Content filtering rule configured to block attachments blocks items with longer names than the ones in the matchlist.
Last Updated July 14, 2014
A content filtering rule to block based on attachment name with a list of extensions (*.vb, *.ca, for example) has been configured in Symantec Mail Security for Microsoft Exchange (SMSMSE), but files without those extensions are blocked.
The files blocked erroneously by the rule will contain the match term someplace in the file name. For example, your matchlist contains *.vb and the file name caught was myfile.vbs
The content filtering rule option Whole Term is not selected.
An event will be written to the application event log indicating that your rule blocked the file:
Event Type: Warning Event Source: Symantec Mail Security for Microsoft Exchange Event Category: Content Enforcement Rules Event ID: 291 Description: The message "None" located in Administrator/Drafts has violated the following policy settings: Scan: Auto-Protect Rule: Example rule The following actions were taken on it: The attachment "myfile.vbs " was Quarantined for the following reason(s): A Filtering Rule was violated.
When configuring a new content rule, the option for "Whole Term" is disabled by default. The Whole term adds padding at the end of the extention so the system reads it as *.VB<space>, i.e., a third character in the string.
Add the Whole Term option to the rule:
Open the SMSMSE console
Navigate to Policies > Content Filtering Rules
Locate the rule referred to in the event log entry
Right click the rule in question and select Edit rule...
On the main "Rule" tab, put a mark in the check box by the Whole term option, click OK
Click Deploy changes.
The rule should now function as expected.
Imported Document ID: TECH137866
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe