Cisco Cisco Email Security Appliance C160 Mode D'Emploi
5-321
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
Chapter 5 Using Message Filters to Enforce Email Policies
•
Each attachment’s filename is captured from the MIME headers. The
filename in the MIME header may contain trailing spaces.
filename in the MIME header may contain trailing spaces.
•
If an attachment is an archive, the IronPort appliance will harvest the
filenames from inside the archive and apply
filenames from inside the archive and apply
scanconfig
rules (see
–
If the attachment is a single compressed file (despite the file extension),
it is not considered an archive and the filename of the compressed file is
not harvested. This means that the file is not processed by the
it is not considered an archive and the filename of the compressed file is
not harvested. This means that the file is not processed by the
attachment-filename
rule. An example of this type of file is an
executable file (.exe) compressed with
gzip
.
–
For attachments consisting of a single compressed file, such as
foo.exe.gz, use regular expression to search for specific file types within
compressed files. See
foo.exe.gz, use regular expression to search for specific file types within
compressed files. See
.
See
for more information on message filter
rules you can use to manipulate attachments to messages.
The following filter checks all email sent through the listener, and if a message
contains an attachment with a filename
contains an attachment with a filename
*.mp3
, the message is bounced:
block_mp3s:
if (attachment-filename == '(?i)\\.mp3$') {
bounce();
}
Attachment Filenames and Single Compressed Files within Archive Files
This example shows how to match single compressed files in archives such as
those created by
those created by
gzip
:
quarantine_gzipped_exe_or_pif:
if (attachment-filename == '(?i)\\.(exe|pif)($|.gz$)') {