Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
6-7
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 6 Email Security Manager
messages for each matching Email Security Manager policy. The functionality of content filters is
applied after message filters processing and anti-spam and anti-virus scanning have been performed on
a message.
applied after message filters processing and anti-spam and anti-virus scanning have been performed on
a message.
Like regular message filters, you define a name for each content filter. The name must be unique to the
Incoming or Outgoing Mail Policies table in which it will be used. Each Incoming and Outgoing Mail
Policies table will have its own, singular “master list” of content filters. The order is defined on a
per-table basis (for incoming or outgoing). However, each individual policy determines which particular
filters will be executed.
Incoming or Outgoing Mail Policies table in which it will be used. Each Incoming and Outgoing Mail
Policies table will have its own, singular “master list” of content filters. The order is defined on a
per-table basis (for incoming or outgoing). However, each individual policy determines which particular
filters will be executed.
Unlike regular message filters (which are applied before anti-spam and anti-virus scanning), content
filters can be configured both in the CLI and in the GUI. The GUI includes a “rule builder” page that
allows you to easily create the conditions and actions that constitute a content filter. Email Security
Manager incoming or outgoing mail policy tables manage which content filters are enabled the order in
which they will be applied for any given policy.
filters can be configured both in the CLI and in the GUI. The GUI includes a “rule builder” page that
allows you to easily create the conditions and actions that constitute a content filter. Email Security
Manager incoming or outgoing mail policy tables manage which content filters are enabled the order in
which they will be applied for any given policy.
lists the available conditions you can use to
create a content filter.
lists the non-final and final actions you can use to define a content filter.
Together, conditions and action constitute a content filter.
shows the action variables you can
use when creating content filters.
You can specify which delegated administration user roles can edit the content filter and enable them in
mail policies. For more information on delegated administrators’ access privileges for content filters, see
the “Common Administrative Tasks” chapter in Cisco IronPort AsyncOS for Email Daily Management
Guide.
mail policies. For more information on delegated administrators’ access privileges for content filters, see
the “Common Administrative Tasks” chapter in Cisco IronPort AsyncOS for Email Daily Management
Guide.
Content Filter Conditions
Specifying conditions in content filters is optional.
In the content filter conditions, when you add filter rules that search for patterns in the message body or
attachments, you can specify the minimum threshold for the number of times the pattern must be found.
When AsyncOS scans the message, it totals the “score” for the number of matches it finds in the message
and attachments. If the minimum threshold is not met, the regular expression does not evaluate to true.
You can specify this threshold for text, smart identifiers, or content dictionary terms.
attachments, you can specify the minimum threshold for the number of times the pattern must be found.
When AsyncOS scans the message, it totals the “score” for the number of matches it finds in the message
and attachments. If the minimum threshold is not met, the regular expression does not evaluate to true.
You can specify this threshold for text, smart identifiers, or content dictionary terms.
You can also use “smart identifiers” to identify patterns in data. Smart identifiers can detect the
following patterns:
following patterns:
•
Credit card numbers
•
U.S. Social Security numbers
•
CUSIP (Committee on Uniform Security Identification Procedures) numbers
•
ABA (American Banking Association) routing numbers
For more information about specifying a minimum threshold for the number of times a pattern must be
found, and smart identifiers, see the “Using Message Filters to Enforce Email Policies” chapter in the
Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
found, and smart identifiers, see the “Using Message Filters to Enforce Email Policies” chapter in the
Cisco IronPort AsyncOS for Email Advanced Configuration Guide.