Jump to content

Recommended Posts

Posted

I have Eset Mail Secuirity for MS Exchange, аnd rule to send to quarantine messages with danger extensions (*.js, *.vbs etc).

This rule works fine for many days, but one message was quarantined unexpectedly. This message contain only two pdf attachments. But *.pdf  don't block by my rule.

Maybe Eset analyze pdf files as containers - and name of one of parts was blocked by rule? Some other antivirus check pdf like this:

mypdf.pdf/data0001
mypdf.pdf/data0002
mypdf.pdf/data0003
mypdf.pdf/data0004

How Eset "see" parts of PDF container?

  • Administrators
Posted

Do you have that pdf so that we could use it for testing? I'd suggest contacting customer care and creating a regular support ticket for this as more iterations will be needed. You can also provide the pdf file along with ELC logs to me too via a pm.

  • ESET Staff
Posted

Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files.

Posted

Unexpectedly quarantined message contains embedded jpg image with .com in the file name, but Outlook don't show this image as attachment.

Thanks for answers!

  • 2 weeks later...
Posted

Good afternoon, I commented that I have seen several spam emails with attachments that pretend to be pdf, but Eset Mail Security blocks them because it is certainly malware

eset.jpg

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...