Jump to content

Too many log in scan logs


Go to solution Solved by product_manager_8,

Recommended Posts

Hello,

We test Eset cloud security with google workspace, and have several question:

1. why there is many log when user send email. for one email, there is 5 log

2024-07-02_14-10.thumb.png.248e3403d7b64d9aeee982f517d9e58b.png

2. for how long these log will be purge, i cant see settings for this

3. when i send email with attachment file, why i cant see information about attachment. attchment with password or without password

2024-07-02_14-17.thumb.png.5fe83d542afdddcdde3915bbf24cbeb1.png

Thank you

Link to comment
Share on other sites

  • Administrators

I would recommend raising a support ticket and providing your customer ID. The message ID should be checked in the first place to make sure that the records are really related to the very same message. As for the log retention period, according to https://help.eset.com/ecos/en-US/logs.html it's 90 days.

Link to comment
Share on other sites

  • ESET Staff

Hi @santoso, there are several questions here so I will respond in points below:

  • ECOS scans emails when it receives API notification that something changed. For instance, the first time it may be scanned when the email is received, the second time may be scanned when the email is read, the third time it may be scanned when it is flagged or moved to a different folder... What may happen sometimes is that when the email is generally seen for the first time, it may be marked as clean but a few seconds later, once all our engines are done evaluation, it may meet criteria to be categorized as SPAM.
  • ECOS only scans incoming emails, drafts have scanning skipped, but they are still logged, so as you are writing the email, because ECOS is still getting notifications of email modification
  • As for why attachments are not scanned:
    • Password protected archives are not scanned because we cannot open them unless the password is written inside of the email
    • Zips that are received (not sent) that do not have password should be scanned though. But if you are uploading a file from your Google Drive and have the Google Drive protection on, those files would be scanned when they were uploaded anyways.

I hope this helps.

Link to comment
Share on other sites

16 hours ago, Marcos said:

I would recommend raising a support ticket and providing your customer ID. The message ID should be checked in the first place to make sure that the records are really related to the very same message. As for the log retention period, according to https://help.eset.com/ecos/en-US/logs.html it's 90 days.

thank you for information, we will continue this test and raise ticket when need.

 

14 hours ago, product_manager_8 said:

Hi @santoso, there are several questions here so I will respond in points below:

  • ECOS scans emails when it receives API notification that something changed. For instance, the first time it may be scanned when the email is received, the second time may be scanned when the email is read, the third time it may be scanned when it is flagged or moved to a different folder... What may happen sometimes is that when the email is generally seen for the first time, it may be marked as clean but a few seconds later, once all our engines are done evaluation, it may meet criteria to be categorized as SPAM.
  • ECOS only scans incoming emails, drafts have scanning skipped, but they are still logged, so as you are writing the email, because ECOS is still getting notifications of email modification
  • As for why attachments are not scanned:
    • Password protected archives are not scanned because we cannot open them unless the password is written inside of the email
    • Zips that are received (not sent) that do not have password should be scanned though. But if you are uploading a file from your Google Drive and have the Google Drive protection on, those files would be scanned when they were uploaded anyways.

I hope this helps.

thank you for explaination

for attachment, i mean why there is no information about attachment in logs
like attachment name, attachment size, ect

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Hi @santoso, I just wanted to clarify some of my earlier comments:

  • 90 day retention is for detected items and items in quarantine, Clean logs are only kept for 3 days. There is no setting to adjust it, but if you require longer retention for clean logs, ECOS offers remote syslog sending so you can store them remotely or save into csv directly from the console.
  • As for the attachment information, we provide that information about detected files. For instance, if we detect a file containing malware, you can navigate into detections and you would see the file name, type of detection and a hash in the detail. We do not do this for clean files, but it is something we may add over time.
    • image.png
  • One correction on my previous comments about mail drafts - we do, in fact, scan them with the anti-malware and anti-phishing engines, but not the anti-spam engine. That´s the reason you see multiple logs for the same email as well.
Link to comment
Share on other sites

19 hours ago, product_manager_8 said:

Hi @santoso, I just wanted to clarify some of my earlier comments:

  • 90 day retention is for detected items and items in quarantine, Clean logs are only kept for 3 days. There is no setting to adjust it, but if you require longer retention for clean logs, ECOS offers remote syslog sending so you can store them remotely or save into csv directly from the console.
  • As for the attachment information, we provide that information about detected files. For instance, if we detect a file containing malware, you can navigate into detections and you would see the file name, type of detection and a hash in the detail. We do not do this for clean files, but it is something we may add over time.
    • image.png
  • One correction on my previous comments about mail drafts - we do, in fact, scan them with the anti-malware and anti-phishing engines, but not the anti-spam engine. That´s the reason you see multiple logs for the same email as well.

Thank you,

It's clear now

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...