|
<< Click to Display Table of Contents >> Navigation: Event and Object Analysis > Capture Results Filtering > Filtration Basics > Rules > Actions > LABEL action |
Adds a string label to the message metadata.
Description
This action adds a string label to the metadata of the currently processed message.
Is this label has already been set for the message (or for the HTTP object from which the message was extracted), then its value is replaced with a new one.
Is used to add descriptions to messages.
Format
<action name="label" label="<label name>" value="<label value>" />
or
<action name="label" label="<label name>" > label value </action>
The "name" attribute:
The name attribute specifies the name of the action: name="label".
The "label" attribute:
The label="..." attribute specifies the name of the string tag to set.
The "value" attribute:
The value="..." attribute specifies the value (string) for the tag.
The value can also be enumerated in the <action> tag.
Example
<action name="label"
label="VIRUS-DESCR"
value="Win.32.BlackHorse.trojan.virus - mail worm, very dangerous!!!" />
or
<action name="label"
label="VIRUS-DESCR">
Win.32.BlackHorse.trojan.virus -
mail worm, very dangerous!!!
</action>
Sets the string tag named "VIRUS-DESCR" for the message and adds the following string to it: "Win.32.BlackHorse.trojan.virus - mail worm, very dangerous!!!".
Example
Mark messages processed by the mail.ru, yandex.ru detectors with the CONTENT-DESCR tag.
<?xml version="1.0" encoding="utf-8"?>
<filter name="TEST" version="1.0">
<comment>This is the comment for the filter.</comment>
<table name="main">
<rule enabled="true">
<comment>
Mark messages detected by the mail.ru,
yandex.ru detectors with the CONTENT-DESCR label.
</comment>
<match>
<c name="detector" value="mail.ru, yandex.ru" />
</match>
<action name="label"
label="CONTENT-DESCR"
value="Russian mail services"/>
</rule>
<rule enabled="true">
<match><c name="all"/></match>
<action name="accept" />
</rule>
</table>
</filter>