Cisco Cisco Email Security Appliance C170 사용자 가이드

The syntax of a filter using the 

url-category-defang 

action is: 

<msg_filter_name>:

if <condition>

{

url-category-defang([‘<category-name1>’,’<category-name2>’,…, ‘<category-name3>’], 

’<url_white_list>’, <unsigned-only>);

}

The syntax of a filter using the 

url-category-proxy-redirect 

action is: 

<msg_filter_name>:

if <condition>

{

url-category-proxy-redirect([‘<category-name1>’,’<category-name2>’,…, 

‘<category-name3>’], ’<url_white_list>’, <unsigned-only>);

}

The No Operation action performs a no-op, or no operation. You can use this action in a message filter 
if you do not want to use any of the other actions such as Notify, Quarantine, or Drop. For example, to 
understand the behavior of a new message filter that you created, you can use the No Operation action. 
After the message filter is operational, you can monitor the behavior of the new message filter using the 
Message Filters report page, and fine-tune the filter to match your requirements.

The following example shows how to use No Operation action in a message filter.

Strips the From: header from the forged message and replaces it with the Envelope Sender. 

The following message filter compares the From: header in the message with the terms in dictionary and 
if the matching score of a term in the content dictionary is greater than or equal to 70, the message filter 
strips the From: header and replaces it with the Envelope Sender.

FED_CF: if (forged-email-detection("Execs", 70)) { fed("from", ""); }

The Email Security appliance uses Content Scanner to strip attachments from messages that are 
inconsistent with your corporate policies, while still retaining the ability to deliver the original message. 

new_filter_test: if header-repeats ('subject', X, 'incoming') {no-op();}