Messaging Gateway

 View Only

  • 1.  powerpoint attachment caught as archive file

    Posted Feb 15, 2011 04:03 AM

    Hello,

    A customers brightmail did the strangest thing last week. To handle archive files in attachments, all those goes to a custom quarantine. But suddenly a ppt file (microsoft powerpont) "got lost" in this filter. This one was very hard for me to explain, so suggestions is very welcome :-)

    Could it possibly be related to these errors:

     

    Friday, Feb 11, 2011 10:14:28 AM CET   Error Local Host Brightmail Engine    Gatekeeper module: Failure applying mheader rules. 

    Friday, Feb 11, 2011 10:14:28 AM CET   Error Local Host Brightmail Engine   Gatekeeper module: Test message: MD5 signature is NULL.  

    The brightmail engine has something to do with filters?



  • 2.  RE: powerpoint attachment caught as archive file

    Posted Feb 15, 2011 11:48 AM

    Hi Hanskt,

    Depending on which version and how the attachment list is configured this might happen.

    I would suggest you to have a closer look at attachment list being used for the policy and the message that triggered it.

    Sometimes you might have MIME-Types that have the clause "Begins with ..." and I have seen some MUA's, MTA's that encode the file using a wrong, non-standard MIME encoding thus it might be triggering a false-positive.

    If you have the RAW/EML message still available, please see what the "Content-Type" says and try to see if you have anything like that under the Attachment list used in that policy.

    We also had a known issue that might be related to this and it is documented with the following article:
    http://www.symantec.com/business/support/index?page=content&id=TECH132007

    Thank you,
    Marco Bicca



  • 3.  RE: powerpoint attachment caught as archive file

    Posted Feb 16, 2011 05:31 AM

    The known issue mentioned should be solved in the version they are running, 9.0.2? The mime type for such files is application/vnd.ms-powerpoint. The archive attachment list is not modified from the original, and I can't find any similar to that mime-type in it.

    Can you please confirm that we can exclude the error message related to the Brightmail enigine in this case?  



  • 4.  RE: powerpoint attachment caught as archive file

    Broadcom Employee
    Posted Feb 17, 2011 02:49 PM

    New installations of 9.0.2 will have this fix, but if you upgraded to 9.0.2 we do not modify the attachments lists already on the appliance. This is in case people have edited the lists or wish to keep that setting in the list.

    If you have upgraded from a previous version you will want to follow the document.