Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mrl_sousa
Participant
Jump to solution

Block email with specific " text"

Good day,

 

I'm receiving emails with a specific text (ex. " dd/mm/yyyy - on this day I hacked your OS and got full access to your account aaa@bbbb.com  ,You can check it - I sent this message from your account. So, you can change the password, yes.. But my malware intercepts it every time.  Pay $900 in bitcoins....."  ).

Is there a way to block emails with a specific text using checkpoint ?

 

Regards

Mauro

 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
TP_Master
Employee
Employee

Hi Mauro,

You can leverage the threat indicators feature of AV & AB blades in order to block e-mails with specific text in subject. 

(details here: https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_ThreatPrevention_AdminGuide/...

look at the mail-subject indicator type).

 

If you use our MTA you could either block it yourself with postfix configuration like was suggested earlier OR you can join our Anti-Phishing pilot program. We do catch those e-mails you get. DM me if you want more details.

 

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
It's possibly something Anti-spam (if enabled) would catch, but if you want to configure to look for a specific keyword in inbound email, that's not currently possible.
If it's outbound email, you could potentially do it with DLP.
0 Kudos
Tal_Paz-Fridman
Employee
Employee

As PhoneBoy wrote you can use the Data Loss Prevention (DLP) blade or Content Awareness and use a Data Type of type Keywords:

 
0 Kudos
G_W_Albrecht
Legend Legend
Legend

If you define MTA on GW, you could use the postfix body_checks to achieve that.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
TP_Master
Employee
Employee

Hi Mauro,

You can leverage the threat indicators feature of AV & AB blades in order to block e-mails with specific text in subject. 

(details here: https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_ThreatPrevention_AdminGuide/...

look at the mail-subject indicator type).

 

If you use our MTA you could either block it yourself with postfix configuration like was suggested earlier OR you can join our Anti-Phishing pilot program. We do catch those e-mails you get. DM me if you want more details.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events