Cisco Cisco Email Security Appliance C170 Betriebsanweisung
9-85
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Attachment Scanning
Step 5
Optionally, configure AsyncOS to bypass scanning images that do not meet a minimum size requirement
(recommended). By default, this setting is configured for 100 pixels. Scanning images that are smaller
than 100 pixels can sometimes result in false positives.
(recommended). By default, this setting is configured for 100 pixels. Scanning images that are smaller
than 100 pixels can sometimes result in false positives.
You can also enable image analysis settings from the CLI using the
imageanalysisconfig
command:
Related Topics
•
Viewing the Verdict Score of a Particular Message
To see the verdict score for a particular message, you can view the mail logs. The mail logs display the
image name or file name, the score for a particular message attachment. In addition, the log displays
information about whether the images in a file were scannable or unscannable. Note that information in
the log describes the result for each message attachment, rather than each image. For example, if the
message had a zip attachment that contained a JPEG image, the log entry would contain the name of the
zip file rather than the name of the JPEG. Also, if the zip file included multiple images then the log entry
would include the maximum score of all the images. The unscannable notation indicates whether any of
the images were unscannable.
image name or file name, the score for a particular message attachment. In addition, the log displays
information about whether the images in a file were scannable or unscannable. Note that information in
the log describes the result for each message attachment, rather than each image. For example, if the
message had a zip attachment that contained a JPEG image, the log entry would contain the name of the
zip file rather than the name of the JPEG. Also, if the zip file included multiple images then the log entry
would include the maximum score of all the images. The unscannable notation indicates whether any of
the images were unscannable.
The log does not contain information about how the scores translate to a particular verdict (clean, suspect
or inappropriate). However, because you can use mail logs to track the delivery of specific messages,
you can determine by the actions performed on the messages whether the mail contained inappropriate
or suspect images.
or inappropriate). However, because you can use mail logs to track the delivery of specific messages,
you can determine by the actions performed on the messages whether the mail contained inappropriate
or suspect images.
For example, the following mail log shows attachments dropped by message filter rules as a result of
Image Analysis scanning:
Image Analysis scanning:
Configuring the Message Filter to Perform Actions Based on Image Analysis
Results
Results
Once you enable image analysis, you must create a message filter to perform different actions for
different message verdicts. For example, you may wish to deliver messages with a clean verdict, but
quarantine messages that are determined to have inappropriate content.
different message verdicts. For example, you may wish to deliver messages with a clean verdict, but
quarantine messages that are determined to have inappropriate content.
Thu Apr 3 08:17:56 2009 Debug: MID 154 IronPort Image Analysis: image 'Unscannable.jpg'
is unscannable.
Thu Apr 3 08:17:56 2009 Info: MID 154 IronPort Image Analysis: attachment
'Unscannable.jpg' score 0 unscannable
Thu Apr 3 08:17:56 2009 Info: MID 6 rewritten to MID 7 by
drop-attachments-where-image-verdict filter 'f-001'
Thu Apr 3 08:17:56 2009 Info: Message finished MID 6 done