This is an old revision of the document!


Anti-Spam & Anti-Virus Filters

In the last years the SPAM phenomenon (Unsolicited Bulk & Commercial E-mails) has grown exponentially. Today the SPAM is over the 50% of the total e-mail traffic. In order not to waste time discarding UCE and IBE e-mails, complex filters are required for the incoming e-mail traffic. SISSA has two filters for the incoming e-mails.

SafeMail

The first filter for the incoming e-mail is SafeMail, a commercial product of Spin (http://www.spin.it). This software is installed on the incoming e-mail gateway server. This machine is named hermes.sissa.it that is also the Mail Exchanger (MX) for the domain sissa.it. This filter is applied by default to all the incoming mail for the domains sissa.it, he.sissa.it, ma.sissa.it, ap.sissa.it and democritos.it.

This software use some RBLs (Real-time Spam Black Lists) to reject SPAM. When SafeMail consider an e-mail as a sure spam, the connection is rejected and it sends an error message to the sender. If it is a real person, he/she can take an action to send again the e-mail. See the page: http://www.spin.it/spam/spam_filters.php3#eng for information about Spin's anti-spam filters.

More information about Spin SafeMail are available at address http://www.spin.it/spam/#eng.

Real-time statistics about SafeMail filter are available on the web page (available only inside SISSA network): http://hermes.sissa.it/cgi-bin/spamstats


Barracuda Spam Firewall

The second filter is Barracuda Spam Firewall, a commercial appliance (special hardware with customized software), produced by BarracudaNetworks. This machine operate with several anti-spam filters (DNSBL filters, euristhics filters, bayesian database, etc.). At every incoming mail is assigned a spam score value. Higher values are feature of SPAM e-mails.

Only the e-mails tagged definitively as Spam (spam score over 9 points) are blocked by the Barracuda Spam Firewall.
The others –allowed or tagged as probably spam– are delivered to the final user.

The score may be negative o zero when the message is classified as not-spam. Values higher than 3.5 means that the mail is probably a SPAM message. The score should be used by an automatic procedure to separate the legitimate e-mails from the SPAM.
For more information and to manage your Spam level, please read:


Real-time statistics about Barracuda filtering are available on the web page: http://spam-stats.sissa.it/ (only internal).


SISSA mail servers use an antivirus to scan all incoming/outgoing e-mail messages. This includes scanning e-mail bodies and attachments against known virus signatures as well as blocking certain file types and names (file extensions). The software will also scan compressed attachements. However it should be stressed that nobody should rely on the mail server filtering for complete virus protection. The main purposes of filtering on the mail servers are to minimise the possibility of a serious outbreak of a particular virus, provide protection against new unrecognised viruses and act as a secondary mechanism for detecting infected systems. It is essential, therefore, that you continue to treat ALL e-mail attachments with caution.

Certain file types and extensions pose a significant risk to windows machines, as they are executable by default. Most viruses are spread through e-mail with one of these executable attachements. As such, SIS has decided to block the following extensions:

ExtensionGeneric description
batBatch Processing
chmHTML Help Compiled Help File
cmd1st Reader External Command Menu
comCommand / Common Object Module / DOS or CP/M Executable
exeExecutable File
hlpWindows Help File
htaHypertext Application
ins1st Reader Install Script / InstallShield Script
jsJavaScript Source Code
lnkWindows Shortcut File
mscMicrosoft Management Console Snap-in Control File
msiWindows Installer File
pifWindows Program Information File
regRegistry Data File
scrScript / Windows Screen Saver
sctWindows Script Component
shbWindows Shortcut into a Document
shsShell Scrap Object File
vbsVBScript Script File
wscWindows Script Component
wsfWindows Script File
wshWindows Script Host Settings File

This means you will not be allowed to send/receive any file whose filename has a banned extension. Where you have a genuine need to send a program as an attachment then you should enclose it in a .zip or .gz file before attaching it. Windows XP and Mac OS X have this functionality built in. Do not create a self-extracting zip file because that will result in an executable type of file that will also be blocked.

In order to properly receive a program file as an attachment, you will have to ask the sender to enclose the program in a .zip or .gz file before sending.

In both case, remember to DO NOT SET A PASSWORD TO THE ARCHIVE FILE, otherwise the e-mail will be BANNED again.

SISSA mail server will alert users when they receive an e-mail containing a banned content. Our server do NOT reply to external e-mail sender.

Blocked Notifications for Received E-mail

When our mail server finds banned content in an e-mail destined to your e-mail address, it will send you an e-mail similar to:

From: SISSA SISSA Barracuda Spam Firewall <postmaster@sissa.it>
To: your_username@sissa.it
Subject: BANNED FILE IN MAIL TO YOU (from <sender@example.com>) / 
         FILE BLOCCATO IN UNA MAIL DIRETTA A TE ( spedita da <sender@example.com>)

BANNED FILENAME ALERT

The SISSA Spam Firewall (charon.sissa.it) found an attached 
file 'filename' in an e-mail sent from <sender@example.com>.

Due to security reason, our system has been set to block this type of file.

For further information, visit:

http://sis.sissa.it/services/e-mail_service/antispam_filters#anti-virus_filters

-------------------------
  
AVVISO FILE BLOCCATO

L'anti-spam della SISSA (charon.sissa.it) ha trovato un file 'filename' 
allegato ad una mail inviata da <sender@example.com>.

Per motivi di sicurezza, il nostro sistema ha bloccato questo tipo di file.

Per ulteriori informazioni, visita:

http://sis.sissa.it/services/e-mail_service/antispam_filters#anti-virus_filters

Where:

  • your_username@sissa.it is your e-mail address.
  • sender@example.com is the e-mail address of the sender (may be empty in case of spam).
  • filename is the name (or only the extension ) of the banned file.
This website uses cookies for visitor traffic analysis. By using the website, you agree with storing the cookies on your computer.More information