Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide
How do I send a sample message to ensure my
Anti−Virus engine is working on my Cisco Email
Security Appliance (ESA)?
Anti−Virus engine is working on my Cisco Email
Security Appliance (ESA)?
Document ID: 118175
Contributed by Stephan Fiebrandt and Sandeep Minhas, Cisco TAC
Engineers.
Aug 07, 2014
Engineers.
Aug 07, 2014
Contents
Introduction
Solution
Solution
Introduction
This document describes how to send a sample message to test Anti−Virus engine being working correctly at
Cisco Email Security Appliance (ESA).
Cisco Email Security Appliance (ESA).
Solution
By sending a sample fake virus message through the ESA, we can trigger the Sophos or McAfee Anti−Virus
scanner. First, you need to set up your incoming mail policy and configure the anti−virus settings to drop or
quarantine infected messages. You can quarantine infected messages for this specific test. We will be using a
test virus called "EICAR" found at www.eicar.org.
scanner. First, you need to set up your incoming mail policy and configure the anti−virus settings to drop or
quarantine infected messages. You can quarantine infected messages for this specific test. We will be using a
test virus called "EICAR" found at www.eicar.org.
Now you can initiate a telnet session to your ESA server at port 25 and copy and paste the following EICAR
test string in the DATA portion of your SMTP converstation.
test string in the DATA portion of your SMTP converstation.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR−STANDARD−ANTIVIRUS−TEST−FILE
!$H+H*
Here is an example on how to do a test:
220 example.com ESMTP
ehlo example.com
250−example.com
250−8BITMIME
250 SIZE 104857600
mail from:jms@example.com
250 sender <jms@example.com> ok
rcpt to:jms@example.com
250 recipient <jms@example.com> ok
data
354 go ahead
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR−STANDARD−ANTIVIRUS−TEST−FILE!$H+H*
.
250 ok: Message 25 accepted
quit
221 example.com
On your ESA CLI, tail the mail logs at the same time you are sending the test message by typing 'tail