Cisco Cisco Web Security Appliance S680 Guía Del Usuario
13-4
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 13 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
•
Reputation of the compressed or archive file is evaluated.
•
The compressed or archive file is decompressed and reputations of all the extracted files are
evaluated.
evaluated.
For information about which archived and compressed files are examined, including file formats, see
File Criteria for Advanced Malware Protection Services for Cisco Content Security Products, available
from
File Criteria for Advanced Malware Protection Services for Cisco Content Security Products, available
from
http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-user-guide-list.html
In this scenario,
•
If one of the extracted files is malicious, the file reputation service returns a verdict of Malicious for
the compressed or the archive file.
the compressed or the archive file.
•
If the compressed or archive file is malicious and all the extracted files are clean, the file reputation
service returns a verdict of Malicious for the compressed or the archive file.
service returns a verdict of Malicious for the compressed or the archive file.
•
If the verdict of any of the extracted files is unknown, the extracted files are optionally (if configured
and the file type is supported for file analysis) sent for file analysis.
and the file type is supported for file analysis) sent for file analysis.
•
If the extraction of a file fails while decompressing a compressed or an archive file, the file
reputation service returns a verdict of Unscannable for the compressed or the archive file. Keep in
mind that, in this scenario, if one of the extracted files is malicious, the file reputation service returns
a verdict of Malicious for the compressed or the archive file (Malicious verdict takes precedence
over Unscannable verdict).
reputation service returns a verdict of Unscannable for the compressed or the archive file. Keep in
mind that, in this scenario, if one of the extracted files is malicious, the file reputation service returns
a verdict of Malicious for the compressed or the archive file (Malicious verdict takes precedence
over Unscannable verdict).
Note
Reputation of the extracted files with safe MIME types, for example, text/plain, are not
evaluated.
evaluated.
FIPS Compliance
File reputation scanning and file analysis are FIPS compliant.
Configuring File Reputation and Analysis Features
•
•
•
•
•
Requirements for Communication with File Reputation and Analysis Services
•
All Web Security appliances that use these services must be able to connect to them directly over
the internet.
the internet.
•
By default, communication with file reputation and analysis services is routed through the
Management port (M1) on the appliance. If your appliance does not route data through the
management port, see
Management port (M1) on the appliance. If your appliance does not route data through the
management port, see