Login
You are here » Software Products » GFi MailSecurity - Email anti-virus, anti-trojan » TechNotes » Mailflow MailSecurity 8 and MailEssentials 10 Register
 In which order are MailSecurity 8 and MailEssentials 10 processing emails?

Here is the order that is used to check emails by MailSecurity.

  1. Decompression Engine
  2. Virus Scanning Engines
  3. Trojan Scanner
  4. Email Exploit Detector
  5. HTML Script Removal
  6. Attachment Checking
  7. Content Checking

The Anti-Spam scanning in MailEssentials is split into multiple modules. Following is the order in which the Anti-Spam checks are done on inbound emails.

  1. Sender Policy Framework
      Check the SPF DNS record of the sender's domain
  2. Whitelist Module
      Check if the Mime From is in the Whitelist
      Check if the Mime To is in the Whitelist
      Check if the Mime From is in the AutoWhitelist
      Check Keyword Whitelist
  3. Directory Harvesting Module
      Check if recipient's email address exists in Acitve Directory
  4. Blacklist Module
      Check if the Mime From is in the BlackList
      Check if the Mime To is in the BlackList
  5. DNSBL Module
      Check if the ip addresses found in the message header is on the DNS Black List
  6. Bayesian Filter Module
      Bayesian Filter
  7. Header Checking Module
      Check if the Mime From is empty
      Check that the Character Set used in the message is allowed
      Check for numbers in the Mime From email address
      Check if the subject contains the first part of the email message (the part before the @ sign)
      Check if the email is addressed to more then the specified amount of recipients
      Check if the Mime From is a malformed email address
      Check if the email contains any remote images and less then 512 characters
      Verify that sender domain is valid by performing a DNS lookup on the domain part of the Mime From email address.
  8. Keyword Checking Module
      Subject keyword scanning
      Text body keyword scanning
      HTML body keyword scanning

MailSecurity Notes:

  1. This processing order cannot be changed.
  2. The Virus Scanning Engines, the Attachment Checking Rules and the Content Checking rules can have their priority changed
  3. When a MailSecurity plug-in quarantines an item and the item is approved by the administrator, the rest of the plug-ins will process the item. This could result in having the same item quarantined multiple times.

MailEssentials Notes:

  1. All the above options can be enabled or disabled from the MailEssentials configuration -> Anti-Spam node.
  2. Scanning stops as soon as a check flags the email as spam. That is, if (e.g.) “Check if the Mime From is empty” check flags an email as spam the rest of the checks are not performed on the email
  3. The order of the modules cannot be altered.

Sources: KBID001774, KBID002113
      

Copyright 2006 by Keysys Inc   Terms Of Use  Privacy Statement