To configure rule actions to delete the message

1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Content Enforcement, click Content Filtering Rules.

3. Do one of the following:

   Create a rule	In the sidebar under Tasks, click New rule.
   Modify an existing rule	In the content area, double-click the rule that you want to edit.

4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete entire message.

   The default setting is: Quarantine entire message and replace with text.

5. Do any of the following:

   • Configure the remaining components of the content filtering rule.

     See Configuring the conditions of a content filtering rule

     See Specifying the users and groups to which the rule applies

     See Specifying who to notify if a content filtering rule is violated

   • Click OK and then click Deploy Changes.

     See Deploying settings and changes to a server or group

To configure rule actions to delete the attachment and message body and replace with text

1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Content Enforcement, click Content Filtering Rules.

3. Do one of the following:

   Create a rule	In the sidebar under Tasks, click New rule.
   Modify an existing rule	In the content area, double-click the rule that you want to edit.

4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Delete attachment/message body and replace with text.

   The default setting is: Quarantine entire message and replace with text.

5. In the Replacement text box, type your customized text.

   The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

   See Alert and notification variables

6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

   Add an existing X-header	Do the following: Click Add X-header. In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content. In the X-header value column, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Create a new X-header	Do the following: Click Add X-header. In the X-header name box, type the name of the X-header. You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names: , . ; < > : ? / = ( )[ ] @ | ;~ In the X-header value box, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Remove an existing X-header	Do the following: Select the X-header that you want to remove by clicking to the left of the X-header name column. Click Delete X-header(s).

7. Do any of the following:

   • Configure the remaining components of the content filtering rule.

     See Configuring the conditions of a content filtering rule

     See Specifying the users and groups to which the rule applies

     See Specifying who to notify if a content filtering rule is violated

   • Click OK and then click Deploy Changes.

     See Deploying settings and changes to a server or group

To configure rule actions to quarantine entire message and replace with text

1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Content Enforcement, click Content Filtering Rules.

3. Do one of the following:

   Create a rule	In the sidebar under Tasks, click New rule.
   Modify an existing rule	In the content area, double-click the rule that you want to edit.

4. On the Actions tab, in the When a violation occurs box, ensure that Quarantine entire message and replace with text is selected.

   This option is selected by default.

5. In the Replacement text box, type your customized text.

   The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

   Add an existing X-header	Do the following: Click Add X-header. In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content. In the X-header value column, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Create a new X-header	Do the following: Click Add X-header. In the X-header name box, type the name of the X-header. You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names: , . ; < > : ? / = ( )[ ] @ | ;~ In the X-header value box, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Remove an existing X-header	Do the following: Select the X-header that you want to remove by clicking to the left of the X-header name column. Click Delete X-header(s).

7. Do any of the following:

   • Configure the remaining components of the content filtering rule.

     See Configuring the conditions of a content filtering rule

     See Specifying the users and groups to which the rule applies

     See Specifying who to notify if a content filtering rule is violated

   • Click OK and then click Deploy Changes.

     See Deploying settings and changes to a server or group

To configure rule actions to quarantine the attachment and message and replace with text

1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Content Enforcement, click Content Filtering Rules.

3. Do one of the following:

   Create a rule	In the sidebar under Tasks, click New rule.
   Modify an existing rule	In the content area, double-click the rule that you want to edit.

4. On the Actions tab, in the When a violation occurs box, select Quarantine attachment/message body and replace with text.

   The default setting is: Quarantine entire message and replace with text.

5. In the Replacement text box, type your customized text.

   The default text is: Symantec Mail Security replaced %attachment% with this text message. The original attachment content type was not allowed and was %action%.

6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

   Add an existing X-header	Do the following: Click Add X-header. In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content. In the X-header value column, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Create a new X-header	Do the following: Click Add X-header. In the X-header name box, type the name of the X-header. You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names: , . ; < > : ? / = ( )[ ] @ | ;~ In the X-header value box, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Remove an existing X-header	Do the following: Select the X-header that you want to remove by clicking to the left of the X-header name column. Click Delete X-header(s).

7. Do any of the following:

   • Configure the remaining components of the content filtering rule.

     See Configuring the conditions of a content filtering rule

     See Specifying the users and groups to which the rule applies

     See Specifying who to notify if a content filtering rule is violated

   • Click OK and then click Deploy Changes.

     See Deploying settings and changes to a server or group

To configure rule actions to prepend the subject line

1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Content Enforcement, click Content Filtering Rules.

3. Do one of the following:

   Create a rule	In the sidebar under Tasks, click New rule.
   Modify an existing rule	In the content area, double-click the rule that you want to edit.

4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Add tag to beginning of subject line.

   The default setting is: Quarantine entire message and replace with text.

   This rule action is not available if you apply the rule to the internal messages (store).

5. In the Subject line tag box, type the customized text that you want to prepend to the subject line.

   The default text is: Content Violation:

6. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

   Add an existing X-header	Do the following: Click Add X-header. In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content. In the X-header value column, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Create a new X-header	Do the following: Click Add X-header. In the X-header name box, type the name of the X-header. You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names: , . ; < > : ? / = ( )[ ] @ | ;~ In the X-header value box, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Remove an existing X-header	Do the following: Select the X-header that you want to remove by clicking to the left of the X-header name column. Click Delete X-header(s).

7. Do any of the following:

   • Configure the remaining components of the content filtering rule.

     See Configuring the conditions of a content filtering rule

     See Specifying the users and groups to which the rule applies

     See Specifying who to notify if a content filtering rule is violated

   • Click OK and then click Deploy Changes.

     See Deploying settings and changes to a server or group

To configure rule actions to only log the event

1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Content Enforcement, click Content Filtering Rules.

3. Do one of the following:

   Create a rule	In the sidebar under Tasks, click New rule.
   Modify an existing rule	In the content area, double-click the rule that you want to edit.

4. On the Actions tab, in the When a violation occurs box, use the drop-down menu to select Log only.

   See About logging events

   The default setting is: Quarantine entire message and replace with text.

5. Check Add X-header(s) to add one or more X-headers to messages that trigger the violation, and then do any of the following:

   Add an existing X-header	Do the following: Click Add X-header. In the X-header name column, use the drop-down menu to select the X-header that you want to use. You can modify the existing X-header by clicking on the text and typing the new content. In the X-header value column, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Create a new X-header	Do the following: Click Add X-header. In the X-header name box, type the name of the X-header. You can type up to 127 characters. The name must begin with "x-" or X-". The following characters are not supported in X-header names: , . ; < > : ? / = ( )[ ] @ | ;~ In the X-header value box, type the X-header value. You can type up to 127 characters. The following characters are not supported in X-header values: ~ |
   Remove an existing X-header	Do the following: Select the X-header that you want to remove by clicking to the left of the X-header name column. Click Delete X-header(s).

6. Do any of the following:

   • Configure the remaining components of the content filtering rule.

     See Configuring the conditions of a content filtering rule

     See Specifying the users and groups to which the rule applies

     See Specifying who to notify if a content filtering rule is violated

   • Click OK and then click Deploy Changes.

     See Deploying settings and changes to a server or group