Hi,
We are using Symantec Brightmail Gateway 8.0.3-11 and made some basic rules.
First of all, We have a Virus rule that says: Clean the message
And then we have a compliance rule setup with theese settings:
If the file metadata is in the attachment list "True Type Executable Files"
Hold message in Spam Quarantine
Send notification "EXE violation notification"
If i send a test email with a EXE attached to our environment, SBG successfully removes the exe, quaratines the email and sends a notification to the recipient.
The problem is that when SBG receives an executable that is virus infected, the email enters SBG, it still quarantines the email and still sends a notification.
Verdict: Verdict Filter Policy Group Details
Virus virus: clean message (default) default packed.generic.265
Spam spam default None
Content Compliance violation: Quarantine Inbound Executable Files Violations default None
Actions taken: Archive the message, Send notification, Clean the message, Modify the subject line, Hold message in Spam Quarantine
SBG finds this email as SPAM too, so i could probably change the SPAM rule to delete the message, but our company policy says i cant delete any emails so thats not possible.
Is there any way i can tell SBG to clean the virus and then skip the compliance rule because the EXE has been removed(?).
BR
Themac