Microsoft Forefront Protection 2010 for SharePoint (FPSP) provides keyword substitution macros that you can use in the deletion text and in the various fields of a notification (Cc, Bcc, Subject, and Message body). These macros obtain and display information from an item in which an infection was found or an item that matched a filter. You can use multiple keyword substitution macros.
 Note: |
|---|
| When configuring notifications, macros can be used to fill in useful information about the file being processed and the server doing the processing. Since notifications can be sent outside your organization, when enabling or customizing notifications, it is recommended that you do not use any macros that could expose any information you do not want disclosed. |
Keyword substitution macros are surrounded by leading and trailing percent signs (%). To display the percent sign itself as part of the deletion text or in a notification field, use consecutive percent signs (%%).
The following are examples of the use of keyword-substitution macros:
- The subject line of a malware notification
could contain the name of the malware. In the Subject field,
use the %Malware% keyword substitution macro. For example:
A file is infected with the %Malware% malware.
- The message body of a notification e-mail to
the Virus Administrator could contain keyword substitution macros
to inform the recipient of all aspects of an incident. For
example:
The %MalwareEngines% scan engines detected the %Malware% malware in a file called %File%, authored by %AuthorName% and last modified by %LastModifiedBy%. The malware was detected by the %ScanJob% scan job, on the %Server% server, and the item was %State%.
| Note: |
|---|
| In Windows PowerShell, macros are used in the same way. However, the entire text string must be surrounded by quotation marks and each group of one or more macro names must be surrounded by apostrophes. For example:Set-FsspNotification Administrator Event virus To VirAdmin@contoso.com Subject "Malware found" Body "The '%MalwareEngines%' scan engines detected the '%Malware%' malware in a file called '%File%', authored by '%AuthorName%' and last modified by '%LastModifiedBy%'. The malware was detected by the '%ScanJob%' scan job, on the '%Server%' server, and the item was '%State%'." Enabled $true |
The following table contains the FPSP keyword substitution macros.
| Macro | Description |
|---|---|
|
%AuthorEmail% |
The email address of the author of the file. |
|
%AuthorName% |
The name of the author of the file. |
|
%Company% |
The name of your organization, as found in the registry. |
|
%File% |
The name of the file in which the virus was detected or that matched a filter. |
|
%Filter% |
The name of the filter that detected the item. |
|
%Folder% |
The workspace and subfolders where the virus was found. |
|
%LastModifiedBy% |
The name of the last user to modify the file. |
|
%Malware% |
The name of the malicious software (malware), as reported by the file scanner. |
|
%ModifiedUserEmail% |
The email address of the last user to modify the file. |
|
%ScanJob% |
The name of the scan job that scanned the file or performed the filtering operation. |
|
%Server% |
The name of the server that found the infection or performed the filtering operation. |
|
%State% |
The disposition of the detected item (Deleted, Cleaned, Removed, or Skipped). |
|
%MalwareEngines% |
A list of all the scan engines that detected the malware. |