Solved

TREND IMSS content filtering piece isnt working for keywords

Posted on 2009-04-15
4
1,473 Views
Last Modified: 2013-11-22
Even when I reduce the Body keyword expressions to a single file, with a single word in it, and test it, it doesnt catch that word, but worse, it catches other, random emails without that word in it.

Same result whether I test for keywords in subject or message body.

All the other policies for spam / phishing etc. work ok.

Keywords such as "viagra" would be nice to catch as another line of defence.

Anyone heard of this bug before?  Suggestions welcome.
0
Comment
Question by:twomey_paul
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 6

Assisted Solution

by:page1985
page1985 earned 50 total points
ID: 24148611
Odd.  Most of the necessary keywords (viagra included) should be quarantined by the spyware definitions downloaded from TrendMicro.  Are you running updates?
0
 
LVL 6

Expert Comment

by:page1985
ID: 24148622
TrendMicro recommends you configure the product to update every 15 minutes, as this is how frequently they often release new SPAM definitions.  I've found that if I don't update this frequently, more junk gets through than it otherwise would.
0
 

Author Comment

by:twomey_paul
ID: 24148976
Page1985 - The spam / phishing piece analyses certain email bits and comes up with a "rating" - I've set our detection threshold to 4.0 - anything less than this starts getting hairy on the false positives.

I don't think this would catch a message from my gmail account that simply said subject: test, data: viagra, for example - but I don't know how it calculates the score.

I'm looking to trap just a few racist / sexist / spamist / basic profanity words which don't appear to get trapped with above rule.

Updates are running every day - did have it set more often but traffic get's a little on the large side.
0
 

Accepted Solution

by:
twomey_paul earned 0 total points
ID: 24156213
I've recreated policy and this appears to work now - maybe policy was corrupt.  Anyway - will close.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question