Viewing the text that violated a content filtering policy

Symantec Messaging Gateway can identify the text that violated a content filtering policy. It also specifies in which message part the text is contained (for example, the subject line or message body). You can see this information when you view the details of a specific incident. You can use this information to help you fine-tune and troubleshoot your content filtering policies.
The only content filtering conditions that let you view the text that violated a policy are as follows:
  • Contains
  • Matches regular expression
  • Matches pattern
  • Starts with
  • Ends with
  • Matches exactly
For each message, Symantec Messaging Gateway can display a maximum of 50 matching strings per policy group. Each matching string displays only the first 100 bytes of the text.
This feature is not available for any incidents that existed before you upgraded to Symantec Messaging Gateway 9.5.
To view the contents of incident folders, you must have Full Administration rights or rights to access each content incident folder separately.
  1. To view the text that violated a content filtering policy
  2. In the Control Center, click
    Content
    .
  3. In the
    Incident Management
    task pane, select the content incident folder that contains the incident that you want to view.
  4. In the
    Incident ID
    column, click on the incident ID number for the incident in which you want to view the details.
  5. Under
    Incident Details
    , click the hyperlink beside
    Message scan results: <policy name>
    to view the content that violated the policy. The hyperlink is the name of the policy.
    The text that violated the policy and the message part that contains the text appears in the
    <policy name> Policy Match Text
    window.
    For example, a policy named 'XYZ' is a content filtering policy. When an email message violates this policy, under
    Incident Details
    , click 'XYZ' in
    Message scan results: XYZ
    which is hyperlinked. You can view the content that violated policy 'XYZ'. The text that violated the policy and the message part that contains the text, appears in the
    XYZ Policy Match Text
    window.
  6. Click
    Close
    to close the
    <policy name> Policy Match Text
    window.
    The
    <policy name>
    that appears in this window is the name of the policy which caused the message to go to the incident folder.