Jump to content


ESET Staff
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by filips

  1. Hi raimund, Attachment type rules are evaluated on all files in archives - zipped document with macro will be caught by the rule (unless it's password protected). Rules support only comparing of static strings so it is not possible to compare From: and Return-Path: headers. Not a perfect solution, but something like this should do the job: From Header - display name contains one of [@customer1.com, @customer2.com] Message headers do not match regular expression "\nReply-To: .*(@customer1.com|customer2.com)"
  2. Hi Richard, There is a known bug in creation of new log files (wrong file number generation) that causes new log files to not be created. As a temporary workaround we suggest removing all old scan logs.
  3. Hi lafonso, All lists work without a reboot. What is the reason for blocking after you whitelisted the domain? Please check the Mailserver protection log.
  4. Hi Antony, You can create a transport rule Condition: Antivirus scan result is Infected - Cleaned Action: Quarantine Please consider upgrading to v7.1
  5. Hi yardstudio, Releasing of spam from mail quarantine should work even if you don't report the false positive. The message is resent using replay directory and antispam is not evaluated again. If the email was marked as spam again, it means that it was routed through SMTP agent and tested for spam again - this is not the usual case. Do you have more Exchange servers in your environment? If yes can you describe routing of mail? Information about delivery of the message can be seen in "Received" headers (in the detail dialog) of the message that returned to quarantine. Please post the "Received" headers. BTW, which version of EMSX do you use?
  6. Of course you can create separate mailbox, but it's not necessary. EMSX skips scanning of emails going to the address set as quarantined mailbox in advanced setup. It should be enough to give the shared mailbox 2 addresses, e.g. info@ and quarantine@. Then set @quarantine as quarantine mailbox in advanced setup (so only emails going to @quarantine are skipped).
  7. Hi olsheset, you are right, emails going to quarantine mailbox are not scanned. Do you have info@ set as quarantine mailbox in advanced setup?
  8. The antispam engine will be disabled competely. We are already releasing new Mailserver module that disables the antispam engine to prevent more serious errors that could occur after April 1st. We prepared a KB article with details, you can find it at https://support.eset.com/kb7118/ Yes, anti-malware will work correctly
  9. Hi, Try executing "SHPIO13.exe displaystructure" under the same account as provided to our product. Are there any errors?
  10. Filtering rules are executed before AS/AV scan and result processing after AS/AV scan (https://help.eset.com/emsx/7.0/en-US/idh_config_mailserver_rules.html) X-ESET-AS is header with some diagnostic information, you could compare it with regex, it looks like header of whitelisted mail contains "OP=WL"
  11. Hi davidenco, "Approved Domain to IP List" and the "Ignored Domain to IP List" are used only by antispam engine To whitelist some IP addresses, modify the rule - create a condition "Sender's IP address is not any" and specify list of allowed IP addresses Only on-demand database scan rules can affect emails while scanning with on-demand database scan, transport rules are used only when scanning by transport agent
  12. Hi, as marcos noted this error is logged when automatic exclusions for Microsoft SQL server are enabled. Automatic exclusions for Microsoft SQL server are using ADO API to read information from "sys.master_files" table to get list of files to exclude from scanning. The ADO API obviously loads a DLL that is not signed. As a workaround, automatic exclusions for Microsoft SQL server can be disabled.
  13. Hi, you can use command "import license key xxxx-xxxx-xxxx-xxxx"
  14. Hi, Another reason for removing the option from screens was that it was misused most of the time (lowering the detection rate of antispam engine). However, it's still supported by the backend and can be configured using XML.
  15. Hi Paul, there is no way to change this in current version of EMSX. The envelope sender address was chosen on purpose because From: header can be spoofed easily. I tracked this as an improvement as it wouldn't be a problem to add such option or display both addresses. Can you give us some examples of envelope sender address causing you problems? thanks
  16. Hi, You can create a transport rule with conditions: From header - address contains one of {list of your domains} Sender's IP address is not one of {list of your IP addresses} If you wish to limit this rule to the finance department, then add a condition: Recipient's organizational units and select corresponding OUs and actions: Log to events Reject message/Drop message/Quarantine message
  17. Hi, you can create transport rules to block messages by subject or by message body, but you have to specify the blocked words manually
  18. I'm trying to see the advantages of installing ESET using the extension... When deploying infrastructure using Resource Manager templates, you can reference extensions to be deployed to a VM as part of the whole process. If you want to install to one machine, manual install may be easier. Extension management interface is not very fancy, e.g. when the extension needs to reboot after upgrade/uninstall, there is no way to indicate that. It will either wait or force reboot – what can be a surprising action for admin. Also the Azure Advisor says that there is no Endpoint Protection on the VM (said before upgraded to v7).. Detection of Endpoint protection is unrelated to whether the product was installed as extension or not. Currently, MS does not recognize ESET as Endpoint protection. Don't know why, we are trying to reach them. Now v7 is here and there is no way (that I can see) to use the Azure interface to upgrade Eset file security on the VM. Upgrade: Extension management system does not do major version upgrades. No way to do that automatically. Install: Currently, clean install of v7 can be done only via PowerShell, because we need to update the portal UI to reference new major version (it references v6 now). We are working on this with MS right now, but as it is handled via emails, it takes time.
  19. Hi Dean, We will add import/export options to lists in rules (just like in antispam filtering lists) - these options will be available after ERA configuration module update. In the meantime - what is your use case? It's also possible to export the configuration directly in product - this will give you an XML file. This file can be modified - e.g. you can remove everything except rules, modify the list and then import the rules on other machine etc. It looks like you are trying to do some antispam filtering - if you have problems with antispam detection rate, you can submit samples to ESET (https://support.eset.com/kb141/#spam) or contact customer care
  20. Hi, We managed to reproduce the issue - the problem is that Database scan task scheduled in policy is not created correctly. A workaround exists: When you create a scheduled Database scan task in ESMC, click edit and go through the wizard again. When you click finish the task should be saved correctly. The issue will be fixed in configuration module for ESMC
  21. Hi davidenco, thank you for your suggestion. We added this improvement to our backlog.
  22. Please ignore that sentence, of course you don't need Hyper-V
  23. There seems to be a problem when the database scan is scheduled in ESMC policy - we will investigate it I didn't know you were using ESMC - to schedule a scan from ESMC, you can use Client tasks/Server scan (https://help.eset.com/esmc_admin/70/en-US/dashboard.html?client_task_server_scan.html). But you have to enable sending of scan targets to ESMC first: https://help.eset.com/emsx/7.0/en-US/idh_config_era_targets.html This is the most up to date option and it gives you the ability to select mailboxes/public folders just like in EMSX.
  24. Hi davidenco, you can try enabling Diagnostic logging (Menu->Setup->Tools) for a minute and run the Database scan. Then check "Events" log to get more information.
  25. This issue should be fixed in ESET Mail Security for Microsoft Exchange Server version 7.0.10020.0
  • Create New...