As each rule is evaluated against the message, a score is generated reflecting how many rule criteria was found in the message.
When the rule process is complete, the score is added to the message total score.
If the total score meets or exceeds the set, the message is determined to be a spam.
When heuristic scanning is enabled in an antispam profile, two settings are provided to fine-tune the behavior.The first setting is applied to determine what is the score necessary to decide if an email is a spam.
The default value is appropriate for most environments, but can be adjusted if there are false positive, or down as necessary.
The second setting, the percentage of rules used, specifies the rule list to apply for each messages.The rule ordering is maintained by FortiGuard so the rules detect the most prevalent spam are at the top of the list, and rules for older, more obscure spam are lower.
This rule ordering will change every time as the FortiGuard service responds to the ever-changing spam landscape.
Heuristic rule processing is a fairly resource intensive process.
This setting can be used to strike a balance between performance and thoroughness.
To configure heuristic scan options:
1) When configuring an antispam profile, enable Heuristic in the antispam Profile.
2) Select the arrow to expand Heuristic.
3) Select the action profile of the FortiMail unit to use.
4) Enter the score which will consider an email as a spam. The default value is recommended.
5) In the percentage of rules used field, enter the percentage of the total number of heuristic rules to use.
6) Select create or OK to save the antispam profile.Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.