Jump to content


ESET Staff
  • Content Count

  • Joined

  • Last visited

Everything posted by M.K.

  1. Hi, the way you can test this is to create another rule with condition that always hit on the email above, and add Action of type "Log to events" and use a variable %Recipients% in the text. That way you can verify all the addresses Mail Security sees when evaluating the rule. Best regards, Matej
  2. Hi, just to clarify, when evaluating Recipient condition, Mail Security currently uses values of "To" and "Cc" MIME headers and all addresses passed in RCPT commands in SMTP envelope - that includes all Bcc recipients too. Note: for incoming messages the "Bcc" MIME header shouldn't be present at all - at least according to RFC (5322). But for outgoing messages it could be useful to add it to the condition evaluation - if that's the case. We can track it as a feature request. Best regards, Matej
  3. Hi, a quick update to this older thread. With the upcoming update of the Archive support module (v1303, currently on pre-release servers) it should be now possible to remove macros from office documents in incoming emails, even in previously released Mail security products. If you define a custom rule with Attachment type condition, select "Office files/Generic OLE2 Compound Document", and choose Quarantine attachment (or Delete attachment) as an action, Office documents will be delivered without any macros. Note: you can of course combine additional conditions in the rule to target it to specific groups or types of emails. Matej
  4. Hi Tom, in Mail Security there is an option to define a custom rule to move all emails containing macro-enabled office documents to quarantine. You need to define an Attachment type condition and mark "Microsoft Office Macro-Enabled Document (97-2003)", "Microsoft Word Macro-Enabled (2007+) (*docm, *dotm)", etc... Matej
  • Create New...