Content filters are rule-based mechanisms used to enforce security policies. The fundamental structure of any content filter rule consists of two primary components. First, one or more conditions are defined to specify the criteria that the traffic (e.g., an email message or web request) must meet to trigger the rule. Second, one or more actions are specified to define the enforcement that will be taken when the conditions are met. For example, a condition could be "attachment file type is .exe," and the corresponding action could be "quarantine the message."

B. subject: The 'subject' is a specific attribute that can be used within a condition; it is not a primary structural component of the filter itself.

C. content: 'Content' is the data that a condition evaluates. The 'condition' is the formal component of the rule that performs this evaluation.

E. policies: Policies are higher-level constructs that use content filters. A content filter is a component of a mail or web policy, not the other way around.

1. Cisco

"AsyncOS 15.0 for Email Security User Guide - GD (General Deployment)" (2023-Jan-23). In the chapter "Using Content Filters to Enforce Email Policies

" the section "About Content Filters" states: "Content filters are composed of one or more rules. Each rule is composed of one or more conditions and one or more actions." (Page 289)

2. Cisco

"AsyncOS 14.0 for Cisco Web Security Appliances User Guide" (2021-May-18). The chapter "Controlling Web Traffic Using Access Policies" describes the policy structure: "Each access policy rule has two parts: The criteria that a transaction must match... The action that the Web Security appliance applies to matching transactions." This directly parallels the condition/action model. (Page 208)