Message Characteristics

Note: Some tests can only be run if your system has a license for the associated module. If a specific module (Anti-Spam, Anti-Virus or Extended Policy) is required, it is noted next to the "message characteristic" below.

'To' Address

Analyze the To headers in the message. To analyze all message recipients, including Cc and Bcc recipients, use the Recipient's address test.

(Supports Multiple Test Expressions)

Always Match

Do not analyze the message. This test is always true. The action is performed regardless of the message characteristics.

Attachment name (Extended Policy Module)

Analyze the Content-Type and Content-Disposition headers (or file contents when using true file type identification) to determine the filenames of each message attachment. Expands the %%ATTACHMENT_NAMES%% template variable.

The Arguments button exposes the following options:

Note: With true file type identification selected, all Microsoft Office documents are detected as OLE2 data files. Tests for these document types should use ".ole2" as the file extension rather than the actual declared, application-specific file extension. File extensions detected as OLE2 are:

(Supports Multiple Test Expressions)

Attachment size (Extended Policy Module)

Analyze the size of each message attachment. This test applies to any MIME attachment, including text/plain and text/html message body parts. Expands the %%ATTACHMENT_NAMES%% template variable.

Attachment type (Extended Policy Module)

Analyze the Content-Type headers (or file contents when using true file type identification) to determine the type of each message attachment. Expands the %%ATTACHMENT_NAMES%% template variable.

The Arguments button exposes the following options:

Note: With true file type identification selected, all Microsoft Office documents are detected as OLE2 data files. Tests for these document types should use "application/x-ole2" as the Content-Type rather than the application-specific Content-Type (for example, application/vnd.ms-powerpoint, application/vnd.ms-excel, or application/msword).

(Supports Multiple Test Expressions)

Body size

Analyze the size of the body of the message.

Content-Type

Analyze the value of Content-type headers in the message.

Envelope from

Analyze the Envelope From value in the message.

(Supports Multiple Test Expressions)

Envelope group

Analyze the Sender or Recipient(s) Group(s), depending on the message's direction, and match them against the specified group.

(Supports Multiple Test Expressions)

Envelope to

Analyze the Envelope To value in the message. Specify individual recipients or lists of recipients. However, if a message addressed to a number of recipients tests true, specified actions are performed for all recipients. If, for example, a message with an attachment is addressed to five recipients, two of which match a list specified in the "Envelope to" test, and an "Drop attachment" action is also specified, none of the five recipients receive the attachment.

(Supports Multiple Test Expressions)

Header contains word or phrase

Check the header for a specified word or phrase.

(Supports Multiple Test Expressions)

Header exists

Check for the occurrence of a specific header.

(Supports Multiple Test Expressions)

Header size

Analyze the size of the message header.

(Supports Multiple Test Expressions)

Message contains a virus (Anti-Virus Module)

Scan the message for viruses.

Message contains suspicious attachments (Anti-Virus Module)

Check message attachments for filenames or file extensions specified in the Suspect Attachment Names list and check Content-Type and Content-Disposition headers for attachment types specified in the Suspect Attachment Types list.

The Arguments button exposes the following options:

Message contains the specified virus (Anti-Virus Module)

Analyze the virus names; automatically runs the Message contains a virus test.

(Supports Multiple Test Expressions)

Message contains unscannable data (Anti-Virus Module)

Returns true if virus scanning for a message fails, and no viruses were found in the message. This test must be preceded by the test "Message contains a virus", or it will be ineffective. Use this test to differentiate between messages that cannot be scanned for some reason (for example, encryption), and messages that contain viruses (either instance causes pmx_virus to return true).

Specify the types of unscannable content that PureMessage will allow or deny by editing the cantscan.conf file.

Message contains word or phrase (Extended Policy Module)

Only the "contains" and "Matches regex" Operators are recommended for this test. The "is" and "matches" tests compare against the entire text of the message, which is usually not desirable when looking for a particular phrase.

(Supports Multiple Test Expressions)

Message has offensive content (Anti-Spam Module)

Analyze the visible text in a message; compare it to the contents of the Offensive Words List. This test decodes base64/quoted-printable encoded text and strips out HTML markup before looking for a match.

Message is from blocked IP

Checks the sender's IP address against IP blocklist data from SophosLabs. IP addresses defined in the IP Blocking Exception, Trusted Relay IPs and Internal Hosts lists are exempted.

This test is a policy level implementation of MTA level IP blocking. It is not effective if the IP Blocker Service is configured and running, as messages that would match are rejected by the MTA before reaching the policy. Using this test in the policy allows more flexibility in handling messages from blocked IP addresses, but is not as efficient as rejecting the messages at the MTA.

Message size

Analyze the total message size.

Never match

Do not analyze the message. This test is always false. The action is performed regardless of the message characteristics.

Number of attachments (Extended Policy Module)

Analyze the total number of message attachments.

Number of recipients (Extended Policy Module)

Analyze the total number of message recipients.

Percentage of 8-bit characters (Extended Policy Module)

Analyze the total number of 8 bit (non-ASCII) characters in the message body. Use to check whether a message is 7 bit-clean (pure ASCII).

Received header

Analyze the Received headers in the message.

Recipient's address

Analyze the To, Cc and Bcc headers in the message.

(Supports Multiple Test Expressions.)

Relay

Analyze the hostname or IP address of the server that passed the message to the local domain.

(Supports Multiple Test Expressions.)

Reply-to header

Analyze the Reply-to headers in the message.

(Supports Multiple Test Expressions)

Sender's address

Analyze the From headers in the message.

(Supports Multiple Test Expressions)

Spam probability (Anti-Spam Module)

Calculate the message's spam probability. If a message passes through several Spam probability tests, the message is only scanned once for its spam probability; its score is saved. This makes it possible to have different actions based on different spam probability ranges without having to scan the message multiple times.

Spam rule hit (Anti-Spam Module)

Analyze the names of spam rules violated by the message; automatically performs the Spam probability test. Refer to the Anti-Spam Rules page for a list of configured rules.

(Supports Multiple Test Expressions)

Subject

Analyze the contents of the message subject.

(Supports Multiple Test Expressions)