BLOCKING EMBEDDED GIF ???

Report Inappropriate Content · ‎12-06-2006

Hi All, F-60 : we are inundated with spam which carries embedded GIF images. This of course negates use of word filters to block. Although they can be succesfully blocked by including GIF in the FileBlock option this also blocks substantial valid mail. Also blocking by IP and URLs is possible but simply never ending and impractical as they' re ever-changing. I have raised this twice with Fortinet on the support page with two separate tickets and thay have no real solution. If anyone has experienced similar problems a solution will be most welcome. Tks, John

Report Inappropriate Content · ‎12-15-2006

John, I to have this exact issue not only on my Corporate firewall, but on dozens of client firewalls. THe only answer I can get from Fortinet Support is a new SPAM engine will be release mid 2007 that will adress the issue. I to have blocked GIF and that blockes to many emails, supports only offer of help was to maintain the black list and banned words list int he firewalls. No real solution. So I am still looking for a solution as well. Chris

Report Inappropriate Content · ‎12-22-2006

I found most of the gif file name is ten char. Therefore, I try to set the following File Pattern ??????????.GIF It seems okay

simport · ‎01-03-2007

I tried your trick, ??????????.gif and it works ! Even if not all gifspams are blocked, it helps a lot. ...But... I have one specific customer which uses gifs in his emails (a web designer...) and they are blocked. I added his address in the antispam whitelist, expecting they would be released...but they are still blocked. I think the antivirus pattern list is in 1st priority, before the antispam whitelist. Does anyone have idea to bypass this blocking rule for this email address? Thanks, JF

Simport Fortigate-200A 3.00-b0564

Report Inappropriate Content · ‎02-14-2007

Firstly, we should understand file pattern " *.gif" is not equal to " ??????????.gif" In your case I have the following idea 1) To Confirm the filename (gifs) which your customer is using (e.g. abcde12345.gif) 2) To Add the filename (e.g. abcde12345.gif) in the AntiVirs->File Pattern but set the action = ' Allow' Pls try and let me know result

Report Inappropriate Content · ‎01-02-2007

Hi all, I optimized the spam recognition by the banned Word list. I added:

<BODY bgColor=#ffffff> 	 Wildcard 	Western 	Body

Most mailclients define the Background color by a stylesheet, put the color in quotes(" ffffff" ), or use a lot more Parameters in this line. 0 False Positive yet.

Report Inappropriate Content · ‎01-03-2007

It didnt work to me I have tried <BODY bgColor=#ffffff> (wildcard body) " <BODY bgColor=#ffffff>" (wildcard body) (?i)\<BODY bgColor\=\#ffffff\> (regex body) all scored to 50 and the firewall profile set set as following set smtp scan block quarantine fragmail spamipbwl spamrbl spamemailbwl spamhdrcheck bannedword splice Any idea?

Report Inappropriate Content · ‎01-04-2007

The Antispam seems to ignore the Banned Word list in some cases. Today i recived this Mail, which sould be tagged by the BWL.

 ....
 <STYLE></STYLE>
 </HEAD>
 <BODY bgColor=#ffffff>
 <DIV><FONT face=Arial size=2><IMG alt=" "  hspace=0 
 src=" cid:000801c72f95$705c53c0$00000000@T1000"  align=baseline 
 border=0></FONT></DIV>
 <DIV><FONT face=Arial size=2>Artists subscribe feedsee available feeds learn. 
 ....

Report Inappropriate Content · ‎01-04-2007

How do you set the ??????????.gif value in FilePattern? When I try to enter the value in a ssh session i get this error:

 (filepattern)# edit " 
 token line: Unmatched double quote.

and if I use the web GUI I cannot set the blocking to smtp only

simport · ‎01-04-2007

To block for SMTP only, I created a protection profile specifically for smtp service and a banned word list only for this specific profile. So the gifs in web pages (or other services) aren' t blocked. JF

Simport Fortigate-200A 3.00-b0564