Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

You can filter attachments based on their specific file type, fingerprint, or based on the content of the 
attachment. Using the fingerprint to determine the exact type of attachment prevents users from 
renaming a malicious attachment extension (for example, 

.exe

) to a more commonly used extension (for 

example, 

.doc

) in the hope that the renamed file would bypass attachment filters.

When you scan attachments for content, the Content Scanner extracts data from attachment files to 
search for the regular expression. It examines both data and metadata in the attachment file. If you scan 
an Excel or Word document, the attachment scanning engine can also detect the following types of 
embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.

You can view the details of the Content Scanner-related files using the Security Services > Scan 
Behavior page in web interface or using the 

contentscannerstatus

 command in CLI. These files are 

automatically updated using update server. If you want to manually update these files, see 

The message filter actions described in 

 are non-final actions. (Attachments are dropped and 

the message processing continues.)

The optional comment is text that is added to the message, much like a footer, and it can contain Message 
Filter Action Variables (see 

).

drop-attachments-by-name 

(<regular expression>[, 

<optional comment>]) 

Drops all attachments on messages that have a 
filename that matches the given regular 
expression. Archive file attachments (zip, tar) 
will be dropped if they contain a file that 
matches. See 

.

drop-attachments-by-type 

(<MIME type>[, <optional 

>]) 

Drops all attachments on messages that have a 
MIME type, determined by either the given 
MIME type or the file extension. Archive file 
attachments (zip, tar) will be dropped if they 
contain a file that matches.