The message audit audit log displays a smime.p7m or smime.p7s attachment. A notification that is sent when the email triggers a content filtering policy displays the attachment as none.

Please note the difference:

- smime.p7m files are used to encrypt the entire message

- smime.p7s are encrypted signatures added to emails

The MTA, which is responsible for generating the notification, does not consider the p7m/p7s file as an attachment. This works as designed. The reason the Message Audit Logs display the attachment is because the scanner component (bmserver) is more rigourous than MTA when determining the various message parts.

This works as designed. It is possible to report on these attachments by using a content filtering policy such as;

If the file metadata is MIME type "application/x-pkcs7"
If the file metadata has a filename containing "smime.p7"

Applies To

Symantec Messaging Gateway is installed and you have created notifications using the $attachments$ variable.