When constructing a compliance filter rule please ensure that you adhere to the following rule structure .


Note: Rules do not cascade. Once the Characteristics of a rule has been met that rule will be executed, and all subsequent rules will be disregarded. 



Rules will be evaluated in the following sequence regardless of where they are physically placed in the compliance filter interface.


  1. Any body compliance filter rules will be evaluated and executed first
  2. Any header compliance filter rules will be evaluated and executed secondly
  3. Finally, any advanced compliance filter rules will be evaluated and executed.  


Conceptually, compliance filter rules will be evaluated in the below order


      All Body Rules 1st

  • Rule 1 (highest prio of the body rules)
  • Rule 2
  • Rule 3

   

     All Header Rules 2nd

  • Rule 1 (highest prio of the header rules)
  • Rule 2
  • Rule 3

    

    Finally All Advanced Rules (highest prio of the advanced rules)

  • Rule 1
  • Rule 2
  • Rule 3


Example

If you have rules in such rule order as the below example , both body rules will be evaluated first in line with evaluation order defined above


  • Header rule 1
  • Body Rule 1
  • Body Rule 2
  • Advanced rule 1


An example:



We have a Header Rule that is created to classify all emails from domain.com as virus:



Next, we have an advanced rule that allows any emails originating from domain.com with .xls attachments to be classifed as clean




If an email comes in from domain.com with a .xls attachment it will be tagged as a virus, because the header rule will be evaluated and executed due to its higher priority. In an example like this we would recommend changing the header rule to and advanced rule. Then, moving that advaned rule below the attachmenet rule to enable all emails from domain.com with .xls attachmenets to be classified as clean. While still allowing all other emails from domain.com to be classified as virus.