User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

181

182

183

184

185

186

187

188

189

190

9-17

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 9 Using Message Filters to Enforce Email Policies

Message Filter Rules

Letters, white space and the at

sign (@) character

Rules containing characters, white space, and the at sign character (@)

only match themselves explicitly.

For example, the regular expression

^George@admin$ only matches the

string

George@admin.

Period character (.)

Rules containing a period character (.) match any character (except a

new line).

For example, the regular expression

^...admin$ matches the string

macadmin as well as the string sunadmin but not win32admin.

Asterisk (*) directive

Rules containing an asterisk (*) match “zero or more matches of the

previous directive.” In particular, the sequence of a period and an

asterisk (

.*) matches any sequence of characters (not containing a new

line).

For example, the regular expression

^P.*Piper$ matches all of these

strings:

PPiper, Peter Piper, P.Piper, and Penelope Penny Piper.

Backslash special characters (\)

The backslash character escapes special characters. Thus the sequence

only matches a literal period, the sequence \$ only matches a literal

dollar sign, and the sequence

\^ only matches a literal caret symbol.

For example, the regular expression

^ik\.ac\.uk$ only matches the

string

ik.ac.uk.

Important Note: The backslash is also a special escape character for

the parser. As a result, if you want to include backslash in your regular

expression, you must use two backslashes — so that after parsing, only

one “real” backslash remains, which is then passed to the regular

expression system. So, if you wanted to match the example domain

above, you would enter

^ik\\.ac\\.uk$.

Case-insensitivity ((?i))

The token (?i) that indicates the rest of the regular expression should

be treated in case-insensitive mode. Placing this token at the beginning

of a case-sensitive regular expression results in a completely

insensitive match.

For example, the regular expression “

(?i)viagra” matches Viagra,

vIaGrA, and VIAGRA.

Number of repetitions

{min,max}

The regular expression notation that indicates the number of repetitions

of the previous token is supported.

For example, the expression “

fo{2,3}” matches foo and fooo but not

fo or fofo.

This statement:

if(header('To') == "^.{500,}")looks for a “To”

header that has 500 or more characters in it.

Or (|)

Alternation, or the “or” operator. If A and B are regular expressions, the

expression “

A|B” will match any string that matches either “A” or “B.”

For example, the expression “

foo|bar” will match either foo or bar,

but not

foobar.

Table 9-3 Regular Expression in Rules