beautypg.com

Troubleshooting virus blocking – Google Message Security for Google Apps Administration Guide User Manual

Page 196

background image

196

Message Security for Google Apps Administration Guide

Troubleshooting Virus Blocking

Why was this virus delivered despite virus blocking?

In most cases, the user receiving the message was not registered in the message
security service. Following is the process for troubleshooting and determining
what happened:

1.

Check the headers of the virus-infected email to determine the recipient,
and see whether the message was sent directly to and was accepted by
your mail server, bypassing

the message security service

:

a.

Many email clients put messages from different servers into the same
inbox, so a user may believe the virus-infected message was received
from a server protected by the message security service. Review the
email headers to make sure that they include your email server. If they do,
continue to the next step. If they do not, inform the recipient of this
condition.

b.

Some viruses propagate by a method that does not follow DNS standards
for selecting MX records. They send an email to the highest numbered
server, or randomly pick one from port scans. To determine if the email
actually passed through the message security service, review the
message headers for the strings listed below (the pound sign is replaced
by various numbers). If any of these strings exist in the header, write
down the addresses in the To field and continue to the next step. If none
of the strings exist, the message was delivered directly to your email
server.

exprod#mx#.postini.com

chipmx#.postini.com

chip#mx#.postini.com

eu#sys#amx#.postini.com

Resolution: The message was delivered directly to your email server and did
not go through the message security service. To remedy this, set up your
email server or firewall to only accept email from the message security
service’s IP ranges. See “Setting Up Secure Mail Delivery” on page 495 for
details on how to prevent this.

2.

Check whether virus blocking is enabled and make sure it is not set to
Message Header Tagging.

a.

Click the Orgs and Users tab, and search for the organization that
contains the user who received the message.

b.

Click Virus Blocking.

c.

If the Virus Disposition is set to Message Header Tagging, then all
messages containing viruses are delivered to your mail server. Perform
the resolution below. Otherwise, continue to the next step.

See also other documents in the category Google Software: