Overview
Keyword Filtering is one of the Content Filtering plug-ins that enables administrators to block emails based on keywords in the email body or subject as well as any attachments that are in the email.
In this article, you will learn how to determine why the Keyword Filtering plug-in blocked or allowed a message as part of the troubleshooting process.
Introduction
Content Filtering engines allow MailEssentials to scan the content of emails and attachments, and block emails containing content matching any configured content filtering r
The Keyword Filtering plug-in works by blocking emails based on keywords or keyword combinations in the email body or subject as well as any attachments that are in the email. However, there may be scenarios where customers open support requests wanting to understand why the plug-in blocked or allowed specific messages against their expectations.
The next steps outline the troubleshooting process to determine the reason behind the actions taken by the Keyword Filtering plug-in.
Refer to this linked article to understand how Keyword Filtering works: Understanding Keyword Filtering
Description
- Find the Message-ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab. Refer to this linked article for more information on Reading Email Headers to extract the Message ID
- Navigate to ..GFI\MailEssentials\EmailSecurity\DebugLogs\ and locate the debug log file for the Keyword Filtering module. The log file name is Content Checking.gfi_log.txt
- This is the debug log for the Keyword Filtering Module and corresponds to the GFI MailEssentials > Content Filtering > Keyword Filtering on the configuration UI as well as a number of the tb_contcheck tables in the avapicfg.mdb located at ..GFI\MailEssentials\EmailSecurity\Data.
- Open the debug log file in a text editor and search for the Message-ID obtained in step 1.
- Refer to the scenarios below to determine the reasons behind the action taken by the Keyword FIlter module. Pay close attention to the lines in bold to understand what happened and why.
Scenario 1: Email was allowed by the module
>> ProcessMail
Message-ID [ <1784e5b75db479566ac1102_0ac93e53@gfitest.com>]
Preparing to scan mail...
Mail Direction = 0 : AV_MAILDIRECT_INBOUND
Email sender: [Your Credit Report"]"
Email subject: [What's Influencing Your Credit Score?]
>> LoadRules
Getting rule resolver class...
Getting the rules from the rule resolver class obtained...
Enumerating the rules...
Sorting the rules.
Done.
<< LoadRules = TRUE
Number of rules loaded : 0
No rules apply.
<< ProcessMail() = EMAA_ERR_SUCCESS
>> ProcessMail
Message-ID [<0343fe98-afc4-4043-a949-38e936e12c7c@GFITest.GFITest.local>]
Preparing to scan mail...
Mail Direction = 0 : AV_MAILDIRECT_INBOUND
Email sender: []
Email subject: [Sex Videos]
>> LoadRules
Getting rule resolver class...
Getting the rules from the rule resolver class obtained...
Enumerating the rules...
>> ProcessRuleFromDB
Processing rule : [CONTENT POLICY: Block Profanities]
>> GetRuleAppliesToEmailInThisDirection [AV_MAILDIRECT_INBOUND]
Rule applies to direction : VALUEID_AC_CHECKINBOUND
Rule applies to direction : VALUEID_AC_CHECKOUTBOUND
<< GetRuleAppliesToEmailInThisDirection() == TRUE
Rule applies to this direction.
Getting Properties.
Enumerate the list [9]...
Get list count
Enumerate the list [10]...
Enumerate the list [10]...
<< ProcessRuleFromDB = TRUE
>> ProcessRuleFromDB
Processing rule : [CONTENT POLICY: Block Sexual Content]
>> GetRuleAppliesToEmailInThisDirection [AV_MAILDIRECT_INBOUND]
Rule applies to direction : VALUEID_AC_CHECKINBOUND
Rule applies to direction : VALUEID_AC_CHECKOUTBOUND
<< GetRuleAppliesToEmailInThisDirection() == TRUE
Rule applies to this direction.
Getting Properties.
Enumerate the list [35]...
Get list count
Enumerate the list [36]...
Enumerate the list [36]...
<< ProcessRuleFromDB = TRUE
Sorting the rules.
Done.
<< LoadRules = TRUE
Number of rules loaded : 2
Scanning mail item...
Debug at Sender Display Name []
Debug at Subject [Sex Videos]
>> CheckSubject
Debug Checking Subject [Sex Videos]
Subject [Sex Videos]
Checking for infringed Rules
Checked for infringed Rules
----- Checking new rule [CONTENT POLICY: Block Sexual Content] -----
Check whole words only: [1]
Filling Word
Scan complete.
Subject test FAILED.
>> FormulateErrorReport_KeywordsInSubject
Short Description [Triggered rule CONTENT POLICY: Block Sexual Content"]"
Long Description [Words in subject triggered rule CONTENT POLICY: Block Sexual Content" (Words found: sex)]"
<< FormulateErrorReport_KeywordsInSubject
<< CheckSubject [FALSE]
>> CheckBodies
Number of bodies: [1]
Checking body [1] of [1]
GM hBodyInfringements count. [262465976]
Get body IStream...
Get IUnknown...
Charset is [us-ascii]
Stream Size [56] Type [2]
Body Type: [text/plain]
GM CSSourceType: [1201]
----- Checking new rule [CONTENT POLICY: Block Sexual Content] -----
Check body for keywords.
Check whole words only: [1]
Filling Expression
Words and operators loaded correctly.
Source type: [1201]
Perform scan...
Scan complete.
Body test FAILED.
>> FormulateErrorReport_KeywordsInBody
Short Description [Triggered rule CONTENT POLICY: Block Sexual Content"]"
Long Description [Words in body triggered rule CONTENT POLICY: Block Sexual Content" (Words found: sex)]"
<< FormulateErrorReport_KeywordsInBody
<< CheckBodies [FALSE]
No rules defined which have check attachments for keywords enabled.
Finished scanning.
<< ProcessMail() = EMAA_ERR_DBACTION
Scenario 3: Module is disabled
Number of rules loaded : 0
No rules apply.
<< ProcessMail() = EMAA_ERR_SUCCESS