Cisco Cisco Email Security Appliance C190 Guía Del Usuario
16-6
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 16 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Procedure
Step 1
Create a policy quarantine to hold messages with attachments that have been sent for analysis.
Set the quarantine to release messages after about 2 hours. For this release, there is no automatic action
based on file analysis results.
based on file analysis results.
Step 2
Identify messages processed by the Advanced Malware Protection filters with an X-Header:
a.
Select Mail Policies > Incoming Mail Policies.
b.
click the link in the Advanced Malware Protection column of a policy.
c.
Select the option to Include an X-header with the AMP results in messages.
d.
Submit your changes.
Step 3
Create a content filter to quarantine messages based on the X-Header value.
A. Create the condition:
a.
Select Mail Policies > Incoming Content Filters.
b.
Click Add Filter.
c.
Click Add Condition.
d.
Click Other Header.
e.
For Header Name, enter
X-Amp-File-Uploaded
.
f.
For Header Value, select Contains and enter
true
.
g.
Click OK.
B. Create the action:
a.
Click Add Action.
b.
Select Quarantine.
c.
Select the quarantine you created above.
d.
Click OK.
Step 4
Submit your changes.
Step 5
Add the content filter to the same incoming mail policy you configured above.
Step 6
Submit and commit your changes.
X-Headers for File Reputation and Analysis
You can use X-Headers to mark messages with actions and results of message processing steps. You tag
messages with X-Headers in mail policies, then use content filters to choose handling options and final
actions for these messages.
messages with X-Headers in mail policies, then use content filters to choose handling options and final
actions for these messages.
For a configuration example, see
Values are case-sensitive.