Elements of a content filtering rule

Article:HOWTO82506  |  Created: 2012-11-30  |  Updated: 2014-06-25  |  Article URL http://www.symantec.com/docs/HOWTO82506
Article Type
How To


Subject


Elements of a content filtering rule

Table: Elements of a content filtering rule describes the rule elements that you can configure on the content filtering rule tab.

Table: Elements of a content filtering rule

Rule condition

Description

Name

Lets you provide a unique name for the content filtering rule that you can easily identify in the list of rules and in reports in the event log.

Description

Lets you provide a unique description for the content filtering rule. The description should provide enough detail to remind you what the rule is configured to detect.

Message part to scan

Lets you specify the part of the email message that you want Mail Security to scan for violations.

Use the Message part to scan drop-down list to choose from the following message parts:

  • Message Body

  • Subject

  • Sender

  • Attachment Name

  • Attachment Content

  • Any Part

Note:

When the message part to scan is Attachment Name, Mail Security does not evaluate the file names that are inside a container file. For example, the compressed files in a .zip file.

See About outbreak management

See What you can do with content filtering rules

See About creating a content filtering rule

Apply rule to

Lets you specify the messages to which you want the rule to apply. You can choose to apply the rule to any combination of inbound, outbound, or internal messages. You must select at least one of these options.

The default setting is Internal messages.

Note:

To allow content filtering of internal messages, you must select Inbound messages option along with Internal messages.

The Apply rule to element only applies to Auto-Protect scanning. Manual and scheduled scans automatically scan internal messages.

See Specifying inbound SMTP domains

Match type

Lets you determine how words and phrases in the Content list and Unless list are interpreted.

Note:

The content filtering rule Match type element does not determine how the match lists that you use in the Content list and Unless list are interpreted. A match list can have a different match type than the content filtering rule.

See About match lists.

The Match Type options are as follows:

Options

Lets you select from the following match options:

  • Whole term: Applies the rule only if the exact term in the Content list and Unless list or match list is found.

  • Case: Applies the rule only if the exact term is in the same case as in the Content list and Unless list or in the match list. For example, if you type ACME in the Content list, a message that contains the word Acme does not trigger a violation.

Content Pane

Contains

Lets you specify the Contains condition for a content filtering rule.

The Contains conditions are as follows:

  • Contains: The message part to scan contains the terms in the Content list.

  • Does not contain: The message part to scan does not contain the terms in the Content list.

  • Equals: The message part to scan equals the terms in the Content list.

  • Does not equal: The message part to scan does not equal the terms in the Content list.

The Equals and Does not equal options only apply to the Subject, Sender, and Attachment Name message parts.

Add match list

Lets you specify a match list to use in your content filtering rule. You can also create a new match list or edit an existing match list.

Using a match list in content filtering rule is optional.

See About match lists.

Match any term

Lets you evaluate the specified message part for any term that is contained in the Content list.

For example, assume that the Content list contains the terms: free, confidential, and money. If Mail Security detects any one of these terms in the specified message part, it triggers a violation.

Match all terms

Lets you evaluate the specified message part for all of the terms that are contained in the Content list.

The Match all terms option is only available to use with the terms in the Content list.

For example, assume that the Content list contains the terms: free, confidential, and money. Mail Security must detect all of these terms in the specified message part to trigger a violation.

The Match all terms option is not available when the message part to scan is Any Part.

Template

Lets you add a template to your content filtering rule. You can edit an existing template but cannot create a new template or delete an existing one. You can add a single template to a content filtering rule.

Using a template in a content filtering rule is optional.

See About content filtering policy templates.

Content list

Lets you specify the words or phrases for which you want to evaluate the specified message parts.

The format of the terms that you type in the Content list should mirror that of the match type that you select. For example, if you select literal string from the match type list, format your Content list entries as literal strings.

Attachment size is

Lets you specify Attachment size is as a condition of the content filtering rule. The Attachment size is option can be applied to all message parts to scan, except message body. You can also use Attachment size is by itself if you want Mail Security to detect attachments of a certain size.

When you select the sender or subject message parts and the Match any term or Match all terms conditions, the rule action is applied to the message or the attachment based on the violation that is detected.

For example, assume that you have specified Sender, chosen the Match any term condition, and specified the Attachment size is as = 2MB. Since Mail Security scans messages in parts, if there is a Sender match, dispositions are applied to the message body and the attachment. If the attachment size is the only match, the disposition only applies to the attachment.

Assume for the same example that you change the condition to Match all terms. Mail Security applies a disposition to the attachment only if it detects all of the terms in the Content list AND the specified attachment size.

Unless Pane

Contains

Lets you specify the Contains condition for a content filtering rule.

The Contains conditions are as follows:

  • Contains: The message part to scan contains the terms in the Unless list.

  • Does not contain: The message part to scan does not contain the terms in the Unless list.

  • Equals: The message part to scan equals the terms in the Unless list.

  • Does not equal: The message part to scan does not equal the terms in the Unless list.

The Equals and Does not equal options apply only to the Subject, Sender, and Attachment Name message parts.

Add match list

Lets you specify a match list to use in your content filtering rule Unless condition. You can also create a new match list or edit an existing match list.

Using a match list is optional.

See About match lists.

Unless list

Lets you create exceptions to content filtering rules. You can add words and phrases to the Unless list which Mail Security evaluates as exceptions to the content filtering rule.

All entries in the Unless list are automatically designated with the Match any term (OR condition) option.

The format of the terms that you type in the Unless list should mirror that of the match type that you select. For example, if you select Literal string from the Match Type menu, you should format your Unless list entries as literal strings.

Or attachment size

Lets you specify Attachment size is as a condition of the content filtering rule. The Attachment size is option can be applied to all message parts to scan, except message body. You can also use Attachment size is by itself if you want Mail Security to detect attachments of a certain size.

When you select the sender or subject message parts, the rule action is applied to the message or the attachment based on the violation that is detected. (All Unless conditions are applied as OR conditions between the message part and the attachment.) And the Match any term condition always applies to all Unless conditions.

For example, assume that you have specified Sender and specified the Attachment size is as = 2MB. Since Mail Security scans messages in parts, if there is a Sender match, dispositions are applied to the message body and the attachment because "Match any term" makes this rule an OR condition. However, if the attachment size is the only match, the disposition only applies to the attachment.


Legacy ID



v82663350_v82634657


Article URL http://www.symantec.com/docs/HOWTO82506


Terms of use for this information are found in Legal Notices