Rules
Rules enable you to manually define email filtering conditions (exceptions to these conditions) and assign filtered email actions. You can also define different conditions and actions individually for Mail transport protection, Mailbox database protection and Mailbox database scan. This is helpful because each protection type uses a slightly different approach when processing messages, especially Mail transport protection.
|
Incorrectly defined rules for Mailbox database scan can cause irreversible changes to Mailbox databases. Always ensure you have the most recent Mailbox database backups before running Mailbox database scan with rules in place for the first time. We highly recommend you verify the rules run according to your expectations. For verification, define rules with the Log to events action only, because any other actions can make changes to your Mailbox databases. When you are satisfied with the verification, you can add destructive rule actions such as Delete attachment. |
Rules are classified into three levels and are evaluated in this order:
•Filtering rules (1)—evaluated before antispam, antivirus and anti-phishing scanning
•Attachment processing rules (2)—evaluated during an antivirus scan
•Result processing rules (3)—evaluated after antispam, antivirus and anti-phishing scanning
Rules with the same evaluation level are reviewed in the order displayed in the rules window. You can only change the order for same-level rules. When you have multiple filtering rules, you can change the order they are applied in. You cannot change their order by putting Attachment processing rules before Filtering rules, the Up/Down buttons are unavailable. You cannot mix rules of different Levels.
The Hits column displays the number of times the rule was successfully applied. Deselecting a check box (to the left of each rule name) deactivates the corresponding rule until you select the check box again.
Click Reset the counter for the selected rule (displayed in the Hits column). Select View to view a configuration assigned from ESET PROTECT policy.
|
Normally, if a rule's conditions are met, rules evaluation stops for further rules with lower priority. However, if required, you can use special Rule action called Evaluate other rules to let the evaluation continue. |
Rules are checked against a message when it is processed by the Mail transport protection, Mailbox database protection or Mailbox database scan. Each protection layer has a separate rule set.
When Mailbox database protection or Mailbox database scan rule conditions are matched, the rule counter may increase by two or more. This is because these protection layers access the body and attachments of a message separately, so rules are applied to each part individually. Mailbox database protection rules are also applied during background scanning (for example, when ESET Mail Security performs a mailbox scan following the download of a new detection engine), which can increase the rule counter (Hits).
Rule wizard
You can define conditions and actions using the Rule wizard. Define condition(s) first, then action(s). Some conditions and actions differ for Real-time protection or SharePoint database scan rules. This is because the protection types use a different approach when processing files.
1.Click Add condition, and a Rule condition window will appear where you can select a condition type, operation and value. Define condition(s) first, then action(s).
|
You can define multiple conditions. If you do so, all of the conditions must be met for the rule to be applied. All conditions are connected using the logical operator AND. Even if most of the conditions are met and one is not, the condition evaluation result is not met and the rule's action cannot be taken. |
2.Optional step: Click Add exception, and a Condition exception window will appear where you can select from the same parameters that are used for rule conditions (Type and an Operation), but will work inversely—when the conditions for an exception are matched, this provides for exclusion from existing rule conditions, and the actions will not be applied.
2.Click Add (at the bottom) to add a Rule action.
|
You can add multiple actions for one rule. |
3.When conditions and actions are defined, type a Name for the rule (something that you will recognize). The name will display in the Rules list. Name is a mandatory field, if it is highlighted in red, type a rule name into the text box and click OK to create the rule. Red highlighting does not disappear even though you have entered a rule name; it disappears after you click OK.
4.If you want to prepare rules and plan to use them later, you can click the toggle next to Active to deactivate the rule. To activate the rule, select the check box next to the rule you want to activate.
|
If a new rule is added or an existing rule is modified, message rescan will automatically start using the new or modified rules. |
See Rule examples to see how you can use rules.