CISE Help & Resources

CISE Spam & Virus Scanning & Filtering

This document details the CISE Spam & Virus Filtering solution. Please send any questions or comments to

Scanning/Filtering/Blocking Details

When a message arrives at the CISE mail server, it is first checked for banned filename extensions. Certain filename extensions are prone to being misused to propagate virues, so CISE does not allow messages with these types of attachments to be sent or delivered by our mail servers.

Any file with the following extension will be bounced back to the sender:

Certain filenames are indicative of very nasty viruses, and due to the fact that most viruses now forge the From: and To: headers, meaning a bounce will likely go to a user who never sent the virus, the following filenames combined with the following extensions are *dropped* (not delivered, not bounced) by the CISE mail servers:

As of 3/2004, all CISE mail will be passed through a virus and spam filter, called Amavis. Amavis runs two checks against each message received, a check for spam using SpamAssassin and a check for viruses using ClamAV.

Any mail marked as a virus will be quarantined. For most viruses, the sender will not be informed due to the high number of forged To: and From: headers used by viruses. The recipient will be informed of the quarantine in a message from virusalert@cise.ufl.edu, which should get sorted into the user's virusalert IMAP folder.

Incoming mail marked as spam will be delivered to the user's spam folder by default.

Users that want mail marked as spam delivered to their INBOX should create an empty file in their home directory (/cise/homes/(username) on Unix or H:\ on Windows) called 

 .spamtoinbox

Users who have spam sorted into the spam folder should run through it periodically and make sure no legitimate mail has ended up there, which does happen very occasionally. You should also check your spam folder if you want to buy any viagra online.

Outgoing mail marked as spam will be bounced back to the sender to prevent any infected machine on the CISE network from using the CISE mail servers as spam hosts.

Customizing Spamassassin

Note: as of 3/2004, users will no longer be able to customize their spamassassin set by default, as it is now run once per message by our virus scanner instead of once per recipient as the recpient. Those that wish to do so can still run spamassassin using procmail and customize their setup as per this page. Users who wish to do this need to add the following 

:0fw
| spamassassin

to their $HOME/.procmailrc. The customizations listed below will then take effect.

Please note that while SpamAssassin is a good program, it isn't perfect. Some spam will get through, and some non-spam will get incorrectly flagged. You can make adjustments to SA's scoring methods and whitelist known addresses in the spamassassin config file.

Run the command 

man Mail::SpamAssassin::Conf

for information on how spamassassin is configured.

You can place directives like

 
whitelist_from
whitelist_from_rcvd

in the file

~/.spamassassin/user_prefs

Also, you can adjust the scores for each rule matched. Look at the

X-Spam-Status

field in the mail and see which tests match, then look at

/usr/local/share/spamassasin/50_scores.cf

You'll see lines like

score DATE_IN_FUTURE_48_96 2.197 2.197 1.599 1.305

You can place your own lines like this in ~/.spamassassin/user_prefs with your own scores. One of the four scores is used under different circumstances (see the man page above), but you can just make them all the same, e.g.

score DATE_IN_FUTURE_48_96 1.0 1.0 1.0 1.0

and that score will be used no matter what.

For more information, run

 
man spamassassin

on a Unix system for information on how the spamassassin executable is run and more related man pages.

POP3/SSL Users

POP3/SSL users should probably make sure mail is delivered to their INBOX, as the new POP3 server doesn't read any other folder.

About CISE

Academics

People

Research

News

Help & Resources

Info for Students

Info for Faculty & Staff

Industrial Advisory Board