Introducing Attachment Inspection in Transport Rules
Transport Rules provides an organization with the tools needed to enforce messaging policies across their Exchange organization. You may be familiar with Transport Rules in Exchange Server 2007, and the ability to inspect different parts of a message such as subject, body, and headers for specific words and/or text patterns. If you are not familiar with Transport Rules, you can find an overview in this previous blog post or in the Exchange 2007 documentation on TechNet.
In Exchange Server 2010, we have extended the word and text pattern matching functionality in Transport Rules to include the inspection of supported email attachments. Two new conditions (also known as 'predicates') have been added to Transport Rules:
- when an attachment contains words
- when an attachment matches text patterns
Transport Rules with one of these conditions will parse the body of an attached document (including headers and footers, but not including metadata document properties), looking for word or pattern matches within the document. This enables better control of the information that flows through an Exchange Server 2010 organization. For example, your organization may have a policy that forbids documents containing confidentiality disclaimers from being sent outside of the organization. Transport Rules can be established to enforce that policy. In this example, let's say that the organization wants to bounce back any email with attached documents that contain "Contoso Confidential" in the document (e.g., in the page header or footer of the document). We might have a transport rule configured like this:
In the previous example, we are relying on documents having some classification text already embedded in them. To further automate the leakage protection process, we may want to look for specific text patterns in the document. We can do this by using regular expressions to find text patterns in the attached document (Please see the Exchange 2007 TechNet documentation for details on the regular expressions supported in Exchange 2007 and Exchange 2010). For example, your organization has a policy that forbids the transmission of social security numbers in email, and this includes social security numbers in attached documents. We might have a transport rule configured like this:
--> to see more :
/http%3A%2F%2Fblog.hametbenoit.info%2FLists%2FPosts%2FAttachments%2F443%2Fimage_thumb_6_7CE6C925.png)
/https%3A%2F%2Fassets.over-blog.com%2Ft%2Fcedistic%2Fcamera.png)