Settings - Content Scanning
To configure bad message handling, container settings, and content filtering dictionary searches, go to the
Protocols > SMTP > Settings
page and click the Content Scanning
tab.Item | Description |
|---|---|
Enable bad message handling | Choose whether messages that cause a Brightmail Engine failure are sidelined to the bad message queue. |
Number of retries before classifying a message as bad | Specify the number of times the Brightmail Engine scans a bad message before placing it in the bad message queue. |
Maximum container scan depth | A container is unscannable if the nested depth in a container file exceeds the number specified. Examples of container scan depth include nested directories in a .zip file or nested sets of replies and forwards in an email message. |
Maximum time to open container | A container is unscannable if the specified time elapses during a scan of container attachments. |
Maximum individual file size when opened | A container is unscannable if any individual component of the container when unpacked exceeds the size specified. |
Maximum accumulated file size when opened | A container is unscannable if the total size of all the files in a container when unpacked exceeds the size specified. |
Enable scanning of attachments for words in dictionaries | Choose whether searches for words in dictionaries should be performed on attachments. Checking this option maximizes the effect of content filtering, but it can affect the system load and slow performance. |
Enable scanning of data URLs | Lets you scan data URLs in the HTML body. If you enable this setting, Symantec Messaging Gateway extracts data URLs from the HTML body to identify the true-type of the data URL. Rules that are based on true-types run on the true-type of data URLs. The default setting is enabled. |
Maximum character sets to consider | The maximum character sets, apart from default/top character set, that Symantec Messaging Gateway uses when it filters a message. Symantec Messaging Gateway tries to identify the character set of a message if it does not have one. If the Symantec Messaging Gateway identification engine returns more than one character set, then it converts the message to UTF-8 with the top character set. Symantec Messaging Gateway also tries to convert the message to UTF-8 with the next Maximum character sets to consider character sets. Then Symantec Messaging Gateway filters each copy of the UTF-8 converted message. As you increase the value of this setting, performance decreases because Symantec Messaging Gateway filters each message copy. This option also increases memory utilization because Symantec Messaging Gateway keeps each copy in the memory. Do not change this setting from the default of 0 unless you are instructed to do so by Technical Support. You can type a value of 0 to 36. The default value is 0. |
Maximum message part size for multiple character set | The maximum size of the message part that Symantec Messaging Gateway considers for filtering with multiple character sets. For example, assume Maximum character sets to consider is 2 and Maximum message part size for multiple character set is 10 KB. Also assume that a message contains two message parts for which Symantec Messaging Gateway identifies four character sets: message-part1 size = 5 KB, message-part2 size = 15 KB. Symantec Messaging Gateway filters message-part1 with the top character sets (default/top + Maximum character sets to consider ). But it filters message-part2 with only top-1 (default/top) character set.As you increase the value of this setting, performance decreases because Symantec Messaging Gateway scans bigger message parts with multiple character sets. This option also increases memory utilization because Symantec Messaging Gateway keeps each copy in the memory. If you set this value to 0, Symantec Messaging Gateway filters no message part with multiple character sets. You can enter a value of 0 bytes to 1000 MB. The default value is 10 KB. |
Only extract OLE-native content from structured storage | Symantec Messaging Gateway currently detects some Microsoft document file internals as TrueType executables. This can trigger false positives for some users.
If this box is unchecked, Messaging Gateway continues to detect these internals as executables. If this box is checked, Symantec Messaging Gateway detects only OLE-native content as executables, and ignores the Microsoft document file internals. |