Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
16-10
Cisco AsyncOS 9.1 for Email User Guide
Chapter 16 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 3
Depending on your requirements, perform the following actions on messages:
•
Delete
•
Release
•
Delay Scheduled Exit from quarantine
•
Send a copy of messages to email addresses that you specify
Centralized File Analysis Quarantine
For information about the centralized File Analysis quarantine, see
.
X-Headers for File Reputation and Analysis
You can use X-Headers to mark messages with actions and results of message processing steps. You tag
messages with X-Headers in mail policies, then use content filters to choose handling options and final
actions for these messages.
messages with X-Headers in mail policies, then use content filters to choose handling options and final
actions for these messages.
Values are case-sensitive.
Sending Notifications to End Users about Dropped Messages or Attachments
To send notifications to end users when a suspect attachment or its parent message has been dropped
based on file reputation scanning, use an X-header or Custom Header and Content Filters.
based on file reputation scanning, use an X-header or Custom Header and Content Filters.
Advanced Malware Protection and Clusters
If you use centralized management, you can enable Advanced Malware Protection and mail policies at
the cluster, group and machine level.
the cluster, group and machine level.
Feature keys must be added at the machine level.
Header Name
Possible Values
(Case Sensitive)
(Case Sensitive)
Description
X-Amp-Result Clean
Malicious
Unscannable
Verdict applied to messages processed by the
file reputation service.
file reputation service.
X-Amp-Original-Verdict
file unknown
verdict unknown
Verdict before adjustment based on reputation
threshold. This header exists only if the
original verdict is one of the possible values.
threshold. This header exists only if the
original verdict is one of the possible values.
X-Amp-File-Uploaded
true
false
If any file attached to a message was sent for
analysis, this header is "true."
analysis, this header is "true."