Test EOP anti-spam
#Product affected / related
Exchange Online Protection, Antispam filter in general
#What's GTUBE
The GTUBE ("Generic Test for Unsolicited Bulk Email") is a 68-byte test string used to test anti-spam systems, in particular those based on SpamAssassin. In SpamAssassin, it carries an antispam score of 1000 by default, which would be sufficient to trigger any installation.
The contents of the string are as follows:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
and should be placed in the message body of an RFC 5322 compliant email message, without any linebreaks or whitespaces.
There exist some varieties, notably the NAItube (which will carry a variable weight) and the GTphish (which will trigger specifically as a phishing mail), which are used in the McAfee implementation of SpamAssassin.
#Solution
To test Exchange Online Protection to detects spam messages, you can send a so-called GTUBE message to one of your recipients. The GTUBE message works in similar way that the EICAR antivirus test file does. However, instead of adding a malicious attachment, the message body contains a specific string "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.3 4X" which should always trigger the anti-spam engine to mark the message as spam. To test the anti-spam engine, send a message to a recipient in your domain and include the string below in the body of the message. Note that there should not be anything else in the body and that the string must be on a single line, without any spaces, or other. You don't need to create a rule to catch this message. Exchange Online Protection will automatically detect it as spam
funziona! grazie!
RispondiElimina