Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
16-5
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 16 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 3
Select Enable File Reputation.
Step 4
Accept the license agreement if presented.
Step 5
File Analysis is enabled by default. If you do not deselect Enable File Analysis, the File Analysis
feature key will be activated after the next commit.
feature key will be activated after the next commit.
Note
Do not change Advanced settings without guidance from Cisco support.
Step 6
Submit and commit your changes.
Configuring the Incoming Mail Policy for File Reputation Scanning and File
Analysis
Analysis
Procedure
Step 1
Select Mail Policies > Incoming Mail Policies.
Step 2
Click the link in the Advanced Malware Protection column of the mail policy to modify.
Step 3
Choose options.
•
If you do not want to send files to the cloud, for example for confidentiality reasons, deselect Enable
File Analysis.
File Analysis.
•
Attachments are considered "Unscannable" when the appliance is unable to obtain information from
the file reputation service for any reason, for example because the connection timed out.
the file reputation service for any reason, for example because the connection timed out.
•
Archived messages will be stored as an mbox-format log file in the
amparchive
directory on the
appliance. The preconfigured AMP Archive (amparchive) log subscription is required.
•
To perform an action not directly available on this page, see the configuration example at
.
Step 4
Submit and commit your changes.
Quarantining Messages with Attachments Sent for Analysis: X-Header
Configuration Example
Configuration Example
To quarantine messages with attachments that have been sent for analysis, use an X-Header or Custom
Header and content filters.
Header and content filters.
Quarantined messages and their attachments are rescanned for threats upon release from quarantine. If
the message is released after file analysis results are available to the reputation scanner, any identified
threats will be caught during rescanning.
the message is released after file analysis results are available to the reputation scanner, any identified
threats will be caught during rescanning.