Mail Security uses match lists to filter email messages and attachments for specific words, terms, and phrases. In order to implement a match list, you must associate it with a content filtering rule or file filtering rule. When the rule is applied to scan messages, it also scans for the terms in the match list.
Mail Security provides pre-configured match lists that you can use with content filtering rules and the File Name Rule file filtering rule. You can also create your own match list or modify an existing match list. Match lists support literal strings, DOS wildcard-style expressions, or regular expressions.
Mail Security provides pre-configured match lists that you can use with the File Name Rule. You can also create your own match list or modify an existing match list.
Match lists support literal strings, DOS wildcard-style expressions, or regular expressions.
See“About regular expressions”on page 166.
See“About DOS wildcard style expressions”on page 165.
Note:The pre-configured match lists are designed to be used with content filtering rules. However, you can modify and use the pre-configured match lists with the File Name Rule.
Table 8-5 Pre-configured match lists
Description Match list name
When you enable outbreak management, Mail Security adds the names of outbreak-triggered attachments to the Outbreak Triggered Attachment Names match list. You can use this match list with the Quarantine Triggered Attachment Names content filtering rule. This rule lets you automatically quarantine files with attachment names that are found in the Outbreak Triggered Attachment Names match list.
You can edit the rule description and the text in the Filter list. Leave the match type as wild cards.
Note:The pre-configured match lists are designed to be used with content filtering rules. However, you can modify and use the pre-configured match lists with the File Name Rule.
See“Configuring outbreak triggers”on page 199.
Outbreak Triggered Attachment Names
When you enable outbreak management, Mail Security adds the names of outbreak-triggered subject lines to the Outbreak Triggered Subject Lines match list.
You can use this match list with the Quarantine Triggered Subjects content filtering rule. This rule lets you
automatically quarantine files with subject line text that is found in the Outbreak Triggered Subject Lines match list. You can edit the rule description and the text in the Filter list. Leave the match type as literal.
Note:The pre-configured match lists are designed to be used with content filtering rules.However, you can modify and use the pre-configured match lists with the File Name Rule.
See“Configuring outbreak triggers”on page 199.
Outbreak Triggered Subject Lines
This contains a list of attachment file names or extensions that might contain malicious code.
You can edit the rule description and add or remove file extensions in the Filter list. Leave the match type as wild cards.
Table 8-5 Pre-configured match lists (continued)
Description Match list name
This list contains file names or extensions that can potentially execute malicious code.
Leave the match type as wild cards. Sample Executable File
Names
This list contains key words and phrases typically found in the bodies of spam email messages.
You can edit the rule description, add or remove key words and phrases in the Filter list, and modify the match type. The default match type is literal.
Sample Message Body Words
This list contains file names or extensions of multimedia files.
Leave the match type as wild cards. Sample Multimedia File
Names
This list contains key words and phrases typically found in spam email message subject lines.
You can edit the rule description, add or remove key words and phrases in the Filter list, and modify the match type. The default match type is literal.
Sample Subject Line
To create or edit a match list
1
In the console on the primary navigation bar, click Policies.2
In the sidebar under Content Enforcement, click Match Lists.3
Do one of the following:In the sidebar under Tasks, click New match list. Create a match list
In the content area under Match Lists, select the list that you want to edit, and then in the sidebar under Tasks, click Edit match list.
Edit an existing match list
4
In the New Match List window, in the Title box, type a name for the match list.You can only configure the title when you are creating a new match list.
5
In the Description box, type a description for the match list.6
In the Match Type box, select one of the following:■ Regular expression
See“About regular expressions”on page 166.
■ Wild cards
See“About DOS wildcard style expressions”on page 165.
The match type you select is specifically for this match list. It is not affected by the match type that you choose when you add or edit a rule.
7
In the Filter box, type a literal string, regular expression, or DOS wildcard-style expression.Enter one expression per line. You can link several regular expressions to form a larger one to match certain content in email.
8
Click OK.9
On the toolbar, click Deploy changes to apply your changes.See“Deploying settings and changes to a server or group”on page 75. To delete a match list
1
In the console on the primary navigation bar, click Policies.2
In the sidebar under Content Enforcement, click Match Lists.3
In the content area, under Match Lists, select the match list that you want to delete.4
In the sidebar under Tasks, click Delete match list.5
In the confirmation dialog box, click OK.6
On the toolbar, click Deploy changes to apply your changes.See“Deploying settings and changes to a server or group”on page 75.