Jump to content
Guillaume Chartrand

Mail security Office file with macro

Recommended Posts

Hi, I search a way to fine tune the Mail security function.

We have a lot of spam email with fraudulent bill in Word format. So I activate the rule "block attached office file with macro" for protection transport role. The rule is going great, but maybe too great. Good office document, emailed with validated sender is also blocked. But if I uncheck the rule, some of  the fraudulent bill came and the mail security doesn't seems to clean it. We receive it in our mailbox and it's the local anti-virus who detect the virus inside the Word document.

In the mail security log, the server seems to clean the file and send it, but at the end, the file isn't clean.

How can I resolve that? Can we make a rule that if the sender is in a white list, don't block the office file with macro?

 

Thanks

 

Share this post


Link to post
Share on other sites

Perhaps Dynamic Threat Defense (EDTD) would be an ideal solution for you. As of EMSX v7, documents with macros can be submitted to the EDTD sandbox where the file is opened and the behavior is monitored. Besides that, the file is evaluated by Augur (ESET's machine learning system) and the result is returned to EMSX which will deal with the email accordingly.

It is possible to configure EDTD to delete analyzed documents immediately after analysis or after some time.

Share this post


Link to post
Share on other sites

Hi Guillaume,

[apart from using EDTD]
to disable the rule for certain users, you can update the default rule with new condition. You could add "Sender is not one of {list of whitelisted senders}" or "Sender's IP address is not one of {list of whitelisted IPs}" etc.

20 hours ago, Guillaume Chartrand said:

In the mail security log, the server seems to clean the file and send it, but at the end, the file isn't clean. 

This shouldn't happen, but we need some diagnostic data to examine the issue - you could contact customer care for further assistance.

Edited by filips

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×