Clearswift Gateway includes an initial content security policy as a starting point for creating your own corporate policy. The starter policy contains basic policy routes for email routed within your organization in addition to incoming and outgoing mail, with suggested content rules and policy references already applied.
Tell me about...
-
The protection that the starter policy provides
The starter policy provides routes and rules for mail that is routed within your organization via an Exchange Server, and also for mail that is sent and received externally.
Internal mail
Rules for internal mail are contained within the My Company to My Company policy route. The route has a default disposal action of Deliver, so the message is delivered unless at least one of the applied content rules triggers and specifies a different disposal action.
Show me what happens to messages on the My Company to My Company route:
Hold messages containing a virus in the Virus message area, and inform the administrator and sender. Hold unacceptable images in the ImageLogic message area, and inform the recipient. Hold messages containing an unrecognized media type in the Unknown Binary message area. Hold messages over 20Mb in size in the Oversize message area and inform the sender. Hold messages containing English swear words in the Profanity message area, and inform the sender. Hold messages containing multimedia files in the Multimedia message area and inform the administrator and sender. Hold messages containing large images in the Large Images message area, and inform the administrator and sender. If message modification fails, hold the message in the Message Processing Failure message area. If message processing fails, hold the message in the Message Processing Failure message area. The starter policy is designed to provide a template which can be adapted to suit the requirements of your organization. We recommend customizing the policy as soon as possible to enhance system performance and avoid the potential for false positive results. Inbound messages
Show me what happens to messages on the Anyone to My Company route:
This starter policy route is configured to:
Drop messages containing a virus. Hold messages containing encrypted files in the Encrypted message area, and inform the recipients. Hold messages containing an unrecognized media type in the Unknown Binary message area. Hold messages containing executable files in the Executables message area. Hold messages containing Class 1 files in the Executables message area. Hold messages over 20Mb in size in the Oversize message area and inform the recipients. Hold messages containing English swear words in the Profanity message area, and inform the recipients. Hold messages containing multimedia files in the Multimedia message area and inform the administrator and recipients. Hold messages containing large images in the Large Images message area, and inform the recipients. If message modification fails, hold the message in the Message Processing Failure message area. If message processing fails, hold the message in the Message Processing Failure message area. * The starter policy is configured to sanitize all available document properties and hold a copy of the attachment in the Adaptive Redaction Hold area. We strongly recommend that you customize the Sanitize Document Content rule at the earliest possible opportunity to avoid overloading the message area and affecting system performance.
Rules for messages that are not matched on the other policy routes are contained within the For all email that does not match another route policy route. This policy route is supplied without any applied content rules, so its default disposal action of holding messages in the Misrouted Messages message area is always applied.
You must ensure you have at least one anti-virus scanner installed and enabled for the security policy to detect viruses.
How do I...
-
Adapt the starter policy to fit my organization's requirement?
For guidance on what aspects of the policy to adapt, and the steps you need to take, see the Adapting the Starter Policy topic.
-
View the default lexical expression lists?
To find out which terms are contained in the Confidential Material or PCI lexical expression lists, click Policy > Policy References > Lexical Expressions. The Lexical Expressions tab displays a list of the currently available lexical expression lists. See the Working with Lexical Expressions topic for more information.