Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
9-77
Cisco AsyncOS 8.5 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
In the following example, the attachment is scanned for a pattern in the binary data. The filter uses the
attachment-binary-contains
filter rule to search for a pattern that indicates that the PDF document is
encrypted. If the pattern is present in the binary data, a custom header is inserted:
Dropping Attachments by File Type
In the following example, the “executable” group of attachments (
.exe
,
.dll
, and
.scr
) is stripped from
messages and text is added to the message, listing the filenames of the dropped files (via the
$dropped_filename
action variable). Note that the
drop-attachments-by-filetype
action examines
attachments and strips them based on the fingerprint of the file, and not just the three-letter filename
extension. Note also that you can specify a single filetype (“mpeg”) or you can refer to all of the
members of the filetype (“Media”):
extension. Note also that you can specify a single filetype (“mpeg”) or you can refer to all of the
members of the filetype (“Media”):
In the following example, the same “executable” group of attachments (
.exe
,
.dll
, and
.scr
) are
stripped from messages whose Envelope Sender is not within the domain
example.com
.
In the following example, a specific member of a file type (“wmf”) as well as a the same “executable”
group of attachments (
group of attachments (
.exe
,
.dll
, and
.scr
) are stripped from messages whose Envelope Sender is not
within the domain
example.com
.
match_PDF_Encrypt:
if (attachment-filetype == 'pdf' AND
attachment-binary-contains('/Encrypt')){
strip-header (‘Subject’);
insert-header (‘Subject’, ‘[Encrypted] $Subject’);
}
strip_all_exes: if (true) {
drop-attachments-by-filetype ('Executable', “Removed attachment:
$dropped_filename”);
}
strip_inbound_exes: if (mail-from != "@example\\.com$") {
drop-attachments-by-filetype ('Executable');
}
strip_inbound_exes_and_wmf: if (mail-from != "@example\\.com$") {
drop-attachments-by-filetype ('Executable');
drop-attachments-by-filetype ('x-wmf');
}