Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-8
Cisco AsyncOS 9.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Processing
The
body-contains
filter rule would determine the score for this message by first scoring the text/plain
and text/html parts of the message. It would then compare the results of these scores and select the
highest score from the results. Next, it would add this result to the score from each of the attachments to
determine the final score. Suppose the message has the following number of matches:
highest score from the results. Next, it would add this result to the score from each of the attachments to
determine the final score. Suppose the message has the following number of matches:
Because AsyncOS compares the matches for the text/plain and text/html parts, it returns a score of 3,
which does not meet the minimum threshold to trigger the filter rule.
which does not meet the minimum threshold to trigger the filter rule.
Threshold Scoring for Content Dictionaries
When you use a content dictionary, you can “weight” terms so that certain terms trigger filter actions
more easily. For example, you may want not want to trigger a message filter for the term, “bank.”
However, if the term, “bank” is combined with the term, “account,” and accompanied with an ABA
routing number, you may want to trigger a filter action. To accomplish this, you can use a weighted
dictionary to give increased importance to certain terms or a combination of terms. When a message
filter that uses a content dictionary scores the matches for filter rule, it uses these weights to determine
the final score. For example, suppose you create a content dictionary with the following contents and
weights:
more easily. For example, you may want not want to trigger a message filter for the term, “bank.”
However, if the term, “bank” is combined with the term, “account,” and accompanied with an ABA
routing number, you may want to trigger a filter action. To accomplish this, you can use a weighted
dictionary to give increased importance to certain terms or a combination of terms. When a message
filter that uses a content dictionary scores the matches for filter rule, it uses these weights to determine
the final score. For example, suppose you create a content dictionary with the following contents and
weights:
When you associate this content dictionary with a
dictionary-match
or
attachment-dictionary-match
message filter rule, AsyncOS would add the weight for the term to the
total “score” for each instance of the matching term found in the message. For example, if the message
contains three instances of the term, “account” in the message body, AsyncOS would add a value of 6 to
contains three instances of the term, “account” in the message body, AsyncOS would add a value of 6 to
text/plain
text/html
application/octet-stream
application/octet-stream
multipart/mixed
multipart/alternative
text/plain (2 matches)
text/html (2 matches)
application/octet-stream (1 match)
application/octet-stream
Table 9-1
Sample Content Dictionary
Term/Smart Identifier
Weight
ABA Routing Number
3
Account
2
Bank
1