FAQ - CAS

Help - CAS FAQ - CAS
1

List of FAQs

  1. How does CAS work? Here
  2. Why doesn’t CAS work like other antispam software? Here
  3. Does CAS support an alternative to the ‘challenge response’ policy? Here
  4. Email clients. Which does CAS support? Here
  5. Email accounts/services. Which does CAS support? Here
  6. Email account settings. How do I set these if CAS won’t import from my email client? Here
  7. Bugs and design flaws. Are there any work arounds? Here
  8. Challenge/response email message (ASA). Can you edit it? Here
  9. Reinstallation. Can you completely reinstall CAS w/o lsing authentication lists? Here
  10. Whitelists. How to create or add to them using email client information. Here
  11. Technical requirements & conflicts update. Here
  12. What are distribution lists in CAS and how do you use them? Here
2

CAS is a ‘default deny’ anti-spam system.

CAS compares all incoming emails with whitelists - ‘allow-lists’ - you create or import. Emails whose senders are not whitelisted are placed in a quarantine database. What happens then depends on the CAS policy you choose. If you choose:

  • Challenge-response. CAS sends a challenge email to the sender of the original email. This challenge email asks them to perform a simple 5 second task (typing in a supplied passcode) to prove that they are not a machine.
    [li] Assisted manual filtering. CAS does not send a challenge email. Instead it pops up the quarantine database for you to check. The database can be popped up when each email arrives in quarantine or at regular intervals.

The ‘assisted manual filtering’ policy is not obvious in version 2.6 of CAS. For details on how to set this up please see the relevant FAQ.

CAS supports blacklists, but these are secondary. Emails from blacklisted senders or IPs can be deleted immediately, or sent challenge emails.

More details are provided in the CAS help file.

3

The short answer is that Comodo’s philosophy is that security systems, to be effective should be default-deny.

This means that anti-spam software should assume that emails are spam unless proven otherwise. It also means that any mails whose status is uncertain should be kept out of the email client entirely. This is how CAS works. CAS assumes that emails are spam unless senders are whitelisted, manually approved, or are willing to undertake a simple task to ensure they are not machines. Email that has not yet been proven to be genuine is kept in a separate quarantine database.

The longer answer is that CAS’s approach has four advantages over most anti-spam systems:

  • 100% (or so nearly 100% as makes no difference) spam exclusion
  • spam mails are kept out of email client inboxes entirely both because quarantined mails are kept in a separate database, and because of 100% exclusion
  • CAS is capable of fully automated operation. Most antispam systems require you to regularly review a folder full of probable spam.
  • it avoids the high costs (whether financial costs or community effort) of maintaining accurate public blacklists, or effective spam filtering rules.

These are substantial advantages, but the technique used to allow people to prove they are not spammers - sending a challenge email which asks senders to type in a supplied passcode - has disadvantages, too. These are discussed here.

Accordingly I understand that Comodo is considering how to mitigate these disadvantages, and whether CAS needs to offer other policies in future. (I am not a Comodo member of staff so I cannot make any committments in this regard).

4

Yes, there is support for a policy I like to call ‘assisted manual filtering’.

In this policy CAS passes though whitelisted emails, and digitally signed emails, but quarantines everything else. You are alterted to new quarantined emails, and can choose what to do with them - approve them, block them etc.

Here’s how to implement it.

  • In the policy section choose ‘only allow digitally signed emails’. This is mis-named - in fact both digitally signed and whitelisted emails will be let through.
  • Now choose how you want CAS to keep you informed about quarantined emails. EITHER, in the quarantine database section ask CAS to ‘pop up’ the quarantine database every day or so - use the ‘display reminder’ drop down menu to do this. AND/OR on the advanced/miscellaneous tab ask CAS to ‘pop up the quarantine database when new entries are added’.
  • Then choose what you want CAS to do with emails from senders you have said you want to block (ie blacklist). Select the account you want to choose this for on the Quarantine database tab. Then, confusingly, navigate to the Authentication database tab and choose the ‘blocked messages action’. If you receive a significant number of spams and don’t think you are likely to make blacklisting mistakes, it’s wise to choose ‘Delete’ as deletion is done without popping up the database. Note that deletion is immediate, silent and irrevocable as far as I can determine.
  • Optionally, in the authentication database section, choose to ‘automatically add the sender of digitally signed emails to the account whitelist’ and ‘automatically add recipients of outgoing emails to the account whitelist’. Make these choices for each email account. Adding these addresses automatically is normally a good idea as it reduces the number of emails you will have to make quarantine decisions on.
5

CAS email client support is summarised below. Please do PM me if you think any of the information below is incorrect, as I have not been able to check all these facilities myself.

1. Fully supported clients.

All CAS features, INCLUDING creating whitelists from contact lists and importing emails account details, are implemented.

  • Outlook [I have personally tested]
  • Outlook express [I have personally tested, NB Windows Messenger contacts are not imported]
  • Opera
  • Eudora
  • Netscape

Note that in many, possiby all, cases you must import email accounts from the client before you import related contacts.

2. Partially supported clients.

The following are supported for all CAS features EXCEPT creating whitelists from contact lists.

  • Thunderbird [I have personally tested]
  • Windows Live Mail [I have personally tested]

So email account import IS supported. However there appear to be 2 bugs in the Thunderbird import process 1) The user name is imported without any appended domain information 2) SMTP authentication information is not imported, so this needs to be entered manually by unticking ‘use same settings as POP3 server’ and entering the relevant username and password. The password information appears not to be stored but is.

All CAS features EXCEPT automatically creating whitelists from contact lists AND importing emails account details, are implemented for:

  • all other POP3/SMTP email clients (that’s pretty much all email clients)

I personally have tested only Incredimail (NB Many people like it, but the Incredimail client is flagged by CIS as possible malware).

You can find guidance on how to set up email accounts manually and create whitelists from email client files here & here.

3. Unsupported clients.

  • all emails clients which cannot use POP3/SMTP protocols, eg MS Exchange server based clients, IMAP-only clients. There are very few of these.
6

CAS does not import email account settings from all email clients. So you have to set these manually in the email accounts section of CAS

For most email accounts:
This is really simple. Simply create an account in CAS for each email account in your client. Copy the email account settings in your email client. The email account name box is filled in by CAS from the information you enter, and the POP3 password is captured by CAS (presumably for security reasons) from your client after the first emails are sent or received. If your email server requires SMTP authentication using the same settings as the POP3 server, and the standard setting on CAS for this gives problems, it is worth trying unticking the ‘Use same settings’ tick box, and entering the POP3 authentication information (username and password) again in the SMTP authentication section.

For SSL accounts (like Gmail):
First you need to set the port settings in the email client as follows:
POP3 port=995 NOT encrypted
SMTP port=465 or 587 NOT encrypted

Then set the port settings on the advanced tab of each SSL account in CAS as follows:
POP3 port=995 YES encrypted
SMTP port=465 or 587 YES encrypted (You must choose the same port number as you chose in the client)

Please note:
(1) The email client may try to second guess you, so if you change the default ports in your client double check after you have saved the account that it has not altered the port settings back to the defaults!
(2) It can take 2-3 send receive for emails to go through the quarantine approval process
(3) If you have 2 SSL accounts they must be set to different SMTP & POP3 ports. So, for SMTP one account must be set to 465 in both client and CAS, the other account to 587 in both client and CAS. Check with your mail service provider regarding an alternative port for POP3 SSL - regrettably there may be no alternative to 995, limiting you to one POP3 (incoming) SSL account.
(4) There is a bug in CAS’s support for SMTP authentication. CAS works with some sites which request this, but not others. CAS is known not to work with gmx.com, hotmail.com, live.com.

7

The current version of CAS (2.6) is a bit buggy and has some design flaws. However if you use the work-arounds below, you should find that CAS works reasonably well. If any of these fixes don’t work, please do tell me so I can investigate and correct this FAQ. (The developers are currently working on fixing the problems for the CAS 2.7 release).

1. To avoid your friends being sent challenge emails
Install CAS with spam filtering disabled. When you run CAS for the first time set up the policy I describe as ‘assisted manual filtering’ in the relevant FAQ. Then ensure all your closest relatives and friends are on your white or authentication list(s) before enabling the challenge-response mode.

  • One way to check you have included everyone is to sort and group your sent items list in your email client by the from address.
  • Another which requires a bit more technical knowledge is to export all the email accounts in your sent items list as a .CSV file – CAS will de-duplicate it for you. Guidance here.

2. To increase the reliability of CAS - to prevent CAS/email client crashes

  • Preferrably don’t set your computer to use standby or suspend mode. If you do don’t set your Outlook client to send/receive automatically. This is especially important if you have SSL accounts like Gmail. (N.B. if you switch off automated send/receive in your email client, becuase of the way CAS works, you may have to press send receive 2-3 times to download emails.)
  • If you need to set your computer to send/receive automatically, make the frequency of send receives 15 minutes or more
  • Don’t import email accounts into CAS if you don’t receive any spam via the accounts, especially if the accounts are SSL accounts.

3. If the CAS icon does not appear in the task bar
If CAS will not display its user interface when you try to open it from start/all programs

  • If you are running Comodo EASYVPN try this fix here. Else try this fix here.

If CAS will display its user interface

4. If CAS does not import all your Outlook contacts’ emails
The CAS import facility only imports one email address per contact. Instead of using the Outlook import facility, export the email accounts from your contact book to a .csv file, and import this instead. Detailed guidance here.

5. If you find blocking entries is slow
Turn off spam reporting on the Advanced/Miscellaneous section

6. If its taking time for approved emails to get through
Be patient! CAS takes 2-3 send/receives to process and pass through emails

7. If spam mails with your address as the ‘from’ address are being passed through
Remove your name from the relevant email account’s authentication list. Make sure you have not set up other software (eg routers, firewall monitors, backup software) to send email ‘from’ your email address ‘to’ your email address. (You can normally change these to use a fake address as their ‘from’ address eg myrouter[at]validdomain.com).

8. If spam mails with no sender’s address are being passed through. Export the authentication database relating to the relevant account to a .bwl file using the process described here in the re-installation FAQ. (But do not re-install CAS!). Edit this file using a text editor such as notepad or wordpad. Add the following string, without the inverted commas as the first line of the authentication database ‘:2:0’. Save the file, then import it into CAS as described in the re-installation FAQ. CAS should register one new entry imported. Subsequently emails with a blank address will be trapped in quarantine with a status of pending and can be manually deleted. Unfortunately Outlook read receipts will also be trapped. (NB This work around has only been tested for a short period).

9. If you have problems with SSL accounts like Gmail
Either set up the accounts manually guided by the relevant FAQ. Or delete and re-import the accounts, making sure you say ‘yes’ when asked whether CAS should adjust your client’s account settings.

10. If you are receiving duplicate copies of emails
If your email accounts are set to ‘keep copies of downloaded emails on the server’ when you install CAS it downloads the copies kept on the server. (This is because the server sees CAS as a new email client). It’s probably best just to ignore this if it only happens on installation. If it continues to happen after installation it can be resolved by setting your email accounts not to keep copies on the server. (‘Keeping copies’ is a server setting for Gmail, and an email client plus CAS setting in most other cases). Or, if you are using a power-saving suspend/standby mode, turning off automated sends/receives. If you don’t mind installing extra software a workaround that addresses this problem at its root is to install processtamer from here, and set it to upgrade the priority of c:\program files\comodo\antispam\casproc.exe to ‘normal’ or ‘8’ immediately it runs. The other workarounds for this bug are then not necessary.

11. If emails in your quaratine database are passed to your email client without you asking.
Either turn off your computer’s ability to go into standby/hibernation mode. Undesirable from a climate change perspective!). Or turn off automated send/receive in your email client and ensure that you don’t press send/receive for 5 minutes after the computer has emerged from standby or hibernation.

12. If you are receiving too many delivery/faillure reports relating to CAS challenge/response emails
Since you know the content of the original email these messages can be reliably processed into a separate folder if your email client supports email processing rules. In Outlook 2003 the following rule works well:
Apply this rule after the message arrives
With ‘delivery filed’ or ‘undeliverable email’ or ‘delivery failure’ or ‘returned mail’ or ‘delivery status notification (failure)’ or ‘email error’ or ‘failure notice’ or ‘returned email’ or ‘Delivery Notification: Delivery has failed’.
And with antispam passcode in the body
And on this machine only
Move it to the Delivery/failure receipts folder

8

Sorry you cannot edit the challenge response email message in CAS version 2.6. It looks like you can, but actually you cannot. Not even by editing the .mht file that seems to hold the message text. (The message is compiled into the .exe file).

You can edit the challenge response email message in in CAS 2.7, which is in BETA as I write this post -13/12/09. However there is still some text which you cannot edit. I hope the limits will be removed before issue.

9

To completely re-install CAS (and revert to default settings) but retain access to your whitelists or authentication lists:

  • In the authentication database section choose the account you want to export from, then choose ‘export’. In the export dialog box choose to export as a ‘whitelist’. (Despite its name this exports the whole authentication list, including blocked senders). Export to a directory which will be unaffected by the uninstallation of CAS (eg the desktop). Do this for all accounts which have an authentication list, naming the exported lists (which will have a .bwl extension) according to the email account the come from

  • Close all email clients, the unistall CAS, choosing to delete all user settings when asked. Reboot, then re-install CAS, reboot again.

  • In the authentication database section of CAS choose to ‘import’, choose which email account’s authentication list to import too, and then on the import dialog box choose to import ‘White/BLack list from file’ and select the appropriate file for the account. Remember to press the ‘import’ button on the dialog box. Repeat this for each email account. Then press the OK button on the diaog box.

That’s it!

10

If CAS cannot import contacts from your email client, or if you want to build a more comprehensive white list from email information than CAS manages, try the following:

Low tech approach
Sort and group your sent items list in your email client by the ‘from’ address. Then add missing addresses manually to CAS’s authentication database

More automated approach
If you wish you can import email addresses from a comma-separated values (.CSV) file.

The exact steps you need will vary from email client to email client. I will show you how to do this using Office Outlook 2003 as an example. Note that CAS will append the file you import to your existing whitelist(s), and will de-duplicate the merged lists for you.

  • Select the folder in Outlook you wish to export email addresses from. This might be your contacts file, or your sent items file.
  • Go to the file menu and select ‘Import and Export’ then, when the wizard appears: ‘Export to a file’
  • Following the Wizard, choose the format to export to. In Outlook choose ‘Comma separated files (Windows)’. (In other email clients you may have to experiment - if you choose too primitive a format you may not be offered all the choices described below). Then confirm the folder to export from (which you chose at the first step). Then choose the name and location of the Output file, which can be anything you like so long as the name ends in .CSV
  • The wizard then says ‘The following actions will be performed’, but allows one further option - the ability to choose the fields to be exported. Choose this option by ticking the tick box beside the action to be performed, and then clicking on the ‘Map Custom Fields’ button. If you are exporting from your contacts folder, choose to map Email Address 1, Email Address 2 and Email Address 3 to export fields with the same names, and map nothing else. If you are exporting from your Sent Items folder choose to export ‘To: (Address)’ to an export field with the same name, and map nothing else.
  • Click Finish, export will then begin
  • Then import the .csv file you have created into all relevant email account whitelists in CAS, following the guidance in the help file. NB remember to specify the accounts into which the list should be imported, and to press the ‘Import’ button, on the import dialog. Pressing the OK button will not import the file!
11

CAS email account support is summarised below. Please do PM me if you think any of the information below is incorrect, as I have not been able to check all these facilities myself.

All POP3/SMTP email accounts/services are supported apart from a few (gmx.com, hotmail.com, live.com and possibly some Verizon services) that say they require SMTP authentication. Most services that say they need SMTP authentication work fine (including mine) so do try yours!.

Email accounts/services which do not use POP3/SMTP protocols are not supported eg (MS Exchange server based accounts, IMAP-based accounts). There are usually POP3/SMTP alternatives to such services if you wish to use CAS.

12

Technical requirements
CAS has been tested on Windows XP and 2000. People are also running it on Windows Vista and Windows Seven .

Other requirements are not demanding:

  • Processor: Pentium 100 MHz or higher
  • System Memory: 32 MB RAM
  • System RAM: 32 MB RAM
  • Hard Drive Space: 21 MB of free hard drive space
  • Browser: Internet Explorer 6.0 or above

Conflicts
CAS can conflict with a few antispam products and antivirus products that intercept email. Products known to conflict with CAS are:

  • Some Panda security products
  • Symantec/Norton CORPORATE antivirus. (Can be resolved by turning off the email autoprotection scanner).
  • Comodo EasyVPN and Trusteer Rapport at least when running under XP. Work arounds here and here.

There are contradictory reports of conflicts with some other security software (eg other Norton/Symantec products, Avast). Some people find a conflict, some don’t with apparently the same product. Which may mean its really a different problem. One approach to resolving such conflicts is to try disabling a) any antispam module or software b) any email scanning software and rebooting. NB Real time file scanning should pick up virus files anyway - See Comodo Internet Security Board for endless discussion re whether email AV scanning is of significant value, and make up your own mind!

13

The installation program makes a big deal of distribution lists aka ‘reflectors’.

The feature allows you to block/allow distribution list addresses (eg Google Groups). Each distribution list email address becomes a single authentication database entry, and emails from all subscribing members are thereby allowed. It was specifically developed to assist with the authentication of electronic mailing lists including ‘reflectors’ as explained here.

To use this feature, select the email account that is subscribed to the distribution list, choose to add an authentication database entry, and make it of type distribution list. Now enter the distribution list address (eg london-bus-scene@googlegroups.com) not the member’s email address. You should find this in the ‘from’ or ‘sender’ box of any email sent from the distribution list. (In Outlook 2003 the from box says: ‘london-bus-scene[at]googlegroups.com on behalf of fred[at]bloggs.co.uk’ - it’s the first of these email addresses you need - please see the appended example). Then save the authentication database entry. That’s it!

[attachment deleted by admin]