April 30, 2010
Three days ago we pushed a major antispam update for all supported platforms (Linux-x86, Linux-x86_64, FreeBSD-x86, Solaris-x86) which solves several issues related to detection rate and content filtering functionality. The latter module, aside from the bug fixes, includes a new feature: multi match, which I will explain below.
First, let me explain to you how content filtering used to work: the user created a set of rules, which were then loaded by the CF engine and executed against each scanned e-mail. If one of the rules matched, the CF execution would stop and the name of the rule would be reported to the upper layers. For example, if one were to create two rules that matched attachment names “*.jpg” and “*.doc”, and the current e-mail had two attachments (an image and a document), the CF engine would report only the image rule while completely ignoring the other one. Some of our users found this functionality to be insufficient for their needs, something which determined us to come up with multi match. So how does it work? Well, it acts on two levels:
- if several rules match against the contents of an e-mail, then all of them would be taken into consideration and the specified actions applied;
- if a rule matches against several parts of the same e-mail, then all those parts would be reported and the CF engine would be able to take actions on all of them.
The default setting for this feature is disabled. If what I have explained above sounds like something you need, you can enable it in two ways: