Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-78
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
Image Analysis
Some messages contain images that you may wish to scan for inappropriate content. You can use the
image analysis engine to search for inappropriate content in email. Image analysis is not designed to
supplement or replace your anti-virus and anti-spam scanning engines. Its purpose is to enforce
acceptable use by identifying inappropriate content in email. Use the image analysis scanning engine to
quarantine and analyze mail and to detect trends.
image analysis engine to search for inappropriate content in email. Image analysis is not designed to
supplement or replace your anti-virus and anti-spam scanning engines. Its purpose is to enforce
acceptable use by identifying inappropriate content in email. Use the image analysis scanning engine to
quarantine and analyze mail and to detect trends.
After you configure AsyncOS for image analysis, you can use image analysis filter rules to perform
actions on suspect or inappropriate emails. Image scanning allows you to scan the following types of
attached files: JPEG, BMP, PNG, TIFF, GIF, TGA, ICO, and PCX. The image analyzer uses algorithms
that measure skin color, body size and curvature to determine the probability that the graphic contains
inappropriate content. When you scan image attachments, Cisco fingerprinting determines the file type,
and the image analyzer uses algorithms to analyze the image content. If the image is embedded in
another file, the Stellent scanning engine extracts the file. The Stellent scanning engine can extract
images from many file types, including Word, Excel, and PowerPoint documents. The image analysis
verdict is computed on the message as a whole. If the message does not include any images, the message
receives a score of “0” which maps to a “clean” verdict. Therefore, a message without any images will
receive a "clean" verdict.
actions on suspect or inappropriate emails. Image scanning allows you to scan the following types of
attached files: JPEG, BMP, PNG, TIFF, GIF, TGA, ICO, and PCX. The image analyzer uses algorithms
that measure skin color, body size and curvature to determine the probability that the graphic contains
inappropriate content. When you scan image attachments, Cisco fingerprinting determines the file type,
and the image analyzer uses algorithms to analyze the image content. If the image is embedded in
another file, the Stellent scanning engine extracts the file. The Stellent scanning engine can extract
images from many file types, including Word, Excel, and PowerPoint documents. The image analysis
verdict is computed on the message as a whole. If the message does not include any images, the message
receives a score of “0” which maps to a “clean” verdict. Therefore, a message without any images will
receive a "clean" verdict.
Note
Images cannot be extracted from PDF files.
Configuring the Image Analysis Scanning Engine
To enable image analysis from the GUI:
Procedure
Step 1
Go to Security Services > IronPort Image Analysis.
Step 2
Click Enable.
A success message displays, and the verdict settings display.
Attachment
Scanning
Scanning
drop-attachments-where-contai
ns (<regular expression>[,
<optional comment>])
Drops all attachments on message that contain
the regular expression. Archive files (zip, tar)
will be dropped if any of the files they contain
match the regular expression pattern.
the regular expression. Archive files (zip, tar)
will be dropped if any of the files they contain
match the regular expression pattern.
Drop Attachments
by Dictionary
Matches
by Dictionary
Matches
drop-attachments-where-dictio
nary-match(<dictionary name>)
This filter action strips attachments based on
matches to dictionary terms. If the terms in the
MIME parts considered to be an attachment
match a dictionary term (and the user-defined
threshold is met), the attachment is stripped
from the email. See
matches to dictionary terms. If the terms in the
MIME parts considered to be an attachment
match a dictionary term (and the user-defined
threshold is met), the attachment is stripped
from the email. See
.
Table 9-8
Message Filter Actions for Attachment Filtering (continued)
Action
Syntax Description