TRUSTWAVE SEG SPAMCENSOR EXPLAINED



Similar documents
MailMarshal SMTP 2006 Anti-Spam Technology

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Global Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER

Intercept Anti-Spam Quick Start Guide

MARSHAL REPORTING CONSOLE VERSION 2.5 INSTALLATION GUIDE

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

Secure Web Gateway 11.7 Upgrade Release Notes

Trend Micro Hosted Security Stop Spam. Save Time.

Mailwall Remote Features Tour Datasheet

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

GFI Product Comparison. GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

Anti Spam Best Practices

Cisco Security Intelligence Operations

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

How To Prevent Hacker Attacks With Network Behavior Analysis

IronPort X1000 Security System

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

FortiMail Filtering Course 221-v2.2 Course Overview

GFI Product Comparison. GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.0

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Introduction. How does filtering work? What is the Quarantine? What is an End User Digest?

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Symantec Security.cloud - Skeptic Whitepaper

IBM Lotus Protector for Mail Security 2.5. Empower users and extend your IBM Lotus Notes and Lotus Domino security features

Comprehensive Filtering. Whitepaper

V1.4. Spambrella Continuity SaaS. August 2

Symantec Protection Suite Add-On for Hosted and Web Security

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

eprism Security Appliance 6.0 Release Notes What's New in 6.0

Spamfilter Relay Mailserver

Cloud Services. Anti-Spam. Admin Guide

Ipswitch IMail Server with Integrated Technology

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

PROOFPOINT - SPAM FILTER

MailMarshal SMTP Anti-Spam Configuration

Anti-Spam White Paper

Putting Web Threat Protection and Content Filtering in the Cloud

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Context Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats

An Overview of Spam Blocking Techniques

Antispam Security Best Practices

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Proactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution.

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Cisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices

SPAM FILTER Service Data Sheet

Image Based Spam: White Paper

2.2.1 Malware Protection (Inbound)... 14

GWAVA 5. Migration Guide for Netware GWAVA 4 to Linux GWAVA 5

Spam DNA Filtering System

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

Introduction. SonicWALL Security

Spam Testing Methodology Opus One, Inc. March, 2007

Migration Project Plan for Cisco Cloud Security

SESA Securing with Cisco Security Appliance Parts 1 and 2

Secret Server Qualys Integration Guide

Comprehensive Anti-Spam Service

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

Secure Web Gateway 11.5 Release Notes

What is a Mail Gateway?... 1 Mail Gateway Setup Peering... 3 Domain Forwarding... 4 External Address Verification... 4

Move over, TMG! Replacing TMG with Sophos UTM

THE INFOCROSSING SECURE BOUNDARY SERVICE

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

SANS Dshield Webhoneypot Project. OWASP November 13th, The OWASP Foundation Jason Lam

Technical Note. FORTIMAIL Configuration For Enterprise Deployment. Rev 2.1

Stop Spam Now! By John Buckman. John Buckman is President of Lyris Technologies, Inc. and programming architect behind Lyris list server.

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

MDaemon configuration recommendations for dealing with spam related issues

Precis Overview - The Threat

Unified Threat Management, Managed Security, and the Cloud Services Model

Why Content Filters Can t Eradicate spam

INSIDE. Neural Network-based Antispam Heuristics. Symantec Enterprise Security. by Chris Miller. Group Product Manager Enterprise Security

The Attacker s Target: The Small Business

M86 MailMarshal SMTP USER GUIDE. Software Version: 6.8.4

Updating Your Skills from Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 to Microsoft

Stop Spam. Save Time.

Transcription:

.trust TRUSTWAVE SEG SPAMCENSOR EXPLAINED wave.com Updated October 9, 2007 Table of Contents About This Document 2 1 SpamCensor Defined 3 2 How Does SpamCensor Work? 3 3 How Are the Rules Made and Scored? 3 4 Why Isn t SpamCensor Updated As Often As a Virus Scanner? 4 5 How Effective is SpamCensor? 4 6 More Information 5 About Trustwave 6

About This Document SpamCensor is one of the core anti-spam technologies in Trustwave SEG. Over many years it has proven to be an effective, flexible and extensible tool for fighting spam. This document addresses the following common questions: What exactly is SpamCensor? How does it work? How are the rules made and scored? Why isn t it updated as often as anti-virus tools? How effective is it? Trustwave SpamCensor Explained - July 9, 2015 2

1 SpamCensor Defined Technically, SpamCensor is a special Trustwave SEG category script. Category scripts use XML script files to provide flexible multi-faceted content scanning. SpamCensor is supplied and automatically updated by Trustwave. It is currently built and published multiple times per week by anti-spam experts in Trustwave s SpiderLabs Email Security team. SpamCensor is a key element in the Trustwave SEG anti-spam toolkit. While it is a powerful tool, it s important to realize it is one element in the Trustwave SEG anti-spam solution. SpamCensor happily works in conjunction with other features such as SpamProfiler, Reputation Service lookups, URL filtering, Directory Harvest Attack (DHA) prevention, receiver block rules and anti-spoofing. This document only discusses SpamCensor. 2 How Does SpamCensor Work? SpamCensor is a heuristic filter that consists of thousands of tests or rules for spam. It is not a signaturebased system like an anti-virus scanner, where each signature operates independent of the other signatures. Rather it is a scoring-based system where rules work in combination, to end up with a total score which represents the spamminess of a message. Many different types of tests or rules are applied against each message. The header is checked for irregular fields and data, including the telltale footprints of the spammers tools. The message body is checked for the characteristic patterns of key words and phrases and their relationship to other words and phrases. HTML code is parsed, again searching for spammers footprints. The message, and its components, size and structure are also checked. When the threshold of 60 is reached, the message is considered spam and action can be taken. The following message log illustrates this: ------ Category <Spam> evaluation result ------ - EV_GENR_XSmallBodyLT100: (24.00) Msg body is between 5 and 100 bytes - HTTP_LINK: (1.00) HTTP link in message - MSG_SIZE_1: (-1.00) IsBigger than 1K - MT_GENR_XSmallHyperlnk: (10.00) Message body less than 100b with web link - RH_GENR_HeaderSus21: (20.00) Header pattern common in spam - RH_GENR_HeaderSus215: (15.00) Header pattern common in spam - RH_GENR_HeaderSus247: (10.00) Header pattern common in spam - RH_GENR_HeaderSus49: (22.00) Header pattern common in spam - RH_GENR_HeloIP: (5.00) IP used in any HELO - current or previous - RH_GENR_HeloIPtoMM: (25.00) IP used in HELO to MailMarshal - RH_GENR_Localhost: (20.00) Received from localhost - RH_GENR_XMailerMissing: (1.00) Missing X-Mailer: Field - TC_HTTP_SEX: (16.00) Http link contains sex Total score: (168.0) required(60.0) SpamFilter: Version 130 26-September-2006 ------ End of Category <Spam> evaluation ------ 3 How Are the Rules Made and Scored? SpamCensor s rules are crafted by members of the Trustwave SpiderLabs Email Security team. The team is a group of security analysts who examine live spam streams for patterns and trends. The experience of Trustwave SpamCensor Explained - July 9, 2015 3

the team and knowledge of spam patterns or traits is a key factor in the effectiveness of the SpamCensor. This human factor should not be undervalued. Sometimes in the anti-spam community a lot of weight is given to automatic machine-learning systems, where human input is minimal. These systems serve a purpose, but can easily create problems if not configured, trained and monitored correctly. Trustwave uses a number of back-end, proprietary tools that machine-learn by applying statistical analysis techniques to large volumes of spam and legitimate emails. The tools are especially good at highlighting patterns and trends that are not easily seen by humans. The results are fed into SpamCensor, but only after being validated by the SpiderLabs experts. The values assigned to each SpamCensor rule are generated by an automated scoring algorithm. Each SpamCensor release is trained on over a million messages to optimize the filter. This maximizes spam detection and minimizes false positives. Fresh data is added daily to keep the training program up to date. SpamCensor is then delivered to the customer, updated and pre-trained, with no extra configuration needed. 4 Why Isn t SpamCensor Updated As Often As a Virus Scanner? Sometimes customers ask why the SpamCensor is not updated as often as other anti-spam solutions or their virus scanner. The simple answer is that it is not a signature-based system. In such systems, each signature is an independent entity and equates to a single message. In the SpamCensor, rules are heuristic and interdependent which means individual signature updates are unnecessary. A longer release cycle is used to carefully craft, train, and test each SpamCensor prior to release. This approach to spam detection results in a highly predictive filter. The bulk of spam is sent by relatively few spammers so patterns seen today are often repeated tomorrow. The readable content of a spam message may differ, but how the message is put together doesn t. The ability of SpamCensor to detect these underlying trends is what makes it so effective. 5 How Effective is SpamCensor? The SpiderLabs team closely monitors the performance of the SpamCensor on Trustwave SEG servers, which are subjected to live streams of incoming spam. SpamCensor s detection rate, by itself, is typically around 99%. When SpamCensor is combined with other recommended rules (such as IP Reputation Services, SpamProfiler, and URLCensor) the total effectiveness of Trustwave SEG against spam can exceed 99.7%. Trustwave SpamCensor Explained - July 9, 2015 4

6 More Information This document provides basic information about the Trustwave SEG SpamCensor technology. With its unique heuristic capability, and backed by the resources of the Trustwave SpiderLabs team, the SpamCensor has proven to be a robust and highly effective anti-spam filter that is easily deployed. To learn more about SpamCensor best practices, refer to the Trustwave SEG Anti-Spam and Anti- Malware Basics document, available from the SEG Support pages on the Trustwave website. Trustwave SpamCensor Explained - July 9, 2015 5

About Trustwave Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its TrustKeeper portal and other proprietary security solutions. Trustwave has helped hundreds of thousands of organizations ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices worldwide. For more information, visit https://www.trustwave.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information