Delete Phishing emails using powershell script

Hi,

We have this script to delete phising emails from our organisation, however we also these requirements:

1)      We need to add into the search-mailbox after -searchquery an additional requirement for date or time, as we only want to search for emails since a certain date. We use this script to delete phishing attack emails, so we know when they started, so need to be able to search for all emails since a date and delete them if the subject matches. So the most recent example, would be all emails containing subject “RE: NOTICE: MC Support UPGRADE.” however only emails received after 01/03/2018. I assume we can just do -searchquery “Subject:’Content of Subject’ AND ReceivedDate:>01/03/2018” or something like that?
2)      We need to be able to search for subjects with special characters in. –searchquery “Subject:’RE: NOTICE: MC Support UPGRADE.’ Will currently give an error as it won’t like the : in the subject.
3)      We need to be able to search for the above criteria, but also potentially include only emails from certain email addresses. One of the phishing emails was “RE: Attention (Staff Migration)” which could be very close to something we actually send to users. The phishing email only came from a certain email though, so if we add an extra criteria for sender, that would help us focus the search.


Please can someone show me how to achieve this?

also I would appreciate if you any other suggestions for improvement.


$mbs = Get-Mailbox -ResultSize unlimited -Filter {(ExchangeUserAccountControl -ne 'AccountDisabled')}

$count=0

foreach ($mb in $mbs) {

search-mailbox  -identity $mb –searchquery “Subject:’Intense Action Required!’” -deletecontent -force
search-mailbox  -identity $mb –searchquery 'Subject:"*RE: Attention (Staff Migration)*"' -deletecontent -force


$count = $count+1
echo "Processed $count mailboxes so far"

}

Open in new window


thank you in advance,
Kelly
Kelly GarciaSenior Systems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
The below should satisfy your entire search criteria including special characters like ':'  and you can add or remove what you don't need

Search-Mailbox username -SearchQuery {subject:'"RE:" "NOTICE:" MC Support UPGRADE' AND From:"sender@domain.com" AND received:>01/3/2018} -DeleteContent -Confirm:$false -Force
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.