Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
9-20
Cisco AsyncOS 9.0 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Writing Efficient Filters
This example shows two filters that do the same thing, but the first one takes much more CPU. The
second filter uses a regular expression that is more efficient.
second filter uses a regular expression that is more efficient.
In this instance, AsyncOS will have to start the regular expression engine 30 times, once for each
attachment type and the recv-listener.
attachment type and the recv-listener.
Instead, write the filter to look like this:
The regular expression engine only has to start twice and the filter is arguably easier to maintain as you
do not have to worry about adding “()”, spelling errors. In contrast to the above, this should show a
decrease in CPU overhead.
do not have to worry about adding “()”, spelling errors. In contrast to the above, this should show a
decrease in CPU overhead.
PDFs and Regular Expressions
Depending on how a PDF is generated, it may contain no spaces or line breaks. When this occurs, the
scanning engine attempts to insert logical spaces and line breaks based on the location of the words on
the page. For example, when a word is constructed using multiple fonts or font sizes, the PDF code is
scanning engine attempts to insert logical spaces and line breaks based on the location of the words on
the page. For example, when a word is constructed using multiple fonts or font sizes, the PDF code is
attachment-filter: if ((recv-listener == "Inbound") AND
((((((((((((((((((((((((((((((((((((((((((((((attachment-filename ==
"\\.386$") OR (attachment-filename == "\\.exe$")) OR (attachment-filename == "\\.ad$"))
OR (attachment-filename == "\\.ade$")) OR (attachment-filename == "\\.adp$")) OR
(attachment-filename == "\\.asp$")) OR (attachment-filename == "\\.bas$")) OR
(attachment-filename == "\\.bat$")) OR (attachment-filename == "\\.chm$")) OR
(attachment-filename == "\\.cmd$")) OR (attachment-filename == "\\.com$")) OR
(attachment-filename == "\\.cpl$")) OR (attachment-filename == "\\.crt$")) OR
(attachment-filename == "\\.exe$")) OR (attachment-filename == "\\.hlp$")) OR
(attachment-filename == "\\.hta$")) OR (attachment-filename == "\\.inf$")) OR
(attachment-filename == "\\.ins$")) OR (attachment- filename == "\\.isp$")) OR
(attachment-filename == "\\.js$")) OR (attachment-filename == "\\.jse$")) OR
(attachment- filename == "\\.lnk$")) OR (attachment-filename == "\\.mdb$")) OR
(attachment-filename == "\\.mde$")) OR (attachment-filename == "\\.msc$")) OR
(attachment-filename == "\\.msi$")) OR (attachment-filename == "\\.msp$")) OR
(attachment-filename == "\\.mst$")) OR (attachment-filename == "\\.pcd$")) OR
(attachment-filename == "\\.pif$")) OR (attachment-filename == "\\.reg$")) OR
(attachment-filename == "\\.scr$")) OR (attachment-filename == "\\.sct$")) OR
(attachment-filename == "\\.shb$")) OR (attachment-filename == "\\.shs$")) OR
(attachment-filename == "\\.url$")) OR (attachment-filename == "\\.vb$")) OR
(attachment-filename == "\\.vbe$")) OR (attachment-filename == "\\.vbs$")) OR
(attachment-filename == "\\.vss$")) OR (attachment-filename == "\\.vst$")) OR
(attachment-filename == "\\.vsw$")) OR (attachment-filename == "\\.ws$")) OR
(attachment-filename == "\\.wsc$")) OR (attachment-filename == "\\.wsf$")) OR
(attachment-filename == "\\.wsh$"))) { bounce(); }
attachment-filter: if (recv-listener == "Inbound") AND (attachment-filename ==
"\\.(386|exe|ad|ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|jse|l
nk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shb|shs|url|vb|vbe|vbs|vss|vst|vsw|ws|wsc
|wsf|wsh)$") {
bounce();
}