I received a report of a false negative from SBG. The message audit log shows the following:
Message Data |
|
ID: |
c0a8cc06-b7c27ae000002466-26-4b9278dc1835 |
|
Message-ID: |
<blu138-w2382d1fbc5452eb7090b62a2370@phx.gbl> |
|
Tracker: |
AAAABhMwDsITMDb+EyoXtRMqbX4TKuSCEysKIQ== |
|
Accepted From: |
65.55.111.164 |
|
Scanners: |
Symantec Brightmail Gateway |
|
Time accepted: |
Saturday, Mar 06, 2010 07:46:36 AM PST |
|
Direction: |
Inbound |
|
Sender: |
hugoteixeirag@hotmail.com |
|
Original recipients: |
scrossley@xxxx.com |
|
Original Subject: |
re |
|
Full attachment list: |
None |
|
Suspect attachments: |
None |
Recipient Data |
|
Intended recipient: |
shaun.crossley@xxxx.com |
|
|
|
Verdict: |
Verdict |
Filter Policy |
Group |
Details |
None |
default |
default |
None |
|
|
|
|
Actions taken: |
Deliver message normally |
|
|
|
Delivery: |
Delivered To |
Delivery Time |
x.x.x.x |
Saturday, Mar 06, 2010 07:46:36 AM PST |
|
|
|
|
Untested verdicts: |
Message was sent from a suspect spammer, Locally identified suspected virus, Suspected virus, Content Compliance violation: Delete Executable Files Violations, Content Compliance violation: Delete Email Policy Violations, Content Compliance violation: Legal Disclaimer, Content Compliance violation: Delete True Type Executable Files Violations, Unknown recipient, Connection Class, Default Connection Class, Connection Class 1, Connection Class 2, Connection Class 3, Connection Class 4, Connection Class 5, Connection Class 6, Connection Class 7, Connection Class 8, Connection Class 9, Bounce attack signature present, Known language |
|
|
|
Other recipients: |
|
|
|
|
There a couple interesting things to note about this one. First, the message contents are quite obviously spam:
At medrx got top brand name non generic like Cialis Vicodin Phentermine Xanax and more for less than your local pharmacy from home with no doctor hastles with extremely prompt ordering and descreet shipping.
Hotmail: Free, trusted and rich email service. Get it now.
Also, the policy for this recipient is using the default, which normally catches things with keywords like this.
We have the "cannot retrieve LiveUpdates except for rapid response updates" bug currently affecting us. Since switching to the rapid response updates, I've been noticing this stuff more and more. I was advised that the upgrade for SBG 9 will resolve this bug. Is there an updated release date for the version 9 update? Anything else I can do to help prevent this sort of stuff from getting through?
Thanks!