Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
9-73
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
Examples of Attachment Scanning Message Filters
The following examples shows actions performed on attachments.
Inserting Headers
In these examples, AsyncOS inserts headers when the attachments contain specified content.
In the following example, all of the attachments on the message are scanned for a keyword. If the
keyword is present in all of the attachments, a custom X-Header is inserted:
keyword is present in all of the attachments, a custom X-Header is inserted:
In the following example, the attachment is scanned for a pattern in the binary data. The filter uses the
attachment-binary-contains
filter rule to search for a pattern that indicates that the PDF document is
encrypted. If the pattern is present in the binary data, a custom header is inserted:
Dropping Attachments by File Type
In the following example, the “executable” group of attachments (
.exe
,
.dll
, and
.scr
) is stripped from
messages and text is added to the message, listing the filenames of the dropped files (via the
$dropped_filename
action variable). Note that the
drop-attachments-by-filetype
action examines
attachments and strips them based on the fingerprint of the file, and not just the three-letter filename
extension. Note also that you can specify a single filetype (“mpeg”) or you can refer to all of the
members of the filetype (“Media”):
extension. Note also that you can specify a single filetype (“mpeg”) or you can refer to all of the
members of the filetype (“Media”):
attach_disclaim:
if (every-attachment-contains('[dD]isclaimer') ) {
insert-header("X-Example-Approval", "AttachOK");
}
match_PDF_Encrypt:
if (attachment-filetype == 'pdf' AND
attachment-binary-contains('/Encrypt')){
strip-header (‘Subject’);
insert-header (‘Subject’, ‘[Encrypted] $Subject’);
}
strip_all_exes: if (true) {
drop-attachments-by-filetype ('Executable', “Removed attachment:
$dropped_filename”);
}