Unscannable for other reasons
search cancel

Unscannable for other reasons

book

Article ID: 391363

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

In certain scenarios, you may encounter a verdict in Message Audit Logs that reads "Unscannable for other reasons". This is not an error and indicates that the Messaging Gateway was unable to decompose, extract, or scan a part of the email message for reasons other than either encryption of the message part or exceeding some internal limit of the message decomposer.

In some instances a filename will be included to indicate the attachment that was unable to be scanned but in others the file name will show [empty filename].

 

Cause

If there is an error extracting a message part for scanning or when attempting to scan a message part for content or malware, the Messaging Gateway generates one of three "Unscannable" verdicts to indicate that some part of the message content could not be scanned for content or malware:

  • Unscannable for Limits - attachment size exceeded, internal archive depth limits exceeded, maximum file compression exceeded, etc
  • Unscannable for Disarm - attachment could not be scanned by Disarm module
  • Unscannable for Other Reasons - all other message scanning failures

If the message part has a file name in the metadata, SMG will display that filename in the audit logs (Status > Message Audit Logs) to indicate which part of the message could not be scanned, for example:

------=_NextPart_000_0006_01C6E163.5F51B500
Content-Type: application/x-msdownload;
        name="putty.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="putty.exe"

If, however, the message part that could not be scanned does not have a file name as part of the metadata, SMG displays [empty filename] as a placeholder to indicate that the message part was unnamed:

--vkogqOf2sHV7VnPd
Content-Type: application/octet-stream;
Content-Transfer-Encoding: base64
Content-Disposition: inline;

Resolution

This is expected behavior from the Messaging Gateway product when encountering email content that cannot be scanned and, by default, messages which cannot be scanned for malware are deleted.

The default Unscannable policies may be found in the Malware > Policies page but Broadcom does not recommend changing the default verdict as this may allow unscanned, malicious content into the network.

Powered by Wolken Software