Jump to content


ESET Staff
  • Content Count

  • Joined

  • Last visited

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, have you tried using custom rules with the combinations of conditions From header - address From header - display name? You can also have all macro-enabled office documents quarantined, using the Attachment type condition.
  2. Hi, also please note that ESET Mail Security for Exchange can also be used to scan Exchange Online mailboxes with on-demand scan in case of hybrid deployments (on-premise + cloud). Mail transport in hybrid deployments is scanned only if emails are routed first to on-premise server and then to cloud. Matej
  3. Hi Brent, currently this is not possible to do, other than to have the archives password protected and thus bypassing the attachment filtering rules. Matej
  4. Hi Joe, yes, Exchange can move spam to recipients' Junk folder based on the SCL score, so setting up a rule to insert the SCL header should be enough. Best regards, Matej
  5. Hi, yes, by default Mail Transport protection adds X-Eset... headers to all scanned emails, unless it's turned off in settings. So if headers are missing, it's better to check why (settings, logs, topology, ...). Best regards, Matej
  6. Hi, RBL servers are queried with IP addresses extracted from message headers, DNSBL server are queried with domains and IP addresses extracted from the message body. So the answer depends on the type of the BL, i.e. Spamhaus could be in both, Spamcop collects only IP's so it's probably sufficient to put it only in Additional RBL servers list, etc.. Best regards, Matej
  7. Hi, a quick update to this older thread. With the upcoming update of the Archive support module (v1303, currently on pre-release servers) it should be now possible to remove macros from office documents in incoming emails, even in previously released Mail security products. If you define a custom rule with Attachment type condition, select "Office files/Generic OLE2 Compound Document", and choose Quarantine attachment (or Delete attachment) as an action, Office documents will be delivered without any macros. Note: you can of course combine additional conditions in the rule
  8. Hi Tom, in Mail Security there is an option to define a custom rule to move all emails containing macro-enabled office documents to quarantine. You need to define an Attachment type condition and mark "Microsoft Office Macro-Enabled Document (97-2003)", "Microsoft Word Macro-Enabled (2007+) (*docm, *dotm)", etc... Matej
  • Create New...