Jump to content

Archived

This topic is now archived and is closed to further replies.

Joe-ESET2016

Eset Mail Security - research about dangerous file extension and log entry not 100% visible

Recommended Posts

Hello, 

 

with ref to

eset mail security incoming rules
understanding better which file extensions are dangerous based on the eset LOG     (e.g.  I also saw many *.img and *.iso with virus content)
 

a)

Question: Some ESET Mail Security for Exchange Version 6 and 7  has this Problem:  if I go unter Log and Details the text is snipped / not full line, I need drive the mouse cursor over it to see the full style. Do you know how to solve? I didn´t updated to the latest version yet.  

 

b) I would like to find out which file extension´s were blocked.  (I am using the incoming rules)

Do you think I can do better / more "statistic, research" if I  add more Actions into the RULE  ?

 I only know that this can be inserted, but I think the information is always in the log, I don´t need this actions:

Regel "%RuleName%" angewendet.
Betreff: %Subject%
Absender: %Sender%
Empfänger:%Recipients%

Share this post


Link to post
Share on other sites

You can make columns wider by dragging the column delimiter and moving it rightward. The whole content is also usually shown in tooltips when you hover the mouse cursor over a log record.

Nowadays typical malware that spreads via email are Office documents with malicious macros so you can't filter them out without filtering also legitimate documents. However, I recall that creating a transport agent rule with attachment type set to documents with active content or something along that line (https://help.eset.com/emsx/7.0/en-US/idh_wizard_rule_condition.html) would limit the rule to only possibly malicious documents. If you also receive emails with legitimated documents with macros, you could take advantage of ESET Dynamic Threat Defense which is available for bigger customers for an extra fee and provides online analysis of every potentially malicious attachment in cloud before it's delivered to the mailbox. Scan results are shared between computers within the company by means of ESET Dynamic Threat Defense.

Share this post


Link to post
Share on other sites

Hello @Joe-ESET2016,

I have an input from our development team as well:

a)
This has been fixed in the latest version. In previous versions of the product there is a workaround, you need to delete all registry values starting with “mailserver” under the key
HKEY_CURRENT_USER\Software\ESET\ESET Security\CurrentVersion\LogFilter

b)
Ad. “I would like to find out which file extension´s were blocked”:
You can use “Log to events” action with macro %Attname% to log the name and extension of the blocked file – useful for “Attachment type” conditions, where the file extension doesn’t need to match the real file type.

Regards,
Tomas

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...