Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco Email Security Appliance C170
  5. Betriebsanweisung

Cisco Cisco Email Security Appliance C170 Betriebsanweisung

Download
Seite von 1094
 
9-74
Cisco AsyncOS 8.0.1 for Email User Guide
 
Chapter 9      Using Message Filters to Enforce Email Policies
  Attachment Scanning
In the following example, the same “executable” group of attachments (
.exe
.dll
, and 
.scr
) are 
stripped from messages whose Envelope Sender is not within the domain 
example.com
In the following example, a specific member of a file type (“wmf”) as well as a the same “executable” 
group of attachments (
.exe
.dll
, and 
.scr
) are stripped from messages whose Envelope Sender is not 
within the domain 
example.com
.
In the following example, the “executable” pre-defined group of attachments is extended to include more 
attachment names. (Note that this action will not examine the attachments’ file type.)
The 
drop-attachments-by-name
 action supports non-ASCII characters.
Note
The 
drop-attachments-by-name 
action matches the regular expression against the filename captured 
from the MIME header. The filename captured from the MIME header may contain trailing spaces.
In the following example, a message is dropped if the attachment is not an .exe executable filetype. 
However, the filter will not perform any action on the message if there is at least one attachment with 
the file type you want to filter out. For example, the following filter drops any message with an 
attachment that is not an 
.exe
 file type:
If a message has multiple attachments, the Email Security appliance does not drop the message if at least 
one of the attachments is an 
.exe
 file, even if the other attachments not 
.exe
 files. 
strip_inbound_exes: if (mail-from != "@example\\.com$") {
                        drop-attachments-by-filetype ('Executable');
                     } 
strip_inbound_exes_and_wmf: if (mail-from != "@example\\.com$") {
                        drop-attachments-by-filetype ('Executable');
                        drop-attachments-by-filetype ('x-wmf');
                     }
strip_all_dangerous: if (true) {
                    drop-attachments-by-filetype ('Executable');
                      drop-attachments-by-name('(?i)\\.(cmd|pif|bat)$');
                     }
exe_check: if (attachment-filetype != "exe") {
                   drop();
               }