Cisco Cisco Email Security Appliance C370 User Guide
22-15
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 22 Text Resources
Using Text Resources
$MID
Replaced by the Message ID, or “MID” used internally to
identify the message. Not to be confused with the RFC822
“Message-Id” value (use $Header to retrieve that).
identify the message. Not to be confused with the RFC822
“Message-Id” value (use $Header to retrieve that).
$Group
Replaced by the name of the sender group the sender matched on
when injecting the message. If the sender group had no name, the
string “>Unknown<” is inserted.
when injecting the message. If the sender group had no name, the
string “>Unknown<” is inserted.
$Policy
Replaced by the name of the HAT policy applied to the sender
when injecting the message. If no predefined policy name was
used, the string “>Unknown<” is inserted.
when injecting the message. If no predefined policy name was
used, the string “>Unknown<” is inserted.
$Reputation
Replaced by the SenderBase Reputation score of the sender. If
there is no reputation score, it is replaced with “None”.
there is no reputation score, it is replaced with “None”.
$filenames
Replaced with a comma-separated list of the message’s
attachments’ filenames.
attachments’ filenames.
$filetypes
Replaced with a comma-separated list of the message's
attachments' file types.
attachments' file types.
$filesizes
Replaced with a comma-separated list of the message’s
attachment’s file sizes.
attachment’s file sizes.
$remotehost
Replaced by the hostname of the system that sent the message to
the Email Security appliance.
the Email Security appliance.
$AllHeaders
Replaced by the message headers.
$EnvelopeFrom
Replaced by the Envelope Sender (Envelope From, <MAIL
FROM>) of the message.
FROM>) of the message.
$Hostname
Replaced by the hostname of the Email Security appliance.
$header[‘string’]
Replaced by the value of the quoted header, if the original
message contains a matching header. Note that double quotes
may also be used.
message contains a matching header. Note that double quotes
may also be used.
$enveloperecipients
Replaced by all Envelope Recipients (Envelope To, <RCPT TO>)
of the message.
of the message.
$bodysize
Replaced by the size, in bytes, of the message.
$FilterName
Returns the name of the filter being processed.
$MatchedContent
Returns the content that triggered a scanning filter rule (including
filter rules such as
filter rules such as
body-contains
and content dictionaries).
$DLPPolicy
Replaced by the name of the email DLP policy violated.
$DLPSeverity
Replaced by the severity of violation. Can be “Low,” “Medium,”
“High,” or “Critical.”
“High,” or “Critical.”
$DLPRiskFactor
Replaced by the risk factor of the message’s sensitive material
(score 0 - 100).
(score 0 - 100).
$threat_category
Replaced with the type of Outbreak Filters threat, such as
phishing, virus, scam, or malware.
phishing, virus, scam, or malware.
$threat_type
Replaced by a subcategory of the Outbreak Filters threat
category. For example, can be a charity scam, a financial phishing
attempt, a fake deal, etc.
category. For example, can be a charity scam, a financial phishing
attempt, a fake deal, etc.
Table 22-3
Anti-Virus Notification Variables (continued)
Variable Substituted
With