This wizard lets you add conditions for a rule. Select condition Type and an Operation from the drop-down list. The list of operations changes depending on what rule type you've chosen. Then select a Parameter. Parameter fields will change depending on rule type and operation. Alternatively, you can specify Regular expression, select Operation matches regular expressions or does not match regular expression. ESET Mail Security uses std::regex. Refer to ECMAScript syntax for constructing regular expressions.
EXAMPLE
Choose File size > is greater than and under Parameter specify 10 MB. Using these settings, any file that is larger than 10 MB will be processed using rule actions you have specified. For this reason you should specify the action that is taken when a given rule is triggered if you have not done so when setting parameters for that rule.
|
IMPORTANT
You can define multiple conditions. If you do so, all of the conditions must be met for the rule to be applied. All conditions are connected using the logical operator AND. Even if most of the conditions are met and only a single one isn't, the condition evaluation result is considered not met and the rule's action cannot be taken.
|
The following condition types are available for Mail transport protection, Mailbox database protection and On-demand mailbox database scan (some of the options might not display depending on your previously selected conditions):
Conditions name
|
Mail transport protection
|
Mailbox database protection
|
On-demand mailbox database scan
|
Description
|
Subject
|
✓
|
✓
|
✓
|
Applies to messages which contain or do not contain a specific string (or a regular expression) in the subject.
|
Sender
|
✗
|
✓
|
✓
|
Applies to messages sent by a specific sender.
|
SMTP sender
|
✓
|
✗
|
✗
|
MAIL FROM envelope attribute used during SMTP connection. Also used for SPF verification.
|
Sender's IP address
|
✓
|
✗
|
✗
|
Applies to messages sent from a specific IP address.
|
Sender's domain
|
✗
|
✓
|
✓
|
Applies to messages from a sender with a specific domain in their email addresses.
|
SMTP sender's domain
|
✓
|
✗
|
✗
|
Applies to messages from a sender with a specific domain in their email addresses.
|
From header
|
✓
|
✗
|
✗
|
"From:" value contained in message headers. This is the address that is visible to the recipient, but no checks are done that the sending system is authorized to send on behalf of that address. It is often used for spoofing the sender.
|
Recipient
|
✓
|
✓
|
✓
|
Applies to messages sent to a specific recipient.
|
Recipient's organizational units
|
✓
|
✗
|
✗
|
Applies to messages sent to a recipient of a specific organizational unit.
|
Recipient validation result
|
✓
|
✗
|
✗
|
Applies to messages sent to a recipient validated in Active Directory.
|
Attachment name
|
✓
|
✓
|
✓
|
Applies to messages containing attachments with a specific name.
|
Attachment size
|
✓
|
✓
|
✓
|
Applies to messages with an attachment that does not meet a specified size, is within a specified size range, or exceeds a specified size.
|
Attachment type
|
✓
|
✓
|
✓
|
Applies to messages with a specific file type attached. File types are categorized in groups for easy selection, you can select multiple file types or whole categories.
|
Message size
|
✓
|
✗
|
✗
|
Applies to messages with attachments that do not meet a specified size, are within a specified size range or exceed a specified size.
|
Mailbox
|
✗
|
✓
|
✗
|
Applies to messages located in a specific mailbox.
|
Message headers
|
✓
|
✓
|
✗
|
Applies to messages with specific data present in the message header.
|
Antispam scan result
|
✓
|
✗
|
✗
|
Applies to messages flagged or not flagged as Ham or Spam.
|
Antivirus scan result
|
✓
|
✓
|
✓
|
Applies to messages flagged as malicious or not malicious.
|
Internal message
|
✓
|
✗
|
✗
|
Applies depending on whether a message is internal or not internal.
|
Received time
|
✓
|
✓
|
✓
|
Applies to messages received before or after a specific date, or during a specific date range.
|
Contains password protected archive
|
✓
|
✓
|
✗
|
Applies to messages with archive attachments that are protected by a password.
|
Contains damaged archive
|
✓
|
✓
|
✗
|
Applies to messages with archive attachments that are damaged (most likely impossible to open).
|
Attachment is password protected archive
|
✗
|
✗
|
✓
|
Applies to attachments that are protected by a password.
|
Attachment is damaged archive
|
✗
|
✗
|
✓
|
Applies to attachments that are damaged (most likely impossible to open).
|
Folder Name
|
✗
|
✗
|
✓
|
Applies to messages located in a specific folder, if the folder doesn't exist, it will be created. This does not apply to Public folders.
|
DKIM result
|
✓
|
✗
|
✗
|
Applies to messages that passed or failed verification by DKIM, alternatively if not available.
|
SPF result
|
✓
|
✗
|
✗
|
Applies to messages that passed or failed verification by SPF, alternatively if not available.
|
DMARC result
|
✓
|
✗
|
✗
|
Applies to messages that passed or failed verification by SPF, DKIM or both, alternatively if not available.
|
Condition type has associated the following Operations:
•String: is, is not, contains, doesn't contain, matches, doesn't match, is in, is not in •Number: is less than, is greater than, is between •Text: contains, doesn't contain, matches, doesn't match •Date-time: is less than, is greater than, is between •Enum: is, is not, is in, is not in
NOTE
If Attachment name or Attachment type is Microsoft Office (2007+) file it is treated by ESET Mail Security as an archive. This means that its content is extracted and each file contained in the Office file archive (for example .docx, .xlsx, .xltx, .pptx, .ppsx, .potx, etc.) is scanned separately.
|
|