Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Spam mails with Chinese subjects pass InterScan Messaging Security Virtual Appliance (IMSVA) undetected

    • Updated:
    • 14 Oct 2019
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • InterScan Messaging Security Suite 9.1 Linux
    • InterScan Messaging Security Virtual Appliance 9.0
    • InterScan Messaging Security Virtual Appliance 9.1
    • Platform:
    • N/A N/A
Summary

This article provides a workaround to block spam mails with Chinese character(s) inside.

 
IMSx Content Filter does not support matching double byte expression. The workaround is based on DLP filter, therefore a valid DLP license is a must to implement the workaround.
Details
Public

Create a DLP Data Identifier

  1. Navigate to Policy > Policy Objects > DLP Data Identifiers > Select Expression tab and click Add

    Add entry

  2. Provide a name and copy the string “([一-鿿]+)” without quotes, to the Expression field. Click Save. As an option, you may provide some description in the Description field, and you may also verify the expression by copying a Chinese subject line to the Test data field and clicking Test.

    Copy string

    If the test result is not correct, remove the pasted expression and create a new one with the following steps.

  3. (Optional) Access this Unicode Lookup site, and copy the character to the Keyword box in IMSVA Web UI.

    Copy unicode

  4. Access this other Unicode Lookup site, and copy the character to the Keyword box as well.

    Other Unicode Lookup site

    Refer to the screenshot in Step 2, add “(“,“[“, “-“, “]”,”+” and “)” accordingly to compose the expression.

Create a DLP Compliance Template

  1. Navigate to Policy > Policy Objects > DLP Compliance Templates and click Add.

    Add template

  2. Provide a name, select the DLP Data Identifier just created, click Add and then Save.

    Add DLP Data Identifier

Add a new policy rule

  1. Navigate to Policy > Policy List, click Add and select Other.

    Add

  2. Configure Senders and Recipients as needed.

    Configure Senders and Recipients

    Configure Senders and Recipients

  3. In case some users need to receive Chinese mails from specific senders, configure the Exception.

    Configure exception

  4. Configure the scanning criteria to use the DLP Compliance Template just created.
    1. Check the checkbox next to DLP Compliance Templates and then click DLP Compliance Templates.

      DLP Compliance Templates

    2. Select the DLP Compliance Template just created and click “>>” button to add it to “Selected” field, then click Save.

      Save template

    3. Click Next.

      User-added image

  5. Configure the policy Action.

    Policy action

  6. Name the rule and set its Order Number (priority). You may put it right under the antivirus rule and spam rule.

    Rule priority

  7. Save the changes. The final result will be the following:

    Results

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1118756
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.