Manualsbrain.com
  1. Manuais
  2. Marcas
  3. Cisco
  4. Cisco Email Security Appliance C170
  5. Guia Do Utilizador

Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Download
Página de 1140
 
9-77
Cisco AsyncOS 8.5.5 for Email Security User Guide
 
Chapter 9      Using Message Filters to Enforce Email Policies
  Attachment Scanning
In the following example, the attachment is scanned for a pattern in the binary data. The filter uses the 
attachment-binary-contains
 filter rule to search for a pattern that indicates that the PDF document is 
encrypted. If the pattern is present in the binary data, a custom header is inserted:
Dropping Attachments by File Type
In the following example, the “executable” group of attachments (
.exe
.dll
, and 
.scr
) is stripped from 
messages and text is added to the message, listing the filenames of the dropped files (via the 
$dropped_filename 
action variable). Note that the 
drop-attachments-by-filetype
 action examines 
attachments and strips them based on the fingerprint of the file, and not just the three-letter filename 
extension. Note also that you can specify a single filetype (“mpeg”) or you can refer to all of the 
members of the filetype (“Media”):
In the following example, the same “executable” group of attachments (
.exe
.dll
, and 
.scr
) are 
stripped from messages whose Envelope Sender is not within the domain 
example.com
In the following example, a specific member of a file type (“wmf”) as well as a the same “executable” 
group of attachments (
.exe
.dll
, and 
.scr
) are stripped from messages whose Envelope Sender is not 
within the domain 
example.com
.
match_PDF_Encrypt:
if (attachment-filetype == 'pdf' AND
attachment-binary-contains('/Encrypt')){
strip-header (‘Subject’);
insert-header (‘Subject’, ‘[Encrypted] $Subject’);
}
strip_all_exes: if (true) {
                    drop-attachments-by-filetype ('Executable', “Removed attachment: 
$dropped_filename”);
                }
strip_inbound_exes: if (mail-from != "@example\\.com$") {
                        drop-attachments-by-filetype ('Executable');
                     } 
strip_inbound_exes_and_wmf: if (mail-from != "@example\\.com$") {
                        drop-attachments-by-filetype ('Executable');
                        drop-attachments-by-filetype ('x-wmf');
                     }