Data Leak Prevention is not enabled by default. It has to be enabled from the Feature Visibility under Settings. 

Once this is enabled, the DLP feature would be visible under Security Profiles

1) Dictionary for the pattern has to be created first. 

# config dlp dictionary
     edit "dic-pattern"
          set match-type match-all
             # config entries
                    edit 1
                         set type "keyword"
                     set pattern "test"  <----- Pattern which  to check for any attachment. 
                     set repeatenable
                         set comment "block_test-more_than_4"
                   next
               end
          next
      end

2) Configure the sensor for the dictionary created. 

# config dlp sensor
     edit "sensor-dic-pattern"
          # config entries
               edit 1
                 set dictionary "dic-pattern"  <----- Dictionary created above.
                 set count 4  <----- Set the count to check for. If a pattern 'test' occurs more than 4 times in an attachment, it will be blocked. 
               next
           end
       next
   end

 3) Create the DLP Profile.

# config dlp profile
     edit "Profile_block_pattern"
        set feature-set proxy
            # config rules
                     edit 3
                          set name "Block-pattern-Test"
                      set type message 
                      set proto smtp pop3 imap http-post nntp mapi
                      set filter-by sensor
                      set sensor "sensor-dic-pattern"  <----- Sensor created above.
                      set action block
                     next
                 end
           next
       end

4) Use the DLP profile created in an IPv4 policy.

 # config firewall policy 
     edit 1
          set status enable
          set srcintf "LAN"
          set dstintf "WAN"
          set action accept
          set schedule "always"
          set service "ALL"
        set utm-status enable
         set inspection-mode proxy  
        set ssl-ssh-profile "deep-inspection"<----- Deep Inspection has to be enabled 
        set dlp-profile "Profile_block_pattern"
    next
end

5) To view the logs, go to Log & Report -> Security Events -> DLP. 

Sample log for the above configuration: 

date=2023-05-01 time=10:33:48 eventtime=1682930028111513197 tz="+0200" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root" 
filteridx=3 filtername="Block-patter-Test" dlpextra="sensor-dic-pattern" filtertype="sensor" filtercat="message" severity="medium" policyid=1 srcintf="LAN" dstintf="WAN" proto=6 service="HTTPS" filetype="N/A" direction="outgoing" action="block" hostname="mail.google.com" 
agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) httpmethod="POST" profile="Profile_block_pattern" 

The above logs were generated while trying to upload a doc file to a Gmail attachment with the 'test' word included in the doc more than 4 times.