How BackupAssist 365 handles viruses and malware in mailboxes

Spam emails are a major way that ransomware spreads – so we don’t want to backup such malware! Yet, we estimate over 50% of companies have mailboxes that contain messages with virus or malware attachments. Fortunately, BackupAssist 365 has a safety feature that keeps your backups clean.

Contents:

  1. Summary – BackupAssist 365 keeps malware out of your mailbox backups
  2. How did the malware get in to start with?
  3. How does BackupAssist 365’s safety feature solve this problem?

Summary: BackupAssist 365 keeps the malware out of your mailbox backups

  1. BackupAssist 365 lets Windows Defender and other virus scanners scan attachments before saving them to the backup PST files.
  2. If a virus is found, BackupAssist will replace the virus with a simple text file, and save the item to the backup.
  3. You’ll see a note in the backup report to tell you what happened. After that, you won’t be notified again.

How did malware get into the mailboxes to start with?

Many administrators are shocked when they see warning messages from BackupAssist 365 in the backup reports:

“Cannot save an attachment: An attachment was skipped because it has failed a virus scan.”

The common belief is that the hosted email provider – such as Office 365 – will scan mailboxes to prevent malware from getting into the mailbox (which is true – according to Microsoft’s KB article on the topic.)

Many of our clients also use a 3rd party email security gateway to filter out malware and spam. And these are remarkably effective and highly recommended by us.

However, there are still ways in which viruses and malware can get into your mailboxes.

  1. Historically, there may have been times where an email security gateway was not used, and viruses / malware were free to enter.
  2. If a security filter was used, but the virus / malware was not known at the time, it passes through the security filter and gets delivered to the mailbox. (This is a false negative.)
  3. In a mailbox migration, emails are uploaded to the mailbox without ever having been delivered, so the security filter is bypassed altogether.
  4. In the case of notes or calendar appointments, these can get saved straight to a mailbox using client-side software like Outlook. Historically, it’s been possible to attach viruses to items and upload them to the mailbox.

How does BackupAssist 365’s safety feature solve the problem?

BackupAssist 365 lets the in-built Windows Defender (and for older Operating Systems, Microsoft Security Essentials) scan attachments before saving them to the backup PST files.

It’s a simple process.

  1. BackupAssist 365 downloads mailbox items
  2. It then downloads attachments for the mailbox items, and saves them to temp files on disk.
  3. The virus scanner will scan these temp files and flag any problems.
  4. BackupAssist 365 then opens the attachments to read them and save them to the backup PST file.

If there are any problems detected with an attachment, then it’s likely you’ll see a notification from your virus scanner. If you happen to be logged in, you’ll see something like this from Windows Defender:

A screenshot of a computerDescription automatically generated with medium confidence

If a threat is found, then BackupAssist 365 will replace the flagged file with a simple text file, like this one. The file is renamed to add “.txt” to the end of it.

Graphical user interface, text, application, emailDescription automatically generated

This replacement attachment is then attached to the original email, and it’s saved to the backup. So now your backup looks like this:

Graphical user interface, text, application, emailDescription automatically generated

Here’s another example of another email containing malware, sanitized with BackupAssist 365:

Graphical user interface, applicationDescription automatically generated

Finally, we’ll log this in the backup report. This means you’ll see a notice like this:

Graphical user interfaceDescription automatically generated

You should only see this notification once, because after the item is saved into the backup PST file, it won’t be downloaded again.

And that’s how BackupAssist 365 keeps your mailbox backups clean.

Leave a Comment

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email. Join 1,874 other subscribers