Analyze the To headers in the message. To analyze all message recipients, including Cc and Bcc recipients, use the Recipient's address test.
(Supports Multiple Test Expressions)
Do not analyze the message. This test is always true. The action is performed regardless of the message characteristics.
Analyze the Content-Type and Content-Disposition headers (or file contents when using true file type identification) to determine the filenames of each message attachment. Expands the %%ATTACHMENT_NAMES%% template variable.
The Arguments button exposes the following options:
(Supports Multiple Test Expressions)
Analyze the size of each message attachment. This test applies to any MIME attachment, including text/plain and text/html message body parts. Expands the %%ATTACHMENT_NAMES%% template variable.
Analyze the Content-Type headers (or file contents when using true file type identification) to determine the type of each message attachment. Expands the %%ATTACHMENT_NAMES%% template variable.
The Arguments button exposes the following options:
(Supports Multiple Test Expressions)
Analyze the Sender or Recipient(s) Group(s), depending on the message's direction, and match them against the specified group.
(Supports Multiple Test Expressions)
Analyze the Envelope To value in the message. Specify individual recipients or lists of recipients. However, if a message addressed to a number of recipients tests true, specified actions are performed for all recipients. If, for example, a message with an attachment is addressed to five recipients, two of which match a list specified in the "Envelope to" test, and an "Drop attachment" action is also specified, none of the five recipients receive the attachment.
(Supports Multiple Test Expressions)
Check the header for a specified word or phrase.
(Supports Multiple Test Expressions)
Check message attachments for filenames or file extensions specified in the Suspect Attachment Names list and check Content-Type and Content-Disposition headers for attachment types specified in the Suspect Attachment Types list.
The Arguments button exposes the following options:
Analyze the virus names; automatically runs the Message contains a virus test.
(Supports Multiple Test Expressions)
Returns true if virus scanning for a message fails, and no viruses were found in the message. This test must be preceded by the test "Message contains a virus", or it will be ineffective. Use this test to differentiate between messages that cannot be scanned for some reason (for example, encryption), and messages that contain viruses (either instance causes pmx_virus to return true).
Specify the types of unscannable content that PureMessage will allow or deny by editing the cantscan.conf file.
Only the "contains" and "Matches regex" Operators are recommended for this test. The "is" and "matches" tests compare against the entire text of the message, which is usually not desirable when looking for a particular phrase.
(Supports Multiple Test Expressions)
Analyze the visible text in a message; compare it to the contents of the Offensive Words List. This test decodes base64/quoted-printable encoded text and strips out HTML markup before looking for a match.
Checks the sender's IP address against IP blocklist data from SophosLabs. IP addresses defined in the IP Blocking Exception, Trusted Relay IPs and Internal Hosts lists are exempted.
This test is a policy level implementation of MTA level IP blocking. It is not effective if the IP Blocker Service is configured and running, as messages that would match are rejected by the MTA before reaching the policy. Using this test in the policy allows more flexibility in handling messages from blocked IP addresses, but is not as efficient as rejecting the messages at the MTA.
Do not analyze the message. This test is always false. The action is performed regardless of the message characteristics.
Analyze the total number of 8 bit (non-ASCII) characters in the message body. Use to check whether a message is 7 bit-clean (pure ASCII).
Analyze the To, Cc and Bcc headers in the message.
(Supports Multiple Test Expressions.)
Analyze the hostname or IP address of the server that passed the message to the local domain.
(Supports Multiple Test Expressions.)
Calculate the message's spam probability. If a message passes through several Spam probability tests, the message is only scanned once for its spam probability; its score is saved. This makes it possible to have different actions based on different spam probability ranges without having to scan the message multiple times.