Symantec 10744983 Administration Guide - Page 70

70 Configuring email filtering About email filtering actions on a message based on the verdict applied to that message, and the groups that include the message recipient as a member. Table 4-1 describes filtering verdicts by filtering category. Table 4-1 Filtering verdicts by category Filtering Category Verdict Description Email Firewall Directory harvest attack Connection is blocked because an attempt is underway to capture valid email addresses. A directory harvest attack is accomplished by emailing to your domain with a specified number of non-existent recipient addresses sent from the same IP address. Spam attack Connection is blocked because a specified quantity of spam messages has been received from a particular IP address. Virus attack Connection is blocked because a specified quantity of infected messages has been received from a particular IP address. Virus Virus Email is flagged because it contains a virus, based on current Symantec virus filters. Mass-mailing worm Email is flagged because it contains a mass-mailing worm, based on current virus filters from Symantec. Unscannable for Email is flagged because it exceeds the container viruses limits configured on the Scanning Settings page, or because it is unscannable for other reasons, such as the email or the attachement containing malformed MIME. Encrypted attachment Email is flagged because it contains an attachment that is encrypted or password-protected and therefore cannot be scanned Spyware or adware Email is flagged because it contains any of the following types of security risks: spyware, adware, hack tools, dialers, joke programs, or remote access programs. See Security risks for descriptions of these risks. Suspicious attachment Email is flagged because it either shows virus like signs or becuse suspicious new patteres of message flow involving this attachment has been detected.