Disable Content Checking Alerts

Disable Content Checking Alerts (Full Version)

All Forums >> [Web & Mail Security] >> GFI MailSecurity

Message

fburnham -> Disable Content Checking Alerts (9.Oct.2009 1:40:46 PM)
I have configured several custom content checking rules scanning for specific words in the subject line of incomming email. One rule continues to send alerts to users despite the fact that I have unchecked the "Notify Local User" attribute. This rule is set to delete the email, and log occurrences to a specified file. I have other content checking rules configured in this manner, yet these do not send alerts upon detection. These rules also log to a file, and I can see that it is continuing to be populated with new occurences. Since the content checking alert scans for a specific SPAM message occuring in high frequncy lately, this alert is showing up ALOT in users mail boxes when I'd rather not have the system clutter up their already overstuffed email. We're using GFIMailSecurity 10 on a Windows SBS 2003 for Exchange. Any thoughts?

benvincenti -> RE: Disable Content Checking Alerts (12.Oct.2009 5:32:37 AM)
fburnham, Can you kindly go to Start -> Run -> CMD -> and type in 'IISRESET' and see if the issues persists? Regards, Ben Vincenti GFI Software - www.gfi.com Web & Mail Security, Archiving & Fax, Networking & Security

fburnham -> RE: Disable Content Checking Alerts (12.Oct.2009 9:14:08 AM)
Ben, Thanks for the advice. Last week prior to your response we rebooted our systems after applying some system updates. One would assume the IIS services would be restarted and clear any problems, but we still receive these user notifications. This morning I went ahead and restarted the IIS services as you suggested anyway. After restarting IIS I have also configured yet another content filter just like the one I reported as causing problems. I'll be curious to see if users get any further delete notifications today. I'll keep you updated either way. Thank you for your response. Frank Burnham

fburnham -> RE: Disable Content Checking Alerts (12.Oct.2009 1:44:03 PM)
Ben, Running IISRESET has not aleviated the unwanted user notifications. I also unchecked the admininstrator notification item hoping to turn off all notifications; this also has had no effect. I reset IIS services again after the changes just in case. This had no effect. If you or anyone else has any other suggestions, it would be much appreciated. Thank you, Frank Burnham

jeepville -> RE: Disable Content Checking Alerts (19.Oct.2009 9:26:46 AM)
I am having the same problem. I am getting hundreds of alerts a day to my email as I have a rule that deletes current spam viruses. I rebooted the machine yesterday and that didnt help I am still getting the emails even though notify local user and administrator are unchecked. Version: 10.0 Build: 20090526

fburnham -> RE: Disable Content Checking Alerts (19.Oct.2009 10:36:17 AM)
Jeepville, FYI In the absence of any known fixes, we are considering purchase of the upgrade to the latest build and a maintenance agreement. We were unable to obtain any support directly from GFI since we are out of maintenance on our build. Regards, Frank Burnham

jeepville -> RE: Disable Content Checking Alerts (19.Oct.2009 10:37:51 AM)
I believe I am current on my maint I just downloaded the latest build and installed it and rebooted and boom here comes new messages from my delete rule even though its unchecked.

fburnham -> RE: Disable Content Checking Alerts (19.Oct.2009 11:22:07 AM)
Jeepville, Well, at least you can now get some support. This is truly an unpleasant issue they should patch. Please keep me posted as I am due to install the new build also. Frank

dsidler -> RE: Disable Content Checking Alerts (21.Oct.2009 3:39:10 AM)
Exact same problem here. I'm receiving hundreds of Administrative Notifications per day that should not be sent in the first place. We're on build 20090526 currently, I might give 20090819 a try when time permits. But given the fact that the release notes don't mention this issue I don't have high hope this was fixed. Anybody here from GFI who would care to look into this? Regards, Dan

jeepville -> RE: Disable Content Checking Alerts (23.Oct.2009 1:11:16 PM)
When I talked to support they said if any of the rules it hits on have notify checked then it will notify. Which isn't the way it used to work but that's all he could help once I went through and unchecked notify they all stopped and now I don't know when things go to quarantine. So problem solved and not solved.

efpav -> RE: Disable Content Checking Alerts (23.Oct.2009 5:27:31 PM)
I have the same problem. I think it is generated when the decompression engine detects a threat. Alas, there are no notification settings associated with the decompression engine. I'm scared to try it, but it looks like there may be a registry key that orders the modules: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\ContentSecurity\MailSecurity\Sources\51\plugins 3;14;12;4;13;11;6;15;1;2 My decompression engine is Plugin ID 4, which coincidentally falls fourth in the module order. I wonder if bumping it down the line might help...?

efpav -> RE: Disable Content Checking Alerts (24.Oct.2009 8:20:31 AM)
There are some additional anomalies I'm experiencing with this issue. I run in gateway mode for several remote domains. I reordered the applications so that MailEssentials removes the spam before running through MailSecurity. As a result, I should be able to identify and even block these messages by subject/keyword in MailEssentials to alleviate the problem in MailSecurity. There is no evidence of these messages passing through MailEssentials however, and thus efforts to block by subject/keyword are fruitless. So this leaves two possibilites I suppose: 1) the messages are outbound (which they do not appear to be), or 2) perhaps the messages are crafted to bypass MailEssentials SMTP Event Sinks

Page: [1]