Configuring rules to address unscannable and encrypted files

Article:HOWTO83046  |  Created: 2012-12-04  |  Updated: 2012-12-04  |  Article URL http://www.symantec.com/docs/HOWTO83046
Article Type
How To

Product(s)

Subject

Languages

Configuring rules to address unscannable and encrypted files

A file that cannot be scanned can put your network at risk if it contains a threat. Mail Security provides the following default rules to address unscannable and encrypted files:

Unscannable File Rule

Mail Security must be able to decompose and scan a container file to detect risks. An unscannable container file is a file that contains a threat that can pose a risk to your network. An unscannable file is one that exceeds a scanning limit, is a partial container file, or that generates a scanning error.

You can specify how you want Mail Security to process the container files that cannot be scanned. The default setting for the Unscannable File Rule is to quarantine the file and replace it with a text description.

Encrypted File Rule

Infected files can be intentionally encrypted. Encrypted files cannot be decrypted and scanned without the appropriate decryption tool. You can configure how you want Mail Security to process encrypted container files to protect your network from threats.

The default setting for the Encrypted File Rule is to log the violation only.

These rules are always enabled.

To configure rules to address unscannable and encrypted files

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under General, click Exceptions.

  3. In the Exceptions table, select one of the following rules that you want to view or modify:

    • Unscannable File Rule

    • Encrypted File Rule

  4. In the preview pane, in the Action to take list, use the drop-down menu to select the action to take when a violation is detected.

  5. In the Replacement text box, type your customized message if you want to replace the message or the attachment body with a text message.

    The default text is: Symantec Mail Security replaced %attachment% with this text message. The original file was unscannable and was %action%.

    You can use variables in your customized text.

    See Alert and notification variables

  6. Check one or more of the following to send email notifications about the detection:

    • Notify administrators

      Click the down arrow and then type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:

      • Default subject line text: Administrator Alert: Symantec Mail Security detected a message with an unscannable attachment or body

      • Default message body text: Location of the message: %location% Sender of the message: %sender% Subject of the message %subject% The attachment(s) "%attachment%" was %action%. This was done due to the following Symantec Mail Security settings: Scan: %scan% Rule: %rule%

    • Notify internal sender

      Click the down arrow and then type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:

      • Default subject line text: Symantec Mail Security detected unscannable content in a message sent from your address

      • Default message body text: Subject of the message: %subject% Recipient of the message % recipient%

    • Notify external sender

      Click the down arrow and then type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:

      • Default subject line text: Symantec Mail Security detected unscannable content in a message sent from your address

      • Default message body text: Subject of the message: %subject% Recipient of the message %recipient%

      See Alert and notification variables

  7. On the toolbar, click Deploy changes to apply your changes.

    See Deploying settings and changes to a server or group

Legacy ID



SMSID0EFHHM_v82894070


Article URL http://www.symantec.com/docs/HOWTO83046


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support