User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

191

192

193

194

195

196

197

198

199

200

9-32

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 9 Using Message Filters to Enforce Email Policies

Message Filter Rules

Encryption Detection Rule

The encrypted rule examines the contents of a message for encrypted data. It does not attempt to decode

the encrypted data, but merely examines the contents of the message for the existence of encrypted data.

This can be useful for preventing users from sending encrypted email.

Note The encrypted rule can only detect encrypted data in the content of messages. It does not detect

encrypted attachments.

The

encrypted rule is similar to the true rule in that it takes no parameters and cannot be compared.

This rule returns

true if encrypted data is found and false if no encrypted data is found. Because this

function requires the message to be scanned, it uses the scanning settings you define on the Scan

Behavior page or using the

scanconfig command. For more information about configuring these

options, see Configuring Scan Behavior, page 9-112.

The following filter checks all email sent through the listener, and if a message contains encrypted data,

the message is blind-carbon-copied to the legal department and then bounced:

Attachment Type Rule

The attachment-type rule checks the MIME types of each attachment in a message to see if it matches

the given pattern. The pattern must be of the same form used in the Scan Behavior page or the

scanconfig command, as described in Configuring Scan Behavior, page 9-112, and so may have either

side of the slash (

/) replaced by an asterisk as a wildcard. If the message contains an attachment that

matches this specified MIME type, this rule returns “true.”

Because this function requires the message to be scanned, it obeys all of the options described in

Configuring Scan Behavior, page 9-112.

See Attachment Scanning, page 9-75 for more information on message filter rules you can use to

manipulate attachments to messages.

The following filter checks all email sent through the listener, and if a message contains an attachment

with a MIME type of

video/*, the message is bounced:

notify('hresource@example.com');

}

prevent_encrypted_data:

if (encrypted) {

bcc ('legaldept@example.domain');

bounce();

}

bounce_video_clips:

if (attachment-type == 'video/*') {