We are facing spam emails with only one image in the body.
I've tryed to use the Security-->Other-->File Signiture, uploading the sha1 of the image ... but sadly this is used only in antivirus profile ... and from the documentation:
"Because not all attachment files are virus carriers, FortiMail file signature check only supports the following file types: .7z, .bat, .cab, .dll, .doc, .docm, .dotm, exe, .gz, .hta, .inf, .jar, .js, .jse, .msi, .msp, pdf, .pif, .potm, .ppam, .ppsm, .ppt, .pptm, .pptx, .reg, .scr, .sldm, .swf, .tar, .vbe, .ws, .wsc, .wsf, .wsh, .xlam, .xls, .xlsm, .xlsx, .xltm, .Z, and .zip files."
No image supported and no way to add more file types :(
Any ideas?
I'm using a 300D with v6.0,build126,181026 (6.0.3 GA)
THX,
Luca
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Feel free to DM me for my email so you can send me a sample and it can be added to our DB however try upgrading to 6.0.5 as there are enhancements to the Image Spam detection for automated detection for such spams.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Feel free to DM me for my email so you can send me a sample and it can be added to our DB however try upgrading to 6.0.5 as there are enhancements to the Image Spam detection for automated detection for such spams.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Thx Carl!
I've PMed you a sample.
I'm going to ask a maintance window to upgrade.
Luca
Carl ... I've read both 6.0.4 and 6.0.5 release notes but found nothing regarding "Image Spam detection" ... can you point me to some doc please?
thx!
Luca
This was a change to an internals of the Image Spam detection engine but there are no customer facing changes so it is not documented in the release notes, however the modifications made may help with the detection of such image spams.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Same here.
There was a wave of "image-based" hoax with a body composed only by an image HTML tag.
Is the hash recognition/pattern matching the only way to block this kind of content?
If you have HTML tag you can try some matching pattern via regexp in dictionary profile
luca
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.