Cisco Cisco Email Security Appliance X1070 User Guide

Each message injected into the Cisco appliance is processed through all message filters in order, unless 
you specify a final action, which stops the message from being processed further. (See 

.) Filters may also apply to all messages, and rules may also be combined using logical 

connectors (AND, OR, NOT).

signed-certificate(<field> 

[<operator> <regular 

expression>])

Does the message signer or X.509 certificate 
issuer match a certain pattern? See 

header-repeats (<target>, 

<threshold> [, <direction>])

Returns 

true 

if at a given point in time, a 

specified number of messages:

With same subject header are detected in 
last one hour.

From same envelope-sender are detected in 
last one hour.

See 

url-reputation

url-no-reputation

Is the reputation score of any URL in the 
message within the specified range? 

Is a reputation score for a URL unavailable? 

See 

url-category

Does the category of any URL in the message 
match the specified categories? 

See 

attachment-corrupt

Does this message have an attachment that is 
corrupt?

See 

.

malformed-header

Does the message contain malformed MIME 
headers?

.

duplicate_boundaries

Does the message contain duplicate MIME 
boundaries?

See 

a.Attachment filtering is discussed in detail in the section 

. 

b.Content Dictionaries are discussed in the detail in the “Text Resources” chapter.