These regular expressions work well and considering McAfee SCM supports regular expressions but contains none makes these regular expressions much needed.

McAfee in general has the potential of blocking valid email traffic and so does this use of regular expressions.  What works at one client may work differently at other clients – thus the need for a formal testing process.

1. Save this file as a “Blocked.csv” to your McAfee server.
2. Open the definitions and go to “Keyword Lists” tab.
3. Create a new Keywords list and name it by clicking “Add” (I used Blocked for the name because I will eventually set this filter to blocked for the action).
4. Right click in the body of the new Keyword list and choose import. Steer to the Blocked.csv file you saved from this email.
5. Assign a threshold of “1” and choose “Regular Expressions”. Click okay, and then yes to distribute the rules.
6. Open the Rules and go to the SMTP tab.
7. Open the default rule that all or most of your email filtering occurs in. Click edit policies and choose new. Name the policy something descriptive.
8. Click “Next” and then click “Add” and name the new content filtering properties.
9. Then expand the “Email Header” section and choose “Subject String Search”.
10. Then choose the keywords list you created. Click “OK” twice and then “Next”.
11. Add a new Action and name it.
12. Choose the action you want to happen (I would suggest Alert Message and Quarantine with the Quarantine folder name to match the keyword list).
13. When you choose Quarantine, click on the “Add new” to create a new folder and name it.
14. And then click “Finish” and distribute the rules.

Sample import file

Always verify and always test solutions

www.bestitdocuments.com