Symantec.com
VERITAS.com
Partners
About Symantec
WelcomeProducts & ServicesSecurity ResponseSupportSolutions & IndustriesLicensingTraining
Enterprise
Symantec.com > Enterprise > Support > Knowledge Base

PRINT THIS PAGE PRINT THIS PAGE

RATE THIS PAGE RATE THIS PAGE

Show me how to: Use a match list to filter message bodies for prohibited content

Question/Issue:
This page describes how to block specific words or phrases in an email message body using a match list and associated rule. The installed product is Symantec Mail Security 4.0 for Microsoft Exchange.

Symptoms:
Show me how to: Use a match list to filter message bodies for prohibited content This page describes how to block specific words or phrases in an email message body using a match list and associated rule. The installed product is Symantec Mail Security 4.0 for Microsoft Exchange.

Solution:
The following sections describe how to filter unnecessary email. The method used is a combination of a match list and a rule to filter.

Before you begin:
This document is provided "as is" and is not supported by Symantec online or phone support.
Make sure the user is a member of the SMSMSE Admins security group.
Symantec Mail Security 4.0 for Microsoft Exchange does not have the ability to open password protected archives or archives using encryption.
Renamed archives to another extension cannot be opened properly.


Tutorial: This document contains tutorials that can help you with some of its steps. If you are having trouble with the steps in a section, you can start the tutorial for that section by clicking the "show me these steps" button.


To create/configure a match list
  1. To access and start the single-server interface do one of the following:
    • On the Windows taskbar, click Start > Programs > Symantec MS for Microsoft Exchange > Symantec Mail Security for Exchange.
    • On the desktop, double-click Symantec Mail Security for Exchange.
  2. In the left pane of the single-server interface, click Configuration.
  3. Click Match Lists.
  4. In the right pane, under Match Lists, click Add new.

    In the left pane Add/Delete Match List is highlighted.
  5. In the right pane, under Add Match List, type a name in the Match list name box.
    The example used in the tutorial is: Tutorial - prohibited

    Do not use punctuation (a period or other characters) at the end of a name. If you do use punctuation, the message "The field Match list name contains invalid characters (&%?\:/*?.|><'#@+=")" appears when you click Save.
  6. In the Match list description box, type text that describes the match list.
    This description box does not affect the function of any rule, or the match list itself. The purpose of the field is to give the administrator a description of the function of the match list.
  7. In the right pane, under This List Contains, click Literal strings.
  8. In the Match list filter box, type the literal strings.
    The example used in the tutorial is the following:

    *Free*Loans*


    Each phrase or word that you type occupies a single line in the match list filter box. The following symbols and characters are permitted:

    ! @ # $ % ? & * ( ) _ + } { " : > < ? | ? , . / ; ] [ = -

  9. Click Save.


To create/configure a Filtering rule
  1. To access and start the single-server interface do one of the following:
    • On the Windows taskbar, click Start > Programs > Symantec MS for Microsoft Exchange > Symantec Mail Security for Exchange
    • On the desktop, double-click Symantec Mail Security for Exchange
  2. In the left pane, in the single-server user interface, click Policies > Standard Policy > Filtering subpolicy.
  3. In the right pane, Under Filtering Subpolicy, click Add new.
    In the left pane, Filtering Subpolicy expands with Add/Delete Filtering rule selected.
  4. In the right pane, under Add Filtering Rule, do the following:
    • Type a name in the Filtering rule name box.
      The example used in the tutorial is: Tutorial - rule

      Do not use punctuation (a period or other characters) at the end of a name. If you do use punctuation, the message "The field Match list name contains invalid characters (&%?\:/*?.|><'#@+=")" appears when you click Save.

      Enable rule should be checked. This is the default setting. Do not change this setting.
    • Under this rule applies to, click SMTP inbound scanning.
  5. Scroll down to the Create expression section. To scroll down use the vertical scroll bar located on the right edge in the right pane. Under the Create expression section, do all of the following:
    • In the Choose conditional box, do not change from If.
    • In the Choose attribute box, in the drop-down list, click Message Body.
    • In the Choose comparison box, do not change Contains.
    • Click A member of Match List.
    • In the A member of Match List: drop-down list, click Tutorial - prohibited
    • Click Add.
      In the Expressions in this rule box, the following text appears for the newly created rule (you may need to use the horizontal scroll bar to view the entire text.):
      "If Attachment Name Contains a member of Name and extension block match list"
  6. Scroll down to the section Action to take.
    Under this section pick an option best meeting your companies security policies. For this tutorial, click the option Delete attachment/message body, replace with text description.
    For more details on Actions to take, click Help at the bottom of the right pane. In the search box type the following:

    unscannable file is detected


    Scroll down to the table under When an unscannable file is detected. This table contains two columns, the first is the action and the second a description. Choose the option best meeting your needs when creating the rule for your set up.
  7. In the section Replacement text the box contains a sample message and variables sent to the enabled administrators or sender.
    A list of variables is available by clicking Help and in the search box type the following:

    replacement text

  8. The Email notifications section contains check boxes for To administrators and To sender with associated boxes for Subject Line and Message Body. The check boxes are enabled by default. For this tutorial no changes are made to the default states.
    The following explains the purpose and contents of Subject Line and Message body:
    • The Subject Line box contains suggested text sent to the administrators. You can change the provided sample text and replace with your own text.
    • The Message Body box contains text and variables. The sample text and variables provide details on the tagged email.
  9. The final section is Alerts. This section contains Messenger Service Alert and AMS Alert. By default, each check box is checked. The Alert text box contains text sent to the enabled alert services. Make no changes to this section for this tutorial.
  10. Click Save.


Testing
Symantec recommends testing every new or modified rule to ensure it works as expected. Using a test network is recommended. This allows more control over the process and is generally quicker when sending mail through the system.

For this tutorial send a message with *Free*Loans* in the message body.




RATE THIS SOLUTION
Was this solution helpful to you?
Yes
No
If any information was unclear, or the information you were seeking was not provided, please let us know. Your feedback will help us improve this service.

NOTE: Comments entered here will NOT recieve a personal email response.


Document ID: 2004062116264654
Last Modified: 06/25/2007
Date Created: 06/21/2004
Operating System(s): Windows XP Pro, Windows 2000 Pro, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Exchange 2000 Standard Edition, Exchange 2000 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, Exchange 2003 Standard Edition, Exchange 2003 Enterprise Edition
Product(s): Symantec Mail Security 4.0 for Domino , Symantec Mail Security 4.0 for Microsoft Exchange
Release(s): SMS 4.0, SMS 4.0 [All Releases], SMS 4.0.1, SMSME 4.0, SMSME 4.0 [All Releases], SMSME 4.0.1



Site Index · Legal Notices · Privacy Policy · Contact Us · Global Sites
©1995 - 2009 Symantec Corporation