I have a customer who i am blocking file attachments however I need to give one user full the ability of getting the email without the content filter affecting him.
I cant see away of doing... anyone got any ideas on how i could do this...
Event error id is 417. Restarting SMS did nothing. The registry key is correct and is set to 0. Unable to find anything on Symantec's web site regarding this combination of errors. Any suggestions as to how to get the VSapi to reconnect?
Es posible instalar SMSMSE en un segundo servidor en lugar de instalarlo en el mismo donde esta instalado el Exchange Server?
gracias
I upgraded Mail Security to 7.5.5 a few months ago and migrated my File Name Rule (which has a habit of erroneously identifying pdf files as containing javascript) to a content filtering rule set to scan container files using the same match list that I used for the File Name Rule. Everything works great, with one exception. When using the File Name Rule, the wildcards in a match list had to match the entire file name. When using the wildcard match list in a Attachment Name content filtering rule, it doesn't (even when you specify "Whole Term" in the matching options). Since "*.com" is in that match list, any attachment that contains the name of a website from the .com tld (such as google.com) gets caught and quarantined, along with a couple of other miscelaneous files.
So, as an example, whenever I request a quote from one of our venders the quote file they send me contains their website and gets quarantined even though it's not actually a .com file, it just happens to contain the website in it's filename. So, I figured I would convert the wildcard match list over to a RegEx match, since it actually contains appropriate characters for specifying that a file name should end with .com. The issue that I've ran into with this is case sensitivity. There's no way to disable case sensitivity in regular expressions, at least when filtering by attachment name. This means going through to each of my regular expressions and manually making them case insensitive. So... I have to convert ".*\.COM$" into ".*\.[cC][oO][mM]$". That should work, however it's clunky and there should be other ways to make something this simple function.
Ideally, we should have a way to specify flags for regular expressions. Baring that, the ability to make attachment name content filtering rules case insensitive when filtering with regular expressions would suffice.
Any other ideas for a workaround?
Hello all!
Running symantec mail security for microsof exchange v 7.5.5.128 on windows 2012R2
One of our customer is being spammed:
He's getting email who's display name is Loteria Nacional.
Email come from many different domains so i can't use this for the content filtering rule.
I've tried to add this lines as a match list but it doesen't work.
rule is for any part - literal string
Loteria Nacional De Espana
Loteria Nacional
how can i block emails from a specific display name?
Thanks for your support!
Hola, he detectado a travez de Mail Security de Enpoin que este no analiza bien el contenido de los archivos comprimidos.
Dentro de mis filtros he creado una politica de revision de tal menera que todo correo entrante o saliente con un adjunto comprimido lo analice, esta semana recibimos nuevos virus pero estan usando el compresor 7zip.
Dentro de este viene un .vbs
He aislado el codigo y estoy revisando el contenido y que hace:
Necesito ayuda para poder detenerlo:
El codigo que trae es el siguiente:
Tuve que agregar esta extension.
Hello Community ,
Please confirm if the "Symantec ™ Mail Security for Microsoft® Exchange" solution allows to an automatically identified group of people (AD group) to automatically move the captured SPAMs directly to the "junk mail" folder at the Microsoft Outlook client .
Dears,
I just wanna know what is the limitation of evaluation license for mail security for exchange for example is it limited for specific number of mail boxes ?
Thanks in Advance
Доброго времени суток!
Среда : DAG - Exchange 2016 Version 15.1 (Build 396.30) / SMSMSE 7.5.4. 109
Нужно: реализация Black List, но без оповещения Original Recipient.
Сам Black List работает, но я хочу чтобы подозрительные письма попадали в карантин но пользователь не знал об этом.
Нативной рализации ,как я понял, нет.
На форуме нашёл реализацию из двух Правил контент фильтра, но не работает. Там на втором правиле предлагается отлавливать сообщения с замененым текстом. Только это не работает т.к. нужно одно и тоже сообщение два раза пропустать через проверку, а так не делается.
Вот прошу помощи, кто сталкнулся и кто как сделал?
Hi everyone!
My Environment : DAG Exchange 2016 Version 15.1 (Build 396.30) and SMSME 7.5.4 109
I created "Black list" by Content Filtering Rules.
How i can delete/disable notification for recipients? I want only "Quarantine entire message".
i want to block different file types other than the extensions mentioned in file type rules in symantec mail security for exchange .. how can i do that
Hi,
A customer has asked me to create a rule in Symantec Mail Security for Exchange which blocks all mail with certain subject. The subject to be blocked is 'Some text (12345)' being 12345 whatever combination of numbers, but always five.
I have tried to create a Match list with this regular expression: \d\d\d\d\d and called it 'Five digits'. Then, a Content filter rule that scans subject and rule content with match type regular expression (also tried literal string. Content: Contains. Match all items. And in the box below:
Some text(
Five digits
)
But it doesn't work.
How can I achieve this?
I'd like to ask for your help. I've set up Outbreak Managament according to the documentation but it seems I've misconfigured something, because it simply won't do what I want.
My goal is simple: SMSME automatically recognizes mass spams and handle it accordingly.
With this done, I thought it is going to work. However, when a user in my domain is trying to send mass emails, SMSME alerts me every time which is not good. Not to mention that when I see mass emails from outside are not even recognized by Outbreak Management.
Thank you and looking forward to your answer,
Csaba
Hello,
I setup a content filtering rule in SMSME to block all attachments in the 'rule' tab (company policy) except for a white list of approved SENDERS we defined, in the 'users' tab.
However, I would like to skip that rule for certain recipient email accounts (for candiates sending resumes for example). However, the 'users' tab only allows to choose between sender or recipient, not both (thus the radio button) as shown below.
I would like to keep the current sender filtering but add recipient filtering to skip this rule when the recipient is in the list. Any idea how I could get this working?
I'm running SMSME 7.5.4.109 on Win2k8 R2
Just raising awareness of a new (free!) white paper from Symantec Security Response!
The latest ISTR special report, Email Threats 2017, casts a light on a threat landscape where attackers are actively spreading malicious threats, BEC scams, and a variety of spam through email.
Full white paper: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-email-threats-2017-en.pdf
Hello, everyone.
I configure policy by principle: block all file type in attachments and add an exceptions to this policy.
But Symantec Mail Security is beginning block or quarantined some messages for example messages from Microsoft Exchange with subject "Undeliver: ....".
When i was seeing to Event Logs, i found there logs about: "
Can you help me with this situation?
Hi ,
We are using Symantec Mail security for exchange 7.5 in our organization.We have enabled premium anti spam feature and so far its working fine for inbound spams.But its premium anti spam feature is not blocking outgoing spams from our exchange email server.
Just wanted to confirm if it only block inbound spam?
We can create a custum outgoing rules but just want to know if it's premium anti spam has this functionality to automatically block outgoing spam from our email server.
HI,
I am getting alot of the following errors in event log.
The description for Event ID 514 from source Brightmail cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
[Brightmail] (ALERT:22584.3448): [12462] Low disk space detected: stats will not be processed.
There is plenty of room on the disk that has the SMSME install, and from what I can see SMSME is working correctly
SMSME Verion 7.5.6.125
Exchange Server 2016 CU7
Hi
I am trying to write a script that can pipe the name of the intelligent updater file
I am trying to manually update SMSMSE 7.5.3.100 on our Exchange servers using a script. I have read the following link and this works manually through the command prompt (https://support.symantec.com/en_US/article.HOWTO12...) but I want to script it (Powershell seems the obvious choice).
I have a script that copies the latest intelligent updater file to a location but I am unable to pipe the name of the file into a .bat file for the following command:
<Date-rev>-core15v5i32.exe /Extract VIRSCAN.zip "C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs32\incoming"
The .exe file seems to only support the /Extract switch which I can't use in Powershell.
If anyone has any ideas as to how to script this that would be great,
Thanks
Chris
Hello, Guys.
I have a some question. We configured policy in "Content Filtering Rules". In this policy we allowed some types of files, all another we block. Question: if some files do not belong to this policy, so Does SMSFE scan this files which skip by all configured policies?
Thank you.
