Description
This article describes about issue where a URL is blocked as SPAM despite being an allowed FortiGuard URL category.
Scope
For all versions of FortiMail.
Solution
There are two checks performed for a URL one with 'FortiGuard AntiSpam database' and the other with 'FortiGuard Webfilter database'.
For example the URI in the mail https://s3.amazonaws.com/assets.knak.io/custom-fonts/ProximaNova/ProximaNova.css was categorized as spam by FortiGuard AntiSpam.
Check the classification on FortiMail under Maintenance -> FortiGuard - > AntiSpam. Select Query type under FortiGuard Query as 'URI' and input the URI in the field and select 'Query'.
The first part is 'score=1,Spam'.
This is the result of a check against 'FortiGuard AntiSpam database', the result is spam hence messages with this link will be blocked by the FortiGuard AntiSpam check.
The second part is 'category=Information Technology(Id: 52)'.
This is the result from the 'FortiGuard Webfilter database', which is used for the URI filter check.
If the URL is not in the 'FortiGuard AntiSpam database' it will display a score of '0' and the respective URI category from the 'FortiGuard Webfilter database'.
Sample log for detection by 'FortiGuard AntiSpam database'
Antispam log type with the message as 'FortiGuard-AntiSpam identified spam URL: http://www.domainname.something'.
Sample log for detection by 'FortiGuard Webfilter database'.
Antispam log type with message as 'FortiGuard-WebFilter identified URL(category: Category name, id: <number>): https://www.domainname.something'
The recommended procedure to safelist an entry is through the FortiGuard portal using the below link:
To verify the rating of a URL from:
FortiGuard AntiSpam database AntiSPAM.
Fortiguard Webfilter database Web Filtering Service.
