Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
1
Replies

content matching

Greg.Howley
Level 1
Level 1

‎03-09-2016 11:17 AM

We have a bunch of content rules.  If a message gets quarantined because it matches a term in the dictionary, I can see what was matched in the quarantine, as it is highlighted.

However, if a message is quarantined on our Attachment type content filter (looks for some  mimetypes & filetypes) how do I tell which file matched and what type Ironport thinks it is.  For example, an email with a .dat file was recently quarantined by this rule, but we don't specifically quarantine .dat.  We do quarantine attachment-mimetype == "application/x-dosexec" and attachment-mimetype == "text/xml" (among others)

 

 

Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎03-11-2016 08:51 PM

Hey Greg,


Try to add the additional action to the filter.

"Add Log Entry" and use $MatchedContent

See if this will yield the information on what may have matched.

You will be able to see these log entries inserted in the message tracking or mail_logs on which condition was matched.

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents