To configure the general settings and conditions of an attachment and content filtering rule:
In the Management Console tree, select the node of the relevant Security Server.
Select the Server protection node.
In the workspace, select the Protection for the Transport Hub role tab.
In the Attachment and content filtering drop-down section, select the rule that you want to configure.
On the General settings tab, leave the Enable rule check box selected if you want the rule to become active immediately after its configuration.
If you want to apply the rule immediately after its configuration, clear the check box.
In the Rule name field, change the name of the rule or leave the default value.
In the Action drop-down list, select the action to be taken by the application on content and attachments that meet at least one of the filtering criteria:
Allow. The application allows forwarding of the email message containing prohibited attachments or content. This is the default option. To receive information about objects that have been filtered out, you can configure notifications or logging of events in the Windows event log.
Delete object. The application removes the object from the attachment or removes the attachment from the email message. The application also adds a file in TXT format to this message; the file contains information about all attachments that have been deleted.
If forbidden content, such as forbidden words in the body or subject, are detected in the email message, the application will permanently delete the message when this action is selected.
Delete message. The application permanently deletes the email message with the attachment or content that has been filtered out. If you select this option, it is recommended that you save copies of messages in Backup to avoid data losses.
Select the Add label to message subject check box if you want the application to add additional text (tag) to the subject of a message containing an attachment or content that has been filtered out. The tag text can be edited. Default tag value: [Blocked attachment or content].
You can add a tag if you selected the Allow or Delete object action.
If you want a copy of an object to be saved in Backup before the object is processed, select the Save a copy of the object in Backup check box.
In the Add a condition drop-down section, select the criteria that must be met by an object for the filtering rule to be applied to it:
Filtering the contents of messages based on regular expressions.
When this menu item is selected, the button becomes available. Clicking this button opens the Keywords window in which you can manually specify regular expressions. You can also import a list of regular expressions from a file in TXT format. The specified regular expressions are displayed in the List of keywords field.
A keyword search is performed by substring and is not case sensitive. A keyword must be entered in a format such as \b[Aa]bc\b.
You can also add a Spam Confidence Level (SCL) to messages. To do so, select the Add SCL value check box.
Filtering of attached files and archives by file name or extension.
When this menu item is selected, the button becomes available. Clicking this button opens the File name masks window in which you can manually specify file names and/or file name masks. You can also import a list of names and / or file name masks in TXT format. The specified names and / or file name masks are displayed in the Files with the following masks field.
The application scans attached and archived files. When it detects files that match the filtering criteria, the application applies the action defined by the rule to messages being scanned.
Filtering attached Microsoft Office files containing macros.
The application scans Microsoft Office files that may contain macros. The application determines that a file contains a macro based on the file structure. This function lets you filter attachments containing macros even if the extension of an attached file does not match the actual type of file (for example, if the extension was modified).
The application scans files in attachments and files in archives.
Filtering attachments by size of the attachment file.
When this menu item is selected, the scroll box on the right becomes active. In this spin box, you can specify the maximum size of attached files sent in email messages. You can specify an attachment size from 1 to 999 MB. The default value is 20 MB. If the application detects attachments that exceed the specified size, it applies the action that has been configured in the filtering settings.
Filtering of attached files and archives based on file format.
The application recognizes the format of a file by its structure, that is, by the way it is stored or displayed on the screen. This allows you to filter attachments even if the extension of an attached file does not match the actual type of the file (for example, if the extension has been changed intentionally).
When this menu item is selected, the button becomes available. Clicking this button opens the File formats window in which you can select the formats of files to which the application will apply the filtering rule. The selected formats are shown in the Files of the following formats field.
The application scans attached and archived files. When the application detects files in the specified formats, it applies the action defined by the filtering rule to messages being scanned.
The application will apply the rule to objects that match at least one of the defined conditions.
To delete a condition, click the button next to the relevant criterion.