Cisco Cisco Email Security Appliance C160 Mode D'Emploi

In the following example, at any given point in time, if the filter detects 

X

 or more outgoing messages 

from same envelope sender in the last one hour, the subsequent messages from the same envelope sender 
are dropped and discarded. 

In the following example, at any given point in time, if the filter detects 

X

 or more incoming or outgoing 

messages with identical subject in the last one hour, the administrator is notified for every subsequent 
message with identical subject. 

 

Use URL categories to define message actions based on the category of URLs in the message. For 
important details, see 

 in 

Filter syntax when using a 

url-category

 rule is: 

<msg_filter_name>: if url-category ([‘<category-name1>’,’<category-name2>’,…, 

‘<category-name3>’],’<url_white_list>’)

{

<action>

}

Where: 

msg_filter_name

 is the name of this message filter. 

action

 is any Message Filter action. 

category-name

 is the URL category. Separate multiple categories with commas. To obtain correct 

category names, look at a URL Category condition or action in a Content Filter. For descriptions and 
examples of the categories, see 

url_white_list

 is the name of a defined URL list (via the 

urllistconfig

 command.)

The Corrupt Attachment rule evaluates to 

true

 if a message contains corrupt attachment. A corrupt 

attachment is an attachment that the scanning engine cannot scan and identified as corrupt.

In the following example, if the filter detects a corrupt attachment in a message, the message is 
quarantined to Policy Quarantine.

f2 :  if header-repeats('mail-from', X, 'outgoing') {drop();}

f3: if header-repeats('subject', X) {notify('admin@xyz.com');}

quar_corrupt_attach: if (attachment-corrupt) { quarantine("Policy"); }