santoso 7 Posted July 2 Posted July 2 Hello, We test Eset cloud security with google workspace, and have several question: 1. why there is many log when user send email. for one email, there is 5 log 2. for how long these log will be purge, i cant see settings for this 3. when i send email with attachment file, why i cant see information about attachment. attchment with password or without password Thank you
Administrators Marcos 5,441 Posted July 2 Administrators Posted July 2 I would recommend raising a support ticket and providing your customer ID. The message ID should be checked in the first place to make sure that the records are really related to the very same message. As for the log retention period, according to https://help.eset.com/ecos/en-US/logs.html it's 90 days.
ESET Staff product_manager_8 5 Posted July 2 ESET Staff Posted July 2 Hi @santoso, there are several questions here so I will respond in points below: ECOS scans emails when it receives API notification that something changed. For instance, the first time it may be scanned when the email is received, the second time may be scanned when the email is read, the third time it may be scanned when it is flagged or moved to a different folder... What may happen sometimes is that when the email is generally seen for the first time, it may be marked as clean but a few seconds later, once all our engines are done evaluation, it may meet criteria to be categorized as SPAM. ECOS only scans incoming emails, drafts have scanning skipped, but they are still logged, so as you are writing the email, because ECOS is still getting notifications of email modification As for why attachments are not scanned: Password protected archives are not scanned because we cannot open them unless the password is written inside of the email Zips that are received (not sent) that do not have password should be scanned though. But if you are uploading a file from your Google Drive and have the Google Drive protection on, those files would be scanned when they were uploaded anyways. I hope this helps.
santoso 7 Posted July 3 Author Posted July 3 16 hours ago, Marcos said: I would recommend raising a support ticket and providing your customer ID. The message ID should be checked in the first place to make sure that the records are really related to the very same message. As for the log retention period, according to https://help.eset.com/ecos/en-US/logs.html it's 90 days. thank you for information, we will continue this test and raise ticket when need. 14 hours ago, product_manager_8 said: Hi @santoso, there are several questions here so I will respond in points below: ECOS scans emails when it receives API notification that something changed. For instance, the first time it may be scanned when the email is received, the second time may be scanned when the email is read, the third time it may be scanned when it is flagged or moved to a different folder... What may happen sometimes is that when the email is generally seen for the first time, it may be marked as clean but a few seconds later, once all our engines are done evaluation, it may meet criteria to be categorized as SPAM. ECOS only scans incoming emails, drafts have scanning skipped, but they are still logged, so as you are writing the email, because ECOS is still getting notifications of email modification As for why attachments are not scanned: Password protected archives are not scanned because we cannot open them unless the password is written inside of the email Zips that are received (not sent) that do not have password should be scanned though. But if you are uploading a file from your Google Drive and have the Google Drive protection on, those files would be scanned when they were uploaded anyways. I hope this helps. thank you for explaination for attachment, i mean why there is no information about attachment in logs like attachment name, attachment size, ect
ESET Staff Solution product_manager_8 5 Posted July 8 ESET Staff Solution Posted July 8 Hi @santoso, I just wanted to clarify some of my earlier comments: 90 day retention is for detected items and items in quarantine, Clean logs are only kept for 3 days. There is no setting to adjust it, but if you require longer retention for clean logs, ECOS offers remote syslog sending so you can store them remotely or save into csv directly from the console. As for the attachment information, we provide that information about detected files. For instance, if we detect a file containing malware, you can navigate into detections and you would see the file name, type of detection and a hash in the detail. We do not do this for clean files, but it is something we may add over time. One correction on my previous comments about mail drafts - we do, in fact, scan them with the anti-malware and anti-phishing engines, but not the anti-spam engine. That´s the reason you see multiple logs for the same email as well.
santoso 7 Posted July 9 Author Posted July 9 19 hours ago, product_manager_8 said: Hi @santoso, I just wanted to clarify some of my earlier comments: 90 day retention is for detected items and items in quarantine, Clean logs are only kept for 3 days. There is no setting to adjust it, but if you require longer retention for clean logs, ECOS offers remote syslog sending so you can store them remotely or save into csv directly from the console. As for the attachment information, we provide that information about detected files. For instance, if we detect a file containing malware, you can navigate into detections and you would see the file name, type of detection and a hash in the detail. We do not do this for clean files, but it is something we may add over time. One correction on my previous comments about mail drafts - we do, in fact, scan them with the anti-malware and anti-phishing engines, but not the anti-spam engine. That´s the reason you see multiple logs for the same email as well. Thank you, It's clear now
Recommended Posts