cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
447
Views
0
Helpful
2
Replies

Cisco ASA CSC SSM (Trend Micro) has too many false positives

Case72EST
Level 1
Level 1

Hello people. I allready asked this question in the Anandtech-forum, but I could still use an answer:

(..) I could really use some advice about the Trend Micro module. The spam filtering seems to have only 3 levels, but even when I set the used method to 'low' as opposed to 'medium' it still has too many false positives.

We don't have a Smartnet-contract yet and are now using the CSC SSM version 6.3.1172.0 release. Will spam filtering improve when using version 6.3.1172.3? Or do you have any other advice on how to get less false positives? All false positives are being blocked by pattern recognition (fyi).

(http://forums.anandtech.com/showthread.php?p=29950895)

Hopefully someone here can provide some advice.

2 Replies 2

Kureli Sankar
Cisco Employee
Cisco Employee

Certainly update it to 6.3.1173.3.pkg.  You can download it here: http://tools.cisco.com/squish/E56f81

Regarding too many false positive.  You need to follow the following procedure and submit the e-mail to Trend Micro so, they can look into it.

Here is the instruction on how to submit SPAM.

1. The spam emails should be saved as .MSG or .EML format
2. The spam sample should be the original mail, not forwarded mails since
forwarded mails do not contain the original
    mail contents and may contain customer related information that could
lead to False Positives.
3. Original spam mail can be obtained by the following steps below:
    > Create a folder
    > Drag all undetected spam samples to the created folder
    > Place the undetected spam samples in a zip file and password-protect
it using the word "novirus" without the quotes
    > Send the zip file

Here are the email addresses on where to send the samples:

Spam@support.trendmicro.com  - Undetected spam sample submission mailbox
False@support.trendmicro.com  - Legitimate mail tagged as spam submission
mailbox

Note:  Customers will not get a reply.

Please be informed that TrendMicro has a large collection of Honeypots for
collecting new and emerging spam threats. Once samples are received, they
are automatically sent to our automated spam processing team.

-KS

Hello kusankar,

Thx for the advice, but no can do.

The false positives e-mail is now deleted, since tagging it with a keyword would flood our users inboxes. The CSC SSModule has only 2 options: delete or tag, no method to save the mail. So submitting it to Trend Micro is impossible.

As far as downloading the new software goes: "We don't have a Smartnet-contract yet (..)"

Are you sure that upgrading the software will do some good?

Offcourse it's allways best to have the latest software, but to pay smartnet for a product that just isn't up to the task is wasted money. It would then be best to just get smartnet for just the Cisco ASA, leave out the module and find a different anti-spam solution.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: