Anti-Phishing protection

This section contains information about Anti-Phishing protection of messages and how to configure it.

About Anti-Phishing protection

Kaspersky Secure Mail Gateway filters out phishing threats and links to websites with malware from messages passing through the mail server. Phishing applies to messages with phishing web addresses, containing images or text that could trick users into disclosing confidential data to fraudsters.

The Anti-Phishing engine scans messages for phishing threats and links to websites with malware. The Anti-Phishing engine analyzes the message content (including the Subject header) and attached files.

Based on the Anti-Phishing scan results, the application assigns the message one of the Anti-Phishing scan statuses and adds a status tag at the beginning of the message subject (Subject field). You can configure the message status tag in the rule settings.

Depending on the status assigned, the application performs actions in accordance with the message processing rule settings. You can specify actions to be performed by the application on messages with a certain status. The default action taken by the application on messages is Skip, with messages delivered to users unchanged.

The Anti-Phishing engine is enabled by default. If required, you can disable the Anti-Phishing engine or disable Anti-Phishing scanning of messages for any rule.

About Anti-Phishing message scan status labels

Based on the Anti-Phishing scan results, the Anti-Phishing engine assigns one of the following status labels to the message:

• Clean (Not Phishing) – the message does not contain phishing URLs, images or text that could trick users into disclosing confidential data to fraudsters, or links to websites with malware.
• Phishing – the application has found the message to contain images or text that could trick users into disclosing confidential data to fraudsters.
• Malicious link – the application has found the message to contain links to websites with malware.
• Scan Error – message scanning returned an error.

Enabling and disabling Anti-Phishing protection of messages

To enable or disable Anti-Phishing protection of messages:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
2. In the Anti-Phishing section, do one of the following:
   • Flip on the toggle switch next to the name of the Anti-Phishing settings group to enable Anti-Phishing protection of messages.
   • Flip off the toggle switch next to the name of the Anti-Phishing settings group to disable Anti-Phishing protection of messages.

Enabling and disabling Anti-Phishing scanning of messages for a rule

You can enable or disable Anti-Phishing scanning of messages for one or several rules. Anti-Phishing scanning of messages is enabled by default.

Before enabling or disabling Anti-Phishing scanning of messages for a rule, make sure that Anti-Phishing engine of Kaspersky Secure Mail Gateway is enabled.

To enable or disable Anti-Phishing scanning of messages for a rule:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the name of the rule to open the rule for which you want to enable or disable Anti-Phishing scanning of messages.
3. Select the Anti-Phishing section.
4. Do one of the following:
   • Flip on the toggle switch next to the name of the Anti-Phishing settings group to enable Anti-Phishing scanning of messages for a rule.
   • Flip off the toggle switch next to the name of the Anti-Phishing settings group to disable Anti-Phishing scanning of messages for a rule.
5. Click the Apply button in the lower part of the workspace.

Configuring Anti-Phishing engine settings

To configure the Anti-Phishing engine settings:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
2. In the Anti-Phishing section, click any link to open the Anti-Phishing settings window.
3. Select one of the following options in the Use KSN drop-down list:
   • Yes — if you want to use KSN.
   • No — if you do not want to use KSN.
4. Select one of the following options in the Use heuristic Anti-Phishing drop-down list:
   • Yes — if you want to use Heuristic Anti-Phishing.
   • No — if you do not want to use Heuristic Anti-Phishing.
5. In the Maximum scanning time field, specify the maximum duration of Anti-Phishing scanning of a message in seconds.

   If Anti-Phishing scanning of a message does not finish within the time limit you specified, Kaspersky Secure Mail Gateway:

   • Stops scanning the message (Skip action).
   • Assigns Error (Scan error) status to the message.
   • Adds the ap-status="Error" label to the message subject.
   • Delivers the message to the recipient.
   • Adds the following entry to the /var/log/maillog event log:

     <scan date and time> <Kaspersky Secure Mail Gateway host name>: not clean: message-id=<message ID>: relay-ip=<IP address of message recipient's computer>: action="Skipped": rules=<rule ID>: size=<message size>: mail-from=<message sender's email address>: rcpt-to=<message recipient's email address>: av-status="Clean", ap-status="Error", as-status="Error", ma-status="NotScanned, disabled by settings", cf-status="NotScanned, disabled by settings">

6. Select one of the following options in the Use KSN drop-down list:
   • Yes — if you want to use KSN.
   • No — if you do not want to use KSN.
7. Click the Apply button.

Setting default values for Anti-Phishing engine settings

To set default values for Anti-Phishing engine settings:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
2. In the Anti-Phishing section, click any link to open the Anti-Phishing settings window.
3. In the lower part of the Anti-Phishing settings window, click the Set default values link.
4. Click the Apply button.

Configuring Anti-Phishing scan actions on messages

To configure the actions to be performed by Kaspersky Secure Mail Gateway on messages during Anti-Phishing scanning:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the link with the name of the rule to open the rule for which you want to configure actions on messages during Anti-Phishing scanning.
3. Select the Anti-Phishing section.
4. Flip on the toggle switch next to the name of the Anti-Phishing settings group if it is off.
5. In the If phishing threats or URLs of websites with malware are detected drop-down list, select one of the following actions to be performed on messages with phishing threats and messages containing links to web resources with malware:
   • Delete message.
   • Reject.
   • Skip.
6. Click the Apply button in the lower part of the workspace.

In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that Anti-Phishing scanning of messages is enabled for the rule and the rule for which you have configured settings is enabled.

Configuring tags added to message subjects after Anti-Phishing scanning

To configure tags that Kaspersky Secure Mail Gateway adds to the message subject after Anti-Phishing scanning:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the name of the rule to open the rule for which you want to configure tags added to message subjects after Anti-Phishing scanning.
3. Select the Anti-Phishing section.
4. Flip on the toggle switch next to the name of the Anti-Phishing settings group if it is off.
5. Add a tag to the Subject field of messages that contain phishing threats. To do so, perform the following:
   1. In the If phishing threats or URLs of websites with malware are detected settings group, click the link on the right of the Add the following text to the subject of a phishing message setting to open the Tag for messages with phishing threats window.
   2. In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages containing phishing threats. For example, you can add the Phishing tag.
   3. Click OK.

      The Tag for messages with phishing threats window closes.

6. Add a tag to the Subject field of messages containing links to web resources with malware. To do so, perform the following:
   1. In the If phishing threats or URLs of websites with malware are detected settings group, click the link on the right of the Add the following text to the subject of a message containing the URL of a website with malware setting to open the Tag for messages found to contain URLs of websites with malware window.
   2. In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages containing links to web resources with malware. For example, you can add the Malicious Link tag.
   3. Click OK.

      The Tag for messages found to contain URLs of websites with malware closes.

7. Click the Apply button in the lower part of the workspace.

In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that Anti-Phishing scanning of messages is enabled for the rule and the rule for which you have configured settings is enabled.