Content rule templates

Content rules are applied to policy routes to provide specific instructions about what the security policy is looking for, and what to do when it triggers. When you create a content rule, you must select a Content Rule Template on which to base your rule.

Content rules look for conditions that match the What To Look For? clauses and apply the What To Do? actions that have been configured.

Choose your content rule template carefully, as it determines which What To Look For? clauses are included.

You can change the suggested What To Do? actions and add additional actions if required.

Clearswift Gateway provides the following Content Rule templates:

Template	What the rule does...	What to Look For? clauses	Default Disposal/Primary Action
All Traffic	Allows all traffic.	Always Trigger the Rule	Deliver/Continue
Analyze Properties	Analyzes document properties for specific lexical expressions.	Analyze Properties, Which Media Types, Size Restriction	Deliver/Continue
Check Registered Data	Detects data that has been registered on the Information Governance Server.	Which Media Types, Classification Level The Classification Level specifically relates to values that are assigned to items that have been registered on an IG Server. The disposal action will trigger where content passing through the Gateway is matched to content registered on the IG Server, and where the Classification level for the item as set on the IG server is equal or exceeds the level set on the Gateway. If this value is set to 0 on your Gateway, matches to any IG registered items will trigger the disposal action., Direction To Apply, Scan text extracted from images (OCR)	Deliver/Continue
Detect Active Content	Detects active content (such as macros) in selected media types.	Which Media Types	Deliver/Continue
Detect Filenames	Detects and processes selected filenames based on Filename Lists.	Filename, Direction To Apply	Deliver/Continue
Detect Lexical Expression	Detects and processes unacceptable lexical expressions in selected media types. Note: If you want to scan scripts in the content, select the Scan Embedded Script option and use the Which Media Types clause to include a selection of media types.	Lexical Expression, Which Media Types, Size Restriction, Direction To Apply, Scan text extracted from Images (OCR)	Deliver/Continue
Detect Malformed Data	Detects content containing 'bad', corrupted, or malformed data.	Which media types	Hold in the Message Processing Failure area/ Allow the communication
Detect Media Types	Detects and processes selected media types.	Which Media Types, Size Restriction Filename, Direction To Apply	Deliver/Continue
Detect Spyware Call Home	Detects spyware attempting to call home from inside the organization.	Spyware Call Home	Allow the communication
Detect Tracking Cookie	Detects cookies that track spyware.	Tracking Cookie Detection	Allow the communication
Detect Virus	Detects viruses and Malware	Virus Detection	Continue to next rule (if detected) Continue to next rule (if unsuccessful)
Download Size Restriction	Applies a user-specified limit to the size of files that can be downloaded.	Download Size Restriction Of	Allow the communication
Processing of request or response fails	Detects request or response failures of the policy engine.	Request or response has failed to be processed	Allow the communication
Redact Text	Detects unacceptable lexical expressions in selected media types. Attempts to redact content.	Lexical Expression, Which Media Types, Size Restriction, Bypass Rule, Scan text extracted from Images (OCR), Direction To Apply	Deliver/Continue (if successful) Block for Redaction Failure (if unsuccessful)
Remove Tracking Cookie	Detects and removes spyware-tracking cookies.	Tracking Cookie Detection	Remove the cookie
Run External Command	Runs an executable program that performs processing on a file type that the Gateway does not support by default.	Which Media Type, Run External Command	Continue to next rule (if detected) Continue to next rule (if modified)
Safe Search Filtering	Removes explicit or unacceptable content from search engine results.	Search Request Detection	Filter explicit images and video from search site results
Sanitize Active Content	Detects active content (such as macros) in selected media types. Attempts to sanitize content.	Which Media Types, Bypass Rule, Direction To Apply	Deliver/Continue (if successful) Block for Active Content Sanitization Failure (if unsuccessful)
Sanitize Document Content	Detects metadata and document properties in selected document areas and selected media types. Attempts to sanitize content.	Which Media Types, Bypass Rule, Contains Any Of The Following, Direction To Apply	Deliver/Continue (if successful) Block for Document Sanitization Failure (if unsuccessful)
Size Bypass	Excludes content scanning of file transfers that are larger than a user-specified restriction.	Data Transfer Restriction	Bypass content checks
Structural Validation	Checks for appended data in certain format types.	Always Trigger the Rule	Deliver/Continue

See also...

• About Content Rules
• What To Look For? clauses
• What To Do? actions