Messaging Gateway

Good morning,
Now that we have our SBG upgraded to version 9, we are retesting our policies.  First test was for a virus (zip file containing an .exe).  In review the logs, it appears that it "hit" our rules for viruses and executables.  So I received 2 notifications about 1 message.  Going to try to paste in the audit log:

Verdict:	Verdict Filter Policy Policy Group Details Virus  ??? - virus: delete message  default  eicar test string Content Filtering violation: ??? - Hold Executable Attachments  ??? - hold executable attachments  default  None
	Tracker:	AAAABAAAAZEAAAFhE23esxNt3rc=
	Actions taken:	Send notification, Send notification, Delete message
	Delivery:	Delivered To Delivery Time Recipient   None

If it's a virus, I want testing to stop and delete.  Is there a way to make this happen?

Thanks in advance,

Doug

We are a mutli-verdict engine, so this is expected behaviour. There is no way for a virus rule to stop the message dead it its tracks, it still has to go through content filtering and spam.

And you might want to take two actions. e.g. delete the e-mail so it doesn't get delivered, but keep a copy for forensics.

TSE-JDavis - 9.0 has a new feature on the Quarantine Incident folder type where you can specify a expunger actions.  It would seem that the Spam and Virus quarantines are just special cases of these.  Not sure where I'm going with this....  Ah,  you could then use the Notification settings on the Incident folder.

phhowe17,

I am fully aware of the way version 9 works in that regard. The thing is that it will still process messages even no matter what the action taken is on the message, then at the end when each engine has given their verdict it will process them in order.