Created on 07-20-2010 08:11 PM Edited on 05-26-2022 07:12 AM By Anonymous
Description
This article provides some background on AS Engine Scanning and the Antispam Rule Set.
Scope
FortiOS 4.0 and above
Solution
# config system fortiguard(fortiguard) # set antispam-score-threshold 100(fortiguard) # end
This configuration is a global setting and it cannot be set differently in each protection profile.
(nb: This parameter was removed in FortiOS 5.0.3)
The black listed IP addresses database is not saved by the FortiGate. The FortiGate will perform a real time query for the blacklisted IP addresses. The following command can be used to check the server list used by the FortiGate for the real time query:# diagnose spamfilter fortishield servers
The FortiGuard Antispam database can be checked to determine whether an IP address is blacklisted in the IP reputation database, or whether an email address or URL is listed in the signature database. The link to the FortiGuard Antispam database is http://www.fortiguardcenter.com/antispam/antispam.html
There are a number of ways to verify the result of AS Engine scanning:
1) Enable debug as follows:# diagnose debug application spamfilter 255# diagnose debug enable
2) In the mail header of scanned email the result can be seen in the X-ASE-REPORT field.
3) In spamfilter log. If the AS Engine detects email as SPAM it will log an "email is reported as spam by ASE" message in the log. In addition, the tracker ID identifies the reason for the detection.
Note: The attached article "KB_FGT_ASEscan_Japanese.pdf" is available in Japanese only.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.