HUB TRANSPORT CONFIGURATION:

1. Expand Antimalware in the left hand pane2. Expand Hub Transport3. In the right hand pane set the following

a. General Settingsi. Check Enable transport antivirus scan

ii. Check Enable Transport antispyware scanb. Engines and performance

i. Select the second option, Scan with the subset of engines that are available

c. Scan Actionsi. Detection

1. Virus: Action = Clean, Quarantine Files = Yes2. Spyware: Action = Delete, Quarantine Files = Yes

d. Additional Optionsi. Check: Optimize for performance by not rescanning messages

already virus scannedii. Set maximum container scan time (seconds) = 120

iii. Set illegal MIME header action: = Purgeiv. Set transport sender information = Use MIME headerv. Set process count = 4

vi. Set scanning timeout (Seconds) = 600

vii. Set Scan timeout action = delete

4. Expand Anti spam in the left hand pane

5. Make sure that antispam is disabled and all options are grayed out.

6. Skip filter lists as we have none

7. Select Filter Optionsa. Transport filtering options

i. Check Enable file filtersii. Check Enable Header filters

iii. Check Enable keyword filtersb. Enable keyword filtering

i. Check inboundii. Check outbound

c. Enable file filtering for these message directionsi. Check inbound

ii. Check outboundd. Tag text for message header = Junk-Mail

e. Tag text for subject line = SUSPECT:

8. Select online protection in the left hand pane and make sure that it is not enabled.

9. Select Global Settings in the left hand pane and select scan optionsa. Scan Targets – Transport

i. Check enable scanningb. Target types

i. Check inboundii. Check outbound

iii. Check internal

10. Select Engine options in the left hand panea. UNC Authentication

i. Uncheck enable UNCb. Proxy Server

i. Uncheck enable proxy serverc. Additional options

i. Uncheck Update engines on server startupii. Uncheck Enable as an update redistribution server

iii. Set engine download timeout (seconds) = 300

11. Select Advanced options from the left hand panea. Scans

i. Engine error action = Deleteii. Use this extension when replacing a deleted attachment = txt

iii. Uncheck use external “Domains.dat” file instead of valueiv. Domain names used for identifying internal addresses =

int.elekta.comv. Uncheck use reverse DNS lookup when determining whether a

message is inboundvi. Check Quarantine corrupted compressed files

vii. Check Quarantine on timeoutviii. Uncheck rescan messages already scanned by forefront online

protection for exchangeb. Deletion Criteria

i. Check Delete corrupted compressed filesii. Check Delete corrupted UUEncoded files

iii. Check Delete partial SMTP messagesiv. Uncheck delete encrypted compressed files

c. Threshold Levelsi. Maximum container file infections = 5

ii. Maximum container file size =25iii. Maximum compressed file size = 20iv. Maximum uncompressed file size = 100v. Maximum nested attachments = 30

vi. Maximum nested depth compressed files = 5d. Logging options

i. Archive transport mail = noneii. Check enable transport incident logging

iii. Check Enable event loggingiv. Check incidentsv. Check engines

vi. Check operationalvii. Check enable spam agent logging

viii. Uncheck Enable content filtering incident loggingix. Check Enable performance counters

e. Customer Experience Improvement Programi. Uncheck Join the Customer Experience Improvement Program

f. Intelligent Engine Managementi. Engine management = Automatic