The Rules list window displays existing rules. Rules are classified into three levels and are evaluated in this order:
•Filtering rules (1) - rule evaluated before antispam and antivirus scan
•Attachment processing rules (2) - rule evaluated during antivirus scan
•Result processing rules (3) - rule evaluated after antivirus scan
Rules with the same level are evaluated in the same order as they are displayed in the Rules window. You can only change the rule order for rules of the same level.
The Hits column displays the number of times the rule was successfully applied. Deselecting a check box (to the left of each rule name) deactivates the corresponding rule until you select the check box again.
•Add - adds a new rule
•Edit - modifies an existing rule
•View - allows you to view a configuration assigned from ERA policy
•Remove - removes selected rule
•Up - moves the selected rule up in the list
•Down - moves the selected rule down in the list
•Reset - resets the counter for the selected rule (the Hits column)
Rules are checked against a message when it is processed by the Mail transport protection, Mailbox database protection or On-demand mailbox database scan. Each protection layer has a separate set of rules.
When Mailbox database protection or On-demand mailbox database scan rule conditions are matched, the rule counter may increase by 2 or more. This is because these protection layers access the body and attachments of a message separately, so rules are applied to each part individually. Mailbox database protection rules are also applied during background scanning (for example, when ESET Mail Security performs a mailbox scan following the download of a new virus signature database), which can increase the rule counter (Hits).