Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
9-65
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
The following example inserts a message tag into a message with “[Encrypt]” in the subject. You can
then create a DLP policy that will encrypt messages with this message tag before delivering them if
Cisco Email Encryption is available:
then create a DLP policy that will encrypt messages with this message tag before delivering them if
Cisco Email Encryption is available:
Add Log Entry Action
The
log-entry
action inserts customized text into the IronPort Text Mail logs at the
INFO
level. The text
can include action variables. You can use this action to insert useful text for debugging purposes and
information on why a message filter performed a certain action. The log entry also appears in message
tracking.
information on why a message filter performed a certain action. The log entry also appears in message
tracking.
The following example inserts a log entry explaining that message was bounced because it possibly
contained confidential company information:
contained confidential company information:
Attachment Scanning
AsyncOS can strip attachments from messages that are inconsistent with your corporate policies, while
still retaining the ability to deliver the original message.
still retaining the ability to deliver the original message.
You can filter attachments based on their specific file type, fingerprint, or based on the content of the
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
.exe
) to a more commonly used extension (for
example,
.doc
) in the hope that the renamed file would bypass attachment filters.
When you scan attachments for content, the Stellent attachment scanning engine extracts data from
attachment files to search for the regular expression. It examines both data and metadata in the
attachment file. If you scan an Excel or Word document, the attachment scanning engine can also detect
the following types of embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
attachment files to search for the regular expression. It examines both data and metadata in the
attachment file. If you scan an Excel or Word document, the attachment scanning engine can also detect
the following types of embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
Tag_Message:
if (subject == '^\\[Encrypt\\]')
{
tag-message('Encrypt-And-Deliver');
}
CompanyConfidential:
if (body-contains('Company Confidential'))
{
log-entry('Message may have contained confidential information.');
bounce();
}