Content rule templates

Content rules are applied to policy routes to provide specific instructions about what the security policy is looking for, and what to do when it triggers. When you create a content rule, you must select a Content Rule Template on which to base your rule.

Content rules look for conditions that match the What To Look For? clauses and apply the What To Do? actions that have been configured.

Choose your content rule template carefully, as it determines which What To Look For? clauses are included.

You can change the suggested What To Do? actions and add additional actions if required.

Clearswift Gateway provides the following Content Rule templates:

All Gateways

Template	What the rule does...	What to Look For? clauses	Default Disposal/Primary Action
All Traffic	Allows all traffic.	Always Trigger the Rule	Deliver/Continue
Analyze Properties	Analyzes document properties for specific lexical expressions.	Analyze Properties, Which Media Types, Size Restriction	Deliver/Continue
Check Registered Data	Detects data that has been registered on the Information Governance Server.	Which Media Types, Classification LevelThe Classification Level specifically relates to values that are assigned to items that have been registered on an IG Server. The disposal action will trigger where content passing through the Gateway is matched to content registered on the IG Server, and where the Classification level for the item as set on the IG server is equal or exceeds the level set on the Gateway. If this value is set to 0 on your Gateway, matches to any IG registered items will trigger the disposal action., Direction To Apply, Scan text extracted from images (OCR)	Deliver/Continue
Detect Active Content	Detects active content (such as macros) in selected media types.	Which Media Types	Deliver/Continue
Detect Filenames	Detects and processes selected filenames based on Filename Lists. Note: If you don't want to block web-content based on the extension, for example, .com and .dll extensions, you should use the Detect Media Types content rule instead. This is especially applicable to the Class 1 file extension policy rule.	Filename, Direction To Apply	Deliver/Continue
Detect Lexical Expression	Detects and processes unacceptable lexical expressions in selected media types. Note: If you want to scan scripts in the content, select the Scan Embedded Script option and use the Which Media Types clause to include a selection of media types.	Lexical Expression, Which Media Types, Size Restriction, Direction To Apply, Scan text extracted from Images (OCR)	Deliver/Continue
Detect Malformed Data	Detects content containing 'bad', corrupted, or malformed data.	Which media types	Hold in the Message Processing Failure area/ Allow the communication
Detect Media Types	Detects and processes selected media types. Note: If you don't want to block web-content based on the extension, for example, .com and .dll extensions, you should use this rule and not the Detect Filenames rule. This is especially applicable to the Class 1 file extension policy rule.	Which Media Types, Size Restriction Filename, Direction To Apply	Deliver/Continue
Detect Virus	Detects viruses.	Virus Detection in Which Media Types	Hold in virus area
Redact Text	Detects unacceptable lexical expressions in selected media types. Attempts to redact content.	Lexical Expression, Which Media Types, Size Restriction, Bypass Rule, Scan text extracted from Images (OCR), Direction To Apply	Deliver/Continue (if successful) Block for Redaction Failure (if unsuccessful)
Run External Command	Runs an executable program that performs processing on a file type that the Gateway does not support by default.	Which Media Type, Run External Command	Continue to next rule (if detected) Continue to next rule (if modified)
Sanitize Active Content	Detects active content (such as macros) in selected media types. Attempts to sanitize content.	Which Media Types, Direction To Apply, Bypass Rule	Deliver/Continue (if successful) Block for Active Content Sanitization Failure (if unsuccessful)
Sanitize Document Content	Detects metadata and document properties in selected document areas and selected media types. Attempts to sanitize content.	Which Media Types and Which Categories, Bypass Rule	Deliver/Continue (if successful) Block for Document Sanitization Failure (if unsuccessful)
Structural Validation	Checks for appended data in certain format types. Note: Due to the use of validation images, Structural Validation in not supported for MSN Hotmail.	Always Trigger the Rule	Deliver/Continue

Email Specific

Template	What the rule does...	What to Look For? clauses	Default What to Do? Actions
Add Disclaimer	Adds an annotation (such as a disclaimer) to the message.	Always Trigger the Rule	Annotate the message
Add Disclaimer Conditionally	Detects messages with particular media types and expressions, and appends an annotation (such as a disclaimer) to the message. The lexical expression clause operates in conjunction with the selected media types in this content rule. The rule will only apply when the lexical expression is triggered in any attachment or part of a message that matches the media types you have selected.	Which Media Types, Lexical Expression	Annotate the message
Archive to Server	Sends a copy of the message to a relay server.	Always Trigger the Rule	Send a Copy (Relay Server)
Attachment Count Restriction	Detects messages with an excessive number of attachments, based on a user-specified attachment limit.	Restrict the Number of Attachments	Deliver the message
Detect Spam	Detects spam using a selection of SpamLogic methods.	Spam Detection	Deliver the message
Detect Unacceptable Images	Detects messages with unacceptable images, based on a user-specified threshold.	Unacceptable Images	Deliver the message
Digital Signature Validation	Detects valid digital signatures.	Digital Signature Validation	Hold in Message Processing Failure message area
Encryption or Decryption Fails	Detects messages that have failed to be encrypted or decrypted.	Cryptographic Failure	Hold in Message Processing Failure area
Message Modification Fails	Detects and processes messages that the Gateway has not been able to modify.	Message has failed to be modified	Hold in Message Processing Failure area
Message Processing Fails	Detects messages that the Gateway has been unable to process.	Message has failed to be processed	Hold in Message Processing Failure area
Message Size Restriction	Detects messages that exceed a user-specified size limit.	Size Restriction	Deliver the message

Web Specific

Template	What the rule does...	What to Look For? clauses	Default What to Do? Actions
Detect Spyware	Detects inbound spyware.	Spyware Detection	Allow the communication
Detect Spyware Call Home	Detects spyware attempting to call home from inside the organization.	Spyware Call Home	Allow the communication
Detect Tracking Cookie	Detects cookies that track spyware.	Tracking Cookie Detection	Allow the communication
Detect Virus	Detects viruses.	Virus Detection in Which Media Types	Hold in virus area
Download Size Restriction	Applies a user-specified limit to the size of files that can be downloaded.	Download Size Restriction Of	Allow the communication
Processing of request or response fails	Detects request or response failures of the policy engine.	Request or response has failed to be processed	Allow the communication
Real-time Categorization	Detects content that might not be categorized in Internet zones.	Real-time Categorization	Continue to the next rule
Remove Tracking Cookie	Detects and removes spyware-tracking cookies.	Tracking Cookie Detection	Remove the cookie
Size Bypass	Excludes content scanning of file transfers that are larger than a user-specified restriction.	Data Transfer Restriction	Bypass content checks
Safe Search Filtering	Removes explicit or unacceptable content from search engine results.	Search Request Detection	Filter explicit images and video from search site results
Detect Spyware	Detects inbound spyware.	Spyware Detection	Allow the communication

Content rule templates

See also...