User Guide
9-21
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
To use smart identifiers in a filter, enter the following keywords in a filter rule that scans body or
attachment content:
Related Topics
• Smart Identifier Syntax, page 9-21
Smart Identifier Syntax
When you use a smart identifier in a filter rule, enter the smart-identifier keyword in quotes within a filter
rule that scans the body or attachment file, as in the example below:
You can also use smart identifiers in content filters and as a part of content dictionaries.
Note You cannot combine a smart identifier key word with a normal regular expression or another key word.
For example the pattern *credit|*ssn would not be valid.
Note To minimize on false positives using the *SSN smart identifier, it may be helpful to use the *ssn smart
identifier along with other filter criteria. One example filter that can be used is the “only-body-contains”
filter condition. This will only evaluate the expression to be true if the search string is present in all of
the message body mime parts. For example, you could create the following filter:
SSN-nohtml: if only-body-contains(“*ssn”) { duplicate-quarantine(“Policy”);}
Table 9-4 Smart Identifiers in Message Filters
Key Word Smart Identifier Description
*credit Credit card number Identifies 14-, 15-, and 16- digit credit
card numbers.
NOTE: The smart identifier does not
identify enRoute or JCB cards.
*aba ABA routing number Identifies ABA routing numbers.
*ssn Social security number Identifies U.S. social security
numbers. The *ssn smart identifier
identifies social security numbers with
dashes, periods and spaces.
*cusip CUSIP number Identifies CUSIP numbers.
ID_Credit_Cards:
if(body-contains("*credit")){
notify("legaldept@example.com");
}
.