Antimalware and antispyware

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

You can configure antimalware and antispyware options for your mail server.

The transport agent provides mail transport protection. It is only available for Microsoft Exchange Server 2010 and later, but your Microsoft Exchange Server must have the Edge Transport Server or Hub Transport Server role. This also applies to a single server installation with multiple Exchange Server roles on one computer (as long as it has the Edge or Hub Transport role).

Actions to take if cleaning is not possible:

•No action—Retain infected messages that cannot be cleaned.

•Quarantine message—Put infected messages into the quarantine mailbox.

•Reject message—Reject an infected message.

•Drop message silently—Delete messages without sending NDR (Non-Delivery Report).

If you select No action and have the Cleaning level set to No cleaning in the ThreatSense parameters, then the protection status will change to yellow. It is a security risk and we do not recommend that you use this combination. Change one or the other setting to achieve the best protection.

You can configure detected threat actions on the transport layer for each ESET Mail Security module (Antivirus, Anti-phishing and Antispam) separately.

Save a copy of cleaned and deleted attachments in mail quarantine

A copy of the original file attachment will be stored in the mail quarantine.

Use custom text to replace deleted attachments

When enabled, you can specify custom text that replaces deleted attachments.

Format of the text used to replace deleted attachments

Replaces attachments with a text file that contains detailed information about an action taken. If you enable the setting above (Use custom text), you can modify the default text with your custom details using variables.

Use variables when customizing your text that will be a replacement for deleted attachments in an email message.

%PRODUCTNAME%
%FILENAME%
%VIRUSNAME%
%DETECTIONNAME%
%FILESIZE%
%SENDERADDRESS%
%FROMADDRESS%
%DATETIME%

Attachment %FILENAME%, with the size of %FILESIZE%, has been deleted by %PRODUCTNAME% due to the %DETECTIONNAME%

The custom text format will have the following visible output:

Attachment eicar_com.zip, with the size of 184 B, has been deleted by ESET Mail Security due to the Eicar test file.

Mail transport protection

If you disable Enable antimalware and antispyware, the ESET Mail Security plugin for the Exchange server will not unload from the Microsoft Exchange server process. It will only pass through the messages without scanning for viruses on the transport layer. Messages will still be scanned for viruses and spam on the database layer, and existing rules will be applied.

Mailbox database protection

If you disable Enable antimalware and antispyware, the ESET Mail Security plugin for the Exchange server will not be unloaded from the Microsoft Exchange server process. It will only pass through the messages without scanning for viruses on the database layer. Messages will be scanned for viruses and spam on the transport layer, and existing rules will be applied.

Mailbox database scan

The Mailbox database scan is available after you disable Mailbox database protection.

Detection levels

Reporting is performed by the detection engine and the machine learning component.

ThreatSense parameters

Modify scan parameters for Mail transport protection, Mailbox database protection and Mailbox database scan.

˄˅