Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

terms. When a message filter that uses a content dictionary scores the matches for 
filter rule, it uses these weights to determine the final score. For example, suppose 
you create a content dictionary with the following contents and weights:

ABA Routing Number

3

Account

2

Bank

1

When you associate this content dictionary with a 

dictionary-match

 or 

attachment-dictionary-match

 message filter rule, AsyncOS would add the 

weight for the term to the total “score” for each instance of the matching term 
found in the message. For example, if the message contains three instances of the 
term, “account” in the message body, AsyncOS would add a value of 6 to the total 
score. If you set the threshold value for the message filter to 6, AsyncOS would 
determine that the threshold score has been met. Or, if the message contained one 
instance of each term, the total value would be 6, and this score would trigger the 
filter action.

When evaluating AND or OR tests within message filters, AsyncOS does not 
evaluate unneeded tests. So, for example, if one side of an AND test is false, the 
system will not evaluate the other side. It is important to note that the system does 
not evaluate the tests from left to right. Instead, when AND and OR tests are 
evaluated, the least expensive test is evaluated first. For example, in the following 
filter, the 

remote-ip

 test will always be processed first because it has a lower cost 

than the 

rcpt-to-group

 test (generally LDAP tests are more expensive):

andTestFilter:

if (remote-ip == "192.168.100.100" AND rcpt-to-group == "GROUP") 

  { ... }