?
Solved

Symantec Brightmail Gateway 9.0.2 blocking genuine emails

Posted on 2011-03-08
2
Medium Priority
?
1,715 Views
Last Modified: 2013-12-09
Hi Guys

I have recently installed symantec brightmail gateway at a company however I am finding that it is blocking a number of genuine emails and that I have to examine the quarantine evey morning to ensure all genuine emails are passed through..

Surely this should not be the case?

I have created a email content filter with the following conditions however I do not see any reason why genuiene emails should be kept in in the quarantine based on the conditions below.

Some of these emails are normal conversations etc.

 
If any part of the message contains 1 or more words in dictionary "Profanity"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Possible"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Sexual"  
 If any part of the message contains 1 or more words in dictionary "Sexual (Ambiguous)"  
 If any part of the message contains 1 or more words in dictionary "Sexual Slang"  
 If any part of the message contains 1 or more words in dictionary "Street Drug Names"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Vulnerability Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"  
 If any part of the message contains 1 or more words in dictionary "Disease Names"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, General"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"

Open in new window


0
Comment
Question by:ridha121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
michko earned 1500 total points
ID: 35084625
You should take a look at the specific words in the various areas you are blocking.  You are blocking based on 1 single word with a lot of possibilities.  You may need to loosen those restrictions a bit - say to a couple of occurrences rather than 1.  You are blocking a wide range, it is very possible that words are being used that are on your block list, just not in the context that should cause them to be blocked.

For example, you are blocking "violence keywords".  Let's say one of your users sends an email with a sentence like "oh no, that is a bad idea, we need to kill that now before it gains momentum."  Well, that entire email is now blocked based on the one word "kill".

Another example, you are blocking "Offensive Language, General".  What is one of your tech people sends an email stating "you need to put that drive in as a slave to the main hard drive and scan it from there."  That was just blocked based on the legitimate use of the word "slave".

If you are blocking legitimate emails, then you need to determine and look at the specific words that are causing those blocks.  Then determine if/how you want to loosen the controls that are blocking those.  You could edit the dictionary to remove (or even add) words:
http://www.symantec.com/business/support/index?page=content&id=HOWTO15553

Also note that you have some items blocked multiple times, such as "Gambling Keywords, Confirmed" and "Offensive Language, Explicit"

Not sure if you want to block "Medical Treatment Keywords", depends on what business you are in, and whether or not you want to allow emails regarding medical treatment.  If you deny those, you could block your employees from emailing their doctors, or internal emails regarding someone's health, etc.

Filtering is a fine line between blocking the bad and allowing the good.  It will take some tweaking before you get it to a level that is acceptable to both you and your users.

0
 
LVL 3

Author Closing Comment

by:ridha121
ID: 35216496
Was another problem
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question