Adding New Rules; Actions - ESET MAIL SECURITY 4 - V4.2 FOR MICROSOFT EXCHANGE SERVER Installation Manual

4.1.1.1

Adding new rules

This wizard guides you through adding user-specified rules with combined conditions.
Note, that not all of the conditions are applicable when the message is scanned by transport agent.
By target mailbox applies to the name of a mailbox (VSAPI)
By message recipient applies to a message sent to a specified recipient (VSAPI + TA)
By message sender applies to a message sent by a specified sender (VSAPI + TA)
By message subject applies to a message with a specified subject line (VSAPI + TA)
By message body applies to a message with specific text in the message body (VSAPI)
By attachment name applies to a message with a specific attachment name (VSAPI)
By attachment size applies to a message with an attachment exceeding a defined size (VSAPI)
By frequency of occurrence applies to objects (email body or attachment) for which the number of occurrences
within the specified time interval exceeds the specified number (VSAPI + TA). This is particularly useful if you are
constantly spammed with emails with the same email body or the same attachment.
When specifying the abovementioned conditions (except the By attachment size condition) it is sufficient to fill in
only part of a phrase as long as the Match whole words option is not selected. Values are not case-sensitive, unless
the Match case option is selected. If you are using values other than alphanumerical characters, use parentheses and
quotes. You can also create conditions using the logical operators AND, OR and NOT.
NOTE: Microsoft Exchange Server 2000 (VSAPI 2.0) only evaluates displayed sender/recipient name and not the email
address. Email addresses are evaluated starting with Microsoft Exchange Server 2003 (VSAPI 2.5) and higher.
Examples of entering conditions:
By target mailbox:
By email sender:
By email recipient:
By email subject:
By attachment name:
By email body:
4.1.1.2

Actions

This section allows you to select actions to take with messages and/or attachments matching conditions defined in
rules. You can take no action, mark the message as if it contained a threat/spam or delete the whole message.When a
message or its attachment matches the rule conditions, it is not scanned by the antivirus or antispam modules by
default, unless scanning is enabled explicitly by selecting the respective check boxes at the bottom (the action taken
then depends on the antivirus/antispam settings).
20
smith
smith@mail.com
"J.Smith" or "smith@mail.com"
" "
".com" OR ".exe"
("free" OR "lottery") AND ("win" OR "buy")