GWAVA (Secure Messaging Gateway)
Subject filters not catching spam with encoded subjects. How can messages with encoded subjects be blocked?
To help block spam that has an encoded subject, the following filter can be set up.
Keep in mind that this may block some valid messages, such as messages from social media sites. It is recommended to quarantine this filter, in case this happens. If there is a false positive then an exception (whitelist entry) can be made for the sender.
To create this filter do the following:
1) Login to SMG system admin UI and go to Organization / Policy management | Policy scan configuration | Inbound Mail Filter Policy (or the name of the policy that handles inbound mail)2) From the Filters tab, drag 'Message Text' to the deployment workbench below:3) Click on Message Text to rename it. Rename it to something such as 'Encoded Subject Filter'. This way it can easily be searched for and found in the Quarantine to find any false positives.5) Check the box for 'Look in Message Header' and add the following string:
Subject: =?UTF-8?B?6) Link this new filter node with the 'block' and 'quarantine' services by dragging the orange dot on the left side of the node to each service.7) Create a whitelist node, in case whitelist entries are needed later on. Do this by:a) Drag the yellow dot on the left side of the Encoded Subject Filter and let go in the white space. This will produce a list, under Templates choose 'email address'.b) Click on 'email address' to rename this exceptions node to something like 'Encoded Subject Whitelist'd) Check the box to 'Scan sender address'.f) Add email addresses that have an encoded subject here, to prevent them from getting blocked. If using a domain only, make sure to include the * wildcard in front, for example: *pinterest.com.
8) Save changes.
Now, messages with an encoded subject should get blocked. Make sure to watch for false positives in the quarantine and add them to that whitelist that was created.