katbert 3 Posted June 27, 2017 Posted June 27, 2017 I have Eset Mail Secuirity for MS Exchange, аnd rule to send to quarantine messages with danger extensions (*.js, *.vbs etc). This rule works fine for many days, but one message was quarantined unexpectedly. This message contain only two pdf attachments. But *.pdf don't block by my rule. Maybe Eset analyze pdf files as containers - and name of one of parts was blocked by rule? Some other antivirus check pdf like this: mypdf.pdf/data0001 mypdf.pdf/data0002 mypdf.pdf/data0003 mypdf.pdf/data0004 How Eset "see" parts of PDF container?
Administrators Marcos 5,739 Posted June 27, 2017 Administrators Posted June 27, 2017 Do you have that pdf so that we could use it for testing? I'd suggest contacting customer care and creating a regular support ticket for this as more iterations will be needed. You can also provide the pdf file along with ELC logs to me too via a pm.
ESET Staff filips 44 Posted June 27, 2017 ESET Staff Posted June 27, 2017 Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files.
katbert 3 Posted June 28, 2017 Author Posted June 28, 2017 Unexpectedly quarantined message contains embedded jpg image with .com in the file name, but Outlook don't show this image as attachment. Thanks for answers!
Juan50 0 Posted July 6, 2017 Posted July 6, 2017 Good afternoon, I commented that I have seen several spam emails with attachments that pretend to be pdf, but Eset Mail Security blocks them because it is certainly malware
Recommended Posts