Configuring P.U.R.L.S.

Let's get that epic dangerous URL detector up and running.

Some of you know probably know what Purls is already. The brand-new passive dangerous URL detection system. It's actually called the "Passive Uniform Resource Locator Scanner", but to make your life easier we called it PURLS for short.

Enough intro - now let's get it set up.

Xyron PURLS control panel

The Purls control panel should look similar to the Xyron Antispam control panel - but it looks a lot more complicated (and maybe scary).

First things first

Turn Purls on. Just run nv!svr_purls toggle.

And then you'll see all those options you can configure to get the best PURLS experience for your server.

Configure sensitivity

Let's configure Purls' sensitivity now.

Configure scan sensitivity

PURLS uses three sensitivity modes so you can choose the one that fits your server best. Starting from phishing protection, and going all the way to AI-powered detection. We didn't program the AI, the cool guys at IPQS did.

The sensitivities are available here by the way. To configure the sensitivity, run nv!svr_purls sensitivity <sensitivity>.

Configure PhishTank Similarity Threshold

PhishTank is not owned or developed by NeoSoft, however no data is being sent to PhishTank. We do not hold any responsibility for false positives detected by this service.

PURLS will find a URL in the PhishTank database that matches the similarity threshold when compared with the URL it is trying to scan.

We recommend setting the threshold between 0.8 and 0.95 to find as many phishing URLs as possible while reducing false positives.

To set the threshold, just run nv!svr_purls threshold <threshold> .

Minimum threshold is locked to 0.7.

Configure IPQS actions

IPQS is not owned or developed by NeoSoft. Only the URL to scan is being sent to IPQS. We do not hold any responsibility for false positives detected by this service, although this service is the most accurate engine by far.

For servers with Sensitivity 2 unlocked, this will be helpful. Configuring IPQS allows you to get the maximum protection PURLS can offer. IPQS rates a website's sus-o-meter suspiciousness by a score from 0 to 100. PURLS is programmed to only scan websites with a score 75 and up.

Here's how the scores are divided, so you can have an easier time setting things up.

  • No risk (safe): 0

  • Low risk (safe): 1-74

  • High risk (suspicious): 75-84

  • Very high risk (definitely suspicious): 85-99

  • Certainly dangerous (malicious): 100

You can configure the actions on what to do for High risk, Very high risk and Certainly dangerous. Just run nv!svr_purls action_<risklevel> <action> .

Configure on-positive actions

Not everyone is good. Some people may send bad things, and you need to know what to do in those situations. We offer three options when these bad URLs are detected: scan it with VirusTotal, quarantine the user or ban the user. In the event these detections are from the VirusTotal scan, you can make Purls quarantine, ban or do nothing.

The on-positive action keys should start with "action_". To configure these, run nv!svr_purls <action_key> <action>.

Configure roles and channels

Purls also needs you to configure some settings so it knows what channel to report the detection in, what channels to not run in, what the quarantine role is and if bots should not be scanned or not. This should be obvious at this point, but for the report_ch and whitelist keys, you're gonna need the channel ID.

Last updated