Cisco Cisco Email Security Appliance C160 Mode D'Emploi
9-33
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
The
encrypted
rule is similar to the
true
rule in that it takes no parameters and cannot be compared.
This rule returns
true
if encrypted data is found and
false
if no encrypted data is found. Because this
function requires the message to be scanned, it uses the scanning settings you define on the Scan
Behavior page or using the
Behavior page or using the
scanconfig
command. For more information about configuring these
options, see
.
The following filter checks all email sent through the listener, and if a message contains encrypted data,
the message is blind-carbon-copied to the legal department and then bounced:
the message is blind-carbon-copied to the legal department and then bounced:
Attachment Type Rule
The
attachment-type
rule checks the MIME types of each attachment in a message to see if it matches
the given pattern. The pattern must be of the same form used in the Scan Behavior page or the
scanconfig
command, as described in
, and so may have either
side of the slash (
/
) replaced by an asterisk as a wildcard. If the message contains an attachment that
matches this specified MIME type, this rule returns “true.”
Because this function requires the message to be scanned, it obeys all of the options described in
.
See
for more information on message filter rules you can use to
manipulate attachments to messages.
The following filter checks all email sent through the listener, and if a message contains an attachment
with a MIME type of
with a MIME type of
video/*
, the message is bounced:
Attachment Filename Rule
The
attachment-filename
rule checks the filenames of each attachment in a message to see if it matches
the given regular expression. This comparison is case-sensitive. The comparison is, however sensitive to
whitespace so if the filename has encoded whitespace at the end, the filter will skip the attachment. If
one of the message’s attachments matches the filename, this rule returns “true.”
whitespace so if the filename has encoded whitespace at the end, the filter will skip the attachment. If
one of the message’s attachments matches the filename, this rule returns “true.”
Please note the following points:
•
Each attachment’s filename is captured from the MIME headers. The filename in the MIME header
may contain trailing spaces.
may contain trailing spaces.
prevent_encrypted_data:
if (encrypted) {
bcc ('legaldept@example.domain');
bounce();
}
bounce_video_clips:
if (attachment-type == 'video/*') {
bounce();
}