From eScan Wiki
(Difference between revisions)
Revision as of 11:44, 30 August 2008 WikiSysop (Talk | contribs) ← Previous diff |
Current revision WikiSysop (Talk | contribs) |
||
Line 1: | Line 1: | ||
- | '''Anti-Spam & Anti-Phishing -''' | + | {| class="wikitable" border="0" |
+ | |- | ||
+ | {| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;" | ||
+ | | style="width:10%; color:#000;" | | ||
+ | {| style="width:100px; border:none; background:none;" | ||
+ | | [[Image:escan-g.jpg]] | ||
+ | |} | ||
+ | |style="text-align:left;"|'''·''' [[Escan/english/FAQ-eScan|<font size=1.5 color="blue" align="left">eScan</font>]] '''·''' [[Escan/english/MailScan-AFT|<font size=1.5 color="blue">MailScan</font>]] '''·''' [[Escan/english/Technologies|<font size=1.5 color="blue">Technologies</font>]] | ||
+ | |style="text-align:right;"| '''·''' [[Technical Info|<font size=1.5 color="blue">Technical Info</font>]] '''·''' [[Escan/english/Security_Awareness|<font size=1.5 color="blue">Security Awareness</font>]] '''·''' [[User_Guides|<font size=1.5 color="blue">User Guides</font>]] | ||
+ | |} | ||
- | Shows the current status of the Anti-Spam & Anti- Phishing Protection level. The green color right tick mark denotes that the module is “Active” while the red color cross mark displays that the module is “InActive”. | + | {| class="wikitable" border="0" |
+ | |} | ||
+ | <h2 id="mp-tfp-h2" style="margin:0; background:#C7E587; font-size:120%; font-weight:bold; border:10 solid #afa3bf; text-align:left; color:#000; padding:0.2em 0.4em">eScan Version 10 Online Help</h2> | ||
+ | {| class="wikitable" border="0" | ||
- | On the Anti-Spam & Anti-Phishing option page in the “Configuration” section, when clicked on the “Settings” option, one can change the Anti-Spam & Anti-Phishing Protection level, whereas clicking on the “Start” and /or “Stop” option (next to Settings) makes the module “Active” and /or “InActive”. | + | |} |
+ | <U>'''Anti-Spam'''</U> | ||
- | '''Configuration section -''' | + | This section provides the decription and settings of eScan's Anti-Spam for scanning of spam / junk emails. |
- | When clicked on “Settings” the below options are available, through which the eScan software’s real-time Anti-Spam & Anti-Phishing protection can be customized - | ||
- | It has different options like "Advanced" and "Disclaimer". | + | __TOC__ |
+ | |||
+ | =='''Description'''== | ||
- | a. Advanced:- | + | Anti-Spam based on the NILP (Non Intrusive Learning Pattern) technology, intelligently filters all your junk and spam emails. |
- | This option page has different options like when to check emails, spam filter configuration (anti-spam) and mail tagging options. | ||
- | 1) When to check emails - | + | =='''Status in main Protection Center Window'''== |
- | This option is very important and relevant and can help the user /administrator customize as to how the email content filter should work. | + | The <B><font color="Green"> '''green''' </font></B> colored Tick <U><B><font color="Green">(√)</font></B></U> mark indicates the Anti-Spam is active and running. |
- | The options available within - | + | The <B><font color="Red"> '''red''' </font></B> colored Cross <U><B><font color="Red">(X)</font></B></U> mark indicates the Anti-Spam is inactive and stopped. |
- | a) Send Original mail to user – | ||
- | This option helps to send the email (though tagged as spam) to the original receipient of the email. | + | =='''Configuration section'''== |
- | b) Do not check content of Replied or Forwarded emails - this option is not enabled by default, once enabled it will not check contents in all emails that are either replied or forwarded. | + | <U>''Status''</U> |
- | This eventually helps is releasing system resources on an email that is already scanned and come into the mailbox/ inbox. | + | :*Anti-Spam Status – This will display the status of the Anti-Spam in Running or Disabled mode. |
- | c) Check content of Outgoing emails - this option is not enabled by default, once enabled it will start checking all outgoing emails for restricted contents. | + | :*Anti-Phishing Status – This will display the status of Anti-Phishing module is in Enabled or Disabled mode. (For more detail please check in the section '''B. Spam Filter Configuration Section''' below). |
+ | :*Action – This will display the Action that will be taken on the email considered as Spam i.e. Quarantine/Delete. | ||
- | '''Spam Filter Configuration (Anti-Spam) -''' | + | :''Stop / Start buttons'' – Clicking stop / start button will disable or enable the Anti Spam. |
- | This option helps to block /prevent spam emails from entering into the mailbox /inbox of the user. | + | :''Settings button'' – To configure the Anti-Spam for email scanning click on the Settings button. |
- | The options available within:- | ||
- | a) Check content of HTML mails - | + | '''I. Advanced''' |
- | This option is enabled by default, it helps to scan emails in HTML format alongwith Text. | ||
- | b) Treat mails with Chinese/Korean character set as Spam - | + | :'''A. General Options section''' |
- | This option is enabled by default, it is observed from the reports received from our world wide sample collection centres that emails with Chinese/Korean characters are used by spammers to send as spam and hence when received such emails are first analyzed based on a number of conditions afterwhich then tagged as Spam. | + | ::# Send Original Mail to User (default) - This option when enabled will send the email (though tagged as spam) to the original recipient of the email also. <U><B>'''Note:'''</B></U> If the email has been tagged as '''SPAM''', the email will be in the SPAM folder of the email client (i.e. Outlook Express). SPAM folder in the mail client is created by eScan. |
+ | ::# Do not check content of Replied or Forwarded Mails – This option when enabled will not check contents of email that are either replied or forwarded. | ||
+ | ::# Check Content of Outgoing Mails – This option when enabled will also check outgoing emails for restricted contents. | ||
- | c) Treat Subject with more than 5 Whitespaces as Spam - | ||
- | This option is enabled by default, it is observed from the reports received from our world wide sample collection centres that spammers are applying a technique of "spacing" (leaving spaces) in the subject of the email to get their malicious emails inside the user's mailbox/inbox by fooling the spam filters. | + | ::<U>'''Buttons'''</U> |
- | d) Treat HTML mails with "SRC=" string as Spam - | + | :::'''a) Phrases – '''Clicking on this button, will enable the users to define a list of phrases to be checked in the body of an email and take the necessary actions i.e. either Quarantine / Delete the email. |
- | It is also observed from the reports received from our world wide sample collection centres that spammers are skillfully inserting SRC (source) within an email. SRC= Source is basically inserting of a source, for example - a weblink/s (url), image/s within a email that can run/ execute itself automatically in the background and download data from a remote server/ site even without being viewed or executed. | ||
- | e) Quarantine Advertisement mails - | + | :::* '''User specified whitelist of words/phrases '''- This will list the words/phrases defined and whitelisted by the users (Color Code - <font color="Green"><B>GREEN</B></font>). |
- | This option is enabled by default. Advertisement emails are big in size, use a lot of the internet bandwidth and are known [from reports] to be carrying malicious and/or unwanted content/data within, hence, when such emails are encountered\, they are Quarantined. | + | :::* '''User specified List of Blocked words/phrases''' - This will list the words/phrases defined and block listed by the users(Color Code - <font color="Red"><B>RED</B></font>). |
+ | :::* '''User specified words/phrases disabled''' - This will list the words/phrases defined but disabled (excluded for scanning) by the users (Color Code - <font color="Gray"><B>GRAY</B></font>). | ||
- | '''The Advanced option within -''' | + | :::<U>'''Options on Right Click:'''</U> |
- | a) Enable Non Intrusive Learning Pattern (NILP) check - | + | ::::* '''Add Phrase:''' To add a word/phrase, right click and select Add Phrase. Add the word/phrase in the section and select the Action (Quarantine the Mail/Delete the Mail) to be taken on the email if the word/phrase is found in the content of the email. |
- | This option is enabled by default. Non Intrusive Learning Pattern (NILP) is an advanced Bayesian Filtering method with the intelligence to analyze each mail according to the Behavioral Patterns of the user and comes with a self learning capability. It is one of the component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox. | + | ::::* '''Edit Phrase – '''select this option to edit/modify the word/phrase or the action to be taken. |
- | b) Enable eMail Header check - | + | ::::* '''Enable Phrase – '''shall enable the listed word/phrase for Content check in the email and the defined action will be taken. |
- | This option is enabled by default. The generic fields of an email like the email From, To, CC are checked for it's validity before accepting the email. This is another component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox. | + | ::::* '''Disable Phrase – '''shall disable the listed word/phrase for Content check in the email and no action will be taken. |
- | c) Enable X-Spam Rules check - | + | ::::* '''White List – '''shall add the listed word/phrase in the White list for Content check. White listed word/phrase will not be checked for Email Content Scanning. |
- | This option is enabled by default. A database of words /phrases used by spammers is in-built within the software and each word / phrase is assigned a particular score or threshold level. If any of these words /phrases appear in an email, using this database, different validations along with a score or threshold level check is also done [match] and here if the score or threshold value is found to be True [matching], the mail is tagged as spam or otherwise. This is one more component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox. | + | ::::* '''Block List – '''shall add the listed word/phrase in the Block List for content check. Block listed word/phrase will be checked for Email Content Scanning. |
- | d) Enable Sender Policy Framework {SPF) check - | + | ::::* '''Find – '''this will help to search and locate a word / phrase. |
- | This option is not enabled by default. When enabled, it will check the SPF record of a particular domain from where the email is being downloaded from. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox. | ||
- | e) Enable Spam URI Real Time Blacklist (SURBL) check - | + | :'''B. Spam Filter Configuration Section ''' |
- | This option is not enabled by default. When enabled, it checks for spammers IP addresses using SURBL technology (Spam URI Realtime Black List), which help identify spam URLs in the message body. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox. | + | ::# Check for Mail Phishing – This option when enabled will check for fraudulent emails and will be quarantined. |
+ | ::# Treat Mails with Chinese / Korean character set as SPAM - This option when enabled will scan emails with Chinese / Korean characters. This check is based on our research done on various spam email samples collected world wide, wherein it is observed that spammers do use Chinese / Korean characters in their emails. | ||
+ | ::# Treat Subject with more than 5 whitespaces as SPAM – This option when enabled will check if "spacing" between characters / words in the subject of emails. This is also as per our research and studies on various types of spam emails. | ||
+ | ::# Check content of HTML mails – This option when enabled will scan emails in HTML format along with Text. | ||
+ | ::# Quaranting Advertisement mails – This option when enabled, will check for advertisement types of emails and will be quarantined. | ||
- | f) Enable Real Time BlackHole list (RBL) check - | ||
- | This option is not enabled by default.When enabled, it check for the spammers IP addresses in RBL's (databases of known spammer IP Addresses), which help identify and block an email from being downloaded from a spammer IP. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox. | + | :::<U>'''Button'''</U> |
- | g) RBL servers - | + | :::'''Advanced (Advanced Spam Filtering options) – '''For advance setting in Spam Filter Configuration click on the Advanced button. |
- | These are the different servers which hold databases of spammers IP Addreses and can be changed as per one's requirement/s (add/delete). | + | ::::# Enable Non Intrusive Learning Pattern (NILP) check – Non Intrusive Learning Pattern (NILP) is an advanced Bayesian Filtering method with the intelligence to analyze each mail according to the Behavioral Patterns of the user and comes with a self learning capability. It is one of the component of the Anti-Spam Module that helps prevent spam emails from reaching the user’s mailbox/inbox. |
+ | ::::# Enable eMail Header check – This option when enabled, will check the validity of certain generic fields like From id, To id, CC id. | ||
+ | ::::# Enable X-Spam Rules check – This option when enabled, will check the contents in the body of the email as per defined in the database of eScan. The database contains a list of words / phrases each assigned a score / threshold. This database will referred and accordingly action on the email will be taken. | ||
+ | ::::# Enable Sender Policy Framework (SPF) check – This option when enabled will check the SPF record of the sender domain. (This option, when enabled, requires direct internet connection). | ||
+ | ::::# Enable Spam URI Realtime Blacklist (SURBL) check – This option when enabled, will check the URL’s in the message body of an email. If the URL is listed in the SURBL site, the email will be blocked from being downloaded..(''This option, when enabled it is recommended to have a direct internet connection)''. | ||
+ | ::::# Enable Realtime Blackhole List (RBL) check – This option when enabled, will check the senders IP address in the RBL sites. If the sender ip address is blacklisted in the RBL site, the email will be blocked from being downloaded''.(This option when enabled it is recommended to have a direct internet connection)''. | ||
+ | ::::# RBL Servers - This contains a list of servers / sites which maintains a list of Spammers details and can be changed as per one’s requirement (add / delete). | ||
+ | ::::# Auto Spam Whitelist – This contains a list of valid email addresses which can bypass the above Spam filtering options. Thus allowing emails from the whitelisted are allowed to download to the recipient’s inbox. | ||
- | h) Auto Spam Whitelist - | ||
- | This is a whitelist generated of email addresses (valid email addresses) from the mail clients. This is a list of addresses to whom emails have been sent to earlier. | + | :'''C. Mail Tagging Options –''' |
+ | ::# Do not change email at all – This option when enabled will not add Spam Tag to the email, identified as Spam | ||
+ | ::# Both subject and body is changed. [Spam] tag is added in Subject. Actual spam content is embedded in Body – This option when enabled will add a Spam Tag in the Subject and the Body of email identified as Spam. This helps to identify the Spam emails. | ||
+ | ::# "X-Mailscan Spam: 1" header line is added. Actual spam content is embedded in Body – This option when enabled will add a Spam Tag in the Body of the email identified as Spam and a header line is added to the email | ||
+ | ::# Only [Spam] tag is added in Subject. Body is left unchanged – This option when enabled will add the Spam Tag only in the Subject of the email identified as Spam. | ||
+ | ::# "X-Mailscan-Spam: 1" header line is added. Body and subject both remain unchanged - This option when enabled will add a header line to the email but no tag is added to the Subject or body of the email. | ||
+ | '''II. Disclaimer''' | ||
+ | :The disclaimer is a footer or signature that gets added /appended to all emails. The disclaimer can be added in the space provided. | ||
+ | ::(a) Add Disclaimer to Outgoing emails - This option when enabled adds the disclaimer to all outgoing emails and as a result the recipient is made aware that the email received is scanned and virus free. | ||
+ | ::(b) Add Disclaimer to Incoming emails - This option when enabled adds the disclaimer to all incoming emails and as a result the recipient is made aware that the email received is scanned and virus free. | ||
- | '''Mail Tagging Options –''' | + | ::(c) Outgoing mails excluded from adding disclaimer – This option is activated /enabled when the option (a) is enabled. Using this option, the disclaimer is restricted from being added /appended to certain or specific email addresses or domains. |
- | This option is very important as it helps in identifying emails as Spam (bad) or Ham (good). | ||
- | a) Only (Spam) tag is added in Subject, the Body is left unchanged - this is the default action set within the software so that all spam emails are identified. | ||
- | There are many other options that can be set as per the user's requirements like, | ||
- | b) Do not change at all - this option will not tag the email at all. | + | :''Notification Setting button'' – To configure the eScan Warning Notification Settings on actions taken on the emails click on the Notification button. |
- | c) Both subject and body is changed, [Spam] tag is added in subject, Actual Spam content is embedded in the body - this option helps identify the email as spam based on the subject and body. | ||
- | d) X-MailScan-Spam: 1" header line is added, Actual Spam content is embedded in the body - this option helps identify the email as spam based on the header. | + | ::* '''Virus Alerts section – '''Selecting the Alert Dialog-box will pop-up an alert window displaying the action taken on a particular email. |
- | e) X-MailScan-Spam: 1" header line is added - Body and Subject both remain unchanged - this option helps identify the email as spam based on the header. | ||
+ | ::* '''Warning Mails section – '''This contains a predefined Notifications which will be sent either to the recipient. | ||
+ | :::# Attachment Removed Warning to Sender – When selected a notification email will be sent to the sender of the email informing about the Attachment removed by eScan attached in the email. | ||
+ | :::# Attachment Removed Warning to Recepient – When selected a notification email will be sent to the recepient of the email informing about the Attachment removed by eScan attached in the email. | ||
+ | :::# Virus Warning to Sender – When selected a notification email will be sent to the sender of the email informing about the virus in the email and the action taken by eScan. | ||
+ | :::# Virus Warning to Recepient – When selected a notification email will be sent to the recepient of the email informing about the virus in the email and the action taken by eScan. | ||
+ | :::# Content Warning to Sender – When selected a notification email will be sent to the Sender of the email informing about the email sent has been considered as SPAM and has been quarantined at the recipient end. | ||
+ | :::# Content Warning to Recepient – When selected a notification email will be sent to the recepeint of the email informing about the email sent has been considered as SPAM and has been quarantined. | ||
- | '''Disclaimer:-''' | + | ::* '''Delete Mails From User section – '''If any email from a particular sender or a domain has to be banned or not allowed to be downloaded, can be listed in this section. For eg. [mailto:xyz@domain.com xyz@domain.com] (for a single sender) or [mailto:*@domain.com *@domain.com] (for an entire domain). |
- | The disclaimer is a footer or signature that gets added /appended to all emails. | ||
- | This option page has different options like Add Disclaimer to Outgoing emails, Add Disclaimer to Incoming emails and Outgoing mails excluded from adding disclaimer. | + | =='''Reports section '''== |
- | 1) Add Disclaimer to Outgoing emails - | + | :''Statistics'' |
- | This option when enabled adds the disclaimer to all outgoing emails and as a result the recipient is made aware that the email received is scanned and virus free.. | + | ::''Total Quarantined Mails'' – Shows the total number of emails Quarantined. |
- | 2) Add Disclaimer to Incoming emails - | + | ::''Total Clear Mails'' – Shows the total number of clean emails received and delivered. |
- | This option when enabled adds the disclaimer to all incoming emails and as a result the recipient is made aware that the email received is scanned and virus free.. | ||
- | 3) Outgoing mails excluded from adding disclaimer – | + | :'''a. View Quarantined Mails –''' This displays all the emails that have been quarantined (i.e. marked as spam) by eScan for any of the defined rules /policies in eScan. |
- | This option is activated /enabled when the above point no. 1 is enabled. Using this option, the disclaimer is restricted from being added /appended to certain or specific email addresses or domains. | ||
+ | ::'''Buttons ''' | ||
+ | :::* Refresh – Clicking on this button refreshes the View Quarantined Mails Window. | ||
+ | :::* Stop – Clicking on this button stops the current process if started - for example – searching for a quarantined email. | ||
+ | :::* View – Clicking on this button will open the email and can be viewed. | ||
+ | :::* Find – Clicking on this button will search for a specific quarantined email. | ||
+ | :::* Delete – Clicking on this button will permanently delete the selected quarantined email. | ||
+ | :::* Message Source – Clicking on this button will provide more detail of the quarantined email like the Sender id, Sender IP address, etc… | ||
+ | :::* Hide emails – Clicking on this option will hide the quarantined emails. | ||
- | At the bottom end of this Anti-Spam & Anti-Phishing option page in the “Reports” section, there are options available called the “View Quarantined Mails” and “View Ham Mails” | ||
+ | ::'''Other Options –''' | ||
+ | :::* Subfolder Also – Selecting this option will show all the quarantined emails received on the current day including those received on the previous days. | ||
+ | :::* Show Attachment (s) – Selecting this option will show the attachment in the list. | ||
+ | :::* Open email(s) with MailClient – Selecting this option, the quarantined email can be opened / viewed using the default mail-client, for eg. Outlook Express, Microsoft Outlook. If this option is unchecked, then the email can be viewed using the eScan mail viewer. | ||
+ | :::* Show Only Hidden eMails – Selecting this option will only display the hidden emails. | ||
+ | :::* Show Only Unhidden eMails - Selecting this option will only display the unhidden emails. | ||
+ | :::* Show all eMails – Selecting this option will display all the email including hidden emails. | ||
+ | :::* Add Sender’s eMail-ID to White List - This option is accessible when right clicking on a particular email. Clicking on this option will add the email-id of the sender in the eScan white list. When next time the email is received from the whitelisted sender id, will not be quarantined and delivered to the recepient. | ||
+ | :'''b. View Ham Mails -''' This displays all the emails that have not been quarantined (not marked as spam) by eScan. | ||
- | '''Reports section -''' | + | ::'''Buttons ''' |
- | The below options are available within - | + | :::* Refresh – Clicking on this button refreshes the View Ham Mails Window. |
+ | :::* Stop – Clicking on this button stops the current process if started - for example – searching for a Ham email. | ||
+ | :::* View – Clicking on this button will open the email and can be viewed. | ||
+ | :::* Find – Clicking on this button will search for a specific quarantined email. | ||
+ | :::* Delete – Clicking on this button will permanently delete the selected quarantined email. | ||
+ | :::* Message Source – Clicking on this button will provide more detail of the quarantined email like the Sender id, Sender IP address, etc… | ||
- | '''a. View Quarantined Mails –''' | ||
- | This displays all the emails that have been quarantined (marked as spam) by eScan for any of the above mentioned rules /policies. | + | ::'''Other Options –''' |
- | This has different options set within - | + | ::* Subfolder Also – Selecting this option will show all the Ham emails received on the current day including those received on the previous days. |
+ | ::* Show Attachment (s) – Selecting this option will show the attachment in the list. | ||
+ | ::* Open email(s) with MailClient – Selecting this option, the Ham email can be opened / viewed using the default mail-client, for eg. Outlook Express, Microsoft Outlook. If this option is unchecked, then the email can be viewed using the eScan mail viewer. | ||
+ | ::* Train as Spam - This option is accessible when right clicking on a particular email. Clicking on this option will add the email-id of the sender in the eScan Black list. When next time the email is received from the blacklisted sender id, will be quarantined. | ||
- | 1) Refresh – this displays the latest quarantined emails. | ||
- | 2) Stop – this stops the current process if started - for example – finding for a quarantined email. | ||
- | 3) View - this option helps in viewing the details of emails that have been quarantined. | ||
- | 4) Find – this helps to find a particular quarantined email. | ||
- | 5) Delete - this option is for permantely deleting /purging the quarantined email (if it is not required) | ||
- | 6) Message Source - this option helps in finding out more details of the emails that have been quarantined (email from, email to,cc, ip address,etc...) | ||
- | 7) Hide emails – this option enables you to hide emails. | ||
- | 8) Add Sender's eMail-ID to White List - this option is accessible when right clicked on a particular email and helps in releasing (unhold /discharge) the email that has been quarantined. As a result, the email that had been quarantined will now be received by the user (receipient) and will not be quarantined in future. | ||
+ | :'''c. View Report – '''This will display a summary / report of all the emails that has been received (including quarantined and allowed emails). | ||
+ | ==<I>'''[http://download1.mwti.net/wiki/index.php/Glossary Glossary]'''</I>== | ||
+ | ==<I>'''[http://download1.mwti.net/wiki/index.php/EScan_ver.10 Main Feature Index]'''</I>== | ||
- | '''b. View Ham Mails -''' | ||
- | This displays all the emails that have not been quarantined (not marked as spam) by eScan. | ||
- | This has different options set within – | ||
- | 1) Refresh – this displays the latest quarantined emails. | ||
- | 2) Stop – this stops the current process if started - for example – finding of a quarantined email. | ||
- | 3) View - this option helps in viewing the details of emails that have been quarantined. | ||
- | 4) Find – this helps to find a particular quarantined email. | ||
- | 5) Delete - this option is for permantely deleting /purging the quarantined email (if it is not required) | ||
- | 6) Message Source - this option helps in finding out more details of the email that have been quarantined (email from, email to,cc, ip address,etc...) | ||
- | 7) Train as spam - this option is accessible when right clicked on a particular email. It helps the software in training itself of such emails to be analyzed as spam. As a result, the next time when such an email arrives (that was not quarantined earlier), after training (analysis) would be quarantined and will not be received by the user (receipient). | ||
- | Along with the above reports, it also displays the total quarantined mails, total ham mails, last scanned. | ||
+ | <br/> | ||
- | G)Last update - | ||
- | Shows details of the last update. | + | <!--{| id="mp-bottombanner" style="width:100%; background:#fcfcfc; margin-top:1em; border:0px solid #ccc;" |
- | + | | style="width:56%; color:#000;" | | |
- | H) Last computer scan – | + | {|align="center" width="150px" | |
- | + | |[[Image:product_logo.JPG|centre]] | |
- | Shows details of the last full (completed) computer scan. | + | |} |
+ | --> |
Current revision
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
eScan Version 10 Online Help
Anti-Spam
This section provides the decription and settings of eScan's Anti-Spam for scanning of spam / junk emails.
Contents |
Description
Anti-Spam based on the NILP (Non Intrusive Learning Pattern) technology, intelligently filters all your junk and spam emails.
Status in main Protection Center Window
The green colored Tick (√) mark indicates the Anti-Spam is active and running.
The red colored Cross (X) mark indicates the Anti-Spam is inactive and stopped.
Configuration section
Status
- Anti-Spam Status – This will display the status of the Anti-Spam in Running or Disabled mode.
- Anti-Phishing Status – This will display the status of Anti-Phishing module is in Enabled or Disabled mode. (For more detail please check in the section B. Spam Filter Configuration Section below).
- Action – This will display the Action that will be taken on the email considered as Spam i.e. Quarantine/Delete.
- Stop / Start buttons – Clicking stop / start button will disable or enable the Anti Spam.
- Settings button – To configure the Anti-Spam for email scanning click on the Settings button.
I. Advanced
- A. General Options section
- Send Original Mail to User (default) - This option when enabled will send the email (though tagged as spam) to the original recipient of the email also. Note: If the email has been tagged as SPAM, the email will be in the SPAM folder of the email client (i.e. Outlook Express). SPAM folder in the mail client is created by eScan.
- Do not check content of Replied or Forwarded Mails – This option when enabled will not check contents of email that are either replied or forwarded.
- Check Content of Outgoing Mails – This option when enabled will also check outgoing emails for restricted contents.
- Buttons
- a) Phrases – Clicking on this button, will enable the users to define a list of phrases to be checked in the body of an email and take the necessary actions i.e. either Quarantine / Delete the email.
- User specified whitelist of words/phrases - This will list the words/phrases defined and whitelisted by the users (Color Code - GREEN).
- User specified List of Blocked words/phrases - This will list the words/phrases defined and block listed by the users(Color Code - RED).
- User specified words/phrases disabled - This will list the words/phrases defined but disabled (excluded for scanning) by the users (Color Code - GRAY).
- Options on Right Click:
- Add Phrase: To add a word/phrase, right click and select Add Phrase. Add the word/phrase in the section and select the Action (Quarantine the Mail/Delete the Mail) to be taken on the email if the word/phrase is found in the content of the email.
- Edit Phrase – select this option to edit/modify the word/phrase or the action to be taken.
- Enable Phrase – shall enable the listed word/phrase for Content check in the email and the defined action will be taken.
- Disable Phrase – shall disable the listed word/phrase for Content check in the email and no action will be taken.
- White List – shall add the listed word/phrase in the White list for Content check. White listed word/phrase will not be checked for Email Content Scanning.
- Block List – shall add the listed word/phrase in the Block List for content check. Block listed word/phrase will be checked for Email Content Scanning.
- Find – this will help to search and locate a word / phrase.
- B. Spam Filter Configuration Section
- Check for Mail Phishing – This option when enabled will check for fraudulent emails and will be quarantined.
- Treat Mails with Chinese / Korean character set as SPAM - This option when enabled will scan emails with Chinese / Korean characters. This check is based on our research done on various spam email samples collected world wide, wherein it is observed that spammers do use Chinese / Korean characters in their emails.
- Treat Subject with more than 5 whitespaces as SPAM – This option when enabled will check if "spacing" between characters / words in the subject of emails. This is also as per our research and studies on various types of spam emails.
- Check content of HTML mails – This option when enabled will scan emails in HTML format along with Text.
- Quaranting Advertisement mails – This option when enabled, will check for advertisement types of emails and will be quarantined.
- Button
- Advanced (Advanced Spam Filtering options) – For advance setting in Spam Filter Configuration click on the Advanced button.
- Enable Non Intrusive Learning Pattern (NILP) check – Non Intrusive Learning Pattern (NILP) is an advanced Bayesian Filtering method with the intelligence to analyze each mail according to the Behavioral Patterns of the user and comes with a self learning capability. It is one of the component of the Anti-Spam Module that helps prevent spam emails from reaching the user’s mailbox/inbox.
- Enable eMail Header check – This option when enabled, will check the validity of certain generic fields like From id, To id, CC id.
- Enable X-Spam Rules check – This option when enabled, will check the contents in the body of the email as per defined in the database of eScan. The database contains a list of words / phrases each assigned a score / threshold. This database will referred and accordingly action on the email will be taken.
- Enable Sender Policy Framework (SPF) check – This option when enabled will check the SPF record of the sender domain. (This option, when enabled, requires direct internet connection).
- Enable Spam URI Realtime Blacklist (SURBL) check – This option when enabled, will check the URL’s in the message body of an email. If the URL is listed in the SURBL site, the email will be blocked from being downloaded..(This option, when enabled it is recommended to have a direct internet connection).
- Enable Realtime Blackhole List (RBL) check – This option when enabled, will check the senders IP address in the RBL sites. If the sender ip address is blacklisted in the RBL site, the email will be blocked from being downloaded.(This option when enabled it is recommended to have a direct internet connection).
- RBL Servers - This contains a list of servers / sites which maintains a list of Spammers details and can be changed as per one’s requirement (add / delete).
- Auto Spam Whitelist – This contains a list of valid email addresses which can bypass the above Spam filtering options. Thus allowing emails from the whitelisted are allowed to download to the recipient’s inbox.
- C. Mail Tagging Options –
- Do not change email at all – This option when enabled will not add Spam Tag to the email, identified as Spam
- Both subject and body is changed. [Spam] tag is added in Subject. Actual spam content is embedded in Body – This option when enabled will add a Spam Tag in the Subject and the Body of email identified as Spam. This helps to identify the Spam emails.
- "X-Mailscan Spam: 1" header line is added. Actual spam content is embedded in Body – This option when enabled will add a Spam Tag in the Body of the email identified as Spam and a header line is added to the email
- Only [Spam] tag is added in Subject. Body is left unchanged – This option when enabled will add the Spam Tag only in the Subject of the email identified as Spam.
- "X-Mailscan-Spam: 1" header line is added. Body and subject both remain unchanged - This option when enabled will add a header line to the email but no tag is added to the Subject or body of the email.
II. Disclaimer
- The disclaimer is a footer or signature that gets added /appended to all emails. The disclaimer can be added in the space provided.
- (a) Add Disclaimer to Outgoing emails - This option when enabled adds the disclaimer to all outgoing emails and as a result the recipient is made aware that the email received is scanned and virus free.
- (b) Add Disclaimer to Incoming emails - This option when enabled adds the disclaimer to all incoming emails and as a result the recipient is made aware that the email received is scanned and virus free.
- (c) Outgoing mails excluded from adding disclaimer – This option is activated /enabled when the option (a) is enabled. Using this option, the disclaimer is restricted from being added /appended to certain or specific email addresses or domains.
- Notification Setting button – To configure the eScan Warning Notification Settings on actions taken on the emails click on the Notification button.
- Virus Alerts section – Selecting the Alert Dialog-box will pop-up an alert window displaying the action taken on a particular email.
- Warning Mails section – This contains a predefined Notifications which will be sent either to the recipient.
- Attachment Removed Warning to Sender – When selected a notification email will be sent to the sender of the email informing about the Attachment removed by eScan attached in the email.
- Attachment Removed Warning to Recepient – When selected a notification email will be sent to the recepient of the email informing about the Attachment removed by eScan attached in the email.
- Virus Warning to Sender – When selected a notification email will be sent to the sender of the email informing about the virus in the email and the action taken by eScan.
- Virus Warning to Recepient – When selected a notification email will be sent to the recepient of the email informing about the virus in the email and the action taken by eScan.
- Content Warning to Sender – When selected a notification email will be sent to the Sender of the email informing about the email sent has been considered as SPAM and has been quarantined at the recipient end.
- Content Warning to Recepient – When selected a notification email will be sent to the recepeint of the email informing about the email sent has been considered as SPAM and has been quarantined.
- Delete Mails From User section – If any email from a particular sender or a domain has to be banned or not allowed to be downloaded, can be listed in this section. For eg. xyz@domain.com (for a single sender) or *@domain.com (for an entire domain).
Reports section
- Statistics
- Total Quarantined Mails – Shows the total number of emails Quarantined.
- Total Clear Mails – Shows the total number of clean emails received and delivered.
- a. View Quarantined Mails – This displays all the emails that have been quarantined (i.e. marked as spam) by eScan for any of the defined rules /policies in eScan.
- Buttons
- Refresh – Clicking on this button refreshes the View Quarantined Mails Window.
- Stop – Clicking on this button stops the current process if started - for example – searching for a quarantined email.
- View – Clicking on this button will open the email and can be viewed.
- Find – Clicking on this button will search for a specific quarantined email.
- Delete – Clicking on this button will permanently delete the selected quarantined email.
- Message Source – Clicking on this button will provide more detail of the quarantined email like the Sender id, Sender IP address, etc…
- Hide emails – Clicking on this option will hide the quarantined emails.
- Other Options –
- Subfolder Also – Selecting this option will show all the quarantined emails received on the current day including those received on the previous days.
- Show Attachment (s) – Selecting this option will show the attachment in the list.
- Open email(s) with MailClient – Selecting this option, the quarantined email can be opened / viewed using the default mail-client, for eg. Outlook Express, Microsoft Outlook. If this option is unchecked, then the email can be viewed using the eScan mail viewer.
- Show Only Hidden eMails – Selecting this option will only display the hidden emails.
- Show Only Unhidden eMails - Selecting this option will only display the unhidden emails.
- Show all eMails – Selecting this option will display all the email including hidden emails.
- Add Sender’s eMail-ID to White List - This option is accessible when right clicking on a particular email. Clicking on this option will add the email-id of the sender in the eScan white list. When next time the email is received from the whitelisted sender id, will not be quarantined and delivered to the recepient.
- Other Options –
- b. View Ham Mails - This displays all the emails that have not been quarantined (not marked as spam) by eScan.
- Buttons
- Refresh – Clicking on this button refreshes the View Ham Mails Window.
- Stop – Clicking on this button stops the current process if started - for example – searching for a Ham email.
- View – Clicking on this button will open the email and can be viewed.
- Find – Clicking on this button will search for a specific quarantined email.
- Delete – Clicking on this button will permanently delete the selected quarantined email.
- Message Source – Clicking on this button will provide more detail of the quarantined email like the Sender id, Sender IP address, etc…
- Other Options –
- Subfolder Also – Selecting this option will show all the Ham emails received on the current day including those received on the previous days.
- Show Attachment (s) – Selecting this option will show the attachment in the list.
- Open email(s) with MailClient – Selecting this option, the Ham email can be opened / viewed using the default mail-client, for eg. Outlook Express, Microsoft Outlook. If this option is unchecked, then the email can be viewed using the eScan mail viewer.
- Train as Spam - This option is accessible when right clicking on a particular email. Clicking on this option will add the email-id of the sender in the eScan Black list. When next time the email is received from the blacklisted sender id, will be quarantined.
- c. View Report – This will display a summary / report of all the emails that has been received (including quarantined and allowed emails).
Glossary
Main Feature Index