Cisco Cisco Email Security Appliance X1070 Guia Do Utilizador
9-30
Cisco AsyncOS 8.5 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Attachment Type Rule
The
attachment-type
rule checks the MIME types of each attachment in a message to see if it matches
the given pattern. The pattern must be of the same form used in the Scan Behavior page or the
scanconfig
command, as described in
, and so may have either
side of the slash (
/
) replaced by an asterisk as a wildcard. If the message contains an attachment that
matches this specified MIME type, this rule returns “true.”
Because this function requires the message to be scanned, it obeys all of the options described in
.
See
for more information on message filter rules you can use to
manipulate attachments to messages.
The following filter checks all email sent through the listener, and if a message contains an attachment
with a MIME type of
with a MIME type of
video/*
, the message is bounced:
Attachment Filename Rule
The
attachment-filename
rule checks the filenames of each attachment in a message to see if it matches
the given regular expression. This comparison is case-sensitive. The comparison is, however sensitive to
whitespace so if the filename has encoded whitespace at the end, the filter will skip the attachment. If
one of the message’s attachments matches the filename, this rule returns “true.”
whitespace so if the filename has encoded whitespace at the end, the filter will skip the attachment. If
one of the message’s attachments matches the filename, this rule returns “true.”
Please note the following points:
•
Each attachment’s filename is captured from the MIME headers. The filename in the MIME header
may contain trailing spaces.
may contain trailing spaces.
•
If an attachment is an archive, the Cisco appliance will harvest the filenames from inside the archive,
and apply scan configuration rules (see
and apply scan configuration rules (see
) accordingly.
–
If the attachment is a single compressed file (despite the file extension), it is not considered an
archive and the filename of the compressed file is not harvested. This means that the file is not
processed by the
archive and the filename of the compressed file is not harvested. This means that the file is not
processed by the
attachment-filename
rule. An example of this type of file is an executable
file (.exe) compressed with
gzip
.
–
For attachments consisting of a single compressed file, such as foo.exe.gz, use regular
expression to search for specific file types within compressed files. See
expression to search for specific file types within compressed files. See
.
See
for more information on message filter rules you can use to
manipulate attachments to messages.
The following filter checks all email sent through the listener, and if a message contains an attachment
with a filename
with a filename
*.mp3
, the message is bounced:
bounce_video_clips:
if (attachment-type == 'video/*') {
bounce();
}
block_mp3s:
if (attachment-filename == '(?i)\\.mp3$') {