A content filtering rule to block based on attachment name with a list of extensions (*.vb, *.ca, for example) has been configured in Symantec Mail Security for Microsoft Exchange (SMSMSE), but files without those extensions are blocked.

Conditions

• The files blocked erroneously by the rule will contain the match term someplace in the file name.  For example, your matchlist contains *.vb and the file name caught was myfile.vbs
• The content filtering rule option Whole Term is not selected.  
• An event will be written to the application event log indicating that your rule blocked the file:

Event Type: Warning
Event Source: Symantec Mail Security for Microsoft Exchange
Event Category: Content Enforcement Rules
Event ID: 291
Description:  The message "None" located in Administrator/Drafts has violated the following policy settings: Scan: Auto-Protect
Rule: Example rule
The following actions were taken on it:  The attachment "myfile.vbs " was Quarantined for the following reason(s):  A Filtering Rule was violated. 

Mail Security for Exchange 7.10

When configuring a new content rule, the option for "Whole Term" is disabled by default.  The Whole term adds padding at the end of the extention so the system reads it as *.VB<space>, i.e., a third character in the string.

For versions prior to 7.9:

Enable the Whole Term option in the rule:

1. Open the SMSMSE console
2. Navigate to Policies > Content Filtering Rules
3. Locate the rule referred to in the event log entry
4. Right click the rule in question and select Edit rule...
5. On the main "Rule" tab, put a mark in the check box by the Whole term option, click OK
6. Click Deploy changes.