Spam and Virus Filtering
of Email Messages on the
BSU GroupWise Email Server
As of September 29, 2004, Computer Services ebabled spam and virus prevention on email messages coming into and going out of the BSU GroupWise email server on.
How is this done?
Computer Services has purchased and installed both Omni Technology Solutions’ GEEWhiz and Symantec’s AntiVirus Corporate Edition for all users of the BSU GroupWise email server. This creates a server side technology to help identify email messages that are likely spam messages or email messages that have virus infected attachments.
Will Computer Services be automatically deleting any mail?
While the GEEWhiz system is designed to allow for the automatic deletion of messages that are determined to be spam or have virus infected attachments, Computer Services has determined that we will not be deleting any mail messages at this time. All messages will be forwarded to users’ post offices. For messages identified as likely spam messages, the message will be flagged as such before delivery. For messages identified as having virus infected attachments, the infected attachment(s) will be deleted, and a notification message attached before delivery.
Spam Filtering
How does GEEWhiz determine if a message is spam?
Spammers, the individuals that send spam email messages, usually employ common mechanisms to both send their email messages as well as entice recipients to read their email messages. GEEWhiz is designed with rules to scan each mail message it receives and look for the characteristics that result from these common mechanisms. GEEWhiz assigns a point value to each rule for identifying a spamming mechanism and after scanning an entire message totals the point values of the rules that were matched. The total of these point values are the individual message’s spam score. If the spam score is above a certain threshold, the message is identified as spam.
What does GEEWhiz do with messages once it has made a determination of spam content?
On all messages, GEEWhiz assigns a spam score to the message. If a message is determined not to be spam, GEEWhiz:
- inserts a flag in the message headers [definition] of the message identifying the message is not spam, and
- inserts the spam score into the message headers.
If a message is determined to be spam, GEEWhiz:
- inserts a flag in the message headers of the message identifying the message as spam,
- inserts the spam score into the message headers,
adds a file named “gas-results.txt” with a record of the rules and spam score as an attachment to the message, and
- changes the subject from "" to " S-P-A-M (x.x / y.y)" [where x.x is the spam score, and y.y is the spam threshold defined.]
Once GEEWhiz assigns a spam score to a message and inserts necessary information, the message is delivered to the user’s GroupWise post office. At this point, it is the responsibility of the post office to deliver the message.
What does the GroupWise Post Office do with a message received from GEEWhiz?
A user who uses the GroupWise client for Windows has the option of enabling the “Junk Mail Handling” feature within the GroupWise client. If a user has the this option enabled in the GroupWise client, this creates a “Junk Mail” folder in the user’s account and tells the server to turn over messages to “Junk Mail Handling” for proper folder placement.
What is the use of the “Junk Mail Handling” feature in the GroupWise client?
When enabled, “Junk Mail Handling” is a feature of the GroupWise Client that allows you to have email messages that meet certain requirements moved by the post office to folders other than your “Mailbox” folder. This movement of email messages occurs before delivery to the client. For the GroupWise Client for Windows to make use of the flag provided by GEEWhiz in the message headers identifying the message as spam, the “Junk Mail Handling” feature simply needs to be enabled in the client.
See: Instructions for Spam and Virus Filtering for the GroupWise Desktop Client.
Can I filter spam out of my Inbox if I don’t use the GroupWise Client for Windows to check my mail?
Yes. Instead of the GroupWise server performing the filtering of spam using the “Junk Mail Handling” features of the GroupWise Client for Windows, you can use the rules features available in most POP or IMAP clients to filter out mail. As indicated above, the subject of any mail messages GEEWhiz has determined likely to be spam will include “S-P-A-M” (without the quotes). Simply create a rule in your client that filters message with this string in the subject to another folder other than your Inbox.
Instructions for individual email clients.
Isn’t it possible for GEEWhiz to fail to identify a spam message, instead marking it as legitimate?
Because GEEWhiz assigns a point value to each rule for identifying a spamming mechanism, it is possible that after scanning some messages and assigning a spam score, the spam score will be below the threshold set causing some spam messages to be identified as legitimate.
What should I do about email messages that are not properly identified as spam?
For a single message, you may forward the message as an attachment (“Forward as Attachment” in the GroupWise client) to the email address spam@bemidjistate.edu This is an account designed for Computer Services to look through the headers of spam mail improperly identified as legitimate to attempt to ensure it is not improperly identified in the future.
Additionally you may choose to configure the GroupWise Client for Windows to junk the domain [definition] from which the messages are coming by placing them in the “Junk List”. The messages will then be handled by “Junk Mail Handling” as spam messages.
Isn’t it possible for GEEWhiz to improperly identify a legitimate message as spam?
Because GEEWhiz assigns a point value to each rule for identifying a spamming mechanism, it is possible that after scanning some messages and assigning a spam score, the spam score will exceed the threshold set causing some legitimate messages to be identified as spam. This happens very rarely, but is most likely to happen to mail messages that are from mailing lists and legitimate marketing sources.
What should I do about email messages that are improperly identified as spam?
For a single message, you may forward the message as an attachment (“Forward as Attachment” in the GroupWise client) to the email address ham@bemidjistate.edu . This is an account designed for Computer Services to look through the headers of legitimate mail improperly identified as spam to attempt to ensure it is not improperly identified in the future.
For messages from a mailing list or a legitimate marketing source, it is recommended to configure the GroupWise Client for Windows to trust the domain from which the messages are coming, by placing them in the “Trust List”. The messages will continue to be marked as spam by the GEEWhiz software, but they will no longer be handled by “Junk Mail Handling” as spam messages.
Virus Filtering
How does GEEWhiz determine if a message has a virus infected attachment?
When GEEWhiz receives a message with an attachment, it passes the message’s attachment to a server based copy of Symantec AntiVirus Corporate Edition to scan the attachment for a virus.
What does GEEWhiz do with messages once it has made a determination of virus infected attachments?
On all messages with at least one attachment, GEEWhiz requests Symantec AntiVirus Corporate Edition scan the message’s attachments.
If a message’s attachment is determined not to be infected, GEEWhiz:
- leaves the attachments intact
If a message’s attachment is determined to be infected, GEEWhiz:
- removes the infected attachments, and
- adds a file named “gee.txt” with information indicating a virus infected attachment was included with the message.
Once GEEWhiz has made a determination about the attachments to a message and inserts necessary information, the message is delivered to the user’s GroupWise post office. At this point, it is the responsibility of the post office to deliver the message.
|
