Messaging Gateway

 View Only
  • 1.  Threat Analysis Score

    Posted Jun 24, 2022 03:42 AM
    Hi,

    We have Symantec Messaging Gateway v.10.7.5-4 deployed in our environment along with Symantec Content Analysis Hardware Appliance integrated with SMG.

    The setup is as follows:
    SMG scans the email and forwards the attachments to Content Analysis. 
    Content Analysis scans the attachment and give it a score based on which it is either quarantined or blocked depending upon the policy.

    Now, my question is that the score that content analysis gives to the file attachment is different in the content analysis dashboard, whereas it shows a different score when we view the email details from the SMG Control Center under threat analysis. For example; it shows a score of 6 in the Content Analysis dashboard but it shows a score of 5 in the SMG Control Center for the same attachment.

    Why is it showing different scores? Anyone has any idea? 

    Thanks


  • 2.  RE: Threat Analysis Score

    Broadcom Employee
    Posted Jun 24, 2022 02:34 PM
    The results returned to SMG from CAS provides an "aggregate" value, which is what is used to determine whether we return a verdict.  Barring some change in CAS, the aggregate values are going to be one of 0, 5, or 10.  Depending on what you were looking at in the CAS console, this may explain the difference you observed.