Viewing the text that violated a content filtering policy
Symantec Messaging Gateway can identify the text that violated a content filtering policy. It also specifies in which message part the text is contained (for example, the subject line or message body). You can see this information when you view the details of a specific incident. You can use this information to help you fine-tune and troubleshoot your content filtering policies.
The only content filtering conditions that let you view the text that violated a policy are as follows:
- Contains
- Matches regular expression
- Matches pattern
- Starts with
- Ends with
- Matches exactly
For each message, Symantec Messaging Gateway can display a maximum of 50 matching strings per policy group. Each matching string displays only the first 100 bytes of the text.
This feature is not available for any incidents that existed before you upgraded to Symantec Messaging Gateway 9.5.
To view the contents of incident folders, you must have Full Administration rights or rights to access each content incident folder separately.
- To view the text that violated a content filtering policy
- In the Control Center, clickContent.
- In theIncident Managementtask pane, select the content incident folder that contains the incident that you want to view.
- In theIncident IDcolumn, click on the incident ID number for the incident in which you want to view the details.
- UnderIncident Details, click the hyperlink besideMessage scan results: <policy name>to view the content that violated the policy. The hyperlink is the name of the policy.The text that violated the policy and the message part that contains the text appears in the<policy name> Policy Match Textwindow.For example, a policy named 'XYZ' is a content filtering policy. When an email message violates this policy, underIncident Details, click 'XYZ' inMessage scan results: XYZwhich is hyperlinked. You can view the content that violated policy 'XYZ'. The text that violated the policy and the message part that contains the text, appears in theXYZ Policy Match Textwindow.
- ClickCloseto close the<policy name> Policy Match Textwindow.The<policy name>that appears in this window is the name of the policy which caused the message to go to the incident folder.