Core modules

Antivirus protection is one of the basic functions of ESET Mail Security. Antivirus protection guards against malicious system attacks by controlling file, email and internet communication. If a threat with malicious code is detected, the Antivirus module can eliminate it by blocking, cleaning, deleting, or moving it to Quarantine.

Antispam protection incorporates multiple technologies (RBL, DNSBL, Fingerprinting, Reputation checking, Content analysis, Rules, Manual whitelisting/blacklisting, etc.) to maximize email threat detection.

ESET Mail Security Antispam is cloud-based, and most cloud databases are in ESET data centers. Antispam cloud services enable prompt data updates, which provides a quicker reaction time if new spam emerges. It also allows for the removal of incorrect or false data from ESET blacklists. Communication with Antispam cloud services is done over a proprietary protocol on port 53535. If ESET's protocol is not available, DNS services are used instead (port 53). However, using DNS is not as effective because it requires multiple requests to be sent during the spam classification process of a single email message.

Normally, no email messages or their parts are sent during the spam classification process. However, suppose ESET LiveGrid® is enabled, and you have explicitly allowed samples to be submitted for analysis. In that case, only messages marked as spam (or most likely spam) may be sent to help with thorough analysis and cloud database enhancement.

If you want to report spam false positive or negative classification, see our Knowledgebase article for details.

In addition, ESET Mail Security can also use the Greylisting method (disabled by default) of spam filtering.

ESET Mail Security includes anti-phishing protection, which prevents users from accessing web pages known for phishing. For email messages that may contain links that lead to phishing web pages, ESET Mail Security uses a sophisticated parser that searches the message body and the subject of incoming email messages to identify such links (URLs). The links are compared against the phishing database, and rules with the condition Message body are evaluated.

The availability of rules for Database protection, On-demand database scan and Mail transport protection on your system depends on which Microsoft Exchange Server version is installed on the server with ESET Mail Security.

Rules allow you to manually define email filtering conditions and actions. There are different sets of conditions and actions. You can create individual rules that may also be combined. If one rule uses multiple conditions, the conditions will be linked using the logical operator AND. Consequently, the rule will be executed when all its conditions are met. If multiple rules are created, the logical operator OR will be applied, meaning the program will run the first rule where the conditions are met.

The first technique used in the scanning sequence is greylisting, if enabled. Consequent procedures will execute the following order: protection based on user-defined rules, followed by an antivirus scan and, lastly, an antispam scan.