I've configured a content filtering rule to block based on attachment name with a list of extensions (*.bat, *.exe, for example) but it blocks files without those extensions.
- The files blocked erroneously by the rule will contain the match term someplace in the file name. For example, your matchlist contains *.com and the file name caught was sampledomain.com.pdf
- The content filtering rule blocking the files is set to Match type: "Contains":
- An event will be written to the application event log indicating that your rule blocked the file:
Event Type: Warning
Event Source: Symantec Mail Security for Microsoft Exchange
Event Category: Content Enforcement Rules
Event ID: 291
The message "None" located in Administrator/Drafts has violated the following policy settings: Scan: Auto-Protect
Rule: Example rule
The following actions were taken on it:
The attachment "example.com.pdf" was Quarantined for the following reason(s):
A Filtering Rule was violated.
When configuring a new content rule, the content type will default to "Contains" instead of "Equals" for the terms you are trying to match. A content rule set to "Contains" with terms such as *.com in the match list, will match against .com anywhere in the attachment name, not just as the extension.
Change the content section to "Equals" instead of "Contains" when trying to match attachments based on extension.
To make this change:
- Open the SMSMSE console
- Navigate to Policies -> Content filtering rules
- Locate the rule referred to in the event log entry
- Right click the rule in question and select Edit rule...
- On the main "Rule" tab, change the "Match Type:" dropdown from Contains to Equals and then click OK
- Click Deploy changes.
The rule should now function as expected.