Rules

Allows you to manually define email filtering conditions and actions to take with filtered emails. There are three separate sets of rules, one for each:

Mail transport protection

Database protection

On-demand database scan


IMPORTANT

Incorrectly defined rules for On-demand database scan can cause irreversible changes to Mailbox databases. Always make sure you have the most recent backup of your Mailbox databases before running On-demand database scan with rules in place for the first time. Also, we highly recommend you to verify the rules are running according to expectations.
For verification, define rules with Log to events action only, because any other actions can make changes to your Mailbox databases. Once verified, you can add destructive rule actions such as Delete attachment.

Rules are classified into three levels and are evaluated in this order:

Filtering rules (1) - rule evaluated before antispam and antivirus scan

Attachment processing rules (2) - rule evaluated during antivirus scan

Result processing rules (3) - rule evaluated after antivirus scan

Rules with the same level are evaluated in the same order as they are displayed in the rules window. You can only change the rule order for rules of the same level. When you have multiple filtering rules, you can change the order they are applied in. You cannot change their order by putting Attachment processing rules before Filtering rules, the Up/Down buttons will not be available. In other words, you cannot mix rules of different Levels.

The Hits column displays the number of times the r.ule was successfully applied. Deselecting a check box (to the left of each rule name) deactivates the corresponding rule until you select the check box again.

rule_list

Click Reset the counter for the selected rule (the Hits column). Select View allows you to view a configuration assigned from  ESET Security Management Center policy.


IMPORTANT

Normally, if a rule's conditions are met, rules evaluation stops for further rules with lower priority. However, if required, you can use special Rule action called Evaluate other rules to let the evaluation to continue.

Rules are checked against a message when it is processed by the Mail transport protection, Database protection or On-demand database scan. Each protection layer has a separate set of rules.

 

Rule wizard

1.Click Add and a Rule condition window will appear where you can select condition type, operation and value. Define condition(s) first, then action(s).


IMPORTANT

You can define multiple conditions. If you do so, all of the conditions must be met for the rule to be applied. All conditions are connected using the logical operator AND. Even if most of the conditions are met and only a single one isn't, the condition evaluation result is considered not met and the rule's action cannot be taken.

1.Click Add (at the bottom) to add a Rule action.


NOTE

It is possible to add multiple actions for one rule.

rule_wizard

3.Once conditions and actions are defined, type a Name for the rule (something that you'll recognize the rule by), this name will be displayed in the Rules list. Name is a mandatory field, if it is highlighted in red, type a rule name into the text box and click OK to create the rule. Red highlight does not disappear even though you've entered rule name, it disappears only after you've clicked OK.

4.If you want to prepare rules but plan to use them later, you can click the slider bar next to Active to deactivate the rule. To activate the rule, select the check box next to the rule you want to activate.


NOTE

If a new rule is added or an existing rule has been modified, message rescan will automatically start using the new/modified rules.

See Rule examples that show how rules can be used.

If you disable Antivirus protection in Setup menu or Advanced setting (F5) > Server > Antivirus and Antispyware for Mail transport and Database protection layer, it will affect these rule conditions:

Attachment name

Attachment size

Attachment type

Antivirus scan result

Attachment is password protected

Attachment is damaged archive

Contains damaged archive

Contains password protected archive

Also, if you disable Antivirus protection in Setup menu or Advanced setting (F5) > Server > Antivirus and Antispyware for Mail transport layer, it will affect these rule actions:

Quarantine attachment

Delete attachment