Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
14-8
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 14 Text Resources
Using and Testing Content Dictionaries
Dictionaries can be used along with the various
dictionary-match()
message filter rules and with
content filters.
Dictionary Match Filter Rule
The message filter rule named
dictionary-match(<
dictionary_name
>)
(and its counterparts) evaluates
to true if the message body contains any of the regular expressions in the content dictionary named
dictionary_name. If that dictionary does not exist, the rule evaluates to false.
dictionary_name. If that dictionary does not exist, the rule evaluates to false.
Note that the
dictionary-match()
rule functions similarly to the
body-contains()
body scanning rule:
it only scans the body and attachments of messages, and not the headers.
For scanning headers, you can use the appropriate
*-dictionary-match()
-type rule (there are rules for
specific headers, such as
subject-dictionary-match()
and a more generic rule,
header-dictionary-match()
, in which you can specify any header including custom headers). See
“Dictionary Rules” in the “Using Message Filters to Enforce Email Policies” chapter of the Cisco
IronPort AsyncOS for Email Advanced Configuration Guide for more information about dictionary
matching.
IronPort AsyncOS for Email Advanced Configuration Guide for more information about dictionary
matching.
In the following example, a new message filter using the
dictionary-match()
rule is created to blind
carbon copy the administrator when the Cisco IronPort appliance scans a message that contains any
words within the dictionary named “secret_words” (created in the previous example). Note that because
of the settings, only messages that contain the whole word “
words within the dictionary named “secret_words” (created in the previous example). Note that because
of the settings, only messages that contain the whole word “
codename
” matching the case exactly will
evaluate to true for this filter.
In this example, we send the message to the Policy quarantine:
Table 14-1
Message Filter Rules for Content Dictionaries
Rule
Syntax
Description
Dictionary Match
dictionary-match(<dictionary
_name>)
Does the message contain a word that
matches all the regular expressions listed in
the named dictionary?
matches all the regular expressions listed in
the named dictionary?
bcc_codenames:
if (dictionary-match ('secret_words'))
{
bcc('administrator@example.com');
}
quarantine_codenames:
if (dictionary-match ('secret_words'))
{