Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The following example searches the body text and attachment for the phrase “Company Confidential.” 
The example specifies a minimum threshold of two instances, so if the scanning engine finds two or more 
instances of the phrase, it  bounces any matching messages, and notifies the legal department of the 
attempt:

To scan only the body of the message, use 

only-body-contains

:

The 

encrypted

 rule examines the contents of a message for encrypted data. It does not attempt to decode 

the encrypted data, but merely examines the contents of the message for the existence of encrypted data. 
This can be useful for preventing users from sending encrypted email. 

The encrypted rule can only detect encrypted data in the content of messages. It does not detect 
encrypted attachments.

The 

encrypted

 rule is similar to the 

true

 rule in that it takes no parameters and cannot be compared. 

This rule returns 

true

 if encrypted data is found and 

false

 if no encrypted data is found. Because this 

function requires the message to be scanned, it uses the scanning settings you define on the Scan 
Behavior page or using the 

scanconfig

 command. For more information about configuring these 

options, see 

. 

The following filter checks all email sent through the listener, and if a message contains encrypted data, 
the message is blind-carbon-copied to the legal department and then bounced: 

ConfidentialFilter:

   if (body-contains('Company Confidential',2)) {

        notify ('legaldept@example.domain');

        bounce();

   }

disclaimer:

    if (not only-body-contains('[dD]isclaimer',1) ) {

        notify('hresource@example.com');

    }

prevent_encrypted_data:  

    if (encrypted) {

         bcc ('legaldept@example.domain');

         bounce();

      }