eScan BlogeScan Blog    eScan WebsiteeScan Website    eScan ForumeScan Forum    eScan FeedseScan Feeds     
    
Languages:     

From eScan Wiki

Revision as of 12:15, 22 October 2010; view current revision
←Older revision | Newer revision→
Jump to: navigation, search
Image:escan-g.jpg
· eScan  · MailScan  · Technologies   · Technical Info  · Security Awareness  · User Guides

Anti-Spam & Anti-Phishing -

Shows the current status of the Anti-Spam & Anti- Phishing Protection level. The green color right tick mark denotes that the module is “Active” while the red color cross mark displays that the module is “InActive”.

On the Anti-Spam & Anti-Phishing option page in the “Configuration” section, when clicked on the “Settings” option, one can change the Anti-Spam & Anti-Phishing Protection level, whereas clicking on the “Start” and /or “Stop” option (next to Settings) makes the module “Active” and /or “InActive”.


Configuration section -

When clicked on “Settings” the below options are available, through which the eScan software’s real-time Anti-Spam & Anti-Phishing protection can be customized -

It has different options like "Advanced" and "Disclaimer".

a. Advanced:-

This option page has different options like when to check emails, spam filter configuration (anti-spam) and mail tagging options.

1) When to check emails -

This option is very important and relevant and can help the user /administrator customize as to how the email content filter should work.

The options available within -

a) Send Original mail to user –

This option helps to send the email (though tagged as spam) to the original receipient of the email.

b) Do not check content of Replied or Forwarded emails - this option is not enabled by default, once enabled it will not check contents in all emails that are either replied or forwarded.

This eventually helps is releasing system resources on an email that is already scanned and come into the mailbox/ inbox.

c) Check content of Outgoing emails - this option is not enabled by default, once enabled it will start checking all outgoing emails for restricted contents.


Spam Filter Configuration (Anti-Spam) -

This option helps to block /prevent spam emails from entering into the mailbox /inbox of the user.

The options available within:-

a) Check content of HTML mails -

This option is enabled by default, it helps to scan emails in HTML format alongwith Text.

b) Treat mails with Chinese/Korean character set as Spam -

This option is enabled by default, it is observed from the reports received from our world wide sample collection centres that emails with Chinese/Korean characters are used by spammers to send as spam and hence when received such emails are first analyzed based on a number of conditions afterwhich then tagged as Spam.

c) Treat Subject with more than 5 Whitespaces as Spam -

This option is enabled by default, it is observed from the reports received from our world wide sample collection centres that spammers are applying a technique of "spacing" (leaving spaces) in the subject of the email to get their malicious emails inside the user's mailbox/inbox by fooling the spam filters.

d) Treat HTML mails with "SRC=" string as Spam -

It is also observed from the reports received from our world wide sample collection centres that spammers are skillfully inserting SRC (source) within an email. SRC= Source is basically inserting of a source, for example - a weblink/s (url), image/s within a email that can run/ execute itself automatically in the background and download data from a remote server/ site even without being viewed or executed.

e) Quarantine Advertisement mails -

This option is enabled by default. Advertisement emails are big in size, use a lot of the internet bandwidth and are known [from reports] to be carrying malicious and/or unwanted content/data within, hence, when such emails are encountered\, they are Quarantined.


The Advanced option within -

a) Enable Non Intrusive Learning Pattern (NILP) check -

This option is enabled by default. Non Intrusive Learning Pattern (NILP) is an advanced Bayesian Filtering method with the intelligence to analyze each mail according to the Behavioral Patterns of the user and comes with a self learning capability. It is one of the component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

b) Enable eMail Header check -

This option is enabled by default. The generic fields of an email like the email From, To, CC are checked for it's validity before accepting the email. This is another component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

c) Enable X-Spam Rules check -

This option is enabled by default. A database of words /phrases used by spammers is in-built within the software and each word / phrase is assigned a particular score or threshold level. If any of these words /phrases appear in an email, using this database, different validations along with a score or threshold level check is also done [match] and here if the score or threshold value is found to be True [matching], the mail is tagged as spam or otherwise. This is one more component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

d) Enable Sender Policy Framework {SPF) check -

This option is not enabled by default. When enabled, it will check the SPF record of a particular domain from where the email is being downloaded from. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

e) Enable Spam URI Real Time Blacklist (SURBL) check -

This option is not enabled by default. When enabled, it checks for spammers IP addresses using SURBL technology (Spam URI Realtime Black List), which help identify spam URLs in the message body. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

f) Enable Real Time BlackHole list (RBL) check -

This option is not enabled by default.When enabled, it check for the spammers IP addresses in RBL's (databases of known spammer IP Addresses), which help identify and block an email from being downloaded from a spammer IP. This is an additional component of the Anti-Spam Module that helps prevent spam emails from reaching the user's mailbox/inbox.

g) RBL servers -

These are the different servers which hold databases of spammers IP Addreses and can be changed as per one's requirement/s (add/delete).

h) Auto Spam Whitelist -

This is a whitelist generated of email addresses (valid email addresses) from the mail clients. This is a list of addresses to whom emails have been sent to earlier.



Mail Tagging Options –

This option is very important as it helps in identifying emails as Spam (bad) or Ham (good).

a) Only (Spam) tag is added in Subject, the Body is left unchanged - this is the default action set within the software so that all spam emails are identified.

There are many other options that can be set as per the user's requirements like,

b) Do not change at all - this option will not tag the email at all.

c) Both subject and body is changed, [Spam] tag is added in subject, Actual Spam content is embedded in the body - this option helps identify the email as spam based on the subject and body.

d) X-MailScan-Spam: 1" header line is added, Actual Spam content is embedded in the body - this option helps identify the email as spam based on the header.

e) X-MailScan-Spam: 1" header line is added - Body and Subject both remain unchanged - this option helps identify the email as spam based on the header.



Disclaimer:-

The disclaimer is a footer or signature that gets added /appended to all emails.

This option page has different options like Add Disclaimer to Outgoing emails, Add Disclaimer to Incoming emails and Outgoing mails excluded from adding disclaimer.

1) Add Disclaimer to Outgoing emails -

This option when enabled adds the disclaimer to all outgoing emails and as a result the recipient is made aware that the email received is scanned and virus free..

2) Add Disclaimer to Incoming emails -

This option when enabled adds the disclaimer to all incoming emails and as a result the recipient is made aware that the email received is scanned and virus free..

3) Outgoing mails excluded from adding disclaimer –

This option is activated /enabled when the above point no. 1 is enabled. Using this option, the disclaimer is restricted from being added /appended to certain or specific email addresses or domains.



At the bottom end of this Anti-Spam & Anti-Phishing option page in the “Reports” section, there are options available called the “View Quarantined Mails” and “View Ham Mails”



Reports section -

The below options are available within -

a. View Quarantined Mails –

This displays all the emails that have been quarantined (marked as spam) by eScan for any of the above mentioned rules /policies.

This has different options set within -

1) Refresh – this displays the latest quarantined emails. 2) Stop – this stops the current process if started - for example – finding for a quarantined email. 3) View - this option helps in viewing the details of emails that have been quarantined. 4) Find – this helps to find a particular quarantined email. 5) Delete - this option is for permantely deleting /purging the quarantined email (if it is not required) 6) Message Source - this option helps in finding out more details of the emails that have been quarantined (email from, email to,cc, ip address,etc...) 7) Hide emails – this option enables you to hide emails. 8) Add Sender's eMail-ID to White List - this option is accessible when right clicked on a particular email and helps in releasing (unhold /discharge) the email that has been quarantined. As a result, the email that had been quarantined will now be received by the user (receipient) and will not be quarantined in future.



b. View Ham Mails -

This displays all the emails that have not been quarantined (not marked as spam) by eScan. This has different options set within – 1) Refresh – this displays the latest quarantined emails. 2) Stop – this stops the current process if started - for example – finding of a quarantined email. 3) View - this option helps in viewing the details of emails that have been quarantined. 4) Find – this helps to find a particular quarantined email. 5) Delete - this option is for permantely deleting /purging the quarantined email (if it is not required) 6) Message Source - this option helps in finding out more details of the email that have been quarantined (email from, email to,cc, ip address,etc...) 7) Train as spam - this option is accessible when right clicked on a particular email. It helps the software in training itself of such emails to be analyzed as spam. As a result, the next time when such an email arrives (that was not quarantined earlier), after training (analysis) would be quarantined and will not be received by the user (receipient).

Along with the above reports, it also displays the total quarantined mails, total ham mails, last scanned.


Note:- Depending on the subscription, some of the listed items may be unavailable.


eScan Copyright © 2015 MicroWorld Technologies Inc.- AntiVirus & Content Security.       Send your feedback to solutions@escanav.com eScan Wiki

    Privacy policy  About eScan Wiki  Disclaimers