You can specify the action that you want Mail Security to take when a violation occurs.
Mail Security provides the following options for processing messages that trigger content filtering rule violations:
Delete entire message
Delete attachment/message body and replace with text
You can customize the replacement text.
Quarantine entire message and replace with text
You can customize the replacement text.
Quarantine attachment/message body and replace with text
You can customize the replacement text.
Add tag to beginning of subject line
You can customize the text that you want to prepend the subject line. This rule action is not available if you apply the rule to the internal messages (store).
Log only
You can also configure Mail Security to add one or more X-headers to messages that violate the content filtering rule. Mail Security provides five default X-headers from which you can choose. Mail Security also lets you create your own X-headers. You can specify up to 25 X-headers for each violation.
See About applying X-headers to messages for archiving
To configure rule actions to delete the message
In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click Content Filtering Rules.
Do one of the following:
On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete entire message.
The default setting is: Quarantine entire message and replace with text.
Do any of the following:
Configure the remaining components of the content filtering rule.
See Configuring the conditions of a content filtering rule
See Specifying the users and groups to which the rule applies
See Specifying who to notify if a content filtering rule is violated
Click OK and then click Deploy Changes.
To configure rule actions to delete the attachment and message body and replace with text
In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click Content Filtering Rules.
Do one of the following:
On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete attachment/message body and replace with text.
The default setting is: Quarantine entire message and replace with text.
In the Replacement text box, type your customized text.
The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.
Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:
Do any of the following:
Configure the remaining components of the content filtering rule.
See Configuring the conditions of a content filtering rule
See Specifying the users and groups to which the rule applies
See Specifying who to notify if a content filtering rule is violated
Click OK and then click Deploy Changes.
To configure rule actions to quarantine entire message and replace with text
In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click Content Filtering Rules.
Do one of the following:
On the Actions tab, in the When a violation occurs box, ensure that Quarantine entire message and replace with text is selected.
This option is selected by default.
In the Replacement text box, type your customized text.
The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.
Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:
Do any of the following:
Configure the remaining components of the content filtering rule.
See Configuring the conditions of a content filtering rule
See Specifying the users and groups to which the rule applies
See Specifying who to notify if a content filtering rule is violated
Click OK and then click Deploy Changes.
To configure rule actions to quarantine the attachment and message and replace with text
In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click Content Filtering Rules.
Do one of the following:
On the Actions tab, in the When a violation occurs box, select Quarantine attachment/message body and replace with text.
The default setting is: Quarantine entire message and replace with text.
In the Replacement text box, type your customized text.
The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.
Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:
Do any of the following:
Configure the remaining components of the content filtering rule.
See Configuring the conditions of a content filtering rule
See Specifying the users and groups to which the rule applies
See Specifying who to notify if a content filtering rule is violated
Click OK and then click Deploy Changes.
To configure rule actions to prepend the subject line
In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click Content Filtering Rules.
Do one of the following:
On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Add tag to beginning of subject line.
The default setting is: Quarantine entire message and replace with text.
This rule action is not available if you apply the rule to the internal messages (store).
In the Subject line tag box, type the customized text that you want to prepend to the subject line.
The default text is: Content Violation:
Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:
Do any of the following:
Configure the remaining components of the content filtering rule.
See Configuring the conditions of a content filtering rule
See Specifying the users and groups to which the rule applies
See Specifying who to notify if a content filtering rule is violated
Click OK and then click Deploy Changes.
To configure rule actions to only log the event
In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click Content Filtering Rules.
Do one of the following:
On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Log only.
The default setting is: Quarantine entire message and replace with text.
Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:
Do any of the following:
Configure the remaining components of the content filtering rule.
See Configuring the conditions of a content filtering rule
See Specifying the users and groups to which the rule applies
See Specifying who to notify if a content filtering rule is violated
Click OK and then click Deploy Changes.