Cisco Cisco Email Security Appliance C160 Mode D'Emploi
9-69
Cisco AsyncOS 8.5 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
Attachment Scanning
AsyncOS can strip attachments from messages that are inconsistent with your corporate policies, while
still retaining the ability to deliver the original message.
still retaining the ability to deliver the original message.
You can filter attachments based on their specific file type, fingerprint, or based on the content of the
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
.exe
) to a more commonly used extension (for
example,
.doc
) in the hope that the renamed file would bypass attachment filters.
When you scan attachments for content, the Stellent attachment scanning engine extracts data from
attachment files to search for the regular expression. It examines both data and metadata in the
attachment file. If you scan an Excel or Word document, the attachment scanning engine can also detect
the following types of embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
attachment files to search for the regular expression. It examines both data and metadata in the
attachment file. If you scan an Excel or Word document, the attachment scanning engine can also detect
the following types of embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
Message Filters for Scanning Attachments
The message filter actions described in
are non-final actions. (Attachments are dropped and
the message processing continues.)
The optional comment is text that is added to the message, much like a footer, and it can contain Message
Filter Action Variables (see
Filter Action Variables (see
).
Table 9-8
Message Filter Actions for Attachment Filtering
Action
Syntax Description
Drop Attachments
by Name
by Name
drop-attachments-by-name
(<regular expression>[,
<optional comment>])
Drops all attachments on messages that have a
filename that matches the given regular
expression. Archive file attachments (zip, tar)
will be dropped if they contain a file that
matches. See
filename that matches the given regular
expression. Archive file attachments (zip, tar)
will be dropped if they contain a file that
matches. See
.
Drop Attachments
by Type
by Type
drop-attachments-by-type
(<MIME type>[, <optional
comment>])
Drops all attachments on messages that have a
MIME type, determined by either the given
MIME type or the file extension. Archive file
attachments (zip, tar) will be dropped if they
contain a file that matches.
MIME type, determined by either the given
MIME type or the file extension. Archive file
attachments (zip, tar) will be dropped if they
contain a file that matches.
Drop Attachments
by File Type
by File Type
drop-attachments-by-filetype
(<fingerprint name>[,
<optional comment>])
Drops all attachments on messages that match
the given “fingerprint” of the file. Archive file
attachments (zip, tar) will be dropped if they
contain a file that matches. For more
information, see
the given “fingerprint” of the file. Archive file
attachments (zip, tar) will be dropped if they
contain a file that matches. For more
information, see
Drop Attachments
by MIME Type
by MIME Type
drop-attachments-by-mimetype
(<MIME type>[, <optional
comment>])
Drops all attachments on messages that have a
given MIME type. This action does not attempt
to ascertain the MIME type by file extension
and so it also does not examine the contents of
archives.
given MIME type. This action does not attempt
to ascertain the MIME type by file extension
and so it also does not examine the contents of
archives.