Cisco Cisco Email Security Appliance C160 Guía Del Usuario

If you do not assign a custom user role to a content filter, the content filter is 
public and can be used by any delegated administrator for their mail policies. 
See the “Common Administrative Tasks” in the Cisco IronPort AsyncOS for 
Email Daily Management Guide for more information on delegated 
administrators and content filters.

Administrators and operators can view and edit all content filters on an 
appliance, even when the content filters are assigned to custom user roles.

When entering text for filter rules and actions, the following meta characters 
have special meaning in regular expression matching: 

. ^ $ * + ? { [ ] \ 

| ( )

If you do not wish to use regular expression you should use a '\' (backslash) 
to escape any of these characters. For example: "\*Warning\*" 

When you define more than one Condition for a content filter, you can define 
whether all of the defined actions (that is, a logical AND) or any of the 
defined actions (logical OR) need to apply in order for the content filter to be 
considered a match. 

You can test message splintering and content filters by creating “benign” 
content filters. For example, it is possible to create a content filter whose only 
action is “deliver.” This content filter will not affect mail processing; 
however, you can use this filter to test how Email Security Manager policy 
processing affects other elements in the system (for example, the mail logs). 

Conversely, using the “master list” concept of the Incoming or Outgoing 
Content Filters, it is possible to create very powerful, wide-sweeping content 
filters that will immediately affect message processing for all mail handled 
by the appliance. The process for this is to:

Use the Incoming or Outgoing Content Filters page to create a new 
content filter whose order is 1.