Cisco Cisco Email Security Appliance C160 Guía Del Usuario
12-8
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 12 Anti-Virus
How to Configure the Appliance to Scan for Viruses
Message Handling Settings
You configure the virus scanning engine to handle four distinct classes of messages that are received by
a listener, with separate actions for each.
a listener, with separate actions for each.
summarizes the actions the system performs when
the virus scanning engine is enabled.
For each of the following message types, you can choose which actions are performed. The actions are
described below (see
described below (see
). For example, you
can configure your anti- virus settings for virus-infected messages so that the infected attachment is
dropped, the subject of the email is modified, and a custom alert is sent to the message recipient.
dropped, the subject of the email is modified, and a custom alert is sent to the message recipient.
Repaired Message Handling
Messages are considered repaired if the message was completely scanned and all viruses have been
repaired or removed. These messages will be delivered as is.
repaired or removed. These messages will be delivered as is.
Encrypted Message Handling
Messages are considered encrypted if the engine is unable to finish the scan due to an encrypted or
protected field in the message. Messages that are marked encrypted may also be repaired.
protected field in the message. Messages that are marked encrypted may also be repaired.
Note the differences between the encryption detection message filter rule (see
) and the virus scanning actions for “encrypted” messages. The encrypted message filter
rule evaluates to “true” for any messages that are PGP or S/MIME encrypted. The encrypted rule can
only detect PGP and S/MIME encrypted data. It does not detect password protected ZIP files, or
Microsoft Word and Excel documents that include encrypted content. The virus scanning engine
considers any message or attachment that is password protected to be “encrypted.”
only detect PGP and S/MIME encrypted data. It does not detect password protected ZIP files, or
Microsoft Word and Excel documents that include encrypted content. The virus scanning engine
considers any message or attachment that is password protected to be “encrypted.”
Note
If you upgrade from a 3.8 or earlier version of AsyncOS and you configured Sophos Anti-Virus
scanning, you must configure the Encrypted Message Handling section after you upgrade.
scanning, you must configure the Encrypted Message Handling section after you upgrade.
Unscannable Message Handling
Messages are considered unscannable if a scanning timeout value has been reached, or the engine
becomes unavailable due to an internal error. Messages that are marked unscannable may also be
repaired.
becomes unavailable due to an internal error. Messages that are marked unscannable may also be
repaired.
Virus Infected Message Handling
The system may be unable to drop the attachment or completely repair a message. In these cases, you
can configure how the system handles messages that could still contain viruses.
can configure how the system handles messages that could still contain viruses.
The configuration options are the same for encrypted messages, unscannable messages, and virus
messages.
messages.
Configuring Settings for Message Handling Actions
Action to Apply
Choose which overall action to take on each message type for encrypted, unscannable, or virus positive
messages: drop the message, deliver the message as an attachment to a new message, deliver the message
as is, or send the message to the anti-virus quarantine area (
messages: drop the message, deliver the message as an attachment to a new message, deliver the message
as is, or send the message to the anti-virus quarantine area (
).