Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1038
Views
0
Helpful
1
Replies

Detecting spam using regular expressions?

AVS_ironport
Level 1
Level 1

‎09-03-2008 06:51 PM

Ou users have been geting a lot of russian porn spam last 3 weeks. We decided to make dictionary (regexp) rule to move all the positive detected mails to quarantine. Is it possible to move such messages to M-ceries quarantine, instead "policy" quarantine in C-ceries? And how to make it?

Dual C350, AsyncOS version - 5.5.1

Thank you.

Labels:
0 Helpful
1 Reply 1

Douglas Hardison
Cisco Employee
Cisco Employee

‎09-03-2008 09:11 PM

Any filter with an action of 'quarantine' will end up in one of the Policy quarantines.

If your C-Series are configured to send spam quarantined messages to the M-Series, you can configure your filter action to add a header that indicates the message is to be quarantined.

So, for your Russian spam filter:
For the Action, Add header with Header name 'X-Ironport-Quarantine'. The header value can be anything, for instance 'True'

This header directs the IronPort to quarantine the message.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents