ESET Staff
  • Content count

  • Joined

  • Last visited

  • Days Won


filips last won the day on April 6

filips had the most liked content!

About filips

  • Rank

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

780 profile views
  1. Hi Daniëlw, all important events/warnings/errors should be recorded in log. I think you stumbled upon a bug - i agree that GUI alert is not sufficient in your scenario. ERA will help you get all alerts and notifications (until the problem is fixed).
  2. Hi, it includes all blacklists/whitelists that work with IP address
  3. Hi Daniëlw, Email notifications work without remote administrator. If you don't receive notifications then it is probably related to your settings. You can set "Interval after which new notification emails will be sent (min)" to 0 for testing and send an email with eicar. This should generate notification.
  4. Hi, you can use Ignored lists to exclude some (irrelevant) information from classification. This is useful in more cases, e.g.: False positive - If you receive email from some provider that got to cloud blacklist, all email from this provider will be marked as spam. You can add IP/domain to ignored list to ignore this piece of information but still evaluate antispam. Exclude IP addresses of servers that are part of your infrastructure. IP address of your server may become whitelisted causing all mail coming from this server marked as ham. * we will fix the KB article
  5. Hi, The manual is right - CU4 is not supported because of this problem
  6. Rule settings are on page Advanced setup/Server protection/Rules 1. Add new rule 2. Select conditions - By message subject, By message sender 3. Enter values that you want to block 4. Select action + check Log (you can test it with No action for a while) more info
  7. Hi, you can create a rule to block messages with specific subject and sender
  8. Hi, you can submit the file to ESET as potential false positive ( And of course you can exclude the CatalogData folder in the meantime
  9. We don't have any feature to notify users when using quarantine mailbox. Each quarantine type has some pros and cons - you must decide which one suits you best, e.g. Local quarantine gives us more control so it has some nice features like: - users can manage their spam using: - mail reports - web interface - spam emails do not enter Exchange infrastructure Disadvantage is that if you have more transport servers then you will have more quarantines to manage more info here
  10. Hi, quarantine reports are supported only when using local quarantine
  11. Hi, unfortunately, we don't support content filtering by message body (yet) maybe you could use "Blocked Body Domain list" to mark messages that contain some domains in body as spam? ( you can specify a particular domain - e.g. or a top level domain - e.g. .com
  12. Hi, attachment name logging is not supported. The attachment name is logged only to Mailserver log if the attachment was deleted/quarantined. But it is a good idea - i filed an improvement and this option should be added to EMSX V7
  13. Hi, do you see any errors in logs? Check both EMSX logs and Application event log. You can also try installing XmonAgent manually using EMS Install-TransportAgent TransportAgentFactory: XmonAgent.XmonSmtpAgentFactory Name: ESET Filtering Agent AssemblyPath: C:\Program Files\ESET\ESET Mail Security\XmonAgent.dll
  14. Hi, there seems to be a problem with SPF macro expansion - should be fixed in next EMSX release. When you mentioned other "legitimate" sender, do you mean other domains? Can you give us other domain-IP pairs that are not evaluated correctly? We can examine them and check whether they are related to the problem with or not
  15. Hi, unfortunately current version of EMSX does not support what you need. Email can be released by user only if it was quarantined by our antispam protection.