How to use regular expressions in Content Filtering rules in Kaspersky Security 8.0 for Linux Mail Server
Latest update: August 05, 2019
ID: 10901
You can use Perl Compatible Regular Expressions (PCRE) in Content Filtering rules in Kaspersky Security 8.0 for Linux Mail Server. For example, to add common executable files to the list of banned attachments, do the following:
Via the console
- Export the rule’s settings to a file using the following command:
/opt/kaspersky/klms/bin/klms-control --get-rule-settings <rule_ID> -f <file_name>
- Open the file in an editor. Find <bannedFileNames /> in the <cfScanSettings> section and <engineSettings> subsection and change the following strings:
<bannedFileNames>
<item>re:.*\.(scr|cpl|com|bat|cmd|vbs|pif|lnk|url|exe|bvs|spl|dll)$</item>
<item>re:^[^\t\n]*\.[A-Za-z0-9]+\.(exe|vbs|cpl|dll)[. ]*$</item>
</bannedFileNames>
- Save the file and import it to the rule using the following command:
/opt/kaspersky/klms/bin/klms-control --set-rule-settings <rule_ID> -n -f <file_name>
The executable files will be added to the banned list.
Via the web interface
- Go to Rules.
- Open the required rule and expand the Content Filtering section.
- In the Banned names of attachments line, click Not set and enter the following string:
re:.*\.(scr|cpl|com|bat|cmd|vbs|pif|lnk|url|exe|bvs|spl|dll)$; re:^[^\t\n]*\.[A-Za-z0-9]+\.(exe|vbs|cpl|dll)[. ]*$
- Click OK.
- Save the rule.
The executable files will be added to the banned list.
