User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

181

182

183

184

185

186

187

188

189

190

9-16

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 9 Using Message Filters to Enforce Email Policies

Message Filter Rules

Each message injected into the Cisco appliance is processed through all message filters in order, unless

you specify a final action, which stops the message from being processed further. (See Message Filter

Actions, page 9-2.) Filters may also apply to all messages, and rules may also be combined using logical

connectors (AND, OR, NOT).

Regular Expressions in Rules

Several of the atomic tests used to define rules use regular expression matching. Regular expressions can

become complex. Use the following table as a guide for the applying of regular expressions within

message filter rules:

Signed Certificate

signed-certificate(<field>

[<operator> <regular

expression>])

Does the message signer or X.509 certificate

issuer match a certain pattern? See Signed

Certificate Rule, page 9-43.

Header Repeats

header-repeats (<target>,

<threshold> [, <direction>])

Returns true if at a given point in time, a

specified number of messages:

• With same subject header are detected in

last one hour.

• From same envelope-sender are detected in

last one hour.

See Header Repeats Rule, page 9-45.

URL Category

url-category

Does the category of any URL in the message

match the specified categories?

See URL Category Rule, page 9-47.

Corrupt Attachment

attachment-corrupt

Does this message have an attachment that is

corrupt?

See Corrupt Attachment Rule, page 9-47.

a.Attachment filtering is discussed in detail in the section Attachment Scanning, page 9-75.

b.Content Dictionaries are discussed in the detail in the “Text Resources” chapter.

Table 9-2 Message Filter Rules

Rule Syntax Description

Table 9-3 Regular Expression in Rules

Regular expression (abc)

Regular expressions in filter rules match a string if the sequence of

directives in the regular expression match any part of the string.

For example, the regular expression

Georg matches the string George

Of The Jungle

, the string Georgy Porgy, the string La Meson

Georgette

as well as Georg.

Carat (^)

Dollar sign ($)

Rules containing the dollar sign character ($) only match the end of the

string, and rules containing the caret symbol (

^) only match the

beginning of the string.

For example, the regular expression

^Georg$ only matches the string

Georg.

Searching for an empty header would look like this:

"^$"