SharePoint keyword substitution macros


Applies to: Forefront Security for SharePoint

Topic Last Modified: 2008-01-18

Forefront Security for SharePoint provides keyword macros that can be used in the Deletion Text and in the various fields of a notification (To, Cc, Bcc, Subject, and body) to display information obtained from an item in which an infection was found or that matched a filter. Enter keywords into those fields, surrounded by leading and trailing percent signs (%), as shown in the list below.

For example, to include the name of the virus in the subject line, you could use the %Virus% macro, in the Subject field, as follows:

The %Virus% virus was found by Forefront Security for SharePoint.

Instead of typing the keyword, you can select it from a shortcut menu.

To select a keyword from the shortcut menu
  1. Position the cursor in any notification field, at the point where you want the keyword to appear.

  2. Right-click at that point to display a shortcut menu.

  3. Select Paste Keyword.

  4. Choose from a list of available keywords.

  5. Click Save to retain your work.

These are the possible keyword substitution macros. Use consecutive percent signs (%%) to display the percent sign itself in the notification field.

Only the macros listed below apply to FSSP. If any others appear in the shortcut menu, disregard them.


The email address of the author of the document.


The name of the author of the document.


The name of your organization, as found in the registry.


The name of the detected file.


The name of the filter that detected the item.


The workspace and subfolders where the virus or attachment was found.


The name of the last user to modify the document.


The email address of the last user to modify the document.


The name of the scan job that scanned the attachment or performed the filtering operation.


The name of the server that found the infection or performed the filtering operation.


The disposition of the detected item (Deleted, Cleaned, or Skipped).


The name of the virus, as reported by the file scanner.

%Virus Engines%

A list of all the scan engines that found the virus.