Keyword substitution macros

 

Applies to: Forefront Security for Exchange Server

Forefront Security for Exchange Server provides keyword macros that can be used in the Deletion Text and in the various fields of a notification (To, Cc, Bcc, Subject, and body) to display information obtained from an item in which an infection was found or that matched a filter. Enter keywords into those fields, surrounded by leading and trailing percent signs (%), as shown in the list below.

For example, to include the name of the virus in the subject line, you could use the %Virus% macro, in the Subject field, as follows:

The %Virus% virus was found by Forefront Security for Exchange Server.

Instead of typing the keyword, you can select it from a shortcut menu.

To select a keyword from the shortcut menu

  1. Position the cursor in any notification field, at the point where you want the keyword to appear.

  2. Right-click at that point to display a shortcut menu.

  3. Select Paste Keyword.

  4. Choose from a list of available keywords.

  5. Click Save.

The macros

These are the possible keyword substitution macros. Use consecutive percent signs (%%) to display the percent sign itself in the notification field.

%Company%   The name of your organization, as found in the registry.

%EBccAddresses% External Bcc addresses. A list of the addresses of all the external Bcc recipients.

%EBccNames% External Bcc names. A list of the names of all the external Bcc recipients.

%ECcAddresses%   External Cc addresses. A list of the addresses of all the external Cc recipients.

%ECcNames%   External Cc names. A list of the names of all the external cc recipients.

%ERAddresses%   External recipient addresses. A list of the addresses of all the external To recipients.

%ERNames%   External recipient names. A list of the names of all the external To recipients.

%ESAddress%   External sender address. The address of the message sender, if external to the company.

%ESName%   External sender name. The name of the message sender, if external to the company.

%File%   The name of the detected file.

%Filter%   The name of the filter that detected the item.

%Folder%   The public or private store (mailbox) and subfolders where the virus or attachment was found.

%IBccAddresses%   Internal Bcc addresses. A list of the addresses of all the internal Bcc recipients.

%IBccNames%   Internal Bcc names. A list of the names of all the internal Bcc recipients.

%ICcAddresses%   Internal Cc addresses. A list of the addresses of all the internal Cc recipients.

%ICcNames%   Internal Cc names. A list of the names of all the internal Cc recipients.

%IRAddresses%   Internal recipient addresses. A list of the addresses of all the internal To recipients.

%IRNames%   Internal recipient names. A list of the names of all the internal To recipients.

%ISAddress%   Internal sender address. The address of the message sender, if internal to the company.

%ISName%   Internal sender name. The name of the message sender, if internal to the company.

%Message%   The Subject field of the message.

%MIME%   MIME Header. The MIME header information.

%ScanJob%   The name of the scan job that scanned the attachment or performed the filtering operation.

%Server%   The name of the server that found the infection or performed the filtering operation.

%State%   The disposition of the detected item (Deleted, Cleaned, or Skipped).

%Virus%   The name of the virus, as reported by the file scanner.

%VirusEngines%   A list of all the scan engines that found the virus.