A message might violate more than one policy. You can add special headers to the outgoing messages that report the number and severity of policies the message violates. Three different kinds of violation-data headers are available:
Number of violated policies - a header can be added reporting the total number of different policies that the message violates.
Highest severity - a header can be added reporting the single highest severity level among all policies that the message violates (High, Medium, Low, or Info).
Cumulative severity score - a header can be added reporting a total severity score which is the numeric sum of all policy violations. For this purpose, severity levels are assigned numeric values: High=4, Medium=3, Low=2, and Info=1. Thus, a message that violates both a Low (2) and Medium (3) severity policy has a total severity score of 5.
You can use headers to trigger downstream responses that are based on the number of violations or the severity of violations. For example:
Messages that violate a single policy can be routed to one quarantine mailbox. Messages that violate multiple policies can be routed to a second mailbox. Messages that violate over a specified number of policies can be routed to a third mailbox.
Messages that violate multiple policies can be handled differently according to the severity level of the most serious violation.
Messages that violate multiple policies can be handled differently according to the total severity score of the message.
Enabling policy violation data headers :
Three multiple-policy headers can be used in combination.
To enable policy violation message headers:
Procedure Step1 : Go to System > Servers > Overview and click on the wanted Network Prevent Server (Email).
Procedure Step2 : On the Server Detail screen that appears, click Server Settings.
Procedure Step3 : Scroll down to one of the three following RequestProcessor settings. By default, the value for these settings is false.
Procedure Step4 : Change the value to true.
Procedure Step5 : Click Save.
Changes to these settings do not take effect until you restart the server.
Three RequestProcessor advanced settings enable different kinds of multiple-policy-violation message headers:
RequestProcessor.TagPolicyCount.
When the setting is set to true, Network Prevent adds a header reporting the total number of policies that the message violates. For example, if the message violates 3 policies a header reading: "X-DLP-Policy-Count: 3" is added.
RequestProcessor.TagHighestSeverity.
When the setting is set to true, Network Prevent adds a header reporting the highest severity among the violated policies. For example, if a message violates three policies, one with a severity of "Medium" and two with a severity of "Low" a header reading: "X-DLP-Max-Severity: MEDIUM" is added.
RequestProcessor.TagScore.
When the setting is set to true, Network Prevent adds a header reporting the total cumulative score of all the violated policies. Scores are calculated using the formula: High=4, Medium=3, Low=2, and Info=1. For example, if a message violates three policies, one with a severity of "medium" and two with a severity of "low" a header reading: "X-DLP-Score: 7" is added.
Setting a value to "true" causes the corresponding header to be automatically added to every outgoing message that is processed. This occurs even if the message violates only a single policy.