Exchange 2016 already has a built-in "malware filter". I took the liberty of carrying out a small test. I simply redirected the first 6 emails from a quarantine in which a virus / Trojan had previously been found:
Sophos UTM E-Mail Protection has dutifully rejected all the virus mails. It was actually a simple task, all mails contained a ZIP archive with the Trojan or virus. After I adjusted the UTM a little, the virus-infected mails were delivered to Exchange.
The result:
All 6 virus-infected mails passed the Exchange malware filter without any problems. At least the EICAR test virus string was detected by the built-in Exchange malware filter. However, as soon as the EICAR string is hidden in a RAR archive, for example, things look bad again and the mail ends up directly in the mailbox.
I deliberately left the malware filter in the default configuration and only adjusted the notification:
The Technet says the following:
Antimalware protection is provided by the Malware agent that was introduced in Exchange Server 2013. The Malware agent is available and enabled by default on Exchange 2016 Mailbox servers.
Source: https://technet.microsoft.com/de-de/library/jj150481(v=exchg.160).aspx
The Exchange malware filter is supposedly activated by default. It's just a pity that the malware filter seems to work only poorly in the default setting.
Incidentally, the patterns were up to date. After my test, I manually updated the patterns again, which was also successful:
However, the result remains the same. As before, no mail with a virus is detected. To be on the safe side, I uploaded the attachment of a mail to VirusTotal again, here is the result:
I am now installing a new dedicated test environment and trying it out again. So far I have only been able to test two independent Exchange 2016 installations. Both deliver this bad picture. I'm curious to see if a fresh Exchange 2016 installation behaves the same way... I'll report back...