Large number of unscannable alerts from Symantec Messaging Gateway are being received.

book

Article ID: 156630

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

You are getting alerts from the Symantec Messaging Gateway that inform you that a large number of messages are getting deemed as unscannable. You want to know what this means and what the impact is for the environment.

Cause

The software is configured, by default, to notify you when you get 30 viral filtering detections within 24 hours. This is known as an outbreak alert.

The unscannable message verdict is part of the virus filtering module.

A message is deemed unscannable when it can't be scanned properly, typically  due to something wrong in the message encoding. If it doesn't meet the standards necessary for it to properly be scanned, it will be considered 'unscannable' and will follow the action taken for the unscannable message verdict under your inbound virus policy configuration settings.

This behavior means that someone is sending you a lot of messages that are not able to be scanned. They will only enter the environment if the action for the unscannable message policy is set to deliver the message. Otherwise, they will be treated by the default action of 'delete message'.

The software is effectively announcing that it is working; this is considered normal behavior and working as designed.

Resolution

If you suspect these messages are legitimate messages, contact support for assistance in determining what could be happening to them, otherwise you'll want to change the frequency that the alerts are sent in the outbreak alert configuration screen.

To do this:

  1. Log into the Control Center as Admin.
  2. Click Administration.
  3. Click Alerts.
  4. Increase the Threshold value to the desired amount.
  5. Click Save.