public:emai:malware

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
public:emai:malware [2021-11-19 09:22]
vesely [Monitoring and filtering agenda]
public:emai:malware [2022-01-17 11:28]
vesely
Line 261: Line 261:
 ===== Deepheader analysis ===== ===== Deepheader analysis =====
  
-//Added subject tag: [Suspicious] [Header analysis]//+//Added subject tag: [Suspicious - header analysis]// 
 + 
 +//Added warning text: "Deepheader analysis examines header for spam characteristics. Don't click any link unless you are certain it's legitimate.////"//
  
 <font inherit/inherit;;#c0392b;;inherit>Tool to examine message header (displays human-readable content):</font>[[https://mha.azurewebsites.net/|https://mha.azurewebsites.net/]] <font inherit/inherit;;#c0392b;;inherit>Tool to examine message header (displays human-readable content):</font>[[https://mha.azurewebsites.net/|https://mha.azurewebsites.net/]]
Line 267: Line 269:
 Deepheader analysis examines the entire message header for spam characteristics. Deepheader analysis examines the entire message header for spam characteristics.
  
-Basically an email has two parts. The body (information sent to recipient) and the header containing metadata (like "from", "to", content type, date of delivery, message forwarding path, signatures of mailservers, certificates, system-gegerated informations like spam level, processing info etc.).+More specifally - the deep header scan examines each message and **calculate a __confidence value__  based on the results of the decision-tree analysis**.The higher the calculated confidence valuethe more likely the message is really spam.
  
-Recipient can learn a lot about the email history and nature by examining message header. +There may be sometimes very subtle difference in the specific email, which triggers the confidence value. As a best practice it is always better to have an information that certain email may be problematicbecause attackers today are able to mimick messages that are almost indistinguishable from the original messages! **So check twice such messages before you click link in it or open an attachment**.
- +
-More specifally - the deep header scan examines each message and calculate a confidence value based on the results of the decision-tree analysis.The higher the calculated confidence value, the more likely the message is really spam.+
  
 Line //X-FEAS-DEEPHEADER://  is added to the message header that includes the message’s calculated confidence value. Line //X-FEAS-DEEPHEADER://  is added to the message header that includes the message’s calculated confidence value.
 +
 +Basically an email has two parts. The body (information sent to recipient) and the header containing metadata (like "from", "to", content type, date of delivery, message forwarding path, signatures of mailservers, certificates, system-gegerated informations like spam level, processing info etc.).
 +
 +Recipient can learn a lot about the email history and nature by examining message header.
  
  
  • /var/www/html/dokuwiki/data/pages/public/emai/malware.txt
  • Last modified: 2022-01-17 11:28
  • by vesely