1 of 1 people found this helpful
The Body.Modified property might work for you.
In my 18.104.22.168 version, I put it after the Antimalware rule and it triggers when a script was stripped out. I have mine logging to a separate modified.log file.
However, I can't find any reason property that describes what or why it was modified.
Body.Modified equals true
Set User-Defined.logLine = DateTime.ToWebReporterString
+ " ""
+ String.ReplaceIfEquals (IP.ToString (Client.IP), "", "-")
+ "" ""
+ "" "
+ List.OfString.ToString (Antimalware.VirusNames<Gateway Anti-Malware: Standard Setting>)
I've created a similar rule but as you say there's no indication of what was modified or why. I've been getting really inconsistent behaviour from the MWG7 in my testing compared to v6... Without the logging I can't work out what's going on and have been holding off upgrading to v7.