Messaging Gateway

 View Only

  • 1.  Unscannable Messages - Malformed MIME

    Posted Feb 17, 2010 06:23 PM
    I'm looking for the best way to do this.

    We have an internal application which sends out email based alert messages.  SBG has been deleting them because they're malformed MIME and thus unscannable.  My initial idea would be to create a new group on the SBG appliance comprised of the recipients for these messages, then change their unscannable message policy to something other than "Delete Message".  I'm just wondering if anyone can think of a better way to pass these messages safely (other than having the application in question send proper MIME messages, trust me, that's not an option, unfortunately)

    I've pasted an example message audit log entry for one of these messages below.

    Thanks for the help!

    Message Data 
    ID: c0a8cc06-b7c27ae000002466-f4-4b7bc8389fea
      Message-ID: 7da0211.a2d0a4b@server
      Tracker: AAAABAAAAWEK/wVSEtO+vBLUrNM=
      Accepted From: 10.xxx.xx.xx
      Scanners: XXXX Symantec Brightmail Gateway 
      Time accepted: Wednesday, Feb 17, 2010 02:43:04 AM PST
      Direction: Inbound
      Sender: xxxxmail@xxxx.com
      Original recipients: rxxxxx.xxxxxx@xxxx.com 
      Original Subject: xxxx alert 56 bad return code.
      Full attachment list: None
      Suspect attachments: None
    Recipient Data 
      Intended recipient: rxxxxx.xxxxxx@xxxx.com
       
      Verdict:
    Verdict Filter Policy Group Details
    Unscannable  unscannable: delete message (default)  default  Malformed MIME
       
      Actions taken: Delete message 
       
      Delivery:
    Delivered To Delivery Time
    None    
       
      Untested verdicts:  Message was sent from a suspect spammer, Locally identified suspected virus, Suspected virus, Content Compliance violation: Delete Executable Files Violations, Content Compliance violation: Delete Email Policy Violations, Content Compliance violation: Legal Disclaimer, Content Compliance violation: Delete True Type Executable Files Violations, Unknown recipient, Connection Class, Default Connection Class, Connection Class 1, Connection Class 2, Connection Class 3, Connection Class 4, Connection Class 5, Connection Class 6, Connection Class 7, Connection Class 8, Connection Class 9, Bounce attack signature present, Known language
       
      Other recipients:  
         


  • 2.  RE: Unscannable Messages - Malformed MIME

    Broadcom Employee
    Posted Feb 17, 2010 07:07 PM
    That is the first thing I thought of when you described the issue. Create another group and change their unscannable rule.

    There is another option though. You can tell us to ignore malformed MIME. This is not suggested though.


  • 3.  RE: Unscannable Messages - Malformed MIME

    Posted Feb 17, 2010 07:09 PM
    Hi Mike,

    If the messages from the application are getting unscannable verdict due to the issue described in the following KB then there is a workaround available that might help:

    http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009022715580554

    The workaround involves accessing the Hidden Advanced Settings page and since any setting there should not be changed unless advised by support, I can not paste the instructions to access that page here.

    But I think the best solution is to handle it with the group policy you mentioned. 

    May be you can setup the policy group using the sender address (assuming the mail from address is fixed and from your domain), dsiable outbound email virus scanning for this group, and have the application send mail using the outbound interface (which may not be possible in your case) instead of inbound.  This way the policy group is independent of the recipients and you would not have to update the policy group for each new added/deleted recipient. 

    Regards,

    Adnan




  • 4.  RE: Unscannable Messages - Malformed MIME

    Posted Feb 18, 2010 02:02 PM
    Thanks,

    I've tried AdnanH's second recommended solution there.  I just have to wait for the application guy to make the configuration changes - I'll post my results afterwards.


  • 5.  RE: Unscannable Messages - Malformed MIME

    Posted Apr 08, 2010 01:50 PM
       Hi, i got the same problem here...

       I changed the default "Unscannable: Delete message (default)" policy to "Hold message in Spam Quarantine" instead of deleting the message.

       But it didn't work, i have not sure about it, but i think, since the message is already malformed, Brightmail is not capable to save it, so it delete the message anyway.

       I am thinking about enable the "Allow malformed MIME" in the hidden settings... does anyone ever tried this ? Any clues ?

       Thank you !
       Carlos Oliveira


  • 6.  RE: Unscannable Messages - Malformed MIME

    Posted Apr 08, 2010 02:47 PM
    We have a virus policy - unscanable - delivery message normally.  So other policy should work.

    Arrow_203 : why are you ccommodating the application?  Can you push back to get them to clean up their mime structures?


  • 7.  RE: Unscannable Messages - Malformed MIME

    Posted Apr 13, 2010 12:35 PM
    Because communication with the vendor is basically non existent


  • 8.  RE: Unscannable Messages - Malformed MIME

    Posted Apr 15, 2010 04:17 PM

    We receive mail from various clients of ours who have their own apps that often compose "unscannable" messages.

    It was impossible for us to use a group method and chase down every possible external address that could send us an unscannable email.

    We just bit the bullet and Allowed malformed MIME.