Cisco Cisco Email Security Appliance C160 Mode D'Emploi

In the following example, the “executable” pre-defined group of attachments is 
extended to include more attachment names. (Note that this action will not 
examine the attachments’ file type.)

The 

drop-attachments-by-name

 action supports non-ASCII characters.

The 

drop-attachments-by-name 

action matches the regular expression against 

the filename captured from the MIME header. The filename captured from the 
MIME header may contain trailing spaces.

This 

drop-attachments-where-dictionary-match 

action strips attachments 

based on matches to dictionary terms. If the terms in the MIME parts considered 
to be an attachment match a dictionary term (and the user-defined threshold is 
met), the attachment is stripped from the email. The following example shows 
attachment drops if words in the “secret_words” dictionary are detected in the 
attachment. Note that the threshold for the matches is set to one: 

The 

attachment-protected

 filter tests whether any attachment in the message is 

password protected. You might use this filter on incoming mail to ensure that the 
attachments are scannable. According to this definition, a zip file containing one 

strip_all_dangerous: if (true) {

                    drop-attachments-by-filetype ('Executable');

                      drop-attachments-by-name('(?i)\\.(cmd|pif|bat)$');

                     }

Data_Loss_Prevention: if (true) {

drop-attachments-where-dictionary-match("secret_words", 1);

}