Configuring real-time scan policy
To test the real-time scan policy, in this example, you will create an antispam profile configured to discard any reference to a banned word string. You will assign the antispam profile to a real-time scan policy. All emails matching the search criteria of the profile and policy will be discarded.
To configure the antispam profile:
- Go to View > Microsoft 365 View.
- Go to Profile > AntiSpam > AntiSpam and click New.
- Enter a Profile name and set Default action to an action profile set to Discard.
- Under Scan Configurations, enable Banned word and click Configuration.
- Click New, and enter a word or string you wish to ban.
- Click OK, then click Create.
By default, both the email's Subject header and Body will be searched.
To configure the real-time scan policy:
- Go to Policy > Real-time Scan > Policy and click New.
- Enable the policy, and define the Source, Sender, and Recipient information.
- Under Profiles, set AntiSpam to the banned-word profile you created earlier.
- Click Create.
- When created, select the policy from the policy table and click Move and move it Up to the top of the list.
For testing purposes, this policy is left to accept all sources and to all recipients registered to the Microsoft 365 account.
In cases that the FortiMail unit has multiple Microsoft 365 accounts registered, you could set the Recipient email domain (*@<domain>) to a specific domain, applying this real-time scan policy to only a specific Microsoft 365 account.
Any email meeting the banned word search criteria will be discarded, as specified in the profile.