Messaging Gateway

 View Only

  • 1.  Loosening Virus Scanning Restrictions

    Posted Mar 20, 2009 12:38 PM

    I need to be able to pass messages with "unscannable attachments" from a specific address only.  I don't want to pass all unscannable attachment verdicts, only messages from this one address.  I tried configuring a custom compliance rule for inbound messages, but that didn't work.  The solution I've been using is having a separate group of users with different virus scanning rules set to pass unscannable attachments, but I'd prefer to have this rule configured globally.

     

    Let me know if this doesn't make any sense at all :)

     

    Thanks!



  • 2.  RE: Loosening Virus Scanning Restrictions

    Posted Mar 20, 2009 05:22 PM

    So you are running in to an issue with order of precedence. Our virus scanning module is high up on the food chain so the compliance rules are always going to happen after the virus and unscannable verdicts.

    I don't think we would have a way around that unless someone else has an idea?

    The reason for this is that whereas a compliance filter can be important, letting a virus through would be detrimental. So the order of importance has been set so as to not let this happen.

    I hope this makes sense. Let me know if you need any clarification.

    Thanks!



  • 3.  RE: Loosening Virus Scanning Restrictions

    Posted Mar 24, 2009 12:34 PM
    Thanks for the heads up.  Is the order of operations for the scanning engine documented anywhere?  The administration guide had a brief diagram, but nothing too detailed.

    I think that firewall-like functionality where you could "poke holes" through the product would be useful for these kinds of scenarios.  Just some feedback...

    Thanks again,


  • 4.  RE: Loosening Virus Scanning Restrictions
    Best Answer

    Posted Mar 24, 2009 02:10 PM

    Hey Guys,

    So the issue here isn't really that virus policies have any higher precedence than compliance or spam policies, the real issue is to do with actions involved, and the precedence the actions have after all modules are evaluated.  So in this case you have your unscannable policy which wants to delete the message and your compliance policy which wants to deliver the message normally.  As 'Delete' actions have higher precedence over 'No Action' than the message is deleted and there isn't really anything we can do about this.  This is all documented in the SBG 8 Administration Guide which you can download from here:

    http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991

    Check out Appendix A starting on page 509.

    Kevin 


  • 5.  RE: Loosening Virus Scanning Restrictions

    Posted Mar 24, 2009 02:36 PM
    Thanks guys, I've reviewed the Administration Guide and understand now what's happening.