Exchange Server Toolbox

Protecting Your Exchange Server from Viruses with ClamAV

Protect your Exchange Server from Viruses with ClamAV

Every day, hundreds of emails reach your Microsoft Exchange Server - among them is a massive amount of spam with dangerous attachments such as viruses and Trojans. If your employees open the attachment, malware can immediately infect your corporate network.

That's why an effective virus scanner like ClamAV is indispensable for your Exchange Server.

What is ClamAV?

ClamAV is an open source antivirus software that is used on a variety of servers - mainly on Unix/Linux systems.

The virus scanner also has a phishing filter to expose worms in e-mails, for example. Among other things, ClamAV offers high-performance multi thread scanning. This means that ClamAV can run multiple virus scans simultaneously - and helps to better scale virus scanning performance with the available resources.

ClamAV for your Exchange Server

Exchange Server Toolbox brings ClamAV as virus protection for your mail server.

Our plugin for your Microsoft Exchange Server extends ClamAV with Sanesecurtiy signatures and integrates the virus scan as a condition in its comprehensive rule system. This way, all your incoming emails are automatically scanned for viruses, trojans and other malware.

You can even check incoming emails for specific virus names. If an email is detected as malicious, the Exchange Server Toolbox reacts as specified in your rule set: The affected email is rejected or its attachment is removed.

Reject dangerous attachments on mail servers

The Exchange Server Toolbox in combination with ClamAV can reject malicious emails already at the mail server level. A separate Windows service (ClamAVinABox) keeps ClamAV ready for this.

This not only helps to rid your employees' mailboxes of dangerous attachments. This procedure has another advantage: since the email is not accepted in the first place, it does not have to be archived in compliance with the law.


In the ruleset, you can set exactly how dangerous emails should be rejected:

  • Actively reject an email: The mail server does not accept the email and informs the sender about it with an undeliverability report. The sender is thus warned about the virus in his email.
  • Silent swallowing of an email: In this case, the Exchange Server Toolbox removes all recipients from the email. The Exchange Server then recognizes that the email has no recipients and immediately discards it. The sender is not informed - this helps against deliberate spam attacks.

Delete suspicious email attachments right away

If an email in which ClamAV has detected malware is not to be rejected immediately, the Exchange Server Toolbox can alternatively remove the email attachment.

In the rule set, you can then individually define how the recipient should be made aware of the removed attachment - for example, via a small info text in the email itself.

If ClamAV does make a mistake and marks a clean attachment as dangerous, the recipient can react immediately. With the appropriate configuration of the Exchange Server Toolbox, a system administrator can re-deliver a copy of the original email to the recipient. In this way, time-consuming communication with the sender can be avoided.

By the way, a complementary "on-access" virus scanner can also be used in parallel with ClamAV.

Compare our security solutions for your mail server

Product Icon SmartPOP2Exchange

SmartPOP2Exchange Small Business Edition

Integrated Virus Protection (ClamAV)
Integrated Spam Protection (SpamAssassin)
Outlook Add-In for Spam training
Exchange-Server-Toolbox Icon

Exchange Server Toolbox

Integrated Virus Protection (ClamAV)
Integrated Spam Protection (SpamAssassin)
Outlook Add-In for Spam training