Cisco Cisco Email Security Appliance C160 User Guide

signed-certificate(<field> 

[<operator> <regular 

expression>])

Does the message signer or X.509 certificate 
issuer match a certain pattern? See 

header-repeats (<target>, 

<threshold> [, <direction>])

Returns 

true 

if at a given point in time, a 

specified number of messages:

With same subject header are detected in 
last one hour.

From same envelope-sender are detected in 
last one hour.

See 

url-reputation

url-no-reputation

Is the reputation score of any URL in the 
message within the specified range? 

Is a reputation score for a URL unavailable? 

See 

url-category

Does the category of any URL in the message 
match the specified categories? 

See 

attachment-corrupt

Does this message have an attachment that is 
corrupt?

See 

.

message-language

Is the message (subject and body) in one of the 
selected languages? 

See 

forged-email-detection("<dic

tionary_name>", <threshold>)

Is the sender address of the message forged? The 
rule checks if the From: header in the message is 
similar to any of the users in the content 
dictionary.

See 

.

duplicate_boundaries

Does the message contain duplicate MIME 
boundaries?

See 

malformed-header

Does the message contain malformed MIME 
headers?

See 

a.Attachment filtering is discussed in detail in the section 

. 

b.Content Dictionaries are discussed in the detail in the “Text Resources” chapter.