02-19-2018 11:12 AM - edited 03-20-2019 09:55 PM
When is this going to get fixed? This has impacted several of our users as we have a disclaimer added to every single email so our users know if an email is coming from the outside. I need this fixed ASAP.
02-20-2018 12:52 AM
A workaround should be adding a message body in the content filter which does not add the disclaimer for now.
Via GUI you can do this;
condition
1. Message Body - contains text : ("(?i)text/calendar|BEGIN:VCALENDAR", 1)
or
2. Message Body - contains text : ("(?i)method=REQUEST|METHOD:REQUEST", 1)
Action: Skip Filters.
select: If one or more conditions match"
commit
--------------
If you are using CLI and working with message filters then you could do this:
MeetingRequest: if (body-contains("(?i)text/calendar|BEGIN:VCALENDAR", 1)) OR (body-contains("(?i)method=REQUEST|METHOD:REQUEST", 1)) {
log-entry("No Disclaimer");
skip-filters();
}
Try to bring this filter to a higher position than the other filters with disclaimers
But we all know this is only a workaround and not a fix and Cisco is already working on it.
02-20-2018 05:39 AM
02-27-2018 10:23 AM
I have the same situation. The options aren't really good options. My invites are coming in blank, other than the subject. No attachments, no nothing.
03-01-2018 06:23 AM
I was able to resolve this by removing any disclaimers applied via the ironport appliances and apply them via Exchange transport rules.
03-05-2018 04:04 AM
Here our workaround for incoming calendar invites :
CLISkip_Footerv5: if (header("X-MS-Exchange-Calendar-Originator-Id")) OR ((header("x-ms-exchange-calendar-series-instance-id")) OR ((attachment-filename == "invite.ics") OR
((attachment-filename == ".ics$") OR ((header("X-Barracuda-RBL-Trusted-Forwarder")) OR (body-contains("BEGIN:VCALENDAR", 1)))))) {
skip-filters();
}
Hope that helps.
That filters support gmail, baracuda, office365, Lotus Notes and classical ICAL.
03-05-2018 10:29 AM
03-05-2018 10:31 AM
03-06-2018 08:59 AM
This affects both inbound and outbound meeting invites, correct? We apply disclaimers outbound, and we are seeing this behavior.
03-06-2018 09:01 AM
03-06-2018 09:03 AM
Ah thanks. So it is in both directions. We first noticed it on inbound messages that we were adding headers to, based on content filters. This is bad.
03-06-2018 09:06 AM
03-06-2018 09:11 AM
Mostly spoof warnings, Also there are warnings about encrypted attachments, etc. Tags that tell people how to submit suspected phishing, etc.
03-06-2018 09:43 AM
03-16-2018 10:31 AM
The bug says the status is "fixed", however I do not see an updated version on Cisco's web site. Is this truly fixed? In my ironport there is a version 11.1.0 build 072 available, but that doesn't show up on Cisco's web site either.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: