Views:

To resolve the issue, you may create a DLP Identifier to block these kinds of letters. Select the expression you would like to block.

Create a DLP Data Identifier

Navigate to Policy > Policy Objects > DLP Data Identifiers > Select Expression tab and click Add.

^{Click the image to enlarge.}
Provide a name and copy the string “([一-鿿]+)” without quotes, to the Expression field. Click Save. As an option, you may provide some description in the Description field, and you may also verify the expression by copying a Chinese subject line to the Test data field and clicking Test.

^{Click the image to enlarge.}

If the test result is not correct, remove the pasted expression and create a new one with the following steps.
(Optional) Access this Unicode Lookup site, and copy the character to the Keyword box in IMSVA Web UI.

^{Click the image to enlarge.}
Access this other Unicode Lookup site, and copy the character to the Keyword box as well.

^{Click the image to enlarge.}

Refer to the screenshot in Step 2, add “(“,“[“, “-“, “]”,”+” and “)” accordingly to compose the expression.

Create a DLP Compliance Template

Navigate to Policy > Policy Objects > DLP Compliance Templates and click Add.

^{Click the image to enlarge.}
Provide a name, select the DLP Data Identifier you just created, click Add and then Save.

^{Click the image to enlarge.}

Add a new policy rule

Navigate to Policy > Policy List, click Add and select Other.

^{Click the image to enlarge.}
Configure Senders and Recipients as needed.

^{Click the image to enlarge.}

^{Click the image to enlarge.}
In case some users need to receive Chinese mails from specific senders, configure the Exception.

^{Click the image to enlarge.}
Configure the scanning criteria to use the DLP Compliance Template just created.
1. Check the checkbox next to DLP Compliance Templates and then click DLP Compliance Templates.
  
  ^{Click the image to enlarge.}
2. Select the DLP Compliance Template you just created and click “>>” button to add it to “Selected” field, then click Save.
  
  ^{Click the image to enlarge.}
3. Click Next.
  
  ^{Click the image to enlarge.}
Configure the policy Action.

^{Click the image to enlarge.}
Name the rule and set its Order Number (priority). You may put it right under the antivirus rule and spam rule.

^{Click the image to enlarge.}
Save the changes. The final result will be the following:

^{Click the image to enlarge.}

Greek and Latin characters

Below is a sample spam email containing unicode characters in Greek, Latin, and IPA Extension, which is why the policy to detect profanity keyword fails to work.

^{Click the image to enlarge.}

To resolve the issue, create a DLP Identifier to block these accented letters. Please note that there are many other unicode types.

^{Click the image to enlarge.}

On the product side, you may opt to block emails that contains any of these characters and you may expand it depending on how spammers combine these characters. The following procedure will use the sample mentioned above.

Go to Policy > Policy Objects > DLP Data Identifiers.
Select the Expression tab and click Add.
Provide a name and copy the string "([Ͱ-Ͽ]+)" without quotes to the Expression field, then click Save.

The string came from the ([<first letter>-<last letter>] +) from the Greek and Coptic Unicodes.

^{Click the image to enlarge.}
Repeat Step 3 and copy the string "([ɐ-ʯ]+)" without quotes, to the Expression field, then click Save.

^{Click the image to enlarge.}
Create a DLP Compliance Template.
1. Navigate to Policy > Policy Objects > DLP Compliance Templates and click Add.
2. Provide a name, select the DLP Data Identifier you just created, click Add and then Save.
Below is an example wherein both DLP Compliance Templates are added into the policy.

^{Click the image to enlarge.}

Here is a sample policy:

^{Click the image to enlarge.}
Test the policy to verify that the email with Greek or Latin character is quarantined.

^{Click the image to enlarge.}
- Profanity detection
  
  ^{Click the image to enlarge.}
- Compliance detection
  
  ^{Click the image to enlarge.}

Keywords: Chinese subject,Chinese email,Chinese character subject,Chinese words subject,Chinese words,Chinese letters,Chinese character,email in Chinese,subject in Chinese,greek character,block latin characters

Spam mails with unicode characters pass InterScan Messaging Security Virtual Appliance undetected

Product / Version includes:

Interscan Messaging Security Virtual Appliance9.1 , Interscan Messaging Security Virtual Appliance9.0

Last updated: 2024/06/10

Solution ID: KA-0007975

Category: Troubleshoot

Summary

There was an instance wherein a policy to detect profanity keywords does not work because the word contains Greek and Latin expressions.

This article provides a workaround to block spam mails with unicode characters such as Chinese, Greek, and Latin expressions in InterScan Messaging Security Virtual Appliance (IMSVA).

IMSVA Content Filter does not support matching double-byte expression. The workaround is based on Data Loss Prevention (DLP) filter, therefore, a valid DLP license is a must to implement the workaround.

To resolve the issue, you may create a DLP Identifier to block these kinds of letters. Select the expression you would like to block.

EXPAND ALL

Chinese characters

Create a DLP Data Identifier

Navigate to Policy > Policy Objects > DLP Data Identifiers > Select Expression tab and click Add.

^{Click the image to enlarge.}
Provide a name and copy the string “([一-鿿]+)” without quotes, to the Expression field. Click Save. As an option, you may provide some description in the Description field, and you may also verify the expression by copying a Chinese subject line to the Test data field and clicking Test.

^{Click the image to enlarge.}

If the test result is not correct, remove the pasted expression and create a new one with the following steps.
(Optional) Access this Unicode Lookup site, and copy the character to the Keyword box in IMSVA Web UI.

^{Click the image to enlarge.}
Access this other Unicode Lookup site, and copy the character to the Keyword box as well.

^{Click the image to enlarge.}

Refer to the screenshot in Step 2, add “(“,“[“, “-“, “]”,”+” and “)” accordingly to compose the expression.

Create a DLP Compliance Template

Navigate to Policy > Policy Objects > DLP Compliance Templates and click Add.

^{Click the image to enlarge.}
Provide a name, select the DLP Data Identifier you just created, click Add and then Save.

^{Click the image to enlarge.}

Add a new policy rule

Navigate to Policy > Policy List, click Add and select Other.

^{Click the image to enlarge.}
Configure Senders and Recipients as needed.

^{Click the image to enlarge.}

^{Click the image to enlarge.}
In case some users need to receive Chinese mails from specific senders, configure the Exception.

^{Click the image to enlarge.}
Configure the scanning criteria to use the DLP Compliance Template just created.
1. Check the checkbox next to DLP Compliance Templates and then click DLP Compliance Templates.
  
  ^{Click the image to enlarge.}
2. Select the DLP Compliance Template you just created and click “>>” button to add it to “Selected” field, then click Save.
  
  ^{Click the image to enlarge.}
3. Click Next.
  
  ^{Click the image to enlarge.}
Configure the policy Action.

^{Click the image to enlarge.}
Name the rule and set its Order Number (priority). You may put it right under the antivirus rule and spam rule.

^{Click the image to enlarge.}
Save the changes. The final result will be the following:

^{Click the image to enlarge.}

Greek and Latin characters

Below is a sample spam email containing unicode characters in Greek, Latin, and IPA Extension, which is why the policy to detect profanity keyword fails to work.

^{Click the image to enlarge.}

To resolve the issue, create a DLP Identifier to block these accented letters. Please note that there are many other unicode types.

^{Click the image to enlarge.}

Go to Policy > Policy Objects > DLP Data Identifiers.
Select the Expression tab and click Add.
Provide a name and copy the string "([Ͱ-Ͽ]+)" without quotes to the Expression field, then click Save.

The string came from the ([<first letter>-<last letter>] +) from the Greek and Coptic Unicodes.

^{Click the image to enlarge.}
Repeat Step 3 and copy the string "([ɐ-ʯ]+)" without quotes, to the Expression field, then click Save.

^{Click the image to enlarge.}
Create a DLP Compliance Template.
1. Navigate to Policy > Policy Objects > DLP Compliance Templates and click Add.
2. Provide a name, select the DLP Data Identifier you just created, click Add and then Save.
Below is an example wherein both DLP Compliance Templates are added into the policy.

^{Click the image to enlarge.}

Here is a sample policy:

^{Click the image to enlarge.}
Test the policy to verify that the email with Greek or Latin character is quarantined.

^{Click the image to enlarge.}
- Profanity detection
  
  ^{Click the image to enlarge.}
- Compliance detection
  
  ^{Click the image to enlarge.}

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Spam mails with unicode characters pass InterScan Messaging Security Virtual Appliance undetected

Chinese characters

Create a DLP Data Identifier

Create a DLP Compliance Template

Add a new policy rule

Greek and Latin characters

Spam mails with unicode characters pass InterScan Messaging Security Virtual Appliance undetected

Product / Version includes:

Summary

Chinese characters

Create a DLP Data Identifier

Create a DLP Compliance Template

Add a new policy rule

Greek and Latin characters