The message audit audit log displays a smime.p7m or smime.p7s attachment. A notification that is sent when the email triggers a content filtering policy displays the attachment as none.
Please note the difference:
- smime.p7m files are used to encrypt the entire message
- smime.p7s are encrypted signatures added to emails
The MTA, which is responsible for generating the notification, does not consider the p7m/p7s file as an attachment. This works as designed. The reason the Message Audit Logs display the attachment is because the scanner component (bmserver) is more rigourous than MTA when determining the various message parts.
This works as designed. It is possible to report on these attachments by using a content filtering policy such as;
If the file metadata is MIME type "application/x-pkcs7" If the file metadata has a filename containing "smime.p7"
Symantec Brightmail Gateway 9.5 is installed and you have created notifications using the $attachments$ variable.
Imported Document ID: TECH160506
Subscribing will provide email updates when this Article is updated. Login is required.