Cisco Cisco Email Security Appliance C160 Guía Del Usuario
9-32
Cisco AsyncOS 9.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The following example searches the body text and attachment for the phrase “Company Confidential.”
The example specifies a minimum threshold of two instances, so if the scanning engine finds two or more
instances of the phrase, it bounces any matching messages, and notifies the legal department of the
attempt:
The example specifies a minimum threshold of two instances, so if the scanning engine finds two or more
instances of the phrase, it bounces any matching messages, and notifies the legal department of the
attempt:
To scan only the body of the message, use
only-body-contains
:
Encryption Detection Rule
The
encrypted
rule examines the contents of a message for encrypted data. It does not attempt to decode
the encrypted data, but merely examines the contents of the message for the existence of encrypted data.
This can be useful for preventing users from sending encrypted email.
This can be useful for preventing users from sending encrypted email.
Note
The encrypted rule can only detect encrypted data in the content of messages. It does not detect
encrypted attachments.
encrypted attachments.
The
encrypted
rule is similar to the
true
rule in that it takes no parameters and cannot be compared.
This rule returns
true
if encrypted data is found and
false
if no encrypted data is found. Because this
function requires the message to be scanned, it uses the scanning settings you define on the Scan
Behavior page or using the
Behavior page or using the
scanconfig
command. For more information about configuring these
options, see
.
The following filter checks all email sent through the listener, and if a message contains encrypted data,
the message is blind-carbon-copied to the legal department and then bounced:
the message is blind-carbon-copied to the legal department and then bounced:
ConfidentialFilter:
if (body-contains('Company Confidential',2)) {
notify ('legaldept@example.domain');
bounce();
}
disclaimer:
if (not only-body-contains('[dD]isclaimer',1) ) {
notify('hresource@example.com');
}
prevent_encrypted_data:
if (encrypted) {
bcc ('legaldept@example.domain');
bounce();
}