Cisco Cisco Email Security Appliance C160 사용자 가이드
6-29
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 6 Using Message Filters to Enforce Email Policies
Body Scanning
When AsyncOS performs body scanning, it scans the body text and attachments for the regular
expression. You can assign a minimum threshold value for the expression, and if the scanning engine
encounters the regular expression the minimum number of times, the expression evaluates to
expression. You can assign a minimum threshold value for the expression, and if the scanning engine
encounters the regular expression the minimum number of times, the expression evaluates to
true
.
AsyncOS evaluates the different MIME parts of the message, and it scans any MIME part that is textual.
AsyncOS identifies the text parts if the MIME type specifies text in the first part. AsyncOS determines
the encoding based on the encoding specified in the message, and it converts the text to Unicode. It then
searches for the regular expression in Unicode space. If no encoding is specified in the message,
AsyncOS uses the encoding you specify in the
AsyncOS identifies the text parts if the MIME type specifies text in the first part. AsyncOS determines
the encoding based on the encoding specified in the message, and it converts the text to Unicode. It then
searches for the regular expression in Unicode space. If no encoding is specified in the message,
AsyncOS uses the encoding you specify in the
scanconfig
command.
For more information about how AsyncOS evaluates MIME parts when scanning messages, see
.
If the MIME part is not textual, AsyncOS extract files from a .zip or .tar archive or decompresses
compressed files. After extracting the data, a scanning engine identifies the encoding for the file and
returns the data from the file in Unicode. AsyncOS then searches for the regular expression in Unicode
space.
compressed files. After extracting the data, a scanning engine identifies the encoding for the file and
returns the data from the file in Unicode. AsyncOS then searches for the regular expression in Unicode
space.
The following example searches the body text and attachment for the phrase “Company Confidential.”
The example specifies a minimum threshold of two instances, so if the scanning engine finds two or more
instances of the phrase, it bounces any matching messages, and notifies the legal department of the
attempt:
The example specifies a minimum threshold of two instances, so if the scanning engine finds two or more
instances of the phrase, it bounces any matching messages, and notifies the legal department of the
attempt:
To scan only the body of the message, use
only-body-contains
:
Encryption Detection Rule
The
encrypted
rule examines the contents of a message for encrypted data. It does not attempt to decode
the encrypted data, but merely examines the contents of the message for the existence of encrypted data.
This can be useful for preventing users from sending encrypted email.
This can be useful for preventing users from sending encrypted email.
Note
The encrypted rule can only detect encrypted data in the content of messages. It does not detect
encrypted attachments.
encrypted attachments.
ConfidentialFilter:
if (body-contains('Company Confidential',2)) {
notify ('legaldept@example.domain');
bounce();
}
disclaimer:
if (not only-body-contains('[dD]isclaimer',1) ) {
notify('hresource@example.com');
}