Content Filtering violations are not detected for "Attachment Name" match types when the attachment is a renamed blank text file.

Article:TECH199900  |  Created: 2012-11-19  |  Updated: 2012-11-19  |  Article URL http://www.symantec.com/docs/TECH199900
Article Type
Technical Solution

Issue



 When testing a content filtering rule set to scan "Internal messages (store)" Symantec Mail Security for Microsoft Exchange (SMSMSE) does not take action as configured against the test attachment.

 

Conditions

  • The content filtering rule is set to scan "Attachment Name".
  • The content filtering rule is set to scan "Internal Messages (store)".
  • The test attachment consists of a blank text file with the extention renamed to some term contained in the configuration of the content filtering rule for test purposes.

 


Cause



When a content filtering rule is set to scan "Internal messages (store)" in SMSMSE, it uses Microsoft technology called Virus Scanning Application Programming Interface (VSAPI) to scan items in the message store. VSAPI passes items with blank attachments to SMSMSE as if the item did not contain an attachment.


Solution



 When testing "Internal messages (store)" attachment blocking rules, use a legitimate file of the type specified in the rule, or alternatively include at least one character in the content of the test text file prior to renaming the test text file.




Article URL http://www.symantec.com/docs/TECH199900


Terms of use for this information are found in Legal Notices