katbert 3 Posted June 27, 2017 Share Posted June 27, 2017 I have Eset Mail Secuirity for MS Exchange, аnd rule to send to quarantine messages with danger extensions (*.js, *.vbs etc). This rule works fine for many days, but one message was quarantined unexpectedly. This message contain only two pdf attachments. But *.pdf don't block by my rule. Maybe Eset analyze pdf files as containers - and name of one of parts was blocked by rule? Some other antivirus check pdf like this: mypdf.pdf/data0001 mypdf.pdf/data0002 mypdf.pdf/data0003 mypdf.pdf/data0004 How Eset "see" parts of PDF container? Link to comment Share on other sites More sharing options...
Administrators Marcos 3,887 Posted June 27, 2017 Administrators Share Posted June 27, 2017 Do you have that pdf so that we could use it for testing? I'd suggest contacting customer care and creating a regular support ticket for this as more iterations will be needed. You can also provide the pdf file along with ELC logs to me too via a pm. Link to comment Share on other sites More sharing options...
ESET Staff filips 43 Posted June 27, 2017 ESET Staff Share Posted June 27, 2017 Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files. Link to comment Share on other sites More sharing options...
katbert 3 Posted June 28, 2017 Author Share Posted June 28, 2017 Unexpectedly quarantined message contains embedded jpg image with .com in the file name, but Outlook don't show this image as attachment. Thanks for answers! Link to comment Share on other sites More sharing options...
Juan50 0 Posted July 6, 2017 Share Posted July 6, 2017 Good afternoon, I commented that I have seen several spam emails with attachments that pretend to be pdf, but Eset Mail Security blocks them because it is certainly malware Link to comment Share on other sites More sharing options...
Recommended Posts