Cisco Cisco Email Security Appliance C160 用户指南
9-76
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
Defang URL, Based on URL Category
The syntax of a filter using the
url-category-defang
action is:
<msg_filter_name>:
if <condition>
{
url-category-defang([‘<category-name1>’,’<category-name2>’,…, ‘<category-name3>’],
’<url_white_list>’, <unsigned-only>);
}
Redirect URL to Cisco Security Proxy, Based on URL Category
The syntax of a filter using the
url-category-proxy-redirect
action is:
<msg_filter_name>:
if <condition>
{
url-category-proxy-redirect([‘<category-name1>’,’<category-name2>’,…,
‘<category-name3>’], ’<url_white_list>’, <unsigned-only>);
}
No Operation
The No Operation action performs a no-op, or no operation. You can use this action in a message filter
if you do not want to use any of the other actions such as Notify, Quarantine, or Drop. For example, to
understand the behavior of a new message filter that you created, you can use the No Operation action.
After the message filter is operational, you can monitor the behavior of the new message filter using the
Message Filters report page, and fine-tune the filter to match your requirements.
if you do not want to use any of the other actions such as Notify, Quarantine, or Drop. For example, to
understand the behavior of a new message filter that you created, you can use the No Operation action.
After the message filter is operational, you can monitor the behavior of the new message filter using the
Message Filters report page, and fine-tune the filter to match your requirements.
The following example shows how to use No Operation action in a message filter.
Attachment Scanning
AsyncOS can strip attachments from messages that are inconsistent with your corporate policies, while
still retaining the ability to deliver the original message.
still retaining the ability to deliver the original message.
You can filter attachments based on their specific file type, fingerprint, or based on the content of the
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
attachment. Using the fingerprint to determine the exact type of attachment prevents users from
renaming a malicious attachment extension (for example,
.exe
) to a more commonly used extension (for
example,
.doc
) in the hope that the renamed file would bypass attachment filters.
When you scan attachments for content, the Stellent attachment scanning engine extracts data from
attachment files to search for the regular expression. It examines both data and metadata in the
attachment file. If you scan an Excel or Word document, the attachment scanning engine can also detect
the following types of embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
attachment files to search for the regular expression. It examines both data and metadata in the
attachment file. If you scan an Excel or Word document, the attachment scanning engine can also detect
the following types of embedded files: .exe, .dll, .bmp, .tiff, .pcx, .gif, .jpeg, .png, and Photoshop images.
new_filter_test: if header-repeats ('subject', X, 'incoming') {no-op();}