McAfee Security for Microsoft Exchange 8.6.0

Scanning internal emails

Step-by-step information on what happens to an email that is sent within the organization and how MSME scans it, to determine if the email is clean or infected.

Task
1 The end-user sends an email to an internal user, using the email client.
2 For Exchange server 2010, exchange receives the email and scans it in the Outbox folder. For Exchange Server 2013 and 2016, the emails are directed to the Transport queue from the Outbox folder.
3 If there is detection, it's replaced or deleted as per the product configuration and if replaced it is submitted to Transport queue.
4 SMTP stack hosted by EdgeTransport.exe on Hub server role, receives the email.
5 MSME Transport Agent (McAfeeTxRoutingAgent) scans the email for File filtering, Content scanning, then Anti-virus scanning.
6 If there is detection, it is dropped or replaced and appropriately returned to the SMTP stack.
7 MSME stamps the email with AV stamp, as per Microsoft specifications on Hub server role.
8 If the email is clean, it is returned to SMTP stack for further routing.
9 The Exchange Mailbox server receives the email.
10 Exchange store checks for AV stamp and if it matches, the email will not be sent to MSME scanning for VSAPI, else the email is scanned for Anti-Virus, URL Reputation, File filtering and Content Scanning by VSAPI.