profile content
Use this command to create content profiles, which you can use to match email based upon its subject line, message body, and attachments.
Unlike antispam profiles, which deal primarily with spam, content profiles match any other type of email.
Content profiles can be used to apply content-based encryption to email. They can also be used to restrict prohibited content, such as words or phrases, file names, and file attachments that are not permitted by your network usage policy. As such, content profiles can be used both for email that you want to protect, and for email that you want to prevent.
Syntax
config profile content
edit <profile_name>
set action-default <content-action-profile_name>
config attachment-scan
edit <index_int>
set action <content-action-profile_name>
set patterns {archive audio encrypted executable_windows image msoffice openoffice script video}
set embedded-scan-options {check-msoffice check-msoffice-vba check-msvisio check-openoffice check-pdf}
set max-num-of-attachment <limit_int>
set max-size-status {enable | disable}
set max-size-option {message | attachment}
set action-max-size <content-action-profile_name>
set action-policy-match <content-action-profile_name>
set image-analysis-scan {enable | disable}
set action-image-analysis <content-action-profile_name>
set decrypt-password-archive {enable | disable}
set decrypt-password-office {enable | disable}
set decrypt-password-num-of-words <words_int>
set action-cdr <content-action-profile_name>
set html-content-action {convert-to-text | modify-content}
set html-content-url-selection {tag-attribute tag-content}
set remove-active-content {enable | disable}
set cdr-file-type-options {office pdf}
set archive-scan-options {block-on-failure-to-decompress block-password-protected block-recursive}
set archive-max-recursive-level <threshold_int>
config monitor
edit <index_int>
set action <content-action-profile_name>
set dict-score <threshold_int>
set dictionary-group <dictionary-group_name>
set dictionary-profile <dictionary-profile_name>
set dictionary-type {group | profile}
set scan-office {enable | disable}
set scan-pdf {enable | disable}
end
Variable |
Description |
Default |
Enter the name of the profile. To view a list of existing entries, enter a question mark ( |
|
|
Enter the index number of the attachment scan profile. If the profile does not currently exist, it will be created. |
|
|
Select which content action profile to use for the attachment scan. See profile content-action. |
|
|
Select either:
in patterns {archive audio encrypted executable_windows image msoffice openoffice script video}. |
is |
|
patterns {archive audio encrypted executable_windows image msoffice openoffice script video} |
Select which file types of attachments will be scanned or omitted from the scan, depending on your configuration of operator {is | is-not}. For multiple file types, separate each entry with a space. This setting applies only if status {enable | disable} is |
|
Enable or disable patterns {archive audio encrypted executable_windows image msoffice openoffice script video}. |
enable |
|
Enter the index number of the content monitoring profile. If the profile does not currently exist, it will be created. |
|
|
Select which content action profile to use for the content monitor scan. See profile content-action. |
|
|
Enter the number of times that an email must match the content monitor profile before it will receive the antispam action. |
1 |
|
Enter the dictionary profile group that this content monitor profile will use. See profile dictionary-group. The FortiMail unit will compare content in the subject line and message body of the email message with words and patterns in the dictionary profiles. If it locates matching content, the FortiMail unit will perform the actions configured for this monitor profile. For information on dictionary profiles, see the FortiMail Administration Guide. |
|
|
Enter the dictionary profile that this content monitor profile will use. The FortiMail unit will compare content in the subject line and message body of the email message with words and patterns in the dictionary profile. If it locates matching content, the FortiMail unit will perform the actions configured for this monitor profile in profile content-action. For information on dictionary profiles, see the FortiMail Administration Guide. |
|
|
Select either:
|
group |
|
Enable or disable Microsoft Word document scanning for this profile. |
disable |
|
Enable or disable PDF document scanning for this profile. |
disable |
|
Enable or disable this monitor profile. |
disable |
|
Select the action profile to use for CDR. See also profile content-action. |
|
|
Select a content action profile. See profile content-action. This default setting applies only to sub-scans that do not have their own individually configured action, such as action-cdr <content-action-profile_name>. |
|
|
For the |
|
|
Select the content action profile to use if an email or attachment exceeds max-size <KB_int>. |
|
|
Enter the nesting depth threshold. Depending upon each attached archive’s depth of archives nested within the archive, the FortiMail unit will use one of the following methods to determine whether it should block or pass the email.
This setting applies only if |
12 |
|
Select the content action profile to use if an email triggers a policy match. This setting applies only if |
|
|
archive-scan-options {block-on-failure-to-decompress |
Select what option(s) to use when scanning archives:
Separate multiple options with a space. This setting applies only if |
|
Select which file type(s) to apply content disarming and reconstruction (CDR) to:
See also file content-disarm-reconstruct. |
|
|
Enter a descriptive comment. |
|
|
Enable or disable to decrypt password protected archives. Also configure decrypt-password-options {built-in-password-list | user-defined-password-list | words-in-email-content}. |
disable |
|
Enter the number of words adjacent to the keyword to try for file decryption. For example, in an email, there could be a sentence such as: “To open the document, please use password 123456. If you cannot open it, please contact us.” If you specify to use two words before and after the keyword, then “please”, “use” (two words before the keyword “password”), “123456”, and “If” (two words after the keyword “password”) would be used as one by one as the password to decrypt the attachments. If no keyword exists, any words in the email body may be tried as the password. |
5 |
|
Enable to decrypt password protected Microsoft Office files. Also configure decrypt-password-options {built-in-password-list | user-defined-password-list | words-in-email-content}. |
disable |
|
decrypt-password-options {built-in-password-list | user-defined-password-list | words-in-email-content} |
Select which kind of password to use to decrypt files. This setting applies only if decrypt-password-archive {enable | disable}is |
words-in-email-content |
Enter the attachment size threshold in kilobytes for deferred delivery. To disable the limit, enter See also defer-delivery-starttime <time_str> and defer-delivery {enable | disable}. Tip: Alternatively, configure max-size <KB_int>. |
0 |
|
embedded-scan-options {check-msoffice check-msoffice-vba check-msvisio check-openoffice check-pdf} |
Specify which option(s) to use when scanning documents with embedded files.
Similar to an archive, documents can sometimes contain video, graphics, sounds, and other files that are used by the document. By wrapping files within a document instead of linking to the file on a separate, external location, a document becomes more portable. However, it also means that documents with other files embedded can be used to hide infected files. |
|
Select either:
This setting applies only if |
modify-content |
|
html-content-url-action {click-protection | click-protection-isolator | isolator | keep | neutralize | remove} |
If html-content-action {convert-to-text | modify-content} is
This setting applies only if |
click-protection |
Select where CDR modifications should apply:
Separate multiple options with a space. This setting applies only if html-content-action {convert-to-text | modify-content} is |
tag-attribute |
|
If you have purchased the image scan feature license, you can enable the scan for image categories that you may want to block, such as violence and adult images. You can also configure the scan sensitivity and image fie size threshold. Seeantispam image-analysis. |
disable |
|
Enter how many attachments are allowed in one email message. The valid range is from 1 to 100. This setting applies only if |
10 |
|
Enter the maximum size threshold in kilobytes. Also configure action-max-size <content-action-profile_name>. To disable deferred delivery, enter This setting applies only if max-size-status {enable | disable} is |
10240 |
|
Select to apply max-size <KB_int> to either the body of the email message or attachments. |
message |
|
Enable to apply max-size <KB_int>. |
disable |
|
Enable to remove active content such as JavaScript. This setting applies only if html-content-action {convert-to-text | modify-content} is Caution: If you want to convert HTML to plain text, then you must also enable replace-content {enable | disable}. Otherwise, the FortiMail unit will keep the HTML tags and only apply whichever other action(s) in the content action profile. If you enable replace-content {enable | disable}, then all HTML tags will be removed, except for the minimum required by the HTML document type definition (DTD):
Body text will be stripped of other surrounded by For linked files, which are hosted on an external web server for subsequent download rather than directly embedded or attached to the email, the FortiMail unit will download and attach the file to the email before removing the For example, in an email that is a mixture of HTML and plain text ( |
enable |
|
scan-options {block-fragmented-email |
Select which option(s) to use:
Separate multiple options with a space. |
|
text-content-action {click-protection | click-protection-isolator | isolator | neutralize | remove-url} |
Select how FortiMail will modify the HTML:
This setting applies only if |
click-protection |