An explanation of verdicts by verdict category on the Symantec Messaging Gateway.

Article:HOWTO25811  |  Created: 2010-01-24  |  Updated: 2011-09-12  |  Article URL http://www.symantec.com/docs/HOWTO25811
Article Type
How To



Verdicts by verdict category

Table: Verdicts by verdict category

Verdict Category

Verdict

Description

Bad Sender Policies

 

 

Directory harvest attack

An attempt is underway to capture valid email addresses. A directory harvest attack is accomplished by emailing to the target domain with a specified number of non-existent recipient addresses sent from the same IP address.

Email virus attack

A specified quantity of infected email messages has been received from a particular IP address.

Bad Sender Groups

An email message, domain, or IP address is a member of one of the following groups:

  • Local Bad Sender Domains

  • Local Bad Sender IPs

  • Third Party Bad Senders

  • Symantec Global Bad Senders

See About blocking and allowing messages using sender groups.

Good Sender Policies

 

Good Sender Groups

An email message, domain, or IP address is a member of one of the following groups:

  • Local Good Sender Domains

  • Local Good Sender IPs

  • Third Party Good Senders

  • Symantec Global Good Senders

See About blocking and allowing messages using sender groups.

Fastpass

Allows most email messages from verified good senders to bypass spam filtering. It is not possible to specify any actions for the Fastpass verdict.

Sender authentication

Sender authentication

An email message has failed either SPF or Sender ID authentication.

See Enabling SPF and Sender ID authentication.

Virus

 

 

 

 

 

Virus

An email or IM message contains a virus, based on current Symantec virus filters.

Mass-mailing worm

An email or IM message contains a mass-mailing worm, based on current Symantec virus filters.

Unscannable for viruses

An email or IM message exceeds the container limits configured on the Scanning Settings page or is unscannable for other reasons. For example, a message or an attachment that contains malformed MIME cannot be scanned for viruses.

Encrypted attachment

An email or IM message contains an attachment that is encrypted or password-protected and therefore cannot be scanned.

Spyware or adware

An email or IM message contains any of the following types of security risks: spyware, adware, hack tools, dialers, joke programs, or remote access programs.

See Spyware or adware verdict details.

Suspicious attachment

An email or IM message either shows virus-like signs or because suspicious new patterns of message flow involving this attachment have been detected.

Spam

 

 

Spam

An email message is spam, based on current spam filters from Symantec.

Suspected spam

An email message is suspected spam, based on a configurable Suspected Spam Threshold.

Failed bounce attack validation

An email message is part of a bounce attack, based on bounce attack validation filtering.

See About defending against bounce attacks.

Spim

Spim

An IM message contains spim, based on current spim filters from Symantec.

Content Filtering

 

 

Text in the Subject, Body, or Attachments

An email message contains keywords in your configurable dictionary, matches/does not match a regular expression or pattern, or matches data in a record.

Text in this specific part of the message

Text in any of 13 message parts contains or matches in one of several ways a specific string, or matches/does not match a regular expression or pattern.

Text in this specific part of the message header

Text in the envelope recipient or envelope sender contains/does not contain an email address, domain, or country code from a specific dictionary.

Message size

The message size is equal to/greater than/less than a specific number of bytes, KB, or MB.

File metadata

An attachment is in an attachment list, has a specific filename or MIME type, or contains/does not contain a filename or file extension from specific dictionary.

For all messages

All email is flagged. It is possible to create a content filtering rule that applies to all messages, for example to universally attach an annotation to all inbound or outbound email messages.

 


Legacy ID



346291


Article URL http://www.symantec.com/docs/HOWTO25811


Terms of use for this information are found in Legal Notices