The ASAV Gateway is an anti-spam and anti-virus solution implemented at network level by the ITSC for CUHK Webmail (Mailserv) users. With the University mail system switching from CUHK Webmail (Mailserv) to Office 365 Mail, Exchange Online Protection (EOP) has been in pilot run together with ASAV in protecting user emails from viruses and spam attack. Effective from 13 Dec 2017, EOP will be fully deployed and ASAV Gateway will be retired from protecting email service.
Below are the ASAV Gateway functions.
How Does the ASAV Gateway Identify Spam?
- Sender-based Reputation Filtering - By IP Addresses
Sender-based reputation filtering identifies spam based on the connecting IP address. It can block spam as soon as it reaches the Gateway. This increases the effectiveness of second layer content-based filtering. Sender-based reputation filtering can also protect mail systems from the attack of viruses and "hit and run" spam attacks that create sudden and unexpected spikes in message volume. (Refer to 10. References)
- Content-based Filtering - By Ironport Anti-Spam
Content-based filtering of the ASAV Gateway is performed by Ironport Anti-Spam. It uses heuristics filters, URL filters, signature filters, header filters and many more types of filters to determine if an-email is a spam. (Refer to 10. References)
How Does the ASAV Gateway Dispose of Spam?
- Positive Spam
Emails identified by sender-based reputation filtering as spam are classified as positive spam. When a positive spam is identified, either the connection between the sending computer and the gateway will be disconnected or an error message will send to the sending computer. In both cases, the gateway will not accept the emails.
- Suspected Spam
Emails that identified as spam by content-based filtering are classified as suspected spam. Suspected spam will be moved to a quarantine server from which their recipients can retrieve and choose to release or delete.
How to Access Suspected Spam in Quarantine Server?
Users may view the suspected spam in the quarantine server and choose to delete them or release them.
- Daily Digest of Quarantined Emails
- Access to Spam Quarantine Server
- Disposal of Suspected Spam
Suspected spam can be viewed and then selected to be deleted or released as shown in Diagram D below.
If a suspected spam is released, it will be routed through the Gateway again for virus scanning. All suspected spam in quarantine server will be deleted after 21 days.
How Does the ASAV Gateway Detect Email Viruses?
How Does the ASAV Gateway Dispose of Email Viruses?
Where to Report False Positives and False Negatives?
False positives are e-mails that are wrongly identified as spam while false negatives are spam that are regarded as normal e-mails. Users can submit information including e-mail header of the false positives or the false negatives to ITSC through the ITSC Service Desk.
E-mails released by users from the quarantine server are not automatically reported as false positives.