IMSVA8.0介绍.ppt

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Cloud Pre-Filter and IP Filtering When IMSVA receives mail from the Cloud Pre-Filter, the SMTP client address is the IP-address of the Cloud Pre-Filter. All IP Filtering features (IP Profiler and Email Reputation) become unusable when using the Cloud Pre-Filter for incoming mail. The Cloud Pre-Filter has its own Email Reputation Service. IP Filtering can be disabled if IP Profiler is not used to detect violations in outgoing mail. Classification * * Pre-Filter Quarantine Classification * * All messages that must be quarantined get the following header: When IMSVA detects the presence of the X-IMHT-EXT header, it moves the message to the Cloud Pre-Filter Quarantine Area. The administrator and end users can access and process these messages as normal quarantined mail. Web Reputation check (“Worry-free click”) principles TMASE extracts URLs during the anti-spam scanning If the URL reputation is not cached, TMUFE contacts the Rating Service The Rating Service returns the Web Reputation Score IMSVA compares the Web Reputation Score with the Threshold Classification * * URL Rating sequence Classification * * GET /RT/Size/Encrypted Request HTTP/1.1 User-Agent: TMUFE ... HTTP/1.1 200 OK Server: Trend Micro ... Size/Encrypted Result Web Reputation Scanning Result Classification * * Smart Feedback TMASE may provide report the feedback about the detected URLs and scanning results to the Trend Micro Feedback Service after extracting the URLs from the message. Only suspicious messages generate feedback. The feedback helps to do the SPN self-tuning. The feedback includes the following data: Extracted URLs Source IP address HELO string General message properties: size, number of lines, number of HTML tags MD5 hash values of the message headers, body and attachments Calculated TMASE score Criteria (rule id) for triggering the feedback Classification * * Spoofing and Anti-spoofing Classification * * Anti-spo