Cisco Cisco Email Security Appliance C190 Guida Utente
9-82
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
You can filter attachments based on their specific file type, fingerprint, or based on the content of the
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
.exe
) to a more commonly used extension (for
example,
.doc
) in the hope that the renamed file would bypass attachment filters.
When you scan attachments for content, the Content Scanner extracts data from attachment files to
search for the regular expression. It examines both data and metadata in the attachment file. If you scan
an Excel or Word document, the attachment scanning engine can also detect the following types of
embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
search for the regular expression. It examines both data and metadata in the attachment file. If you scan
an Excel or Word document, the attachment scanning engine can also detect the following types of
embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
Note
You can view the details of the Content Scanner-related files using the Security Services > Scan
Behavior page in web interface or using the
Behavior page in web interface or using the
contentscannerstatus
command in CLI. These files are
automatically updated using update server. If you want to manually update these files, see
Related Topics
•
•
•
•
•
•
Message Filters for Scanning Attachments
The message filter actions described in
are non-final actions. (Attachments are dropped and
the message processing continues.)
The optional comment is text that is added to the message, much like a footer, and it can contain Message
Filter Action Variables (see
Filter Action Variables (see
).
Table 9-8
Message Filter Actions for Attachment Filtering
Action
Syntax Description
Drop Attachments
by Name
by Name
drop-attachments-by-name
(<regular expression>[,
<optional comment>])
Drops all attachments on messages that have a
filename that matches the given regular
expression. Archive file attachments (zip, tar)
will be dropped if they contain a file that
matches. See
filename that matches the given regular
expression. Archive file attachments (zip, tar)
will be dropped if they contain a file that
matches. See
.
Drop Attachments
by Type
by Type
drop-attachments-by-type
(<MIME type>[, <optional
comment
>])
Drops all attachments on messages that have a
MIME type, determined by either the given
MIME type or the file extension. Archive file
attachments (zip, tar) will be dropped if they
contain a file that matches.
MIME type, determined by either the given
MIME type or the file extension. Archive file
attachments (zip, tar) will be dropped if they
contain a file that matches.