Baja California Sur
4.2 FUNDAMENTOS DEL MODELO WIFM
The pre classification types and subtypes that the scenario detects in email messages and the options for processing them. These types and subtypes relate to:
• Messages containing viruses.
• Messages containing dangerous file types.
• Spam messages.
For spam messages, you can specify whether to apply the scenario to all spam detection types and subtypes, or to selected spam detection types and subtypes only.
Classifications
A classification to determine what to do with email messages that match the scenario’s outcome:
• On classified by Edge
The exclusive classification to apply when the scenario detects data of the type specified in the Preclassification Typestab.
To block the delivery of detected messages, specify a classification that has a Quarantine action.
To use MIMEsweeper for SMTP’s PMM functionality, specify a classification with a message area that is enabled for PMM management, for example the default Personal Messages message area.
Special features and restrictions
With a MIMEsweeper Edge Server, it is a good idea to quarantine messages with threats and viruses on the Edge server rather than adding an X-header and allowing MIMEsweeper for SMTP to process the message.
This ensures that messages with threats are dealt with by the Edge server and never enter your MIMEsweeper for SMTP and internal mail system.
Executable
The Executable is an inclusive scenario that enables MIMEsweeper Policy Editor to run a third-party executable program (for example,.exe,.com, or.batapplication). The executable program can be any application that is beneficial to the user and increases the functionality of MIMEsweeper.
You might use a third-party executable program, for example, to:
• Perform processing on a file type that MIMEsweeper Policy Editor does not support by default.
• Perform additional processing on a component of an email message that MIMEsweeper has recursively disassembled.
Properties
The properties of the Executable scenario are briefly described in the following sections. For full details on configuring the scenario, see the MIMEsweeper Policy Editor help.
Data types
The data types and subtypes that the scenario detects in email messages and the options for processing them. You can specify whether to apply the scenario to all data types and subtypes, only selected data types and subtypes, or to all except selected data types and subtypes.
Application details
• The details of the executable program that MIMEsweeper is to run. You specify the filename, application type and any command-line parameters for the third-party executable program.
You can use one or both of the%FILENAME%and%LOGNAME%tokens as command-line parameters. If you specify the%LOGNAME%token as a command-line parameter, you can use the%LOGTEXT%token in the Description field on the Return Codes tab.
You also can specify any advanced options such as the working folder, timeout period, file extension and mutex name details for the executable program.
There are a number of preliminary procedures that you must perform before you can create an Executable scenario. For details of these procedures and an example of how to configure an Executable scenario, see Special features and restrictions on page 3-9.
MIMEsweeper expects to find the specified application on the system path of each of your configured servers, or on an advanced path. For further details about setting up advanced paths, see Chapter 6.
Return codes
The details for mapping the numerical return codes of the third-party executable program to MIMEsweeper using the status field. You must use the return codes assigned by the third-party executable program. For details about the appropriate return code values, see the documentation for the third-party executable program. The MIMEsweeper status types that return codes can be mapped to are NONE, NOT_CHECKED, DETECTED, and MODIFIED.
You must enter at least one return code for the NONE status. You must enter at least one return code for either the DETECTED or MODIFIED status. You can specify the%LOGTEXT%token in the Descriptionfield for the DETECTED or MODIFIED status. If you specify the DETECTED status, in the Classificationtab you must associate an exclusive classification for the On detected classification type. If you specify the MODIFIED status, in the Classification tab you must associate an exclusive
classification for the On modified classification type.
Log details
The portion of the log file generated by the third-party executable program from which
MIMEsweeper is to extract text. You can specify options to use the complete log file or just a portion of the log file. If you use a portion of the log file and you have specified the%LOGTEXT%token in the Return Codestab, MIMEsweeper replaces that token with the text extracted from the generated log file.
Classifications
One or more classifications to determine what to do with email messages that match each unique outcome of a scenario:
• On detected
The exclusive classification to apply when a DETECTED status is specified on the Return Codes tab and the scenario modifies items of the type specified in the Data Types tab.
To block the delivery of detected messages, specify a classification that has a Quarantine action.
• On modified
The exclusive classification to apply when a MODIFIED status is specified on the Return Codes tab and the scenario detects data of the type specified in the Data Types tab.
To deliver detected messages, specify a classification that has a Deliver action.
Special features and restrictions
This section describes the preliminary procedures that you must perform before you create an Executable scenario. It also provides an example of how to configure an Executable scenario.
Preliminary procedures
Before you create an Executable scenario, you are advised to run preliminary tests to check the following options:
1. Examine the documentation for the third-party executable program to determine which command-line parameters to specify for the executable program.
2. Run the executable program independently of MIMEsweeper for SMTP to ensure the program is problem free.
3. You also should monitor the processing time as MIMEsweeper could run the executable multiple times for each message. If the executable program takes a long time to process, it could seriously decrease the performance of MIMEsweeper. If the processing time is high, see the third-party executable documentation and specify different command-line parameters.
4. Verify the return codes for the executable program. For more information about return codes, see the documentation for the third-party executable program.
5. Examine the log file generated by the third-party executable program to determine which, if any, information might be useful to view in the MIMEsweeper Manager.
6. Ensure that the executable is installed on every Policy Server in your installation.
Example executable scenario
This section provides an example of how to configure an Executable scenario to automatically run an executable program.
This example is based on a company that has a policy to provide copyright protection for its images in digital format using a digital watermark. (A digital watermark is a pattern of bits inserted into a digital image, audio, or video file to identify the file’s copyright information.)
The company, ‘Your Company’, currently uses a command-line program they have written to identify the presence of their digital watermark in an image file, and to insert the digital watermark if it is not there. The program generates a log file listing actions that occur while the program is running based on its return codes:
The company now wants to have MIMEsweeper automatically run this command-line program to check all outgoing email messages containing images and to extract from the log file information that they can view in the MIMEsweeper Manager after outgoing email messages have been processed.
To do this, Your Company creates an Executable scenario:
1. From the Scenarios folder, select the Outgoing scenario folder.
0 The corporate watermark is already contained in the image <filename.ext>.
1 The corporate watermark cannot be added to the image <filename.ext>.
2 The corporate watermark has been added to the image <filename.ext>.
2. From the Action menu, select New, then click Executable from the menu.
3. On the Initial Scenario State page, leave the Enabled and Overridable check boxes selected.
4. On the Data Types page:
a. Select the Image check box to select all image subtypes and clear the other data type check boxes.
b. Click Include selected data types then Next.
5. On the Application Details page:
a. In Application location, enter the full path and file name of the executable program or use the Browsebutton to navigate to its location.
b. In Command line, enter the command line to run the executable program, and specify the following tokens:
c. In Application Type, select DOS.
6. On the Return Codes page, enter the return code details for the application, associate a MIMEsweeper status, and enter a description for return codes with a status ofDETECTEDor MODIFIED, using the%LOGTEXT%token where you want MIMEsweeper to extract text from the log file for the image file processed:
7. On the Log Details page, select Use partial log file and identify the text that appears in the log file before and after the text you want MIMEsweeper to replace the%LOGTEXT%token with:
Enter the text that precedes the information to be extracted
The corporate watermark
Enter the text that follows the information to be extracted.
.\r\n
(\r\nspecifies a carriage return/line feed, so the following text is displayed on a new line.) 8. On the Classifications page, assign an appropriate exclusive classification for each possible
outcome:
• On detected
For example, associate the Dirty Out classification.
%FILENAME%to represent the name of any file processed according to this Executable scenario.
%LOGNAME% to specify that the executable program should generate a log file.
0 NONE
1 DETECTED The Your Company digital watermark %LOGTEXT%.
2 MODIFIED The Your Company digital watermark %LOGTEXT%.
• On modified
For example, associate the Cleaned classification.
9. On the Scenario Name page, enter a meaningful name for the Executable scenario (for example,
“Your Company Digital Watermark”) and a description (for example, “Ensure the Your Company digital watermark is present on outgoing mail containing images”).
When MIMEsweeper processes an outgoing email message containing an image file that does not contain the corporate digital watermark (logo.jpeg) using this Executable scenario:
1. MIMEsweeper runs the executable program.
2. The executable program determines thatlogo.jpegdoes not contain the Your Company digital watermark and inserts the watermark in the image.
3. The executable program passes to MIMEsweeper a return code of 2 and a log file containing the entry:
The corporate watermark has been added to the image logo.jpeg.
4. MIMEsweeper interprets the return code of 2 as its MODIFIED status and extracts from the executable program’s log file the text between the specified preceding and following text:
has been added to the image logo.jpeg
5. MIMEsweeper replaces the%LOGTEXT%token with this extracted text, which appears behind the text specified in the Description field for the MODIFIED status:
The Your Company digital watermark
6. MIMEsweeper Manager displays in the dialog box for the processed message the following text:
The Your Company digital watermark has been added to the image logo.jpeg.
7. MIMEsweeper delivers the modified email message containinglogo.jpegas specified in the Cleanedclassification.