Cisco Cisco Email Security Appliance C190 Guía Del Usuario
9-86
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
In the following example, the same “executable” group of attachments (
.exe
,
.dll
, and
.scr
) are
stripped from messages whose Envelope Sender is not within the domain
example.com
.
In the following example, a specific member of a file type (“wmf”) as well as a the same “executable”
group of attachments (
group of attachments (
.exe
,
.dll
, and
.scr
) are stripped from messages whose Envelope Sender is not
within the domain
example.com
.
In the following example, the “executable” pre-defined group of attachments is extended to include more
attachment names. (Note that this action will not examine the attachments’ file type.)
attachment names. (Note that this action will not examine the attachments’ file type.)
The
drop-attachments-by-name
action supports non-ASCII characters.
Note
The
drop-attachments-by-name
action matches the regular expression against the filename captured
from the MIME header. The filename captured from the MIME header may contain trailing spaces.
In the following example, a message is dropped if the attachment is not an .exe executable file type.
However, the filter will not perform any action on the message if there is at least one attachment with
the file type you want to filter out. For example, the following filter drops any message with an
attachment that is not an
However, the filter will not perform any action on the message if there is at least one attachment with
the file type you want to filter out. For example, the following filter drops any message with an
attachment that is not an
.exe
file type:
If a message has multiple attachments, the Email Security appliance does not drop the message if at least
one of the attachments is an
one of the attachments is an
.exe
file, even if the other attachments not
.exe
files.
strip_inbound_exes: if (mail-from != "@example\\.com$") {
drop-attachments-by-filetype ('Executable');
}
strip_inbound_exes_and_wmf: if (mail-from != "@example\\.com$") {
drop-attachments-by-filetype ('Executable');
drop-attachments-by-filetype ('x-wmf');
}
strip_all_dangerous: if (true) {
drop-attachments-by-filetype ('Executable');
drop-attachments-by-name('(?i)\\.(cmd|pif|bat)$');
}
exe_check: if (attachment-filetype != "exe") {
drop();
}