Solved

Symantec Brightmail Gateway 9.0.2 blocking genuine emails

Posted on 2011-03-08
2
1,700 Views
Last Modified: 2013-12-09
Hi Guys

I have recently installed symantec brightmail gateway at a company however I am finding that it is blocking a number of genuine emails and that I have to examine the quarantine evey morning to ensure all genuine emails are passed through..

Surely this should not be the case?

I have created a email content filter with the following conditions however I do not see any reason why genuiene emails should be kept in in the quarantine based on the conditions below.

Some of these emails are normal conversations etc.

 
If any part of the message contains 1 or more words in dictionary "Profanity"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Possible"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Sexual"  
 If any part of the message contains 1 or more words in dictionary "Sexual (Ambiguous)"  
 If any part of the message contains 1 or more words in dictionary "Sexual Slang"  
 If any part of the message contains 1 or more words in dictionary "Street Drug Names"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Vulnerability Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"  
 If any part of the message contains 1 or more words in dictionary "Disease Names"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, General"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"

Open in new window


0
Comment
Question by:ridha121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
michko earned 500 total points
ID: 35084625
You should take a look at the specific words in the various areas you are blocking.  You are blocking based on 1 single word with a lot of possibilities.  You may need to loosen those restrictions a bit - say to a couple of occurrences rather than 1.  You are blocking a wide range, it is very possible that words are being used that are on your block list, just not in the context that should cause them to be blocked.

For example, you are blocking "violence keywords".  Let's say one of your users sends an email with a sentence like "oh no, that is a bad idea, we need to kill that now before it gains momentum."  Well, that entire email is now blocked based on the one word "kill".

Another example, you are blocking "Offensive Language, General".  What is one of your tech people sends an email stating "you need to put that drive in as a slave to the main hard drive and scan it from there."  That was just blocked based on the legitimate use of the word "slave".

If you are blocking legitimate emails, then you need to determine and look at the specific words that are causing those blocks.  Then determine if/how you want to loosen the controls that are blocking those.  You could edit the dictionary to remove (or even add) words:
http://www.symantec.com/business/support/index?page=content&id=HOWTO15553

Also note that you have some items blocked multiple times, such as "Gambling Keywords, Confirmed" and "Offensive Language, Explicit"

Not sure if you want to block "Medical Treatment Keywords", depends on what business you are in, and whether or not you want to allow emails regarding medical treatment.  If you deny those, you could block your employees from emailing their doctors, or internal emails regarding someone's health, etc.

Filtering is a fine line between blocking the bad and allowing the good.  It will take some tweaking before you get it to a level that is acceptable to both you and your users.

0
 
LVL 3

Author Closing Comment

by:ridha121
ID: 35216496
Was another problem
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question