DanAvni 0 Posted January 19, 2015 Share Posted January 19, 2015 I have set up rules in the Rules config section to do the following: 1. smart block of all exe files (also included *.scr) 2. dangerous executables to block among other extensions *.scr on of my users got an email with a zip file. inside the zip was another zip and inside it a filename with scr extension. How did the scr file passed both rules and got to my user mailbox? Doesn't the Rules config search inside attached archives for blocked files? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,708 Posted January 19, 2015 Administrators Share Posted January 19, 2015 You'd have to create a rule for zip attachments to remove such malware. However, to get better protection against spammed malware simply enable detection of potentially dangerous attachments. For more information, please refer to page 76 of the EMSX User guide. Link to comment Share on other sites More sharing options...
DanAvni 0 Posted January 19, 2015 Author Share Posted January 19, 2015 for my understanding: If I create a zip rule, I assume it will block all zip files. Am I correct? I want to allow zip files in but I do not want nested zip files with exe files inside them I enabled the potentially dangerous attachments. does this also scan inside zip files? and specifically nested ones? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,708 Posted January 19, 2015 Administrators Share Posted January 19, 2015 for my understanding: If I create a zip rule, I assume it will block all zip files. Am I correct? I want to allow zip files in but I do not want nested zip files with exe files inside themRight. What you want to achieve is not feasible using rules. I enabled the potentially dangerous attachments. does this also scan inside zip files? and specifically nested ones?Yes, typical spammed malware will be detected in archives too. Link to comment Share on other sites More sharing options...
katbert 3 Posted February 11, 2016 Share Posted February 11, 2016 Same question Eset MailSecurity 4.5.10023.0 can block *.js attachments by rule But if *.js in zip archive - don't block If I enable detection of potentially dangerous attachments - MailSecurity block only files with double extension in zip (*.doc.exe in zip) Is it possible to create rule to block any *.js files in zip archives? Link to comment Share on other sites More sharing options...
TomTomTom 2 Posted May 30, 2016 Share Posted May 30, 2016 (edited) Now I have installed ESET Mail Security 6.3.10005.2 on my Exchange Server. I have activated the Mailtransportrule for deleting executable files. Now I have created a rule, that has to delete attachments with .JS. The next step would be to block any zip achives with a .JS file inside. But sadly I can not find a way to create this rule. Has someone an idea how I can create these two rules? Thanks TomTomTom Edited May 30, 2016 by TomTomTom Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted June 29, 2016 ESET Staff Share Posted June 29, 2016 If you created a rule that deletes all *.JS files, it will also delete archives that contain *.JS files - there is no need to create another rule Link to comment Share on other sites More sharing options...
Recommended Posts