How To Configure Alerts for Symantec Mail Security for Domino

book

Article ID: 178062

calendar_today

Updated On:

Products

Mail Security for Domino

Issue/Introduction

You wish to configure alerts for Mail Security for Domino

Resolution

Mail Security lets you define alerts for different conditions. For example, you can configure Mail Security to notify you when it cannot eliminate a threat and has quarantined the document, but not to notify you when it is able to repair an infected file.

In addition, you can specify a user address for the return address for alerts so that the server is not the recipient of return messages that require action. When the server is the recipient for alerts, the alerts are often undeliverable and result in Delivery Failure Reports (dead mail).

You can log individually named alert statistics to the Lotus Domino Events Log. In addition, you can log threat and content filtering rule violation alerts to the Statistics view of the Mail Security Log. This gives you more information about the types of alerts that Mail Security generates.

The Mail Security and Lotus Domino Logs store an aggregate total of detected threat or content filtering rule violations. You can sort Mail Security alerts into finer classes and store individual statistics based on these classes, and you can set up administrator notifications based on these statistics.

Note: Alert notifications cannot be issued for security risk violations, such as adware or spyware.


Configuring basic alert options
When you create an alert, you must configure basic options for the alert, such as a name for the alert, to whom the alert is to be sent, and for which servers the notification applies.

When you create a description for the alert, ensure that you use a unique description that will let you discern the alert in the Alerts and Log views.

To configure basic alert options

  1. In the Lotus Notes client, open the Mail Security Settings database.
  2. In the Settings view, double-click a server group.
  3. In the Group document, on the Configuration > Alerts tab, do one of the following:
  • Double-click an existing alert to modify it.
  • On the embedded view toolbar, click New Alert to create a new alert.
  1. In the Alert Notification document, on the Basics tab, click Enable this alert. This option is enabled by default.
  2. Under Description, type a unique description so that you can identify it in the Alerts view.
  3. Under Servers, select one of the following:

Generates alerts for every server in the selected server group.

  • All servers in this group. This option is enabled by default.
  • The following servers. Generates alerts for only the servers that you select in the drop-down list. Separate multiple entries with commas.

7. In the Email address from which the alerts are sent drop-down list, select the return address of an administrator who can act on response messages.
8. On the action bar, click Save.

Specifying alert conditions
You must specify the conditions that will trigger the alert; the conditions from which you can choose are as follows:
 

  • Scan type: Lets you specify which scan type detected the infection or violation
  • Violation type: Lets you specify the type of infection or violation
  • Document origin: Lets you specify the source of the document or email message
  • Violation area: Lets you specify where in the document or email the violation or infection is found
  • Action taken: Lets you specify the action that was taken with the document that contained the infection or violation

To specify alert conditions
1. In the Lotus Notes client, open the Mail Security Settings database.
2. In the Settings view, double-click a server group.
3. In the Group document, on the Configuration > Alerts tab, do one of the following:

  • Double-click an existing alert to modify it.
  • On the embedded view toolbar, click New Alert to create a new alert.

4. In the Alert Notification document, on the Alert Condition tab, under Scan Type, select one or more of the following:

  • Manual: Generates alerts when violations are found during manual scans
  • Scheduled: Generates alerts when violations are found during scheduled scans
  • Real Time Mail: Generates alerts when violations are found during auto-protect scans of email messages
  • Real Time Writes: Generates alerts when violations are found during auto-protect scans of database writes

5. To specify the parts of the message where the violation occurs, under Violation Area, select one or more of the following:

  • Attachment: Generates alerts when violations are found in email message attachments.
  • Subject: Generates alerts when violations are found in the email message subject line. The violation must match the conditions that are specified in the content filtering rule, in which the specified attribute is Subject.
  • Body: Generates alerts when violations are found in the body of email messages. The violation must match the conditions that are specified in the content filtering rule, in which the specified attribute is Body.

6. To specify the nature of the violation, under Violation Type, select one or more of the following:

  • File Name: Generates alerts caused by file name violations. The violation must match the conditions that are specified in the content filtering rule, in which the specified attribute is Attachment name.
  • Document Size: Generates alerts caused by violations in document size. The violation must match the conditions that are specified in the content filtering rule, in which the specified attribute is Size or Attachment size.
  • Author: Generates alerts caused by violations in document authors. The violation must match the conditions that are specified in the content filtering rule, in which the specified attribute is Sender.
  • Threat: Generates alerts caused by threats that are found in documents or attachments.
  • Scan Error: Generates alerts caused by scan error violations that are found. Attachments that exceed any of the container limits or are encrypted container files are reported as scan error violations.
  • Content: Generates alerts caused by violations in the contents of documents or attachments. The violation must match the conditions that are specified in the content filtering rule, in which the specified attribute is Body.
  • File Type: Generates alerts caused by violations detected during multimedia and executable file type analysis.

7. To specify the action that was taken when a violation is detected, under Action Taken, select one or more of the following:

  • Ignored document: Selects the alerts to generate for documents on which Mail Security logs the event only.
  • Copied document: Selects the alerts to generate for documents that Mail Security copies to the Quarantine. This option generates alerts for violations to content filtering rules in which the option that you select is to copy the document to the Quarantine..
  • Cleaned document: Selects the alerts to generate for documents that Mail Security repairs. This option generates alerts for violations to policies in which the option that you select is to repair infected attachments.
  • Removed attachment/document: Selects the alerts to generate for documents or attachments that Mail Security deletes. This option generates alerts for violations to policies in which the option that you select is to delete attachments.
  • Quarantined document: Selects the alerts to generate for documents or attachments that Mail Security quarantines. This option generates alerts for violations to policies in which the option that you select is to Quarantine attachments.

8. Under Document Origin, select one or more of the following:

  • Internet: Selects the alerts to generate for documents that originate from the Internet. This option generates alerts for violations to content filtering rules in which the attribute that you select is Internet Domain.
  • Notes: Selects the alerts to generate for documents that originate from a local Domino server or domain. This option generates alerts for violations to content filtering rules in which the attribute that you select is Domino Domain or Domino Server.

9. On the action bar, click Save.

Customizing alert messages
Mail Security lets you customize different alert messages for each alert recipient. To create email message alerts more efficiently, you can substitute tokens to
represent custom text. Please note that HTML tags are not supported.

For example, {GREEN.EN_US}{18.EN_US}{ITALIC.EN_US}{COURIER.EN_US} %Author% {BLACK.EN_US}{NORMAL.EN_US}{10.EN_US} displays the authorfs name in green, 18-point italic type and then displays the remaining text in black, 10-point normal type.

Tokens that contain the percentage character (%) are used for the subject and body of the email message. Tokens that contain braces ({}) are only used for the email message body.

Token Description
%DBName% Document's database name
%DBTitle% Document's database title
%DocumentUniqueID% Unique ID of the document (UNID)
%Author% Most recent author of the document
%Created% Creation time and date of the document
%Modified% Time and date of last modification to the document
%Accessed% Time and date that the document was last accessed
%InfectedAttachment% Name of the first infected attachment
%Virus% Name of the first threat found
%<fieldname>% Value of the <field name> in the document
When a document does not contain a specified field, leave
the token blank.
%<servername>% Name of the Lotus Domino server
{<font style>} Value of the font style The following values are available:
  • Normal
  • Bold
  • Italic
  • Underlined
  • Strikeout
  • Superscripted
  • Subscripted
  • Effect
  • Shadowed
  • Emboss
  • Extruded
For example, {BOLD.EN_US}.
{<font color>} Value of the font color
The following values are available:
  • Black
  • White
  • Red
  • Green
  • Blue
  • Magenta
  • Yellow
  • Cyan
  • Dkred
  • Dkgreen
  • Dkblue
  • Dkmagenta
  • Dkyellow
  • Dkcyan
  • Gray
  • Ltgray
For example, {MAGENTA.EN_US}.
{<font face>} Value of the font face
The following values are available: Times, helvetica, and
courier.
For example, {TIMES.EN_US}.
{<font size>} Value of the font size in whole numbers
For example, {24.EN_US}.




To customize the alert message to administrators
1. In the Lotus Notes client, open the Mail Security Settings database.
2. In the Settings view, double-click a server group.
3. In the Group document, on the Configuration > Alerts tab, do one of the following:

  • Double-click an existing alert to modify it.
  • On the embedded view toolbar, click New Alert to create a new alert.

4. In the Alert Notification document, on the Alert Messages > Administrator
tab, click Send following alert to specified administrators.
This option is enabled by default.
5. In the Specified administrators drop-down list, select the administrators and
others to notify when Mail Security detects a threat or rule violation.
6. Under Custom text to specified administrators, in the Subject box, type the subject line of the email message for the alert. The default text is: SMSDOM detected a violation in a document authorized by %Author%.
7. In the Body field, type the body of the email message for the alert. The default text is: Please check the SMSDOM Log for more information
8. To include the action that was performed by Mail Security in the email message alert to the administrator, click ReportactiontakenbyMailSecurity for Domino. This option is enabled by default.
9. To include information about the violation in the email message, click Include violation information from the log. This option is enabled by default.
10. On the action bar, click Save.

To customize the alert message to the document author and document recipient
1. In the Lotus Notes client, open the Mail Security Settings database.
2. In the Settings view, double-click a server group.
3. In the Group document, on the Configuration > Alerts tab, do one of the
following:

  • Double-click an existing alert to modify it.
  • On the embedded view toolbar, click New Alert to create a new alert.

4. In the Alert Notification document, on the Alert Messages tab, select one of
the following tabs:

  • Document Author
  • Document Recipient

5. Depending on the tab that you selected, select one of the following:

  • Send following alert to document author
  • Send following alert to document recipient


6. Under Custom text to document author, in the Subject box, type the subject line of the email message for the alert. The default text is:SMSDOMdetected a violation in a document you authored.
7. In the Body field, type the body of the email message for the alert. The default text is: Please contact your system administrator.
8. To include the action that was performed in the email message alert, click Report action taken by Symantec Mail Security for Domino. This option is enabled by default.
9. To include information about the violation in the email message, click Include violation information from the log. This option is enabled by default.
10. On the action bar, click Save.


Logging alert statistics
You can configure Mail Security to gather statistics in the Lotus Domino Events Log for the alert that you are configuring. You can select the number of times that the alert statistic must be logged to the Lotus Domino Log before the administrator receives notification of the statistic.

To log alert statistics
1. In the Lotus Notes client, open the Mail Security Settings database.
2. In the Settings view, double-click a server group.
3. In the Group document, on the Configuration > Alerts tab, do one of the following:

  • Double-click an existing alert to modify it.
  • On the embedded view toolbar, click New Alert to create a new alert.

4. In the Alert Notification document, on the Statistics tab, check Gather statistics for this alert. If you enable this option, you must specify the name of the alert statistic and
an alert threshold.
5. Under Statistic alert threshold, type the number of times that the alert statistic must be logged to the Lotus Domino Log before the administrator receives notification of the statistic.
You set notification options in the Lotus Notes Statistics and Events database. For more information, see your Lotus Notes documentation.
6. Under Alert statistic name, type the name of the alert statistic. Mail Security prepends the SAV.Alerts prefix to the name that you specify.
7. On the action bar, click Save.


Modifying an alert description
When you create an alert, you must provide a description of the alert so that you can identify it on the Configuration > Alerts tab, in the Log, and in reports. You can modify the alert description from the Configuration > Alerts embedded view or within the Alert Notification document.

To modify an alert description from the Alerts embedded view.
1. On the Lotus Notes client, open the Mail Security Settings database.
2. In the Settings view, double-click a server group.
3. In the Group document, on the Configuration > Alerts tab, in the embedded view, under Description, click on the description that you want to modify.
4. Modify the description.
5. Click anywhere outside of the description field.
6. On the action bar, click Save.

To modify an alert description from the Alert Notification document
1. In the Lotus Notes client, open the Mail Security Settings database.
2. In the Settings view, double-click a server group.
3. In the Group document, on the Configuration tab, on the Alerts tab, double-click an existing alert.
4. In the Alert Notification document, on the Basics tab, under Description, type a unique description so that you can identify it in the Alerts view.
5. On the action bar, click Save.

Deleting an alert
To better manage your alerts, you can delete an alert when it is no longer needed.

To delete an alert
1. In the Lotus Notes client, open the Mail Security Settings database.
2. In the Settings view, double-click the server group that contains the alert that you want to delete.
3. In the Group document, on the Configuration > Alerts tab, select the alert that you want to delete.
4. On the embedded view toolbar, click Delete.
5. In the confirmation dialog box, click Yes.