Codes of common rule settings

If logging of audit events and modified settings is enabled in Event Log settings, when general settings in the Rules → Message processing rules → relevant rule → General section are edited, detailed information about the changes is recorded in an Audit Log event.

The following table shows how the general settings of a rule are coded in an Audit Log record.

General → Rule info

Codes of common rule settings on the General → Rule info tab in the audit event record

Setting in the rule on the General → Rule info tab	Code in the audit event record	Examples
Status	`scanSettings.active` Possible values: `true` if the toggle switch is On. `false` if the toggle switch is Off.	Rule created: `scanSettings.active[][true]` `name[][New rule]` `scanSettings.ruleDescription[][Test description]` `scanSettings.ruleAction[][Scan]` priority[][2] `Rule modified:` `scanSettings.active[true][false]` `name[New rule][Some name]` `scanSettings.ruleDescription[Test description][New description]` `scanSettings.ruleAction[Scan][Skip]` `priority[2][3]` Rule deleted: `scanSettings.active[false][]` `name[Some name][]` `scanSettings.ruleDescription[New description][]` `scanSettings.ruleAction[Skip][]` `priority[3][]`
Name	`name`
Description	`scanSettings.ruleDescription`
Mode	`scanSettings.ruleAction` Possible values: `Scan` if the Use the settings of scan modules action is selected. `Skip` if the Skip without scanning action is selected. `Reject` if the Reject without scanning action is selected. `Delete` if the Delete without notifying the sender action is selected.
Priority	`priority` Possible values: a number corresponding to the priority of the rule in the rule list. For example, if there are only four rules and the priority of the rule is before rule with priority 4, the `priority` value in the audit event is `3`. Changing the priority of a rule changes the priorities of all other rules. The audit event logs a change of priority only for that rule in which the priority was changed by the administrator.

Codes of common rule settings on the General → Senders and recipients tab in audit event record

Setting in the rule on the General → Senders and recipients tab

Code in the audit event record

Examples

Sender → Apply rule to sender addresses

belongingCriteria.
senderSource

Possible values:

Envelope if From SMTP session (MAIL FROM command) is selected.
Header if From message (MIME header From) is selected.
Both if From both is selected.

Rule created:

belongingCriteria.senderSource[][Envelope]

Rule modified:

belongingCriteria.senderSource[Envelope][Header]

Rule deleted:

belongingCriteria.senderSource[Header][]

Sender → Email

Adding or removing an email address is represented by pairs of records: one record for the record type, which has the value of EMailMask, and another record for the value, which contains the added or removed line. A pair of records looks like this:

belongingCriteria.sender{N}.
EMailMask

belongingCriteria.sender{N}.
<value>

If the email address is modified, the modification is represented by a single record of the following form:

belongingCriteria.sender{N}.
<value>

Where N is the serial number of the pair in the list of pairs.

If the serial number of a pair changes, the modifications of the pair are represented by a single record of the following form:

belongingCriteria.sender{N}.
<serial number>

Rule created:

belongingCriteria.sender{0}.type[][EMailMask]

belongingCriteria.sender{0}.value[][test%2A]

belongingCriteria.sender{1}.type[][EMailMask]

belongingCriteria.sender{1}.value[][mail1@test.com]

belongingCriteria.sender{2}.type[][EMailMask]

belongingCriteria.sender{2}.value[][mail2@test.com]

Rule modified:

belongingCriteria.sender{2}.type[][EMailMask]

belongingCriteria.sender{2}.value[][mail3@test.com]

belongingCriteria.sender{1}.type[EMailMask][]

belongingCriteria.sender{1}.value[mail1@test.com][]

belongingCriteria.sender{2}.value[mail2@test.com][test_mail2@test.com]

belongingCriteria.sender{2}.Index[2][1]

Rule deleted:

belongingCriteria.sender{0}.type[EMailMask][]

belongingCriteria.sender{0}.value[test%2A][]

belongingCriteria.sender{1}.type[EMailMask][]

belongingCriteria.sender{1}.value[test_mail2@test.com][]

belongingCriteria.sender{2}.type[EMailMask][]

belongingCriteria.sender{2}.value[mail3@test.com][]

Sender → IP

Adding or removing an IP address is represented by pairs of records: one record for the record type, which has the value of CIDR, and another record for the value, which contains the added or removed line. A pair of records looks like this:

belongingCriteria.sender{N}.
CIDR

belongingCriteria.sender{N}.
<value>

If the IP address is modified, the modification is represented by a single record of the following form:

belongingCriteria.sender{N}.
<value>

Where N is the serial number of the pair in the list of pairs.

If the serial number of a pair changes, the modifications of the pair are represented by a single record of the following form:

belongingCriteria.sender{N}.
<serial number>

Rule created:

belongingCriteria.sender{0}.Index[][0]

belongingCriteria.sender{0}.type[][CIDR]

belongingCriteria.sender{0}.value[][128.168.0.0]

belongingCriteria.sender{1}.Index[][1]

belongingCriteria.sender{1}.type[][CIDR]

belongingCriteria.sender{1}.value[][0.0.0.0]

Rule modified:

belongingCriteria.sender{1}.value[0.0.0.0][0.0.0.1]

Rule deleted:

belongingCriteria.sender{0}.Index[0][]

belongingCriteria.sender{0}.type[CIDR][]

belongingCriteria.sender{0}.value[128.168.0.0][]

belongingCriteria.sender{1}.Index[1][]

belongingCriteria.sender{1}.type[CIDR][]

belongingCriteria.sender{1}.value[0.0.0.1][]

Sender → LDAP: DN

Adding or removing an LDAP:DN is represented by pairs of records: one record for the record type, which has the value of ExternalAccount, and another record for the value, which contains the added or removed line. A pair of records looks like this:

belongingCriteria.sender{N}.
ExternalAccount

belongingCriteria.sender{N}.
<value>

If the LDAP:DN is modified, the modification is represented by a single record of the following form:

belongingCriteria.sender{N}.
<value>

Where N is the serial number of the pair in the list of pairs.

If the serial number of a pair changes, the modifications of the pair are represented by a single record of the following form:

belongingCriteria.sender{N}.
<serial number>

Rule created:

belongingCriteria.sender{0}.Index[][0]

belongingCriteria.sender{0}.type[][ExternalAccount]

belongingCriteria.sender{0}.value[][test value]

Rule modified:

belongingCriteria.sender{0}.value[test value][test value #1]

Rule deleted:

belongingCriteria.sender{0}.Index[0][]

belongingCriteria.sender{0}.type[ExternalAccount][]

belongingCriteria.sender{0}.value[test value #1][]

Recipient → Email

belongingCriteria.recipient{N}.
EMailMask

belongingCriteria.recipient{N}.
<value>

If the email address is modified, the modification is represented by a single record of the following form:

belongingCriteria.recipient{N}.
<value>

Where N is the serial number of the pair in the list of pairs.

If the serial number of a pair changes, the modifications of the pair are represented by a single record of the following form:

belongingCriteria.recipient{N}.
<serial number>

Rule created:

belongingCriteria.recipient{0}.type[][EMailMask]

belongingCriteria.recipient{0}.value[][test%2A]

belongingCriteria.recipient{1}.type[][EMailMask]

belongingCriteria.recipient{1}.value[][mail1@test.com]

belongingCriteria.recipient{2}.type[][EMailMask]

belongingCriteria.recipient{2}.value[][mail2@test.com]

Rule modified:

belongingCriteria.recipient{2}.type[][EMailMask]

belongingCriteria.recipient{2}.value[][mail3@test.com]

belongingCriteria.recipient{1}.type[EMailMask][]

belongingCriteria.recipient{1}.value[mail1@test.com][]

belongingCriteria.recipient{2}.value[mail2@test.com][test_mail2@test.com]

belongingCriteria.recipient{2}.Index[2][1]

Rule deleted:

belongingCriteria.recipient{0}.type[EMailMask][]

belongingCriteria.recipient{0}.value[test%2A][]

belongingCriteria.recipient{1}.type[EMailMask][]

belongingCriteria.recipient{1}.value[test_mail2@test.com][]

belongingCriteria.recipient{2}.type[EMailMask][]

belongingCriteria.recipient{2}.value[mail3@test.com][]

Recipient → LDAP: DN

belongingCriteria.recipient{N}.
ExternalAccount

belongingCriteria.recipient{N}.
<value>

If the LDAP:DN is modified, the modification is represented by a single record of the following form:

belongingCriteria.recipient{N}.
<value>

Where N is the serial number of the pair in the list of pairs.

If the serial number of a pair changes, the modifications of the pair are represented by a single record of the following form:

belongingCriteria.recipient{N}.
<serial number>

Rule created:

belongingCriteria.recipient{0}.Index[][0]

belongingCriteria.recipient{0}.type[][ExternalAccount]

belongingCriteria.recipient{0}.value[][test value]

Rule modified:

belongingCriteria.recipient{0}.value[test value][test value #1]

Rule deleted:

belongingCriteria.recipient{0}.Index[0][]

belongingCriteria.recipient{0}.type[ExternalAccount][]

belongingCriteria.recipient{0}.value[test value #1][]

Codes of common rule settings on the General → Macro tab in the audit event record

Setting in the rule on the General → Macro tab	Code in the audit event record	Examples
Process attachments with macros	`scanSettings.avScanSettings.` `engineSettings.` `detectDocWithMacro` Possible values: `true` if the toggle switch is On. `false` if the toggle switch is Off.	Rule created: `scanSettings.avScanSettings.engineSettings.` `detectDocWithMacro[][false]` `scanSettings.avScanSettings.docWithMacroAction` `[][Skip]` `scanSettings.avScanSettings.backupDocWithMacro` `[][true]` `scanSettings.avScanSettings.docWithMacroMark` `[][%5BMacro%5D]` Rule modified: `scanSettings.avScanSettings.engineSettings.` `detectDocWithMacro[false][true]` `scanSettings.avScanSettings.docWithMacroAction` `[Skip][DeleteAttachment]` `scanSettings.avScanSettings.backupDocWithMacro` `[true][false]` `scanSettings.avScanSettings.docWithMacroMark` `[%5BMacro%5D][%5BDocument with macro%5D]` Rule deleted: `scanSettings.avScanSettings.engineSettings.` `detectDocWithMacro[true][]` `scanSettings.avScanSettings.docWithMacroAction` `[DeleteAttachment][]` `scanSettings.avScanSettings.backupDocWithMacro` `[false][]` `scanSettings.avScanSettings.docWithMacroMark` `[%5BDocument with macro%5D][]`
Action	`scanSettings.avScanSettings.` `docWithMacroAction` Possible values: `Skip` if the Skip action is selected. `DeleteAttachment` if the Delete attachment action is selected. `Reject` if the Reject action is selected. `DeleteMessage` if the Delete message action is selected.
Place original message in Backup	`scanSettings.avScanSettings.` `backupDocWithMacro` Possible values: `true` if the toggle switch is On. `false` if the toggle switch is Off.
Text to add to message subject	`scanSettings.avScanSettings.` `docWithMacroMark`

Codes of common rule settings on the General → Exclusions tab in the audit event record

Setting in the rule on the General → Exclusions tab

Code in the audit event record

Examples

Do not scan archives

scanSettings.avScanSettings.
engineSettings.scanArchived

Possible values:

true if the toggle switch is On.
false if the toggle switch is Off.

Rule created:

scanSettings.avScanSettings.engineSettings.scanArchived
[][true]

scanSettings.avScanSettings.engineSettings.excludedNames.
Added[%2Adoc, %2Apdf]

Rule modified:

scanSettings.avScanSettings.engineSettings.scanArchived
[true][false]

scanSettings.avScanSettings.engineSettings.excludedNames.
Added[%2Axls]

scanSettings.avScanSettings.engineSettings.excludedNames.
Removed[%2Adoc]

Rule deleted:

scanSettings.avScanSettings.engineSettings.scanArchived
[false][]

scanSettings.avScanSettings.engineSettings.excludedNames.
Removed[%2Axls %2Apdf]

Do not scan attachments by name masks

scanSettings.avScanSettings.
engineSettings.excludedNames

Page top