Messaging Gateway

 View Only
Back to discussions
Expand all | Collapse all

Passing trough messages without scanning for Virus, SPAM and Content

  • 1.  Passing trough messages without scanning for Virus, SPAM and Content

    Posted May 07, 2010 07:46 AM
    Hi There,

    Is there any chance to modfy Brightmail Gateway 9.0 so, that from a dedicated domain all messages sent through without running a policy and scanning?

    Like a white liste but without any action from Brightmail.

    Thanks in Advance



  • 2.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Posted May 07, 2010 09:27 AM
    I think you can set things up to avoid spam and compliance scanning, but I don't really think there is a way to avoid virus scanning and do you really think that's a good idea?

    My advice would be to add the domain to the Good Senders domain based list which will exclude it from spam scanning.  You could then look at creating a content filtering policy and put it highest in precedence saying something like if the from address contains your domain the deliver the message normally.  As only actions from the first compliance policy will fire(apart from Send notification and Create an incident (without holding for review) actions for any subsequent content policies) this should pretty much help you achieve no spam or content scanning.

    If you don't have any other domains in your Good Senders domain based list you could also look at adding the 'bypass compliance' scanning action to that policy, but you won't want to do this if you do have a bunch of domains in your list as compliance scanning then won't to any of those domains.

    Hope that helps,

    Kevin

    Kevin


  • 3.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Posted May 07, 2010 10:52 AM
    Hi Kevin,

    thanks for your reply.

    I already did your first advice with the "content filtering" Policy with the from Address->Ends with the trusted domain. But this does not work. The message was still blocked:

    The action by audit log is:

    Send notification,
    Hold message in Spam Quarantine

    The vedict is:
    Verdict Filter Policy Policy Group Details
    Encrypted attachment  encrypted attachment - hold message in spam quarantine  default  None 

    I have add the sender domain in the good Senders list as well but as I understand it correct, this is only for SPAM not for content or Virus.

    Why do we want to create such exclusion?
    Our trusted customer sends us a password protected ZIP file once a day. (Sending files are password protected and can't be changed).
    So you can imagine that the reciepent users are unconfortable with it when they have to release it every time.

    Can you describe this a little bit more clear, I did not understand you point:
      As only actions from the first compliance policy will fire(apart from Send notification and Create an incident (without holding for review) actions for any subsequent content policies) this should pretty much help you achieve no spam or content scanning.







  • 4.  RE: Passing trough messages without scanning for Virus, SPAM and Content
    Best Answer

    Posted May 07, 2010 11:09 AM

    So your problem here is that you are receiving an encrypted attachment verdict which is indeed part of the AV module.  Do you think your encrypted attachment policy is a bit strict?  By default the product only tags the subject line of these messages, yet you are currently sending to quarantine.  This action only means that the SBG detected an encrypted attachment and because of that weren't able to scan the file with the AV engine.  If you were to change this action it seems like it would resolve your problem...

    Kevin


  • 5.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Broadcom Employee
    Posted May 07, 2010 11:28 AM

    You would create a group and the member of the group would be *@domain.com

    Then you would uncheck all items so nothing is done for members of that group.


  • 6.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Posted May 07, 2010 11:50 AM

    You suggest to use the default Policy with modifying the subject and pass the encrypted messages through?

     



  • 7.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Posted May 07, 2010 11:57 AM
    Hi Dave,

    We did it already with a TEST_PG. But it was not working.
    I was not able to remove the default Policy group from the mentioned policy in the field:
    Apply to the following policy groups.

    SBG always marked the default  and the TEST_PG  as well. I could also see in the audit log that the default policy group blocked the message.

    I don't know why.



  • 8.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Posted May 07, 2010 12:23 PM


    Hey Guys,

    Creating a new group policy and adding the sending domain as a member of the group policy won't work as we apply policy based on the mail recipient, not the sender.

    Kevin 


  • 9.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Broadcom Employee
    Posted May 07, 2010 12:26 PM

    "Dave's not here...."

    Did you mean to address me? I was mistaken it seems, this would only work for an outgoing email to that domain.

    This is not something that can be excluded for incoming messages. You would need to assess your need to even have this kind of action for that policy.


  • 10.  RE: Passing trough messages without scanning for Virus, SPAM and Content

    Posted May 11, 2010 06:58 AM
    As KevK76 mentioned, we are now using the default policy.

    Encrypted attachments will be passed through. Subject will be modificated to warn the user.

    Thanks