Content filtering of messages

Kaspersky Secure Mail Gateway can perform content filtering of messages that pass through the mail server. You can restrict transmission of messages with specific parameters by the mail server.

Content filtering of messages is performed according to one of the following parameters:

• Message size
• Masks of attachment names
• Attachment formats

You can specify the maximum size of messages with attachments, specify mask of forbidden names of attached files, or specify forbidden formats of attached files.

As a result of content filtering, Scan Logic assigns messages one of the following statuses:

Depending on the status assigned, the application performs actions in accordance with the message processing rule settings. You can specify actions to be performed by the application on messages with a certain status. The default action performed on messages is Reject.

About message content filtering status labels

As a result of content filtering, the Scan Logic message scanning control module assigns one of the following content filtering statuses to messages:

• Clean—Message has not been found to contain any violations of the restrictions specified in content filtering settings.
• Banned Attachment Name—Message contains an attachment with a banned name.
• Banned Attachment Type—Message contains an attachment having a banned file format.
• Message Size Exceeded—Message exceeds the maximum allowed size.

Enabling and disabling content filtering of messages

To enable or disable content filtering of messages:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
2. In the Content Filtering section, do one of the following:
   • Flip on the toggle switch next to the name of the Content Filtering section to enable content filtering of messages.
   • Flip off the toggle switch next to the name of the Content Filtering section to disable content filtering of messages.

Setting the maximum archive nesting level for content filtering

To set the maximum archive nesting level for content filtering:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
2. In the Content Filtering section, click the Maximum level for scanning link to open the Content Filtering settings window.
3. In the Maximum scanning level field, specify the maximum archive nesting level for content filtering.
4. Click the Apply button.

Setting default values for Content Filtering settings

To set default values for Content Filtering settings:

1. In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
2. In the Content Filtering section, click the Maximum level for scanning link to open the Content Filtering settings window.
3. In the lower part of the Anti-Phishing settings window, click the Set default values link.
4. Click the Apply button.

Enabling and disabling content filtering of messages for a rule

You can enable or disable content filtering of messages for one or several rules. By default, content filtering of messages is disabled.

Before enabling or disabling content filtering of messages for a rule, make sure that content filtering in Kaspersky Secure Mail Gateway is enabled.

To enable or disable content filtering of messages for a rule:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the name of the rule to open the rule for which you want to enable or disable content filtering of messages.
3. Select the Content Filtering section.
4. Do one of the following:
   • Flip on the toggle switch next to the name of the Content Filtering settings group to enable content filtering of messages for a rule.
   • Flip off the toggle switch next to the name of the Content Filtering settings group to disable content filtering of messages for a rule.
5. Click the Apply button in the lower part of the workspace.

Configuring settings of message content filtering for a rule

To configure message content filtering settings for a rule:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the rules list, click the name of the rule to open the rule for which you want to configure the message content filtering settings.
3. Select the Content Filtering section.
4. Flip on the toggle switch next to the name of the Content Filtering settings group if it is off.
5. To restrict transmission of messages containing attachments of a certain size:
   1. In the If the allowed message size is exceeded settings group, click the link to the right of the Message size limit setting name to open the Attachment size scan limit window.
   2. In the field under the window name, enter the maximum size of objects in the range from 0 KB to 1048576 KB (1 GB).

      If the value is set to 0 KB, no restrictions apply to the size of objects.

   3. Click the OK button.

      The Attachment size scan limit window closes.

6. To restrict transmission of messages containing attachments of a certain format:
   1. In the If attachment type is banned settings group, click the link to the right of the Banned formats of attachments setting name to open the Banned attachment types window.
   2. Select check boxes next to the formats of attachments the transmission of which you want to restrict.

      You can restrict transmission of messages with the following attachments:

      • Executable files (e.g., EXE; DLL; OCX)
      • Document files (e.g., DOC; XLS; PDF; PPT)
      • Multimedia files (e.g., AVI; WMV; MP3)
      • Graphic files (e.g., JPG; BMP; WMF)
      • Archives (e.g., ZIP; RAR; TGZ)
      • Databases (e.g., ACCDB; ACCDC; MDB)
      • Other files (e.g., TXT; CHM; HTM)
   3. Click the Close button.

   The Banned attachment types window closes.

7. To restrict transmission of messages containing attachments with specific names:
   1. In the If attachment name is banned settings group, click the link to the right of the Banned names of attachments setting name to open the Banned names window.
   2. In the field under the window name, enter the masks of names of attachments the transmission of which you want to restrict.

      Masks can contain any symbols. Separate masks with the ";" symbol.

      For example, you can enter the *.exe name mask to restrict transmission of messages that include attachments with the exe extension.

   3. Click the OK button.

   The Banned names window closes.

8. Click the Apply button in the lower part of the workspace.

In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that content filtering of messages is enabled for the rule and the rule for which you have configured settings is enabled.

Configuring actions to take on messages during content filtering

To configure the actions to be performed by Kaspersky Secure Mail Gateway on messages during content filtering:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the link with the name of the rule to open the rule for which you want to configure actions on messages during content filtering.
3. Select the Content Filtering section.
4. Flip on the toggle switch next to the name of the Content Filtering settings group if it is off.
5. In the If the allowed message size is exceeded drop-down list, select one of the following actions to be performed on messages containing attachments whose size exceeds the limit:
   • Delete message
   • Reject
   • Skip
6. If you want to configure the application to automatically save copies of messages in Backup before they are processed, select the check box next to the name of the Place copy in Backup setting.

   By default, the application places a copy of messages in Backup before performing the Delete message action.

7. In the If attachment type is banned drop-down list, select one of the following actions to take on messages containing attachments in a forbidden format:
   • Delete message
   • Delete attachment.
   • Reject
   • Skip
8. If you want to configure the application to automatically save copies of messages in Backup before they are processed, select the check box next to the name of the Place copy in Backup setting.

   By default, before performing the Delete attachment and Delete message the application places a copy of messages in Backup.

9. In the If attachment name is banned drop-down list, select one of the following actions to be taken on messages containing attachments with forbidden names:
   • Delete message
   • Delete attachment.
   • Reject
   • Skip
10. If you want to configure the application to automatically save copies of messages in Backup before they are processed, select the check box next to the name of the Place copy in Backup setting.

    By default, before performing the Delete attachment and Delete message the application places a copy of messages in Backup.

11. If you want to enable content filtering for files within archives in message attachments, select the check box next to the name of the Check file formats and names in archive setting.
12. Click the Apply button in the lower part of the workspace.

The Reject action is selected by default for all messages.

In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that content filtering of messages is enabled for the rule and the rule for which you have configured settings is enabled.

Configuring tags added to message subjects based on content filtering results

To configure tags that Kaspersky Secure Mail Gateway adds to the message subject based on content filtering results:

1. In the main window of the application web interface, open the management console tree and select the Rules section.
2. In the list of rules, click the rule name to open the rule for which you want to configure tags added to message subjects based on content filtering results.
3. Select the Content Filtering section.
4. Flip on the toggle switch next to the name of the Content Filtering settings group if it is off.
5. Add a tag to the Subject field of messages that exceed the maximum allowed size limit. To do so, perform the following:
   1. In the If the allowed message size is exceeded section, click the link to the right of the Add the following text to the subject of an email message setting name to open the Tag for messages of the size exceeding maximum window.
   2. In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages that exceed the maximum allowed size limit.
   3. Click the OK button.

      The Tag for messages of the size exceeding maximum window closes.

6. Add a tag to the Subject field of messages containing attachments of forbidden file formats. To do so, perform the following:
   1. In the If attachment type is banned section, click the link to the right of the Add the following text to the subject of an email message setting name to open the Tag for messages containg attachments of banned file types window.
   2. In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages containing attachments of banned file formats.
   3. Click the OK button.

      The Tag for messages containg attachments of banned file types window closes.

7. Add a tag to the Subject field of messages containing attachments with forbidden file names. To do so, perform the following:
   1. In the If attachment name is banned section, click the link to the right of the Add the following text to the subject of an email message setting name to open the Tag for messages containing attachments with banned file names window.
   2. In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages containing attachments with forbidden file names.
   3. Click the OK button.

      The Tag for messages containing attachments with banned file names window closes.

8. Click the Apply button in the lower part of the workspace.

In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that content filtering of messages is enabled for the rule and the rule for which you have configured settings is enabled.