Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The following examples shows actions performed on attachments.

In these examples, AsyncOS inserts headers when the attachments contain specified content. 

In the following example, all of the attachments on the message are scanned for a keyword. If the 
keyword is present in all of the attachments, a custom X-Header is inserted:

In the following example, the attachment is scanned for a pattern in the binary data. The filter uses the 

attachment-binary-contains

 filter rule to search for a pattern that indicates that the PDF document is 

encrypted. If the pattern is present in the binary data, a custom header is inserted:

In the following example, the “executable” group of attachments (

.exe

, 

.dll

, and 

.scr

) is stripped from 

messages and text is added to the message, listing the filenames of the dropped files (via the 

$dropped_filename 

action variable). Note that the 

drop-attachments-by-filetype

 action examines 

attachments and strips them based on the fingerprint of the file, and not just the three-letter filename 
extension. Note also that you can specify a single filetype (“mpeg”) or you can refer to all of the 
members of the filetype (“Media”):

attach_disclaim:

    if (every-attachment-contains('[dD]isclaimer') ) {

        insert-header("X-Example-Approval", "AttachOK");

    }

match_PDF_Encrypt:

if (attachment-filetype == 'pdf' AND

attachment-binary-contains('/Encrypt')){

strip-header (‘Subject’);

insert-header (‘Subject’, ‘[Encrypted] $Subject’);

}

strip_all_exes: if (true) {

                    drop-attachments-by-filetype ('Executable', “Removed attachment: 

$dropped_filename”);

                }