Symantec brightmail message filter not updating

19 May

was a San Francisco-based technology company focused on anti-spam filtering.Brightmail's system has a three-pronged approach to stopping spam, the Probe Network is a massive number of e-mail addresses established for the sole purpose of receiving spam.Since August 11, 2010 emails with archive file attachments infected with spam and Zbot. Applications performing the filtering do not generate any visible errors.While Symantec has updated its filter set to capture the attack, there may be cases where the attack slipped through between the time that the updated rules were being pushed out to customers and the time it took to apply those filters.TECH234968 - Configuration saved but can not be published to some SMG hosts TECH235317 - Bounce attack validation causes out of office messages to fail recipient validation TECH235330 - Office 365 rejects DSNs generated by content filtering actions TECH235404 - Command line 'delete scannerlogs' does not delete all audit log data TECH235409 - Time used for America/Santiago time zone is off by one hour TECH235411 - End user spam quarantine does not show full subject lines Issues addressed with 10.6.2-3 maintenance release Addresses issues related to security advisory SYM16-015 TECH234776 - Attempting to change Directory Integration Data Source configuration results in an invalid credentials error.TECH235737 - Following a OS crash, Messaging Gateway deployed on Hyper-V 2012 may loose network cards TECH235317 - Bounce attack validation causes some messages to fail recipient validation TECH235626 - Strip all attachments action may not occur when message is released from virus quarantine TECH235038 - Mail server restarts with signal 6 at regular intervals TECH234968 - Configuration saved but cannot be published to some SMG hosts TECH234974 - Fan failure alert on the Messaging Gateway 8340 appliance TECH234596 - Some messages become corrupted when Recipient Validation is enabled TECH234540 - Messaging Gateway content filtering dictionary rules fail to match message headers TECH234173 - Messages queue in inbound queue following update to SMG 10.6 TECH233957 - Sending Brightmail Admin Events to remote syslog server cannot be enabled for Control Center only device TECH223693 - DNS DNAME record results in failed message delivery TECH228278 - Using both aliasing and subaddress removal causes Recipient Validation failure TECH230314 - Symantec Messaging Gateway closes network connection prematurely when delivering messages.In other words, this filter will catch 95 percent of your spam.[Suspected Spam] IMT has added a second filter that works by scanning all incoming email messages that are not marked as [Spam] before they reach APU inboxes and tagging the message subject with [Suspected Spam] if it meets specific criteria defined by IMT.

Symantec does not include the following in its definition of spam: Symantec Messaging Gateway 9.5 has new disposition verdicts on Newsletter messages, Marketing mail messages and Suspicious URL messages.

False-Negative A false-negative results when Brightmail determines that a message is not spam when it in fact is spam.

According to Symantec’s published statistics, this will occur 5 times for every 100 spam messages you receive.

The following details how to configure these policies for the Brightmail products.

Messaging Gateway 10.6.0 Release Notes Messaging Gateway 10.6.1 Release Notes Messaging Gateway 10.6.2 Release Notes Messaging Gateway 10.6.3 Release Notes Issues addressed with 10.6.0-5 patch release: TECH233732 - "Disable support for SSLv3" cannot be unchecked after upgrade to 10.6.0-3 TECH233811 - Failure to build certificate chains following update to SMG 10.6 TECH232996 - Messages are not delivered from Messaging Gateway following update to version 10.6 Issues addressed with 10.6.0-7 patch release: TECH233869 - When SSLv3 option is disabled, SMG fails to negotiate ciphers on outgoing STARTTLS requests with MTAs that use only TLS1.0 protocol TECH233919 - After upgrading to Messaging Gateway 10.6.0 you cannot edit any scanner's settings TECH233477 - Setting disarm logging level at INFO or DEBUG can cause repeated msserver crashes TECH233694 - DNS resolution failure messages in the mail server log TECH233695 - Failure to detect CPU internal temperature on SMG 8340 (R210-II) platforms TECH233823 - Received header omits hostname following update to Messaging Gateway 10.6 TECH233872 - Recipient validation rejects uncached recipients with 550 response when LDAP source is unavailable TECH234165 - Delivery status notifications for failed or delayed messages may be incorrect, or marked as malformed Issues addressed with 10.6.1-3 patch release Addresses issues related to Security Advisory SYM16-007 Issues addressed with 10.6.1-4 patch release Addresses issues related to Security Advisory SYM16-010 Outstanding Issues TECH234596 - Some messages become corrupted in Symantec Messaging Gateway 10.6 when Recipient Validation is enabled.