i have an Email Gateway appliance EG 5500 with version 6.7.2
i didn't create rules for image analyses and i want to ask if i should create rules for images??
i think that the McAfee defaults can drop porn images but it seems that it is not. i tested it by sending 2 pictures as attachements and they were received as normal emails..
can any one help me with this issue, please.
If you have a compliance need to check emails for inappropriate content, then yes, you should use this. It is dramatically more efficient than manually reviewing or random sampling.
The analysis is not 100% accurate however, and will sometimes flag messages with baby pictures and those with multiple images embedded. Start at sensitivity 60 or higher,.and then adjust upward or downward depending on your volume and false positives.
Because of the false positives, you may want to archive (Archive - Immediate Email) a copy off to a review mailbox for a compliance reviewer to check rather than stripping the attachment and affecting some legitimate emails.
In your case where it sounds like the action isn't being applied to a test email you think it should, the immediate-archive to a review mailbox approach would also give you instant feedback if a message was flagged by the image analysis rule without having to check logs - just watch the review mailbox. If your test email isn't being flagged then you can investigate your rule to confirm it is 'applied' correctly and adjust sensitivity as needed until it does flag as desired.