User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

241

242

243

244

245

246

247

248

249

250

9-76

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 9 Using Message Filters to Enforce Email Policies

Attachment Scanning

Related Topics

• Message Filters for Scanning Attachments, page 9-76

• Image Analysis, page 9-77

• Configuring the Image Analysis Scanning Engine, page 9-77

• Configuring the Message Filter to Perform Actions Based on Image Analysis Results, page 9-81

• Notifications, page 9-83

• Examples of Attachment Scanning Message Filters, page 9-83

Message Filters for Scanning Attachments

The message filter actions described in Table 9-8 are non-final actions. (Attachments are dropped and

the message processing continues.)

The optional comment is text that is added to the message, much like a footer, and it can contain Message

Filter Action Variables (see Examples of Attachment Scanning Message Filters, page 9-83).

Table 9-8 Message Filter Actions for Attachment Filtering

Action Syntax Description

Drop Attachments

by Name

drop-attachments-by-name

(<regular expression>[,

<optional comment>])

Drops all attachments on messages that have a

filename that matches the given regular

expression. Archive file attachments (zip, tar)

will be dropped if they contain a file that

matches. See Examples of Attachment

Scanning Message Filters, page 9-83.

Drop Attachments

by Type

drop-attachments-by-type

(<MIME type>[, <optional

comment>])

Drops all attachments on messages that have a

MIME type, determined by either the given

MIME type or the file extension. Archive file

attachments (zip, tar) will be dropped if they

contain a file that matches.

Drop Attachments

by File Type

drop-attachments-by-filetype

(<fingerprint name>[,

<optional comment>])

Drops all attachments on messages that match

the given “fingerprint” of the file. Archive file

attachments (zip, tar) will be dropped if they

contain a file that matches. For more

information, see Table 9-6Attachment Groups,

page 9-52.

Drop Attachments

by MIME Type

drop-attachments-by-mimetype

(<MIME type>[, <optional

comment>])

Drops all attachments on messages that have a

given MIME type. This action does not attempt

to ascertain the MIME type by file extension

and so it also does not examine the contents of

archives.

Drop Attachments

by Size

drop-attachments-by-size

(<number>[, <optional

comment>])

Drops all attachments on the message that, in

raw encoded form, are equal to or greater than

the size (in bytes) given. Note that for archive

or compressed files, this action does not

examine the uncompressed size, but rather the

size of the actual attachment itself.