Creating a Content Checking rule
To create a Content Checking rule:
1. Click on the Content Checking node under the Console Root.
2. From the Content Checking page (in the right window), click on the Add Rule button.
3. In the General tab enter a meaningful rule name, to allow you to distinguish between rules easily if you have multiple Content Checking rules configured.
4. Select whether this rule applies to inbound and/or outbound emails by marking the respective check-boxes.
Screenshot 52 - Content Checking: General Tab
5. If you want PGP encrypted emails to infringe this rule, select the Block PGP encrypted emails check box.
6. Next you need to configure whether to scan email bodies and attachments, and the keywords Content Checking will look out for. Click on the Body tab to configure these options.
7. To configure this rule to check email bodies you need to select the Block emails if content is found matching these conditions (message body/attachments) check box.
8. You then need to specify the conditions that will infringe this rule while scanning the bodies and attachments content. To enter a new condition, type the keywords in the Edit condition text pane. Click on the required logical operator button to insert that operator at the current cursor location in the Edit condition text pane. When the condition is complete, you need to click the Add Condition button to add this new condition to the rule. The new condition will then be displayed in the Current conditions list box.
For example to enter the following condition, "confidential information AND top secret", you would perform the following steps:
In the Edit condition text pane, type "confidential information".
Click the AND button to the right of the text pane.
Type "top secret" and Click the Add Condition button.
NOTE: To remove a condition select it from the Current conditions list box, and Click on the Remove button. To modify an existing condition, select it from the Current conditions list box. The condition will be displayed in the Edit condition text pane. In the text pane modify the condition as required. When ready click the Update button to save your changes.
Screenshot 53 - Content Checking: Body Tab
9. To match keywords in the conditions only against whole words, select the Match whole words only check box.
10. If you want the Content Checking rule to also scan email attachments for the conditions specified in the previous steps, select the Apply above conditions to attachments check box.
11. You then need to specify which filename extensions to scan. To add filename extensions type them in the File extension entry edit box and click the Add button. If you want to scan only the filename extensions you specify, click the Check all attachments having file extensions in the list radio button. If you want to scan all the attachments except the ones you specified in the list, click the Check all except attachments having file extensions in the list radio button.
NOTE: When specifying filename extensions, only enter the extension. For example if you want to scan text files, enter "txt" only, not "*.txt" or ".txt".
12. If you want the Content Checking rule to check the email subject, Click on the Subject tab to enter the keywords you want Content Checking to look for.
13. In the Subject tab, select the Enable subject content checking check box.
14. To add a keyword, type it in the Enter phrase edit box and then click the Add button. The new keyword will be displayed in the Phrases list box.
Screenshot 54 - Content Checking: Subject Tab
15. If you want to match only whole words, check the Match whole words only check box.
16. Next you need to select what actions should be taken whenever this rule is infringed. To do this click on the Actions tab to open the rule actions configuration page.
17. Select the Block email and perform this action option if you want to quarantine, delete or move the blocked emails to a particular folder. Additionally, select one of the following options:
Quarantine email: Select this option to quarantine the email containing the infringing content for review by an administrator. For more information, refer to the `Quarantining' chapter in this manual.
Delete email: Select this option to delete the email completely.
Move to folder: This option will move the email to the specified folder. Input the folder name in the edit box provided underneath this option. 18. Content Checking rules can be configured to send email notifications to the administrator and/or user whenever an email infringes a rule. You can configure the required notifications by selecting any of the following options:
Notify local user: Select this option if you want to send email notifications to the intended recipients whenever an email infringes this content checking rule.
NOTE: This option will ONLY notify the intended recipients if the blocked email was inbound. If the email was outbound, a notification will be sent to the sender.
Notify administrator: Select this option if you want to send email notifications to the administrator whenever an email infringes this content checking rule. The administrator's email address is specified during the installation of GFI MailSecurity but can still be changed from the GFI MailSecurity configuration (Console Root } Settings node } General tab). For more information refer to the `Define the administrator's email address' section in the General Settings chapter.
Screenshot 55 - Content Checking: Actions Tab
19. Select the Log rule occurrence to this file option if you want to log all rule activity to a specified log file. Input the name of the file in the File name of log file edit box.
NOTE: You can configure a content checking rule using any combination of actions. For example, you can opt not to block emails infringing the rule, but to simply notify the administrator or log the occurrence to file.
20. Now you must specify the users for whom this rule applies. By default, GFI MailSecurity will apply the rule to all email users. However, if you want this rule to affect only a selection of users, click on the Users/Folders tab.
Screenshot 56 - Content Checking: Users/Folders Tab
21. Choose one of the following options:
Only this list - Select this option if you want to apply this rule to all email users/groups or public folders present in the list.
All except this list - Select this option if you want to apply this rule to all email users, groups or public folders NOT present in the list.
22. To add email users, user groups and/or public folders to the list, click on the Add button.
Screenshot 57 - Add Users Dialog
23. In the add users dialog, specify the name of the email user/user group or public folder that you wish to add to the list.
24. Click on the Check Names button. GFI MailSecurity will now query the Active Directory or the imported list of SMTP addresses (depending on how you installed GFI MailSecurity), to check if the specified entry exists. Subsequently it will return a list of matching results.
NOTE: You do not need to input the full name of the user/user group or public folder. It is enough to enter at least three characters. GFI MailSecurity will list all the names that contain the specified characters. E.g. If you input `ott', GFI MailSecurity will return names like `Scott Adams', and `Jean Prescott`, if they are available.
25. Select the check box at the start of the listed name(s) to indicate the ones that you wish to add to the list and click on the OK button.
NOTE: You can select all the listed names at one go by selecting the check-box adjacent to the Name column heading at the top-left of the list.
NOTE: To remove entries from the list, select the user/user group or folder to be removed and click on the Remove button.
NOTE: If no names are included in the list, GFI MailSecurity will automatically apply this rule to all the email users in Active Directory/SMTP address list.
26. To actually save and activate the new Content Checking rule, Click on the Apply button at the top of the page.
