From eScan Wiki
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
eScan Version 11(and above) Online Help
Anti-Spam
This section provides the decription and settings of eScan's Anti-Spam for scanning of spam / junk emails.
Contents |
Description
This module filters all your junk and spam e mails by using the NILP technology and sends content warnings to specified recipients. It also provides reports about Anti Spam activities and allows you to view quarantined mails and ham mails.
The tabbed page of the Anti Spam module provides you with the options for configuring the module and helps you view reports on the recent scans performed by ‘e Scan. The details regarding each of the sections in the right pane are as follows:
Configuration section
This section provides you with information about the status of the Anti-Spam module and the Anti-Phishing module. It also shows you the default action that Anti-Spam will perform when it detects a malicious object.
- This section displays the following information.
- Anti Spam Status - It shows whether the Anti Spam module is running or not.
- Anti Phishing Status - It shows whether the Anti Phishing module is running or not.
- Action - It shows the action that ‘e Scan will perform if a malicious object is detected.
In addition, you can configure the following settings.
- Start/Stop - This link enables or disables the Anti Spam module. You can easily switch the Anti Spam module from the Start state to the Stop state and vice versa by using this link.
- Settings - This link opens the Anti Spam Settings dialog box. You can configure Anti Spam for real-time monitoring by using this dialog box.
- Notification - This link opens the Notification dialog box. This dialog box helps you configure the notification settings for the Anti Spam module. By configuring this module, you can send e mails to specific recipients when a particular event occurs.
The Anti Spam Settings dialog box
This dialog box helps you configure the following Anti-Spam settings to prevent spam e mails from reaching your inbox.
I. Advanced
This tab provides you with options for configuring the general e mail options, spam filter, and tagging e-mails in Anti Spam.
- A. General Options This section helps you configure the general Anti-Spam settings.
- Send Original Mail to User - [Default] This check box is selected by default. ‘e Scan creates the Spam folder within the e mail client. When an e mail is tagged as SPAM, it is moved to this folder. You should select this check box if you need to send original e mail that is tagged as spam to the recipient.
- Do not check content of Replied or Forwarded Mails - You can select this check box if you need to ensure that ‘e Scan does not check the contents of e mails that you have either replied or forwarded to other recipients.
- Check Content of Outgoing mails - You can select this check box if you need Anti-Spam to check outgoing e mails for restricted content.
- Phrases - You can click the Phrases button to open the Phrases dialog box - This dialog box helps you configure additional e mail-related options.
- The Phrases dialog box
- This dialog box helps you specify certain words or phrases so that mails containing those words or phrases in the subject, header, or body are recognized as spam and are quarantined or deleted.
- The following color codes are followed for categorizing e mails.
- User specified whitelist of words/phrases - (Color Code: GREEN ) You should click this option to list the words or phrases that are present in the white. A phrase that is added to the whitelist cannot be edited, enabled, or disabled.
- User specified List of Blocked words/phrases - (Color Code: RED ) You should click this option to list the words or phrases that are defined in block list.
- User specified words/phrases disabled -(Color Code: GRAY ) You should click this option to list the words or phrases that are defined excluded during scans. The options in the Phrases to Check dialog box are disabled by default.
- Options on Right Click:
- When you right click the table, the following options are displayed in the context menu.
- Add Phrase - This option helps you add a phrase to the list of phrases. After a phrase is added, it cannot be deleted.
- Edit Phrase - This option helps you edit a phrase in the list of phrases to be checked. It is available only for phrases that have been added to the black list.
- Enable Phrase - This option helps you enabled a previously disabled phrase.
- Disable Phrase - This option helps you disable a phrase.
- White List - This option helps you add a phrase to the whitelist.
- Black List - This option helps you add a phrase to the black list.
- B. Spam Filter Configuration Section This section provides you with options for configuring the spam filter. All options in this section are selected by default.
- Check for Mail Phishing. [Default] You should select this check box if you need Anti-Spam to check for fraudulent emails and quarantine them.
- Treat Mails with Chinese /Korean character set as SPAM. [Default] When this check box is selected, ‘e Scan scans e mails with Chinese or Korean characters. This check is based on the research data conducted by MicroWorld’s on various spam e mail samples collected from around the globe. From these samples, it was observed that spammers often use Chinese or Korean characters in their e mails.
- Treat Subject with more than 5 whitespaces as SPAM. [Default] In its research, MicroWorld found that spam e-mails usually contain more than five consecutive white spaces. When this check box is selected, Anti Spam checks the spacing between characters or words in the subject line of e mails and treats e mails with more than five whitespaces in their subject lines as spam e mails.
- Check content of HTML mails. [Default] You should select this check box when you need Anti-Spam to scan emails in HTML format along with textual content.
- Quarantine Advertisement mails. [Default] You should select this check box when you need Anti-Spam to check for advertisement types of e-mails and quarantine them.
- Advanced. You can click the Advanced button to open the Advanced Spam Filtering Options dialog box.
- Button
- Advanced (Advanced Spam Filtering options) – This dialog box helps you configure the following advanced options for controlling spam.
- Enable Non Intrusive Learning Pattern (NILP) check. NILP is MicroWorld’s revolutionary technology that uses Bayesian Filtering and works on the principles of Artificial Intelligence (AI) to analyze each e mail and prevents spam e mails and phishing e mails from reaching your inbox. It has self-learning capabilities and it updates itself by using regular research feeds from MicroWorld servers. It uses an adaptive mechanism to analyze each e mail and categorize it as spam or ham based on the behavioral pattern of the user. You should select this check box if you need to enable NILP check.
- Enable eMail Header check. [Default] You should select this check box if you need to check the validity of certain generic fields like From id, To id, CC id in an e mail and marks it as spam if any of the headers are invalid.
- Enable X Spam Rules check. [Default] X Spam Rules are rules that describe certain characteristics of an e mail. It checks whether the words in the content of e mails are present in ‘e Scan’s database. This database contains a list of words and phrases, each of which is assigned a score or threshold. The X Spam Rules Check technology matches X Spam Rules with the mail header, body, and attachments of each e mail to generate a score. If the score crosses a threshold value, the mail is considered as spam. Anti Spam refers to this database to identify e mails and takes actions on them.
- Enable Sender Policy Framework (SPF) check. SPF is a world standard framework that is adopted by ‘e Scan to prevent hackers from forging sender addresses. It acts a powerful mechanism for controlling phishing mails. You should select this check box if you need Anti-Spam to check the SPF record of the sender’s domain. Note that your computer should be connected to the Internet for this option to work.
- Enable Spam URI Realtime Blacklist (SURBL) check. You should select this option if you need Anti-Spam to check the URLs in the message body of an email. If the URL is listed in the SURBL site, the email will be blocked from being downloaded. Note that Your computer should be connected to the Internet for this option to work.
- Enable Realtime Blackhole List (RBL) check. You should select this option if you need Anti-Spam to check the sender’s IP address in the RBL sites. If the sender IP address is blacklisted in the RBL site, the email will be blocked from being downloaded. Your computer should be connected to the Internet for this option to work.
- RBL Servers - RBL is a DNS server that lists IP addresses of known spam senders. If the IP of the sender is found in any of the blacklisted categories, the connection is terminated. The RBL Servers list contains addresses of servers and sites that maintain information regarding spammers. You can add or change addresses to this list as per your requirements.
- Add - You can click this button to add an address of an RBL server to the list.
- Delete - You can click this button to delete the address of an RBL server from the list.
- Remove All - You can click this button to delete the all an e mail addresses or domains from the list.
- Auto Spam Whitelist - Unlike normal RBLs, SURBL scans e mails for names or URLs of spam Web sites in the message body. It terminates the connection if the IP of the sender is found in any of the blacklisted categories. This contains a list of valid email addresses that can bypass the above Spam filtering options. It thus allows emails from the whitelist to be downloaded to the recipient’s inbox.
- Add - You can click this button to add an address of an SURBL server to the list.
- Delete - You can click this button to delete the address of an RBL server from the list.
- Remove All - You can click this button to delete the all an e mail addresses or domains from the list.
- C. Mail Tagging Options – Anti Spam also includes some mail tagging options, which are described as follows:
- Do not change email at all. You should select this option when you need to prevent Anti Spam from adding the [Spam] tag to e mails that have been identified as spam.
- Both subject and body is changed. [Spam] tag is added in Subject. Actual spam content is embedded in Body. This option helps you identify spam e mails. When you select this option, Anti Spam adds a [Spam] tag in the subject line and the body of the e mail that has been identified as spam.
- X MailScan Spam: 1" header line is added. Actual spam content is embedded in Body. This option helps you add a [Spam] tag in the body of the e mail that has been identified as spam. In addition, it adds a line in the header line of the e mail.
- Only [Spam] tag is added in Subject. Body is left unchanged. This option helps you add the [Spam] tag only in the subject of the e mail, which has been identified as spam.
- "X MailScan Spam: 1" header line is added. Body and subject both remain unchanged. [Default] This option helps you add a header line to the e mail. However, it does not add any tag is to the subject line or body of the e mail.
II. Disclaimer The disclaimer is a footer or signature that is appended to all e-mails. The disclaimer can be added in the space provided.
The Disclaimer tab helps you configure the following settings.
- (a) Add Disclaimer to Outgoing e mails - You should select this check box when you need to adds a disclaimer to all outgoing e mails. This helps you make the recipient aware that the e mail is scanned and free of viruses.
- (b) Add Disclaimer to Incoming e mails - You should select this check box when you need to add a disclaimer to all incoming e mails. Thus, you make the recipient aware that the e-mail is scanned and free of viruses. You can add a custom disclaimer by either typing the text of the disclaimer in the Disclaimer box or by selecting the file containing the disclaimer text by clicking Browse.
- (c) Outgoing mails excluded from adding Disclaimer - This section is enabled when the Add Disclaimer to Outgoing e mails check box is selected. By selecting this check box, you can restrict Anti Spam from appending the disclaimer to specific e mail addresses or domains by adding them to a list.
- Add - You can click this button to add an e mail address or domain name to the list.
- Delete - You can click this button to delete the e mail address or domain from the list.
- Remove All - You can click this button to delete the all e mail addresses or domains from the list.
- Notification Setting button –
- The Notification Settings dialog box
- This dialog box helps you configure the notification settings for the Anti Spam module. By configuring this module, you can send e mails to specific recipients when a particular event occurs.
- The warning notification settings that you can configure on this screen are as follows:
- Virus Alerts – You should select this check box if you need Anti-Spam to display an alert box notifying you of a virus infection.
- Warning Mails – You should select this check box if you need Anti-Spam to send warning e mails to a given recipient. The default sender is escanuser@escanav.com and the default recipient is postmaster. In addition, you can configure Anti Spam to send warning e mails and alerts to senders or recipients. When you click on any one of these options, the corresponding e mail message is displayed in the preview box.
- Attachment Removed Warning To Sender - [Default] You should select this check box if you need Anti Spam to send a warning message to the sender of an infected attachment. Anti Spam sends this e-mail when it encounters a virus-infected attachment in an e-mail. The content of the e-mail that is sent is displayed in the preview box.
- Attachment Removed Warning To Recipient - [Default] You should select this check box if you need Anti Spam to send a warning message to the recipient when it removes an infected attachment. The content of the e-mail that is sent is displayed in the preview box.
- Virus Warning To Sender - [Default] You should select this check box if you need Anti Spam to send a virus-warning message to the sender. The content of the e-mail that is sent is displayed in the preview box.
- Virus Warning To Recipient - [Default] You should select this check box if you need Anti Spam to send a virus-warning message to the recipient. The content of the e-mail that is sent is displayed in the preview box.
- Content Warning To Sender - You should select this check box if you need Anti Spam to send a content warning message to the sender. The content of the e-mail that is sent is displayed in the preview box.
- Content Warning To Recipient - [Default] You should select this check box if you need Anti Spam to send a content warning message to the recipient. The content of the e-mail that is sent is displayed in the preview box.
- Delete Mails From User - You can set ‘e Scan to automatically delete e mails that have been sent by specific users. For this, you need to add the e mail addresses of such users to the Delete Mails From User list.
- Add - You can click this button to add an e mail address to the list.
- Delete - You can click this button to delete an e mail address from the list.
- Remove All - You can click this button to delete the all an e mail addresses or domains from the list.
Reports section
This section displays the following information.
- Total Quarantined Mails – It shows the total number of files scanned by the real-time Anti Spam monitor.
- Total Clear Mails – It shows the total number of viruses or malicious software detected by the Anti Spam monitor on a real-time basis.
- In addition, you can view the following reports.
- a. View Quarantined Mails – This link opens the View Quarantined Mails window, which displays quarantined e mails.
- The View Quarantined Mails window
- This window shows the list of e-mails that have been archived by Mail Anti-Virus. With the help of this window, you can configure the following settings.
- Buttons
- Folder Path. You can specify the path of the folder where you need to store the archived e-mails.
- File Types. You can specify the e-mails in specific formats to be archived by specifying the formats in this box.
- Show Attachments - You can use this option to specify whether the e-mails with attachments should be displayed in the table.
- Open eMail(s) with MailClient - You can select this option to specify whether the Mail Anti-Virus should open the e-mails with the MailClient when you double-click the corresponding rows in the table.
- Refresh - You can refresh the rows in the table by clicking this button.
- Stop - You can stop Mail Anti-Virus from displaying messages by clicking this button.
- View - You can view a specific message by clicking it and then clicking this button.
- Find - You can find a specific e-mail message based on search criteria such as the sender’s e-mail address, the recipient’s e-mail address, subject, contents of the message, date before which it was received and the data after which it was received.
- Delete - You can delete a message by first selecting it in the table and then clicking this button.
- Message Source - You can view the contents of the e-mail message by clicking this button.
The context menu that is displayed when you right click the e mail shows the following options.
- Restore - You can click this button to restore the selected quarantined file or backup file.
- Delete - You can click this button to delete the selected quarantined file or backup file.
- Message Source - You can view the contents of the e-mail message by clicking this button.
- Add Sender’s eMail - Id to White List - You can add the sender’s e-mail id to the white list by clicking this option. When you click this button, the Add Sender’s eMail-Id to White List dialog box is displayed.
- Add Content to Hide E-Mail List - You can add the reserve content of the selected e-mail to the Hide E-Mail List.
- b. View Ham Mails – This link opens the View Ham Mails window, which displays the report of all the ham e mails identified by ‘e Scan.
- The View Ham mails window
This window shows the list of e-mails that have been archived by Mail Anti-Virus. With the help of this window, you can configure the following settings.
- Buttons
- Folder Path - You can specify the path of the folder where you need to store the archived ham e-mails.
- File Types - You can specify the e-mails in specific formats to be archived by specifying the formats in this box.
- Show Attachments - You can use this option to specify whether the e-mails with attachments should be displayed in the table.
- Open eMail(s) with MailClient - You can select this option to specify whether the Mail Anti-Virus should open the e-mails with the MailClient when you double-click the corresponding rows in the table.
- Refresh - You can refresh the rows in the table by clicking this button.
- Stop - You can stop Mail Anti-Virus from displaying messages by clicking this button.
- View - You can view a specific message by clicking it and then clicking this button.
- Find - You can find a specific e-mail message based on search criteria such as the sender’s e-mail address, the recipient’s e-mail address, subject, contents of the message, date before which it was received and the data after which it was received.
- Delete - You can delete a message by first selecting it in the table and then clicking this button.
- Message Source - You can view the contents of the e-mail message by clicking this button.
- You can restore or delete the ham e-mails by right clicking the e mail and then click the appropriate option.
- Restore - You can click this button to restore the selected quarantined file or backup file.
- Delete - You can click this button to delete the selected quarantined file or backup file.
- Delete All - You can click this button to delete all quarantined files or backup files.
- c. View Report – This link displays the Report for the Anti Spam window.
- The Report for Anti-Spam window
This window displays the report for the Anti-Spam module for a given range of dates in a tabular format when you click the Generate Report button.
- Generate Report - You should select a range of dates and then click this button to generate a report for the Anti Spam module for that range of dates.