Undesired images not detected by Image Control heuristics (false negative)

book

Article ID: 170109

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

Undesired images that should not reach the intended recipient are not being detected by Image Control heuristics in Symantec Email Security.cloud. This results in a false negative.

Cause

The overall verdict for an email is calculated based on the average of all images contained within the email. It is possible that an email may not be detected if it contains one bad image among multiple legitimate images.

Resolution

Image Control settings

Consider changing the sensitivity of the Heuristics filter to a higher setting. Log in to the Symantec.cloud console, and navigate to Services > Email Services > Image Control.

Note: It is not possible to adjust the heuristics themselves, only the sensitivity level.

If you do not obtain the desired results and cannot make further adjustments to the sensitivity level, use the Blocked Images list. You can also use the mechanics available in other filters of the Symantec.cloud service, such as Anti-Spam or Data Protection.

Email Track and Trace

Use Email Track and Trace to ensure that the email was scanned by the Symantec.cloud, or review the email headers and verify that they contain the Symantec relay specific entries, Received: from mailX.bemtaXXX.messagelabs.com.