ESET Online Help

Search English
Select the topic

Rule action

You can add actions that will be taken with messages and/or attachments that match rule conditions.


note

It is possible to add multiple actions for one rule.

The list of available actions for Mail transport protection, Mailbox database protection and On-demand mailbox database scan (some of the options might not show up depending on your selected conditions):

Action name

Mail transport protection

Mailbox database protection

On-demand mailbox database scan

Description

Quarantine message

The message will not be delivered to the recipient and will be moved to the mail quarantine. Non-administrator users to release emails quarantine by this rule (using web interface or quarantine reports).

Quarantine attachment

Puts the email attachment into file quarantine. The email will be delivered to the recipient with the attachment truncated to zero length.

Delete attachment

Deletes a message attachment. The message will be delivered to the recipient without the attachment.

Reject message

Deletes a message. For incoming emails received via SMTP a NDR (Non-Delivery Report) should be generated by the sending server.

Drop message silently

Deletes a message without generating a NDR.

Set SCL value

Changes or sets a specific SCL value.

Send event notification to administrator

Sends event notifications to a recipient specified in Email notifications. You need to enable Send event notification by email feature. You can then customize the format of event messages (use the tooltip for suggestions) while creating the rule. Also, you can select verbosity for event messages, however this depends on the minimum verbosity setting in Email notifications section.

Skip Antispam scan

Message will not be scanned by the Antispam engine.

Skip Antivirus scan

Message will not be scanned by the Antivirus engine.

Skip Anti-Phishing scan

Message will not be parsed by the Anti-Phishing protection.

Skip ESET LiveGuard Advanced scan

Message will not be validated by the ESET LiveGuard Advanced protection.

Evaluate other rules

Allows the evaluation of other rules, enabling the user to define multiple sets of conditions and multiple actions to take given the conditions.

Log to events

Writes information about the applied rule to the program log and define the format of event messages (use the tooltip for suggestions).

If you configure the action type Log to events for Mailbox database protection with the parameter %IPAddress%, the Event column in the Log files will be empty for this specific event. This is because there is no IP address on the Mailbox database protection level. Some options are not available on all protection levels:

%IPAddress% - ignored by On-demand mailbox database scan and Mailbox database protection

%Mailbox% - ignored by Mail transport protection

The following options apply to Attachment processing rules only:

%Attname% - ignored by Filtering rules and Result processing rules

%Attsize% - ignored by Filtering rules and Result processing rules

Add header field

Adds a custom string to a message header.

Add subject prefix

Adds a prefix to a subject.

Replace attachment with action information

Replaces attachment with a text file that contains detailed information about an action taken.

Remove header fields

Removes fields from message header according to specified parameters.

Delete message

Deletes an infected message.

Move message to folder

The message will be moved to the specific folder.

Move message to trash

Puts an email message into the trash folder on the email client's side.

Apply DMARC policy

If a DMARC result condition is met, the email message is handled according to the policy specified in the DMARC DNS record for the sender's domain.

If you disable Antivirus protection in Setup menu or Advanced setting (F5) > Server > Antivirus and Antispyware for Mail transport protection, it will affect these rule actions:

Quarantine attachment

Delete attachment