Cisco Cisco Email Security Appliance C160 Mode D'Emploi

You can use filters to search for strings and patterns in non-ASCII encoded 
message content (both headers and bodies). Specifically, the system supports 
regular expression (regex) searching for non-ASCII character sets within: 

Message headers

MIME attachment filename strings 

Message body: 

Bodies without MIME headers (i.e. traditional email) 

Bodies with MIME headers indicating encoding but no MIME parts

Multi-part MIME messages with encoding indicated

All of the above without the encoding specified in a MIME header

You can use regular expressions (regexes) to match on any part of the message or 
body, including matching attachments. The various attachment types include text, 
HTML, MS Word, Excel, and others. Examples of character sets of interest 
include gb2312, HZ, EUC, JIS, Shift-JIS, Big5, and Unicode. Message filter rules 
with regular expressions can be created through the content filter GUI (see “Email 
Security Manager” in the Cisco IronPort AsyncOS for Email Configuration 

The regular expression notation that indicates the 
number of repetitions of the previous token is 
supported. 

For example, the expression “

fo{2,3}

” matches 

foo

 

and 

fooo

 but not 

fo

 or 

fofo

.

This statement: 

if(header('To') == 

"^.{500,}")

looks for a “To” header that has 500 or 

more characters in it. 

Alternation, or the “or” operator. If A and B are regular 
expressions, the expression “

A|B

” will match any string 

that matches either “A” or “B.” 

For example, the expression “

foo|bar

” will match 

either 

foo

 or 

bar

, but not 

foobar

.