If you are an administrator of an Exchange 2010 server there may be times when your users get an email that may be malicious in nature. Here are two very useful PowerShell commands that will allow you to either log/report the users that may have received the email in question or delete it from all users in your Exchange organization in one swoop.
First, the cautious route…
SEARCH (LOG) MALICIOUS EMAIL:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery ‘Subject:”Paste the subject here“‘ -TargetMailbox YourExchangeUserName -TargetFolder “SearchAndDeleteLog” -LogOnly -LogLevel Full
This should produce a .zip file containing the mailboxes that received the email in question and place it in a folder in in your inbox called “SearchAndDeleteLog”.
The meat and potatoes…
MASS DELETE MALICIOUS EMAIL: (here there be monsters you have been warned)
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery ‘Subject:”Paste the subject here“‘ -DeleteContent
This command will delete all emails with the subject that you specified. Alternatively you can change the word subject to attachment to do the same based on the specified name of an attachment on both of these commands.
That’s amazing. How did you figure that out?