附件内容过滤条件设置代码

标准

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentFormat}.
attachmentFormat.conditionType

可能的值：

• InList，如果选择了“附件类型至少匹配下面列出的一个项目”。
• NotInList，如果选择了“附件类型不匹配下面列出的任何项目”。

创建的条件：

AttachmentFormat}.attachmentFormat.conditionType
[][InList]

scanSettings.cfScanSettings.expressions{1,
Some expression name}.conditions{1,
AttachmentFormat}.attachmentFormat.scanArchived
[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.scanCompositeObjects[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.dictionaries.Added[1 2]

修改的条件：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.conditionType[InList][NotInList]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.scanArchived[true][false]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.scanCompositeObjects[true][false]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.dictionaries.Added[3]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.dictionaries.Removed[1]

删除的条件：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.conditionType[NotInList][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.scanArchived[false][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.scanCompositeObjects[false][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.dictionaries.Removed[2 3]

其他设置

事件记录将包含以下几行：

1. scanSettings.cfScanSettings.
expressions{<expression number>, <expression name>}.conditions{<condition number>, AttachmentFormat}.attachmentFormat.
scanArchived

可能的值：

• true，如果选择了“扫描复合对象”。
• false，如果选择了“扫描复合对象”。

2. scanSettings.cfScanSettings.
expressions{<expression number>, <expression name>}.conditions{<condition number>, AttachmentFormat}.attachmentFormat.
scanCompositeObjects

可能的值：

• true，如果选择了“检查存档中的文件类型”。
• false，如果选择了“检查存档中的文件类型”。

搜索类型 → 词典

scanSettings.cfScanSettings.expressions
{<expression number>, <expression name>}.
conditions{<condition number>,
AttachmentFormat}.attachmentFormat.
dictionaries

该记录将包含已连接或已断开连接的词典的 ID。

搜索类型 → 文件类型

事件记录将包含以下几行：

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
<category code>.<file type code>

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
<category code>.<file type code>

如果数据类别有子类别，则记录包含<category code>.< subcategory code>.

有关类别、子类别和文件类型代码，请参阅审核事件中的词典类别和文件类型代码。

如果创建了“附件名称至少包含下面列出的一个项目”标准的条件，审核日志中会记录以下记录：

1. 对于每个选定的文件类型，都会记录以下形式的记录：

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
<category code>.<file type code>
with the value of true.

2. 对于每个未选择的文件类型，都会使用 false 值记录类似的记录。

3. 对于“附件名称不包含下面列出的任何项目”标准，记录以下类型的记录：

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
<category code>.<file type code>

所有这些记录的值都是 false 。

如果创建了“附件名称不包含下面列出的任何项目”标准的条件，审核日志中会记录以下记录：

1. 对于每个选定的文件类型，都会记录以下形式的记录：

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
<category code>.<file type code>
with the value of true.

2. 对于每个未选择的文件类型，都会使用 false 值记录类似的记录。

3. 对于“附件名称至少包含下面列出的一个项目”标准，记录以下类型的记录：

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
<category code>.<file type code>

所有这些记录的值都是 false 。

为“附件名称不包含下面列出的任何项目”标准创建了条件；选择了以下文件类型：7Z*；ACR；ARJ；EXE；DLL；OCX；SCR；SWF。

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archive7z[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archiveAce[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archiveArj[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
executableCategory.executableWin[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
imageCategory.animationSubcategory.multimediaSwf[]
[true]

默认情况下，选择generalHtml和generalTxt文件类型附件名称不包含下面列出的任何项目标准，因此还为它们添加了记录：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
miscellaneousCategory.generalHtml[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
miscellaneousCategory.generalTxt[][true]

其余记录都以 false 作为值进行记录。部分记录如下：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
archiveCategory.archiveBzip2[][false]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
archiveCategory.archiveCab[][false]

...

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
archiveCategory.archiveZip[][false]

...

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
officeCategory.spreadsheetSubcategory.
officeOds[][false]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
unknown[][false]

“附件名称至少包含下面列出的一个项目”标准的记录值显示为 false：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
archiveCategory.archive7z[][false]

...

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
archiveCategory.archiveAce[][false]

...

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
archiveCategory.archiveZip[][false]

...

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
spreadsheetSubcategory.officeOds[][false]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
unknown[][false]

修改的条件：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archiveArj[true][false]

没有为其他文件类型添加记录，因为其他文件类型没有变化。

删除的条件：

值为 true 的“附件名称不包含下面列出的任何项目”的记录：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archive7z[true][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archiveAce[true][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archiveArj[false][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
executableCategory.executableWin[true][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
imageCategory.animationSubcategory.multimediaSwf
[true][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
miscellaneousCategory.generalHtml[true][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
miscellaneousCategory.generalTxt[true][]

“附件名称不包含下面列出的任何项目”标准的其他文件类型的记录以 false 值记录，例如：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.notInListAttachmentFormats.
archiveCategory.archiveArj[false][]

对于“附件名称至少包含下面列出的一个项目”标准的所有文件类型，记录具有 false 值的记录，例如：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1, AttachmentFormat}.
attachmentFormat.inListAttachmentFormats.
databaseCategory.databaseMdb[false][]

“附件名称”条件设置

审核事件记录中的代码

示例

标准

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentName}.
attachmentName.conditionType

可能的值：

• InList，如果选择了“附件类型至少匹配下面列出的一个项目”。
• NotInList，如果选择了“附件类型不匹配下面列出的任何项目”。

创建的条件：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.
attachmentName.conditionType[][InList]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.
attachmentName.scanArchived[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
scanCompositeObjects[][true]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
inlineValues.textList.Added[Abc Def]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
dictionaries.Added[1 2]

修改的条件：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
conditionType[InList][NotInList]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
scanArchived[true][false]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
scanCompositeObjects[true][false]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
inlineValues.textList.Added[Xyz]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
inlineValues.textList.Removed[Abc]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
dictionaries.Added[3]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
dictionaries.Removed[1]

删除的条件：

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
conditionType[NotInList][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.
attachmentName.scanArchived[false][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.
attachmentName.scanCompositeObjects[false][]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
inlineValues.textList.Removed[Def Xyz]

scanSettings.cfScanSettings.expressions{1, Some
expression name}.conditions{1,AttachmentName}.attachmentName.
dictionaries.Removed[2 3]

其他设置

事件记录将包含以下几行：

1. scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentName}.
attachmentName.scanArchived

可能的值：

• true，如果选择了“扫描复合对象”。
• false，如果选择了“扫描复合对象”。

2. scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>, AttachmentName}.
attachmentName.scanCompositeObjects

可能的值：

• true，如果选择了“检查存档中的文件类型”。
• false，如果选择了“检查存档中的文件类型”。

文本

scanSettings.cfScanSettings.
expressions{Expression_Number,
Expression_Name}.conditions
{Condition_Number,AttachmentName}.
attachmentName.inlineValues.textList

通配符

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>,AttachmentName}.
attachmentName.inlineValues.
wildcardList

正则表达式

scanSettings.cfScanSettings.
expressions
{<expression number>,
<expression name>}.conditions
{<condition number>,AttachmentName}.
attachmentName.inlineValues.
regexList

词典

scanSettings.cfScanSettings.
expressions{<expression number>,
<expression name>}.conditions
{<condition number>,AttachmentName}.
attachmentName.dictionaries

该记录将包含已连接或已断开连接的词典的 ID。