Solved

Symantec Brightmail Gateway 9.0.2 blocking genuine emails

Posted on 2011-03-08
2
1,693 Views
Last Modified: 2013-12-09
Hi Guys

I have recently installed symantec brightmail gateway at a company however I am finding that it is blocking a number of genuine emails and that I have to examine the quarantine evey morning to ensure all genuine emails are passed through..

Surely this should not be the case?

I have created a email content filter with the following conditions however I do not see any reason why genuiene emails should be kept in in the quarantine based on the conditions below.

Some of these emails are normal conversations etc.

 
If any part of the message contains 1 or more words in dictionary "Profanity"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Possible"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Sexual"  
 If any part of the message contains 1 or more words in dictionary "Sexual (Ambiguous)"  
 If any part of the message contains 1 or more words in dictionary "Sexual Slang"  
 If any part of the message contains 1 or more words in dictionary "Street Drug Names"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Vulnerability Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"  
 If any part of the message contains 1 or more words in dictionary "Disease Names"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, General"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"

Open in new window


0
Comment
Question by:ridha121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
michko earned 500 total points
ID: 35084625
You should take a look at the specific words in the various areas you are blocking.  You are blocking based on 1 single word with a lot of possibilities.  You may need to loosen those restrictions a bit - say to a couple of occurrences rather than 1.  You are blocking a wide range, it is very possible that words are being used that are on your block list, just not in the context that should cause them to be blocked.

For example, you are blocking "violence keywords".  Let's say one of your users sends an email with a sentence like "oh no, that is a bad idea, we need to kill that now before it gains momentum."  Well, that entire email is now blocked based on the one word "kill".

Another example, you are blocking "Offensive Language, General".  What is one of your tech people sends an email stating "you need to put that drive in as a slave to the main hard drive and scan it from there."  That was just blocked based on the legitimate use of the word "slave".

If you are blocking legitimate emails, then you need to determine and look at the specific words that are causing those blocks.  Then determine if/how you want to loosen the controls that are blocking those.  You could edit the dictionary to remove (or even add) words:
http://www.symantec.com/business/support/index?page=content&id=HOWTO15553

Also note that you have some items blocked multiple times, such as "Gambling Keywords, Confirmed" and "Offensive Language, Explicit"

Not sure if you want to block "Medical Treatment Keywords", depends on what business you are in, and whether or not you want to allow emails regarding medical treatment.  If you deny those, you could block your employees from emailing their doctors, or internal emails regarding someone's health, etc.

Filtering is a fine line between blocking the bad and allowing the good.  It will take some tweaking before you get it to a level that is acceptable to both you and your users.

0
 
LVL 3

Author Closing Comment

by:ridha121
ID: 35216496
Was another problem
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
vMware vShield Endpoint 6.0 4 118
Junk folder 23 205
Best secure sending email service 1 68
Scan to Gmail emails never arrive 12 51
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question