To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Spam rule E-mail and Server Security 11

Options
Zaarin52
Zaarin52 W/ Alumni Posts: 2 Security Scout
in WithSecure Business Suite

Hello,

 

I tried to implement some custom rules and it doesn't seem to work maybe I'm doing something wrong.

 

Let's say:

 

I want to block the word or a word containing "gorzug" in the subject or in the body. So I put these 2 lines:

 

body GORZUG /gorzug/i
score GORZUG 5.0

 

I tried in fssc.cfg or in local.cf, restarted F-Secure Anti-Virus Server Daemon service and the result in always the same in the header of the mail:

 

X-Spam-Flag: NO
X-Spam-Status: NO, hits=0 required=5, database-version=[2015-09-07_01],
 tests=spam.BD_NON_SPAM=3,spam.[BDANTISPAM_EmlIsClean  Build: [Engines:
 2.15.6.774, Stamp: 3], Multi: [Enabled, t: (0.003878,0.003867)], BW:
 [Enabled, t: (0.000015,0.000001)], RTDA: [Enabled, t: (0.305789), Hit: No,
 Details: v2.2.14; Id: 30agsf8.19utqbfkk.606g], total: 0(675)=1

 

I searched since this early morning and I'm lost.

 

Thanks for your help,

 

Zaza.

Comments

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master
    Options

    Hello,

    > I tried in fssc.cfg or in local.cf

    I think both the web-based local GUI and the Policy Manager Console should have fields to configure the kind of filtering your request, so the use of command line editing is not advised?

    For example, in Policy Manager, Advanced View mode:

    F-Secure Anti-Virus for Microsoft Exchange / Settings / Transport Protection / Inbound Mail / Content Filtering / Disallowed Keywords in Message Subject and Disallowed Keywords in Message Text.

    There you will find which list the rules use and then you can edit those lists under:
    F-Secure Anti-Virus for Microsoft Exchange / Settings / General / Lists and Templates / Match Lists

    Furhermore, you can just submit e-mail samples to F-Secure Lab and then they can release spam detection database, so you don't need to manually tune your system:

    For undetected advertisement e-mails (spam): spam-samples@f-secure.com
    For false alarm complaints in spam detection: ham-samples@f-secure.com
    For dangerous "phishing" variants of spam: phishing-samples@f-secure.com

    Best Regards: Tamas Feher, Hungary.

  • Zaarin52
    Zaarin52 W/ Alumni Posts: 2 Security Scout
    Options

    Hi,

     

    Wonderful. Using your solution, I send two samples. Wait and see now.

     

    Thanks a lot,

     

    Zaza.

This discussion has been closed.

Categories