McAfee Security for Microsoft Exchange 8.6.0

Scanning outbound emails

Step-by-step information on what happens to an email that goes out of the organization and how MSME scans it, to determine if the email is clean or infected.

Task
1 The end-user sends an email to an external user, using the email client.
2 Exchange store receives the email and scans it in the Outbox folder.
3 If there is detection, it is replaced or deleted as per the product configuration and if replaced it is submitted to Transport queue.
4 SMTP stack hosted by EdgeTransport.exe on Hub / MBX roles, receives the email.
5 MSME Transport Agent (McAfeeTxRoutingAgent) scans the email for File filtering, Content scanning, Anti-Virus scanning, URL reputation, and also disclaimer addition.
6 If there is detection, it is dropped or replaced and appropriately returned to the SMTP stack.
7 If the email is clean, it is returned to SMTP stack for further routing.
8 If the email is routed to Edge server role from this Hub server, then:
a SMTP stack hosted by EdgeTransport.exe on Edge server role, receives the email. d If the stamp is different then, MSME receives the same stream and scans for File filtering, Content scanning, Anti-virus scanning, then URL reputation check.
b MSME Transport Agent (McAfeeTxRoutingAgent) checks for AV stamp (if any).
e If there is a detection, action is taken as per product configuration.
c If AV stamp is present, it checks and compares with the stamp MSME forms with engine/DAT on Edge server role. f MSME stamps the email with AV stamp, as per Microsoft specifications on Edge server role.
9 Now the email is returned to SMTP stack, hosted by EdgeTransport.exe on Edge server role for further routing.