Codes of Content Filtering condition settings for attachments

If logging of audit events and modified settings is enabled in Event Log settings, when editing settings for types and names of attachments in the Content Filtering module, detailed information about the changes is recorded in an Audit Log event.

The following table shows how the settings of conditions for attachment types and names in the Content Filtering module are coded in an Audit Log record.

Codes of condition settings for the Attachment type attribute in an audit event record

Condition setting for Attachment type	Code in the audit event record	Examples
Criterion	`scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentFormat}.` `attachmentFormat.conditionType` Possible values: `InList` if Attachment type matches at least one item listed below is selected. `NotInList` if Attachment type does not match any item listed below is selected.	Condition created: `AttachmentFormat}.attachmentFormat.conditionType` `[][InList]` `scanSettings.cfScanSettings.expressions{1,` `Some expression name}.conditions{1,` `AttachmentFormat}.attachmentFormat.scanArchived` `[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.scanCompositeObjects[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.dictionaries.Added[1 2]` Condition modified: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.conditionType[InList][NotInList]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.scanArchived[true][false]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.scanCompositeObjects[true][false]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.dictionaries.Added[3]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.dictionaries.Removed[1]` Condition deleted: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.conditionType[NotInList][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.scanArchived[false][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.scanCompositeObjects[false][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.dictionaries.Removed[2 3]`
Other settings	The event record will include the following lines: `1. scanSettings.cfScanSettings.` `expressions{<expression number>, <expression name>}.conditions{<condition number>, AttachmentFormat}.attachmentFormat.` `scanArchived` Possible values: `true` if Scan compound objects is selected. `false` if Scan compound objects is not selected. `2. scanSettings.cfScanSettings.` `expressions{<expression number>, <expression name>}.conditions{<condition number>, AttachmentFormat}.attachmentFormat.` `scanCompositeObjects` Possible values: `true` if Check file types in archives is selected. `false` if Check file types in archives is not selected.
Search types → Dictionaries	`scanSettings.cfScanSettings.expressions` `{<expression number>, <expression name>}.` `conditions{<condition number>,` `AttachmentFormat}.attachmentFormat.` `dictionaries` The record will contain the IDs of the connected or disconnected dictionaries.
Search types → File types	The event record will include the following lines: `scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `<category code>.<file type code>` `scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `<category code>.<file type code>` If a data category has a subcategory, the record contains `<category code>.<` `subcategory code>.` For category, subcategory, and file type codes, see Dictionary category and file type codes in audit events. If a condition with an Attachment name matches at least one item listed below criterion is created, the following records are logged in the Audit Log: 1. For each selected file type, a record of the following form is logged: `scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `<category code>.<file type code>` with the value of `true`. 2. For each unselected file type, a similar record is logged with the `false` value. 3. For the Attachment name does not match any item listed below criterion, records of the following type are logged: `scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `<category code>.<file type code>` All of these records have `false` as the value. If a condition with an Attachment name does not match any item listed below criterion is created, the following records are logged in the Audit Log: 1. For each selected file type, a record of the following form is logged: `scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `<category code>.<file type code>` with the value of `true`. 2. For each unselected file type, a similar record is logged with the `false` value. 3. For the Attachment name matches at least one item listed below criterion, records of the following type are logged: `scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `<category code>.<file type code>` All of these records have `false` as the value.	The condition is created for the Attachment name does not match any item listed below criterion; the following file types are selected: 7Z*; ACE; ARJ; EXE; DLL; OCX; SCR; SWF. `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archive7z[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archiveAce[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archiveArj[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `executableCategory.executableWin[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `imageCategory.animationSubcategory.multimediaSwf[]` `[true]` `generalHtml` and `generalTxt` file types are selected by default for the Attachment name does not match any item listed below criterion, therefore records are also added for them: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `miscellaneousCategory.generalHtml[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `miscellaneousCategory.generalTxt[][true]` The rest of the records are logged with `false` as the value. Some of the records are listed below: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `archiveCategory.archiveBzip2[][false]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `archiveCategory.archiveCab[][false]` `...` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `archiveCategory.archiveZip[][false]` `...` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `officeCategory.spreadsheetSubcategory.` `officeOds[][false]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `unknown[][false]` Records for the Attachment name matches at least one item listed below criterion are displayed with `false` as the value: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `archiveCategory.archive7z[][false]` `...` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `archiveCategory.archiveAce[][false]` `...` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `archiveCategory.archiveZip[][false]` `...` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `spreadsheetSubcategory.officeOds[][false]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `unknown[][false]` Condition modified: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archiveArj[true][false]` No records are added for other file types because the other file types are unchanged. Condition deleted Records for the Attachment name does not match any item listed below with a `true` value: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archive7z[true][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archiveAce[true][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archiveArj[false][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `executableCategory.executableWin[true][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `imageCategory.animationSubcategory.multimediaSwf` `[true][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `miscellaneousCategory.generalHtml[true][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `miscellaneousCategory.generalTxt[true][]` Records for other file types for the Attachment name does not match any item listed below criterion are logged with the `false` value, for example: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.notInListAttachmentFormats.` `archiveCategory.archiveArj[false][]` For all file types for the Attachment name matches at least one item listed below criterion, records with a `false` value are logged, for example: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1, AttachmentFormat}.` `attachmentFormat.inListAttachmentFormats.` `databaseCategory.databaseMdb[false][]`

Codes of condition settings for the Attachment name attribute in an audit event record

Condition setting for Attachment name	Code in the audit event record	Examples
Criterion	`scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentName}.` `attachmentName.conditionType` Possible values: `InList` if Attachment type matches at least one item listed below is selected. `NotInList` if Attachment type does not match any item listed below is selected.	Condition created: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.` `attachmentName.conditionType[][InList]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.` `attachmentName.scanArchived[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `scanCompositeObjects[][true]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `inlineValues.textList.Added[Abc Def]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `dictionaries.Added[1 2]` Condition modified: `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `conditionType[InList][NotInList]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `scanArchived[true][false]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `scanCompositeObjects[true][false]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `inlineValues.textList.Added[Xyz]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `inlineValues.textList.Removed[Abc]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `dictionaries.Added[3]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `dictionaries.Removed[1]` Condition deleted `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `conditionType[NotInList][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.` `attachmentName.scanArchived[false][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.` `attachmentName.scanCompositeObjects[false][]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `inlineValues.textList.Removed[Def Xyz]` `scanSettings.cfScanSettings.expressions{1, Some` `expression name}.conditions{1,AttachmentName}.attachmentName.` `dictionaries.Removed[2 3]`
Other settings	The event record will include the following lines: `1. scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentName}.` `attachmentName.scanArchived` Possible values: `true` if Scan compound objects is selected. `false` if Scan compound objects is not selected. `2. scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>, AttachmentName}.` `attachmentName.scanCompositeObjects` Possible values: `true` if Check file types in archives is selected. `false` if Check file types in archives is not selected.
Text	`scanSettings.cfScanSettings.` `expressions{Expression_Number,` `Expression_Name}.conditions` `{Condition_Number,AttachmentName}.` `attachmentName.inlineValues.textList`
Wildcard	`scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>,AttachmentName}.` `attachmentName.inlineValues.` `wildcardList`
Regexp	`scanSettings.cfScanSettings.` `expressions` `{<expression number>,` `<expression name>}.conditions` `{<condition number>,AttachmentName}.` `attachmentName.inlineValues.` `regexList`
Dictionaries	`scanSettings.cfScanSettings.` `expressions{<expression number>,` `<expression name>}.conditions` `{<condition number>,AttachmentName}.` `attachmentName.dictionaries` The record will contain the IDs of the connected or disconnected dictionaries.

Page top