Phishing filter setup
Phishing Filter Setup
This guide provides step-by-step instructions for enabling phishing analytics with URL analysis in the Lithium FAF (Firewall Advanced Filter). This enhanced feature allows for the execution of a custom script to detect and mitigate phishing URLs within SMS messages.
MGR Routing Setup
Configure the required rules within the MGR UI.
MOR Rule
Navigate to the Routing / Routing Rules / MOR section in the MGR menu. Verify if the MOR rule exists. If not, create a new one using the settings below:
| Setting | Value |
|---|---|
| Action | Route to MS |
MTOR Rule
Navigate to the Routing / Routing Rules / MTOR section in the MGR menu. Verify if the MTOR rule exists. If not, create a new one using the settings below:
| Setting | Value |
|---|---|
| Action | PASS |
EC Application
Navigate to the Routing / EC Applications section in the MGR menu. Verify if an existing EC application for FAF is present. If not, create a new one using the settings below:
| Setting | Value |
|---|---|
| Name | FAF-ECApp |
| User Identity | FAFuser |
| ECI password | FAFpassword |
| Modification Allowed | ✓ |
| Inc. User Data | ✓ |
Note: The user/password should match with /usr/TextPass/etc/common_config.txt
MTOX Rule
Navigate to the Routing / Routing Rules / MTOX section in the MGR menu. Verify if the MTOX rule for FAF exists. If not, create a new one using the settings below:
| Setting | Value |
|---|---|
| MessageType [cond] | 0 - Short Message |
| EC Application | FAF-ECApp |
MGR Filter Setup
Establish a FAF filter with external script conditions to identify Phishing URLs.
Create Filter
Navigate to the "Filters" screen within "Advanced Filters" in the MGR UI and create a new filter, use the following settings:
| Setting | Value |
|---|---|
| Append | <SPAM> |
Create Filter Condition
Navigate to the newly created filter and add a new filter condition using the settings below:
| Setting | Value |
|---|---|
| Type | Scripting |
| Script File Path | /usr/TextPass/etc/faf-scripts/phishing-filter/main.pl |