Cisco Cisco Email Security Appliance C190 Guía Del Usuario
16-6
Cisco AsyncOS 9.0 for Email User Guide
Chapter 16 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 8
Adjust the following Advanced settings as desired:
Note
Do not change any other Advanced settings without guidance from Cisco support.
Step 9
Submit and commit your changes.
Configuring the Incoming Mail Policy for File Reputation Scanning and File
Analysis
Analysis
Procedure
Step 1
Select Mail Policies > Incoming Mail Policies.
Step 2
Click the link in the Advanced Malware Protection column of the mail policy to modify.
Step 3
Choose options.
•
If you do not want to send files to the cloud, for example for confidentiality reasons, uncheck Enable
File Analysis.
File Analysis.
•
Select the actions that AsyncOS must perform if an attachment is considered Unscannable.
Attachments are considered Unscannable when the appliance is unable to obtain information from
the file reputation service for any reason, for example because the connection timed out.
Attachments are considered Unscannable when the appliance is unable to obtain information from
the file reputation service for any reason, for example because the connection timed out.
Select the following:
–
Whether to deliver or drop the message.
–
Whether to archive the original message. Archived messages are stored as an mbox-format log
file in the
file in the
amparchive
directory on the appliance. The preconfigured AMP Archive
(
amparchive
) log subscription is required.
Option
Description
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137.
instead of the default port, 32137.
This option also allows you to configure an upstream proxy
for communication with the file reputation service.
for communication with the file reputation service.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
Routing Table
The routing table (associated with an appliance network
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
Reputation Threshold
•
Use value from Cloud Service
•
Enter custom value
The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.
Scores above this threshold indicate the file is infected.