[Transport rule in Mail security]

Hi mrbadger81,

You can use "Sender's domain" "contains / contains one of" "wxyz.com" to block all domains that contain 'wxyz.com"

or use "Sender's domain" "is / is one of" "abcd.wxyz.com" to block particular domain

 

[ESET Mail Security v6.5 Exchange 2010]

Hi,

1) ESET mail security does not have per user blacklist/whitelist
2) Safe senders set in Outlook will be whitelisted if "Use Exchange Server whitelists to automatically bypass antispam protection" enabled

[2 Questions regards Mail Security for Exchange - quanrantine logs and DNSBL]

Hi V2TW,

1. Not in current version

2. Yes, you can see the reason in detail form of each quarantined mail or in web interface if logged in as quarantine admin, e.g.

[Eser Mail Security rules and PDF as container]

Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files.

[Emailing alert notifications]

Hi Daniëlw,

all important events/warnings/errors should be recorded in log. I think you stumbled upon a bug - i agree that GUI alert is not sufficient in your scenario. ERA will help you get all alerts and notifications (until the problem is fixed).

[Question about ignored lists]

Hi,

it includes all blacklists/whitelists that work with IP address

[Emailing alert notifications]

Hi Daniëlw,

Email notifications work without remote administrator. If you don't receive notifications then it is probably related to your settings. You can set "Interval after which new notification emails will be sent (min)" to 0 for testing and send an email with eicar. This should generate notification.

 

 

[Question about ignored lists]

Hi,

you can use Ignored lists to exclude some (irrelevant) information from classification.

This is useful in more cases, e.g.:

• False positive - If you receive email from some provider that got to cloud blacklist, all email from this provider will be marked as spam. You can add IP/domain to ignored list to ignore this piece of information but still evaluate antispam.
• Exclude IP addresses of servers that are part of your infrastructure. IP address of your server may become whitelisted causing all mail coming from this server marked as ham.

* we will fix the KB article

[ESET Mail Secuity version 6.x - Exchange 2013 compatibility]

Hi,

The manual is right - CU4 is not supported because of this problem https://support.microsoft.com/en-us/help/2938053/third-party-transport-agents-cannot-be-loaded-correctly-in-exchange-server-2013

[ESET Mail Security - block specific spam]

Rule settings are on page Advanced setup/Server protection/Rules

1. Add new rule
2. Select conditions - By message subject, By message sender
3. Enter values that you want to block
4. Select action + check Log (you can test it with No action for a while)

more info http://download.eset.com/manuals/eset_emsx_45_userguide_enu.pdf

[ESET Mail Security - block specific spam]

Hi,

you can create a rule to block messages with specific subject and sender

[ESET Mail Security - exclusions]

Hi,

you can submit the file to ESET as potential false positive (http://support.eset.com/kb141/#SubmitWebsite).

And of course you can exclude the CatalogData folder in the meantime

[Mail Security Quarantine Report]

We don't have any feature to notify users when using quarantine mailbox.

Each quarantine type has some pros and cons - you must decide which one suits you best, e.g.

Local quarantine gives us more control so it has some nice features like:
- users can manage their spam using:
    - mail reports
    - web interface
- spam emails do not enter Exchange infrastructure

Disadvantage is that if you have more transport servers then you will have more quarantines to manage

more info here http://help.eset.com/emsx/6.5/en-US/index.html?idh_config_mailserver_quarantine.htm

[Mail Security Quarantine Report]

Hi,

quarantine reports are supported only when using local quarantine

[Mail Security 6.4 :: URL Block]

Hi,

unfortunately, we don't support content filtering by message body (yet)

maybe you could use "Blocked Body Domain list" to mark messages that contain some domains in body as spam? (http://help.eset.com/emsx/6.5/en-US/?idh_config_mailserver_as.htm)

you can specify a particular domain - e.g. spamdomain.com or a top level domain - e.g. .com

 

[log attachment name in logfile]

Hi,

attachment name logging is not supported. The attachment name is logged only to Mailserver log if the attachment was deleted/quarantined.

But it is a good idea - i filed an improvement and this option should be added to EMSX V7

[Install ESET Transport agents]

Hi,

do you see any errors in logs? Check both EMSX logs and Application event log.

You can also try installing XmonAgent manually using EMS Install-TransportAgent
TransportAgentFactory: XmonAgent.XmonSmtpAgentFactory
Name: ESET Filtering Agent
AssemblyPath: C:\Program Files\ESET\ESET Mail Security\XmonAgent.dll

[Wrong "X-ESET-SPF: Fail"]

Hi,

there seems to be a problem with SPF macro expansion - should be fixed in next EMSX release.

When you mentioned other "legitimate" sender, do you mean other domains? Can you give us other domain-IP pairs that are not evaluated correctly?

We can examine them and check whether they are related to the problem with humblebundle.com or not

[ESET mail notification on quarantine objects]

Hi,

unfortunately current version of EMSX does not support what you need. Email can be released by user only if it was quarantined by our antispam protection.

[ESET mail notification on quarantine objects]

Users can manage their spam emails - both release and delete are allowed on spam emails.

The type column in screenshot you posted says "rule" - it was not quarantined by antispam but by rules. Email can be quarantined by AV protection, AS protection or by rules - the release action depends on this.

I filed an improvement to give administrator control over this behavior to be able to:
1. Create a rule that forbids certain content (e.g. file type policy) - user cannot release such emails
2. Create a rule that defers certain content (e.g. suspected spam) - user can release such emails

 

[Cannot install ESET Mail Security]

Hi,

Did you check event log for errors?

Please try this:

1. start command prompt as administrator
2. run "msiexec" - this should open installer help - does it work?
3. run "msiexec /i emsx_nt64_ENU.msi /lvx* emsx.log"
4. attach log

[ESET mail notification on quarantine objects]

Hi,

As i wrote above, this is not supported. Regular user cannot release emails quarantined by a content rule - only admin can.

If you quarantined some emails with a rule and want to release them, you have 2 options:
1. log in to the web interface as administrator and release them
2. go to machine where EMSX is installed and release them using GUI

If you want to allow regular users to release emails quarantined by content rule please submit a market requirement.

[ESET mail notification on quarantine objects]

Each user has access to his quarantined emails, but may not be able to do all operations. This is for security reasons.

e.g. If admin creates a rule that prohibits .exe files it would be too easy for the user to just release emails with .exe files. Now he has to request the files from admin.

If you have a specific content rule and want to allow users to release emails quarantined by this rule - this is currently not possible.

Could you give us an example/use case of what you are trying to achieve?

 

thanks

[ESET mail notification on quarantine objects]

Hi,

the type column says "rule" which means that regular user is not permitted to release such email - only admin.

You can specify quarantine administrators in advanced setup/server/mail quarantine

[ESET mail notification on quarantine objects]

That sounds like the quarantine page is somehow broken. Can you post a screenshot?