An email with a PDF attachment (or other type of attachment) is Quarantined due to the File Name Rule (see Error section).

If prior versions of SMSMSE were used this behavior is not seen. See this article for details of this change: See Symantec Mail Security for Microsoft Exchange (SMSMSE) Does not Decompose PDF, ACE, BZIP2 Attachments for Viruses

The Windows Application Event log contains the 291 event similar to this:

Log Name:      Application
Source:        Symantec Mail Security for Microsoft Exchange
Date:          3/18/2011 10:16:32 AM
Event ID:      291
Task Category: Content Enforcement Rules
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      W2K8-EX2K10-65.ex2k10lab.test
Description:
The attachment "test.pdf" located in message with subject "testing with pdf", located in SMTP has violated the following policy settings:
    Scan: Auto-Protect
    Rule: File Name Rule
The following actions were taken on it:
    The attachment "test.pdf" was Quarantined for the following reason(s):
        UNAUTHORIZED FILE was found in javaScriptFile.js.
 

Conditions

• Opening the PDF (or other file) does not show any attachments of the type listed in the Windows Application Event Log message.
• File name rule is enabled.

1. Open the SMSMSE Administration Console.
2. Click on the Policies tab.
3. Click on Views|Content Filtering|File Filtering Rules.
4. The rule with the name File Name Rule has the Status Enabled.

SMSMSE has the ability to "decompose" and open many file types.  Typical examples are ZIP files.  However SMSMSE has the ability to open PDF and DOCX files as well.  It is not obvious by opening the PDF file there are embedded files.  When SMSMSE opens the PDF file and finds an embedded file the File Name Rule is applied to the embedded file.  This is by design.

Choose one of the following approaches:

• Remove the file extension causing the quarantine from the File Name Rule.

1. Open the SMSMSE Administration Console.
2. Click on the Policies tab.
3. Click on Views|Content Filtering|File Filtering Rules.
4. Click on the rule File Name Rule.
5. Click the Select... button for Match list for prohibited file names.
6. Highlight the match list to use.
7. Click the Edit match list... button.
8. Remove the appropriate file extension.
9. Click the OK button to close the match list terms.
10. Click the Close button to close the Select a match list dialog window.
11. Click the Deploy Changes button to save the changes.

• Configure SMSMSE to not open container attachments for File Name Rule processing.

1. Open the SMSMSE Administration Console.
2. Click on the Policies tab.
3. Click on Views|Content Filtering|File Filtering Rules.
4. Click on the rule File Name Rule.
5. Click the checkbox Bypass scanning of container files(s).
6. Click the Deploy Changes button to save the changes.

NOTE: This option skips the opening of all containers include ZIP files.
NOTE:  This option has no affect on virus scanning.  Any virus scanning options still apply to containers.