Cisco ASA CSC SSM (Trend Micro) has too many false positives
Hello people. I allready asked this question in the Anandtech-forum, but I could still use an answer:
(..) I could really use some advice about the Trend Micro module. The spam filtering seems to have only 3 levels, but even when I set the used method to 'low' as opposed to 'medium' it still has too many false positives.
We don't have a Smartnet-contract yet and are now using the CSC SSM version 6.3.1172.0 release. Will spam filtering improve when using version 6.3.1172.3? Or do you have any other advice on how to get less false positives? All false positives are being blocked by pattern recognition (fyi).
Regarding too many false positive. You need to follow the following procedure and submit the e-mail to Trend Micro so, they can look into it.
Here is the instruction on how to submit SPAM.
1. The spam emails should be saved as .MSG or .EML format 2. The spam sample should be the original mail, not forwarded mails since forwarded mails do not contain the original mail contents and may contain customer related information that could lead to False Positives. 3. Original spam mail can be obtained by the following steps below: > Create a folder > Drag all undetected spam samples to the created folder > Place the undetected spam samples in a zip file and password-protect it using the word "novirus" without the quotes > Send the zip file
Here are the email addresses on where to send the samples:
Please be informed that TrendMicro has a large collection of Honeypots for collecting new and emerging spam threats. Once samples are received, they are automatically sent to our automated spam processing team.
Re: Cisco ASA CSC SSM (Trend Micro) has too many false positives
Thx for the advice, but no can do.
The false positives e-mail is now deleted, since tagging it with a keyword would flood our users inboxes. The CSC SSModule has only 2 options: delete or tag, no method to save the mail. So submitting it to Trend Micro is impossible.
As far as downloading the new software goes: "We don't have a Smartnet-contract yet (..)"
Are you sure that upgrading the software will do some good?
Offcourse it's allways best to have the latest software, but to pay smartnet for a product that just isn't up to the task is wasted money. It would then be best to just get smartnet for just the Cisco ASA, leave out the module and find a different anti-spam solution.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...