Too many log in scan logs

[santoso 7]

Hello,

We test Eset cloud security with google workspace, and have several question:

1. why there is many log when user send email. for one email, there is 5 log

2. for how long these log will be purge, i cant see settings for this

3. when i send email with attachment file, why i cant see information about attachment. attchment with password or without password

Thank you

[Marcos 5,165]

I would recommend raising a support ticket and providing your customer ID. The message ID should be checked in the first place to make sure that the records are really related to the very same message. As for the log retention period, according to https://help.eset.com/ecos/en-US/logs.html it's 90 days.

[product_manager_8 5]

Hi @santoso, there are several questions here so I will respond in points below:

• ECOS scans emails when it receives API notification that something changed. For instance, the first time it may be scanned when the email is received, the second time may be scanned when the email is read, the third time it may be scanned when it is flagged or moved to a different folder... What may happen sometimes is that when the email is generally seen for the first time, it may be marked as clean but a few seconds later, once all our engines are done evaluation, it may meet criteria to be categorized as SPAM.
• ECOS only scans incoming emails, drafts have scanning skipped, but they are still logged, so as you are writing the email, because ECOS is still getting notifications of email modification
• As for why attachments are not scanned:
  • Password protected archives are not scanned because we cannot open them unless the password is written inside of the email
  • Zips that are received (not sent) that do not have password should be scanned though. But if you are uploading a file from your Google Drive and have the Google Drive protection on, those files would be scanned when they were uploaded anyways.

I hope this helps.

[santoso 7]

16 hours ago, Marcos said:

I would recommend raising a support ticket and providing your customer ID. The message ID should be checked in the first place to make sure that the records are really related to the very same message. As for the log retention period, according to https://help.eset.com/ecos/en-US/logs.html it's 90 days.

thank you for information, we will continue this test and raise ticket when need.

 

14 hours ago, product_manager_8 said:

Hi @santoso, there are several questions here so I will respond in points below:

• ECOS scans emails when it receives API notification that something changed. For instance, the first time it may be scanned when the email is received, the second time may be scanned when the email is read, the third time it may be scanned when it is flagged or moved to a different folder... What may happen sometimes is that when the email is generally seen for the first time, it may be marked as clean but a few seconds later, once all our engines are done evaluation, it may meet criteria to be categorized as SPAM.
• ECOS only scans incoming emails, drafts have scanning skipped, but they are still logged, so as you are writing the email, because ECOS is still getting notifications of email modification
• As for why attachments are not scanned:
  • Password protected archives are not scanned because we cannot open them unless the password is written inside of the email
  • Zips that are received (not sent) that do not have password should be scanned though. But if you are uploading a file from your Google Drive and have the Google Drive protection on, those files would be scanned when they were uploaded anyways.

I hope this helps.

thank you for explaination

for attachment, i mean why there is no information about attachment in logs
like attachment name, attachment size, ect