eG Help

Malware is comprised of viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware refers to malware that gathers your personal information, such as sign-in information and personal data, and sends it back to the malware author.

Mailboxes hosted in Exchange Online are vulnerable and may get infected by malware. When this happens, administrators should be able to promptly identify the malware that has attacked the mailboxes, accurately capture the files infected by it, and also isolate the senders/receivers who are sending/receiving the malware. This will help them tweak Exchange Online's built-in anti-malware protection policies, so that such policies acquire the ability to shield the mailboxes in Exchange Online from that malware. This is where the EXOMalwareTest test helps!

Moreover, the detailed metrics reported by the test reveal the top senders and receivers of malware. This will point you to email traffic that you may want to track closely.

The test also reports the malware size in both incoming and outgoing mails, with detailed diagnosis pointing you to the senders/receivers who sent/received malware of large sizes. If the mailboxes of such senders/receivers exhibit abnormal growth suddenly, you may want to check these detailed metrics to see if that can be attributed to the malware size.

Outputs of the test : One set of results for each malware that is infecting mailboxes.

Measurement	Description	Measurement Unit	Interpretation
Inbound_malware	Indicates the number of inbound emails carrying this malware.	Number	A high value for this measure is a cause for concern, as it indicates that incoming mail traffic is severely infected by malware. In this case, use the detailed diagnosis of this measure to view the top-20 receivers, in terms of the number of malware-infected mails they received. This information, thus points administrators to those receivers who were worst hit by malware.
Outbound_malware	Indicates the number of outbound emails carrying this malware.	Number	A high value for this measure is a cause for concern, as it indicates that outgoing mail traffic is severely infected by malware. In this case, use the detailed diagnosis of this measure to view the top-20 senders, in terms of the number of malware-infected mails they sent. This will also point you to those senders who are probably responsible for spreading the malware infection.
Inbound_size	Indicates the total size of this malware in incoming mails.	GB	If the value of this measure is abnormally high, then use the detailed diagnosis of this measure to view the top-20 receivers, in terms of the malware size in the mails they received. If the mailbox of these receivers increase in size suddenly, then check the malware size of these receivers to see if the malware caused the abnormal mailbox growth.
Outbound_size	Indicates the total size of this malware in outgoing mails.	GB	If the value of this measure is abnormally high, then use the detailed diagnosis of this measure to view the top-20 senders, in terms of the malware size in the mails they sent.
Unique_snd	Indicates the number of unique senders of this malware.	Number	Use the detailed diagnosis of this measure to view the top-20 senders, in terms of the number of malware-infected mails they sent.
Unique_rec	Indicates the number of unique receivers of this malware.	Number	Use the detailed diagnosis of this measure to view the top-20 receivers, in terms of the number of malware-infected mails they received.