This article applies to:

• MailMarshal Exchange
• MailMarshal SMTP

Question:

How do I block junk email, or email that contains potentially malicious code?

NOTE: For information about MailMarshal's anti-Spam abilities and settings, see Q10810: What are MailMarshal anti-spam best practices? http://www.m86security.com/kb/article.aspx?id=10810

Procedure:

There are several ways you can configure MailMarshal to block junk email, or email that contains potentially malicious code.  You can implement one or more of the features below.  Or, if you want to more strongly restrict the types of email your organization receives, you can implement them all.

1. SpamProfiler :
• This feature allows MailMarshal SMTP to check messages at the receiver. MailMarshal can refuse, delete, or quarantine messages based on the SpamProfiler evaluation. SpamProfiler is a signature based service. SpamProfiler is efficient because it does not require messages to be processed by the MailMarshal Engine.
• In version 6.5 and above, SpamProfiler results can also be used in Standard rules.
• SpamProfiler is not available in MailMarshal Exchange.
2. SpamCensor :
   • To classify spam, MailMarshal SMTP 5.5 and above includes a facility that performs a multi-dimensional XML based analysis of messages. This facility includes automatic updates provided by Marshal. You can choose to quarantine or mark messages within the Block Spam rule in the Anti-Spam Ruleset in version 5.X, or the Block Suspect Spam rule in the Anti-Spam Email Policy in version 6.X.
     
     MailMarshal Exchange 5.2 includes the same automatically updating SpamCensor technology that is present in MailMarshal SMTP.
     
3. File Attachment Types :
   • Block all Executable, Image, Video and Sound attachments.
   • Block all Encrypted attachments.  
     • Due to the encryption on these files, MailMarshal cannot unpack them to examine their contents.  
     • For Version 3.2 and up, you should create a rule to block encrypted attachments so they can be checked, and released if appropriate.  (Prior to Version 3.2, MailMarshal would 'deadletter' encrypted attachments.)
     • Warning:  If a rule is not specified to block encrypted attachments, they will pass through MailMarshal unchecked.
     • Note:  If you are running MailMarshal Secure you need to exclude S/MIME data from the rule that blocks encrypted files.
   • Block Text and Binary Unknown (in the Other category)
     • Used to block all attachments that MailMarshal currently does not recognize.
4. File Attachment Names :
   • Use a filename rule to block the following filename extensions that are capable of containing malicious code:
     • *.bat, *.chm, *.cmd, *.com, *.hlp, *.hta, *.inf, *.ins, *.js, *.jse, *.lnk, *.pif, *.reg, *.sct, *.shs, *.url, *.vb, *.vbe, *.vbe, *.vbs, *.wsc, *.wsf, *.wsh
   • Please refer to the following Marshal Knowledge Base article for more information on blocking files:
     • Q10483 : How do I stop viruses with MailMarshal?
5. Text Censor Scripts :
• In addition to blocking specific attachment types and/or file extensions, we recommend that you create text censor scripts to search for potentially harmful code.  The following Marshal Knowledge Base articles provide examples of text censor scripts you can use to block hoax messages and chain letters, spam, vbs commands, and vbs type virus text body:
• Text Censor Script Examples - Q10814 : What are some examples of TextCensor Scripts?
• Stopping Email borne VBS viruses, such as 'Lovebug' - Q10483 : How do I stop viruses with MailMarshal?
• Spam - how to protect yourself - Q10810 : What are MailMarshal anti-spam best practices?

Notes:

For more information on blocking email in your organization, please refer to the following Marshal Knowledge Base articles:

• Q10483 : How do I stop viruses with MailMarshal?
• Q10810 : What are MailMarshal anti-spam best practices?
• Q10814 : What are some examples of TextCensor Scripts?

This article was previously published as:

NETIQKB29181

Marshal KB131