Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-20
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
You can also use smart identifiers in content filters and as a part of content dictionaries.
Note
You cannot combine a smart identifier key word with a normal regular expression or another key word.
For example the pattern
For example the pattern
*credit|*ssn
would not be valid.
Note
To minimize on false positives using the *SSN smart identifier, it may be helpful to use the *ssn smart
identifier along with other filter criteria. One example filter that can be used is the “only-body-contains”
filter condition. This will only evaluate the expression to be true if the search string is present in all of
the message body mime parts. For example, you could create the following filter:
identifier along with other filter criteria. One example filter that can be used is the “only-body-contains”
filter condition. This will only evaluate the expression to be true if the search string is present in all of
the message body mime parts. For example, you could create the following filter:
SSN-nohtml: if only-body-contains(“*ssn”) { duplicate-quarantine(“Policy”);}
Examples of Message Filter Rules
The following section shows examples of message filter rules in use.
True Rule
The
true
rule matches all messages. For example, the following rule changes the IP interface to external
for all messages it tests.
Valid Rule
The
valid
rule returns false if the message contains unparsable/invalid MIME parts and true otherwise.
For example, the following rule drops all unparsable messages it tests.
notify("legaldept@example.com");
}
.
externalFilter:
if (true)
{
alt-src-host('external');
}
not-valid-mime:
if not valid
{