Identifying the keyword expression that led to a blocked mail

Product / Version includes:

Interscan Messaging Security Virtual Appliance 9.0 , Interscan Messaging Security Virtual Appliance 8.5

Last updated: 2025/05/08

Solution ID: KA-0003106

Category: Configure , Troubleshoot

Summary

Learn which keyword expression in the policy triggered the rule and blocked the email in InterScan Messaging Security Suite (IMSS) or InterScan Messaging Security Virtual Appliance (IMSVA).

If an email was blocked due to the content, you will not readily see in the logs which keyword expression triggered the action.

To verify the keyword expression, configure a notification for blocked emails:

On the policy that detected the email, configure the action to send out a notification to the email administrator. The notification should contain “%DETECTED%”.
Resend the email so it will pass through the IMSS or IMSVA server. When the email is blocked again, you will receive a notification with information on the PERL regular expression that triggered the policy.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Identifying the keyword expression that led to a blocked mail

Identifying the keyword expression that led to a blocked mail

Product / Version includes:

Summary