Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide

Contributed by Robert Sherwin, Cisco TAC Engineer.
Nov 14, 2014

This document describes how to test and verify the Advanced Malware Protection (AMP) features of the
Cisco Email Security Appliance (ESA).

With the release of AsyncOS 8.5 for the ESA, AMP performs file reputation scans and file analysis in order to
detect malware in attachments.  

In order to implement AMP, you must have a valid and active feature key for both File Reputation and File
Analysis on your ESA. Visit System Administration> Feature Keys on the GUI, or use featurekeys on the
CLI, in order to verify the feature keys.

In order to enable the service from the GUI, navigate to Security Services > File Reputation and Analysis.
From the CLI, you can run ampconfig. Submit and commit your changes to the configuration.

Once you have enabled the service, you must have this service tied to an incoming mail policy.

Navigate to Mail Policies > Incoming Mail Policies.

1. 

Select your Default Policy or preconfigured policy as needed. The Advanced Malware Protection
column on the Incoming Mail Polices page displays.

2.