Spam is delivered with no indication of why it was not deleted, or even if it was detected, when viewing the messages Message Audit Logs entry.
When using Bypass actions for both Spam and Content Filtering rules that are triggered by the message, both rules will be bypassed. The Message Audit Logs though will not show any rule triggered and the spam message appears as though it passed scanning without any detection.
i.e. Spam rule actions include "Bypass content filtering policy", and Content Filtering rule actions include "Bypass spam scanning". This configuration will result in actions for both rules being skipped.
Symantec is currently investigating this and will address the logging issue in a future release. Please subscribe to this document to receive updates.
There is currently no workaround for this issue other than to ensure that you do not have anti-spam and content filtering rules which will both take the "Bypass" action acting on the same policy group.
Imported Document ID: TECH196802
Subscribing will provide email updates when this Article is updated. Login is required.