Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The 

dictionary-match(<

dictonary_name>) rule evaluates to 

true

 if the message body contains any of 

the regular expressions or terms in the content dictionary named “dictonary_name.” If the dictionary 
does not exist, the rule evaluates to 

false

. For more information on defining dictionaries (including their 

case sensitivity and word boundary settings), see the “Text Resources” chapter. 

The following filter blind carbon copies the administrator when the Cisco scans a message that contains 
any words within the dictionary named “secret_words.”

The following example sends the message to the Policy quarantine if the message body contains any 
words within the dictionary named “secret_words.” Unlike the 

only-body-contains

 condition, the 

body-dictionary-match

 condition does not require that all the content parts individually match the 

dictionary. The scores of each content part (taking into account multipart/alternative parts) are added 
together.

In the following filter, a subject that matches a term in the specified dictionary is quarantined:

This example matches an email address in the “to” header and blind copies an administrator:

copy_codenames:  

   if (dictionary-match ('secret_words')) {

       bcc('administrator@example.com');

       }

quarantine_data_loss_prevention:  

   if (body-dictionary-match ('secret_words')) 

       {

       quarantine('Policy');

       }

quarantine_policy_subject:  

    if (subject-dictionary-match ('gTest'))

        {

        quarantine('Policy');

        }

headerTest:

    if (header-dictionary-match ('competitorsList', 'to'))

        {