Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
6-405
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 6 Using Message Filters to Enforce Email Policies
In the following example, the “executable” pre-defined group of attachments is
extended to include more attachment names. (Note that this action will not
examine the attachments’ file type.)
extended to include more attachment names. (Note that this action will not
examine the attachments’ file type.)
strip_all_dangerous: if (true) {
drop-attachments-by-filetype ('Executable');
drop-attachments-by-name('(?i)\\.(cmd|pif|bat)$');
}
The
drop-attachments-by-name
action supports non-ASCII characters.
Note
The
drop-attachments-by-name
action matches the regular expression against
the filename captured from the MIME header. The filename captured from the
MIME header may contain trailing spaces.
MIME header may contain trailing spaces.
Dropping Attachments by Dictionary Matches
This
drop-attachments-where-dictionary-match
action strips attachments
based on matches to dictionary terms. If the terms in the MIME parts considered
to be an attachment match a dictionary term (and the user-defined threshold is
met), the attachment is stripped from the email. The following example shows
attachment drops if words in the “secret_words” dictionary are detected in the
attachment. Note that the threshold for the matches is set to one:
to be an attachment match a dictionary term (and the user-defined threshold is
met), the attachment is stripped from the email. The following example shows
attachment drops if words in the “secret_words” dictionary are detected in the
attachment. Note that the threshold for the matches is set to one:
Data_Loss_Prevention: if (true) {
drop-attachments-where-dictionary-match("secret_words", 1);
}
Quarantining Protected Attachments
The
attachment-protected
filter tests whether any attachment in the message is
password protected or encrypted. You might use this filter on incoming mail to
ensure that the attachments are scannable. According to this definition, a zip file
ensure that the attachments are scannable. According to this definition, a zip file