Phone Lines icon GFI Support Home

Articles in this section

Determining why Bayesian Analysis blocked or allowed a message

Author: Luis Fernandes Updated

Overview

Bayesian Analysis is an anti-spam technique where a statistical probability index based on training from users is used to identify spam.

In this article, you will learn how to determine why the Bayesian Analysis engine blocked or allowed a message as part of the troubleshooting process.

 

Introduction

Bayesian Analysis is a powerful feature in MailEssentials that is part of the Anti-Spam Engine (ASE) chain. It is an anti-spam adaptive technique based on artificial intelligence algorithms, hardened to withstand the widest range of spamming techniques available today.

There will be scenarios where customers open support requests wanting to understand why the Bayesian Analysis filter blocked or allowed specific messages against their expectations. The next section outlines the troubleshooting process to determine the reason behind the actions taken by this filter.

 

Description

If you are questioning why an email was blocked or allowed by the Bayesian Analysis filter and would like more information, the best place to start the troubleshooting process is to examine the debug logs.
Follow the below procedure to find the log file and information regarding the email message under review, and thereafter use the examples provided to interpret and determine why the message was either blocked or allowed:
  1. Find the Message-ID of the email in question by either obtaining it from the headers of the message itself or by looking for it in the MailEssentials Dashboard > Logs > Details tab. Refer to this linked article for more information on Reading Email Headers to extract the Message-ID.
  2. Navigate to ..\GFI\MailEssentials\AntiSpam\DebugLogs and locate the log file for the Bayesian Analysis module. The debug log filename is ase_bayesian.gfi_log.txt
    • This is the debug log for the Bayesian Analysis Module and corresponds to the GFI MailEssentials > Anti-Spam > Anti-Spam Filters > Bayesian Analysis on the configuration UI.
  3. Open the debug log file in a text editor and search for the Message-ID obtained in step 1.
  4. Refer to the scenarios below to determine the reasons behind the action taken by the module. Pay close attention to the lines in bold to understand what happened and why.
The debug log file will indicate whether the Bayesian Analysis filter is enabled and any actions taken by the filter while scanning emails. If the module is disabled the log file will simply show:
Bayesian scanning disabled.  Returning 

Scenario 1: Email was allowed by the module

>> Process Message
Libspam token count: xxxxx
Calling LibSpamAtt to extract tokens
Bayesian Scan completed [HAM]
<< Process Message
Note: HAM refers to legitimate emails determined not to be SPAM.

 

Scenario 2: Email was blocked by the module

>> Process Message
Libspam token count: xxxxx
Calling LibSpamAtt to extract tokens
Bayesian Scan completed [SPAM]
Setting actions data ...
Spam detected, Stopping ASE Chain [2]...
Setting block report to: 'Bayesian Filter detected spam'
<< Process Message
Note: If an email is incorrectly flagged as HAM or SPAM, refer to the following linked article for more information on how to train the Bayesian Analysis engine: How to train, manually update and create a new database for the Bayesian Filter

 

Related Articles

Back to top

Related articles