When the Symantec Messaging Gateway transforms a message as the result of an action list that includes delete or strip actions - which are usually messages that are forwarded, bounced, or included in a notification - any attachments that were in the original message are stripped.
Rather than finding the attachment that was part of the original message, you will find the following text:
The placeholder NAME_OF_FILE would the name of the file that was stripped.
The Symantec Messaging Gateway is designed to sanitize messages that it transforms by stripping attached content. This is a security measure taken to make sure that malicious or problematic attachments are not accidentally passed through the scanner by an unsuspecting rule created by an administrator. The contents of the original message, itself, will be retained as per the created rule.
The sanitization of transformed messages is by design. If it is necessary to capture a message to be explicitly delivered or redirected with attachments intact, the Incidents Quarantine feature will allow administrators to explicitly forward a message without stripping attachments.