Content rule templates

Content rules are applied to policy routes to provide specific instructions about what the security policy is looking for, and what to do when it triggers. When you create a content rule, you must select a Content Rule Template on which to base your rule.

Content rules look for conditions that match the What To Look For? clauses and apply the What To Do? actions that have been configured.

Choose your content rule template carefully, as it determines which What To Look For? clauses are included.

  You can change the suggested What To Do? actions and add additional actions if required.

Clearswift ARgon for Email provides the following Content Rule templates:

Template What the rule does... What to Look For? clauses Default What to Do? Actions
Analyze Properties Analyzes document properties for specific lexical expressions. Analyze Properties, Which Media Types, Size Restriction Deliver/Continue
Check Registered Data

Detects data that has been registered on the Information Governance Server.

Which Media Types, Classification LevelClosedThe Classification Level specifically relates to values that are assigned to items that have been registered on an IG Server. The disposal action will trigger where content passing through the Gateway is matched to content registered on the IG Server, and where the Classification level for the item as set on the IG server is equal or exceeds the level set on the Gateway. If this value is set to 0 on your Gateway, matches to any IG registered items will trigger the disposal action., Scan text extracted from images (OCR)

 Deliver/Continue
Detect Active Content Detects active content (such as macros) in selected media types. Which Media Types Allow the communication
Detect Filenames Detects and processes selected filenames based on Filename Lists. Filename, Direction to Apply Allow the communication
Detect Lexical Expression

Detects and processes unacceptable lexical expressions in selected media types.

Note: If you want to scan scripts in the content, select the Scan Embedded Script option and use the Which Media Types clause to include a selection of media types.

 Lexical Expression, Which Media Types, Size Restriction, Scan text extracted from images (OCR) Allow the communication
Detect Malformed Data Detects content containing 'bad', corrupted, or malformed data. Which media types Hold in the Message Processing Failure area/ Allow the communication
Detect Media Types Detects and processes selected media types. Which Media Types, Size Restriction Filename Allow the communication
Detect Signature Validation Detects valid digital signatures. Digital Signature Validation Hold in Message Processing Failure message area
Encryption or Decryption Fails Detects messages that have failed to be encrypted or decrypted. Cryptographic Failure Hold in Message Processing Failure area
Message Modification Fails Detects and processes messages that the ARgon Server has not been able to modify. Message has failed to be modified Hold in Message Processing Failure area
Message Processing Fails Detects messages that the ARgon Server has been unable to process. Message has failed to be processed Hold in Message Processing Failure area
Redact Text Detects unacceptable lexical expressions in selected media types. Attempts to redact content. Lexical Expression, Which Media Types, Size Restriction, Scan text extracted from images (OCR) Deliver/Continue
Sanitize Active Content Detects active content (such as macros) in selected media types. Attempts to sanitize content. Which Media Types

Deliver/Continue (if successful)

Hold in Confidential area (if unsuccessful)
Sanitize Document Content Detects meta data and document properties in selected document areas and selected media types. Attempts to sanitize content. Which Media Types and Which Categories

Deliver/Continue (if successful)

Hold in Confidential area (if unsuccessful)
Size Bypass Excludes content scanning of file transfers that are larger than a user-specified restriction. Data Transfer Restriction Bypass content checks

 

See also...