Content Filtering and Optimizing Scans
198
ProSecure Unified Threat Management (UTM) Appliance
Configure Distributed Spam Analysis
Spam, phishing, and other email-borne threats consist of millions of messages intentionally
composed differently to evade commonly used filters. Nonetheless, all messages within the
same outbreak share at least one unique, identifiable value that can be used to distinguish
the outbreak.
With distributed spam analysis, message patterns are extracted from the message envelope,
headers, and body with no reference to the content itself. Pattern analysis can then be
applied to identify outbreaks in any language, message format, or encoding type. Message
patterns can be divided into distribution patterns and structure patterns. Distribution patterns
determine if the message is legitimate or a potential threat through analysis of the way it is
distributed to the recipients, while structure patterns determine the volume of the distribution.
The UTM uses a distributed spam analysis architecture to determine whether or not an email
is spam for SMTP and POP3 emails. Any email that is identified as spam is tagged as spam
(an option for both SMTP and POP3) or blocked (an option possible only for SMTP).
Note: Unlike other scans, you do not need to configure the spam score
because the NETGEAR Spam Classification Center performs the
scoring automatically as long as the UTM is connected to the
Internet. However, this does mean that the UTM needs to be
connected to the Internet for the spam analysis to be performed
correctly.
Note: The UTM transfers normal email (also referred to as HAM) to the
users and marks this email as Pass in the traffic logs.
 To configure distributed spam analysis and the antispam engine settings:
1. Select Application Security > Anti-Spam > Distributed Spam Analysis. The
Distributed Spam Analysis screen displays:
To Next Page
Loading...
Need help?
General