Jump to content

Eser Mail Security rules and PDF as container


Recommended Posts

I have Eset Mail Secuirity for MS Exchange, аnd rule to send to quarantine messages with danger extensions (*.js, *.vbs etc).

This rule works fine for many days, but one message was quarantined unexpectedly. This message contain only two pdf attachments. But *.pdf  don't block by my rule.

Maybe Eset analyze pdf files as containers - and name of one of parts was blocked by rule? Some other antivirus check pdf like this:

mypdf.pdf/data0001
mypdf.pdf/data0002
mypdf.pdf/data0003
mypdf.pdf/data0004

How Eset "see" parts of PDF container?

Link to comment
Share on other sites

  • Administrators

Do you have that pdf so that we could use it for testing? I'd suggest contacting customer care and creating a regular support ticket for this as more iterations will be needed. You can also provide the pdf file along with ELC logs to me too via a pm.

Link to comment
Share on other sites

  • ESET Staff

Rules analyze files inside containers as well (e.g. zip/docx..). You should check your pdf files - they may contain blocked files.

Link to comment
Share on other sites

Unexpectedly quarantined message contains embedded jpg image with .com in the file name, but Outlook don't show this image as attachment.

Thanks for answers!

Link to comment
Share on other sites

  • 2 weeks later...

Good afternoon, I commented that I have seen several spam emails with attachments that pretend to be pdf, but Eset Mail Security blocks them because it is certainly malware

eset.jpg

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...