Cisco Cisco Email Security Appliance C160 Guía Del Usuario
Chapter 9 Anti-Virus
9-24
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
scanning works. When the system is configured to “Drop infected attachments if
a virus is found and it could not be repaired,” any viral or unscannable MIME
parts are removed from messages. The output from Anti-Virus scanning, then, is
almost always a clean message. The action defined for Unscannable Messages, as
shown in the GUI pane, rarely takes place.
a virus is found and it could not be repaired,” any viral or unscannable MIME
parts are removed from messages. The output from Anti-Virus scanning, then, is
almost always a clean message. The action defined for Unscannable Messages, as
shown in the GUI pane, rarely takes place.
In a “Scan for Viruses only” environment, these actions “clean” messages by
dropping the bad message parts. Only if the RFC822 headers themselves are
attacked or encounter some other problem would this result in the unscannable
actions taking place. However, when Anti-Virus scanning is configured for “Scan
for Viruses only” and “Drop infected attachments if a virus is found and it could
not be repaired,” is not chosen, the unscannable actions are very likely to take
place.
dropping the bad message parts. Only if the RFC822 headers themselves are
attacked or encounter some other problem would this result in the unscannable
actions taking place. However, when Anti-Virus scanning is configured for “Scan
for Viruses only” and “Drop infected attachments if a virus is found and it could
not be repaired,” is not chosen, the unscannable actions are very likely to take
place.
Table 9-5
Common Anti-Virus Configuration Options
Situation
Anti-Virus Configuration
Widespread Virus Outbreak
Any viral message is simply
dropped from the system with
little other processing taking
place.
dropped from the system with
little other processing taking
place.
Drop-attachments: NO
Scanning: Scan-Only
Cleaned messages: Deliver
Unscannable messages: DROP message
Encrypted messages: Send to administrator or
quarantine for review.
quarantine for review.
Viral messages: Drop message
Liberal Policy
As many documents as
possible are sent.
possible are sent.
Drop-attachments: YES
Scanning: Scan and Repair
Cleaned messages: [VIRUS REMOVED] and Deliver
Unscannable messages: Forward as attachment
Encrypted messages: Mark and forward
Viral messages: Quarantine or mark and forward.