Configuring Notifications About Messages Deleting Using Exchange Web Services

In case of operating in the mode featuring messages deleting during the anti-virus check or filtering by anti-virus agent, the recipient does not get any information about the message, except the corresponding records in the server event log. You can configure sending mail notifications via EWS (Exchange Web Services) protocol to the email address specified by the OWSNotificationEmail parameter. Such notifications contain the information on the sender, recipients and subject of the deleted message, but do not provide any data on its body or attachments.

EWS (Exchange Web Services) resides on the servers Client Access (CAS) role and acts as mediator between the client requests and internal structure of the Exchange Server.

The notifications about deleting messages via EWS (Exchange Web Services) are configured in the DrWebAgentStub_1.0 -> Application Settings section of the Dr.Web CMS Web Console by setting up the following variables:

OWSUrl—the server where EWS resides. By default, the localhost is specified, but it can be the IP address of any other server with EWS.

OWSAdministrator, OWSPassword, OWSDomain—the access parameters (the name of the user with access to EWS, the password and domain name) to the mailbox set by the OWSOutgoingEmail parameter.

OWSNotificationEmail—the email address to receive the notifications about the messages deleting.

OWSOutgoingEmail—the email address, the notifications about the messages deleting are sent from.

The specified parameters are transferred to anti-virus agent when the transport service is started. Sending notifications via EWS is not enabled if the value of any of the parameters is left blank.

Every time the message is deleted, the anti-virus agent initiates connection to the server specified by the OWSUrl parameter. In case the connection fails, the alert 444 is registered in the OS Event log describing the reason of the failure to send the notification.