Email Security Gateway How To's

How to submit SPAM, and false positive samples to EsvaLabs

11 views June 29, 2015 August 7, 2018 paolo 0

Introduction

At Esvalabs we study and research existing spam campaigns in real time, keeping focused even on emerging threats.

One of the most important activities Esvalabs does is to deeply analyze any feedback from live installations: we take it seriously and any missed spam or any false positive you submit to us, will be a plus for all customers thanks to our hourly live rules updates.

Spam and False Positives samples can be submitted to Esvalabs according to any of the following methods:

  • Directly from Libra ESVA Web Administration (preferred method)
  • With any email client as RFC-2822 attachments
  • With Esvalabs Outlook Add-in

Submit From Libra ESVA Web Administration (Preferred Method)

Connect to your Libra ESVA Appliance and login as administrator, next:

  1. Select Menù Reports
  2. Apply any eventually desidered filter
  3. Run Report Message Operation
  4. Select messages and hit action Submit as Spam or Submit as False Positive accordingly
Preferred method: by sending the message from ESVA, we’ll receive the original message along with your appliance analysis. This will greatly help us in handling the samples in time.

Submit From Mail Client

Microsoft Outlook

It is preferred that you install native Esvalabs Outlook 2010 Add-in as you will have two comfortable buttons in Outlook toolbar. The Add-in is compatible with Outlook 2010 & onwards versions.

Without the plugin installed proceed as follows:

  1. Create a new email message.
  2. Address it to : spam@libraesva.com or : not-spam@libraesva.com
  3. From your Inbox, select the spam email that you received (you must select the email, not the content).
  4. Drag and drop the selected item(s) into the new email. This will now be displayed as an empty email with the suspect email as an attachment.
  5. Send the email to Esvalabs at the address you selected above.

Mozilla Thunderbird

From Mozilla Thunderbird proceed as follows:

  1. Select the sample.
  2. From the toolbar choose Message > Forward as > Attachment.
  3. Address it to : spam@libraesva.com or : not-spam@libraesva.com
  4. Send the email

Lotus Notes

Esvalabs specialists cannot recommend a default method for attaching RFC-2822 messages, but the following options are available:

  1. Send the message direct to your Technical Support contact:
    – Create a new email message addressed to your support contact.
    – Open the spam message, select View > Show > Page Source.
    – Copy and paste the Page Source content into the new email.
  2. Use the free third party enhancement software, ‘Open-NTF’.
    This adds a menu option, ‘Forward MIME to RFC-2822’, to the Tools button. Use this to forward the email.

Other Email Client

It is preferred that you send samples as RFC-2822 attachments. Submitting in any other format can cause the loss of key message content, which may prevent Esvalabs from effectively analyzing the samples.

If your client has the option Forward as Attachment, use it!

  • Email spam samples to : spam@libraesva.com
  • Email false-positive spam samples to : not-spam@libraesva.com

Further Information

Samples sent to Esvalabs will be deeply analyzed and may reflect in general rules update. In any case:

  • You will not receive feedback for emails messages sent to these addresses.
  • Samples sent to Esvalabs will not necessarily be considered to be, or detected as, spam.
  • If you need more information or guidance, then please contact technical support.

Copy of this whitepaper can be downloaded here: https://docs.libraesva.com/download/whitepaper-esvalabs-interaction-pdf/

Was this helpful?