Thanks, John_H. Yeah, I will try doing the whitelisting via the compliance policy page.
My group is concerned about spam sending files with attachments, which should've been blocked. I guess the reporting of our SBG server would later on add them to the global list whenever it sends data to the Symantec Brightmail website.
In the meantime, we want to setup a policy to block the sending or at least SBG being able to know a script file when it scans one even if the extension is renamed by identifying its true file type. I'm not sure if this is possible since scripts come in many formats, the most simple one being an executable text file. And I'm still looking into other reasons as I can't give an absolute explanation to my peers. :D