cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
ijahnke
Level 11
Report Inappropriate Content
Message 1 of 2

How to block Spam using specific character sets, like Russian for example.

Spam in  Russian can be blocked with  the following steps.   Other languages can  also be blocked with this  concept using the proper character set.

1) Define a new Quarantine Type to  monitor effectiveness of custom dictionary Navigate to:

Queue Manager  (tab) > Queue Manager Advanced > Quarantine Types

Bottom of the page is a text box,  enter the name of 'Russian Spam' or something descriptive to set this  Quarantine Queue Type apart from the rest

2) Define dictionary

Navigate to:

Compliance  (tab) > Content Analysis > Dictionaries

                a) Click the 'Add New' button

                                Enter  a dictionary name, example "Russian Spam"

                                Select 'No' for Contribute to toward Spam Profiler

                                Select 'Original Part File' for Search Option for HTML Parts

                                Click 'Submit'

               

                b) Now you will be back at the dictionaries page.  Find  the new dictionary you defined and click on it's name, in our example  'Russian Spam'

                                At the  bottom of the page click 'Add New'

                                Content  Type = Words/Phrases

                                Select  'Substring' for Search Type

                                In  the Search Text enter: charset="iso-8859-5"

                                                This is a character set for Cyrillac/Russian

                                Enter a number for the Weight, I entered '100'

                                Check the checkbox for 'Include'

                                For  Scan Area check 'Header'

                                                The text up above " charset="iso-8859-5" " is normally  defined/contained just in the Header

                                Select  'Count Once' in Contribution Type

                                Click  'Submit'

                                Repeat the "b)" steps entering the following in the Search Text  field:

                                                charset="koi8-r"

                                                charset="koi8-u"

                                In short, if any  Russian charsets are detected the messages will be quarantined.

3) Manage & Apply Rule

Navigate to:

Compliance  (tab) > Content Analysis > Dictionaries > Manage Rules

                Click 'Add New'

                Select  'Russian Spam' from the dictionary drop down

                Enter the same number for 'Threshold' as you did in step 2) for  the Weight

                Select 'Quarantine' for the  Action

                Enter zero (0) for the 'Action  Value'

                                NOTE: Entering zero  (0) will remove the message the next default cleanup cycle

                                NOTE: Entering anything but zero (0) will quarantine than  release the message when that interval is met

                Select 'Russian Spam' from the Quarantine Type drop down

                Now you  can enter if someone gets notified should this dictionary quarantine a  message or you can simply click 'Submit'

Navigate to:

Compliance (tab) > Content Analysis  > Dictionaries > Apply Rules

                Make sure  the 'Enable Content Analysis' checkbox is check at the top of this page

                Click the 'Apply ID' for the Global Inbound rule on this page.  If no global inbound rule exists one will need to be created.

                On this page you will to locate the new dictionary you created  in the list of dictionaries below, this example is 'Russian Spam'

                Check the 'Enable' checkbox in the last column that corresponds  to the dictionary you created.

                Click  'Submit'

1 Reply

Re: How to block Spam using specific character sets, like Russian for example.

I followed your directions in creating a Content rule and Dictionary for the Russian words and let it run for a week.  There were 30 hits on the rule but 28 of them were for valid email that had English subject lines.  The charset=koi8-r was triggered for all occurances.  Has anyone found a charset that is useful in blocking spam?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community