Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
11-18
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 11 Content Filters
Filtering Messages Based on Content
Notes on Configuring Content Filters in the GUI
•
It is not necessary to specify a condition when creating a content filter. When no action is defined,
any actions defined will always apply in the rule. (Specifying no condition is equivalent to using the
any actions defined will always apply in the rule. (Specifying no condition is equivalent to using the
true()
message filter rule — all messages will be matched if the content filter is applied to a policy.)
•
If you do not assign a custom user role to a content filter, the content filter is public and can be used
by any delegated administrator for their mail policies. See the “Common Administrative Tasks” in
the Cisco IronPort AsyncOS for Email Daily Management Guide for more information on delegated
administrators and content filters.
by any delegated administrator for their mail policies. See the “Common Administrative Tasks” in
the Cisco IronPort AsyncOS for Email Daily Management Guide for more information on delegated
administrators and content filters.
•
Administrators and operators can view and edit all content filters on an appliance, even when the
content filters are assigned to custom user roles.
content filters are assigned to custom user roles.
•
When entering text for filter rules and actions, the following meta characters have special meaning
in regular expression matching:
in regular expression matching:
. ^ $ * + ? { [ ] \ | ( )
If you do not wish to use regular expression you should use a '\' (backslash) to escape any of these
characters. For example: "\*Warning\*"
characters. For example: "\*Warning\*"
•
You can test message splintering and content filters by creating “benign” content filters. For
example, it is possible to create a content filter whose only action is “deliver.” This content filter
will not affect mail processing; however, you can use this filter to test how Email Security Manager
policy processing affects other elements in the system (for example, the mail logs).
example, it is possible to create a content filter whose only action is “deliver.” This content filter
will not affect mail processing; however, you can use this filter to test how Email Security Manager
policy processing affects other elements in the system (for example, the mail logs).
•
Conversely, using the “master list” concept of the Incoming or Outgoing Content Filters, it is
possible to create very powerful, wide-sweeping content filters that will immediately affect message
processing for all mail handled by the appliance. The process for this is to:
possible to create very powerful, wide-sweeping content filters that will immediately affect message
processing for all mail handled by the appliance. The process for this is to:
–
Use the Incoming or Outgoing Content Filters page to create a new content filter whose order
is 1.
is 1.
–
Use the Incoming or Outgoing Mail Policies page to enable the new content filter for the default
policy.
policy.
–
Enable the content filter for all remaining policies.
•
The Bcc: and Quarantine actions available in Content Filters can help you determine the retention
settings of quarantines you create. (See
settings of quarantines you create. (See
) You can create filters that would
simulate mail flow into and out of your policy quarantines so that messages are not released too
quickly from the system (that is, the quarantine areas do not fill their allotted disk space too quickly).
quickly from the system (that is, the quarantine areas do not fill their allotted disk space too quickly).
•
Because it uses the same settings as the
scanconfig
command, the “Entire Message” condition does
not scan a message’s headers; choosing the “Entire Message” will scan only the message body and
attachments. Use the “Subject” or “Header” conditions to search for specific header information.
attachments. Use the “Subject” or “Header” conditions to search for specific header information.
•
Configuring users by LDAP query will only appear in the GUI if you have LDAP servers configured
on the appliance (that is, you have configured the appliance to query specific LDAP servers with
specific strings using the
on the appliance (that is, you have configured the appliance to query specific LDAP servers with
specific strings using the
ldapconfig
command).
•
Some sections of the content filter rule builder will not appear in the GUI if the resource has not
been preconfigured. For example, notification templates and message disclaimers will not appear as
options if they have not been configured previously using the Text Resources page or the
been preconfigured. For example, notification templates and message disclaimers will not appear as
options if they have not been configured previously using the Text Resources page or the
textconfig
command in the CLI.
•
Content filters features will recognize, can contain, and/or scan for text in the following character
encodings:
encodings:
–
Unicode (UTF-8)
–
Unicode (UTF-16)