Cisco Cisco Email Security Appliance C650 Guía Del Usuario
6-339
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 6 Using Message Filters to Enforce Email Policies
To scan only the body of the message, use
only-body-contains
:
disclaimer:
if (not only-body-contains('[dD]isclaimer',1) ) {
notify('hresource@example.com');
}
Encryption Detection Rule
The
encrypted
rule examines the contents of a message for encrypted data. It does
not attempt to decode the encrypted data, but merely examines the contents of the
message for the existence of encrypted data. This can be useful for preventing
users from sending encrypted email.
message for the existence of encrypted data. This can be useful for preventing
users from sending encrypted email.
Note
The encrypted rule can only detect PGP and S/MIME encrypted data. It does not
detect password protected ZIP files, or Microsoft Word and Excel documents that
include encrypted content.
detect password protected ZIP files, or Microsoft Word and Excel documents that
include encrypted content.
The
encrypted
rule is similar to the
true
rule in that it takes no parameters and
cannot be compared. This rule returns
true
if encrypted data is found and
false
if no encrypted data is found. Because this function requires the message to be
scanned, it uses the scanning settings you define in the
scanned, it uses the scanning settings you define in the
scanconfig
command. For
more information about configuring these options, see
.
The following filter checks all email sent through the listener, and if a message
contains encrypted data, the message is blind-carbon-copied to the legal
department and then bounced:
contains encrypted data, the message is blind-carbon-copied to the legal
department and then bounced:
prevent_encrypted_data:
if (encrypted) {
bcc ('legaldept@example.domain');