Cisco Cisco Email Security Appliance C170 Betriebsanweisung
9-85
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
•
Inserting Headers
In these examples, AsyncOS inserts headers when the attachments contain specified content.
In the following example, all of the attachments on the message are scanned for a keyword. If the
keyword is present in all of the attachments, a custom X-Header is inserted:
keyword is present in all of the attachments, a custom X-Header is inserted:
In the following example, the attachment is scanned for a pattern in the binary data. The filter uses the
attachment-binary-contains
filter rule to search for a pattern that indicates that the PDF document is
encrypted. If the pattern is present in the binary data, a custom header is inserted:
Dropping Attachments by File Type
In the following example, the “executable” group of attachments (
.exe
,
.dll
, and
.scr
) is stripped from
messages and text is added to the message, listing the filenames of the dropped files (using the
$dropped_filename
action variable). Note that the
drop-attachments-by-filetype
action examines
attachments and strips them based on the fingerprint of the file, and not just the three-letter filename
extension. Note also that you can specify a single file type (“mpeg”) or you can refer to all of the
members of the file type (“Media”):
extension. Note also that you can specify a single file type (“mpeg”) or you can refer to all of the
members of the file type (“Media”):
attach_disclaim:
if (every-attachment-contains('[dD]isclaimer') ) {
insert-header("X-Example-Approval", "AttachOK");
}
match_PDF_Encrypt:
if (attachment-filetype == 'pdf' AND
attachment-binary-contains('/Encrypt')){
strip-header (‘Subject’);
insert-header (‘Subject’, ‘[Encrypted] $Subject’);
}
strip_all_exes: if (true) {
drop-attachments-by-filetype ('Executable', “Removed attachment:
$dropped_filename”);
}