Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
9-75
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
Dropping Attachments by Dictionary Matches
This
drop-attachments-where-dictionary-match
action strips attachments based on matches to
dictionary terms. If the terms in the MIME parts considered to be an attachment match a dictionary term
(and the user-defined threshold is met), the attachment is stripped from the email. The following example
shows attachment drops if words in the “secret_words” dictionary are detected in the attachment. Note
that the threshold for the matches is set to one:
(and the user-defined threshold is met), the attachment is stripped from the email. The following example
shows attachment drops if words in the “secret_words” dictionary are detected in the attachment. Note
that the threshold for the matches is set to one:
Quarantining Protected Attachments
The
attachment-protected
filter tests whether any attachment in the message is password protected.
You might use this filter on incoming mail to ensure that the attachments are scannable. According to
this definition, a zip file containing one encrypted member along with unencrypted members will be
considered protected. Similarly, PDF file that has no open password will not be considered protected,
even though it may restrict copying or printing with a password. The following example shows protected
attachments sent to a policy quarantine:
this definition, a zip file containing one encrypted member along with unencrypted members will be
considered protected. Similarly, PDF file that has no open password will not be considered protected,
even though it may restrict copying or printing with a password. The following example shows protected
attachments sent to a policy quarantine:
Detecting Unprotected Attachments
The
attachment-unprotected
filter tests whether any attachment in the message is not password
protected. This message filter complements the
attachment-protected
filter. You might use this filter
on outgoing mail to detect outgoing mail that is unprotected. The following example shows AsyncOS
detecting unprotected attachments on an outgoing listener and quarantining the messages:
detecting unprotected attachments on an outgoing listener and quarantining the messages:
Data_Loss_Prevention: if (true) {
drop-attachments-where-dictionary-match("secret_words", 1);
}
quarantine_protected:
if attachment-protected
{
quarantine("Policy");
}
quarantine_unprotected:
if attachment-unprotected
{
quarantine("Policy");
}