Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to Block Dangerous Email Attachments with Regex?

Dear Reader,

I would like to know that , how can i block email attachment via ASA Regex using ASDM 6.2.

I am able to block websites and stuff like that. But i want to block email attachments which are harmful. As an example i would like to block .mp3 extensions, so that if some one want to send an attachment with mp3 it would get deleted automatically. I hope you got my point.

Thanks a lot for viewing and answering.

Best Regards

3 REPLIES

Re: How to Block Dangerous Email Attachments with Regex?

For that you would need spam filter functions that can be delivered by CSC-SSM module for the ASAs , that is able to see email content/attachments and filters them based upon configured rules on the device.

CSC-SSM Product overview

http://www.cisco.com/en/US/products/ps6823/index.html

See tabe-1

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f.html

Regards

Community Member

Re: How to Block Dangerous Email Attachments with Regex?

Thanks for the reply, however i thought it was possible with Regex also.

Cisco Employee

Re: How to Block Dangerous Email Attachments with Regex?

Regex is generally used with HTTP inspection. Unfortunately, the fiewall cannot get into the content of the SMTP traffic. For that you do need a content security module.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Typically, using the inspections, the firewall can check the application header and ensure that it meets the policy requirements. However, the firewall cannot get into the application payload (except in some cases like VoIP) and block contents. Hope this helps.

Regards,

NT

527
Views
0
Helpful
3
Replies
CreatePlease to create content