Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
9-18
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Related Topics
•
•
•
•
•
•
•
Using Regular Expressions to Filter Messages
You can use filters to search for strings and patterns in non-ASCII encoded message content (both
headers and bodies). Specifically, the system supports regular expression (regex) searching for
non-ASCII character sets within:
headers and bodies). Specifically, the system supports regular expression (regex) searching for
non-ASCII character sets within:
•
Message headers
•
MIME attachment filename strings
•
Message body:
–
Bodies without MIME headers (i.e. traditional email)
–
Bodies with MIME headers indicating encoding but no MIME parts
–
Multi-part MIME messages with encoding indicated
–
All of the above without the encoding specified in a MIME header
You can use regular expressions (regexes) to match on any part of the message or body, including
matching attachments. The various attachment types include text, HTML, MS Word, Excel, and others.
Examples of character sets of interest include gb2312, HZ, EUC, JIS, Shift-JIS, Big5, and Unicode.
matching attachments. The various attachment types include text, HTML, MS Word, Excel, and others.
Examples of character sets of interest include gb2312, HZ, EUC, JIS, Shift-JIS, Big5, and Unicode.
Case-insensitivity (
(?i)
)
The token
(?i)
that indicates the rest of the regular expression should
be treated in case-insensitive mode. Placing this token at the beginning
of a case-sensitive regular expression results in a completely
insensitive match.
of a case-sensitive regular expression results in a completely
insensitive match.
For example, the regular expression “
(?i)viagra
” matches
Viagra
,
vIaGrA
, and
VIAGRA
.
Number of repetitions
{min,max}
The regular expression notation that indicates the number of repetitions
of the previous token is supported.
of the previous token is supported.
For example, the expression “
fo{2,3}
” matches
foo
and
fooo
but not
fo
or
fofo
.
This statement:
if(header('To') == "^.{500,}")
looks for a “To”
header that has 500 or more characters in it.
Or (
|
)
Alternation, or the “or” operator. If A and B are regular expressions, the
expression “
expression “
A|B
” will match any string that matches either “A” or “B.”
For example, the expression “
foo|bar
” will match either
foo
or
bar
,
but not
foobar
.
Table 9-3
Regular Expression in Rules