Email Security Cloud Gateway - Archive Search & Export - Archive Search

Updated

This page describes using Archive Search & Export to search the archive, display message details, and access saved searches.

Searching the Archive

You can search your archive by performing a search using your own search criteria. To do so:

  1. Log in to the Mimecast Administration Console.
  2. Click on the Archive Search & Export menu item.
  3. Complete one of the following tabs:
  •  
    • Search by Mailbox
Field / Option Description
Mailboxes Specify up to 100 internal or external email addresses or domains you want to include, separated by a single space, a comma, or the OR key. 
Aliases email addresses aren’t automatically included and must be specified separately.
Routing Specify the message delivery route to be included in the search. Both internal and external domains are included in the search results.
Keywords

Specify your search keywords using the following conditions as required:

Condition Description
space Includes results containing all the entered words (e.g., word1, word2, word3, AND word4)
AND
OR Includes results containing any entered words (e.g., word5 OR word6).
!

Includes results containing words not prefixed by !, but excludes those containing words prefixed by ! (e.g., word7 !word8).

The search keyword must have a minimum of three characters when using the ! condition. For example:

  • !abc 123 works as it contains over three characters.
  • !a doesn't work as it only contains one character.
?

When performing a keyword search, the wildcard character '?' is not supported. If the wildcard '?' is used, the search will result in either of these error messages:

  • "Please enter a minimum of 3 characters."
  • "Incorrect search key used. Please expand to see full details".

This is a known issue that the Product Team is currently working to resolve.
* Includes results if there are zero or more characters at the end of words (e.g., bet* returns bet, betting, better).
"" Includes results for a phrase or display names (e.g., “James Smith").
:SUBJ: Includes results where the search keywords are found in the message's subject (e.g., SUBJ:word8 or word9)
:MSGB: Includes results where the search keywords are found in the message's body (e.g., word10 AND :MSGB).
:ATTN: Includes results where the search keywords are found in the file name of a message's attachment (e.g., word11 AND:ATTN).
:ATTC: Includes results where the search keywords are found in the content of a message's attachment (e.g., word11 AND:ATTC).
:ATTT: Includes results where the search keywords are found in the file type of a message's attachment (e.g., word11 AND:ATTT).

 

Search terms are limited to a maximum combination of 300 words or phrases.
You can include two or more of the :SUB:, :MSGB:, :ATTN:, :ATTC:, or :ATTT: conditions in your search by ensuring they are separated by a comma and located inside two : characters (e.g., word12 AND :SUBJ, MSGB:). Notice that the character is not needed after the first condition.

The following terms are automatically excluded from the search: "a", "an", "and", "are", "as", "at", "be", "but", "by", "for", "if", "in", "into", "is", "it", "no", "not", "of", "on", "or", "such", "that", "the", "their", "then", "there", "these", "they", "this", "to", "was", "will", "with". These common words are not indexed by Mimecast when an email is archived and therefore are ignored when the search query is performed. This applies when using phrases (as described in the above example). For example, when searching for "training the customers," Mimecast will return results including "training the customers," "training with customers," "training at customers," etc.
Date Range Specify a date range for the search from the drop-down.

 

  • Search by From / To
Field / Option Description
From

Specify up to 100 senders using any combination of the following:

Condition Description
space Includes messages sent by any entered addresses (e.g., name1@company.com, name2@company.com).
OR Includes messages sent by any entered addresses (e.g., name1@company.com or name2@company.com).
* Includes messages sent by any addresses with zero or more characters at the end of the entered address or domain (e.g., name1@company* returns name1@company.com, name1@company.co.uk).
"" Includes messages sent by any addresses where the entered value matches the display name (e.g., “James Smith").
To

Specify one or more recipients using any combination of the keywords in the "From" field.

If both the "From" and "To fields are specified, only results matching the entries in both fields are returned.
Keywords Specify one or more search keywords. See the "Search by Mailbox" table above for full details.
Date Range Specify a date range for the search from the drop-down.
  1. Click on the Advanced Search link to display the following additional search options:
Field / Option Description
Keyword Filters Specify if the terms in the "Keywords" field should be applied to the subject line, message body, headers, attachment content, attachment name, or attachment type.
Search within Smart Tag
Search within messages that are linked to a selected Smart Tag.
Items Pending Deletion
Select to include items that are past their expiration date, but are in a deletion grace period, or on a legal hold.
  1. Click on the Search button. Your results are displayed below your search criteria.
  2. Optionally, click the Save Search button to save the search criteria for future use. See the Saved Searches section below for full details.
Savesearch.png

Very large attachments (and email message body parts) take longer to process and to protect Mimecast archive performance, search keywords are taken from the first 2 million characters of each attachment, with a limit of 20,000 search keywords across all attachments, and a further 20,000 search keywords for the message body.

 

Using Proximity Search Criteria

You can find terms near your search criteria using a proximity search term. Search Terms used for proximity only highlight matches in a message's subject, body, and attachment name. Take the following examples:

Search Criteria Description
NEAR(10, word1, word2) Searches for “word1” and “word2" with up to a maximum distance of 10 words between them. Both words must be present.
(word1, word2)~10
NEAR(15, word1, word2, word3) Searches for “word1,” “word2," and “word3” with up to a maximum distance of 15 words between them. All three words should be present.
(word1, word2, word3)~15

 

Ordering is based on the Levenshtein distance. If your terms are swapped compared to how they appear in the document, you must specify double the distance. For example, if the text is "Your requested files were sent":

  • (requested, files)~2 matches
  • (files, requested)~2 doesn't match
  • (requested, files)~2 OR (files, requested)~2 matches
  • (files, requested)~4 also matches but is less accurate than (requested, files)~2

Displaying a Message's Details

With your search results listed, you can display each message's details. To do so:

  1. Click on a Message in the search results.
  2. Ensure the Highlight Keywords option is selected to highlight the search term in each message. See below for an example.
Messagedetails.png

The message details display in a pop-out panel with two views:

  • Received View (the default).
  • Delivery View.
Recievedview.png

Both views display the messages:

  • Summary, including the from (envelope) address, from (header) address, the recipient list, subject, and date/time sent.
  • Spam Scanning: Insights from Spam Scanning.
  • Attachments: To download an attachment, click on the (...) icon to the right of the file and select the Download menu item.
Download.png
  • Message body: The body is displayed by default in plain text. To display the message in HTML format, click the Plain Text button above the body and select the HTML menu item.
  • Retention and Audit Information: Insights on message retention and purge.

In addition, there are tabs to display additional insights as below:

  • Analysis: Display details for Emails scanned by the Spam scanning layer.
  • Header: Displays details of the message's header.
  • Transmission Data: Display details of the message's envelope and transmission components.
  • Policies: Displays the policies that were applied to the message.
HTML.png

Printing a Message

Users can print a message. Currently, only one message can be printed at a time. To print a message:

  1. Click to open the message.
  2. Click on the ellipses (...) icon.
  3. Select the Print menu item.
  4. Complete the Print dialog as required.
  5. Click on the Print button.
Printforward.png

Forwarding Messages

Users can forward a message to another recipient. This creates a new email with the forwarded message added as an attachment. Currently, only one message can be forwarded at a time. To forward a message:

  1. Click to open the message.
  2. Click on the ellipses (...) icon.
  3. Select the Forward menu item

  1. Complete the following Forward dialog:
Field/Option Description
To Specify the email addresses of the required recipients separated by commas.
Subject Specify a subject for the email. By default, this is the subject of the forwarded message prefixed by "FWD CR:"
Notes Add a note (e.g., explaining why you are forwarding it).

 

  1. Click Send.

Reporting Messages

Users will be able to report new messages as Phishing, Spam, or Malware.

reportmessageoptions.png

Permit and Block Senders for Recipients

Use these buttons in the Message Details panel to manage sender permissions for a specific recipient:

  • Permit for Recipient: Allows future messages from the sender to reach the recipient.
  • Block for Recipient: Prevents future messages from the sender from reaching the recipient.
permitandblock.png

These actions only affect the selected recipient and help you quickly manage sender access.

Saved Searches

You can access a search from the Saved Searches menu item in the navigation pane if you've saved a search for future use. From here, you can use the (...) icon to the right of the record to:

  • Save As: This can be used to save the search criteria as a new search. This is useful if you need to make a minor amendment whilst keeping the original search intact.
  • Search: This can be used to run the search.
  • View Details: This shows the search details.
  • Delete: This option deletes the search.
    • You can also delete multiple items by selecting the items and then clicking Delete.
savedsearchtab.png

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.