Trend Micro InterScan™ Messaging Security Virtual Appliance 9.1 Patch 3 Online Help

Collapse AllExpand All
  • about IMSVA [1]
  • activate
  • add
    • administrator accounts [1]
  • address group
  • address groups
    • examples of [1]
    • understand [1]
  • administrator accounts
  • Advanced Threat Scan Engine [1]
  • adware [1]
  • antivirus rule [1]
  • APOP [1]
  • approved list
    • add hosts [1]
  • approved senders list
    • configure [1]
  • archive
    • configure settings [1]
  • archive areas
  • archived messages
  • asterisk wildcard
  • attachment size
    • scanning conditions [1]
  • backing up [1]
  • back up [1]
  • blocked list
    • add records [1]
  • blocked senders list
    • configure [1]
  • bounced mail settings
    • configure [1]
  • C&C email [1]
  • CA certificates [1]
  • change
    • management console password [1]
  • child
    • configure IP Settings [1]
  • Cloud Pre-Filter
    • configure DNS MX records [1]
    • create account [1]
    • create policy [1]
    • policies [1]
    • suggested settings [1]
    • understand [1]
    • verify it works [1]
  • Cloud Pre-Filter tab [1]
  • Command & Control (C&C) Contact Alert Services [1]
  • community [1]
  • component update [1]
  • condition statements [1]
  • Configuration Wizard
  • configure [1]
    • approved senders list [1]
    • archive settings [1]
    • blocked senders list [1]
    • child IP settings [1]
    • connection settings [1] [2]
    • Control Manager server settings [1] [2]
    • database maintenance schedule [1]
    • delivery settings [1]
    • Deployment Settings [1] [2]
    • Direct Harvest Attack (DHA) settings [1]
    • DNS MX records [1]
    • Email reputation [1]
    • encrypted message scan actions [1]
    • expressions [1]
    • internal addresses [1] [2] [3]
    • LDAP settings [1]
    • log settings [1]
    • Message Delivery settings [1]
    • Message Rule settings [1]
    • notification messages [1]
    • notification settings [1] [2]
    • other scanning exceptions scan actions [1] [2]
    • POP3 settings [1] [2]
    • product settings [1] [2]
    • quarantine settings [1]
    • route [1]
    • scan exceptions [1]
    • scheduled reports [1]
    • security setting violation exceptions [1] [2]
    • security setting violation scan actions [1]
    • Sender Filtering [1]
    • Sender Filtering bounced mail settings [1]
    • Sender Filtering SMTP traffic throttling settings [1]
    • Sender Filtering spam settings [1]
    • Sender Filtering virus settings [1]
    • SMTP routing [1] [2] [3]
    • SMTP settings [1]
    • spam text exemption rules [1]
    • System Settings [1] [2]
    • TMCM settings [1]
    • update source [1] [2]
    • Web EUQ Digest settings [1]
  • configure event criteria [1]
  • configuring
    • Encryption settings [1]
  • connection settings
  • Control Manager
    • enable agent [1]
    • replicate settings [1]
    • see Trend Micro Control Manager [1]
  • Control Manager server settings
  • Conventional scan [1]
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2] [3]
  • customized keywords [1]
  • customized templates [1]
  • dashboard
  • database
    • configure maintenance schedule [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keywords [1]
  • Data Loss Prevention [1]
  • Data Loss Prevention (DLP) [1]
  • default tabs [1]
  • delete
    • address group [1]
    • administrator accounts [1]
  • delivery settings
    • configure [1]
  • Deployment Settings
  • dialers [1]
  • Direct Harvest Attack (DHA) settings
    • configure [1]
  • display
    • domains [1]
    • suspicious IP addresses [1]
  • DKIM Signing [1]
  • DLP [1]
  • domains
  • edit
    • address group [1]
    • administrator accounts [1]
  • Email Encryption
    • managing domains [1]
    • registering domains [1]
    • understand [1]
  • email relay [1]
  • Email reputation
  • email threats
    • spam [1]
    • unproductive messages [1]
  • enable
    • Control Manager agent [1]
    • Email reputation [1]
    • End-User Access [1] [2]
    • EUQ [1] [2]
    • IP Profiler [1]
    • POP3 scanning [1]
    • sender filtering rules [1]
    • SMTP Traffic Throttling [1]
  • encrypting messages [1]
  • Encryption settings
    • configuring [1]
  • End-User Access
  • ERS
  • EUQ [1]
  • event criteria
    • configure [1]
  • event notifications [1]
  • export notes [1]
  • expression lists
  • expressions [1] [2]
  • file attributes [1] [2] [3] [4]
  • File Reputation Services [1]
  • filtering, how it works [1]
  • filters
    • examples of [1]
  • generate
  • graymail [1]
  • hacking tools [1]
  • import notes [1]
  • IMSVA
  • internal addresses
  • IP Profiler
  • joke program [1]
  • keywords [1] [2]
  • known hosts [1]
  • LDAP settings
  • license
  • logical operators [1]
  • logs [1]
    • configure settings [1]
    • query [1]
    • query message tracking [1]
    • query MTA event [1]
    • query policy event [1]
    • query quarantine event [1]
    • query sender filtering [1]
    • query system event [1]
    • query URL click tracking [1]
  • manage
    • administrator accounts [1]
    • expression lists [1]
    • notifications list [1]
    • one-time reports [1]
    • product licenses [1]
  • manage domains for Email Encryption [1]
  • management console password
  • manual update [1]
  • mass mailing viruses
  • Message Delivery settings
    • configure [1]
  • Message Rule settings
    • configure [1]
  • messages in the Virtual Analyzer queue
  • message size
    • scanning conditions [1]
  • message traffic tab [1]
  • MIME content type
    • scanning conditions [1]
  • MTA
  • MTA queues
  • notes
  • notification messages
    • configure [1]
  • notifications
  • notification settings
  • notifications list
  • one-time reports
  • online
    • community [1]
  • other rule [1]
  • password
    • management console [1]
  • password cracking applications [1]
  • pattern files
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • permitted senders [1]
  • policies
  • policy management
  • policy notification
  • POP3 messages
  • POP3 scanning
  • POP3 settings
  • postponed messages
  • predefined expressions [1]
  • predefined keywords
    • distance [1]
    • number of keywords [1]
  • predefined templates [1]
  • product licenses
  • product services [1]
  • product settings
  • quarantine
    • configure settings [1]
  • quarantine and archive [1]
  • quarantine areas
  • quarantined messages
  • query
    • archive areas [1]
    • logs [1]
    • messages [1]
    • messages in the Virtual Analyzer queue [1]
    • MTA event logs [1]
    • MTA messages [1]
    • policy event logs [1]
    • postponed messages [1]
    • quarantine areas [1]
    • quarantine event logs [1]
    • sender filtering logs [1]
    • system event logs [1]
    • URL click tracking logs [1]
  • register domains for Email Encryption [1]
  • remote access tools [1]
  • renew
  • replicating settings [1]
  • reports
  • restore [1] [2]
  • roll back
    • components [1]
  • route
    • configure [1]
    • configure exceptions [1]
    • specify [1]
  • route exceptions [1]
  • scan
    • POP3 messages [1]
  • scan actions
    • configure encrypted message settings [1]
    • configure other scanning exceptions settings [1] [2]
  • scan engine
  • scan exceptions
    • configure [1]
  • Scan methods [1]
  • scanning conditions [1]
    • attachment names [1]
    • attachment number [1] [2]
    • attachments [1]
    • attachment size [1]
    • extensions [1]
    • message size [1]
    • MIME content type [1]
    • spam [1]
    • specify [1]
    • true file type [1]
  • scheduled reports
  • scheduled updates [1]
  • security risks
    • spyware/grayware [1]
  • security setting violations
    • configure exceptions [1] [2]
    • configure scan actions [1]
  • Sender Filtering
    • configure [1]
    • configure bounced mail settings [1]
    • configure Direct Harvest Attack (DHA) settings [1]
    • configure SMTP traffic throttling settings [1]
    • configure spam settings [1]
    • configure virus settings [1]
  • Sender Filtering Service
  • Sender Filtering tab [1]
  • services [1]
    • Sender Filtering Service [1]
  • smart protection [1] [2]
  • Smart Protection [1]
  • Smart Protection Network [1]
  • Smart Scan [1]
  • SMTP and HTTPS certificates [1]
  • SMTP routing [1]
  • SMTP settings
    • configure [1]
  • SMTP Traffic Throttling
  • SMTP traffic throttling settings
    • configure [1]
  • spam settings
    • configure [1]
  • spam text exemption rules
    • configure [1]
  • specify
    • actions [1]
    • route [1]
    • scanning conditions [1]
    • update source [1]
  • spyware/grayware [1]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • start
  • support
    • knowledge base [1]
    • resolve issues faster [1]
    • TrendLabs [1]
  • suspicious IP addresses
  • system overview tab [1]
  • System Settings
  • System Status screen [1]
  • tabs
    • add a tab [1]
    • Cloud Pre-Filter [1]
    • configure a tab [1]
    • default tabs [1]
    • message traffic [1]
    • Sender Filtering [1]
    • system overview [1]
    • understand [1]
  • tag subject
  • templates [1] [2] [3] [4] [5] [6]
  • TMCM settings
    • configure [1]
  • transport layer [1]
  • Transport Layer Security [1]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
  • true file type [1]
  • understand
    • Email Encryption [1]
    • widgets [1]
  • update
    • application files [1]
    • automatically [1]
    • manually [1]
    • pattern files [1]
    • scan engine [1]
    • system files [1]
  • update source
  • view
    • archived messages [1]
    • messages in the Virtual Analyzer queue [1]
    • MTA queues [1]
    • postponed messages [1]
    • product licenses [1]
    • quarantined messages [1]
  • Virtual Analyzer [1]
  • virus settings
    • configure [1]
  • Web EUQ Digest
    • configure settings [1]
  • Web Reputation Services [1]
  • widgets
    • add a widget [1]
    • configure a widget [1]
    • edit a widget [1]
    • understanding [1]
    • using a widget [1]
  • wildcards [1]
    • file attributes [1]

Configure Antispam Service Parent topic

IMSVA provides the following methods of blocking spam mails:
  • Setting the spam catch rate or detection thresholds
  • Querying the global Email Reputation database
  • Monitoring the behavior of IP addresses
Related information

Setting the Spam Catch Rate or Detection Thresholds Parent topic

Procedure

  1. Choose PolicyPolicy List from the menu.
  2. Click Default spam ruleAnd scanning conditions matchSpam detection settings.
  3. Configure spam detection settings.
    1. Under Spam/Phishing Email on the scanning conditions selection screen, select the check box next to Spam detection settings.
    2. Click Spam detection settings.
      The Spam detection settings screen appears.
    3. To enable spam scanning, select the check box next to Select a spam catch rate or specify a detection threshold. If you do not select this check box, IMSVA will not label any email messages that violate this rule as spam. You can, however, still take actions on any senders in the Blocked Senders list below.
    4. Select one of the following spam catch rates or specify a detection threshold.
      • High: Catches more spam. Select a high catch rate if too much spam is getting through to your clients.
      • Medium: Select to catch an average amount of spam (the default selection).
      • Low: Catches less spam. Select a low catch rate if IMSVA is tagging too many legitimate email messages as spam.
      • Specify a detection threshold: You can specify a threshold value (between 3.0 and 10.0) that represents how critically IMSVA analyzes email messages to determine if they are spam.
      Note
      Note
      A higher threshold value means that a message must be very "spam-like" for IMSVA to consider it spam. This decreases the spam catch rate, but it also results in a lower number of false positives. If IMSVA is tagging too many legitimate email messages as spam (too many false positives), specify a higher threshold value.
      A lower threshold value means that a message only needs to be slightly "spam-like" for IMSVA to consider it spam. This increases the spam catch rate, but it also results in a higher number of false positives. If IMSVA is letting too much spam through to your clients as legitimate email, specify a lower threshold value.
    5. Select the check boxes next to any of the following lists to enable them:
      • Approved sender list: Prevents IMSVA from identifying email from senders in this list as spam.
      • Blocked sender list: Forces IMSVA to identify email from senders in this list as spam.
      • Text exemption list: Prevents IMSVA from identifying email that contains any of the text in this list as spam.
    6. Click Save.

Querying Email Reputation Parent topic

Procedure

  1. Enable Email reputation.
    1. Choose Sender FilteringOverview from the menu.
    2. To enable Email reputation, select the Email reputation check box.
    3. Click Save.
  2. Configure Email reputation.
    1. Choose Sender FilteringEmail Reputation from the menu.
    2. Select the Enable Email Reputation check box.
    3. Select a service level, Standard or Advanced, and configure the following:
      • Default intelligent action: Email reputation permanently denies connection (550) for RBL+ matches (Standard and Advanced service levels) and temporarily denies connection (450) for Zombie matches (Advanced service level only).
      • Take customized action for all matches
        • SMTP error code: Rejects any connection with a certain SMTP code. Type an SMTP code.
        • SMTP error string: Rejects any connection with a certain SMTP error string. Type the error string.
    4. Click Save.

Monitoring the Behavior of IP Addresses Parent topic

Procedure

  1. Enable IP Profiler.
    1. Choose Sender FilteringOverview from the menu.
    2. To enable IP profiler, select the IP Profiler check box.
    3. Click Save.
  2. Configure IP Profiler settings.
    1. Choose Sender FilteringRules from the menu.
      The Spam tab appears by default. If you are on a different tab, click the Spam tab.
    2. To enable blocking for spam, select the Enable check box.
    3. Configure the following:
      • Duration to monitor: The number of hours that IMSVA monitors email traffic to see if the percentage of spam email messages exceeds the Threshold you set below.
      • Threshold: The maximum percentage of spam email messages that IMSVA will allow during the value you set for Duration to monitor above. The threshold is a fraction with a numerator and denominator:
        • Rate (%): Type the maximum number of allowable email messages with spam threats (the numerator).
        • Total mails: Type the total number of spam email messages out of which the threshold percentage is calculated (the denominator).
        Consider the following example.
        Duration to monitor: 1 hour at a rate of 20 out of 100
        During each one-hour period that spam blocking is active, IMSVA starts blocking IP addresses when more than 20% of the messages it receives contain spam and the total number of messages exceeds 100.
    4. Next to Triggering action, select one of the following:
      • Block temporarily: Block email messages from the IP address and allow the upstream MTA to try again.
      • Block permanently: Never allow another email message from the IP address and do not allow the upstream MTA to try again.
    5. Click Save.
      Tip
      Tip
      Trend Micro suggests keeping the default values, which provide an adequate level of protection. To restore the default values, click Restore Defaults.