Руководство Пользователя для Cisco Cisco Email Security Appliance C170
9-16
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Each message injected into the Cisco appliance is processed through all message filters in order, unless
you specify a final action, which stops the message from being processed further. (See
you specify a final action, which stops the message from being processed further. (See
.) Filters may also apply to all messages, and rules may also be combined using logical
connectors (AND, OR, NOT).
Regular Expressions in Rules
Several of the atomic tests used to define rules use regular expression matching. Regular expressions can
become complex. Use the following table as a guide for the applying of regular expressions within
message filter rules:
become complex. Use the following table as a guide for the applying of regular expressions within
message filter rules:
Signed Certificate
signed-certificate(<field>
[<operator> <regular
expression>])
Does the message signer or X.509 certificate
issuer match a certain pattern? See
issuer match a certain pattern? See
Header Repeats
header-repeats (<target>,
<threshold> [, <direction>])
Returns
true
if at a given point in time, a
specified number of messages:
•
With same subject header are detected in
last one hour.
last one hour.
•
From same envelope-sender are detected in
last one hour.
last one hour.
See
URL Category
url-category
Does the category of any URL in the message
match the specified categories?
match the specified categories?
See
Corrupt Attachment
attachment-corrupt
Does this message have an attachment that is
corrupt?
corrupt?
See
.
a.Attachment filtering is discussed in detail in the section
.
b.Content Dictionaries are discussed in the detail in the “Text Resources” chapter.
Table 9-2
Message Filter Rules
Rule Syntax
Description
Table 9-3
Regular Expression in Rules
Regular expression (
abc
)
Regular expressions in filter rules match a string if the sequence of
directives in the regular expression match any part of the string.
directives in the regular expression match any part of the string.
For example, the regular expression
Georg
matches the string
George
Of The Jungle
, the string
Georgy Porgy
, the string
La Meson
Georgette
as well as
Georg
.
Carat (
^
)
Dollar sign (
$
)
Rules containing the dollar sign character ($) only match the end of the
string, and rules containing the caret symbol (
string, and rules containing the caret symbol (
^
) only match the
beginning of the string.
For example, the regular expression
^Georg$
only matches the string
Georg
.
Searching for an empty header would look like this:
"^$"