Knowledge Partner Knowledge Partner
Knowledge Partner
1373 views

Do we have any control over the sequence in which filters are processed?

Jump to solution

I'm curious about a number of points regarding how filters are processed:

  1. Do we have any control over the sequence in which filters are processed? 
  2. If a filter is triggered and causes a message to be blocked, are the remaining filters processed?
  3. Will a message be quarantined and will a user be able to release it if:
    1. An Anti-Virus filter blocks a message
    2. Another RBL filter blocks the message and quarantines it.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
1 Solution

Accepted Solutions
Knowledge Partner Knowledge Partner
Knowledge Partner

If you have a filter (such as anti-virus) that you do not want quarantined, it should be connected to both a block and a no quarantine service.  You create a no quarantine service by placing the quarantine service on your workbench and click the down arrow and set it to "force service off".

An email that hits a filter that is connected to block and no quarantine services will never go into your QMS regardless of any other filters.  This is how you prevent users from ever being able to release an email with a virus.

You have complete control over what does and does not end up in the QMS.  In my opinion, the only things that should go to quarantine are emails that have the potential to be valid.  Anything else, just set to block and no quarantine.

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!

View solution in original post

12 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

My understanding is that all filters are checked and most restrictive results are applied.

So in answer to your specific questions...

1. No

2. I think all are checked.

3. If the anti-virus filter is set to block and not quarantine, then the user would not be able to release it because that would take precedence over the RBL filter of block and quarantine.

But it is probably worth the time to verify this.

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

(Unfortunately - my opinion) there is not really a way to influence the sequence ... similar to rules in GroupWise and jump off the trip if you want.

However you have to play around then filters can be "overwritten" or can be stronger than others.

Diethmar Rimser
This community is more powerful if you use Likes and Solutions
0 Likes
Commodore
Commodore

Ken and Diethmar are correct. There's not a way to manipulate the order and have it break away from scanning once it fires on something. But, as Ken said, it's recommended to link the filters that you never want in the quarantine and risk getting released (such as virus), to be linked with a quarantine node that is set to 'forced off' (never quarantine). This way if it fires on virus and something else that is set to be quarantined, it will not get quarantined.

 

 

Knowledge Partner Knowledge Partner
Knowledge Partner

@suziew 

In my OP I asked:

Will a message be quarantined and will a user be able to release it if:

  1. An Anti-Virus filter blocks a message
  2. Another RBL filter blocks the message and quarantines it.

Are you saying that if my filters are configured in this manner the message will be quarantined and a user will be able to release it?

I certainly don't want an email containing malware quarantined so that it can be released but valid email is often blocked because the IP address is (or has become) blacklisted. I was hoping users could retrieve such email without admin intervention.

 

 

_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

If you have a filter (such as anti-virus) that you do not want quarantined, it should be connected to both a block and a no quarantine service.  You create a no quarantine service by placing the quarantine service on your workbench and click the down arrow and set it to "force service off".

An email that hits a filter that is connected to block and no quarantine services will never go into your QMS regardless of any other filters.  This is how you prevent users from ever being able to release an email with a virus.

You have complete control over what does and does not end up in the QMS.  In my opinion, the only things that should go to quarantine are emails that have the potential to be valid.  Anything else, just set to block and no quarantine.

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!

View solution in original post

Knowledge Partner Knowledge Partner
Knowledge Partner

@ketter wrote:

If you have a filter (such as anti-virus) that you do not want quarantined, it should be connected to both a block and a no quarantine service.  You create a no quarantine service by placing the quarantine service on your workbench and click the down arrow and set it to "force service off".

Thank you. That is the key piece of information I was missing.

An email that hits a filter that is connected to block and no quarantine services will never go into your QMS regardless of any other filters.  This is how you prevent users from ever being able to release an email with a virus.


That's another good point!

In my opinion, the only things that should go to quarantine are emails that have the potential to be valid.

I agree 100 percent!

_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Knowledge Partner Knowledge Partner
Knowledge Partner

If it helps any, I made a quick summary in the Tips & Information section.  See https://community.microfocus.com/t5/SMG-Tips-Information/Basic-Services-to-setup-for-SMG-Inbound-Mail-Filter-Policy/ta-p/2830576

I will try to expand upon this later when I have more time.  But hopefully it provides some helpful hints in the meantime.

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!
Knowledge Partner Knowledge Partner
Knowledge Partner

This customer's system used to be GWAVA 4 running on NetWare. In 2016 it was moved to the cloud and at some point migrated to GWAVA 6. 

There are four policies but only the SMTP policy is enabled as that is all that is available with the cloud service. It doesn't appear that the configuration has been updated in years except for a few email address exceptions I created. 

  • I get hundreds of admin notifications every day about messages that have triggered a filter.
  • Much of the scan filter configuration makes no sense to me at all. 
  • All the objects on the workbench look like this:
    G6 Import sample.PNG

That is the system I inherited!

I'm moving this on-prem to a new deployment of the SLES appliance. I will be creating all new scan policies.

I have reviewed documentation, TIDs, Tips, and Discussion Forum posts multiple times but they don't provide all the answers. I will be starting new discussions to explore topics I feel need additional clarification in the hope that other community members can also benefit.

I really appreciate the information my fellow KPs and other community members who have extensive experience with SMG can and have contributed to these discussions!

 

 

_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Ask away!  And when I get time I will expand on that tip with more info.

By the way, when I moved from Gwava 6 to SMG 7, I ended up creating a new install instead of trying to migrate.  With some excellent work from @suziew I ended up with a nice configuration.  The rule sets have gotten a bit more complex with time, but for the most part does a pretty good job for us.

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!
0 Likes
Commodore
Commodore

Using the migration tool from GWAVA 6.5 to SMG can be messy and hard to manage (like you are seeing).  I would recommend manually migrating (installing SMG fresh and coping over the settings) like we did with @ketter  system. It is much easier to manage this way.

I'd be happy to help you do that, if you'd like to open a support ticket when you're ready we can go over that.

I'm in the process of writing a TID on doing this, but have had technical difficulties with being able to get it written. Hopefully, it will be available soon.

Thanks,

Suzie

Knowledge Partner Knowledge Partner
Knowledge Partner

The only reason why I use the migration tool is to have my original configuration next to me. I never use the migrated profile it because it's a mess.

However it is a good opportunity to copy&paste information into a new designed configuration. Exceptions, nasty words and more ...

Diethmar Rimser
This community is more powerful if you use Likes and Solutions
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.