Spam in Russian can be blocked with the following steps. Other languages can also be blocked with this concept using the proper character set.
1) Define a new Quarantine Type to monitor effectiveness of custom dictionary Navigate to:
Queue Manager (tab) > Queue Manager Advanced > Quarantine Types
Bottom of the page is a text box, enter the name of 'Russian Spam' or something descriptive to set this Quarantine Queue Type apart from the rest
2) Define dictionary
Compliance (tab) > Content Analysis > Dictionaries
a) Click the 'Add New' button
Enter a dictionary name, example "Russian Spam"
Select 'No' for Contribute to toward Spam Profiler
Select 'Original Part File' for Search Option for HTML Parts
b) Now you will be back at the dictionaries page. Find the new dictionary you defined and click on it's name, in our example 'Russian Spam'
At the bottom of the page click 'Add New'
Content Type = Words/Phrases
Select 'Substring' for Search Type
In the Search Text enter: charset="iso-8859-5"
This is a character set for Cyrillac/Russian
Enter a number for the Weight, I entered '100'
Check the checkbox for 'Include'
For Scan Area check 'Header'
The text up above " charset="iso-8859-5" " is normally defined/contained just in the Header
Select 'Count Once' in Contribution Type
Repeat the "b)" steps entering the following in the Search Text field:
In short, if any Russian charsets are detected the messages will be quarantined.
3) Manage & Apply Rule
Compliance (tab) > Content Analysis > Dictionaries > Manage Rules
Click 'Add New'
Select 'Russian Spam' from the dictionary drop down
Enter the same number for 'Threshold' as you did in step 2) for the Weight
Select 'Quarantine' for the Action
Enter zero (0) for the 'Action Value'
NOTE: Entering zero (0) will remove the message the next default cleanup cycle
NOTE: Entering anything but zero (0) will quarantine than release the message when that interval is met
Select 'Russian Spam' from the Quarantine Type drop down
Now you can enter if someone gets notified should this dictionary quarantine a message or you can simply click 'Submit'
Compliance (tab) > Content Analysis > Dictionaries > Apply Rules
Make sure the 'Enable Content Analysis' checkbox is check at the top of this page
Click the 'Apply ID' for the Global Inbound rule on this page. If no global inbound rule exists one will need to be created.
On this page you will to locate the new dictionary you created in the list of dictionaries below, this example is 'Russian Spam'
Check the 'Enable' checkbox in the last column that corresponds to the dictionary you created.