Content Examination - Configuring

Updated

This article contains information on configuring Content Examination definitions to analyze message content for security and compliance, including considerations for policy creation and application.

Introduction

A Content Examination definition analyzes the content of messages, looking for matches you provide. It sets the conditions under which a message is considered safe, and what action should be taken if it isn't. Once configured, each definition is applied to either a Content Examination or Content Examination Bypass policy, to control what message flows it should be used for (e.g. inbound or outbound).

Considerations

Consider the following before creating a policy:

  • Content Examination definitions shouldn't be used to manage inbound mail for spam checking, as this is conducted by the Mimecast heuristic scanners.
  • Scanning message content is an essential service to ensure Data Leak Prevention (DLP). You can configure specific dictionaries of words and phrases to cater for the following example scenarios:
    • Preventing a database from being emailed externally (e.g. a list of customers or confidential product information).
    • Protecting a company from losing financial information (banking or credit card details).
    • Preventing specific files from being sent or received using a unique file identifier.
    • Converting Microsoft Word documents to protected formats.
    • Protecting corporate identity by limiting the use of profanity in messages.
    • Applying branding for product or service promotions.
    • Notifying / copying users when a message triggers a definition.
    • Activating email encryption during transmission.
  • The use of formatted file scanning can help reduce the incidence of false positives, but at the risk of missing some content. Content examination of the header and subject of a message is separate from the body examination. However the score is cumulative up to the optional limit. If all sections are selected, all sections are scanned, even if the limit is reached prior to examination of the body / attachments. This is to give the sender a more accurate indication of why their message is not acceptable as per the policy.
  • The extraction of office tag metadata is currently not supported with Content Policies.

Follow the links below to configure a definition and policy.

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.