X-EsetId: tag applied to email headers

[CraigB 1]

We have multiple users that using Outlook to access the same office 365 mailbox and are getting sync conflict issues and multiple copies of the each message.

The ESET scanner is appending an X-esetid tag tothe header of every message as it scans, but we are getting conflict messages where multiple computers are receiving and scanning the same email and adding a different ID tag to the email header. When the message with the changed header is seen by the server, it is causing a conflict message because the emails are no longer identical between all of the computers. 

The exchange server is generating error logs like this

16:22:25 Compare property: 0x007D001F
16:22:25 Ignore property: 0x3FFA001F
16:22:25 Compare named property: EsetMessageFlag
16:22:25 Getting remote properties
16:22:25 Checking remote modifications
16:22:25 Compare (conflict) property: 0x007D001F
16:22:25 Not equal (conflict) property: 0x007D001F
16:22:25 Local modification: {00:21:51.0644  06/01/2017 [DD/MM/YYYY]}
16:22:25 Remote modification: {00:22:21.0081  06/01/2017 [DD/MM/YYYY]}
16:22:25 Conflict generated, remote item is winner
 

And after one of the messages "wins" the other message gets moved to the Conflicts folder. The message in the inbox gets a warning notice that the user has modified another copy of the message and there is an option to view the other versions. 

I have done a text comparison between the conflicting message and headers and the ONLY difference between them is a tag in the header like this:
X-EsetId: 37303A298C781C696C7C64     where each version of the message has a different tag number

I have set the email policy 'alerts and notifications' option 'append tag messages to received and read email' and sent mail both to Never, but this has not changed the X-EsetId header tag behaviour.

 

I need a way to stop ESET from appending this tag to the email header.

 

I am running ESET Endpoint Antivirus 6.4.2014.0 and Remote Administrator 6.4.304.0

 

[Marcos 4,694]

Unfortunately, it's not possible to avoid it without disabling scanning of emails as information about scanned emails must be stored somewhere. We plan to change this but since it requires big changes in plug-ins, it's rather a long-term plan.

Perhaps the issue could be mitigated by installing ESET on the mail server and disabling email protection on clients.

[CraigB 1]

This is unfortunate as my clients that are affected by this issue are using Office 365. I don't have control of the mail server, so cannot install ESET on it.

I have temporarily disabled the email scanner, and for four days now, not a single conflict message has been created, whereas prior to that I was getting 1-2 conflict messages per email received, so ESET is definitely the cause.

Is there any way to limit the email scanner to only scan specific folders? I could potentially configure each computer to only scan the email folders that are unique to it, so that multiple computers are not scanning the same folder.

 

[itman 1,538]

2 hours ago, CraigB said:

Is there any way to limit the email scanner to only scan specific folders? I could potentially configure each computer to only scan the email folders that are unique to it, so that multiple computers are not scanning the same folder.

I don't believe so. The e-mail is being received encrypted. Eset scans such e-mail at the network level using its own SSL cert. to decrypt the e-mail and then scan it prior to it hitting the hard disk.

I am not familiar with the internal workings of Outlook which I assume is the e-mail client being used. If Outlook stores the e-mail in the folder encrypted, Eset scanning of those folders would not work. If the e-mail is stored unencrypted, then Eset's real-time scan engine will scan each e-mail as it is created in the folder I would assume. Way to test would be to send yourself an e-mail with Eicar virus string included within.