What you can do with Symantec Message Filter

Article:HOWTO59358  |  Created: 2011-10-04  |  Updated: 2011-10-04  |  Article URL http://www.symantec.com/docs/HOWTO59358
Article Type
How To


What you can do with Symantec Message Filter

Table: Symantec Message Filter tasks describes what you can do with Symantec Message Filter.

Table: Symantec Message Filter tasks



Create group policies

You can specify the groups of users that are based on email addresses or domain names. You can configure group policies to set identical options for all users or to specify different actions for different groups of users.

For each group, you can specify email filtering actions for different categories of email. And for each category, you can specify different filtering options.

Detect spam

Spam is unsolicited bulk email, most often advertising messages for a product or service. It wastes productivity, time, and network bandwidth.

You can define which messages are spam, suspected spam, or not spam based on the scores that Symantec Message Filter assigns to messages. You can also configure how to dispose of spam and suspected spam messages.

Detect viruses

Symantec Message Filter detects viruses with Symantec antivirus definitions and engines. You can configure Symantec Message Filter to repair infected messages, if possible. You can also specify how you want Symantec Message Filter to dispose of the messages that contain viruses.

Stop mass-mailer worm attacks

A mass-mailer worm or virus can exploit security vulnerabilities and spread by sending copies of itself by email through the Internet or a network. For example, a single mass-mailer worm can infect one computer in an organization. Then it can spread by sending copies of itself through email to everyone in the company's global address book.

You can specify how you want Symantec Message Filter to dispose of the mass-mailer messages.

Dispose of unwanted encrypted email

A file that cannot be scanned can put your network at risk if it contains a virus. Infected files can be intentionally encrypted so that they cannot be scanned.

You can configure how you want Symantec Message Filter to process encrypted container files to protect your network from threats.

Establish file processing limits

Symantec Message Filter must be able to decompose and scan a container file to detect viruses. An unscannable container file that contains a virus can pose a risk to your network. An unscannable container file is one that exceeds a scanning limit, is a partial container file, or generates a scanning error.

You can specify how you want Symantec Message Filter to process the container files that cannot be scanned.

Filter content

You can create the filters that are unique to your organization to filter for specific content in email messages. Create custom content filters with the custom filters editor or through a sieve filters file.

Block unwanted email

When you block email from unwanted senders, you reduce the volume of email that is scanned and reduce spam and potential malicious attacks.

You can specify a list of senders that you want Symantec Message Filter to automatically block. You can also use third party blocked senders lists.

Let trusted email bypass scanning

Another method that you can use to reduce scanning resources is to permit trusted senders to bypass scanning for spam and content filtering.

You can specify trusted senders in an Allowed Senders List. You can also use third party allowed senders lists. Messages from allowed senders automatically bypass scanning for spam and content filtering.


Symantec Message Filter scans all messages for viruses when virus detection is enabled, including messages from trusted senders.

Quarantine spam messages for review

Symantec Message Filter contains a Spam Quarantine. You can configure the Java-based Quarantine for either administrator-only or end-user access.

In administrator-only mode, administrators can take the following actions:

  • Review quarantined messages to determine whether each message is spam and should be deleted.

  • Determine if a message is misidentified and should be released to the recipient's inbox.

  • Review all of the messages that are sent to the email addresses that are not valid in the environment

In end-user mode, an end user can access only the messages that are sent to their email address.

Update antispam filters and antivirus definitions

Symantec Message Filter relies on continually updated filters to effectively filter messages.

Symantec Message Filter receives filter updates through the Conduit and LiveUpdate. Conduit downloads antispam filters and LiveUpdate downloads antivirus definitions. These are the components that run on each scanner that contains a Symantec Message Filter server. Conduit and LiveUpdate poll the secure Web sites to check for updated filters. If new filters and definitions are available, they retrieve the updated filters and definitions through a secure HTTP file transfer. After they authenticate the filters and definitions, they notify the Symantec Message Filter servers to begin using the updated filters and definitions.

See About LiveUpdate rule updates

Receive notifications of outbreaks

Symantec Message Filter helps you manage outbreaks quickly and effectively by setting outbreak rules. Email notifications alert you when an outbreak is detected.

See Setting up event-based alerts

See About Symantec Message Filter.

See Components of Symantec Message Filter.

See How Symantec Message Filter works.

See Where to get more information about Symantec Message Filter.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO59358

Terms of use for this information are found in Legal Notices