Jump to content

#CASE_00749944 - Emails with Subject line "disarmed"


Go to solution Solved by Marcos,

Recommended Posts

Hi ESET Team, 

See the below concern of our client:

Since earlier today I notice emails coming through with the subject line {disarmed} before the subject - this so far affects at least two different accounts. These are very standard emails and I don't know why these emails suddenly have this additional flag. Has anything changed in how Eset Endpoint Security is handling Email processing?

I would like to ask, is there steps that we need about this case?

 

Link to comment
Share on other sites

Hi ESET Team, 
 
I asked the client if they have existing  Mail scanner, but he is not sure 
 
I am not sure how to answer the question about mail scanner.  With respect to Eset, we are using   
 
Eset Protect Cloud for the office - the installation is standard and we did not set up anything special re mail scanning. Obviously once emails are downloaded to the relevant workstations, Eset Endpoint Security will scan. 
 
I attach a screenshot of how the "disarmed" subject line looks.  I also attach a screenshot on how Web and Mail appears in my desktop.  Most is greyed out, managed via cloud as standard.  The change to have "disarmed" attached
to the subject line started only yesterday and does not seem to affect all emails. 
 
I also attached the screenshot of the (disarmed subject line for your reference)

SCREENSHOTS.zip

Link to comment
Share on other sites

  • Administrators
  • Solution

The string is not added by ESET to the subject of email. The best I could find is the following explanation although without a reference to particular software that adds it:

The {disarmed} flag in the subject line of a filtered email indicates the system has located a "Web Bug" or tracking code and has disabled it.

A "Web Bug" is a piece of code attached to an email that is invisible to the reader, but sends tracking information to a remote server that would then keep track of information such as when you opened the email, what kind of computer you are using, what your IP address is and so forth which the sender (or sending server) could use to identify you. This type of tracking code is most often found in HTML "newsletters" and spam messages to track when users open and read their e-mails.

The filters prevent that information from getting back to the sender to protect privacy. This helps prevent the further propagation of spam, because once an email address is verified as real, and that a human viewed it, the now-confirmed email address will tend to make its way to other senders.

https://www.virtbiz.com/client/index.php?rp=/knowledgebase/14/Email-arrives-that-says-it-has-been-disarmed.html

Link to comment
Share on other sites

Thank you Marcos, i will let our client know about the above information.

 

Thank you very much!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...