Skip links

Email Malware Detection

Helping you to keep your emails safe from cyber threats

About Client

Email Malware Detection




With 90% of cyber threats starting in an email, email has been recognized as the #1 risk vector. Client wanted a product which can use multiple mechanisms to ensure that email-based malware can be weeded out on Microsoft Exchange server, both on-premise and online.

Technical Objective

  • Intercommunication with the SaaS application using Web Services
  • EWS (Exchange Web Services) API calls
  • Plugin-architecture for API calls
  • Deployment on cloud Server
  • Hash Management
  • Plugin for Virus Total API and Bright Cloud API


We developed a web application with following functionalities in it 
  • SAAS Based Multitenant Application
  • Integrating Exchange API for selecting the mailbox for scanning purpose
  • Ability to Search based on specific Conditions /Filters such as start date, End Date , Scanning emails from specific Domains /IPs etc.
  • Dashboard with the following counts and pie chart of
    • No of mailbox Scanned and count of total Infected mail box
    • No of messages with Infected URL
    • No of messages with “PE” file attachment (high risk)
    • Top 10 viruses found & pie chart of viruses found
    • Top 10 infected mailboxes by recipient name
    • Top 10 mailboxes containing executable files
  • Report Generation for Infected Recipient with the malware Name
  • Risk Posture Assessment Scoring was Integrated on the scale of 0-10
  • Plugin Module for Virus Total API – Virus Total security Feed Configuration option which user needs to fill during registration
  • User were able to get detail results after scanning which included
    • Virus name according to VirusTotal + AV vendor Name
    • Number of total hits from VirusTotal
    • Recipients of message
    • Message subject
    • Active Directory Title for each recipient etc
    • map display using of geo-­‐location based on sender IP geo-location lookup
  • Bright Cloud Plugin Module with Multiple APIS was integrated which included
    • Hash based file analysis
    • IP reputation analysis
    • submission of URLs. In return the reputation details are provided by BrightCloud
  • Creating rules for moving the mails to quarantine folder


Client was easily able to detect any threat in the email via the solution that we provided

Technology Stack