Solved

Symantec Brightmail Gateway 9.0.2 blocking genuine emails

Posted on 2011-03-08
2
1,685 Views
Last Modified: 2013-12-09
Hi Guys

I have recently installed symantec brightmail gateway at a company however I am finding that it is blocking a number of genuine emails and that I have to examine the quarantine evey morning to ensure all genuine emails are passed through..

Surely this should not be the case?

I have created a email content filter with the following conditions however I do not see any reason why genuiene emails should be kept in in the quarantine based on the conditions below.

Some of these emails are normal conversations etc.

 
If any part of the message contains 1 or more words in dictionary "Profanity"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Possible"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Sexual"  
 If any part of the message contains 1 or more words in dictionary "Sexual (Ambiguous)"  
 If any part of the message contains 1 or more words in dictionary "Sexual Slang"  
 If any part of the message contains 1 or more words in dictionary "Street Drug Names"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Vulnerability Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"  
 If any part of the message contains 1 or more words in dictionary "Disease Names"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, General"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"

Open in new window


0
Comment
Question by:ridha121
2 Comments
 
LVL 27

Accepted Solution

by:
michko earned 500 total points
ID: 35084625
You should take a look at the specific words in the various areas you are blocking.  You are blocking based on 1 single word with a lot of possibilities.  You may need to loosen those restrictions a bit - say to a couple of occurrences rather than 1.  You are blocking a wide range, it is very possible that words are being used that are on your block list, just not in the context that should cause them to be blocked.

For example, you are blocking "violence keywords".  Let's say one of your users sends an email with a sentence like "oh no, that is a bad idea, we need to kill that now before it gains momentum."  Well, that entire email is now blocked based on the one word "kill".

Another example, you are blocking "Offensive Language, General".  What is one of your tech people sends an email stating "you need to put that drive in as a slave to the main hard drive and scan it from there."  That was just blocked based on the legitimate use of the word "slave".

If you are blocking legitimate emails, then you need to determine and look at the specific words that are causing those blocks.  Then determine if/how you want to loosen the controls that are blocking those.  You could edit the dictionary to remove (or even add) words:
http://www.symantec.com/business/support/index?page=content&id=HOWTO15553

Also note that you have some items blocked multiple times, such as "Gambling Keywords, Confirmed" and "Offensive Language, Explicit"

Not sure if you want to block "Medical Treatment Keywords", depends on what business you are in, and whether or not you want to allow emails regarding medical treatment.  If you deny those, you could block your employees from emailing their doctors, or internal emails regarding someone's health, etc.

Filtering is a fine line between blocking the bad and allowing the good.  It will take some tweaking before you get it to a level that is acceptable to both you and your users.

0
 
LVL 3

Author Closing Comment

by:ridha121
ID: 35216496
Was another problem
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bulk Emailing to verious lists 11 92
Exchange 2013 - Problem with some attachments 10 89
How do I Uninstall Sophos endpoint Security 8 86
Exch2013 connectors... 1 73
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question