Cisco Cisco Email Security Appliance C160 Mode D'Emploi
9-16
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Using Regular Expressions to Filter Messages
You can use filters to search for strings and patterns in non-ASCII encoded message content (both
headers and bodies). Specifically, the system supports regular expression (regex) searching for
non-ASCII character sets within:
headers and bodies). Specifically, the system supports regular expression (regex) searching for
non-ASCII character sets within:
•
Message headers
•
MIME attachment filename strings
•
Message body:
–
Bodies without MIME headers (i.e. traditional email)
–
Bodies with MIME headers indicating encoding but no MIME parts
–
Multi-part MIME messages with encoding indicated
–
All of the above without the encoding specified in a MIME header
You can use regular expressions (regexes) to match on any part of the message or body, including
matching attachments. The various attachment types include text, HTML, MS Word, Excel, and others.
Examples of character sets of interest include gb2312, HZ, EUC, JIS, Shift-JIS, Big5, and Unicode.
Message filter rules with regular expressions can be created through the content filter GUI, or using a
text editor to generate a file that is then imported into the system. For more information, see
matching attachments. The various attachment types include text, HTML, MS Word, Excel, and others.
Examples of character sets of interest include gb2312, HZ, EUC, JIS, Shift-JIS, Big5, and Unicode.
Message filter rules with regular expressions can be created through the content filter GUI, or using a
text editor to generate a file that is then imported into the system. For more information, see
and
Guidelines for Using Regular Expressions
It is important to begin a regular expression with a caret (
^
) and end it with a dollar sign (
$
) whenever
you want to exactly match a string and not a prefix.
Note
When matching an empty string, do not use
“”
as that actually matches all strings. Instead use
“^$”
. For
an example, see the second example in
.
Case-insensitivity (
(?i)
)
The token
(?i)
that indicates the rest of the regular expression should
be treated in case-insensitive mode. Placing this token at the beginning
of a case-sensitive regular expression results in a completely
insensitive match.
of a case-sensitive regular expression results in a completely
insensitive match.
For example, the regular expression “
(?i)viagra
” matches
Viagra
,
vIaGrA
, and
VIAGRA
.
Number of repetitions
{min,max}
The regular expression notation that indicates the number of repetitions
of the previous token is supported.
of the previous token is supported.
For example, the expression “
fo{2,3}
” matches
foo
and
fooo
but not
fo
or
fofo
.
This statement:
if(header('To') == "^.{500,}")
looks for a “To”
header that has 500 or more characters in it.
Or (
|
)
Alternation, or the “or” operator. If A and B are regular expressions, the
expression “
expression “
A|B
” will match any string that matches either “A” or “B.”
For example, the expression “
foo|bar
” will match either
foo
or
bar
,
but not
foobar
.
Table 9-3
Regular Expression in Rules