K S,
There are a couple of different ways to detect the existence of your .msp files. You could create a policy to look for a file type of *.msp in the attachment. This may or may not create false positives but it's a possibilty. Also, Symantec does provide a utility called the "File Type Analyzer" that can be installed on any workstation.
FTA is just a java based utility that you use to target certain files (.msp) and once targeted, FTA will provide you with an output that contains the binary code of that file type. That binary code can then be added into a policy. In order to use the "Custom File Type Signature" option in the policies, you will need to modify the manager.properties file as follows:
1. Edit the manager.properties file located in \SymantecDLP\Protect\config
2. Add the "true" value to the line com.vontu.manager.policy.showcustomscriptrule=true
3. Restart the Vontu Manager service and upon service restart you will be able to create a policy inclusion that shows as "Custom File Type Signature"
4. Copy the contents from the FTA utility into the custom signature section of the policy rule
Using FTA will allow you to detect the binary makup of the actual file type which means if a user were to save a .msp as a differnent file type, you would still be able to detect that information because the binary would not change.
Hope this helps