ESET Online Help

Search English
Select the topic

Key Features

The following table provides a list of features that are available in the ESET Mail Security.

True 64-bit product core

Adding higher performance and stability to the product core components.


An award-winning and innovative defense against malware. This leading-edge technology prevents from attacks and eliminates all types of threats, including viruses, ransomware, rootkits, worms and spyware with cloud-powered scanning for even better detection rates. With a small footprint, it is light on the system resources not compromising its performance. It uses layered security model. Each layer, or a phase, has a number of core technologies. Pre-execution phase has technologies such as UEFI Scanner, Network Attack Protection, Reputation & Cache, In-product Sandbox, DNA Detections. Execution phase technologies are Exploit Blocker, Ransomware Shield, Advanced Memory Scanner and Script Scanner (AMSI), and Post-execution phase uses Botnet Protection, Cloud Malware Protection System and Sandboxing. This feature-rich set of core technologies provides an unrivaled level of protection.


Antispam is an essential component for any mail server. ESET Mail Security uses state-of-the-art Antispam engine that prevents from spam and phishing attempts with very high catch rates. ESET Mail Security has won consecutively spam filtering test by Virus Bulletin, a leading security testing authority, and received the VBSpam+ certification for a number years. Antispam engine have achieved a result of 99.99% spam catch rate with zero false positives making it industry-leading technology in spam protection. ESET Mail Security Antispam incorporates multiple technologies (RBL and DNSBL, Fingerprinting, Reputation checking, Content analysis, Rules, manual whitelisting/blacklisting, Backscatter protection and message validation using SPF and DKIM) to maximize detection. ESET Mail Security Antispam is cloud based and most of the cloud databases are located in ESET data centers. Antispam cloud services allow for prompt data updates which provides quicker reaction time in case of an emergence of new spam.

Anti-Phishing protection

A feature which prevents users from accessing web pages known for phishing. Email messages may contain links which lead to phishing web pages and ESET Mail Security uses sophisticated parser that searches message body and subject of incoming email messages to identify such links (URL's). The links are compared against phishing database.


The rules enable administrators to filter unwanted emails and attachments based on the company's policy. Attachments such as executables, multimedia files, password-protected archives, etc. Different actions can be performed with filtered email messages and their attachments, such as quarantine, deleting, sending notifications or logging into events.

Export to syslog server (Arcsight)

Allows for the contents of Mail server protection log to be duplicated to syslog server in Common Event Format (CEF) for use with log management solutions such as Micro Focus ArcSight. Events can be fed via SmartConnector to ArcSight, or exported to files. This provides for a convenient way of centralized monitoring and management of security events. You can benefit from this feature especially if you have a complex infrastructure with a large number of Microsoft Exchange Servers with ESET Mail Security solution.

Microsoft 365 mailbox scan

For businesses who use hybrid Exchange environment, adds the capability to scan mailboxes in the cloud.

ESET LiveGuard Advanced

ESET Cloud-based service. When ESET Mail Security evaluates an email message as suspicious, it is temporarily put it into the ESET LiveGuard Advanced quarantine. A suspicious email message is automatically submitted to ESET LiveGuard Advanced server for analysis by advanced malware detection engines. ESET Mail Security then receives a result of the analysis and suspicious email message is dealt with depending on the result.

Mail quarantine manager with web interface

Administrator can inspect quarantined objects and decide to delete or release them. This feature offers easy to use management tool.

Quarantine web interface allows remote management of the content. It is possible to choose its administrators and/or delegate access. Additionally, users can view and manage their own spam after logging to the Mail Quarantine Web interface, having access to their messages only.

Mail quarantine reports

Quarantine reports are emails sent to selected users or administrators to provide information about all quarantined email messages. It also enables them to remotely manage quarantined content.

On-demand mailbox database scan

On-demand mailbox database scan gives administrators an option to scan selected mailboxes manually, or schedule the scan out of business hours. Mailbox database scanner uses the EWS (Exchange Web Services) API to connect to Microsoft Exchange Server via HTTP/HTTPS. Also, the scanner uses parallelism during scan process to improve the performance.

ESET Cluster

ESET Cluster allows for management of multiple servers from a single location. Similar to ESET File Security for Microsoft Windows Server, joining server nodes to a cluster makes management easier due to the ability to distribute one configuration across all cluster member nodes. ESET Cluster can also be used to synchronize greylisting databases and contents of the Local mail quarantine.

Processes exclusions

Excludes specific processes from Anti-Malware on-access scanning. Anti-Malware on-access scanning may cause conflicts in certain situations, for example during a backup process or live migrations of virtual machines. Processes exclusions help minimize the risk of such potential conflicts and improve the performance of excluded applications, which in turn has a positive effect on the overall performance and stability of the whole system. The exclusion of a process / application is an exclusion of its executable file (.exe).

eShell (ESET Shell)

eShell 2.0 is now available in ESET Mail Security. eShell is a command line interface that offers advanced users and administrators more comprehensive options to manage ESET server products.


Better integration with ESET PROTECT including the ability to schedule various tasks. For more information, see ESET PROTECT Online Help.

Component-based installation

Installation can be customized to contain only selected parts of the product.

Sender Spoofing protection

A new feature that protects from a common practice of faking sender information of an email called sender spoofing. The email recipient is unlikely to distinguish a valid sender from a faked one, as the email usually appears as if it was sent from a legitimate source. You can enable and configure Sender Spoofing protection in Advanced setup or create custom rules.

DKIM Signing

ESET Mail Security provides a DKIM signing feature to further enhance security for outgoing email messages. Select client certificate and specify which email headers are signed with DKIM signature. You can configure DKIM signing for each domain separately for multiple domains.