1. Click the GFI MailSecurity > Content Checking node.
3. In the General tab, enter the name for the new Content Checking rule. The rule name should ideally describe what content this rule blocks, so that you can easily distinguish rules if you have multiple Content Checking rules configured.
7. To configure this rule to check email bodies you need to select the Block emails if content is found matching these conditions (message body/attachments) check box.
8. You then need to specify the conditions that will infringe this rule while scanning the bodies and attachments content. To enter a new condition, type the keywords in the Edit condition box. Click the required logical operator button to insert that operator at the current cursor location in the
Edit condition box. When the condition is complete, click
Add Condition to add the new condition to the rule. The new condition is then displayed in the
Current conditions list.
In the Edit condition box, type “
confidential information”.
Click AND to the right of the box.
Type “top secret” and click
Add Condition.
NOTE: To remove a condition select it from the
Current conditions list and click
Remove. To modify an existing condition, select it from the
Current conditions list to display it in the
Edit condition box. Modify the condition as required and then click
Update to save your changes.
11. You then need to specify which filename extensions to scan. To add a filename extension, type it in the File extension entry box and then click
Add. If you want to scan only the filename extensions you specify, click
Check all attachments having file extensions in the list. If you want to scan all the attachments except the ones you specified in the list, click
Check all except attachments having file extensions in the list.
NOTE: Enter the filename extension only, for example, if you want to scan text files, enter “
txt” only, not “
*.txt” or “
.txt”.
12. If you want the Content Checking rule to check the email subject, click the Subject tab to specify the keywords that will infringe this rule if found in the email subject.
13. In the Subject tab, select the
Enable subject content checking check box.
14. To add a keyword, type it in the Enter phrase box and then click
Add. The new keyword is displayed in the
Phrases list.
17. Select the Block email and perform this action check box if you want to quarantine, delete or move the blocked emails to a particular folder. Additionally, select one of the following options:
Quarantine email: Select this option to quarantine the email containing the infringing content for review by an administrator. For more information, refer to the ‘Quarantining’ chapter in this manual.
Delete email: Select this option to delete the email completely.
Move to folder: This option will move the email to the specified folder. Type the folder name in the box provided underneath this option.
Notify local user: Select this option if you want to notify the email local users when the email infringes this content checking rule.
NOTE: If a threat is detected in an outbound email, the recipients will receive the original email with the malicious parts removed. A security notice is attached to the email to inform the recipients what email parts were removed and for what reason. This behavior is always enabled and is not affected by this setting.
Notify administrator: Select this option if you want to send email notifications to the administrator whenever an email infringes this content checking rule. The administrator’s email address is specified during the installation of GFI MailSecurity but can still be changed from the GFI MailSecurity configuration (
GFI MailSecurity > Settings node
> General tab). For more information refer to the ‘Define the administrator’s email address’ section in the General Settings chapter.
19. Select the Log rule occurrence to this file check box and specify a log file name in the box below, if you want to log all rule activity to a log file. You can specify either the file name only or else the full path to a custom location on disk.
NOTE: You can configure a content checking rule using any combination of actions. For example, you can opt not to block emails infringing the rule, but to simply notify the administrator or log the occurrence to file.
Only this list – Select this option if you want to apply this rule to all email users/groups or public folders present in the list.
All except this list – Select this option if you want to apply this rule to all email users, groups or public folders NOT present in the list.
24. Click Check Names to query the Active Directory or the imported list of SMTP addresses (depending on how you installed GFI MailSecurity), to check if the specified entry exists. Any user, group or public folder that matches will be listed below.
NOTE: You do not need to input the full name of the user/user group or public folder. It is enough to enter at least three characters. GFI MailSecurity will list all the names that contain the specified characters. For example, if you input ‘ott’, GFI MailSecurity will return names like ‘Scott Adams’ and ‘Freeman Prescott‘, if they are available.
NOTE 1: You can select all the listed names at once by selecting the check box next to the
Name column heading at the top-left of the list.
NOTE 2: Repeat steps 22 to 25 to add all the users you want to the list.
NOTE 3: To remove entries from the list, select the user/user group/public folder you want to remove and click
Remove.
NOTE 4: If no names are included in the list, GFI MailSecurity will automatically apply this rule to all the email users in Active Directory/SMTP address list.
