Protection modules

Antivirus protection is one of the basic functions of ESET Mail Security. Antivirus protection guards against malicious system attacks by controlling file, email and internet communication. If a threat with malicious code is detected, the Antivirus module can eliminate it by blocking it and then cleaning it, deleting it, or moving it to Quarantine.

Antispam protection incorporates multiple technologies (RBL, DNSBL, Fingerprinting, Reputation checking, Content analysis, Rules, Manual whitelisting/blacklisting, etc.) to maximize detection of email threats.

ESET Mail Security Antispam is cloud-based, and most cloud databases are in ESET data centers. Antispam cloud services enable prompt data updates, which provides quicker reaction time In case of the emergence of new spam. It also enables incorrect or false data to be removed from ESET blacklists. Whenever possible, communication with Antispam cloud services is done over a proprietary protocol on port 53535. If it is impossible to communicate through ESET's protocol, DNS services are used instead (port 53). However, using DNS is not as effective because it requires multiple requests to be sent during the spam classification process of a single email message.

Normally, no email messages or their parts are sent during the spam classification process. However, suppose ESET LiveGrid® is enabled, and you have explicitly allowed samples to be submitted for analysis. In that case, only messages marked as spam (or most likely spam) may be sent to help with thorough analysis and cloud database enhancement.

If you want to report spam false positive or negative classification, see our Knowledgebase article for details.

In addition, ESET Mail Security can also use Greylisting method (disabled by default) of spam filtering.

ESET Mail Security includes anti-phishing protection, which prevents users from accessing web pages known for phishing. In the case of email messages that may contain links that lead to phishing web pages, ESET Mail Security uses a sophisticated parser that searches the message body and the subject of incoming email messages to identify such links (URLs). The links are compared against the phishing database, and rules with condition Message body are evaluated.

The availability of rules for Mailbox database protection, On-demand mailbox database scan and Mail transport protection on your system depends on which Microsoft Exchange Server version is installed on the server with ESET Mail Security.

Rules enable you to manually define email filtering conditions and actions to take with filtered emails. There are different sets of conditions and actions. You can create individual rules that may also be combined. If one rule uses multiple conditions, the conditions will be linked using the logical operator AND. Consequently, the rule will be executed only if all its conditions are met. If multiple rules are created, the logical operator OR will be applied, meaning the program will run the first rule for which the conditions are met.

The first technique used in the scanning sequence is greylisting if enabled. Consequent procedures will always execute the following techniques: protection based on user-defined rules, followed by an antivirus scan and, lastly, an antispam scan.