https://docs.microsoft.com/en-us/Exchange/plan-and-deploy/system-

requirements?view=exchserver-2019

• SQL Server 2019 Express requirements: https://www.microsoft.com/en-

us/download/details.aspx?id=101064

Download required files

• KS4Exchange version 9.6.96.0: https://www.kaspersky.com/small-to-medium-business-
security/downloads/endpoint

• Exchange Server 2019 Cumulative Update 12: https://www.microsoft.com/en-

us/download/details.aspx?id=104131

• SQL Server 2019 Express version 15.0.2: https://www.microsoft.com/en-

us/download/details.aspx?id=101064

• hMailServer version 5.6.8: https://www.hmailserver.com/download

• SwithMail utility version 2.2.4.0: https://www.tbare.com/software/swithmail/

• Thunderbird version 102.2.1: https://www.thunderbird.net/en-US/

Account permissions
This deployment scenario is suitable for you if you have sufficient privileges to perform all installation operations on
your own without the assistance of other specialists and if your account has the appropriate set of access rights.

• Make sure that the account intended for deploying the application is included in the local "Administrators"
group on the Microsoft Exchange server on which you are deploying the application.

• Make sure that the account intended for deploying the application is included in the "Domain
Administrators" and "Enterprise Administrators" groups. If not, include the account in these groups. This is
needed in order for the Installation Wizard to be able to create a configuration storage and a role-based
access group in Active Directory.
Refer to KS4Exchange Online Help > Scenario of application deployment with the full set of access privileges:
https://support.kaspersky.com/KS4Exchange/9.6/en-US/89868.htm

PoC environment description

Description of the virtual machines used in the demo environment:
Name Operating IP Purpose Hardware Resources
System address

dc.casper.sky Windows 10.10.6.10 Active Directory, DNS 4 x vCPU, 6 GB RAM, 60

Server 2022 Server. GB disk (thin provision).
In fact, it took 18 Gb.

exchange.casper.sky Windows 10.10.6.20 Exchange Server 2019, 8 x vCPU, 16 GB RAM,

Server 2019 SQL Server 100 GB disk (thin
provision). In fact, it took
50 Gb.

wst11.casper.sky Windows 11 10.10.6.11 Send & receive emails 4 x vCPU, 4 GB RAM, 40

using Thunderbird mail GB disk (thin provision).
client. In fact, it took 23 Gb.
Send virus, Spam and
phishing emails using
SwithMail utility.

dc.shadow.lands Windows 10.10.7.10 Active Directory, DNS 4 x vCPU, 4 GB RAM, 60

Server 2022 Server. GB disk (thin provision).
In fact, it took 17 Gb.
hMailServer.

PoC components logical schema

Deployment and configuration
Install Active Directory
1. This section describes the installing Windows Server and adding Active Directory role for dc.casper.sky server.
1.1 Add virtual machine. In this
deployment, VMWare vCenter
7 and ESXi 6.7 were used.
1.2 Click Next.

1.3 Install now.

1.4 Click “I don’t have a product
key”.

1.5 Windows Server 2022

Standard (Desktop
Experience).
1.6 Create Administrator account
password.

1.7 Configure Network settings.

1.8 Rename server.

1.9 Navigate to Server

Management and click Add
Roles and Features
1.10 Select server.

1.11 Select Active Directory

Domain Services role.
1.12 Click Install button.

1.13 Click Close.

1.14 Navigate to Server
Management > Notifications
and click Promote this server
to a domain controller.

1.15 Type root domain name.

1.16 Create the DSRM
password.

1.17 Click Next to all further

elements with default options
1.18 Click Install.

The server will reboot

automatically after a
successful installation of
Active Directory.
Install Microsoft Exchange Server
2. This section describes the installation process of Microsoft Exchange Server 2019 on the host
exchange.casper.sky.
2.1 Create VM, install Windows
Server 2019 using 1.1 – 1.10
steps guidance. Configure
network settings add the host
exchange.casper.sky to the
casper.sky AD.

2.2 Prepare Windows Server for

Exchange Server 2019
deployment.
2.3.1 Install: Visual C++
Redistributable Package
for Visual Studio 2013:
https://www.microsoft.com
/en-
us/download/details.aspx?
id=40784
2.3.2 Install Unified
Communications
Managed API 4.0:
https://www.microsoft.com
/en-
us/download/details.aspx?
id=34992

2.3.3 Install Microsoft .NET

Framework 4.8:
https://go.microsoft.com/f
wlink/?linkid=2088631
2.3.4 Install URL Rewrite 2.1 for
IIS 7:
https://www.iis.net/downlo
ads/microsoft/url-rewrite

2.3.5 Open Windows

PowerShell (Admin) as
Administrator and run the
below command to install
Remote Administration
tools: Install-
WindowsFeature
RSAT-ADDS

2.3.6 Run the below command

to install the server
prerequisites: Install-
WindowsFeature NET-
Framework-45-
Features, RPC-over-
HTTP-proxy, RSAT-
Clustering, RSAT-
Clustering-
CmdInterface, RSAT-
Clustering-Mgmt,
RSAT-Clustering-
PowerShell, Web-
Mgmt-Console, WAS-
Process-Model, Web-
Asp-Net45, Web-
Basic-Auth, Web-
Client-Auth, Web-
Digest-Auth, Web-
Dir-Browsing, Web-
Dyn-Compression,
Web-Http-Errors,
Web-Http-Logging,
Web-Http-Redirect,
Web-Http-Tracing,
Web-ISAPI-Ext, Web-
ISAPI-Filter, Web-
Lgcy-Mgmt-Console,
 Web-Metabase, Web-
Mgmt-Console, Web-
Mgmt-Service, Web-
Net-Ext45, Web-
Request-Monitor,
Web-Server, Web-
Stat-Compression,
Web-Static-Content,
Web-Windows-Auth,
Web-WMI, Windows-
Identity-
Foundation, RSAT-
ADDS

2.3.7 To prepare the active

Directory and the Domains
for Exchange 2019, follow
the following steps:
• Mount the
Exchange Server
2019 Installation
Media.
• Run cmd as
Administrator
• Navigate to the
Exchange
Installation media
path.
• Run the following
command to
extend the
schema:
Setup.exe
/PrepareSchem
a
/IAcceptExcha
ngeServerLice
nseTerms_Diag
nosticDataON
2.3.8 Once the setup completes
successfully, run the
following command:
Setup.exe
/PrepareAD
/OrganizationName:”
<organization
name>”
/IAcceptExchangeSer
verLicenseTerms_Dia
gnosticDataON

2.3.9 Run the below command

to prepare each of the
Active Directory domains:
Setup.exe
/PrepareAllDomains
/IAcceptExchangeSer
verLicenseTerms_Dia
gnosticDataON

2.4 Active Directory forest and

the domain are prepared, we
can finally get running the
Exchange Installation Wizard
and install Exchange Server
2019.
2.4.1 Run the Exchange Server
2019 installer.

2.4.2 Accept License

Agreement.
2.4.3 Use recommended
settings.

2.4.4 Select Mailbox role and an

option: Automatically
install Windows Server
roles and features that are
required to install
Exchange Server.
2.4.5 Exchange Organization.

2.4.6 Disable malware

scanning.
2.4.7 Click Install button.

2.4.8 Setup Progress.

2.4.9 Finish.
Configure Microsoft Exchange Server
3. This section describes configuring the Microsoft Exchange Server 2019.
3.1 Open https://exchange/ecp

3.2 Navigate to Server. Enter no

license, use the Trial mode.
3.3 Navigate to Mail Flow >
Accepted Domains. Check if
there our mail domain.

3.4 Create Send Connector.

Navigate to Mail Flow > Send
Connectors and click “+”(Add),
select “Internet”. Click Next.
3.4.1 Select “MX record
associated with recipient
domain”.

3.4.2 Click “+”(Add).

3.4.3 Enter the “*” to be able to
send emails to external
domains. Click Save.

3.4.4 Open newly created Send

Connector and switch to
Scoping > FQDN. Fill out
the exchange server name
(specify the name by
which your mail server is
accessible from the
Internet).
3.5 Navigate to Mail Flow > Email
Address Policies, click Edit
Default Policy > Email
Address Format and select
“[email protected]”. Click
Save and Apply.

3.6 Navigate to the Recipients and

add users from Active
Directory.
3.7 Deploy Windows workstation
wst11.casper.sky, install and
configure Thunderbird mail
client.
3.8 Test Exchange 2019 internal
mail flow.

3.9 By default, IMAP4 client

connectivity isn't enabled in
Exchange. To enable IMAP4
client connectivity, you need to
perform the following steps:

Start the IMAP4 services, and

configure the services to start
automatically:

Microsoft Exchange IMAP4:

This is the Client Access
(frontend) service that IMAP4
clients connect to.

Microsoft Exchange IMAP4

Backend: IMAP4 client
connections from the Client
Access service are proxied to
the backend service on the
server that hold the active
copy of the user's mailbox.
Deploy and configure hMailServer
4 Create VM for the dc.shadow.lands host, install Windows Server 2022 using 1.1 – 1.10 steps guidance, add
Active Directory role, and install hMailServer.
4.1 Install .NET Framework 2.0,
required for hMailServer.

4.2 Install hMailServer.

4.3 Run hMailServer Administrator
console.
Add domain shadow.lands.

4.4 Add email accounts.

4.5 Navigate to General tab > add
email accounts for
shadow.lands users.

4.6 Switch to Active Directory tab

and fill out Domain and User
name.
4.7 Turn off Anti-spam and Anti-
virus features.
4.8 Configure Thunderbird email
accounts for shadow.lands
users.
Configure DNS
5 DNS. Configure DNS zones and MX records for casper.sky and shadow.lands domains.
5.1 Navigate to Active Directory
server > DNS Manager > New
Zone.
Perform steps 5.1 - 5.4 for
casper.sky and shadow.lands
domains.

5.2 Enter a zone name.

5.3 Enter an IP address of DNS
server.

5.4 Navigate to Active Directory

server > DNS Manager >
Create MX record for
shadow.lands domain.
Keep “Host or child domain”
filed empty.
Enter the FQDN name of a
mail server.
Enter mail server priority.
5.5 Send a test email from
shadow.lands domain to
casper.sky.
Install Kaspersky Security for Microsoft Exchange Servers
6 Install SQL Server Express. The Kaspersky Security for Microsoft Exchange Servers application stores Backup
data and application statistics in a special database deployed on a Microsoft SQL Server, the so-called the
Backup and statistics database.
6.1 Run SQL Server 2019
Express installer on
exchange.casper.sky server.

6.2 Select New SQL Server stand-

alone installation.
6.3 License agreement.

6.4 Ignore firewall warning.

6.5 List of default features.

6.6 Default instance name.

6.7 Turn on SQL Server Browser
for automatic startup.

6.8 Default authentication mode.

6.9 Installation complete.

7 Install Kaspersky Security 9.6.96.0 for Microsoft Exchange.

7.1 Run Kaspersky Security for
Microsoft Exchange installer.
7.2 Accept license agreement.

7.3 Select all components.

7.4 Browse the SQL Server
instance installed on step 6.

7.5 Local system account.

7.6 Click Install.

7.7 Click Next.

7.8 Click Next.

7.9 Add a key file license.

7.10 Click Next.

7.11 Protection settings.

7.12 Click Next.

7.13 Click Next.

7.14 Finish.

Configure Kaspersky Security for Microsoft Exchange Servers

8 Configure Kaspersky Security for Microsoft Exchange Servers.
8.1 Run Kaspersky Security for
Microsoft Exchange
management console.
8.2 Most of protection features are
turned on by default. Navigate
to the localhost.

8.3 Check Protection settings for

the Hub Transport role > Virus
scan setting.
8.4 Check Anti-Spam & Phishing
scan settings.

8.5 Antivirus and Anti-Spam

updates are preconfigured for
periodical automatic update.
8.6 Participation in the KSN is
turned on by default.
Capability scenarios
The following scenarios are designed to help you experience the key features of KS4Exchange. They highlight the
most important functionality and take you through how you can use these features in your own case. You can go
through them in any order or start with the one you’re most interested in.

1. Anti-Virus.
2. Anti-Spam.
3. Anti-Phishing.
4. Content Filtering: Attachments.
5. Content Filtering: List of keywords.
6. Allow and Block lists.
7. Reporting.

Anti-Virus
In this scenario we will demonstrate that KS4Exchange can detect viruses and other malware and apply different
actions to the messages containing malware in accordance with the filtering rules. An EICAR 1 file will be used as a
virus sample.

Evaluation steps:

1. Create or download the EICAR test file.

2. Check that the Anti-Virus protection is enabled in KS4Exchange.
3. Send a test virus message to a protected mailbox.
4. Check that the EICAR was detected and the message was cured.

Expected results:

KS4Exchange will detect and delete the EICAR test file in accordance with the filtering rule. A copy of email
message will be placed in Backup.

Instructions:

1. Log in to the computer with KS4Exchange management console and another computer that to be used to
send the test message.

2. To download or create the test file, you need to disable protection on the computer used for sending test
messages.

Download the EICAR file from this link: https://www.eicar.org/?page_id=3950 or create a new text file and
add the following string to this file:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Save the file as eicar.com and close it.

1 For more information about EICAR please refer to https://support.kaspersky.com/common/diagnostics/7399.

3. Open the KS4Exchange
management console.

Navigate to Localhost >

Server protection >
Protection for the Hub
Transport role > Virus scan
settings.

In the rule settings make sure

that Anti-Virus protection is
enabled, copies of the
messages with malware are
moved to Backup.

Review other the actions on

malware detections and
change them if necessary.

Close the rule properties.

4. Run the SwithMail utility and

specify a sender, a recipient
protected by the Exchange
Server with KS4Exchange.
5. On the Email Addresses /
Attachment tab add the
EICAR test file and recipient
email.
6. On the Email Content tab
enter the Email Subject and
Email Body fields and click
Test Settings.

The test virus message will

be sent. Save the
configuration to an XML file
for future cases if necessary.
7. Open the mail client and log
in to the mailbox where the
test virus message was sent.

Make sure that the message

was delivered without the
EICAR file and the [Infected
object deleted] tag was
added to the message as it
was specified in the Default
rule.

8. Open the KS4Exchange

management console and go
to Backup.

Apply search filters if

necessary and make sure
that the appropriate event
appeared.

After completing these steps, you have successfully demonstrated that KS4Exchange can protect email
infrastructure from a malware.
Anti-Spam
In this scenario we will demonstrate that KS4Exchange can detect spam and apply different actions to the
messages containing spam in accordance with the filtering rules. A GTUBE 2(Generic Test for Unsolicited Bulk
Email) string will be used as a spam sample:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Evaluation steps:

1. Check that the Anti-Spam protection is enabled in KS4Exchange.

2. Send a test spam message to a protected mailbox.
3. Check that the spam was detected.

Expected results:

KS4Exchange will detect the spam message and a copy of this message will be placed in Backup in accordance
with the filtering rule.

Instructions:

1. Log in to the computer with KS4Exchange management console and another computer that to be used to
send the test message.

2. Open the KS4Exchange

management console.

Go to Localhost > Server

protection >Protection for the
Hub Transport role > Anti-
Spam scan settings.

In the rule settings make sure

that Anti-Spam protection is
enabled. Edit the rule to set
the following values:

Check Spam detection

Action: Allow.
Add label [!!Spam].

Review other the actions on

detections and change them if
necessary.

Close the rule properties.

2 For detailed information please refer to the following link: https://en.wikipedia.org/wiki/GTUBE.

3. Run the SwithMail utility and
specify a sender, a recipient
and the Exchange Server with
KS4Exchange protected
addresses).

On the Email Content tab

enter Email Subject. In the
Email Body field paste the
GTUBE string and click Test
Settings.

The test spam message will

be sent. Save the
configuration to an XML file
for future cases if necessary.
4. Open the mail client and log in
to the mailbox where the test
spam message was sent.

Make sure that the message

was delivered and the
[!!Spam] tag was added to
the subject of the message as
it was specified in the Default
rule.

After completing these steps, you have successfully demonstrated that KS4Exchange can detect a spam
messages and apply different actions in accordance with the filtering rule.
Anti-Phishing
In this scenario we will demonstrate that KS4Exchange can detect phishing links and apply different actions to the
messages containing phishing links in accordance with the filtering rules.

Evaluation steps:

1. Check that the Anti-Phishing protection is enabled in KS4Exchange.

2. Send a test phishing message to a protected mailbox.
3. Check that the message containing a phishing link was rejected by KS4Exchange.

Expected results:

KS4Exchange will reject the phishing message and add message copy to the Backup.

Instructions:

1. Log in to the computer with KS4Exchange management console and another computer that to be used to
send the test message.

2. Open the KS4Exchange

management console.

Go to Localhost > Server

protection >Protection for the
Hub Transport role > Anti-
Spam scan settings.

In the rule settings make sure

that Phishing protection is
enabled. Edit the rule to set
the following values:

Check Phishing detection

Action is Reject, and enable
Save copy option.

Review other the actions on

detections and change them if
necessary.

Close the rule properties.

9. On the Email Content tab
enter Email Subject. In the
Email Body field paste the
following artificial (safe)
phishing link and click Test
Settings:

https://www.kaspersky.com/te
st/aphish_h.

10. Open the KS4Exchange

management console and go
to Backup.

Apply search filters if

necessary and make sure that
the appropriate event
appeared.
After completing these steps, you have successfully demonstrated that KS4Exchange can detect phishing
messages and apply different actions in accordance with the filtering rule.
Content Filtering: Attachments
In this scenario we will demonstrate that KS4Exchange can recognize the types of forbidden files such as
password protected archives, and tag such attachments.

Evaluation steps:

1. Check that Content Filtering is enabled in KS4Exchange.

2. Send a test message containing a password protected archive to a protected mailbox.
3. Check that a specific tag was added to an email subject.

Expected results:

KS4Exchange will detect the password protected archive, specific tag is added to an email subject.

Instructions:

1. Log in to the computer with KS4Exchange management console and another computer that to be used to
send the test message.

2. Open the KS4Exchange

management console.

Go to Localhost > Server

protection >Protection for the
Hub Transport role >
Attachment and content
filtering.

Turn on Attachment and

content filtering. Add new rule
to label (add email subject
tag) for emails with password
protected attachments.

Check the detection Action is

Allow.

Review other the actions on

detections and change them if
necessary.

Close the rule properties.

3. Create a password protected
archive.

On the Email Addresses /

Attachment tab add the
password protected archive
file.
4. Open the mail client and log in
to the mailbox where the test
message was sent.

Make sure that the [Blocked

attachment or content] tag
was added to the subject of
the message.

After completing these steps, you have successfully demonstrated that KS4Exchange provide content message
filtering, it can detect specific attachments, and apply different actions to such messages in accordance with the
filtering rule.
Content Filtering: List of keywords
In this scenario we will demonstrate that KS4Exchange can recognize keywords in messages, detect and delete
such emails.

Evaluation steps:

1. Check that Content Filtering is enabled in KS4Exchange.

2. Create a List of keywords content filter.
3. Send a test message containing keywords from a protected mailbox to an external sender.
4. Check that keywords were detected in a message body and an email was put into the Backup.

Expected results:

KS4Exchange will detect keywords and delete message.

Instructions:

1. Log in to the computer with KS4Exchange management console and another computer that to be used to
send the test message.

2. Open the KS4Exchange

management console.

Go to Localhost > Server

protection > Protection for the
Hub Transport role >
Attachment and content
filtering.

Turn on Attachment and

content filtering.

Add new rule, type: List of

keywords.

Make a List of keywords with

words: “password” and
“passport”.

Check the detection Action is

Delete object.

Review other the actions on

detections and change them if
necessary.

Close the rule properties.

3. Run the SwithMail utility and
specify a sender, a recipient
and the Exchange Server with
KS4Exchange protected
addresses).

On the Email Content tab

enter Email Subject. In the
Email Body field paste
keyword: passport and click
Test Settings.

The test message will be sent.

Save the configuration to an
XML file for future cases if
necessary.

4. Switch to the Backup section.

Make sure that the
appropriate record for the
message appeared. If there is
no record for the message,
check the filters applied to the
search in Backup.

Click on the record and review

the information about the
message. Make sure that the
Backup Reason is
Attachment and content
filtering > List of keywords.
After completing these steps, you have successfully demonstrated that KS4Exchange provide content message
filtering and can apply different actions to such messages in accordance with the filtering rule.
Content Filtering: Regular expression
In this scenario we will demonstrate that KS4Exchange can recognize text using regular expression (regexp) in
messages, detect and delete such emails.

Evaluation steps:

1. Check that Content Filtering is enabled in KS4Exchange.

2. Create a List of keywords content filter with regular expressions.
3. Send a test message containing keywords from a protected mailbox to an external sender.
4. Check that keywords were detected in a message body and an email was put into the Backup.

Expected results:

KS4Exchange will detect keywords and delete message.

Instructions:

5. Log in to the computer with KS4Exchange management console and another computer that to be used to
send the test message.

6. Open the KS4Exchange

management console.

Go to Localhost > Server

protection > Protection for the
Hub Transport role > Attachment
and content filtering.

Turn on Attachment and content

filtering.

Add new rule, type: List of

keywords.

Make a List of keywords with

next elements:

Date of Birth
(Date of
birth:|Birthday:)\s+(?:19
\d{2}|20[01][0-9]|2020)[-
/.](?:0[1-9]|1[012])[-
/.](?:0[1-9]|[12][0-
9]|3[01])\b

The regex matches on a date with

the YYYY/MM/DD format and a
"Date of birth:" or "Birthday:"
prefix (Year min: 1900, Year max:
2020).

For example:
• Date of birth: 1900/12/01
• Date of birth: 2019.01.25
• Birthday: 2099-10-3

U.S. Passport number

(Passport Number|Passport
No|Passport
#|Passport#|PassportID|Pa
ssportno|passportnumber)\
W*\d{9}\b

The regex matches on a string

that contains a Passport related
keyword and a 9 digits number.

For example:
• Passport Number:
123456789
• Passport No. 123456789

Russian Passport number

(Номер
паспорта|Паспорт|паспорт
№|мой паспорт|паспортные
данные|номер
паспорта)\W*\ [0-9]{4}
[0-9]{6}

The regex matches on a string

that contains a паспорт related
keyword and 4 + 6 digits
numbers.

For example:
• номер паспорта: 1234
562290
• Мой паспорт 0234
558723

Check the detection Action is

Delete object.

Review other the actions on

detections and change them if
necessary.

Close the rule properties.

7. Run the SwithMail utility and
specify a sender, a recipient and
the Exchange Server with
KS4Exchange protected
addresses).

On the Email Content tab enter

Email Subject. In the Email
Body field paste text examples
from previous step 6.
Test Settings.

The test message will be sent.

Save the configuration to an XML
file for future cases if necessary.

8. Switch to the Backup section.

Make sure that the appropriate
record for the message appeared.
If there is no record for the
message, check the filters applied
to the search in Backup.

Click on the record and review

the information about the
message. Make sure that the
Backup Reason is Attachment
and content filtering > List of
keywords.
After completing these steps, you have successfully demonstrated that KS4Exchange provide content message
filtering using regular expressions (regexp) and can apply different actions to such messages in accordance with
the filtering rule.
Allow and Block lists
In this scenario we will demonstrate that KS4Exchange can create Allow and Block lists of sender addresses.

Evaluation steps:

1. Check that Anti-Spam scan settings is configured for blocklisted addresses.

2. Add external sender to block list of Anti-Spam addresses in KS4Exchange.
3. Send a test message from a “blocked” sender to internal recipient.
4. Check that a specific tag was added to an email subject.

Expected results:

KS4Exchange will add a specific tag to an email subject.

Instructions:

1. Log in to the computer with KS4Exchange management console and another computer that to be used to
send the test message.

2. Open the KS4Exchange

management console.

Go to Localhost > Server

protection > Protection for the
Hub Transport role > Anti-
Spam scan settings.

Check that Anti-Spam scan

settings is enabled.

Check that Spam processing

settings for Address
blacklisted are:
• Action: Allow
• Add label:
[!!Blacklisted]

Review other the actions on

detections and change them if
necessary.

Close the rule properties.

3. Send a test message from a
“blocked” sender to an
internal recipient.

Make sure that the

[!!Blacklisted] tag was added
to the subject of the message.

After completing these steps, you have successfully demonstrated that KS4Exchange provides the Allow and Block
lists capability and can apply different actions to such messages email subject.
Reporting
In this scenario we will demonstrate that KS4Exchange reporting capability. Kaspersky Security supports creation
and viewing of reports on the activity of the Anti-Virus and Anti-Spam modules. The application can generate a
separate activity report for each module covering a period of one day or longer.

Evaluation steps:

1. Run Standard Anti-Spam report.

2. Get the Standard Anti-Spam report.

Expected results:

KS4Exchange generates Standard Anti-Spam report.

Instructions:

1. Log in to computer with KS4Exchange management console.

2. Open the KS4Exchange

management console.

Go to Localhost > Reports >

click New report.

Run Standard Anti-Spam

report.
3. Make sure that the Standard
Anti-Spam report is opened
in a new web browser tab.

After completing these steps, you have successfully demonstrated that KS4Exchange provides reporting
capabilities.
Appendix A: POC success criteria
# Task Success criteria Notes

1. Prepare the environment.

1.1. Review the requirements. PoC environment meets all the imposed
requirements.

1.2. Download required files. All required files are downloaded.

2. Deployment and configuration.

2.1. Install and configure Successful internal mailflow.

Exchange Server.

2.2. Install and configure KS4Exchange is activated with a valid

KS4Exchange. license.

3. Capability scenarios.

3.1. Anti-Virus. The EICAR file was detected. The message

was processed in accordance with a filtering
rule. Malicious attachment was deleted from
the email message, the message subject
was tagged appropriately.

3.2. Anti-Spam. Spam was detected. The message was

processed in accordance with a filtering rule.
The message subject was tagged
appropriately.

3.3. Anti-Phishing. Phishing was detected. The message was

processed (rejected) in accordance with a
filtering rule. A copy of message was put to
the Backup.

3.4. Content Filtering. Content Filtering policy violation was

detected. The messages were processed in
accordance with filtering rules.

3.5. Allow and Block lists An email message from a “blocked” sender
was detected and the message subject was
tagged appropriately.

3.6. Reporting Standard Anti-Spam report is generated and

opened in a new web browser tab.
Appendix B: Troubleshooting
If you face with technical issues KS4Exchange during the product operation, please collect the diagnostic
information and contact Technical Support. You can find the details about that in Online Help:
https://support.kaspersky.com/KS4Exchange/9.6/en-US/70331.htm

Exchange Server documentation: https://docs.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-

imap4?view=exchserver-2019

If you face with technical issues with Exchange Server: Open Microsoft Exchange Management Shell and run:
Test-ServiceHealth

RequireServiceRunning “True” means that a service is up and running: