Problem

The point is to act upon all possible attachments except one or more defined. For example, I will use *.jpg files which need to pass but all others need to be quarantined. A major issue is a requirement when a message comes with *.jpg and some other kind of file - that it needs to be quarantined as well.

Resolution

There are few key points that you need to use in order to make it:

1. You need a policy which is looking into content-disposition's header value.

2. You need to create wordlist which the above policy will pull the value from which contains these 2 entries: "*.jpg" and "*.*"

3. The weight of the "*.jpg" must be set to "0" and the weight of the "*.*" needs to be set to 1.

4. It is important the order in which you add the entries in the keyword list. the *.* needs to be added LAST!

What happens is that no matter how many jpg files you have their total weight will be 0 and policy does not trigger for 0 weight. As soon as there is something else it will have weight at least 1 and policy will trigger.

The screenshot below shows the summary of the policy.

The screenshot below shows the entries in the wordlist. (they are sorted alphabetically in the UI so the order always looks like this but the order that you add them to the list matters.). To be sure I suggest you add the *.jpg, save, go back and add the *.* entry: