Mass Delete Malicious Email in EMS

If you are an administrator of an Exchange 2010 server there may be times when your users get an email that may be malicious in nature. Here are two very useful PowerShell commands that will allow you to either log/report the users that may have received the email in question or delete it from all users in your Exchange organization in one swoop.

First, the cautious route…

SEARCH (LOG) MALICIOUS EMAIL:

Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery ‘Subject:”Paste the subject here“‘ -TargetMailbox YourExchangeUserName -TargetFolder “SearchAndDeleteLog” -LogOnly -LogLevel Full

This should produce a .zip file containing the mailboxes that received the email in question and place it in a folder in in your inbox called “SearchAndDeleteLog”.

 

<h2>MALICIOUS EMAIL</h2>

 

The meat and potatoes…

MASS DELETE MALICIOUS EMAIL: (here there be monsters you have been warned)

Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery ‘Subject:”Paste the subject here“‘ -DeleteContent

This command will delete all emails with the subject that you specified. Alternatively you can change the word subject to attachment to do the same based on the specified name of an attachment on both of these commands.

Posted in Technology, Tutorials, Work and tagged , , .

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *