Content Examination - Reference Dictionaries

Updated

This article contains information on using punctuation in the "Word/Phrase Match List" for Content Examination definitions, detailing options for treating punctuation as simple, advanced, or exact matches.

Content Examination definitions can link to a reference dictionary. You typically create these to contain a list of words, phrases, or regular expressions. Multiple definitions can point to the same dictionary; for example, a customer implementing HIPAA compliance. The compliance policy may state that all messages containing a medical term and a Social Security Number (SSN) should be held and not delivered outbound. You would create a reference dictionary containing all the medical terms and one with the regular expression for SSNs. Both reference dictionaries can be linked using the Insert menu when creating the Content Examination definition.

Creating a Reference Dictionary

To create a reference dictionary:

  1. Log in to the Mimecast Administration Console.
  2. Click on the Policies | Gateway Policies menu item.
  3. Click on the Definitions drop-down on the top toolbar.
  4. Select the Content Definitions menu item.
  5. Select a Folder in the navigator into which the definition is to be created. You cannot create a definition in the "Root" folder.
  6. Click on the New Content Definition button.
  7. Enter a Description. This name is logged against the email when a match is found.
  8. Select the Definition Type of "Reference Dictionary."
  9. Enter the search parameters in the Word/Phrase Match List. The formats for the search parameters are:
Search Parameters Example
Weight [ :maxscore ] [ search text ] 4:1 "Company Confidential"
Weight [ :maxscore ] [ required ] [ search text ] 1 required "Project X"
Weight [ :maxscore ] [ exclude ] [ search text ] 1 exclude "Tax exemption"
Weight [ :maxscore ] [ regex ] [ regular expression ] 10 regex 4[0-9]{12}(?:[0-9]{3})?
Weight [ :maxscore ] [ hash ] [ MD5# ] 1 hash 9EBD30E761ED4FF770A90DDBD5CB4190 Confidential.PDF
  1. Click on the Save and Exit button.

Parameter Details

When specifying search parameters, the following rules must be followed:

Parameter Rule
Weight Each line must begin with the required score for that particular word or phrase.
Maximum Score There is the option to set the number of occurrences in the email that should trigger the definition. If an entry of 1:10 is added before the search term, we will match up to ten instances of the search term. If 1: is entered before the search term, the score has no upper limit. This scoring is only used if the option Match Multiple Words is enabled in the content examination definition.
Conditions The optional operators "required" and "exclude" can also be used. Add the word required if the match term is specifically required for the policy to trigger. The weight is zero if a required item is not found and no further scoring occurs. If the word excludes is added after the weight and the match term exists, the weight is set to zero, and no further scoring occurs. Required and exclude terms should be placed in the first line of the search term list.
Search Text / Phrases Enter single words or phrases, enclosing multiple words in quotation marks (e.g., "one-two").
Regular Expressions The expression must be preceded by the word "regex." In emails, regular expressions can detect structured strings like Social Security Numbers or Credit Card Numbers.
MD5# Enter the "hash" at the beginning of the line (or following the score if relevant) followed by the MD5 code of the attachment. The MD5# is a unique reference given to specific file contents. If the attachment is known to us (i.e., we have previously processed the attachment), this checksum is located in the Transmission Data when viewing the email delivery details.
Comments Add by using a hash symbol (#) at the beginning of the line. These are ignored when examining the email for matches.

Adding a Reference Dictionary to a Definition

To add a reference dictionary to a definition:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Policies Gateway Policies menu item.
  3. Hover over the Definitions button. A list of the definition types is displayed.
  4. Click on the Content Definitions definition type from the list. The list of definitions is displayed.
  5. Either click on the following:
      • Definition to be changed.
      • New Content Definition button.
  1. Click on the Insert button.
  2. Click on the Reference Dictionary menu item.
  3. Complete the Policy Definition dialog as follows:
Field / Option Description
Append If selected, the reference dictionary is placed at the bottom of the "Word/Phrase Match List." If unselected, it is placed at the top of the list.
Link Content Reference

Select the required reference dictionary:

  • Click on the Lookup button.
  • Navigate to the Folder in the hierarchy containing the reference dictionary.
  • Click on the Select link to the left of the reference dictionary.
Conditions The optional operators "required" and "exclude" can also be used. Add the word required if the match term is specifically required for the policy to trigger. The weight is zero if a required item is not found and no further scoring occurs. If the word excludes is added after the weight and the match term exists, the weight is set to zero, and no further scoring occurs. Required and exclude terms should be placed in the first line of the search term list.
  1. Click on the Save and Exit button.

See Also...

Related to

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.