Spam rule E-mail and Server Security 11



I tried to implement some custom rules and it doesn't seem to work maybe I'm doing something wrong.


Let's say:


I want to block the word or a word containing "gorzug" in the subject or in the body. So I put these 2 lines:


body GORZUG /gorzug/i
score GORZUG 5.0


I tried in fssc.cfg or in, restarted F-Secure Anti-Virus Server Daemon service and the result in always the same in the header of the mail:


X-Spam-Flag: NO
X-Spam-Status: NO, hits=0 required=5, database-version=[2015-09-07_01],
 tests=spam.BD_NON_SPAM=3,spam.[BDANTISPAM_EmlIsClean  Build: [Engines:, Stamp: 3], Multi: [Enabled, t: (0.003878,0.003867)], BW:
 [Enabled, t: (0.000015,0.000001)], RTDA: [Enabled, t: (0.305789), Hit: No,
 Details: v2.2.14; Id: 30agsf8.19utqbfkk.606g], total: 0(675)=1


I searched since this early morning and I'm lost.


Thanks for your help,




  • etomcat
    etomcat Posts: 1,319 Superuser


    > I tried in fssc.cfg or in

    I think both the web-based local GUI and the Policy Manager Console should have fields to configure the kind of filtering your request, so the use of command line editing is not advised?

    For example, in Policy Manager, Advanced View mode:

    F-Secure Anti-Virus for Microsoft Exchange / Settings / Transport Protection / Inbound Mail / Content Filtering / Disallowed Keywords in Message Subject and Disallowed Keywords in Message Text.

    There you will find which list the rules use and then you can edit those lists under:
    F-Secure Anti-Virus for Microsoft Exchange / Settings / General / Lists and Templates / Match Lists

    Furhermore, you can just submit e-mail samples to F-Secure Lab and then they can release spam detection database, so you don't need to manually tune your system:

    For undetected advertisement e-mails (spam): [email protected]
    For false alarm complaints in spam detection: [email protected]
    For dangerous "phishing" variants of spam: [email protected]

    Best Regards: Tamas Feher, Hungary.

  • Hi,


    Wonderful. Using your solution, I send two samples. Wait and see now.


    Thanks a lot,



This discussion has been closed.