How BackupAssist 365 handles viruses and malware in mailboxes

Spam emails are a major way that ransomware spreads – so we don’t want to backup such malware! Yet, we estimate over 50% of companies have mailboxes that contain messages with virus or malware attachments. Fortunately, BackupAssist 365 has a safety feature that keeps your backups clean.


  1. Summary – BackupAssist 365 keeps malware out of your mailbox backups
  2. How did the malware get in to start with?
  3. How does BackupAssist 365’s safety feature solve this problem?

Summary: BackupAssist 365 keeps the malware out of your mailbox backups

  1. BackupAssist 365 lets Windows Defender and other virus scanners scan attachments before saving them to the backup PST files.
  2. If a virus is found, BackupAssist will replace the virus with a simple text file, and save the item to the backup.
  3. You’ll see a note in the backup report to tell you what happened. After that, you won’t be notified again.

How did malware get into the mailboxes to start with?

Many administrators are shocked when they see warning messages from BackupAssist 365 in the backup reports:

“Cannot save an attachment: An attachment was skipped because it has failed a virus scan.”

The common belief is that the hosted email provider – such as Office 365 – will scan mailboxes to prevent malware from getting into the mailbox (which is true – according to Microsoft’s KB article on the topic.)

Many of our clients also use a 3rd party email security gateway to filter out malware and spam. And these are remarkably effective and highly recommended by us.

However, there are still ways in which viruses and malware can get into your mailboxes.

  1. Historically, there may have been times where an email security gateway was not used, and viruses / malware were free to enter.
  2. If a security filter was used, but the virus / malware was not known at the time, it passes through the security filter and gets delivered to the mailbox. (This is a false negative.)
  3. In a mailbox migration, emails are uploaded to the mailbox without ever having been delivered, so the security filter is bypassed altogether.
  4. In the case of notes or calendar appointments, these can get saved straight to a mailbox using client-side software like Outlook. Historically, it’s been possible to attach viruses to items and upload them to the mailbox.

How does BackupAssist 365’s safety feature solve the problem?

BackupAssist 365 lets the in-built Windows Defender (and for older Operating Systems, Microsoft Security Essentials) scan attachments before saving them to the backup PST files.

It’s a simple process.

  1. BackupAssist 365 downloads mailbox items
  2. It then downloads attachments for the mailbox items, and saves them to temp files on disk.
  3. The virus scanner will scan these temp files and flag any problems.
  4. BackupAssist 365 then opens the attachments to read them and save them to the backup PST file.

If there are any problems detected with an attachment, then it’s likely you’ll see a notification from your virus scanner. If you happen to be logged in, you’ll see something like this from Windows Defender:

A screenshot of a computer

Description automatically generated with medium confidence

If a threat is found, then BackupAssist 365 will replace the flagged file with a simple text file, like this one. The file is renamed to add “.txt” to the end of it.

Graphical user interface, text, application, email

Description automatically generated

This replacement attachment is then attached to the original email, and it’s saved to the backup. So now your backup looks like this:

Graphical user interface, text, application, email

Description automatically generated

Here’s another example of another email containing malware, sanitized with BackupAssist 365:

Graphical user interface, application

Description automatically generated

Finally, we’ll log this in the backup report. This means you’ll see a notice like this:

Graphical user interface

Description automatically generated

You should only see this notification once, because after the item is saved into the backup PST file, it won’t be downloaded again.

And that’s how BackupAssist 365 keeps your mailbox backups clean.

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin


BackupAssist 365

Start your free 30-day trial today