Cisco Cisco Email Security Appliance C160 Guía Del Usuario
9-21
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The regular expression engine only has to start twice and the filter is arguably easier to maintain as you
do not have to worry about adding “()”, spelling errors. In contrast to the above, this should show a
decrease in CPU overhead.
do not have to worry about adding “()”, spelling errors. In contrast to the above, this should show a
decrease in CPU overhead.
PDFs and Regular Expressions
Depending on how a PDF is generated, it may contain no spaces or line breaks. When this occurs, the
scanning engine attempts to insert logical spaces and line breaks based on the location of the words on
the page. For example, when a word is constructed using multiple fonts or font sizes, the PDF code is
rendered in a way that makes it difficult for the scanning engine to determine word and line breaks. When
you attempt to match a regular expression against a PDF file constructed in this way, the scanning engine
may return unexpected results.
scanning engine attempts to insert logical spaces and line breaks based on the location of the words on
the page. For example, when a word is constructed using multiple fonts or font sizes, the PDF code is
rendered in a way that makes it difficult for the scanning engine to determine word and line breaks. When
you attempt to match a regular expression against a PDF file constructed in this way, the scanning engine
may return unexpected results.
For example, you enter a word in a PowerPoint document that uses different fonts and different font
sizes for each letter in the word. When a scanning engine reads a PDF generated from this application,
it inserts logical spaces and line breaks. Because of the construction of the PDF, it may interpret the word
“callout” as “call out” or “c a l lout.” Attempting to match either of these renderings against the regular
expression, “callout,” would result in no matches.
sizes for each letter in the word. When a scanning engine reads a PDF generated from this application,
it inserts logical spaces and line breaks. Because of the construction of the PDF, it may interpret the word
“callout” as “call out” or “c a l lout.” Attempting to match either of these renderings against the regular
expression, “callout,” would result in no matches.
Smart Identifiers
When you use message rules that scan message content, you can use smart identifiers to detect certain
patterns in the data.
patterns in the data.
Smart identifiers can detect the following patterns in data:
•
Credit card numbers
•
U.S. Social Security numbers
•
Committee on Uniform Security Identification Procedures (CUSIP) numbers
•
American Banking Association (ABA) routing numbers
To use smart identifiers in a filter, enter the following keywords in a filter rule that scans body or
attachment content:
attachment content:
Related Topics
•
Table 9-4
Smart Identifiers in Message Filters
Key Word
Smart Identifier
Description
*credit
Credit card number
Identifies 14-, 15-, and 16- digit credit
card numbers.
card numbers.
NOTE: The smart identifier does not
identify enRoute cards.
identify enRoute cards.
*aba
ABA routing number
Identifies ABA routing numbers.
*ssn
Social security number
Identifies U.S. social security
numbers. The *ssn smart identifier
identifies social security numbers with
dashes, periods and spaces.
numbers. The *ssn smart identifier
identifies social security numbers with
dashes, periods and spaces.
*cusip
CUSIP number
Identifies CUSIP numbers.