Messaging Gateway

sms 8300 applinaces, software version 7.7.0-17

When writing a compliance rule, is there any way to have it perform the action only if it has not been classified as spam?

For example I write rules to catch spam that we don't yet have signatures for..  the rule forwards copies of the message to a special account so that I  can than submit them to Symantec/Brightmail as examples of spam that should be added to the signatures.  

The problem is that even after we get the updated signatures the message is still being forwarded to this special account..

Hello Chuck,

So as of right now, I don't believe there is a way to do this that I can think of. Not in a single scanner that is. One possible workaround would be to have multiple scanners and have one scanner send to the next. If the first scanner does spam scanning and the second your compliance scanning it should do the desired behavior.

I welcome better suggestions, it's just the only way I can think to do it right now. Maybe use Mail Security for Exchange for your compliance? That is if you are using Exchange.

Hi Chuck,

We might need to think about things a bit differently but we can probably come up with something.  Can you give any more details what your compliance policy is looking for, is is mainly keywords etc?  Exaclty what action are you taking on these messages, is it just the forward action?  Also exactly what action are you taking on spam messages? Do you find your compliance rule is catchign much that the product is missing?

Cheers,

Kevin

it's just a policy that looks for keywords in the body..  like these

if Text in Body part of the message contains 1 or more occurrences of ".narod.ru"

if Text in Body part of the message contains 1 or more occurrences of ".cn/"

the actions are:

Hold message in Spam Quarantine

Forward the message to xxxx@xxxz.com

I am filtering a lot of messages and submitting them.. 1000's per day  the .cn/ rule is very active right now and it is not being caught by the product signatures

Hi Chuck,

Why don't you give this a test.  Instead of using the forward action on your compliance rule, try using the 'Add BCC recipients' action and enter the address of your dedicated mailbox.  I think what you should see is if the message is just spam, it will only go to the original users quarantine.  If it violates just the compliance policy it will go to the end users inbox and the bcc'd mailbox(the same as your current policy is doing, so you can just forward the message to Symantec from the bcc'd mailbox).  If the message violates both the compliance and spam policy, a message for the end user, and a a message for the bcc'd user will end up in quarantine.  This should be fine, you don't even need to monitor the quarantine for the bcc'd user as these messages will be expunged automatically after however many days you have set, and your bcc inbox no longer contains the spam messages you don't want.

How does that sound?

Kevin

Hey Kevin...

The Bcc idea works ok for the stuff that is spam, but for new things it just ends up getting  submitted to the quarantine.. which means i need to monitor the quarantine and forward those messages on..   which i guess is better than not being able to forward them..  I was hoping to find a way to allow me to automatically forward the ones that match the filter unless they are spam.. maybe it's not possible

Hi Chuck,

Not sure I understand the issue, only messages already having a spam verdict will get BCC'd to the quarantine for your dedicated mailbox.  Because there are already spam rules in place to catch these you don't really need to monitor the messages quarantined for the dedicated address correct?

Messages that aren't getting caught as spam but are matching the compliance rule will get BCC'd to your dedicated mailbox which is what you want.

Am I missing something else?

Kevin