Messaging Gateway

 View Only

 Unable to detect content filtering after executing "delete allrules" command on scanner

Maithili Shanmuganathan's profile image
Maithili Shanmuganathan posted May 08, 2023 01:10 AM

Hi Experts,

Content filtering on certain scanners does not work after executing "delete allrules" .

1. Is that expected product behavior of SMG? or it is a bug?

2. I would like to request an accurate range guide where the command "delete allrules" is applied. (Spam, Antivirus, Other Rules, etc.)
"allrules
Delete all rules and replace them with the factory default rules." 

Thank you.
Regards,
Maithili

Art_P's profile image
Broadcom Employee Art_P

This is expected. If you view the help for the delete command, you will see what is deleted when you choose "allrules" in the "Rule components" section.

The content filters you create are held in the "gatekeeper" rules, so if you delete that ruleset, your content filters will no longer exist until redistributed to the scanners. You can redistribute the rules by re-saving the rules (or possibly making a small change and re-saving).

For the most part, you generally do not need (or want) to delete allrules. If you need to delete rules, choose the rules you specifically need to delete.

Also, If you delete rules, restart the "connector" service to re-download rules (service connector restart). As noted though, the connector does not affect the gatekeeper rules, so if you delete those you will need to re-save your content filters.

Maithili Shanmuganathan's profile image
Maithili Shanmuganathan

Hi Art,

Do I need to do anything other than "re-saving the content filtering rules" after using the "delete allrules" command?

Assume that we do not use the "service connector restart" command to avoid updating spam and virus rules.

Assume tasks in the following order.

1. conduit service stop

2. delete allrules

3. bmserver service restart

Please advise.

Thanks & Regards,
Maithili

Thomas Anderson's profile image
Broadcom Employee Thomas Anderson

"re-saving" the compliance policies will push the updated rules out to the scanners attached to the BCC, independent of whether the connector process is running.  However, be warned that simply bringing the policy up in the gui and pressing "save" without making any modifications may NOT have the desired result:  The GUI code can detect whether any changes have actually been made and may avoid "saving" identical content.
The more deterministic way is to make some edit/change before pressing save.  

It would be really helpful if you would describe what you are trying to accomplish here:  why would you run with the connectory disabled?  why would you delete all rules?  If you describe what your goals are, then the members of the community here who have implemented something similar can help you by posting tips and advice.   Also, if the goal involves a long, or error prone process, that input will be valuable for the product team when planning product enhancements and features.

Maithili Shanmuganathan's profile image
Maithili Shanmuganathan

Hi  Thomas,

We did run this command "delete allrules" when there was BMserver crashed happened on 10 April. We delete allrules instead of delete spamhunterrles. 

Recently, we found that the content flittering was not working.  

After executing the "delete gatekeeperrules" command, any rule of content filtering must be saved again for normalization?

I understand that restarting the "conduit" service after executing the command "delete spamhunterrules" will normalize.
Are there any other 10 rules that need to be manually worked to normalize?
Please let me know if other rules are normalized by restarting the "conduit" service.

Thank you.
Regards,
Maithili

Thomas Anderson's profile image
Broadcom Employee Thomas Anderson


All anti-spam rules and customer specific rules are generated and delivered via Broadcom servers, hence need the conduit to poll for them and download updated rulesets.

Gatekeeper/compliance rules are those policies and actions that YOU define locally on the control center, hence using a different process/channel for delivery to the scanners from the control center.

In the general case, unless you are specifically directed to by Customer Support, I would recommend against deleting rulesets.  The system is optimized to download "deltas" from the Broadcom servers whenever possible.  If you delete any of the AS rulesets (e.g. spamhunter, regexfilter, etc.), as long as the conduit is running it will self correct, but it will force the download of entire rulesets, rather than the deltas.

In the case of the Gatekeeper/compliance rules, the rulesets are, compared to the AS rules, very small and need no such optimization, so a "save" of a compliance rule will deliver the entire ruleset to each attached scanner.

Hope this helps you out.