Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
12-4
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 12 Anti-Virus
McAfee Anti-Virus Filtering
Because the emulator runs in a restricted area, if the code does turn out to be a virus, the virus does not
infect the appliance.
infect the appliance.
Virus Descriptions
Sophos exchanges viruses with other trusted anti-virus companies every month. In addition, every month
customers send thousands of suspect files directly to Sophos, about 30% of which turn out to be viruses.
Each sample undergoes rigorous analysis in the highly secure virus labs to determine whether or not it
is a virus. For each newly discovered virus, or group of viruses, Sophos creates a description.
customers send thousands of suspect files directly to Sophos, about 30% of which turn out to be viruses.
Each sample undergoes rigorous analysis in the highly secure virus labs to determine whether or not it
is a virus. For each newly discovered virus, or group of viruses, Sophos creates a description.
Sophos Alerts
Cisco encourages customers who enable Sophos Anti-Virus scanning to subscribe to Sophos alerts on
the Sophos site at http://www.sophos.com/virusinfo/notifications/.
Subscribing to receive alerts directly from Sophos will ensure you are apprised of the latest virus
outbreaks and their available solutions.
the Sophos site at http://www.sophos.com/virusinfo/notifications/.
Subscribing to receive alerts directly from Sophos will ensure you are apprised of the latest virus
outbreaks and their available solutions.
When a Virus is Found
When a virus has been detected, Sophos Anti-Virus can repair (disinfect) the file. Sophos Anti-Virus can
usually repair any file in which a virus has been found, after which the file can be used without risk. The
precise action taken depends on the virus.
usually repair any file in which a virus has been found, after which the file can be used without risk. The
precise action taken depends on the virus.
There can be limitations when it comes to disinfecting, because it is not always possible to return a file
to its original state. Some viruses overwrite part of the executable program which cannot be reinstated.
In this instance, you define how to handle messages with attachments that could not be repaired. You
configure these settings on a per-recipient basis using the Email Security Feature: the Mail Policies >
Incoming or Outgoing Mail Policies pages (GUI) or the
to its original state. Some viruses overwrite part of the executable program which cannot be reinstated.
In this instance, you define how to handle messages with attachments that could not be repaired. You
configure these settings on a per-recipient basis using the Email Security Feature: the Mail Policies >
Incoming or Outgoing Mail Policies pages (GUI) or the
policyconfig -> antivirus
command (CLI).
For more information on configuring these settings, see
.
McAfee Anti-Virus Filtering
The McAfee® scanning engine:
•
Scans files by pattern-matching virus signatures with data from your files.
•
Decrypts and runs virus code in an emulated environment.
•
Applies heuristic techniques to recognize new viruses.
•
Removes infectious code from files.
Pattern-Matching Virus Signatures
McAfee uses anti-virus definition (DAT) files with the scanning engine to detect particular viruses, types
of viruses, or other potentially unwanted software. Together, they can detect a simple virus by starting
from a known place in a file, then searching for a virus signature. Often, they must search only a small
part of a file to determine that the file is free from viruses.
of viruses, or other potentially unwanted software. Together, they can detect a simple virus by starting
from a known place in a file, then searching for a virus signature. Often, they must search only a small
part of a file to determine that the file is free from viruses.